Text

Proposed Tech Specs 3.3.1 & 3.3.2 Re Reactor Trip Sys & Engineered Safety Features Actuation
	ML20210Q058
Person / Time
Site:	05200003
Issue date:	08/19/1997
From:	; WESTINGHOUSE ELECTRIC COMPANY, DIV OF CBS CORP.
To:	;
Shared Package
ML20210Q057	List: ML20210Q058; NSD-NRC-97-5271, Forwards Revised TSs 3.3.1 & 3.3.2,re Reactor Trip Sys & Engineered Safety Features Actuation.Tss Revised Based on NRC 970606 Meeting Re AP600 Open Items;
References
	NUDOCS 9708280079
	Download: ML20210Q058 (162)
	v • d • e

--

RTS Znstrumentation 3.3.1-3.3 INSTRUMENTATION DRAFT 3.3.1 Reactor Trip System-(RTS) Instrumentation LC0-3.3.1 The RTS instrumentation for each Function in Table 3.3.11 shall be OPERABLE.

APPLICABILITY:

According to Table 3.3.1 1.

ACTIONS

......................................N0TE.....................................

Separate Condition entry is allowed for each inoperable Function.

REQUIREDACTIO$i COMPLETION TIME CONDITION A.

One or more Functions A.1 Enter the Condition Immediately with one or more referenced in required channels Table 3.3.1 1 for the inoperable, channel (s).

B.

One manual initiation B.1 Restore manual initiation 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months device inoperable, device to OPERABLE status.

O,_R.

B.2.1 Be in H00E 3.

54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months J

AND B.2.2 Open reactor trip 55 hours6.365741e-4 days 0.0153 hours 9.093915e-5 weeks 2.09275e-5 months breakers (RTBs).

(continued) 9708280079 970822 POR ADOCK 05200003 PM A

3.3 1 08/97 Amendment 0 h AP600-i otu.m..ntsaiciouv.osuu

,m-

RTS Instrumentation DRAFT ACTIONS (continued)

COMPLETION TIME REQUIRED ACTION CONDITION One manual initiation C.1 Restore manual 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months C.

initiation device to device inoperable.

OPERABLE status.

O_R 49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months C.2 Open RTBs.

D.

One or two Power D.1.1 Reduce THERMAL POWER to12 hours s 75% RTP.

Range Neutron Flux High channels AND inoperable.

0.1.2 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

0.2.1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

@0

.............N01E.............

Only required to be performed when OPDMS is inoperable and the Power Range Neutron Flux input to QPTR is inoperable.

0.2.2' Perform SR 3.2.4.2 Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months (QPTR verification).

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months D.3 Be in MODE 3.

(continued) 08/97 Amendment 0 b AP600 3.3 2 i.oiu.m..nacioiot,or.o.nu.

RTS fnstrumentation 3.3.1 OD" Ua r e. C u

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME E.

One or two channels E.1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

inoperable, E.2 Be in MODE 3.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months F.

THERHAL POWER between F.1 Place inoperable 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months channel (s) in bypass.

P 6 and P 10, one or two Intermediate Range Neutron Flux OR channels inoperable.

Reduce THERMAL POWER to 2. hours F.2

< P 6.

F.3 Increase THERMAL POWER 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months to > P 10.

j Immediately G.

THERMAL POWER between G.1 Suspend operations involving positive P 6 and P 10. three reactivity additions.

Intermediate Range Neutron Flux channels AND inoperable.

G.2 Reduce THERHAL POWER to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months

< P 6.

H.

THERMAL POWER < P 6, H.1 Restore three of four Prior to channels to OPERABLE increasing one or two THERMAL POWER to Intermediate Range status.

>P6 Neutron Flux channels inoperable.

(continued) h AP600 3.3 3 08/97 Amendment 0 tMt\\tenteen16050101.r07 081197

-l

RTS Instrumentation 3.3.1 DRAFT ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CONDITION I.

One or two Source I.1 Suspend operations Immediately involving positive Range Neutron Flux reactivity additions.

channels inoperable, Immediately J.

Three Source Range J.1

.0 pen RTBs.

Neutron Flux channels inoperable.

K.

One or two channels K1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

inoperable, K.?

Reduce THERMAL POWER to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months

< P 10.

L.

One or two channels L.1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months channel (s) in bypass.

inoperable, L.2 Reduce THERMAL POWER to 10 hours1.157407e-4 days 0.00278 hours 1.653439e-5 weeks 3.805e-6 months

< P 8.

M.

One or two channels /

M.1 Restore three of four 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months divisions inoperable.

channels / divisions to OPERABLE status.

M.2 Be in MODE 3.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months (continued) 08/97 Amendment 0 h AP600 3.3 4 I*01\\t uatoets16010101. r0? 081397

-RTS Instrumentation 3.3.1 DRAFT ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME N.

0.e >r two channels N.1 Verify the interlocks 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months icopeNble, are in required state for existing plant conditions.

N2 Place the functions 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months associated with ino>erable interlocks in >ypass.

N.3 Be in MODE 3.

13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months 0.

One or two channels 0.1 Verify the inarlocks 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months inoperable, are in required state for existing plant conditions.

0.2 Place the functions 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months associated with ino>erable interlocks in >ypass.

0.3 Be in MODE 2, 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months P.

One required division P.1 Open inoperable RTB in 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months one division.

inoperable, P.2.1 Be in MODE 3. 4. or 5.

14 hours1.62037e-4 days 0.00389 hours 2.314815e-5 weeks 5.327e-6 months A_$

P.2.2 Open RTBs.

14 hours1.62037e-4 days 0.00389 hours 2.314815e-5 weeks 5.327e-6 months (continued) 3.3 5 08/97 Amendment 0 h AP600 omoues.oeni, i.otu.r..u u

RTS Ins %rumentatico 3.3.1 O'% A E7

'"# ' **"4 s

ACTIONS (continued)

COMPLETION TIME REQUIRED ACTION CONDITION 0

Three required 0.1 Restore three of four 1 hour-divisions inoperable, dvisions to OPERABLE status.

O.2.1 Be in H00E 3. 4. or 5.

7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months

E j

l 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months Q.2.2 Open RTBs.

R.

One or two channels /

R.1 Restore three of fcur 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months channels / divisions to divisions inoperable.

OPERABLE status.

49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months R.2 Open RTBs.

S.

One or two Source S.1 Restore three of four 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months channels to OPERABLE Range Neutron Flux status.

channel inoperable.

49 hours5.671296e-4 days 0.0136 hours 8.101852e-5 weeks 1.86445e-5 months S.2 Open RTBs.

(continued)

I a

08/97.' Amendment 0 b AP600 3 3*6 i m u.e. ni m ois u o,...ti,,

RTS Instrumentation 3.3.1 nn 7 viu-u [

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME T.

Required Source Range T.1 Suspend operations immediately Neutron Flux channel involving positive inoperable, reactivity additions.

A_Np T.2 Close unborated water 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months source isolation valves.

AJ T.3 Perform SR 3.1.1.1.

I hour AND Once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter 3.3 7 08/97 Amendment 0

@ AP600.omes,or.enm miu.m..n i

=-..-- -

. -..= - - -

i l

RTS Instrumentation

[

3.3.1 i

N r% A e-SURVEILLANCE REQUIREMENTS

.....................................N0rE.....................................

Refer to Table 3.3.11 to determine which SRs apply for e

~t __

FRE0VENCY SURVEILLANCE 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Perform CHANNEL CHECK.

SR 3.3.1.x

..................N0TES....

SR 3.3.1.2 Ad ust nuclear instrument channel in 1.

th Protection and Safety Monitoring System-(PMS)-1f absolute difference is > 2% RTP.

f 2.

Required to be met within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months after reaching 15% RTP.

i If the calorimetric heat balance is 3.

< 70% RTP, and if the nuclear instrumentation channel indicated power is:

lower than the calorimetric a.

measurement by > 2%, then adjust the nuclear instrumentation channel upward to match the calorimetric measurement, higher than the calorimetric b.

measurement, then no adjustment is required.

I 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months Compare results of calorimetric heat balance to nuclear instrument channel output.

(continued) 08/97 _ Amendment 0 3.3 8 h AP600.oionei,,,...i,,,.

imu.m.uu

RTS Instrumentation 3.3.1 DRAFT SURVEILLANCE REQUIREMENTS (continued)

FREQUENCY SURVEILLANCE

................ N0TES........ * -

SR 3.3.1.3 Ad ust nuclear instrument channel in 1.

PM if absolute difference is a 3%

AFD.

2.

Rewired to be met within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months after reaching 20% RTP.

31 effective full Compare results of the incore detector power days (EFPO) measurements to nuclear instrument channel AXIAL FLUX OIFFERENCE.

...................N0TE................

SR 3.3.1.4 Required to be met within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months after reaching 50% RTP, 92 EFPD Calibrate excore channels to agree with incore detector measurements.

...................N0TE................

SR 3.3.1.5 This Surveillance must be performed on both reactor trip breakers associated with a single division.

92 days on a Perform TADOT.

STAGGERED TEST BASIS

...................N0TES...............

SR 3,3.1.6 Not required to be performed for source range instrumentation prior to entering MODE 3 from MODE 2 until 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months after entry into MODE 3.

92 days Perform RTCOT.

(continued) 08/97 Amendment 0 h AP600 3.3 9 mmunimu oiciover comt v

-.~

.,-r-..e v--.r,-,-w x---,----

.-...-c.

RTS Snstrument SURVEILLANCE REQUIREMENTS (continued)

FREQUENCY SURVEILLANCE SR 3.3.1.7 N0TE................

This Surveillance shall include verification that interlocks P.6 and P.

10 are in their required state for existing unit conditions.

......N0TE......

Perform RTCOT.

Only required when not performed within previous 92 days Prior to reactor startup AND Four hours after reducing power below P 10 for power and intermediate instrumentation AND Four hours after reducing power below P 6 for source range instrumentation AND Every 92 days thereafter l

1 (continued) 08/97 Amendment 0

@ AP600 3.3 10 miu.m..ntumn,v.uno.

,-.m.

RTS Instrumentation OOA 3.3.1 J i v,. C SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENC(

SR 3.3.1.8

...................N0TE................

This Surveillance shall include verification that the time constants are 4

adjusted to the prescribed values.

Perform CHANNEL CALIBRATION.

24 months i

SR 3.3.1.9

...................N0TE...............

Neutron detectors are excluded from CHANNEL CALIBRATION.

Perform CHANNEL CALIBRATION.

24 months SR 3.3.1.10

...................N0TE...............

Verification of setpcint'is not required.

Perform TADOT.

24 months SR 3.3.1.11

...................N0TE...............

Neutron detectors are excluded from response time testing.

Verify RTS RESPONSE TIME is within 24 months on a STAGGERED TEST limits.

BASIS 3.3 11 08/97 Amendment 0 h AP600.oiom or.een,,

imu.oi,uu

,. ~. -,

._,..y._

m

__,,_,.o,

~

..-..m

._____-.-_._____m RTS Instrumentation n(

3.3.1 f

Table 1,L 1 1 (page 1 of 1) afector frty system Instrumentation APPLICAtLt woots on ofwta suavattta=ct attomaatt tage tuwC110N Cono!TIONS CwaNN(L$

CON 0!T!(ms acQUlstalNTS y& Lug

$(TPO!4T spectatto atoutato

=/a 1

=anual aeactor trip 1.2 2

6 Sa 3.L1.10

=/a

)(8) 4(a) g(a) 2 c

sa 3.3.1.10 2

Pp.er tange neutron Flua (a ligg a.

Migh setpoint 1.2 a

o sa 1.a,1 la

}..1.

atP) la

s. hl.

Sa

1. 1.1.9 sa 3.1.1.11 (s 3)g I.).1.g 1(b) 2 a

t sa t

atP) 3.3.1 b.

Low setpoint

$a la

.).

.9 Sa

.3.

11 1.2 a

a sa

).).1.6 (s 1.04 afP

$a 1.3.1.9 with time L

Po.or mange heutron F1va Nigh Positive aate constant a 2 sec')

!s 25%

I a

F.G la 1 3.1.1 aTP*]

1(b) 2 'I sa s.).1.1 4.

Intermediate aange Neutron Flus Sa 1.1.1.9 2(d) a M

$a I.).$.1 (s 25%

aTP')

sa

).3.1.7 Sa 3.3.1.9 2(d) a t.)

sa 3. 3.1.1

[s 1.ott cos')

$a 1.3.1.7 5.

Source mance heutron Flus utgh letpoint

$a 1.3.1.9

$a 1.1.1.11 gja 4

3,3 gn 3,3,g,g 3(a) 4(a) g(a) sa 3.3.1.6 sa 1.3.1.9 Sa 3.3.1.11 Nbf.9 m/a 3(8) a(').l(')

1 T

(continwed) l f rod withdrs=41.

with neactor trip treakers (stes) closed and Plant Control lystes capab e o (a) selow the P.10 (Power mange heutron Flua) interlocks.

(b) above the P-6 (Intermediate aange heutron plus) interlocks.

(c) selow the P 6 (Intermediate mange heutron Flus) interlocks.

In this condition, lource aange Function does not provide reactor trip but does-provide (d)

(e) etth atos open.

indication.

The values specified in brackets in the Trip letpoint coluan are the $$An Chapter 11 safety (neviewer 40te:

analysts values and are included for reviewer information only.

l for the Function.

The values spectf ted in brackets fo11o=ed by " * " in the Trip Setpoint coluen are typical va uesin the Stan C t

)

40 credit was assu ed for these Functions (typically diverse trips /actuet ons m

analyses and no safety analysts valve is avatlable.

d ih In all cases, the valves specified in brackets must be replaced, following the plant specific setpo upon selection of the plant specific instrumentation, the trip setpoints util be allomable valves will be calculated in accordance eith the setpotat methodology described in wCAP.14606 the actual tete Setpotats, The plant calculated in accordance with the setpotet methodology and spectfted in t accepted teorovements in setpoint methodologv.)

h AP600 3.3 12 08/97 Amendment 0 too1\\techapet\\16cl0101.r07.os21st

RTS Instrumentation DRA?T table 3.1.1 1 (page 2 of $)

neactor trip system Instrumentation APPLICASLt 400tt on ofwin luavt!LLANCE AttowAstt ta!P CON 0!T!o45 CHA44tLS CONDITIOw$

atQutatutwTS vatut Stipolgt SPEClitt0 stoutat0 FUNCT!DN aefer to s

g la I.I.

1 eefer to 1,2 la I.I..)

=ote )

wete 1 (Pace 6.

overteeperature 41

$a 1.1.,a (Page 3.1 16) 3.3 16) sa

).l.1.6 Sa

3. l,1.$

Sn 1.l.1.11 4

g se l

.1.1 aofer to nefer to 1,2 la i.

,1.6 Note 4 mote 2 7.

Overpower et Sa l.1.1.4 (Page 3.1 16) 3(.3 16) pane sa 3.J,1.11

[ 1733 4.

Pressortser Pressure 1(f) 4 a

sa..

1,1 pstg]

Sa

)..6 a.

Low letpoint sa l.

i.

sa 1.1., 11

( 244$

3.h.1.g

8I 4

t sa b.

utgh setpotet d', 4 1.2 I

sa

l. l.3.11 (s 92t')

1(O 4

a sa 3.3.1.1 sa

).),}.6 9.

Pressuriter water.

la 3.3.1.4 Level High 3 (a 87t(U) 10, aeactor Coolant Flow Low 1(9) 4 per L

$a

.l.1.1 la

.).1.6 4.

Single Cold Leg cold leg in i.l.1.6 la l.1.1.11 (a 87t(U) 4 a

la 1.t.1.1 1(h) colleries sa

)..1.6 b.

two Cold Legt Sa 3.a.1.8 Sa 3..l.1.11 (continued)

Above the P 10 (Power aange neutron Flus) interlock.

(O Above the P.s (Po.or aange meu.ron Flus) interlock.k and below the P 8 (Power aange heutron (g) l Above the P 10 (Power mange moutron rius) inter oc (h)

Percent of thermal design flow.

(1) 08/97 Amendment 0 3.3 13 b A.P600.oioiever.oener -

imun. Puu I

RTS Instrumentation 3.3.1

\\g f

table J-),1 1 (page I of l) neactor 1rtp nyitem Instrumentation aPPt!Cattt tale M0065 on SuavtttLawet attowett COND!tjQN$

(Mahhtt$

(QNDITION$

atQVlatMtht$

ea&V(

$ttPolkt Otuta SPtetrgte atoulat0 tyNCT10N ll, neactor Coolant Pu*D (acP) staring mater (a 320'sa)

I ferperature. Migh ta 1 1.1,1 1(9) 4 per acP t

3.3.1.6 sa s.

Single Pump Sa 1.3.1.8 h 120*F')

a sa m 3.1.1 1(h) a per act

$a

1.{.),6 6.

two Pumps la 1.a.4.8 (g 90s]

IU) e a

$a 1.1.1.1 Sa 3.3.1.6 j

12, aCP Speed tow Sa 1.1.1.8

.(a 41000 1),

steam Generator ($G) 1,2 4 per $G t

ta

.1.1.1 Ibs)

$a

i. :1.1. 6.

Sa h:l.1.8 marrow aange water la

.l.1.1.11 tevel. Low (sgit]

steam Generator (SC) 1.2N a per SG g

sa

.).1.1 sn

.).1.6 Sn

.).1.8 14,

=arr9e aange water sa 3 3.1.11 tevel a High 2 Safeguards actuation 15.

input from tagineered safety teature w/a a.

Manual 1, 2-2 8

Sa 3.3.1.10 actuation systee

=/a 4

m sa 3.3.1.6

1. 2 b.

Automatic (continued) above the P.10 (Power aange meutron rius) taterlock.

.(f) above the P 8 (Power aange neutron Flus) Interlock.

heutron Fivn) interlock.

above the P 10 (Power mange neutron Flus) interlock and below the P.8 (Power aange (g)

(h) abo.e the P.it (Pre.ioriser Preii n interiock.

m t-4 I

i 08/97 Amendment'0 :

KAP 600

-3.3 14-

. i.onierweemmom,,o.usm,

._." ""' e w w,.,4 m.

,i,,,

-~-~~-,,n

i RTS Instrumentation DRAFT table 3. 3.1 1 (page 4 of 31 neactor trip System Instrumentation aPet!Casti

$Pactrit0 atoulato sveyttttauct aLLowas(t fate moots on FUNCTION CONottloml CMahmlLS CMolt tDNS atoutatututg vatut

$tteo!NT 16.

aeactor trip lystem Interlocks (i Ita10 4

Intermediate 2

4

=

la 1.8.1.6 la ).i.1,6 nps) g y tron b.

Power nance 1

4 0

la 1.1.1.6 (s att atP) 1 la 1.) l.9 Neutron plus. P.8 c.

Po.er aanse-1.2 4

w

$a 1.1.1.6 (104 atP) in I.1.1.9 weviron tips, P*10 d.

Pressuriser 1.2 4

N ta 1.1.1.6

[s 1910 la

),3.1.9 pstg)

Pressure. P 11 11.

aeactor trip areakert 1.2 1

P.0 la 3.3.1.5

=/a 1(1),4(j),g(j)

.'tth 2 afts per diviston 18.

neactor trip areaker 1.2 1 each per PQ la 1.1.1.5 N/A 4

are (att) undervoltage 1(3).4(II.l(l) mechanise and thunt tete for mechant ses reautred atts 19.

automatic trip togic 1.2 4

=

la 1.1.1.6 n/a 4

a sa 1.3.1.6

=/4 1(I).4(1).l(3) 20.

act Sta es 1. 2. and I actua ton a.

manwal 1.2 2

e sa 1.1.1.10 w/a 1(3),4(1).l(3) 2 e

$a 1.1.1.10

=/A b.

automatic 1.2 4

m la 1.1.1.6 4/4 1(3),4 )).l(3) 4 a

la 1.1.1.6 w/4 j

I 21.

Core makeup tank actuation

=/4 a.

wanual 1.2 2

a sa 3.1.1.10 d

1 4(8}.I(8}

I

$R 1.1.1.10 w/A b.

automatic 1.2 4

m

$a 1.1.1.6

=/a 4

a sa 1.1.1.6 w/a 1(3).4(3).l(3) etth neactor trip areakers closed and Plant Coetrol Systes capable of ros withdrawal.

())

h AP600 3,3*15 08/97 Amendment 0 Apolitetneret\\l6010101.r07 042ttP

,-.cw.,,--

.. ~

.-.,. ~

,e n.

a-. -..

.-n

,,n--

-e,,-,,a.-

,e,~.

DRAFT

"""""*"Wt table 3 1.1 1 (page $ of $;

neactor trtp system Instrw*entation ute l' ontiitusfAtutLAI C " 8' t.t'}.a g(P -P') + f g( A1)

II *'8'I.p, 9.ag(1+ta )

3t s

(1+ tis) at is measured a($ af,

'F.

s gs the Laplace transform operator, sec'[owta.

'F.

wherei af is tae indicated at at tattu tutamt t is the measured act average temperature.

F.

't.

t' 16 the indicated t,,,at 100% atP.

themeasuredpressuriserpressure,psighIpsig, Pi s the nominal _RC$ operating pressuree Il a s {t!

a. 0.01/'F a, a 0.002/psig P'

t a set

.s sJ 8ec

.s 0 set i

0 set t

t f (41). 0.0% / t when og *. c, e.14 atP t

Oe 8 'O "IP g

4,91$4 / %((g,. 4,) e 1)vhen G and a are percent str in the upper and lower halves of the core respectively, and where e,is the, total tutamt P(men in percent atP.

e, + a, MIL 11 DY.tIASPtLAI lat s '" I*I'* "f IAI) 8 I

I at

- s at0 "e*El (latgs) i where at is measured aCs af.

F.

is the indicated at at AAttD twtanut a,'F.

AfgstheLaplacetransformoperator,sec*

s.

7 is the measured aC5 average temperature. 'F.

a 6. at 100% str

'F.

when f a t

is the indicated 7 *h2/** for increasing t,,#

a,a 0.00219/*F when i e t

T

s 3.145 a

0/*F a

s 0/*f for decreasing t,'

4

$3 e 10 set t

O sec eg = 0 set f;(at) = 0% of air for all 41.

With the channel's mastmum as left trip setpoint shall not esteed its computed trip)setposat by more than channel.

the at channel, the f ave channel and the Pressuriser Pressure channel and (160

'to1Lil (top) at span for the thannel's mastmum as lef t trip setpoint shall not onceed its computed trip letpoint by s4re than the at channei and the f ave channei 3.3 16 08/97 Amendment 0 b AP600.omst,o.esult a.atueo.e.ni e

ESFAS Instrumentation 3.3.2 4

~,

Pc rs 3.3 INSTRUMENTATION 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation i

LCO 3.3.2 The ESFAS instrumentation for each function in Table 3.3.2 1 shall be OPERABLE.

APPLICABILITY:

According to Table 3.3.2 1.

4 ACTIONS

....................................N0TES.....................................

1.

Separate condition entry is allowed for each Function.

The Conditions for each Function are given in Table 3.3.21.

If the 2.

Required Actions and associated Completion Times of the first Condition are not met, refer to the second Condition.

CONDITION REQUIRED ACTION COMPLETION TIME A.

One or more functions A.1 Enter the Condition Imediately with one or more referenced in required channels or Table 3.3.2 1 for the divisions inoperable, channel (s) or division (s).

4 B.

One or two channels B.1 Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months or divisions channel (s) and inoperable, division (s) in bypass.

C.

One channel C.1-Place inoperable 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months inoperable, channel in bypass.

D.

One required division D.1 Restore required 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months inoperable, division to OPERABLE status.

(continued)

P60 3.3 17 08/97 Amendment 0 h A.ocu.0

..o n..

o...m moio m.orm,

,.___.;___.2.._-

.. _ _ _ _. _ _ _ _ _ _ _.. ~ -. _. _. _ _ _ _ _ _ _ _ _.. _ _

ESFAS Instrumentation x

ACTIONS (continued)

COMPLETION TIME f

REQUIRED ACTION CONDITION E.

One switch or switch E.1 Restore switch and 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months switch set to set inoperable, OPERABLE status.

3 F.

One channel F.1 Restore channel to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OPERABLE status.

inoperable 0_R_

72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months F.2.1 Verify alternate radiation monitor, are OPERABLE.

F.2.2 Verify control room 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months isolation and air supply initiation manual controls are OPERABLE.

t G.

One switch, switch G.1 Restore switch, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months switch set, channel, set, channel, or and division to division inoperable, OPERABLE status.

H.

One channel H.1 Place channel in 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months trip.

inoperable, I.

One or two channels I.1 Place one channel in 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months bypass.

inoperable, AND I.2 With two channels 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months inoperable, place one channel in trip.

(continid) 08/97 Amendment 0 3.3 18 h A.oeu.0 -P60. uu unn.ru.oeper

,,e n..

r

1 ESFAS Instrumentation 3.3.2

{'s a

-p ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME J.

One or two interlocks J.1 Verify the interlocks I hour inoperable, are in the required state for the existing plant conditions.

y J.2 Place any Functions 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months associated with ino wrable interlocks in )ypass.

X.

Required Action and K.1 Suspend movement of Immediately associated Completion irradiated fuel Time not met.

assemblies.

L.

Required Action and L.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months associated Completion Time not met.

M.

Required Action and M1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months associated Completion Time not met.

AND M.2 Be in MODE 4.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months N.

Required Action and N.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months associated Completion Time not met.

AND N2 Be in MODE 4 with the 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months RCS cooling provided by the RNS.

(continued)

'l b AP600 3.3 19 08/97 Amendmer,t 0

,,uu.mu.m..<u.o mn,or.ome,,

ESFAS Instrumentation 3.3.2

[:pAcf d,.g l

i ACTIONS (continued)

REQUIRED ACTION COMPLETION TIME CON 0lTION i

0.

Required Action and 0.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months associated Completion Time not met.

AND 1

l 0.2 Be in MODE 5.

36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months P.

Required Action and P.1

........N0TE........

Flow ath(s) may be i

associated Completion uniso ated Time not met, intermittently under administrative controls.

l Isolate the affected 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months flow path (s).

AJ P.2,1 Isolate the affected 7 days flow path (s) by use of at least one closed and deactivated automatic valve, closed manual valve, bliad flange, or check valve with flow through the valve secured.

P.2.2 Verify the affected Once per 7 days flow path is isolated.

(continued) 08/97 Amendment'0 3.3 20--

b AP600

$'""'2""""""."._'*"",._____..

' W 3 p -g

ESFAS Instrumentation 3.3.2 i

]j]

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME f

0 Required Action and 0.1

.....N0TE.

associated Completion flow path (s) may be unisolated Tirne not met.

intermittently under administrative controls.

Isolate the affected 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months flow path (s) by use of at least one closed manual or closed and de-activated automatic valve.

O,.R_

0.2.1 Be in MODE 3.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months AND Q.2.2 Be in MODE 4, 18 hours2.083333e-4 days 0.005 hours 2.97619e-5 weeks 6.849e-6 months R.

Required Action and R.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months associated Completion Time not met.

AND R.2.1.1.......H0TE.........

Flow ath(s) may be uniso ated intermittently under administrative controls.

Isolate the affected 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months flow path (s).

AND R.2.1.2 Verify the affected Once per 7 days flow path is isolated.

(continued) 3.3 21 08/97 Amendment 0 M Aoou.0.

P60

..nwe m..nt.oioio n onon m

ESFAS Instrumentation 3.3.2

{ ^ ^ " 7' ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME R.

(continued)

R.2.2 Be in MODE 4 with the 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months RCS cooling provided by the RNS.

i J

j S.

Required Action and S.1 Be in MODE 3.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months

. associated Completion i

Time not met.

AND S.2.1.1 Be in H00E 4 with the 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months RCS cooling provided by the RNS.

AND S.2.1.2.....

NOTE........

Flow ath(s) may be uniso ated intermittently under administrative controls.

Isolate the affected 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months flow path (s).

AND t

S.2.1.3 Verify the affected Once per 7 days flow path is isolated.

S.2.2 Be in H00E 5.

42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months

' continued) b AP600 3.3 22 08/97 Amendment 0 t rott ap400\\t ec h spe c \\tH 10102. r07 Of li t t

l ESFAS Ins %rumen2ation m,5

,,,.7 3.3.2 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME i

T.

Required Action and T.1.1

... NOTE.

associated Completion Flow path (s) may be unisolated Time not met.

intermittently under 4

administrative controls.

Isolate the affected 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months 6

flow path (s).

1 AND T.1.2.1 Isolate the affected 7 days flow path (s) by use 1

of with at least one closed and deactivated automatic valve, closed manual valve, blind flange, or check valve with flow through the valve secured.

i T.1.2.2 Verify the affected Once per 7 days flow path is isolated.

T.2.1 Be in H00E 3.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months AND T.2.2 Be in H00E 5, 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months 4

(continued) 3.3*23 08/97 Amendment 0 M A.couun..uumoionwr ow.

P600 4,on..

[

. ~.

ESFAS Instrumentagion 3.3.2 p,-

. T.

F.

)

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME U.

Required Action and 0.1 Initiate action to be Immediately in MODE 5 with RCS associated Completion open and visible Time not met, level in pressurizer.

V.

Required Action and V.1 Initiate action to be 168 hours0.00194 days 0.0467 hours 2.777778e-4 weeks 6.3924e-5 months associated Completion MODE 5 with RCS open and visible level in Time not met, pressurizer.

W.

Required Action and W.1 If in MODE 5 with the Immediately associated Completion RCS open and level not visible in Time not met, pressurizer, initiate action to be MODE 5 with the RCS open and visible level in pressurizer.

AND W.2 If in MODE 5 isolate Immediately the flow path from the demineralized water storage tank to the RCS by use of at least one closed and de activated automatic valve or closed manual valve.

AND (continued) h AP600 3.3 24 08/97 Amendment 0

+-..

' - " - - - - ' ' - - - - - - - + - _ - _ _,, _, _

h ESFAS Instrument nn n e.

ACTIONS REQUIRED ACTION COMPLETION TIME CONDITION W.

(continued)

W.3 If in H0DE 6 with Immediately upper internals in place and cavity level less than full, initiate action to be in MODE 6 with the upper internals removed and the cavity full.

AND W.4 Suspend positive immediately reactivity additions.

X.

Required Action and X.1 If in MODE 5 with RCS Immediately associated Completion open and level not visible in Time not met, pressurizer, initiate action to be in MODE 5 with RCS open and visible level in pressurizer.

A_NO X.2 If in MODE 6 with Immediately upper internals in place and cavity level less than full, initiate action to be in MODE 6 with the upper internals removed and the cavity full.

. A_NO X.3 Suspend positive Imediately reactivity additions.

(continued) 1 08/97 Amendment 0

- @ AP600 3.3 25 j

,o n.. x u u... o n o m e o r e m,

- ~ -

2 -

ESFAS Instrumentation

,. r. 7 3.3.2

,s ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME Y.

Required Action and Y1 If in MODE 5 initiate Immediately associated Completion action to be in MODE S with the RCS Time not met.

intact and visible level in pressurizer.

J A

Y.2 If in MODE 6 with Immediately upper internals in place and cavity level less than full, initiate action to be in H0DE 6 with the upper internals removed and the cavity full.

AND Y.3 Suspend positive Immediately reactivity additions.

@ g 00 3.3 26 08/97 Amendment 0

ESFAS Instrumentation 3.3.2 M.A U T is

.r 3

SURVE!LLANCE REQUIREMENTS

.................................... NOTE.

Refer to Table 3.3.2 1 to determine which SRs apply for each Engir.eered Safety Features (ESF) Function, j

SURVEILLANCE FREQUENCY t

SR 3.3.2.1 Perform CHANNEL CHECK.

12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months SR 3.3.2.2 Perform ACTUATION LOGIC TEST.

92 days on a STAGGERED TEST BASIS SR 3.3.2.3

...N0TE.................

Verification of Setpoint not required for manual initiation functions.

Perform TRIP ACTUATING OEVICE OPERATIONAL24 months TEST (TADOT).

f SR 3.3.2.4

...............N0TE......

This surveillance shall include verification that the time constants are adjusted to the prescribed values.

Perform CHANNEL CALIBRATION.

24 months SR 3.3.2.5 Perform CHANNEL OPERATIONAL TEST (C0T).

92 days SR 3.3.2.6 Verify ESFAS RESPONSE TIMES are within 24 months on a STAGGERED TEST limit.

BASIS

- (continued)

P60 3.3 27 08/97 Amendment 0 h A.oou.0 '.m.omu x,..,n,

..o n..

r..

4

"'*umir-

+m-w

ESFAS Instrumentation 3.3.2

p. n p

.T, SURVEILLANCE REQUIREMENTS (continued)

FRE0VENCY SURVEILLANCE

...................N0TE..............

SR 3.3.2.7 This Surveillance is not required to be performed for actuated equipment which is included in the Inservice Test (IST)

Program.

24 months Perform ACTUATION DEVICE TEST.

SR 3.3.2.8 4 months Perform ACTUATION DEVICE TEST.

SR 3.3.2.9 3.3 28 08/97 Amendment 0 b AP600.. nisciosas.41.e.,

..cis. soouu

ESFAS Instrumentation 3.3.2

] r'% A s-up

. a

.M a.. h table 3.3.2 1 (page 1 of 12)

Engineered Safeguards actuation System instrumentation arettCAstt woots on otuta suavt tttawct Attowaatt tate Conottlo=5 cuan=tts COND113DNS atoutatutNTl vatut

$21 POINT Settlttto atoutato FuwCtt04 w/a 1

lafeguards actuation a, manual thittation 1,2,3,4 2 settches 8,0 sa 3.3.2.5 4/4 2 twitches G,y la

),1,2.)

(s 3.0 psig) 4 e.o se

. ),,.1

.a b, contain*ent 1,2,3,4 se

.1..J.$

pressure. utgh !

lala

).

,L4 1,2,)(8) 4 6,4 la

,,,1,P,1 (a 16al psig}

la 1 ).a.a C. Ptessurifer sa

),1, L 5 Pressure - tow la

).),2,6 (kAD5 or 1,2,1(a) 4 per e,w sa )..,, j ',1 125 v> psia sa 3, l,a,a see hoto f)

d. Steam Line steam line la

3. h d.l Pressure - tow la

).).2.6 1,2 )(8) 4 per loop S,M la D

, l',1 (a119or sto F ga

,;.a See Mote 2]

e, aCl Cold tog Sa 11,4 4 tempefeture la h 1.J,o (tcold)

tow (continued) i is below that necessary to above the P*ll (Pressuriter Pressure) interlock, when the aCl boron Concentrat on meet the shutdown margin reewirements at an aCl temperature of 200*F.

(a) d og s (l) seconds, time constants used in the lead / leg controller are tg a (50) seconds an Chapter il safety analysis the values specified in brackets in the trip $etpoint column are the SSAn (b) values and are tac 19ded for reviewer information only, aeviewer Note:

l mn are typical values for the Function, in the $$aa chapter il safety analyses i

the values specified in brackets followed by " * " in the trip letpo nt co u i

)

no credit was assymed for these Functions (typically diverse trips /actuat ons and no safety analysis value is available.

ified is a typtcal value for the l

ility to The "satterv Charger input voltage - tow" Functions (1$.5 and 20,b) va ue specthe ac function alth degraded voltage as well as the setpoint methodology, sunction.

i ts, upon the values specif ted in brackets must be replaced alth the actual trip 5etpo ns h

selection of the tastrumentotton the frte letpotnts will be calculated in a tat methodology and following the setpoint study, Allowable values =t11 be calculated in accordance with the setpo described in wcAt 14606 spectf ted in the allowatte value column, accepted setpotet methodology, 405 psto is for a steaaline break outside containment, 521 pate $$ for a steamitne break instdo containment, Note 11 wate 1: af0't 16 for a steamline break, 510'r is for Cv5 malfunction.

08/97 Amendment 0 b AP600 3.3 29 t e01\\ ee 600\\ t e c n t ee t \\ l 6010301. ro f 04,i t s ?

O

-. ~. _ - - - _. - _.

t ESFAS Instrumentation 3,3.2 j

m., c" T, 4

s.

.i i

t table 3.1.2 1 (page 2 of 12) tagineered Safeguards actuation lyste* Instrumentation I

i aPPLitalit moots on otHta SvavitLLANCE ALLomasLt talp i

$ttCIFito atoulat0 FVNCTION CON 0lT1oNS CMaNNiil COND!tIDNS atQUlalMtNtl Valyt itTPolhT j

4 2

Core makeup fank (CWT) actuation N/a

a. wanual Initiation

1. 2.1. 4 U )

2 twitches t,u la 1.1 2.1 f

a(*). lit) 2 switches t.V la I.),2.1 N/a l(a f.0s')

1. 2.1. a U )

a 6.m la

.;'.1 a 1.M)

b. Pressurfter water la l.;.a Low 2 Sa i.,.g Level a

la I.i (la 1.0%))

, p,pe aUI. 1(c.1) 4 g,y gg 3,;i,;,g la 1...;'.a 1

la

). I.,',)

la 5.l.J.e aefer to Function 1 (Safeguards actuation) for initiating functient and c, lafeguards actuetton requirements.

aefer to f unction 9 (ADS Stages 1. 2 & I attuation) for aII initteting

d. ADI $tages 1. 2.

& 3 actuation functions and reautrements.

I 1

Containment

! solation

a. manual initiation 1.2.3.a 2 switches t.0 la 1.1.2.3

"/"

5.6(*)

2 settches G.y la 1.1.2.1 N/A sofer to Function 12.a (Passive containment cooling actuation) for ti. =anual Initiation of Passtve initiating functions and requirements.

Containment Cooltag aefer to function 1 (Safeguards actuation) for initiating functions and

c. Safeguards.

actuation reautrements.

(continued)

(c) above the P 12 (Pressurifer Level) interlock, i

(1) eith the aCl pressure boundary intact.

with the aCl not being cooled by the hermal aesidual neat nemoval lystem (ann).

(j) wot applicable for valve isolation functions whose associated flow path is isolated.

(*)

l (n) with the aCl being cooled by the anl.

HAP 600 3.3 30 08/97_ Amendment 0 4e,naeaoou m.eentlo,eio: ror.o.oes,

ESFAS Ins %rumentat9on 3.3.2 M.., ^ F T l

s

\\

table 3.3.2 1 (page I of 1))

l Ingineered Safeguards actuation System instrumentation

.,,a ci.a u00tl on otMtt SuavtiLLANCI ALLLbAsLt fatP SPtCtr!!D kt0U!At*

FUNC1104 C0=DITIONS CHANNELS CONotitDNS a t 0Vit t uf. Nil v&Lut litro1NT 1

a.

Steam Line isolation N/A

a. Manual Initiation

1. 2.1. a O I 2 switches t.$

$2 3.).2.)

1.2.1.aCl) a 6,N la P,1 (s 6.0 psig) la a.a

b. Containeent Pressure - utgh 2 14

..J.$

SR I.l.2.6 C.

Steam Line Pressure ihofI,o,r, ap 8,W

$4

l..P.!

1,2,)IO) stea.er (1) S, team Line une S

l.

.e.a ressure -

la

l. l.J.l let hote 1]

Low SR I. l.J.6 1(d) a per 8,w la

).'),2,1 (s 100 (2) Steam Line steam line 54

..;.a pst with Pressure-it l.D.}

(1**

heestive 14 l.J.o constant a aate

Migh 50 seconds)

(a $10 e h

1 1*I*I '

' 88' I"D 8+"

I" i.

.a 470*F

d. tcold

l'*

la

l. l.J.$

let Note 2]

la

.1. l.J.6 la turbine trip nefer to function 6.a (manual main teedmater Control a, manual main 1,2 valve Isolation) for reeutrements.

feedmeter Isolation b.

SG Narrow aange 1,2 a per SG 8.L la D.

2.1

[s914)

.P.a la o.

P.$

water Level la l.

utgn 2 SR

.l.).P.6 aefer to function 1 (Safeguards actuation) for initiating functions and

c. Saf eguards actuation requirements.

Refer to Function 16.a (lltal Interloths, Reactor trip, P*a) for d, teactor trip t

reovirements.

(continued) above the *.11 (Pressuriger Pressure) interlock, when the aCl boron concentration is below that necessary meet the shutdown margin requirements at an aCl temperature of 200't.

(a) s ($1 seconds.

time constants used in the lead / lag controller are og a (10) seconds and is (b) telow the P.11 (Pressuriger Pressure) interlock.

(d)

O) wot appitcable 1f the alivs are closed.

is for a steasitne break outside containment.

mote 11 40$ psi

$21 ps' is for a steamline break snstde containment.

=ote 2:

470*t is for a steestine break. 110*F ts for Cvl malfunction, b AP600 3.3 31 08/97 Amendment 0

e. mu.m,enismio w.omst -

...,.-n.

.r.

+.--,.,

.--,,,,n

ESFAS Instrumentation 3.3.2

[t', r,'l 7

/*

s I

table 3.3.2*1 (page a of 12) tagineered Safeguards actuation System instrumentation t

AePttCABLE tale N00tl on otuta SvavittLANCt Attowag(g letttitt0 at0UlffD

$(TPQlNT Co*0!?ID=5 CMANN(t$

COND!tjQN)

O(Qula(M(Nt$

WAty(

FUNC110N 6.

usin feeduater Control valve N/4

a. Manuel Initiation 1.2.3,4(*)

2 snitches E.1 3.1.2.)

Isolation

[spn)

.P.1 1,2,3,4(1.*)

a per $c ea sa 1..;>.4 sa

b. $6 Nortow aange sa 1.

.d.$

=ater tevel -

St J.3.2.6 N'gh 2 nefer to f unction 1 (Safeguards Actuation) for all initiating functions

c. Safeguards and requirements.

(a 542't']

4 e,L te :.).P.1 actuation 1,2 sa L3; 4

d. nesctor Coolant sa I. 3.a5 average 52 3 3.d.6 temperature (f,g) - tow 1 aefer to Function ll.a (t$tal Interlocks, atactor trip, P 4) for Coincident with neactor trip reevirements.

F.

main teed =ater Pump trip and valve N/A

=anual Initiation 1,2,3,4(8)

I twitches t,$

Sn 1.1.2.3 isolation (s g14) 1,2,3,4(j'*)

4 per $c 4a la 1.p.P.1 4

sa J.;.4 water tevel ge SG Nortow aan

$a 1,0.5 b.

ta

.1.d.6 Mtph 2 aefer to Function 1 (Safeguards Actuation) for initiating functions and

c. $.feguards (a 542'F*]

Actuation requirements, 1,2 2 per loop gt

$a 1

.P,1 a.;

4 la.

d, acactor Coolant sa l.

I.,.1 average Sa J.1.J.6 temperature tavg aefer to Function II.a (flFAS Interlocits, atactor Trip, P 4) for

- Lo" 2 Cotacident with agactor trip requirements.

(continued) l lystee (aNS).

with the eC$ not being cooled by the Normal assidual Heat menova flow path is isolated.

())

mot applicable for valve isolation Functions whose assottated

(*)

08/97 Amendment 0 3.3 32-h A.P600 4eenae oou naten u.on w u r.oene,

DRAFT

'S'^5 '" * **" E Table 1.3.2 1 (page 5 of 12) tagineered safeguards Actuation system Instrumentation APPLICABLE M0011 On OTHER SuavttLLANCE ALLowasLt Talp FUNCTf0N CONo!TIONS CHANNELS CONO3730NS tt0UIRtut4Ts vALut StTPotNT SPECIFit0 atQutatD 8,

Startup feedeater Isolation (5 9WI 3.3.{.1 1.2.3.a(*)

4 per SG t.S 54 3.3..a 54

a. SG harrow aange water Level 54 3.3.2.I High 2

$R 3.3.2.6 (a $10 or 1.2.3 a per loop s.m SR 3.3.2.1 470's la

3...a See Note 2]

t*, Tcold. Low sa

3.. 5 Sa

3.. 6 9.

ADS Stages 1. 2 & 3 N/A

(,.tuatton

a. manual Initiat'on 1.2.3.4 2 switch t.o sa 3.3.2.3 sets N/A 5.6(9) 2 switch G.x sa 3.3.2.3 sets (a 67.5%)

b. Core makevo tank 1.2.3.4 a per tank t.o

$a 3,3.2.1 volume sa 3.3.2.4 (Cut) Level -

sa 1.1.2.5 Low I sa 1.3.2,6 (a 67.5%)

5(C) 4 per tank 6.y sa 3.3.{.1 volbee SR 3.3.4.a SR 3.3.2.5

.a 3.3.2.6 nefer to Function 2 (Cwt actuation) for all initiating functions and requirements.

Coincident with Cut actuation (continued) tration is below that necessary to meet the shutdown margin reautrements at an aCS temperature of 200*F.Above the P.1 (a)

Above the P 12 (Pressuriser Level) interlock.

(c) with upper internals in place and refueling Cavity less than full.

(g)

Not applicable when the startup feedwater flow paths are isolated.

(0)

Note 2: 470'r is for a steamline break. 510's is for Cv5 malfunction.

b AP600 3.3 33 08/97 Amendment 0

, eo tueeoou c o...e n t.o ic ione r. oto..,

^

ESFAS Instrumentation-p es A c=

.,/ 4 4 -

3.3.2 table 3.3.21 (page 6 of 12) -

Engineered Safeguards actuation System Instrumentation APPLICA6Lt M00t5 Da CtHta guavt1LLANCE -

ALLO.Agtt tage FUNCTION CONDITIONS ChahhtL5 CONDITIONS a!QutatutNT5 vaLut

$ttro!NT

$7tCIFit0 atQutato 30.

ADS stage 4 N/A Actuation

a. =anual Initiation 1.2.3.4 7 switch E.o la 3.3.2.3 sets Cotncident with N/A 5.6(g) 2 settch cx

$a 3.3.2.3 sets (a 1200 1.2.3.4 4

8.o Sa 3.3.2.1 psig)

Sa 3.3.1 4 aCs wide aange pressure - Low.

sa 3.3.2.5 54 3.3.2.6 or sa 3.3.2.1 (a 1200 5.6(9) 4 s,x 4

Dsig) la 3.3.l.4 54 3.3.l.5 Sa 3.3.2.6 nefer to Function 9 ($tages 1. 2, & 3 Actuation) for initiating AD$ Stages 1. 2 & functions and requirements 3 actuation volu(me level a lot

b. cut Level - Low 2 1.2.3.4 4 per tank 8.o sa 3.3.2.1 sa 3.3.2.4 span) sa 3.3.2.5 sa 3.3.2.6 5(C) 4 per tank e,v sa 3.3.2.1 (a los 1.

sa 3.3.2.4 volume level sa 3.3.2.5 sDan) sa 3.3.2.6 4

ao sa 3.3.2.1 Coincident with 1.2.3.4 sa 3.3.2.4 (a 1200 acs wide aange Sa 3.3.2.5 psig)

Pressure - Low.

sa 3.3.2.6 and 5(C) 4 s.v

$a 3.3.2.1 sa 3.3.2.4 Sa 3.3.2.5 (a 1200 54 3.3.2.6 psig) aefer to sunction 9 (405 Stages 1. 2 & 3 Actuation) for initiating functions and l

Coincident with ADS Stages 1. 2 & rewirements I actuation (continued) above the P-12 (pressuriser Level) interlock.

(c) full.

'with us, der internals in place and refueling Cavity less than (g) 08/97 Amendment 0 h A.coss.0 3.3 34 P60

.e.mae sna-se

,,,al. m.e.g.s, e

L------

er' r

- ESFAS Instrumentation-7 3.3.2

. n,....

4

.L table 1.3.21 (page 7 of 12)

Engineered Safeguards actuation System Instrumentation APPLICASLt-ucots On OTMta SuavetLLANCE.

ALL0matLE talP

$PECIfit0 afQutaf0.

FUNCTION CONo!TIONS CHANNELS CON 0!TIONS atQytatutNTS vatut StfPotNT 11.

neactor Coolant Pump frty nefer to Function 9 (405 Stages 1. 2 & 3 Actuation) for initiating functions and 4 405 5tages l' 2 &

3 Actuation requirements,

b. neatter Coolant 1,2 4 per aCP e,L sa 3.1 7 1 (s 320'F*)

Sa 3.3.2.4 Pumo tearing la 1.1.2.5

-ester temperature 5a 3.3.2.6

- M10h aefer to punction 2.a (Manual Cwi Actuation) for requirements.

c. Panual. Cut Actuation-((a?.Ose) 4 e.N sa 3.3.2.1 1.2. 3. 4 (D a1.0s) 5a 1.1.2,4

d. Pressuriter water Level Low 2 la 3.1.2.5 54 1 3.2.6

(( 7.os')

4("). 5(C+3) 4 s,v SL 3.3.2.1 a1.0%)

la 3.3.2,a 5a 3.1.2.5 la 3.3.2.6 nefer to Function 1 (Safeguards actuation) f(r initiating functions and roovirements.

4.

Safeguards Actuetton 12.

Passive containment

- Cooling actuation N/A

a. manual Initiation 1.2.3.4

'2 switch t.o sa 3.3.2.3 sets 5.6('I 2 switch G,Y SR 3.3.2.3 N/A sets

-b.

Contatnment 1.2.3.4 4

s,o la

3. 3. 2.1 -

(s 8.0 psig) sa 3.3.2.4 Pressure - Nigh 2 54 1.3.2,5 la 1.3.2.6 (continued) above the P 12 (Pressuriter Level) interlock.

(C) -

(e) with reactor shut doen less than 100 hours0.00116 days 0.0278 hours 1.653439e-4 weeks 3.805e-5 months .

tesidual Heat memoval system (aN5).

())

with the.aC5 not being cooled by the Norma (n) with the aCl being tooled by the aul.

\\

08/97-Amendment 0 h AP600 3.3 35 t e01\\ ep600\\ t e ta spec \\ t6c l0102. ro f. 040497

i-ESFAS Instrumentation a _f 3.3.2

.% y 1

~..a_-s a

t bie i.3.2 1 coage of 12)

Engineered safeguards Actuation system Instrumentation APPLICASLt moots on ofHta SPECIFitD REQUtat0 Suavt tLLatect.

ALLonASLt fate f uNCT 30N CON 0!T1045 CHANNtL5 CONotTIONS GEQu!BLMENTS VALUC SLTPotNT 13.

Passive tesidual west Removal Meat

(* Changer Actuation

. a. Manual Initiation 1.2,3,4U) 2 Switches E,N SR 3.3.2.3 N/A 4("). $(1) 2 switches t,U SR 3.3.2.3 N/A

1. 2. 3. 4 U) 4 per SG s.N st 3.1. 2.1 -

(e 45.000 SR 3.3.2.4 lba) b.

5G % arrow aange

- water Level - Low 54 1.3.2.5 54 3,3.2.6 Coincident with 1,2,3,40) 2 per M,N SR 3.3.2.1 (a200gpm feedneter 54 3.3.2.4 per SG J startup Feedwater itne 54 3.1.2.$

Flow - Low SA 3.3.2.6

c. SG wide mange 1,2,3,4U) 4 per SG e.N

$4 1.3.2.1 (a 25,000 54 3.1.2.4 lbel mater Level - Low 54 3.3.2.5 SR 3.3.2.6 nefer to Function 9 (ADS 5tages 1, 2 & 3 Actuation) for initiating

d. 405 Stages 1,2 &

3 Actuation functions and reevirements.

- e. Cwt Actuation 1,2,3,40) nefer.to Function 2 (cwt Actuation) for initiating functions and reautrements.

4("). $(1)

Refer to Functions 2.4 and 2.b (CMT Actuation) for initiatin9 functions and reautrements, 1.2.3.4U'D) 4 e,N SR 3.3.2.1 (ss0U) f, Pressurtaer water Sa 3.).2.4 Level. Nigh 3 sa 3.s.2.5 sa 3.3.2.6 (Continued)

(i) with the aC5 pressure boundary intact.

with tt,e aC5 not being tooled by the Normal nesidual west memoval System (ANS).

U)

( $)

with the RC5 being Cooled by the mNS.

(p)

Above the F 19 (RCS Pressure) interlock, 3.3 36 08/97-Amendment 0 h AP600 l

. eon.e.oouse..eu u.oiuo u v.o.o m l

~ -------- _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

'l rs r-ESFAS Instrumentation I.)$ [., p' p 3,3,2 tl &

l Table 3.3.2 1 (page 9 of 12) j Engineered Saf eguards Actuation System Instrueentation h

APPLICABLE moot $ OTMia SPECIF1tD atQutat0 suavt!LLANCE ALLOWABLE Ta!P FUNCTION CONDITIONS CHANNEL 5 CONDIT1045 atQuintutNil VALut 5ttro!NT 14.

SG tiowdown isolation

a. Passive Residual 1,2,3.4U**)

nefer to Function 13 (Passive aesidual weat nemoval west semoval Meat Heat tschenger actuation) for all initisting functions and requirements.

tacharger Actuation 1.2.3,40) 4 per 5G s.a sa 1.3.2.1 (a 45.000 Sa 3.3.2.4 lbe)

b. SG harrow aange water tevel - Low Sa 3.3,2.5 Sa 3.1.2.6 15.

soron Oilution slock 2(f),3,4(*)

4 s.t Sa 3.3.2.1 (s source

<a 1,1,2,4 mange Flua a

a. Source aange Neutron Flus sa 3.3.2.5 1.6 in 50 multiplication Sa 3.1.2.6 minutes]

'5(*)

4 s,P Sa 3.3.2.1 (s Source

~

Sa 1.1.2.4 aange Flut x Sa 3.3.2.5 1.6 in 50 54 3.3.2.6 minutes nefer to Function 18 a (t$Fa5 Interlocks, aeactor Trip, P 4) for all b.

neactor Trip reautrements.

4 sT Sa 3.1.2.3 (a 143 v')

c. sattery Charger 1,2,3,4(*)

Input voltage -

divisions sa 3.3.2.4 Low 5(*)

4 s,P sa 3.3.2.3 (a 343 v')

divisions sa 3.3.2.4 4

16.

Chemical volume and Control system makeup Isolation (s 954]

1,2,3,40+*)

4 per SG e,a sa 1.3.2.1 SG harrow aan water Level ge Sa 3.3.2.4 a.

sa 3.3.2.5 Migh 2 la 3.3.2.6 1,2,3(*)

4 s,Q la 3.3.2.1 (s 30%*]

D. Pressuriter water sa 3.3.2.4 Level - wtgh 1 sa 3.3.2.5 sa 3.3.2.6 1,2,3,4U***D) 4

-s,T sa 3.1.2.1

[s 67% or sa 3.3.2.4 74%.

See

c. Pressuriser water Level - wigh 2 la 3.3.2.5 Note 3]

la 3.1.2.6 1,2,3(*)

4 s,q Sa 3.3.2.1 (s 100 m/hr)

d. Containment Sa 3.1.2.4 madioacttvtty -

sa 3.3.2.5 wigh 2 sa -3.3.2.6 (continued)

(f).

selow the P 6 (Intermediate Range Neutron Flus) interlocks.

with the act not being cooled by the Normal aesidual weat nemoval system (aN5),

())

Not appitcable for valve isolation Functions whose associated flow path is isolated.

(m) 4 (p) above the P 19 (nCS Pressure) interlock.

=ote 3: 674 ts the nominal setpotnt.

144 is the analysed setpoint.

AP600L 3,3 37' 08/97 Amendment-0 iPonae.ocuunseau.omor e.ceom y _.-

ESFAS Instrumentation 3,3,2 p-n A C i*

t r+

..i Table 3.1.2 1 (page 10 of 12)

Engineered Safeguards Actuation System instrumentation APPLICABLE N00t5 OTMtm Suavt1LLANCE ALLOWABLE Ta!P fuhC110M CDNDIT!DNS CHANNELS CON 0!T!DNS atOulatutNT5 v&Lut S ET POINT SPECIFit0 a(OVlat0 17.

Normal eesidual Heat memoval System Isolation 1,2,3 *)

4 s.Q Sa 1.1.2.1 (s 100 m/hr)

C sa 3.3.2.4

a. Containment aadioattivity -

Sa 3.1.2.5 High 2 Sa 1.3.2.6 1,2,3(*)

Refer to Function 1 (Safeguards Actuation) for al'.

b. Safeguards initiating functions and reoutrements.

Actuation 18.

ESFAS Interlocks a.

atactor Trip, P 4 1,2,3 3

0,u la 3,3.2,3 ufa divisions

b. Pressuriger 1,2,3 4

J,m sa 3.3.2.1 (s 1970 psig)

Sa 3.3.2.4 Pressure, P.11 sa 3.3.2.5 sa 3.3.2.6

c. Intermediate 2

4 3,L la 3.1.2.1 (a it-10 sa 3.3.2,4 ames) mange Neutron Sa 3.3.2.5 Flus, P 6 sa 3.3.2.6

d. Pressuriser 1,2,3 4

J.m Sa 1.3.2.1 (Above pressuriger 54 3.3.2.4 water Level Level P*12 sa 1.3.2.5

- Low 1 sa 3.3.2.6 setpoint of 204) 4 J.H Sa 3.1.2.1 (a700 psig]

1,2,3,4(I)

SR 3,3.2,4

e. aC5 pressure, P.19 la 3.3.2.5 Sa 3.3.2.6 19.

Containment Air Filtration System isolation (s 2 R/hr}

a. Containment 1,2,3 4

s,Q Sa 3.3.2.1 sa 3.3.2.4 aadioactivity -

Sa 3.3.2.5 Migh 1 Sa 3.3.2.6 aefer to Function 3 (Containment Isolation) for initiating functions and

b. Containment Isolation requirements.

(continued) with the aCS not being cooled by the normal metidual Heat memoval System (aNS).

(j) is isolated.

Not applicable for valve isolation Functions whose associated flow path

(*)

h AP600 3.3 38 08/97 Amendment 0 iean.eooou. menu.oicion.m.o. n, l

ESFAS Instrumentation 3.3.2 I3,y.,,

L Table 3.3.21 (page 11 of 12) tagineered safeguards Actuation System Instrumentatica APPL 1CASLE TatP N0015 oTHEn Suavt1LLANCE ALLowasLE CONDIT!oNS CHANNEL 5 CONo!T1oN5 stoutatutmTS VAtut

$tTPotNT SPEC 17tED atOUInto FUNCT!oN 20.

uain Control aoom Isolation and Air (s 2:103 supply Intttation 1.2.3.4 2

r,o sa 1.1.2.1 curtes/m sa 3.1.2.4 oose

a. Contro) aoom Air sa 3.3.2.5 touivalent suppir eadtation sa 3.3.2.6 1 131)

- nt gli 2 (s 2 103 sa 1.1.2.1 curies /m Note (h) 2 c,n Sn 1.3.2.4 pose sa 1.3.2.5 toutvalen:

sa 3.5.2.6 1 131)

(al43 v']

4 so sa 1.1.2.3 1.2.3.4 la 3.3.2.4 b,

sattery Charger divisions Input voltage -

[, 34) v+)

4 c.n sa 3.3.2.3 Low Note (h) sa 3.3.2.4 divisions Aus111ery spray and 21.

Purification Line (20.0v) 4 a.L sa 1.3.2.1 Isolation Pressuriser water 1,2 sa 3.3.2.4 Sn 1.1.2.5

a. tevel - tow I 5a 1.3.2.6 22 In-Containment asfueline water Storage tank (:r.wsT)

In}ection Line valve m/A

1. 2. 3. 4 U) 2 switch t,N ta 3.3.2.3 actuation

a. uanual initiation sets 10 (405 4th stage Actuation) for initiating functions nefer to

unction

b. Aos 4th stage and requirements, Actuation (a 1 in.

4(n) 5,6(9)

__1 per loop w.y

$a 1.1.2.1 above %ttom sa 1.3.2.4 inside

c. Coincident aCs sa 1.1.2.5 surface of Loop 1 and 2 Hot

$a 3.1.2.6 the hot Leg Level - Low legs) 6' lawsf Containment 23 necirculation valve Actuation w/A 1,2,3,4UI 2 switch t,w sa 3.3.2.3 wanual Initiation :

sets m/A 4.

4("). 5. 6(9) 2 switch c.y sa 3.3.2.3 sets nefer to Function 1 ($afeguards Actuation) for all initiating functions b.

Safeguards and requirements.

actuetton (continued) full.

with vocer internals in place and refueling cavity less than (9) fuel assectites.

ouring movecent of irradiattj al systeo (aus).

(h) unth tne ac$ not being cooled by the wormal assidual Heat memov (1)-

with tne aCs being cooled by the aM$.

(n) 08/97 Amendment 0 l 3.3 39 h AP600

.,,on...ocu.meuusoioiar.eosom

_1--

4 ESFAS fnstrumentation

.s m y 3.3.2 table 3.3.2 1 (page 12 of 12)

Engineered Safeguards actuation Systeo Instrumentation APPLICAsLE moots OTHta Suavt!LLANCE ALLowastt inte SPECIFIED Rf0V!nto VALUt

$(TPO!NT FUNCTION CONDITIONS CHANNELS. CONDIT10NS aggutREMENT$

24 Spent Fuel Pool

a. Spent Fuel Pool 6

3 C.*

Sa 3.3.2.1 (37.5 ft.)

Isolation sa 3.3.2.a Level - Low sa 3.3.2.5 ta 3.3.2.6 1

N/A 21.

(5FACs togic

a. Actuation 1,2.3.4 4

0.0 SR 3.3.2.2 divisions.

Subsystems I battery-backed subsystee per division

)

N/A

$.6(9) a G.w SR 3.3.2.2 divisions.

1 battery-backed subsystem per division N/A 26.

PLCs Functional Logic 1.2.3.4 4

D,0 sa 3.3.2.2 5R 3.3.2.7 divisions.

a.

Sa 3.3.2.8 Subsystem 1 battery-backed subsystee j

per cabinet N/A 5.6(9) a G.w sa 3.1.2.2 Sa 3.3.2.7 divisions.

1 battery-backed subsystem per cabinet 27.

Pressurizer weater Trip nefer to Function 2 (Core makeup Tank Actuation) for all initiating In addition to the requirements for

a. Core makeup fank functions and requirements.

Function 2. SR 3.3.2.9 also applies.

Actuation 28.

Chemical and volume 2

Control systee (s 3 in.

Letdown Isolation

a. not Leg Level -

4(") 5.6(9) 1 per loop C.T sa 1.3.2.1 above inside la 3.3.2.4 surface of Low 1 sa 3.3.2.5 the hot sa 3.3.2.6 legs)

(continued) with upper internals'in place and refueling cavity less than full.

(g) d flow pat. is isolated.

6 Not applicable for valve isolation Functions whose associate (m) with the RC5 being cooled by the RN5.

(n) 08/97 Amendment 0 h AP600-3.3 40

..o n.. amu.o..uu.o io iou r.os u,,

n-

RTS Instrumentation

-B 3.3.1 7,,,

,g B 3.3 -INSTRUMENTATION B 3,3.1. Reactor Trip System (RTS) Instrumentation

=

BASES The RTS initiates a unit shutdown, based upon the values of BACKGROUND selected unit parameters to protect against violating the core fuel design limits and Reactor Coolant System (RCS) pressure boundary during anticipated operational occurrences (A00s) and to assist the Engineered Safety Feature Actuation System (ESFAS) in mitigating accidents.

The Protection and Safety Monitoring System (PMS) has been This is designed to assure safe operation of the reactor.

achieved by specifying limiting safety system settings (LSSS) in terms of parameters directly monitored by the RTS, as well as specifying LCOs on other reactor system parameters and equipment performance.

During A00s, which are those events expected to occur one or J

more times during the unit life, the acceptable limits are:

The Departure from Nucleate Boiling Ratio (DNBR) shall be 1.

maintained above the Safety Limit (SL) value to prevent departure from nucleate boiling (DNB);

2.

Fuel centerline melt'shall not occur; and The RCS pressure SL of 2750 psia shall not be exceeded.

3.

Operation within the SLs of Specification 2.0. " Safety Limits (SLs)." also maintains the above values and assures that offsite doses are within the acceptance criteria during A00s.

Design Basis Accidents (DBA) are events that are analyzed even though they are not expected to occur during the.

unit life. The acceptable limit during accidents is that the offsite dose shall be maintained within an acceptable fraction of the limits. Different accident categories are allowed a different fraction of these limits, based on the Meeting the acceptable dose limit probability of occurrence.

for-an accident category is considered having acceptable consequences for that event.

i (continued) h AP600 8 3.3 1 08/97 Amendment 0 uo m u a.

n ae m o v er.o. u i,

RTS Instrumentation B 3.3.1 L

s BASES The RTS maintains surveillance on key process variables BACKGROUND which are directly related to equipment mechanical (continued) limitations, such as pressure, and on variables which directly affect the heat transfer capability of the reactor, such as flow and temperature, Some limits, such as Overtemperature AT, are calculated in the integrated protection cabinets from other parameters when direct measurement of the variable is not possible.

The RTS instrumentation is segmented into four distinct but interconnected modules as identified below:

Field inputs from process sensors, nuclear l

instrumentation:

Integrated Protection Cabinets (IPCs):

Dynamic Trip Bus: and Reactor Trip Switchgear Interface.

Field Transmitters and Sensors Normally, four redundant measurements using four separate.

sensors are made for each variable used for reactor trip.

The use of four channels for protection functions is based on a minimum of two channels being required for a trip or actuation, one channel in test or by) ass, and a single failure on the remaining channel.

Tne signal selector in the Plant Control System (PLS) will function with only three This includes two channels properly functioning channels.

For protection and one channel having a single failure.

channels providing data to the control system, the fourth Minimum channel permits one channel to be in test or bypass, requirements for arotection and control is achieved with only The fourth channel is provided to three channels OPERABLE, increase plant availability, and permits the plant to run for The an indefinite time with a single channel out of service.

circuit design is able to withstand both an input failure to the control system, which may then require the protection Function actuation, and a single failure in the other Again, channels providing the protection Function actuation.

a single failure will neither cause nor prevent the Tnese requirements are protection Function actuation, (continued) 08/97 Amendment 0 8 3.3 2 b AP600.m m 4,.m,,

mm.m.uu

-m

RTS !nstrumentation B 3.3.1 N r'

<e it.

BASES Field Transmitters and Sensors (continued)

BACKGROUND The actual number of described in IEEE 279 (Ref. 5).

channels required for each plant parameter is specified in Reference 2.

Selected analog measurements are converted to digital form b digital converters within the integrated protection cabinets.

Signal conditioning may be applied to selected inputs following the conversion to digital form.

Following necessary calculations and processing, the measurements-are compared against the applicable setpoint for that variable.

A partial trip signal for the given parameter is generated one channel measurement exceeds its predetermine trip is duplicated in each of the four redundant divisions o calculation limit.

Each division sends its partial trip the protection system. status to each of the other three divis Each division is caoable of generating a multiplexed links. reactor trip signal if two or more of tw red of a single variable are in the partial trip state.

The reactor trip signal from each of the four integrated protection cabinets is sent to the corresponding reacto Each of the four reactor trip actuation The actuation division.

divisions consists of two reactor trip circuit breakers.

reactor is tripped when two or more actuation divisionsT receive a reactor trip signal.

initiates the following two actions:

It de energizes the undervoltage trip attachment on eac 1.

reactor trip breaker, and It energizes the shunt trip device on each reactor trip 2.

breaker.

Opening of the Either action causes the. breakers to trip.

appropriate trip breakers removes pow This rapid negative reactivity insertion shuts the core.

down the reactor.

(continued) 08/97 Amendment 0 8 3.3 3 h AP600

RTS instrumentation B 3.3.1

," ? e"

~ T, BASES IPCs BACKGROUND.

The IPCs contain the necessary equipment to:

(continued)

Permit acquisition and analysis of the sensor inputs.

including plant process sensors and nuclear instrumentation, required for reactor trip and ESF calculations:

Perform computation or logic operations on variables

-based on these inputs:

Provide trip signals to the reactor trip switchgear and ESF actuation data to the ESFACs as required:

Permit manual trip or bypass of each individual reactor trio Function and permit manual actuation or bypass of eac1 individual voted ESF Function:

Provide data to other systems in the Instrumentation an Control (I&C) architecture:

Provide functional diversity for the reactor trips and ESF actuations; and Provide separate input circuitry for con for protection Functions.

Each of the four IPCs provides signal co room, and comparison of measured input signals with The basis of the setpoints are established setpoints.

If the measured value described in References 1, 2. and 3.

of a unit parameter exceeds the predete logic evaluation.

Dynamic Trio Bus _

The dynamic trip bus provides a seliable means of op reactor trip switchgear in its own division as demand the individual-protection functions, between the dynamic trip bus and the reactor trip subsyst trip enable subsystems, global trip subsystem, and automatic tester subsystem.

(continued)_

08/97 Amendment 0 8 3.3 4 HAP 600 i.am.m uusamover.ceno

RTS instrumentation B 3.3.1 n

BASES BACKGROUND Dynamic Trip Bus (continued) sartial trips, partial trip enables, global trip. global aypass permissive. and automatic global bypass.

The dynamic trip bus combines this data and determines the desired state of the switchgear.

The dynamic trip bus interface panel incorporates a three position (trip / normal / bypass) switch allowing each trip function to be placed in a manual partial trip, normal or While the trip / normal / bypass switch manual bypass state.

remains in the normal )osition, automatic operation of the partial trip function )y the protection function is enabled.

When placed in either the trip or bypass position, the dynamic trip logic is forced to the desired partial trip or bypass condition regardless of the reactor trip subsystem output state.

Reactor Trip Switchgear Interface The final stage of the dynamic trip bus provides the signal to energize the undervoltage trip attachment on each RTB Loss of the signal within the reactor trip switchgear.

de energizes the undervoltage trip attachments and results in An additional the opening of those reactor trip switchgear.

external relay is de energized with loss of the signal.

The normally closed contacts of the relay energize the shunt trip attachments on each switchgear at the same time that the This diverse undervoltage trip attachment is de energized.

trip actuation is performed external to the PMS cabinets.

The switchgear interface including the trip attachments and the external relay are within the scope of the PHS.

Sesarate Testing of tne outputs are provided for each switchgear.

interface allows trip actuation of the breakers by either the undervoltage trip attachment or the shunt trip attachment.

Trip Setpoints and Allowable Values The Trip Setpoints are the nominal values at which the trip Any trip output is considered to be properly output is set.

adjusted when the "as left" value is within the band for CHANNEL CALIBRATION accuracy (i.e., t rack calibration accuracy).

(continued) 1

\\te t et 16010101.rC7 041597

RTS Instrumentation m,,,,,e B 3.3.1 3

BASES BACKGROUND Trip Setpoints and Allowable Values (continued)

The Trip Setpoints used in the trip output are based on the The selection of analytical limits stated in Reference 1.

these Trip Setpoints is such that adequate protection is provided when all sensor and processing time delays are taken To allow for calibration tolerances, into account.

instrument drift. and severe environment errors for those channels that must function in harsh environments as de by 10 CFR 50.49 (Ref. 6), the Trip Set >oints and Allowable values specified in Table 3.3.11 in t1e accompanying LCO are conservatively adjusted with respect to the analytical A detailed description of the methodology used to limits.

calculate the Trip Setpoints, including their explicit uncertainties, is provided in the ' Westinghouse Setpoint The Methodology for Protection Systems" (Refs. 4 and 9).

cetual nominal Trip Setpoint entered into the trip output is more conservative than that specified by the Allowable Value to account for changes in random measurement errors One example of such a change in detectable by a COT.

measurement error is drift during the surveillance interval.

If the measured setpoint does not exceed the Allowable Value, the trip output is considered OPERABLE.

Setpoints in accordance with the Allowable Value ensure that SLs are not violated during A00s (and that the consequences of DBAs will be acceptable providing the unit is operated from within the LCOs at the onset of the A00 or DBA an Note that in the equipment functions as designed),accom)anying LC0 are tie LSSS.

Each channel of the process control equipment can be tested on line to verify that the signal or setpoint accuracy is within the specified allowance requirements of Reference 4.

Once a designated channel is taken out of service for testing, a simulated signal is injected in place of the field instrument signal. The process ecuipment for the channel in SRs for the test is then tested, verified anc calibrated.

channels are specified in the SRs section.

The Trip Setpoints and Allowable Values listed in Table 3.3.11 are based on the methodology-described in Reference 4, which incorporates all of the knownThe magnitudes uncertainties applicable for each channel.

these uncertainties are factored into the determinatio (continued) 08/97 Amendment 0 1

h AP600 B 3.3 6 t*0Litecmsee<\\160 50101 r07 041317

l RTS Instrumentation

.

1 all MODES in which the LCOs and RTBs are closed. APPLICABILITY Each of the analyzed accidents and transients which require reactor trip can be detected by one of more RTS functions. The accident analysis described in Reference 3 takes credit for most RTS trip Functions. RTS trip Functions not specifically credited in the accident analysis were qualitatively credited in the safety analysis and the NRC staff approved licensing basis for the plant. These RTS trip Functions may provide protection for conditions which do not require dynamic transient analysis to demonstrate function xrformance. These RTS trip Functions may also serve as sackups to RTS trip Functions that were credited in the accident analysis. The LCO requires all instrumentation performing an RTS Function. listed in Table 3.3.11 in the accompanying LCO. to be OPERABLE. Failure of any instrument renders the affected channel (s) inoperable and reduces the reliability of the affected Functions. The LC0 generally requires OPERABILITY of three channels in each instrumentation Function. Reactor Trip System Functions The safety analyses and OPERABILITY requirements applicable to each RTS Function are discussed below: 1. Manual Reactor Trip The Manual Reactor Trip ensures that the main control room operator can initiate a reactor trip at any time by e (continued) h AP600 8 3.3 8 08/97 Amendment 0 t otuun.numom.,v.c.us, RTS Instrumentation B 3.3.1 pq g np L_ 'j c BASES APPLICABLE 1. Manual Reactor Trip (continued) using either of two reactor trip actuation devices in the SAFETY ANALYSES. A Manual Reactor Trip accomplishes LCOs, and main control room. APPLICABILITY the same results as any one of the automatic trip It can be used by the reactor operator to Functions. shutdown the reactor whenever any parameter is rapidly trending toward its Trip Setpoint. The safety analyses do not take credit for the Manual Reactor Trip. The LCO requires tu Manual Reactor Trip actuation devices be OPERABLE in MODE 1 and 2 and in M00E 3, 4, and 5 with RTBs closed and ?LS capable of rod withdrawal. Two independent actuation devices are required to be OPERABLE so that no single random failure will disable the Manual Reactor Trip Function. in MODE 1 or 2. manual initiation of a reactor trip must These are the MODES in which the shutdown 'oe OPERABLE. rods and/or control rods are partially or fully withorawn In MODE 3. 4, or 5, the manual initiation from the core. Functicn must also be OPERABLE if the shutdown rods are withdrawn or the PLS is capable of withdrawing the shutdown or control rods. In MODE 3. 4, and 5. manual initiation of a reactor trip does not have to be OPERABLE if the PLS is not capable of withdrawing the shutdown or control rods. If the rods cannot be withdrawn from the core, there is no need to be able to tria the reactor because all of the rods are inserted. i In 400E 6 neither the shutdown rods nor the control are permitted to be withdrawn and the CRDMs are disconnected from the control rods and shutdown ro Therefore, the manual initiation Function does not have to be OPERABLE. 2. Power Range Neutron Flux The PMS power range detectors are located external to the reactor vessel and measure neutrons leaking from the The PMS power range detectors provide input to the Minimum requirements for protection and control is core. PLS. The fourth achieved with three channelc. OPERABLE, channel is provided to increase plant availability, and permits the plant to run for an indefinite time with a This Function-also single channel in trip or bypass. satisfies the requirements of IEEE 279 (Ref. 5) with This Function also provides a signal to 2/4 logic. (continued)_ 08/97 Amendment 0-8 3.3 9 b AP600.eiom,v..n, muna..uu I RTS Instrumentation B 3.3.1 ., o y BASES APPLICABLE 2. Power Range Neutron Flux (continued) SAFETY ANALYSES. prevent automatic and manual rod withdrawal prior to initiating a reactor trip. Limiting further rod LCOs, and withdrawal may terminate the transient and eliminate the APPLICABILITY need to trip the reactor, Power Range Neutron Flux - High a. The Power Range Neutron Flux - High trip Function ensures that protection is provided, from all power levels, against a positive reactivity excursion Positive reactivity during power operations. excursions can be caused by rod withdrawal or reductions in RCS temperature. The LCO requires four Power Range Neut In MODE 1 or 2, when a x sitive reactivity excursion could occur, the Power Range Neutron Flux - HighT trip must be OPERABLE.the reactivity excursio prior to reaching a power level that could the fuel. Neutron Flux - High trip does not have to be OPERABLE because the reactor is shutdown reactivity excursion in the power range cannot Other RTS Functions and administrative controls provide protection against reactivityIn addition, occur. additions when in MODE 3, 4. 5. or 6. the PMS power range detectors cannot detect neutron levels in this range, Power Range Neutron Flux - Low b. The LC0 requirement for the Power Range Neutron Flux - Low trip Function ensures that protection is provided against a positive reactivity excursion The Trip from low power or subcritical conditions. Setpoint reflects only steady state in crimary protection for any event that results in a narsh environment, i (continued)_' 08/97 Amendment 0 B 3.3 10 b AP600 uomn s.aummuor emir a RTS Instrumentation v-B 3.3.1 4 BASES APPLICABLE b. Power Range Neutron Flux - Low ~ (continued) SAFETY ANALYSES, The LC0 requires four of the Power Range Neutron LCOs, and Flux - Low channels to be OPERABLE in MODE 1 below APPLICABILITY the Power Range Neutron Flux P 10 Setpoint and H0DE 2. 1 In H00E 1, below the Power Range Neutron Flux P 10 setpoint and in MODE 2, the Power Range Neutron Flux - Low trip must be OPERABLE. This Function may be manually blocked by the operator when the respective power range channel is greater than This approximately 10% of RTP (P 10 setpoint). Function is automatically unblocked when the respective power range channel is below the P 10 Above the P 10 setpoint, positive setpoint. reactivity additions are mitigated by the Power Range Neutron Flux - High trip Function. In MODE 3, 4, 5, or 6, the Power Range Neutron Flux-Low trip Function does not have to be OPERABLE because the reactor is shutdown and the PMS power range detectors cannot detect neutron levels generated in H00E 3, 4, 5, and 6. Other RTS trip Functions and achinistrative controls provide protection against positive reactivity additions or power excursions in H00E 3, 4, 5, or 6. Power Range Neutron Flux - High Positive Rate 3. The Power Range Neutron Flux - High Positive Rate trip Function ensures that protection is orovided against rapid increases in neutron flux whic1 are characteristic of a rod cluster control assembly (RCCA) drive rod housing rupture and the accompanying ejection of the This Function compliments the Power Range Neutron RCCA. Flux - High and Low trip Functions to ensure that the criteria are met for a rod ejection from the oower range. The Power Range Neutron Flux Rate trip uses t1e same channels as discussed for Function 2 above. The LCO requires four Power Range Neutron Flux - High Positive Rate channels to be OPERABLE. In H00E 1 or 2. when there is a potential to add a large amount of positive reactivity from a rod ejection accident (REA), the Power Range Neutron Flux - High Positive Rate trip (continued)_ h AP600 B 3.3 11 08/97 Ar ndment 0 t*01\\tetaspec\\t4010101.e07 082197 RTS Instrumentation B 3.3.1 BASES-Power Range Neutron Flux - High Positive Rate APPLICABLE 3. SAFETY ANALYSES. Icontinued) In MODE 3, 4. 5. or 6. the Power Range LCOs and - must be OPERABLE. Neutron Flux - High Positive Rate trip Function does not APPLICABILITY-have to be OPERABLE because other RTS trip Functions and administrative controls will provide protection against ~ Also, since only the positive reactivity additions. shutdown banks may be w i remaining complement of control bank worth ensures a-SOM in the event of an REA. In MODE 6. no rods are withdrawn and the SDM is increased during refueling operations. The reactor vessel head is_ also removed or the closu bolts are detensioned preventing any pressure buildup. In addition, the PMS power range detectors cannot detect neutron levels present in this MODE. 4. Intermediate Range Neutron Flux The Intermediate Range Neutron Flux trip Function ensures that protection is provided against an uncontrolled RCCA bank withdrawal accident from a subcritical condition This trip Function provides redundant during startup. protection to the Power Range Neutron Flux - Low Setpo The PMS intermediate range detectors are 3 trip Function. located external to the reactor vessel and measureThe safet neutrons leaking from the core. not take credit _for the Intermediate Range Neutron Flux Evan though the_ safety analyses take no trip Function. credit for the Intermediate Range Neutron Flu functional capability at the specified Trip Setpoint The Trip enhances the overall diversity of the RTS. Setpoint reflects only steady state instrumen protection for any events that result in a harshT environment. F main control room-operator when above the P 10 setpoint. which is the respective PMS power range channel greater than 10% power, and is automatically unblocked when belo the P 10-setpoint, which is the respective PMS power range channel less than 10% power. -This Function also provides a signal to prevent automatic and manual rod withdrawal prior to: initiating a reactor trip. Limiting further rod withdrawal may terminate the transient and eliminate the_need to trip the reactor. (continuedj, 08/97 Amendment 0 b AP600 8 3.3 12 1Mbtete neet\\ t4010 l01.*0704 tl17 -m c _, ~. .--m.. RTS Instrumentation B 3.3.1 ., m BASES APPLICABLE 4. Intermediate Rare Neutron Flux (continued) SAFETY ANALYSES. The LCO requires four thannels of Intermediate Range LOCs. and Neutron Flux to be OPERABLE. Four channels are provided APPLICABILITY to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODE 1 below the P 10 setpoint, and in MODE 2, when there-is a potential for an uncontrolled rod withdrawal accident during reactor startup the Intermediate Range Neutron Flux trip must be OPERABLE. Above the P 10 setpoint, the Power Range Neutron Flux - High Setpoint trip and the Power Range Neutron Flux - High Positive Rate trip provide core protection for a rod withdrawal accident. In MODE 3, 4. or 5. the Intermediate Range Neutron Flux trip does not have to be OPERABLE because the control rods must be fully inserted and only the shutdown rods may be withdrawn. The reactor cannot be started up in this condition. The core also has the required SDN to mitigate the consequences of a positive In MODE 6. all rods are reactivity addition accident. fully inserted and the core has a required increased SDM. Also, the PMS intermediate range detectors cannot detect neutron levels present in this mode. 5. Source Range Neutron Flux The LCO requirement for the Source Range Neutron Flux trip Function ensures that protection is provided against an uncontrolled-bank rod withdrawal accident from a subcritical condition during startup. This trip Function orovides redundant protection to the Power Range Neutron

1ux - Low Setpoint and Intermediate Range Neutron Flux In MODES 3. 4. and 5. administrative trip Functions.

controls also prevent the uncontrolled withdrawal of rods. The PMS source range detectors are located external to the reactor vessel and measure neutrons leaking from the core. The safety analyses do not take credit for the Source Range Neutron Flux trip Function. Even though the safety analyses take no credit for the Source Range Neutron Flux trip, the functional capability at the specified Trip Setpoint is assumed to be available and the trip is implicitly assumed in the safety analyses. (continued) B 3.3 13 08/97 Amendment 0 b AP600.omat.,or.o.n,, mmment RTS Znstrumentation B 3.3.1 r,. BASES APPLICABLE 5. Source Range Neutron Flux (continued) SAFETY ANALYSES, The Trip Setpoint reflects only steady state instrument LCOs, and uncertainties as the detectors do not provide primary APPLICABILITY protection for any events that result in a harsh This trip can be manually blocked by the environment. main control room operator when above the P 6 setpoint (Intermediate Range Neutron Flux interlock) and is The automatically unblocked when below the P 6 setpoint. manual block of the trip function also de energizes the source range detectors. The source range detectors are automatically re energized when below the P 6 setx> int. The trip is automatically blocked when above the 3 10 The setpoint (Power Range Neutron Flux interlock). source range trip is the only RTS automatic protective Therefore, the Function required in MODES 3, 4, and 5. functional capability at the specified Trip Setpoint is assumed to be available. The LCO requires four channels of Source Range Neutron Flux to be OPERABLE in MODE 2 below P 6 and in MODE 3, 4. or 5 with RTBs closed and Control Rod Drive System capable of rod withdrawal. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this In MODE 3, 4, or 5 with the RTBs o xn, trip Function. the LCO does not require the Source Range Neutron Flux channels for reactor trip Functions to be OPERABLE. In H00E 2 when below the P 6 setpoint during a reactor startuo. the Source Range Neutron Flux trip must be Above the P 6 setpoint, the Intermediate Range OPERAB.E. Neutron Flux trip and the Power Range Neutron Flux - Low Setpoint trip will orovide core protection for reactivity accidents. Above tw P 6 setpoint, the PMS source range detectors are de energized and inoperable as described above. (continued) b AP600 8 3.3 14 08/97 Amendment 0 i osu.m uumom.,v oum I RTS Instrumentation B 3.3.1 ..-, v. BASES APPLICABLE 5. Source Range Neutron Flux (continued) SAFETY ANALYSES, In MODE 3, 4, or 5 with the reactor shutdown, the Source LCOs, and Range Neutron Flux trip Function must also be OPERABLE. APPLICABILITY If the PLS is capable of rod withdrawal, the Source Range Neutron Flux trip must be OPERABLE to provide coreIf the PLS protection against a rod withdrawal accident. is not capable of rod withdrawal, the source range detectors are required to be OPERABLE to provide monitoring of neutron levels and provide protection for These events like an inadvertent boron dilution. Functions are addressed in LC0 3.3.2 " Engineered Safety The Feature Actuation System (ESFAS) Instrumentation." requirements for the PMS source range detectors in MODE 6 are addressed in LC0 3.9.3, " Nuclear Instrumentation." 6. Overtemperature AT The Overtemperature AT trip Function ensures that protection is provided to ensure that the design limit This trip Function also limits the range ONBR is met. over which the Overpower AT trip Function must provide The inputs to the Overtemperature AT trip protection. include all combinations of pressure, power, co temperature, and axial Protection from violating the ONBR reactor coolant flow. limit is assured for those transients that are slow with respect to delays froc the core to the measurem system. loop AT as a measure of reactor power and is automatically varied with the following parameters: reactor coolant average temperature - the Trip Setpoint is varied to correct for changes in coolant a density and specific heat capacity with changes in coolant temperature: (continued) 08/97 Amendment 0 h AP600 B 3.3 15 retuu..mtmaiosw.o.im RTS Instrumentation 8 3.3.1 .'T* BASES f APPLICABLE 6. Overtemperature AT (continued) SAFETY ANALYSES, pressurizer pressure - the Trip Setpoint is varied and LCOs, and to correct for changes in system pressure: APPLICABILITY axial power distribution - the Trip Setpoiat H varied to account for imbalances in the axial power distribution as detected by the PMS upper and lower If axial peaks are greater power range detectors.than the design limit, as indic difference between the upper and lower PMS power range detectors, the Trip Setpoint is reduced in accordance with Note 1 of Table 3.3.1 1. Dynamic compensation is included for system piping del from the core to the temperature measurement system. The Overtemperature AT trip Function is calculated for This each loop as described in Note 1 of Table 3.3.11. Function also provides a signal to generate a turbine A turbine runback prior to reaching the Trip Setpoint. A runback will reduce turbine power and reactor power. reduction in power will normally alleviate the Overtem>erature AT condition and may pr tri ). turaine runback. The LCO requires four channels of the Overtemperatu Four trip Function to be OPERABLE in MODE 1 and 2. channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random Note that the failure will disable this trip Function. Overtemperature AT Function receives input from cha Failures that affect shared with other RTS Functions. multiple Functions require entry into the Conditions applicable to all affected Functions. In MODE 1 or 2, the Overtemperature AT trip m OPERABLE to prevent DNB. trip Function does not have to be OP production to be concerned about DNB. (continued) 08/97 Amendment 0 B 3.3 16 h AP600 lp01\\techspet\\1W10101.r97 0428tF RTS Instrumentation B 3.3.1 e BASES ) APh.ICABLE 7. Overpower AT SAFETY ANALYSES, The Overpower AT tri) Function enseres that protection is i LCOs. and the fuel (i.e., no provided to ensure tie integrity o) APPLICABILITY fuel pellet melting and less than 1% cladding strain) (continued) under all possible overpower conditions. This trip Function also limits the required range of the Overtemperature AT trip function and provides a backuo to T ne the Power Range Neutron Flux - High Setpoint trip. Overpower AT trip Function ensures that the allowable heat generation rate (kW/ft) of the fuel is not exceeded. It uses the AT of each loop as a measure of reactor power and is automatically varied with the following parameters: reactor coolant average temperature - the Trip Setpoint is varied to correct for changes fn coolant density and specific heat capacity with and changes in coolant temperature: 4 rate of change of reactor coolant average temperature - including dynamic compensation for the delays between the core and the temperature measurement system. The Overpower AT trip Function is calculated for each The Trip Setpoint loop as per Note 2 of Table 3.3.11. reflects the inclusion of both steady state and adverse environmental instrument uncertainties as the detectors )rovide protection for a steam line break and may be in a Note that this Function also provides 1arsh environment. a signal to generate a turbine runback prior to reaching the Trip Setpoint. A turbine runback reduces turbine A reduction in power normally power and reactor power. alleviates the Overpower AT co reactor trip. The LCO requires four channels of the Overoower AT trip Function to be OPERABLE in MODE 1 and 2. Four channels are provided to permit one channel In trip or bypass indefinitely and still ensure no single random failure The Overpower AT will disable this trip Function. Function receives input from channels shared with other (continued) 08/97 Amendment 0 h AP600 8 3.3 17 l'Ot\\techapec\\t6010101 r07 062197 a --.4---H m ae p%.u a +--*e RTS Instrumentation B 3.3.1 BASES APPLICABLE 7. Overpower AT (continued) SAFETY ANALYSES. Failures that affect multiple Functions LCOs. and RTS Functions. APPLICABILITY require entry into the Conditions applicable to a affected Functions. In MODE 1 or 2. the Overpower AT trip function must be OPERABLE. These are the only times that enough heat is generated in the fuel to be concerned about the heat generation rates and overheating of the fuel. In H00E 3.

4. 5. or 6. this trip Function does not have to be OPERABLE because the reactor is not operating and there is insufficient heat production to be concerned about fuel overheating and fuel damage.

8. Pressurizer Pressure The same sensors provide input to the Pressurizer Pressure - High and - Low trips and the Overtemperature AT trip, Pressurizer Pressure - Low a. The Pressurizer Pressure - Low trip Function ensures that protection is provided against The violating the ONBR limit due to low pressure. Trip Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide primary protection for an event that results in a harsh environment. The LCO requires four channels of Pressurizer Pressure - Low to be OPERABLE in H00E 1 above P 10. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1, when DNB is a major concern, the Pressurizer Pressure - Low trip must be OPERABLE. This trip Function is automatically enabled on increasing power by the P 10 interlock. On decreasing power, this trip Function is automatically blocked below P 10. Below the P 10 i setpoint, no conceivable xmer distributions can occur that would cause DNB concerns. ) i (continued) h AP600 8 3.3 18 08/97 Amendment 0 miu.m nimen.or.o.mr RTS Instrumentation B 3.3.1 BASES APPLICABLE b. Pressurizer Pressure - High SAFETY ANALYSES, The Pressurizer Pressure - High trip Function LCOs, and APPLICABILITY ensures that protection is provided against (continued) overpressurizing the RCS. This trip Function operates in conjunction with the safety valves to prevent RCS overpressure conditions. The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide )rimary protection for any event that results in a 1arsh environment. The LC0 requires four channels of the Pressurizer Pressure - High to be OPERABLE in H00E 1 and 2. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1 or 2, the Pressurizer Pressure - High trip must be OPERABLE to hel) prevent RCS overpressurization and.COs, and minimizes ch'allenges to the safety valves. In H00E 3, 4, 5, or 6. the Pressurizer Pressure - High trip Function does not have to be OPERABLE because transients which could cause an overpressure condition will be slow to occur. Therefore, the operator will have sufficient time to evaluate plant conditions and take corrective actions. Additionally, low temperature overpressure protection systems provide overpressure protection when below H00E 4. 9. Pressurizer Water Level - High 3 The Pressurizer Water Level - High 3 trip Function provides a backup signal for the Pressurizer Pressure - High 3 trip and also provides protection against water relief through the pressurizer safety valves. These valves are designed to pass steam in order to achieve their design energy removal rate. A reactor trip is actuated prior to the pressurizer becoming water The Trip Setpoint reflects only steady state solid. instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. The level channels do not actuate the safety valves. (continued) i b AP600 8 3.3 19 08/97 Amendment 0 t i ciwumuumoici.m.em,, I RTS Instrumentation B 3.3.1 BASES APPLICABLE 9. Pressurizer Watet' Level - High 3 (continued) SAFETY ANALYSES. LCOs. and The LC0 requires four channels of Pressurizer Water APPLICABILITY level - High 3 to be OPERABLE in H00E 1 above P 10. Four channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1 when there is a potential for overfilling the pressurizer, the Pressurizer Water Level - High 3 trip must be OPERABLE. This trip Function is automatically enabled on increasing power by the P 10 interlock. On decreasing power, this trip Function is automatically blocked below P 10. Below the P 10 setpoint, transients which could raise the pressurizer water level will be slow and the operator will have sufficient time to evaluate plant conditions and take corrective actions.

10. Reactor Coolant Flow - Low a.

Reactor Coolant Flow - Low (Single Cold Leg) The Reactor Coolant Flow - Low (Single Cold Leg) trip Function ensures that protection is provided against violating the ONBR limit due to low flow in one or more RCS cold legs. Above the P 8 setpoint, a loss of flow in any RCS cold leg will actuate a reactor trip. Each RCS cold leg has four flow detectors to monitor flow. The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. The LCO requires four Reactor Coolant Flow - Low channels per cold leg to be OPERABLE in H00E 1 above P 8. Four OPERABLE channels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 1 above the P 8 setpoint, when a loss of flow in one RCS cold leg could result in DNB conditions in the core, the Reactor Coolant Flow - Low (Single Cold Leg) trip must be OPERABLE. In H00E 1 below the P 8 setpoint, a loss of flow in (continued) l i u i noioiat ror.os m r l RTS Instrumentation B 3.3.1 + 8ASES_ Reactor Coolant Flow - Low (Single Cold a. APPLICABLE Leg (continued) SAFETY ANALYSES, two or more cold legs is required to actua LCOs, and APPLFABILITY power level and the greater margin to the design limit DNBR, Reactor Coolant Flow - Low (Two Cold legs)) b. The Reactor Coolant Flow - Low (Tw violating the ONBR limit due to low flow in two or Above the P 10 setpoint and more RCS cold legs. below the P 8 setpoint, a ?oss of flow in two or Each more cold legs will initiate a reactor tri The Trip Setpoint reflects only steady s provide primary protection for any event that results in a harsh environment. The LCO requires four Reactor Coo Four OPERABLE channels are P 10 and xlow P 8. provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable tMs trip Function. In MODE 1 above the P 10 setpoint and below t setpoint, the Reactor Coolant Flow - Low (Two Below the P 10 Legs) trip must be OPERABLE. setpoint, all reactor trips on low flow are automatically blocked since no conc concern at this low power level. setpoint, the reactor trip on low flow in two cr Above nore RCS cold legs is automatically C (1 actuate a reactor trip because of the higher power level and the reduced margin to the des limit DNBR. (continued) 08/97 Amendment 8 3.3 21 h AP600 mau.o..uummuor.omn RTS nstrumentation B 3.3.1 , s BASES

11. Reactor Coolant Pump (RCP) Bearing Water APPLICABLE Temperature - High SAFETY ANALYSES.

LCOs. and RCPBearingWaterTemperature-High(SinglePumpl a. APPLICABILITY The RCP Bearing Water Temperature - High (Single (continued) Pump) reactor trip Function ensures that protection t is provided against violating the DNBR limit due to Above the P 8 a loss of flow in one RCS cold leg. setpoint, high bearing water tem >erature in any RCP Tne Trip Setpoint will initiate a reactor trip. reflects only steady state instrument uncertainties as the detectors do not provide orimary protection for any event that results in a 1arsh environment. The LCO requires four RCP Bearing Water Tem >erature - High channels oer RCP to be OPERABLE in 40DE 1 above P 8. Four clannels are provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H0DE 1 above the P 8 setpoint, when a loss of flow in any RCS cold leg could result in DNB conditions in the core, the RCP Bearing Water Tem>erature - High (Single Pump) trip must OPERABLE. of flow in two or more cold legs is required to actuate a reactor trip because of the lower power level and the greater margin to the design limit DNBR. RCP Bearing Water Temperature _- High (Two Pumps) b. The RCP Bearing Water Temperature - High (Two Pu reactor trip Function ensures that protection is provided against violating the DNBR limit due to a Above loss of flow in two or more RCS cold legs. the P 10 setpoint and below the P 8 setpoint, a high bearing water temperature in two or more RCPs will initiate a reactor trip. The Trip Setpoint reflects only steady state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. (continued) 08/97 Amendment 0 8 3.3 22 .Y.f.Nimmve.mm 1 RTS Instrumentation B 3.3.1 BASES APPLICABLE b. kCP Bearing Water Temperature - High SAFETY ANALYSES, (Two Pumps) (continued) LCOs and The LC0 requires four RCP Bearing Water APPLICABILITY Tem:erature - High channels per RCP to be OPERABLE in 40DE 1 above P 10 and below P 8. Four dannels are provided to permit one channel in trip or bypass ,ndefinitely and still ensure no single random failure will disable this trip Function. In H0DE 1 above the P 10 setpoint and below the P.8 setpoint the RCP Bearing Water Temperature - High (Two Pumps) trip must be OPERABLE. Below the P 10 setpoint. all reactor trips on loss of flow are automatically blocked since no conceivable power distributions could occur that would cause a DNB concern at this low power level. Above the P 10 setpoint the reactor trip on loss of flow in two Above the RCS cold legs is automatically enabled. P 8 setpoint, a loss of flow in any one cold leg will actuate a reactor trip because of the higher power level and the reduced margin to the design limit DNBR.

12. Reactor Coolant Pump Speed - Low The RCP Speed - Low trip Function ensures that protection is provided against violating the DNBR limit due to a The speed of loss of flow in two or more RCS cold legs.

each RCP is monitored. Above the P 10 setpoint a low speed detected on two or more RCPs will initiate a The Trip Setpoint reflects only steady reactor trip. state instrument uncertainties as the detectors do not provide primary protection for any event that results in a harsh environment. Low channels to be The LCO requires four RCP 5 %. Four channels are OPERABLE in MODE 1 above P 40 provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H0DE 1 above the P 10 setpoint, the RCP Speed - Low Below the P 10 setpoint, all trip must be OPERABLE. reactor trips on loss of flow are automatically blocked since no power distributions are expected to occur that (continued) B 3.3 23 08/97 Amer.dment 0 1.Af.f.L.,,,....m., RTS Instrumentation B 3.3.1 BASES APPLICABLE

12. Reactor Coolant Pump Speed - Low (continued)

SAFETY ANALYSES. would cause a DNB concern at this low power level. Above LCOs. and the P 10 setxint the reactor trip on loss of flow in APPLICABILITY two or more RCS cold legs is automatically enabled.

13. Steam Generator Water Level - Low The SG Water Level - Low trip Function ensures that The protection is provided against a loss of heat sink.

In order to act SGs are the heat sink for the reactor. as a heat sink, the SGs must contain a minimum amount of A narrow range low level in any steam generator water. is indicative of a loss of heat sink for the reactor. The Trip Setpoint reflects the inclusion of both steady state and adverse environmental instrument uncertainties as the detectors provide primary protection for an event that results in a harsh environment. This function also contributes to the coincidence logic for the ESFAS Function of opening the Passive Residual Heat Removal (PRHR) discharge valves. The LCO requires four channels of SG Water Level - Low Four channels are per SG to be OPERABLE in MODE 1 and 2. provided to permit one channel in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODE 1 or 2, when the reactor requires a heat sink, The the SG Water Level - Low tria must be OPERABLE. normal source of water for tw SGs is the Main Feedwater System (nonsafety related). The Main Feedwater System is normally in operation in H00E 1 and 2. PRHR is theDuring safety related backup heat sink for the reactor. normal startups and shutdowns, the Main and Startup Feedwater Systems (nonsafety related) can provide feedwater to maintain SG 1evel. In MODE 3. 4. 5. or 6. the SG Water Level - Low function does ret have to be OPERABLE because the reactor is not operating or even critical. (continued)_ b AP600 8 3.3 24 08/97 Amendment 0 t ect\\t e ctspe< \\16410101, r0704 f it ? RTS Instrumentation B 3.3.1 BASES

14. Steam Generator Water Level - High 2 APPLICABLE SAFETY ANALYSES.

The SG Water Level - High 2 trip Function ensures that LCOs, and orotection is provided against excessive feedwater flow APPLICABILITY ay closing the main feedwater control valves, tripping While the (continued) the turbine, and tripping the reactor. transmitters (d/p cells) are located inside containment, the events which this function protects against cannot Therefore. the cause severe environment in containment. Trip Setpoint reflects only steady state instrument uncertainties. i The LCO requires four channels of SG Water Level - High 2 Four channels are per SG to be OPERABLE in H00E 1 and 2 provided to permit one channel in trip or bypas will disable this trip Function. In H00E 1 and 2 above the P 11 interlotil, the SG Water The normal source Level - Hign 2 trip must be OPERABLE. of water for the SGs is the Main Feedwater SystemTh (nonsafety related). In H00E 3. 4. 5, or 6. the in operation in H00E 1 and 2. SG Water Level - High 2 Function does not have to be OPERABLE because the reactor is not operating or even The P 11 interlock is provided on this critical. Function to oermit bypass of the trip function when the This bypass is necessary to pressure is Selow P 11. permit rod testing when the steam generators are in wet layup.

15. Safeguards Actuation Signal from Engineered Safety Feature Actuation System The Safeguards Actuation Signal from ESFAS ensures that if a reactor trip has not already been generated by the RTS, the ESFAS automatic actuation logic will initiate a reactor trip upon any signal which initiates the This is a condition of Safeguards Actuation signal.

acceptability for the Loss of Coolant Accident (LOCA). However, other transients and accidents take credit for varying levels of ESFAS performance and rely upon rod insertion, except for the most reactive rod which is assumed to be fully withdrawn, to ensure reactor shutdown. (continued) 08/97 Amendment 0 B 3.3 25 b AP600. amour.o.mr imuumuu RTS Ins %rumentation B 3.3.1 BASES

15. Safeguards Actuation Signal from Engineered Safety APPLICABLE SAFETY ANALYSES, Feature Actuation System (continued)

LCOs, and The LCO requires two manual and four automatic divisions i APPLICABILITY of Safeguards Actuation Signal Input from ESFAS to be Four automatic divisions are OPERABLE in H0DE I and 2. provided to permit one division bypass indefinitely and still ensure no single random failure will disable this trip Function. A reactor trip is initiated every time a Safeguards Actuation signal is aresent. Therefore, this trio Function must be OPERABLE in H00E 1 and 2. when tie reactor is critical, and must be shutdown in the event of an accident. In H00E 3, 4, 5, or 6 the reactor is not critical. 16, Reactor Trip System Interlocks Reactor protection interlocks are provided to ensure reactor trips are in the correct configuration for the They back up operator actions to current plant status. ensure protecticn system Functions are not blocked during plant conditions under whit.h the safety analysis assumes Therefore, the interlock the Functions are OPERABLE. Functions do not need to be OPERABLE when the reactor trip Functions are outside the applicable H00ES. These are: Intermediate Range Neutron Flux. P 6 a. The Intermediate Range Neutron Flux, P 6 interlock is actuated when the respective PHS Intermediate Range Neutron Flux channel goes approximately one The LCO decade above the minimum channel reading. requirement for the P 6 interlock ensures that the following Functions are performed: on increasing power, the P 6 interlock allows (1) the manual block of the respective PHS Source This prevents Range, Neutron Flux reactor trip. a premature block of the source range trip and allows the operator to ensure that the intermediate range is OPERABLE prior to leaving When the source range trip is the source range. blocked, the high voltage to the detectors is also removed. (continued)_ 08/97 Amendment 0 h AP600 8 3.3 26 .e.n, mmu...ymme l RTS Instrumentation B 3.3.1 BASES Intermediate Range Neutron Flux. P 6 (continued) a. APPLICABLE SAFETY ANALYSES, on decreasing power, the P 6 interlock (2) LCOs. and automatically energizes the PHS source range APPLICABILITY detectors and enables the PMS Source Range Neutron Flux reactor trip. on increasing power, the P 6 irterlock provides (3) a backup block signal to the source rangeNormally, this neutron flux doubling circuit. function is manually blocked by the main control room operator during the reactor startup. The LCO requires four channels of Intermediate Range Neutron Flux, P 6 interlock to be OPERABLE in H0DE 2 when below the P 6 interlock setpoint. In H0DE 2, when below the P 6 interlock setpoint,Abov the P 6 interlock must be operable, interlock setpoint, the PMS Source Range Neutronand t Flux reactor trip will be blocked:In MODE 3, 4, 5, will no longer be necessary. and 6. the P 6 interlock does not have to be OPERABLE because the PMS Source Range is providi core protection, Power Range Neutron Flux, P 8 b. The Power Range Neutron Flux, P 8 The P 8 the respective PMS power range detector Flow - Low (Single Cold Leg) and RCP Bearing Water reactor trias on Temperature - High (Single Pump)irement for t11s trip increasing power. The LCO requ Function ensures that protection is o in DNB conditions in the core when greater tha approximately 48% power. reactor trip on low flo automatically blocked. The LC0 requires four channels of Power Range Neutron Flux, P 8 interlock to be OPERABLE in H00E 1. (continued)_ 08/97 Amendment 0 b AP600 B 3.3 27 . imu.muuumn.m unn T~' p. l RTS Instrumentation L 8 3.3.1 PO A 77 u J n. e u BASES Power Range Neutron Flux, P 4 (continued) b. APPLICABLE SAFETY ANALYSES. In MODE 1, a loss of flow in one RCS cold leg could LCOs. and result in DNB conditions, so the Power Range Neutron In MODE 2. 3. APPLICABILITY Flux, P 8 interlock must be OPERABLE.

4. 5. or 6. this Function does not have to be OPERABLE because the core is not producing sufficient power to be concerned about DNB conditions.

Power Range Neutron Flux. P.10 c. The Power Range Neutron Flux, P 10 interlock is actuated at approximately 10% power as determined by The LCO the respective PMS power range detector. requirement for the P.10 interlock ensures that the following functions are performed: on increasing power, the P 10 interlock (1) automatically enables reactor trips on the following Functions: Pressurizer Pressure - Low. Pressurizer Water level - High 3, Reactor Coolant Flow - Low (Two Cold Legs). RCP Bearing Water Temperature - High (Two Pumps), and RCP Speed - Low. These reactor trios are only required when operating aben tne P.10 setpoint (approximately 10% power). These reactor trios orovide protection against violating t1e )NBR limit.Below the P 10 setpoint, th providing sufficient natural circulation without any RCP running. on increasing power, the P 10 interlock allows (2) the operator to manually block the Intermediate Range Neutron Flux reactor trip. (continued) 08/97 Amendment 0 8 3.3 28 AP600,, _, RTS Instrumentation B 3.3.1 ...y BASES Power Range Neutron Flux. P 10 (continued) APPLICABLE c. SAFETY ANALYSES, on increasing power, the P 10 interlock allows LCOs. and (3) 3 the operator to manually block the Power Range APPLICABILITY Neutron Flux - Low Setpoint reactor trip. on increosing power, the P 10 interlock (4) automatically provides a backup block signal to the Source Range Neutron Flux reactor trip and also to de energize the PMS source range detectors. (5) on decreasing >ower, the P 10 interlock automatically ) locks reactor trips on the following Functions: Pressurizer Pressure - Low, Pressurizer Water Level - High 3, 4 Reactor Coolant Flow - Low (Two Cold Legs), RCP Bearing Water Temperature - High a (Two Pumps), and RCP Speed - Low. (6) on decreasing power, the P 10 interlock automatically enables the Power Range Neutron Flux - Low reactor trip and the Intermediate Range Neutron Flux reactor trip (and rod stop). The LCO requires four channels of Power Range Neutron Flux, P 10 interlock to be OPERABLE in H00E 1 or 2. In H0DE 1, when the reactor is at power, the Power Range Neutron Flux, P 10 interlock must be OPERABLE. This function must be OPERABLE in MODE 2 to ensure that core protection is provided during a startup or shutdown by the Power Range Neutron Flux - Low Setpoint and Intermediate Range Neutron Flux reactor trips. In MODE 3. 4. 5, or 6, this Function does not have to be OPERABLE because the reactor is not at power and the Source Range Neutron Flux reactor trip provides core protection. (continued) h AP600 B 3.3 29 08/97 Amendment 0 mm.o...asmo m m.omu RTS Ins %rumentation B 3.3.1 s,, i BASES APPLICABLE d. Pressurizer Pressure, P 11_ SAFETY ANALYSES, With pressurizer pressure channels less than the LCOs, and P 11 setpoint, the operator can manually block the APPLICABILITY Steam Generator Narrow Range Water Level - High 2 (continued) reactor Trip. This allows rod testing with the With steam generators in cold wet layup. pressurizer pressure channels > P 11 setpoint, the Steam Generator Narrow Range Water Level - High 2 reactor Trip is automatically enabled, The operator can also enable these actuations by use of the respective manual reset.

17. Reactor Trip Breakers This trip Function applies to the RTBs exclusive ofThe individual trip mechanisms.

The reactor breakers with two breakers in each division. trip circuit breakers are arranged in a two out of four logic configuration, such that the tripping of the two circuit breakers associated with one division does not This circuit breaker arrange 6,wnt cause a reactor trip. The LC0 is illustrated in Figure 7.1 7 of the SSAR. requires three divisions of the Reactor Trip Switchgear to be OPERABLE with two trip breakers associated with This logic is required to meet each required division, the safety function assuming a single failure. These trip Functions must be OPERABLE in H00E 1 or 2 when In MODE 3, 4. or 5, these RTS the reactor is critical. trip Functions must be OPERABLE when the RTBs are clo and the PLS is capable of rod withdrawal.

18. Reactor Trip Breaker Undervoltage and Shunt Trip Mechanisms The LCO requires both the Undervoltage and Shunt Trip Hechanisms to be OPERABLE for each RTB that is in The trip mechanisms are not required to be service.

OPERABLE for trip breakers that are own, racked out, incapable of supplying power to the PLS, or declaredO inoperable under Function 17 above. trip mechanisms on each breaker ensures that no single trip mechanism failure will prevent opening the breakers on a valid signal. (continued)_ 08/97 ^*'a*'at o 8 3 3 30 $.^f.L.,,,...m. RTS Instrumentation B 3.3.1 BASES

18. Reactor Trip Breaker Undervoltage and Shunt Trip APPLICABLE SAFETY ANALYSES.

Mechanisms (continued) LCOs. and These trip Functions must be OPERABLE in MODE 1 and 2 In MODE 3. 4. and S. these APPLICABILITY when the reactor is critical. RTS trip Functions must be OPERABLE when the RTBs are closed, and the PLS is capable of rod withdrawal.

19. Automatic Trip Logic The LCO requirement for the RTBs (Functions 17 and IB) and Automatic Trip Logic (Function 19) ensures that means are provided to interrupt the power to the CROMs and allow the rods to fall into the reactor core.

Each RTB is equipped with an undervoltag The LCO requires four divisions of RTS Automatic Trip Four OPERABLE divisions are logic to be OPERABLE.provided to ensure that a r logic channel will not prevent reactor trip. These trip Functions must be OPERABLE in MODE 1 or 2 w In MODE 3, 4, or S, these RTS the reactor is critical. trip Functions must be OPERABLE when the RTBs are and the PLS is capable of rod withdrawal.

20. ADS Stages 1. 2 and 3 Actuaticn The LCO requirement for this Function provides a reactor trip for any event that may initiate depressurization of the reactor.

The LCO requires four divisions of RTS Automatic Trip Four OPERABLE divisions are Logic to be OPERABLE.provided to ensure that logic channel will not prevent reactor trip. These trip functions must be OPERABLE in MODE 1 or 2 In MODE 3, 4. or S. these RTS the reactor is critical. trip Functions must be OPERABLE when the RTBs a and the PLS is capable of rod withdrawal. (continued) 0B/97 Amendment 0 B 3.3 31 u.N.0fmimun.uw RTS Instrumentation t 8 3.3.1 l BASES

21. Core Makeup Tank (CMT) Actuation APPLICABLE The LCO requirement for this Function orovides a reactor SAFETY ANALYSES.

LCOs. and trip for any event that may initiate C4T injection. APPLICABILITY (continued) The LCO requires four divisions of RTS Automatic Trip Four OPERABLE divisions are Logic to be OPERABLE.provided to ensure that ran channel will not prevent reactor trip. These trip Functions must be OPERABLE in MODE I and 2 i In H0DE 3, 4, and 5 these when the reactor is critical. l RTS trip Functions must be OPERABLE when the RTBs are closed and the PLS is capable of rod withdrawal. The RTS instrumentation satisfies Criterion 3 of the Policy Statement. A Note has been added in the ACTIONS to clarify theThe Cond application of Com)letion Time rules. ACTIONS Specification may x entered independently for each Function listed on Table 3.3.1 1. In the event the transmitter, instrument loop, signal processing electronics, or trip output is found inoperable then all affected Functions )covided by that channel must bedeclare C0 Condition (s) entered for the protection Function (s) affected. When the number of inoperable channels in a trip Function exceed those soecified in one or o 1 a trip Function, then the plant is outside Therefore. LCO 3.0.3 must be the safety analysis.immediately entered if applicable in the operation. A.1 Condition A applies to all ksS protection Functions. Condition A addresses the situation where The Required Action is to refer to the same time. Table 3.3.11 and to take the Required Actions for the The Completion Times are protection Functions affected.those from the refere (continued)_ 08/97 Amendment 0 8 3.3 32 $31,.,_ u,, RTS Instrumentation B 3.3.1 BASES ACTIONS B.1. B.2.1 and 8.2.2 (continued) Condition B applies to the Manual Reactor Trip and Manual Safeguards Actuation in MODES 1 or 2. These Recuired Actions address inoperability of one manual initiation cevice of the Manual Reactor Trip Function and/or Manual Safeguards One device consists of an actuation Actuation Function. switch and the associated hardware (such as contacts and wiring) up to but not including the eight Reactor Trip Breakers. With one device inoperable the inocerable device In this must be restored to OPERABLE status within 48 aours. Condition, the remaining OPERABLE device is adequate to perform the safety function. If the manual Function (s) cannot be restored to OPERABLE status in the allowed 48 hour5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months Completion Time, the unit must be brought to a MODE in which the requirement does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 additional hours (54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months total time) followed by opening the RTBs within 1 additional hour (55 hours6.365741e-4 days 0.0153 hours 9.093915e-5 weeks 2.09275e-5 months total time). The 6 additional hours to reach MODE 3 and the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months to open the RTBs are reasonable, based on operating experience, to reach MODE 3 and open the RTBs from full power operation in an orderly manner and without With the RTBs open and the unit in challenging unit systems. MODE 3. this trip Function is no longer required to be

OPERABLE, C.1 and C.2 Condition C applies to the Manual Reactor Trip in H00ES 3. 4 and 5 with the RTBs closed and the PLS capable of rod These Required Actions address inoperability of withdrawal.

one manual initiation device of the Manual Reactor Trip One device consists of an actuation switch and the Function. associated hardware (such as contacts and wiring) u] to but Wita one not including the eight Reactor Trip Breakers. device ino wrable. the inoperable device must be restored In this Condition, the to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . remaining OPERABLE device is adequate to perform the safety function. (continued) h AP600 B 3.3 33 08/97 Amendment 0 miu.m..mmmi nr.ain, RTS Instrumentation B 3.3.1 BASES C.1 and C.2 (continued) ACTIONS If the Manual Reactor Trip Function cannot be restored to OPERABLE status in the allowed 48 hour5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months Completion Time, the unit must be placed in a MODE in which the require not apply. With the RTBs open, this Function is within the next 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . no longer required. 1 0.1.1, 0.1.2, 0.2.1, 0.2.2. and 0.3 Condition D ap) lies to the Power Range Neutron Flux - High Function in MO)ES 1 and 2. With one or two channels inoperable the affected channel if one must be placed in a by) ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , or two are bypassed, t1e logic becomes two out of three or one out of two, respectively, while still meeti the two remaining channels will not prevent the protective The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable function). channel (s)inthebypassedconditionisjustifiedin Reference 7. In addition to placing the inoperable channel (s) in the by)assed condition THERMAL POWER must be reduced t Reducing the power level prevenfs RT) within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months . o'>eration of the core with radial power distributions beyond With one or two of the PMS power range t1e design limits. detectors inoperable, partial radial power distribution However, the protective monitoring capability is lost. function would still functio one of the two remaining channels. As an alternative to reducing power, the inoperable channe1(s) can be placed in the bypassed condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and the QPTR monitored every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months as perCalcu SR 3.2.4.2. OPTR verification.for the lost monitoring c The 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Frequency operation at power levels > 75% RTP.is consisten (QPTR)." (continued) 0887 Amendment 0 B 3.3 34 u.D.Nmom:,or.omir RTS Instrumentation B 3.3.1 BASES 0.1.1. 0.1.2. 0.2.1. D.2.2. and D 3 (continued) ACTIONS a Note which only Required Action 0.2.2 has been modified b requires SR 3.2.4.2 to be performed if OP HS and the Power Power Range Neutron Flux input to 00TR become inoperable. distribution limits are normally verified in accordance with LCO 3.2.5, "0PDMS Monitored Power Distribution Parameters." However, if OPDMS becomes inowrable, then LCO 3.2.4 " Quadrant Power Tilt Ratio (0)TR)", becomes applicable. Failure of a component in the Power Range Neutron Flux Channel which renders the High Flux Trip Function inoperable If either may not affect the capability to monitor OPTR. OPDMS or the channel input to OPTR is OPERABLE, then performance of SR 3.2.4.2 once pu 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months in not necessary. As an alternative to the above Actions, the plant must be placed in a MODE where this Function is no longer required-Twelve hours are allowed to place.the plant in OPERABLE. This is a reasonable time, based on operating MODE 3. experience, to reach MODE 3 from full power in an orderlyIf Re manner and without challenging )lant systems. Actions cannot be completed wit 11n their allowed Com letion Times, LC0 3.0.3 must be entered. E.1 and E.2 Condition E applies to the following reactor trip Functions: Power Range Neutron Flux - Low: Overtemperature AT: Overpower AT: Power Range Neutron Flux - High Positive Rate: Pressurizer Pressure - High: SG Water Level - Low; and SG Water Level - High 2. With one or two channels inoperable, the affected channels If one must be placed in a by3 ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . or two are bypassed, tie logic becomes two out of three or one out of two. respectively, while still meeting single (continued) 08/97 Amendment 0 B 3.3 35 i m oici,or.o i m u. RVS Instrumentation B 3.3.1 i BASES ACTIONS E.1 and E.2 (continued) failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable function). channel (s) in bypass is justified in Reference 7 with one required channel inoperable. If the Required Actions described above cannot be met within the specified Completion Times, the unit must be placed in a MODE where this Function is no longer required t OPERABLE. Six hours is a reasonable time, based on operating experience, to reach MODE 3 from full power in an in H0DE 3. orderly manner and without challenging plant systems. F.1. F.2, and F.3 Condition F applies to the Intermediate Range Neutron Flux Above the P 6 setpoint and selow the P 10 setpoint, the PMStrip when above th intermediate range detector performs the monitoring functions. With one or two channels inoperable, the affected channels If one must be placed in a bysass condition within ? hours. or two are bypassed, t1e logic becomes two out of three or while still meeting single one out of two, respectively,in one of the three or one of failure criterion (a failure the two remaining channels will not prevent the protective The 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months allowed to place the inoperable function). channel (s) in the bypassed condition is justified in Reference 7. As an alternative to placing the channel (s) in bypass if THERMAL POWER is greater than the P below the P 6 setpoint or to increase the THERMAL POWER The PMS Intermediate Range Neutron Flux the P 10 setpoint. channels must be OPERABLE when the power level is above capability of the source range. P 6..and below the capab If THERMAL POWER is greater than of the power range, P 10.the P 10 setpoint, the PMS monitoring and protective functions and the interm range is not required.and controlled power adjustment (continued) 08/97 Amendment 0 8 3.3 36 h AP600.iom ,.r...n,, mu.~.m RTS Instrumentation B 3.3.1 BASES F.1. /.2, and F.3 (continued) ACTIONS account the redundant capability afforded by the two remaining OPERABLE channels and the low probability of their f ailure during this period. G.1 and G.2 Condition G applies to three Intermediate Range Neutron Fl trip channels inoperable in MODE 2 above the P 6 setpoin Required Actions specified in this-below the P 10 setpoint. Condition are only applicable when channel failures d result in reactor trip.P 10 setpoint, the PMS intermediate ran With only one intermediate range the monitoring Functions. channel OPERABLE, the Requi operations invoiving positive reactivity additionsThis immediately. since there are insufficient OPERABLE Intermediate Range Neutron Flux channels to adequately monitor the power rise. i The operator must also reduce THERMAL POWER setpoint within 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months . Flux channels will be able to moni The Completion Time of 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months will allow a takes into account the low probability of occurrence of an event dur'ng this period that may require th U Condition H apolies to the Intermediate Range Neutron Flux trip when THER4AL POWER is below the P 6 setpoin two channels is. inoperable. source range performs the monitoring and prote functions. channels must be returned to OPERABLE status or increasing power above the P 6 setpoint. this Condition, below P 6. the PMS source range performs monitoring and protection functions. (continued) t '08/97 Amendment O', 8 3.3 37 n.N.00m a m re, eu, RTS Instrumentation j B 3.3.1 i BASES ACTIONS 1.1 '~~ (continued) Condition I applies to one or two Source Range Neutron Flux trip channels inoperable when in MODE 2, below the P 6 setpoint, and performing a reactor startup. With the unit in this Condition, below P 6, the PMS source range performs the With one or two of the monitoring and protection functions. four channels inoperable, o)erations involving positive reactivity additions shall >e suspended immediately, This will preclude any )ower escalation. With only two source range channels 0)ERABLE, core protection is severely reduced and any actions that add positive reactivity to the core must be suspended immcdiately. 32 Condition J applies to three inoperable Source Range Neutron Flux channels when in MODE 2, below the P 6 setpoint, and aerforming a reactor startup, or in MODES 3, 4, or 5 with the (tbs closed and the CRD System ca)able of rod withdrawal, With the unit in this Condition. )elow P 6, the NIS source With range performs the monitoring and protection functions. three source range channels inoperable, the RTBs must be With the RTBs open, the core is in a opened immediately. more stable condition and the unit enters Condition T. K.1 and K.2 Condition K applies to the following reactor trip Functions: Pressurizer Pressure - Low: Pressurizer Water Level - High 3: Reactor Coolant Flow - Low (Two Cold legs): RCP Bearing Water Temperature - High (Two Pumps): and RCP Speed - Low. With one or two channels inoperable, the affected channels must be placed in a by> ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . If one or two are bypassed, tw logic becomes two out of three or while still meeting single one out of two, respectively,in one of the three or one of failure criterion (a failure (continued) ' b AP600 B 3.3 38 08/97 Amendment 0 i.ciu.r...mumot,or..mr RTS Instrumentation B 3.3.1 BASES K.1 and K.2 (continued) ACTIONS the two remaining channels will not prevent the protective 1 The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable ) function). channel (s) in the bypassed condition is justified in Reference 7. If Required Actions described above cannot be met within the l soecified Completion Times, the unit must be olaced in a MO A wqere this Function is no longer required to :>e OPERABLE. Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to redu Allowance of this time interval takes into 4 power ability provided by the remaining two redundant OPERAB E channels and the low probability of occurrence of an event during this period tha may require the protection afforded by the Functions associated with Condition K. L.1 and L.2_ Condition L is applicable to the Reactor Coolant Flow - Low (Single Cold Leg) and RCP Bearing Water Temperature - H (Single Pump) reactor trip Functions. With one or two channels inoperable. the affected channels If one must be placed in a by) ass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . or two are bypassed, t1e logic becomes two out of three or while still meeting single one out of two, respectively,in one of the three or one of failure criterion (a failure the two remaining channels will not prevent the protective The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable function). channel (s) in the bypassed condition is justified in Reference 7. If Required Actions described above ca A wiere this function is no longer required to

>e OPERABLE.

Completion Time of an additional 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is allowed to r Allowance of this time interval takes into power < P 8. consideration the redundant caoability provided by the remaining two redundant OPERAB.E channels and the low probability of occurrence of an event during this period may require the protection afforded by this Function. (continued) 08/97 Amendment 0 1 h AP600 B 3.3 39 i.otu.m..mmmor mm ~ - ' ~

T?-

1- RTS Instrumentation B 3.3.1 BASES ACTION 5 H.1 and H.2 (cont iued) Condition H applies to the Safeguards Actuation signal from ESFAS reactor trip, the RTS Automatic Trip Logic. 1st stage Automatic Depressurization and CMT injection in H00ES 1 and 2. With one or two channels or divisions inoperable, the Required Action is to restore three of the four channels within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , Restoring all channels but one to OPERABLE status ensures that a single failure will neither cause nor prevent the protective function. In addition, having only one channel inoperable, provides the ca> ability for surveillance testing on the remaining t1ree channels. The 6 hour6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Completion Time is considered reasonable since the protective function would still function even with a single failure of one of the two remaining channels, If Required Actions described above cannot be' met within the s)ecified Completion Tines, the unit must be ) laced in a H00E A w,ere this Function is no longer required to se OPERABLE. Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is allowed to place the unit in HODE 3, The Completion Time is a reasonable time, based on operating experience, to reach H00E 3 from full power in an orderly manner and without challenging plant systems. Allowance of this time interval takes into consideration the redundant capability provided by the remaining two redundant OPERABLE channels and the low probability of occurrence of an event during this period that may require the protection afforded by this Function. N.1 N.2, and N.3 Condition N applies to the P 6, P 10, and P 11 interlocks. With one or two channels inoperable, the associated interlock must be verified to be in its required state for the existing plant condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , or the Functions associated with inoperable interlocks placed in a bypassed condition within 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months , or the unit must be placed in H0DE 3 within 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months . Verifying the interlock manually accomplishes the interlock condition. If one or two associated Functions are bypassed, the logic becomes two out of three or one out of two, respectively, while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will (continued) B 3.3 40 08/97 Amendment 0 .b.Nimemrer.eine, _ _. __~ RTS Instrumentation B 3.3.1 BASES N.1, N.2. and N.3 (continued) ACTIONS not prevent the protective function). The 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months allowed to place the Functions associated with the inoperable channel (s in the bypassed condition is justified in Reference 7. If placing the associated Functions in bypass is impractica for instance as the result of other channels in bypass, the Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, ba on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging plant systems. 0.1. 0.2, and 0.3_ With one or two Condition 0 applies to the P 8 interlock. channels ino>erable, the associated interlock must be verified to se in its required state for the_ existing plant condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . or the Functions associated inoperable interlocks placed in a bypassed condition within 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months , or the unit must be placed in H0DE 2 within Verifying the interlock manually accomplishes the 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months . interlock condition. If one or two associated Functions are bypassed, the logic becomes two out of three or one out of two respectively, while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective function). place the Functions associated with the inoperable chann in the bypassed condition is justified in Reference 7. If placing the associated Functions in bypass is impractic for instance as the result of other channels in bypass, the Completion Time of an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, b on operating experience, to reach MODE 2 from full power an orderly manner and without challenging plant systems. P.1. P.2.1. and P.2.2 Condition P apolies to the RTBs. and RTB undervoltage and shunt trio meenanisms in H00ES 1 and 2. and in H0 DES 3, 4. and S witn the RTBs closed and the Pl.S capab withdrawal. mechanical damage that can prevent the RTBs from opening. (continued) 08/97 Amendment 0 8 3.3 41 .Y.f.Smom met.mm RTS Instrumentation B 3.3.1 BASES ACTIONS P.1. P.2.1 and P.2.2 (continued) With one or two divisions inoperable (one or two of the RTBs and/or trip mechanisms associated with a protection division), the breakers in the inoperable required division must-be opened within 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months . If one division of RTBs is inoperable, but closed, and a second inoperable division is opened, the logic becomes one-out of two while still meeting single failure criterion (a failure in one of the three or one of the two remaining divisions will not prevent the protective function). If Required Actions described above cannot be met within the s)ecified Completion Times, the unit must be olaced in a H0DE w1ere this Function is no longer required to :e OPERABLE within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . This is done by opening all of the RTBs. With the RTBs open, these Functions are no longer required. } Q.1, 0.2.1. and 0.2.2 Condition 0 applies to the RTBs in H00ES 1, 2, 3, 4, or S with the RTBs closed and the PLS capable of rod withdrawal. With three divisions of RTBs and/or RTB Undervoltage and Shunt Tri) Hechanisms inoperable,1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months is allowed to - restore toe three of the four divisions to OPERABLE status or the unit must be placed in H00ES 3, 4 or S and the RTBs The Completion Time of 6 opened within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . hours is reasonable, based on op H00E 3 from full power in an orderly manner and without The 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and 6 hour6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Completion challenging unit systems. Times are equal to the time allowed by LCO 3.0.3 for shutdown actions in the event of a complete loss of RTS Function. Placing the unit in H00E 3 removes the requirement for this particular Function. R.1 and R.2 Condition R applies to ist Stage ADS Actuation, CMT Actuation and the RTS Automatic Trio Logic in H00ES 3, 4, and 5 with the RTBs closed and the PLS capable of rod withdrawal. (continued) h AP600 B 3.3 42 0B/97 Amendment 0 impug..nimom m.emer- ___.______---___--______.._.------.---._m._--._._--__-_____--_------------------J RTS Instrumentation B 3.3.1 BASES R.1 and R.2 (continued) ACTIONS With one or two channels inoperable three of the four channels must be restored to OPERABLE status in 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . Restoring all channels but one to OPERABLE ensures that a single failure will neither cause nor prevent the protective In addition having only one channel inoperable, function. provides the capability for surveillance testing on theThe 4 remaining three channels. considered reasonable since the protective function would still function even with a single failure of one of the two remaining channels. If Required Actions described above cannot be met within the s>ecified Completion Times, the unit must be ] laced in a MODE A w,ere this Function is no longer required to se OPERABLE. Completion Time of an additional I hour is allowed to open With RTBs open, these Functions are no longer the RTBs. required. S.1 and S.2 Condition S apolies to one or two inoperable Source Range Neutron Flux c1annels in MODES 3. 4, or 5 with the RTBsWith the closed and the PLS capable of rod withdrawal. in this Condition, below P 6, the NIS source range performsWit the monitoring and protection functions. the source range channels inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to If restore three of the four channels to an OPERABLE stat the channels cannot be returned to an OPERABLE status,Once the RT 1 additional hour is allowed to open the RTBs. are open, the core is in a more stable condition an enters Condition L. channel to OPERABLE status, and the additional hour to open theRTBs.arejustifiedinReference7. T.1. T.2, and T.3 Condition T applies when the required number of OPERABLE Source Range Neutron Flux channels is not met in H00E 3. 4. With the unit in this Condition, or 5 with the RTBs open. the NIS source range performs the monitoring and protection With less than the required number of source functions. range channels OPERABLE. operations involving positive This reactivity additions shall be suspended immediately. in addition to wil! preclude any power escalation, (continued)_ 08/97 Amendment 0 b AP600 B 3.3 43 m.m..oaum uo,..m, RTS Instrumentation B 3.3.1 BASES T.I. T.2. and T.3 (continued) ACTIONS suspension of positive reactivit) additions, all valves that could add unborated water to the kCS must be closed with The isolation of unborated 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months as specified in LCO 3.9.2. water sources will preclude a boron dilution accident. Also, the SDM must be verified within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and once every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter as per SR 3.1.1.1. SDM verification. With no source range channels OPERABLE, core protection is Verifying the SDM within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months allows severely reduced. sufficient time to perform the calculations and determine The SDM must also be that the SDM requirements are met. verified once per 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months thereafter to ensure that the core reactivity has not changed. Required Action L.11 precludes the efore, core reactivity any positive reactivity additions: and a 12 hour1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months Frequency is should not be increasing, Times of within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months and once per The Completion adequate. 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months are based on operating experience in performing the Required Actions and the knowledge that unit conditions w change slowly. The SRs for each RTS Function are identified in the S SURVEILLANCE column of Table 3.3.11 for that Function. REQUIREMENTS A Note has been added to the SR table stating that Table 3.3.11 determines which SRs apply to which RTS Functions. The CHANNEL CALIBRATION and RTCOT For channels calculating the required channel accuracies. that include dynamic transfer functions, suc with the transfer function set to one, with the resulting measured response time compared to the appropriate SSAR Alternately, the response time test response time (Ref. 2).can be performed with the time value provided the required response time is analytically calculated assuming the time constants are set at their The response time may be measured by a nominal values. series of overlapping tests such that the entire response time is measured. (continued)_ 08/97 Amendment 0 HAP 600 8 3.3 44 t *01\\t eettet s1601010130? ClLit t RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.1 REQUIREMENTS Performance of the CHANNEL CHECK once every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months ensures A (continued) that gross failure of instrumentation has not occurred. CHANNEL CHECK is normally a comparison of the parameter indicated on one channel to a similar parameter on other It is based on the assumption that instrument channels. channels monitoring the same parameter should read Significant deviations between a> proximately the same value. tie two instrument channels could be an indication of excessive instrument drift in one of the channels or of e A CHANNEL CHECK will detect gross something more serious.thus, it is key to verifying that the channel failure: instrumentation continues to operate properly between each CHANNEL CALIBRATION. Agreement criteria are determined by the plant staff based on a combination of the channel instrumant uncertainties, if a channel is including indication and readability, outside the criteria, it may be an indication that the sensor or the signal processing equipment have drifted outside its limit. The channels to be checked are: Power Range Neutron Flux Intermediate Range Neutron Flux Source Range Neutron Flux Overtemperature Delta T Overpower Delta T Pressurizer Pressure Pressurizer Water Level Reactor Coolant Flow each cold leg RCP Bearing Water Temperature each RCP RCP Speed SG Narrow Range level each SG RCS Loop T cold each cold leg RCS Loop T hot each cold leg i The Frequency is based on operating experience that Automated operator demonstrates the channel failure is rare. aids may be used to facilitate the performance of the CHANNE CHECK. (continued) 08 M Ame de nt 0 B 3.3 45 1.^.Pg,,,,,,,,,,,,,, RTS Instrumentation B 3.3.1 BASES SURVEll.l.ANCE SR 3.3.1.2 RE0VIREMEN15 SR 3.3.1.2 compares the calorimetric heat balance to theIf (continued) nuclear instrumentation channel output every 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . the calorimetric measurement between 70% and 100% RTP differs from the nuclear instrument channel output by > 2% RTP. the nuclear instrument channel is no inoperable, but must be adjusted. channel output cannot be properly adjusted, the channel is deelared inoperable. The first Note indicates that Three Notes modify SR 3.3.1.2. the nuclear instrument channel output shall be adjusted consistent with the calorimetric results if the absolute difference between the nuclear instrument channel output and the calorimetric measurement between 70% and 100% The second Note clarifies that this Surveillance > 2% RTP. is required only if reactor power is > 15% RTP after reaching 15% RTP. At lower power levels the The third Note is required calorimetric data are inaccurate. because, at power levels between 15% and for miscalibration of the r.uclear instrumentation cha cases where the channel is adjusted downward to match the Therefore, if the calorimetric heat calorimetric power. measurement is less than 70% RTP, and if the nuclear instrumentation channel indicated power is lower than the

21. then the nuclear calorimetric measurement by >l be adjusted upward to match the instrumentation channel shalNo nuclear instrumentatio calorimetric measurement.

adjustment is required if the nucleer instrumentation chan is higher than the calorimetric measurement (see Westinghou Technical Bulletin NSD TB 92 14, Rev. 1.) It is based on The Frequency of every 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is adequate. plant operating experience, considering instrument reliability and operating history data for instrument drift. Together these factors demonstrate the change in the abso difference between nuclear instrumentation and hea calculated powers rarely exceeds 2t RTP in any 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months period. In addition, main control room operators periodically monitor redundant indications and alarms to detect deviation channel outputs. (continued) 08/97 Amendment 0 b AP600 B 3.3 46 i.om.m..m.mm mmmt i- RTS Instrumen2ation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.3 SR 3.3.1.3 compares the AX1AL FLUX DIFF~ ~.NCE determined REQUIREMENTS using the incore system to the nuclear.nstrument channel (continued) AXIAL FLUX DIFFERENCE every 31 EFPD. If the absolute difference is a 3% AFD the nuclear in If the channel is still OPERABLE, but must be read u This surveillance is channel is declared inoperable. performed to verify function. The first Note indicates that Two Notes modify SR 3.3.1.3. the excore nuclear instrument channel shall be adjusted if the absolute difference between the incore and a 3% AFD. only if reactor power is a 20% RTP and that Below 20% RTP, the design of the incore detector system, low core power density, and detector accuracy mak 20% RTP. use of the incore detectors inadequate for use as a reference standard for comparison to the excore channels. It is based on The Frequency of every 31 EFPD is adequate. plant operating experience, considering Instrument reliability and operating history data for instrument drift. Also, the slow changes in neutron flux during the fuel cycle can be detected during this interval. SR 3.3.1.4 SR 3.3.1.4 is a calibration of the excore channels t If the measurements do not agree, the incore channels. excore channels are not declared inoperable but must be calibrated to agree with the incore detector measurements. If the excore channels cannot be adjusted, the channels are This Surveillance is performed to declared inoperable, verify the f(AI) input to the overtemperature AT Function. The Note states that this A Note modifies SR 3.3.1.4. Surveillance is required and that 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is allowed for performing the first surveillance after reaching 50% RTP, (continued! 08/97 Amendment 0 : B 3.3 47 AP600 _ l ATS Instrumentation B 3.3.1 l BASES P SURVEILLANCE SR 3.3.1.4 (continued) REQUIREMENTS The Frequency of 92 EFPD is adequate. It is based on industry operating experience, considering instrument reliability and operating history data for instrument drift. SR 3.3.1.5 SR 3.3.1.5 is the performance of a TADOT every 92 days on a STAGGERED TEST BASIS. This test shall verify OPERABILITY by actuation of the end devices. The Reactor Trip Breaker (RTB) test shall include separate verification of the undervoltage and shunt trip mechanisms. Each RTB in a division shall be tested separately in order to minimize the possibility of an inadvertent trip. The frequency of every 92 days on a STAGGERED TEST BASIS is It is based on industry operating experience, adequate. considering instrument reliability and operating history In addition, the AP600 design provides additional data. breakers to enhance reliability. The SR is modified by a Note to clarify that both breakers in a single division are to be tested during each STAGGERED TEST. SR 3.3.1.6 SR 3.3.1.6 is the wrformance of a REACTOR TRIP CHANNEL OPERATIONAL TEST ((TCOT) every 92 days. A RTCOT is performed on each required channel to provide reasonable assurance that the entire channel will perform the intended Function. The automat 4. tester provided with the integrated protection cabinets is intended to aid the plant staff in performing the Prior to the RTCOT, the calibration of the automatic RTCOT. tester shall be verified and adjustments made as required to the voltage and time base references in the automatic tester, Subsequent to the RTCOT, the results of the automatic test shall be reviewed to verify co@leteness and adequacy of results. (continued) 8 3 3 48 08/97 Amendment 0 h AP600.mme-emer uom.m.uu RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.6 (continued) REQUIREMENTS This test frequency of 92 days is justified based on Reference 7 and the use of continuous diagnostic test features, such as deadman timers, A/O channel automatic calibration, memory checks numeric coprocessor checks. and tests of timers, counters and crystal time bases, which will report a failure within the integrated protection cabinets to the operator within 10 minates of a detectable failure. SR 3.3.1.6 is modified by a note that provides a 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months delay in the requirement to perform this Surveillance for sourceThis range instrumentation when entering H00E 3 from testing in H00E 2 and for a short time in H00E 3 until the RTBs are open and SR 3.3.1.6 is no longer required to be If the unit is to be in H00E 3 with the RTBs performed. closed for a time greater than 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months , this Surveillance must be performed prior to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months after entry into MODE 3. During the RTC0T. the integrated protection cabinets in the division under test may be placed in bypass. SR 3.3.1.7 SR 3.3.1.7 is the performance of a RTC0T as described in SR 3.3.1.6. except it is modified by a Note that this test shall include verification that the P 6 and P 10 interlocks are in their required state for the existina unit condition. The Frequency is modified by a Note that allows 92 days of the Frequencies prior to reactor startup and 7 The four hours after reducing power below P 10 and P 6. z Frequency of ", prior to startup" ensures this surveillance is performed prior to critical operations and applie The Frequency of "4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months after reducing power below P 10" (apolicable to intermediate and power range low channels) and "41ours after reducing power below P 6" (applicable to source range channels) allows a normal shutdown to be completed and the unit removed from the MODE of Apolicability for this surveillance without a delay to perform tne testing The Frequency of every 92 required by this surveillance. days thereafter applies if t Applicability after the initial performances of prio (continued) 08/97 Amendment 0 h AP600 8 3.3 49 t e01\\ t ee tte< \\16410101. r07 -062297 RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.7 (continued) -REQUIREMENTS P 10 or P 6. The MODE of Applicability for this surveillance is < P 10 for the power range low and intermediate range channels and 0.00111 hours 6.613757e-6 weeks 1.522e-6 months , then the testing required by this surveillance must be performed prior to the expiration of the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months limit. Four hours is a reasonable time to complete the required testing or place the unit in a MODE where this surveillance is no longer recuired. This test ensures that the NIS source, intermeciate, and )ower range low channels are OPERABLE prior to taking tw reactor critical and after reducing power into the applicable MODE ( 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months . SR 3.3.1.8 A CHANNEL CALIBRATION is performed every 24 months. or approximately at every refueling. CHANNEL CALIBRATION is a complete check of the instrument loop, including the sensor. The test verifies that the channel responds to a measured parameter within the necessary range and accuracy. Transmitter calibration must be performed consistent with the assumptions of the unit specific setpoint methodology. The difference between the current "as found" values and the previous test "as left" values must be consistent with the transmitter drift allowance used in the setpoint methodology. The CHANNEL CALIBRATION is assisted by the use of an automatic tester, and the calibration of the automatic tester must be verified prior to use. The setpoint methodology requires that 30 months drift be used (1.25 times the surveillance calibration interval. 24 months) based on Generic Letter 91 04. " Changes in Technical Specification Surveillance Intervals to Accommodate a 24 month Fuel Cycle." SR 3.3.1.8 is modified by a Note stating that this test shall include verification that the time constants are adjusted to the prescribed values where applicable. (continued) h AP600 B 3.3 50 08/97 Amendment 0 I*01\\ t etaspen160 30101. r0? 0422t? RTS Instrumentation B 3.3.1 BASES SURVEILLANCE SR 3.3.1.9 ~SR 3.3.1.9 is the performance of a CHANNEL CALIBRATION every REQUIREMENTS This SR is modified by a Note stating that (continued) neutron detectors are excluded from the CHANNEL C 24 months. The CHANNEL CALIBRATION for the power ra Below calorimetric and flux mao performed above 20% RTP, 20% RTP. the design of tne incore detector system, low core power density, and detector accuracy make use of the incore detectors inadequate for use as a reference standard forThe CH comparison to the excore channels.for the source range consists of obtaining the detector plateau or pream the curves to the manufacturer's data. not required for the power range detectors for entry into MODE 2 and 1, and is not required for the inte at least MODE 2 to perform the test for the intermediate range detectors and MODE 1 for the power range detectors. The 24 month Frequency is based on the ne outage and the potential for an unolanned transient if the Surveillance were performed with the reactor at tne Surveillance when performed on the 24 month Frequency. SR 3.3.1.10 SR 3.3.1.10 is the performance of a TADOT of the Manual RCP Breaker Position, and the SI. ADS This Reactor Trip,d CMT Injection inputs from the ESFACs. The test shall Actuation, an TADOT is performed every 24 months. independently verify the OPERABILITY of the undervolta shunt trip mechanisms for the Manual Reactor Trip Function for the Reactor Trip Breakers. The Frequency is based on the known relia been shown to be acceptable through operating experience. The SR is modified by a Note that excludes verification of The Functions affected have no setpoints from the TADOT. setpoints associated with them. (continued) 08/97 Amendment 0 B 3.3 51 h AP600 " ""*"* " *f"'_2 RTS Instrumentation l B 3.3.1 i BASES SURVEILLANCE SR 3.3.1.11 This SR 3.3.1.11 verifies that the individual channel / ~ REQUIREMENTS division actuation response times are less than or equal to (continued) the maximum values assumed in the accident analysis. Response Time testing criteria are included in Reference 2. For channels that include dynamic transfer performed with the transfer Function set to Alternately, the response time test can FSAR response time. be performed with the time constants set calculated assuming the time constants are set at their The response time may be measured by a nominal values. series of overlapping test such that the entire response time is measured. Each division response must be verified ev Response times cannot be would be tested after 96 months). determined durin Experience has shown is required to measure response times. that these components usually pass this surveillance when Therefore the Frequency performed on a refueling frequency. was concluded to be acceptable from a reliability standpoint. The SR 3.3.1.11 is modified by exempting neutron detectors A Note to the Surveillance from response time testing. indicates that neutron detectors may be excluded RESPONSE TIME testing. difficulty in generating an appropriate detector signal. principles of detector operation ensure a virtually instantaneous responst. AP600 SSAR< Chapter 6.0. " Engineered Safety Feature REFERENCES 1. AP600 SSAR, Chapter 7.0, " Instrumentation and 2. Controls." AP600 SSAR, Chapter 15.0. " Accident Analysis " 3. WCAP 14606, " Westinghouse Setpoint Methodology for Protection Systems," April 1996 (nonproprietary). 4. (continued) 08/97 Amendment 0, b AP600 B 3.3 52 se.m.umaioievo,.omu L RTS Instrumentation B 3.3.1 BASES Institute of Electrical and Electronic Engineers. IEEE 279 1971, " Criteria:for Protection Systems for REFERENCES 5. (continued) Nuclear-Power Generating Stations," April 5, 1972. 10 CFR 50.49, ' Environmental Qualifications of Electric Equipment Important to Safety for Nuclear Power Plants." 6. WCAP 10271 P A, ' Evaluation of Surveillance Frequencies and Out of Service Times for the Reactor Protection 7. Instrumentation System " May 1986. l NRC Generic Letter No. 83 27, Surveillance Intervals in 8. Standard Technical Specifications. ESBU TB 97 01, Westinghouse Technical Pulletin, " Digital Process Rack Operability Determination Criteria," May 1, 9.

1997, I

08/97 Amendment 0-8 3.3 53 h AP600 l*01\\tetMee<\\n6010 lot. e07 041117 ESFAS Instrumentation B 3.3.2 B 3.3 INSTRUMENTATION 8 3.3.2 ENGINEERED SAFETY FEATURE ACTUATION SYSTEM (ESFAS) INSTRUMENTATION BASES BACKGROUND The ESFAS initiates necessary safety systems, based upon the values of selected unit parameters, to protect against violating core design limits and the Reactor Coolant System (RCS) pressure boundary, and to mitigate accidents. The ESFAS instrumentation is segmented into four distinct but interconnected modules as identified below: Field inputs from process sensors, nuclear instrumentation: Integrated Protection Cabinets (IPCs): Engineered Safety Features Actuation Cabinets (ESFACs); and Protection Logic Cabinets (PLCs). Field Transmitters and Sensors Normally, four redundant measurements using four separate sensors, are made for each variable used for actuation of The use of four channels for arotection Functions is

ESF, based on a minimum of two channels xing required for a trip or actuation, one channel in test or bypass, and a single failure on the remaining channel. The signal selector in the Plant Control System will function correctly with only three channels.

This includes two channels properly functioning and one channel having a single failure. Minimum requirements for protection and control is achieved with three channels OPERABLE. The fourth channel is provided to increase plant availability, and permits the plant to run for an indefinite time with a single channel The circuit design is able to withstand out of service. both an input failure to the control system, which may then require the orotection Function actuation, and a single failure in the other channels providing the protection Function actuation. Again, a single failure will neither cause nor prevent the protection Function actuation, These The actual requirements are described in IEEE 279 (Ref. 4), (continued)~ h AP600 B 3.3 54 08/97 Amendment 0 i omu.uusuoiouer.o uo ESFAS Instrumentation B 3.3.2 - BASES BACKGROUND Field Transmitters-and Sensors (continued) number of channels provided for each plant parameter is specified in Reference 2. Engineered Safety Features (ESF) Channel An ESF channel extends from the sensor to the output of the associated ESF subsystem (ESF1 or ESF2) in the IPCs, and shall include the sensor (or sensors), the signal conditioning, any associated data links, and the associated For ESF channels containing nuclear ESF subsystem. instrumentation, the ESF channel shall also include the nuclear instrument signal conditioning and the associated Nuclear Instrumentation Signal Processing and Control (NISPAC) subsystem in the IPCs. Any manual ESF controls that are associated with a particular ESF channel are also included in that ESF channel. IPCs The IPCs contain the necessary equipment to: Permit acquisition and analysis of the sensor inputs, including plant process sensors and nuclear instrumentation, required for reactor trip and ESF calculations: Perform computation er logic operations on variables based on these inputs: Provide trip signals to the reactor trip switchgear and ESF actuation data to the ESFACs as required: Permit manual trip or bypass of each individual reactor trio Function and permit manual actuation or bypass of eaca individual voted ESF Function: Provide data to other systems in tne Instrumentation and Control (I&C) architecture: Provide functional diversity for the reactor trips and ESF actuations: and (continued) h AP600 B 3.3 55 08/97 Amendment 0 i m u. m.. n u ciais o..... u i, ESFAS Instrumentation B 3.3.2 BASES BACKGROUND IPCs (continued) Provide separate input circuitry for control Functions that require input from sensors that are also requirtd for protection Functions. Each of the four IPCs provides signal conditioning, comparable output signals for indications in the main control room, and comparison of measured input signals with established setpoints. The basis of the setpoints are-described in References 1, 2, and 3. If the measured value of a unit parameter exceeds the predetermined w point, an output is generated which is transmitted to the ESFACs for logic evaluation. ESFACs The ESFACs contain the necessary equipment to: Permit reception of the data supplied by the four IPCs and perform voting on the trip outputs: Perform system level logic using the input data from the IPCs and transmit the output to the PLCs: and Provide redundant hardware capable of providing system level comands to the PLCs, ESF Actuation Logic The ESF actuation logic shall extend from, but not include, the outputs of the various ESF channels to the output from The the logic cabinet associated with the actuated device. ESF actuation logic shall include the ESF actuation subsystems in the ESFACs, the Functional Logic Subsystems in the ariociated PLC, the I/O hardware associated with the actuated device, any associated datalinks and any associated Any manual ESF controls that are associated data highways. with a carticular ESF actuation logic are also included in that ESF actuation logic. (continued) B 3.3 56 08/97 Amendment 0 b AP600.omo,,or.eni,, i om.m.uu ESFAS Instrumentation B 3.3.2 BASES BACKGROUND PLCs ~~ (continued) The PLCs contain the necessary equipment to: Receive automatic system level signals supplied by the associated ESFAC: Receive and transmit dat) to/from main control room multiplexers: Receive and transmit data to/from other PLCs on the same logic bus: Receive status data from component position switches (such as limit switches and torque switches); and Perform logic computations on received data, generate logic commands for final actuators (such,as START, STOP, OPEN, and CLOSE), ESFAC and PLC Operability Background Each ESFAC and PLC has two microprocesso In the ESFAC, each microprocessor subsystem is called an In the PLC each microprocessor actuation subsystem. This subsystem is called a functional logic group. arrange ESFAC or PLC to be temocrary removed from service toW facilitate testing. moved from service, the remaining microprocessor subsystem continues to function and the ESF division conti provide full protection. halves is connected to the battery backed portion o As long power rystem. even when all ac power sources are lost. as one battery microprocessor subsystem within an ESFAC or divisio PLC continues to operate, the ESF division is unaffected. As ESF division is only affected when all battery backed micro >rocessor subsystem within an ESFAC or PLC are not OPERA 3LE. (continued)- 08/97 Amendment 0 b AP600 B 3.3 57 t*01\\ tee sN e\\t6010102.r07 082197 9 a ESFAS Instrumentation B 3.3.2 . BASES Trip Setpoints and Allowable Values ^ BACKGROUND The Trip Setpoints are the nominal values at w ~ (continued) output is set. adjusted when the "as left" value is within the ba CHANNEL CALIBRATION accuracy. The Trip Setpoints used in the trip output are based on the The selection of analytical limits stated in Reference 2.these Trip provided when all sensor and processing time delays taken into account. instrument drift, and severe environment ESFAS channels that must function in harsh enviro defined by 10 CFR 50.49 (Ref. 5), the Trio Setpoints and Allowable Values specified in Table 3.3.E 1 A detailed description of the the analytical limits. methodology used to calculate the Trip Setpoints, including their exolicit uncertainties, is provided in the "Westingaouse Setpoint Methodology for Prote (Refs. 9 and 10).into the bistable is more conservative tha by the Allowable Value to account for changes in random measurement errors detectable by a COT. a change in measurement error is drift during theIf th surveillance interval. exceed the Allowable Value, the OPERABLE. Setpoints in accordance with the Allowable Value ensu the consequences of Design Basis Accidents (DBAs) will b acceptable. providing the unit is operate designed. Each channel can be tested on line to verify that the si processing equipment and setpoint accuracy is within Once a specified allowance requirements of Reference 9. designated channel is taken out of service for testing, a simulated signal is injected in place of the field instrument signal. SRs for the test is then tested, verified, anc calibrated. channels are specified in the SR section. (continued) 08/97 Amendment 0 B 3.3 58 AP600 _, ESFAS Instrumentation B 3.3.2 BASES 4 BACKGROUND Trip Setpoints and Allowable Values (continued) The Trip Setpoints and Al owable Values listed in-l Table 3.3.21 are based on the methodology described in Reference 9. which incorporates all of the known uncertainties applicable for each channel. The magnitudes of these uncertainties are factored into the determination of each Trip Setpoint. All field sensors and signal processing equipment for these channels are assuned to operate within the allowances of these uncertainty magnitudes. Calibration tolerances and drift allowances must be specified in plant calibration procedures, and must be consistent with the values used in the setpoint methodology. l The OPERABILITY of each transmitter or sensor can be evaluated when its "as found" calibration data are compared against the "as left" data and are shown to be within the setpoint methodology assumptions. The basis of the setpoints is described in References 1, 2. 3. and 9. Trending of transmitter calibration is required by Generic Letter 9104, " Changes in Technical Specification Surveillance Intervals to Accommodate a 24 Month Fuel Cycle." Each channel of the IPC can be tested on line to verify that the signal or setpoint accuracy is within the specified allowance requirements. This test may be performed by using the built in automatic tester. Once a designated channel is automatically taken out of service for testing, a simulated signal is injected in place of the field instrument signal. The process equipment-for the channel in test is then tested, verified, and calibrated. The IPC channel is considered to be OPERABLE if the channel passes the automatic testing. Surveillance Requirements for the channels are specified ir. the Surveillance Requirements section. APPLICABLE Each of the analyzed accidents can be detected by one or SAFETY ANALYSES, more ESFAS Functions. One of the ESFAS Functions is the LCOs. and orimary actuation signal for that accident. An ESFAS APPLICABILITY Function may be the primary actuation signal for more than one type of accident. An ESFAS Function may also be'a secondary, or backup, actuation signal for one or more other (continued) ' h AP600 B 3.3 59 08/97 Amendment 0 Isot\\tetatpec\\t6010302 r07 C81HP ______________.__m ~ ESFAS Instrumentation B 3.3.2 BASES APPLICABLE accidents. For exaiiple. Pressurizer Pressure - Low is a SAFETY ANALYSES. primary actuation signal for small loss of coolant accidents LCOs, and (LOCAs) and a backup actuation signal for steam line breaks APPLICABILITY (SLBs) outside containment. Functions such as manual (continued) initiation not specifically credited in the accident safety analysis are qualitatively credited in the safety analysis and the NRC staff approved licensing basis for the plant. These Functions may provide protection for conditions which do not require dynamic transient analysis to demonstrate Function performance. These Functions may also serve as backups to functions that were credited in the accident analysis (Ref. 3). The LCO generally requires OPERABILITY of four channels in each instrumentation / logic Function and two devices for each manual initiation Function. The two out of four configurations allow one channel to be bypassed during maintenance or testing without causing an ESFAS initiation. Two manual initiation channels are required to ensure no single random failure disables the ESFAS. The required channels of ESFAS instrumentation provide plant protection in the event of any of the analyzed accidents. ESFAS protective functions are as follows: 1. Safeguards Actuation The Safeguards Actuation signal actuates the alignment of the Core Makeu) Tank (CMT) valves for passive injection to the RCS. Tw Safeguards Actuation signal prcvides two primary Functions: Primary side water addition to ensure maintenance or recovery of reactor vessel water level (coverage of the active fuel for heat removal and clad integrity, peak clad temperature < 2200*F): and Boration to ensure recovery and maintenance of SHUTDOWN MARGIN (kerf < 1.0). (continued) b AP600 B 3.3 60 08/97 Amendment 0 i e m u..n aa mo u v.a.n, ,,--r l ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 1. Safeguards Actuation (continued) SAFETY ANALYSES. LCOs and These Functions are necessary to mitigate the effects APPLICABILITY of high energy line breaks (HELBs) both inside and outside of containment. The Safeguards Actuation signal is also used to initiate other Functions such as: Containment Isolation: Reactor Trip: Turbine Trip: Close Main Feedwater Control Valves: Trip Main Feedwater Pumps and Closure of Isolation and Crossover Valves: Reactor Coolant Pump Trip; and Enable Automatic Depressurization System (ADS). These other Functions ensure: Isolation of nonessential systems through containment penetrations; Trip of the turbine and reactor to limit power generation: Isolation of main feedwater to limit secondary side mass losses: I Trip of the reactor coolant pumps to ensure proper. CMT actuation: Enabling automatic depressurization of the RCS on CNT Level - Lov 1 to ensure continued safeguards actuatedinjection. Manual and automatic initiation of Safeguards Actuation must be OPERABLE in MODES 1.~2. 3. and 4. In these MODES there is sufficient energy in the primary and secondary systems to warrant automatic initiation of ESF-systems. Automatic actuation in MODE 4 is provided by the high containment pressure signal. (continued) i h AP600 B 3.3 61 08/97 Amendment 0 t *01\\ t e<m see t d 6010101. r07 08229 P e ESFAS 8nstrumentation B 3.3.2 BASES APPLICABLE

1. -Safeguards Actuation (continued)

Manual initiation is required in MODE 5 to support system SAFETY ANALYSES Automatic initiation is not required LCOs. and level initiation, to be OPERABLE in MODE 5 because parameters are not APPLICABILITY available to provide automatic actuation, and an accident. These Safeguards Actuation Functions are not required to be OPERABLE in MODE 6 because ther manually starting individual systems, pumps, and other equipment to mitigate the consequences of an abnor condition or accident,are very low and many ESF compone locked out or otherwise prevented from actuating to prevent inadvertent overpressurization of plant systems. 1.a. Manual Initiation The LCO requires that two manual initiation devices The operator can initiate the are OPERABLE, Safeguards Actuation signal at any time by using either of two switches in the main control room, This action will cause actuation of all com signals. The LCO on Manual Initiation ensures the proper amount of redundancy is maintained in manual ESFAS initiation capability, Each device consists of one switch and the Each interconnecting wiring to all four ESFACs. manual initiation device actuates all four ESFA This configuration does not allow divisions. testing at power. (continued)_ 1 08/97 Amendment 0 B 3.3 62 h AP600 At\\tetMeetst6010102.r07 062297 ESFAS Instrumentation B 3.3.2 BASES 1.b. Containment Pressure - High 2 APPLICABLE SAFETY ANALYSES, This signal provides protection against the LCOs, and following accidents: APPLICABILITY (continued) SLB inside containment: LOCA: and Feed line break inside containment. The transmitters (d/p cells) and electronics are Since the located inside of containment. transmitters and electronics are located inside of containment, they will experience adverse enviri nmental conditions and the trip setpoint reflects environmental instrument uncertainties. The LC0 requires four channels of Containment Pressure - High 2 to be OPERABLE in MODES 1, 2. 3, Four channels are provided to permit one and 4. channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. 1.c. Pressurizer Pressure - Low This signal provides protection against the following accidents: Inadvertent opening of a steam generator (SG) safety valve: SLB A spectrum of rod cluster control assembly ejection accidents (rod ejection): Inadvertent opening of a pressurizer safety valve: LOCAs: and Steam Generator Tube Rupture (SGTR). (continued)_ m 08/97 Amendment 0 B 3.3 63 b AP600.omo imuu...uu 4.essin. .a ESFAS Enstrumentation B 3.3.2 BASES APPLICABLE 1.c, Pressurizer Pressure Low (continued) SAFETY ANALYSES, The transmitters are located inside containment, LCOs and with the taps in the vapor space region of the APPLICABILITY pressurizer, and thus possibly experiencing adverse environmental conditions (LOCA, SLB inside Therefore, the Trip Setpoint reflects containment). the inclusion of both steady state and adverse environmental instrument uncertainties. The LC0 requires four channels of Pressurizer Pressure - Low to be OPERABLE in MODES 1, 2, and 3 (above P 11) to mitigate the consequences of a high Four energy line rupture inside containment. channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip <cd by Function. This signal may be manually bloc Automatic the operator below the P 11 setpoint. actuation below this pressure is then performed by 5 the Containment Pressure - High 2 signal. This function is not required to be OPERABLE in H00E 3 below the P 11 setpoint. Other ESF Functions are used to detect accident conditions and actuate the ESF systems in this MODE. In MODES 4, S, and 6, this Function is not needed for accident detection and mitigation, 1.d. Steam Line Pressure - Low Steam Line Pressure - Low provides protection against the following accidents: SLB: Feed line break: and Inadvertent opening of an SG relief or an SG safety valve. (continued) h AP600 8 3.3 64 08/97 Amendment 0 mmu%.uumom cor emu ] ESFAS Instrumentation B 3.3.2 BASf5 (continued) APPLICABLE 1.d. Steam Line Pressure - Low ^ SAFETY ANALYSES.- It is possible for the transmitters to experience LCOs, and adverse environmental conditions during a secondary APPLICABILITY Therefore, the Trip Setpoint reflects side break. both steady state and adverse environmental instrument uncertainties. This Function is anticipatory in nature and has a typical lead / lag ratio of 50/5. The LCO requires four channels of Steam Line Pressure - Low to be OPERABLE in H00ES 1, 2, and 3 (above P 11) when a secondary side break or stuck open valve could result in the rapid Four channels depressurization of the steem lines. are provided in each steam line to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable This signal may be manually this trip Function. blocked oy the operator below the P 11 setpoint. Below P 11, feed line break is not a concern, inside containment SLS will be terminated by automatic actuation via Containment Pressure - High 2, and outside containment SLB will be terminated by the Steam Line Pressure Negative Rate - High signal for steam line isolation. In MODES 4, 5, or 6. this Function is not needed for accident detection a mitigation because the steam line pressure is below Low steam line pressure in the actuation setpoint. these MODES is not an adequate indication of a feed line or steam line break. 1.e. RCS Cold leg Temperature (Teoid) - LOW This signal provides protection against the following accidents: SLB: Feed line break; and Inadvertent opening of an SG relief or an SG safety valve. (continued) 08/97 Amendment 0 b AP600 B 3.3 65 imw.m uumem c.eum. ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 1.e. RCS Cold leg Temperature (T,jo) - Low (continued) c SAFETY ANALYSES, LCOs, and The LCO requires four channels of Tcold - Low to be APPLICABILITY OPERABLE in MODES 1 and 2, and in MODE 3, with any main steam isolation valve open, when a secondary side break or stuck open valve could result in the rapid cooldown of the primary side. Four channels are provided in each loop to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODES 4. 5. and 6, this Function is not needed for accident detection and mitigation because the cold leg temperature is reduced below the actuation setpoint. 2. CMT Actuation CMT Actuation provides the passive injection of borated water into the RCS. Injection provides RCS makeup water and boration during transients or accidents when the normal makeup supply from the Chemical and Volume Control Two tanks are System (CVS) is lost or insufficient. available to provide passive injection of borated water. CMT injection mitigates the effects of high energy line breaks by adding primary side water to ensure maintenance or recovery of reactor vessel water level following a LOCA, and by borating to ensure recovery or maintenance of SHUTDOWN MARGIN following a steam line break. CMT Valve Actuation is initiated by the Safeguards Actuation signal, Pressurizer Level - Low 2, or manually. The LC0 requires that manual and automatic CMT Valve Actuation be OPERABLE in MODES 1 through 4. Manual actuation of the CMT valves is additionally required in MODE 5 with the loops filled. Automatic actuation initiated by Pressurizer Water Level - Low 2 is required to be OPERABLE in MODE 5 with the RCS pressure boundary intact, above the P 12 setpoint. Automatic actuation of this Function is not required in MODE 5 with no visible level in the pressurizer, or MODE 6 because the CMTs are not required to be operable in these MODES. 2.a.panualInitiation Manual CMT Valve Actuation is acccmplished by either of two switches in the main control room. Either switch activates all four ESFAC divisions. (continued) h AP600 B 3.3 66 08/97 Amendment 0 1*0t\\tecatoecsL6010102 707 08L197 ESFAS Instrumentat1on B 3.3.2 BASES APPLICABLE 2.b. Pressurizer Water Level - Low 2' SAFETY ANALYSES, LCOs. and This Function also initiates CMT Valve Actuation APPLICABILITY from the coincidence of pressurizer level below the (continued) Low 2 Setpoint in any two of the four divisions. This function can be manually blocked when the pressurizer water level is below the P 12 Setpoint. This Function is automatically unblocked when the pressurizer water level is above the P 12 Setpoint. The Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide protection for an event that results in a harsh environment. 2.c. Safeguards Actuation CNT Valve Actuation is also initiated by all Functions that initiate the Safeguar.ds Actuation signal. The CMT Valve Actuation Function requirements are the same as the requirements for the Safeguards Actuation Functions. Therefore, the requirements are not repeated in Table 3.3.2 1. Instead Function 1 is referenced for all initiating Functions and requirements. 2.d. ADS Actuation The CMTs are actuated any time stage 1 ADS is actuated. The CMT Actuation Function requirements for the stage 1 ADS are the same as the requirements for their ADS Function. Therefore, the recuirements are r,ct repeated in Table 3.3.2 1. Insteac., Function 9 is referenced for all initiating functions and requirements. 3. Containment Isolation .a Containment Isolation provides isolation of the containment atmosphere and selected process systems which

netrate containment from the environment. This Punction is necessary to prevent or limit the release of radioactivity to the environment in the event of a large break LOCA.

(continued) b AP600 B 3.3 67 08/97 Amendment 0 t*01\\tecaseet\\l6Cl0lci e07 C4119? ESFAS Instrumentation B 3.3.2 BASES APPLICABLE

3. - Containment Isolation (continued)

SAFETY ANALYSES. LCOs. and Containment Isolation is actuated by the Safeguards APPLICABILITY Actuation signal, manual actuation of containment cooling.or manually. Process lines penetrating containment are isolated on ESF signals. Manual and automatic initiation of Containment Isolation must be OPERABLE in MODES 1. 2. 3. and 4, when containment integrity is required. Manual initiation is required in MODE 5 and MODE 6. Manual' initiation of this Function in MODE 6 is not applicable if the process lines penetrating containment are isolated. This provides the capability to manually initiate containment isolation during all MODES. Automatic actuation is not required in MODES S and 6 because manual initiation is sufficient to mitigate the consequences of an accident in these MODES. 3.a. Manual Initiation Manual Containment Isolation is accomplished by either of two switches in the main control room. Either switch actuates all four ESFAC divisions. 3.b. Manual Initiation of Passive Containment Cooling Containment Isolation is also initiated by Onual Initiation of Passive Containment Cooling. This is accomplished as described for ESFAS Function 12.a. 3.c. Safeguards Actuation Containment Isolation is also initiated by all Functions that initiate the Safeguards Actuation signal. The Containment Isolation Function requirements are the same as the requirements for. the Safeguards Actuation Function. Therefore, the requirements are not repeated in Table 3.3.2 1. Instead. Function 1 is referenced for all-initiating functions and requirements. 4. Steam Line Isolation l Isolation of the main steam lines provides protection in the event of an SLB inside or outside containment. Raoid isolation of the steam lines will limit the steam break (continued) B 3.3 68 08/97 Amendment 0 ..i.'. 6 3,,,,,,,, m w 1 I ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 4. Steam Line Isolation (continued) For an SLB SAFETY ANALYSES, accident to the blowdown from one SG at most. upstream of the isolation valves, inside or outsid LCOs. and APPLICABILITY For accident to the blowdown from only the affected SG. a SLB downstream of the isolation valves, closure of the isolation valves terminates the accident as soon as the steam lines depressurize, Closure of the turbine stop and control valves and the main steam branch isolation valves is initiated by th Function. depressurization of the main steam system associated with an inadvertent opening of a single steam dump, relief, Closure safety valve, or a rupture of a main steam line. of these valves also suprorts a steam generator tube rupture event by isolating the faulted steam generator. 4.a. Manual Initiation Manual initiation of Steam Line Isolation can be There are accomplished from the main control room. two switches in the main control room and either switch can initiate action to immediately close all The LC0 main steam isolation valves (MSIVs). requires two OPERABLE channels in H0 DES 1, 2, 3, and 4 with any main steam valve open, when there is sufficient energy in the RCS and SGs to have an SLB or other accident resulting in the release of significant quantities of energy to cause a cooldown In H00ES 5 and 6. this of the primary system. Function is not required to be OPERABLE because there is insufficient energy in the secondary side of the unit to cause an accident. 4.b. Containment Pressure - High 2 This Function actuates closure of the MSIVs in the event a SLB inside containment to limit the mass energy release to containment and limit blowdown to a single SG. The transmitters and electronics are located inside containment, thus, they will experience harsh environmental conditions and the Trip Setpoint reflects environmental instrument uncertainties. (continuedl 08/97 Amendment 0 b AP600 B 3.3 69 m m. m.. m m u n m.a m,r. t ~ l f ESFAS instrumentat9on B 3.3.2 BASES 4.b. Containment Pressure - High 2 (continued) APPLICABLE SAFETY ANALYSES, The LC0 requires four channels of Containment LCOs, and Pressure - High 2 to be OPERABLE in H00ES 1, 2, 3. APPLICABILITY and 4, with any main steam valve open, when there is sufficient energy in the primary and secondary side to pressurize the containment following a pipe Four channels are provided to permit one break. channel to be in trip or bypass indefinitely and still ensure no single random failure will disable There would be a significant this trip Function. increase in the containment pressure, thus allowing In MODES 5 detection and closure of the HSIVs. and 6 there is not enough energy in the primary and secondary sides to pressurize the containment to the Containment Pressure - High 2 setpoint. 4.c. Steam Line Pressure (1) Steam Line Pressure - Low Steam Line Pressure - Low provides closure of the HSIVs in the event of an'SLB to maintain at least to limit the mass and energy release to containment and limit blowdown to a single SG. The LCO requires four channels of Steam Line Pressure - Low Function to be OPERABLE in MODES 1, 2, and 3 (above P 11), with any main steam isolation valve open, when a secondary side break or stuck open valve could result in the raaid depressurization of the steam lines. Four cnannels are provided in each steam-line to permit one channel to be in trip or bypassind This failure will disable this trip Function. signal may be manually blocked by the operatorBelow below the P 11 setpoint, containment SLB will be terminated by automatic actuation via Containment Pressure - High 2, and stuck open valve transients and outside containment steam line breaks will be t.:rminat by the Steam Line Pressure Negative Rate - HighIn M signal for Steam Line Isolation.and 6, this func detection and mitigation. (continued) 08/97 Amendment 0 h AP600 B 3.3 70 i.nu.m..mumeryr aum. ESFAS Instrumentation B 3.3.2 BASES APPLIC/SLE (2) Steam Line Pressure Negative Rate - High SAFETY ANALYSES, LCOs, and Steam Line Pressure Negative Rate - High APPLICABILITY provides closure of the MSIVs for an SLB, when (continued) less than the P 11 setpoint, to maintain at least one unfaulted SG as a heat sink for the reactor and to limit the mass and energy release to containment. When the operator manually blocks the Steam Line Pressure - Low when less than the P 11 setpoint, the Steam Line Pressure-Negative Rate - High signal is automatically enabled. The LC0 requires four channels of Steam Line Pressure Negative Rate - High to be OPERABLE in MODE 3, with any main steam valve open, when less than the P 11 setpoint, when a secondary side break or stuck open valve-could result in the raaid depressurization of the steam line(s). Four cnannels are provided in each steam line to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODES 1 and 2, and in H00E 3 when above the P 11 setpoint, this signal is automatically disabled and the Steam Line Pressure - Low signal is automatically enabled. In H00ES 4, 5 and 6 this Function is not needed for accident detection and mitigation. While the transmitters may experience elevated ambient temperatures due to a steam line break, the Trip Function is on rate of change, not the absolute accuracy of the indicated steam Therefore, the Trip Setpoint reflects

pressure, only steady state instrument uncertainties.

4.d. Teoid - Low This Function provides closure of the MSIVs during a SLB or inadvertent opening of a SG relief or a safety valve to maintain at least one unfaulted SG as a heat sink for the reactor and to limit the mass and energy release to containment. (continued) b AP600 B.'. 3 71 08/97 Amendment 0 imuu..uumam,v.eum l ESFAS Instrumentation B 3.3.2 f-BASES APPLICABLE 4.d. Teoid - Low (continued) SAFETY ANALYSES, LCOs, and This Function was discussed a. Safeguards Actuation APPLICABILITY Function 1.e. The LC0 requires four channels of Teoid - Low to be OPERABLE in H0 DES 1 and 2, and in H00E 3 above P 11, with any main steam isolation ydive open, when a secondary side break or stuck open valve could result in the rapid cooldown of the primary side. Four channels are provided in each loop to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In H00E 3 below P 11 and ir. MODES 4, 5, and 6, this Function is not needed for accident detection and mitigation because the cold leg temperature is reduced below the actuation setpoint. 5. Turbine Trip The primary Function of the Turbine Trio is to prevent damage to the turbine due to water in tie steam lines. This Function is necessary in H00ES 1 and 2, and 3 above P 11 to mitigate the effects of a large SLB or a large Feedline Break (FLB). Failure to trip the turbine following a SLB or FLB can lead to additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment, In H00ES 4, 5, and 6, the energy in the RCS and the steam generators is low and this function is not required to be OPERABLE. This Function is actuated by Steam Generator Water Level - High 2, by a Safeguards Actuation signal, or manually. The Reactor Trip Signal also initiates a turbine trip signal whenever a reactor trip (P 4) is generated. 5 a. Manual Main Feedwater Isolation Manual Main Feedwater Isolation can be accomplished from the main control room. There are two switches in the main control room and either switch can initiate action to close all main feedwater control, i.olation and crossover valves, trip all main feedwater pumps, and trip the turbine. (continued) h AP600.oicione.o. m B 3.3 72 08/97 Amendment 0 mu.m.uu ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 5.b. Steam Generator Narrow Range Water level - High 2 SAFETY ANALYSES. LCOs, and This signal provides protection against excessive APPLICABILITY feedwater flow by closing the main feedwater (continued) control, isolation and crossover valves, tripping of the main feedwater pumps, and tripping the turbine. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. The transmitters (dh cells) are located inside containment. However, tne events which this Function protect against cannot cause severe environment in containment. Therefore, the Setpoint reflects only steady state instrument uncertainties. 5.c. Safeguards Actuation Turbine Trip is also initiated by all Functions that initiate the Safeguards Actuation signal. The isolation requirements for these Functions are the same as the requirements for their Safeguards Actuation Function. Therefore, the recuirements are not repeated in Table 3.3.2 1. Insteaci Function 1 is referenced for all initiating Functions and requirements. The Safeguards Actuation signal closes all main feedwater control, isolation and crossover valves, trips all main feedwater pumps, and trips the turbine. 5.d. Reactor Trip Turbine Trip is also initiated by all functions that initiate Reactor Trip. The isolation requirements for these Functions are the same as the requirements for their Reactor Trip Function. Therefore, the requirements are not repeated in Table 3.3.2 1. is Instead Function 18.a. P 4 (Reactor Trip),d referenced for all initiating Functions an requirements. (continued) B 3.3 73 08/97 Anendment 0 b AP600.omo:,or o.mr, notuu..uu ESFAS fnstrumentation-B 3.3.2 1 l BASES I APPLICABLE 61 Main Feedwater Control Valve Isolation SAFETY ANALYSES, The primary Function of. Main Feedwater Control Valve LCOs, and Isolation is to prevent damage to the turbine due to APPLICABILITY i water in the steam lines and to stop the excessive flow .(continued) of feedwater into the SGs. This Function is actuated by i Steam Generator Narrow Range Water Level - High 2, by a Safeguards Actuation signal, or manually. The Reactor - Trip Signal also initiates closure of the main feenater control valves coincident with a low RCS average-temperature (Tavg) signal whenever a reactor. trip (P 4) ~ is generated. 3 Closing the Main Feedwater Control Valves on Manual Main Feedwater Isolation, SG Narrow Range Water Level High 2. or Safeguards Actuation is necessary in MODES 1 and-2, and in MODE 3 above P 11 to mitigate the effects:of a large SLB or a large FLB. This Function is also required to be OPERABLE in MODES 1 and 2 on Tave Low 1 coincide Failure to close the main with Reactor Trip (P 4). feedwater control valves following a SLB or FLB can lead to. additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment. Manual main feedwater isolation is required to be. OPERABLE.in MODE 4 when the main feedwater control This Function is not applicable in-MODE 4 for i are open. valve isolation if the main feedwater line is-isolated. Automatic actuation on a Steam Generator Narrow Range Water Level - Hign 2 is required to be OPERABLE in MODE 4 i when the RCS is not being cooled by the_RNS.- In MODES 5 -and 6 the energy in the RCS and the-steam generators is low:and this function is not required to be OPERABLE, 6.a. Manual Main Feedwater Isolation-i Manual Main Feedwater Isolation can be accomplished from the main control room. There are two switches in the main control room and either switch can initiate action in~both divisions to close all main-feedwater control, isolation and crossover valves, trip all n,ain feedwater pumps, and trip the turbine. 4 ? (continued) L 08/97 Amendment 0 AP600-- B 3.3 74 1801\\tt elee<\\16010302 307 082297' l I a-, - ; - _- ~~ ~~ ~ l ESFAS Instrumentation B 3.3.2 BASES-6.b. Steam Generator Narrow Range Water Level - High 2 APPLICABLE SAFETY ANALYSES, This signal provides protection against excessive LCOs. and feedwater flow by closing the main feedwater APPLICABILITY control, isolation and crossover valves, tripping of (continued) the Main Feedwater Pumps, and tripping the turbine. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip The transmitters (dh cells) are located Function. inside containment. However, tne events which this Function protect against cannot cause severe environment in containment. Therefore, the Setpoint reflects only steady state instrument uncertainties. 6.c. Safeguards Actuation This Function it also initiated by all FunctionsThe that initiate the Safeguards Actuation signal. isolation requirements for these Functions are the same as the requirements for their Safeguards Actuation Function. Therefore, the recuirements are Insteac Function 1 not repeated in Table 3.3.2 1. is referenced for all initiating Functions and The Safeg'iards Actuation signal requirements. closes all main feedwater control, isolation and crossover valves, trips all main feedwater pumps, and trips the turbine. 6 d. Tava low 1 Coincident with Reactor Trip (P 4) This signal provides protection against excessive feedwater flow by closing the main feedwater control This signal results from a coincidence of valves. two of the four divisions of reactor loop average temperature below the low 1 setpoint coincident with the P 4 permissive. Four channels are provided to permit one channel to be in trio or bypassindefinit This failure will disable this trip Function. Function may be manually blocked when the pressurizer pressure is below the P 11 setpoint. The block is automatically removed when the pressurizer pressure is above the P 11 setpoint. (continued) 08/97 Amendment 0 h AP600 B 3.3 75 tMi\\tecMeec\\ t6010102. r07 081997 ~ C_ ESFAS Instrumentation B 3.3.2 BASES Main Feedwater Pump Trip and Valve Isolation APPLICABLE 7. SAFETY ANALYSES, The primary function of the Main Feedwater Pump Trip and LCOs, and ! solation is to prevent damage to the turbine due to APPLICABILITY water in the steam lines and to stop the excessive flow (continued) of feedwater into the SGs. Valve isolation includes closing the main feedwater isolation and crossover Isolation of main feedwater is necessary to valves. prevent an increase in heat removal from the reactor coolant system in the event of a feedwater system Addition of excessive feedwater causes an malfunction. increase in core power by decreasing reactor coolant This Function is actuated by Steam temperature. Generator Water Level - High 2, by a safeguards Actuation The Reactor Trip Signal also signal, or manually. initiates a turbine trip signal whenever a reactor trip (P 4) is generated. ~ This Function is necessary in MODES 1. 2, 3. and 4 to mitigate the effects of a large SLB or a large FLB except Tavg Low 2 coincident with Reactor Trip (P 4) which is Failure to required to be OPERABLE in MODES 1 and 2. trip the turbine or isolate the main feedwater syst energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energyMan release in containment. is required to be OPERABLE in MODE 4 when the main This Function is feedwater isolation valves are open. not applicable in MODE 4 for valve isolation if the main feedwater line is isolated. Automatic actuation on a Steam Generator Narrow Range Water Level - High 2 is required to be OPERABLE in MODE 4 when the RCS is n being cooled by the RNS. the RCS.ind the steam generators is low and this function is not required to be OPERABLE. 7.a. Manual Main Feedwater Isolation Manual initiation of Main Feedwater Isolation can be There are accomplished from the main control room. two switches in the main control room and either switch can initiate action in both divisions to close all main feedwater control. isolation and crossover valves, trip all main feedwater pumps, and trip the turbine. (continued) 08/97 Amendment 0 b AP600 B 3.3 76 t *0htetMaeet\\14410102. r07 043297 ESFAS Instrumentation B 3.3.2 BASES f 7.b. Steam Generator Narrow Range Water Level - High 2 l APPLICABLE SAFETY ANALYSES, This signal provides protection against excessive feedwater flow by closing the main feedwater LCOs, and control, isolation and crossover valves, tripping of APPLICABILITY (continued) the main feedwater pumps, and tripping the turbine. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no sir.gle random failure will disable this tripTh Function. However, tie events which this inside containment. function protect against cannot cause severeTherefore, the environment in containment. reflects only steady state instrument uncertainties. 7.c. Safeguards Actuation This function is also initiated by all FunctionsThe that initiate the Safeguards Actuation signal. isolation requirements for these Functions are the same as the reouirements for their Safeguards Therefore, the recuirements are Actuation Function. Insteaci Function 1 not repeated in Table 3.3.2 1. is referenced for all initiating Functions and The Safeguards Actuation signal requirements, closes all main feedwater control, isolation and crossover valves, trips all main feedwater pumps, and trips the turbine. 7.d. Tuo low 2 Coincident with Reactor Trip (P 4) This signal provides protection against excessive feedwater flow by closing the main feedwater isolation and crossover leg valves, and tripping of This signal results from the main feedwater pumps. a coincidence of two out of four divisions of reactor loop average temperature below the Low 2 Four setpoint coincident with the P 4 permissiv trip or bypass indefinitely and still ensure that no single random failure will disable this tripTh Function. when the pressurizer pressure is below the P 11 The block is automatically removed when setpoint. the pressurizer pressure is above the P 11 setpoint. (continued) 08/97 Amendment 0 B 3.3 77 h.AP600.mm m.m, im u m..gi . = - - - - - _. ESFAS Instrumentation 8 3.3.2 BASES APPLICABLE B. Startup Feedwater Isolation SAFETY ANALYSES, The primary Function of the Startup Feed'ater Isolation is to stop the excessive flow of feedwaterT LCOs, and APPLICABILITY into the SGs. (continued) 3, end 4 to mitigate the effects of a large SLB or a Failure to isolate the startup feedwater large FLB. system following a SLB or FLB can lead to additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment. Startup feedwater isolation must be OPERABLE in MODES 1, 2, 3, and 4 when there is significant mass and energy in This Function is not the RCS and the steam generators. applicable in MODE 4 when the startup feedwater f paths are isolated. RCS and the steam generators is low and this Function is not required to be OPERABLE. B.a. Steam Generator (SG) Narrow Range Water Level - High 2 If steam generator narrow rango level reaches the High 2 setpoint in either steam generator, then all startup feedwater control and isolation valves are closed and the startup feedwater Jumps are tripped. Four channels are provided in eac1 steam generator to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. B.b Teoid - Low This Function closes the startup feedwater control and isolation valves and trips the startup feedwater pumas if reactor coolant system cold leg temperature setpoint in any loop. Startup is xlow the T feedwaterisol%Nononthisconditionmaybe manually blocked when the pressurizer pressure is below the P 11 setpoint. This function is automatically unblocked when the pressurizerFour channel pressure is above the P 11 setpoint.are pr be in trip or bypass indefinitely and still ensure no single random failure will disable this trip cunction. (continued) 83348 o8/97 ^**nd**nt o 1,^fSL.,,,....,,,. ESFAS Instrunentation B 3.3 2 BASES APPLICABLE 9. ADS stages 1, 2, & 3 Actuation SAFETY ANALYSES, The Automatic Depressurization System (ADS) provides a LCOs. and sequenced depressurization of the reactor coolant system APPLICABILITY to allow passive injection from the CHis, accumulators, (continued) and the in containment refueling water stora9e tank i (IRWST) to mitigate the effects of a LOCA The depressurization is accomplished in four stages, with the first three stages discharging into the IRWST and the Each of the last stage discharging into containment. first three stages consists of two parallel paths with each path containing an isolation valve and a depressurization valve. The first stage isolation valves open on any actuation of the first stage of the ADS, The first stage depressurization valves are opened following a preset time delay after the actuation of the isolation valves. The second stage isolation valves are opened following a preset time delay after actuation of the first stage The second stage depressurization valves open. depressurization valves are opened following a preset time delay after the second stage isolation valves are Similar to the second actuated, similar to stage one. stage, the third stage isolation valves are opened following a preset time delay after the actuation of the second stage depressurization valves. The third stage depressurization valves are opened following a preset time delay after the third stage isolation valves are actuated. 9,a Manual Initiation The first stage depressurization valves open on manual actuation. Any actuation of stage 1 ADS also actuates PRHR and trips all reactor coolant pumps. The operator can initiate stage 1 of the ADS from the main control room by simultaneously actuating two ADS actuation devices in the same set. There are two sets of two switches each in the main control room. Simultaneously actuating the two devices in either set will actuate ADS. This Function must be OPERABLE in MODES 1. 2. 3. and 4. This function must also be OPERABLE in MODES S an when the ADS valves are not open. and in MODE 6 with cavity less than full. place and the refuelin the upper internals in (continued) B 3.3 79 08/97 Amendment 0 u.b.Nmum.m.mm ESFAS Instrumen%ation B 3.3.2 BASES APPLICABLE 9.b. CMT Level - Low 1 Coincident with CMT Actuation SAFETY ANALYSES, LCOs. and This Function ensures continued passive injection or APPLICABILITY borated water to the RCS following a small break (continued) LOCA. Stage 1 ADS is actuated when the CMT Level reaches its Low 1 Setmint coincident with any CMT Actuation signal whic1 is addressed by Function 2. Four channels are provided in each CMT to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. The ADS Function requirements are the same as the requirements discussed in Function 2 (CMT Actuation). Therefore, the requirements are not repeated in Table 3.3.2 1. Instead Function 2 is referenced for all initiating functions and reauirements. This Function must be OPERABLE in H0 DES 1, 2, 3, and 4, and in MODE 5.

10. ADS Stage 4 Actuation The ADS provides a sequenced depressurizatlon of the reactor coolant system to allow passive injection from the C'(Ts, accumulators, and the IRWST to mitigate the effects of a LOCA.

The depressurization is accomplished in four stages, with the first three stages discharging into the IRWST and the fourth stage discharging into containment. The fourth stage of the ADS consists of four parallel paths. Each of these paths consists of a normally open isolation valve and a depressurization valve. The four paths are divic'ed into two groups with two paths in each Within each group, one path is designated to be group. substage A and the second path is designated to be substage B. The substage A depressurization valves are opened following a preset time delay after the substage A isolation valve confirmatory open signal. The sequence is continued with substage 3. A confirmatory open signal is provided to the substage B isolation valves following a preset time delay after the substage A depressurization valve has been opened. The signal to open the substage B (continued) B 80 08 M Amen h nt 0 u.Y.h.Oneiam,or ren, ESFAS Instrumentation B 3.3.2 BASES APPLICABLE

10. ADS Stage 4 Actuation (continued)

SAFETY ANALYSES, depressurization valve is provided following a preset LCOs. and APPLICABILITY time delay after the substage B isolation valves confirmatory open signal. 10.a. Manual Initiation Coincident with RCS Wide Range Pressure - Low or Function ? 1he fourth stage depressurization valves open on manual actuation. The operator can initiateThere Stage 4 of ADS from the main control roon. are two sets of two switches each in the main control room. Actuating the two switches in either set will actuate all 4th stage ADS valves. This manual actuation is interlocked to actuate with either the low RCS pressure signal used for Function 10.b or with the ADS Stages 1, 2, & 3 actuation (Function 9). These interlocks minimize the potential for inadvertent actuation of this Function. This interlock with Function 9 allows manual actuation of this Function if automatic or manual ADS Stages 1, 2, & 3 fail to deoressurize the RCS due to cosamon mode failure. Tais consideration is important in PRA modeling to improve the reliabil'ty of reducing the RCS pressure following a small LOCA or transient event. This Function must be OPERABLE in MODES 1, 2, 3. and 4. This Function must also be OPERABLE in HUDES 5 and 6 when the ADS valves are not open, and in H00E 6 with the upper internals in place and the refueling cavity less than full. 10.b. CMT Level - Low 2 Coincident with Delayed Function 9 and RC5 Wide Range Pressure - Low The fourth stage depressurization valves open on CMT Level - Low 2 in two out of four channels in either CMT. Actuation of the fourth stage. depressurization valves is interlocked with the third stage depressurization signal such that the fourth stage is not actuated unless the third stage has been previously actuated following a preset time delay. Actuation of the fourth stage ADS valves are further interlocked with a low RCS (continued) b AP600 B 't.3 81 08/97 Amendment 0 l PC1\\tetastet\\16010101, eof 001197

_-__-___l____________________

ESFAS Ins %rumentation B 3.3.2 BASES 10.b. CMT Level - Low 2 Coincident with Delayed APPLICABLE Function 9 and RC5 Wide Range Pressure - Low SAFETY ANALYSES, LCOs. and Icontinued)

APPLICABILITY pressure signal such that the fourth stage ADS is not actuated unless the RCS pressure is below aFour predetermined setpoint.

are provided to permit one channel to be in trip or bypass indefinitely and still ensure,a single random failure will disable this trio Function.

This Function must be OPERABLE in HO)ES 1, 2, 3, and 4.

This Function must also be OPERABLE in MODE 5 when the ADS valves are not open and with level in the pressurizer visible.

11. Reactor Coolant Pump Trip Reactor Coolant Pump (RCP) Trip allows the passive injection of borated water into the RCS, Injection

.orovides RCS makeup water and boration during transients or accidents when the normal makeup supply from the CVS Two tanks provide oassive is lost or insufficient.

injection of borated water by gravity when tie reactorC coolant pumas are tripped.

effects of ligh energy line breaks by adding primary side water to ensure maintenance or recovery of reactor vessel water level following a LOCA and by borating to ensure recovery or maintenance of SHUTDOWN MARGIN following a steam line break, RCP trip on high bearing water RCP trip is temperature

>rotects the RCP coast down. actuated by iigh RCP bearing water temperature ADS Stages 1. 2. and 3 Actuation (Function 9), and CMT actuation.

11.a. ADS Actuation The RCPs are trip >ed any time stage 1 ADS is The RC) trip Function requirements actuated.

for the stage 1 ADS are the same as the requirements for their ADS Function.

Therefore. the requirements are not repeated Instead Function 9 is referenced in Table 3.3.2 1.

for all initiating functions and requirements.

continued) 08/97 Amendment 0 HAP 600' B 3.3 82 m m. m..ni m ono n ot.c w.

~

. ~,,,.

_ _. _ _s ESFAS instrumentation B 3.3.2 BASES APPLICABLE 11.b. Reactor Coolant Pump Bearing Water Temwature -

SAFETY ANALYSES.

H,12 LCOs. and Each affected RCP will be tripped if two out of-APPLICABILITY four sensors on the RCP indicate high bearing water (continued) temperature. This Function is required to be OPE MBLE in H0 DES 1 and 2.

Four channels are

)rovided to permit one channel to be in trip or sypass indefinitely and still ensure no single random failure will disable this trip Function, i

11.c. CMT Actuation RCP trip is also initiated by all the Functions that initiate CMT actuation. The RCP trip Furetion requirements are the same as the requirements for the CMT actuation Functions. Therefore. the requirements are not repeated in. Table 3.3.2 1, and Function 2 is referenced for all initiating Functions and requirements.

11.d. Pressurizer Water level Low 2 The RCPs are tripped when the pressurizer water level reaches its low 2 setpoint.

This signal results from the coincidence of pressurizer water ievel below the Low 2 setpoint in any two of.four divisions. This Function is required to be OPERABLE in MODES 1, 2. 3. and 4.

This function is also required to be OPERABLE in MODE S above the P 12 interlock wnen the RCS is not being cooled by the RNS. This Function can be manually blocked when the pressurizer water level is below the P 12 setpoint.

This Function is automatically unblocked when the pressurizer water level is above the P 12 setpoint.

11.e. Safeguards Actuation This Function is also initiated by all Functions that initiated the Safeguards Actuation signal.

The requirements for the reactor trip Functions are the same as the requirements for the Safeguards Actuation Function. Therefore, the requirements are not repeated in Table 3.3.2.1.

Instead.

Function 1 is referenced for all initiating Functions and requirements.

(continued)

AP600 8 3.3 83 08/97 Amendment 0 t*01\\te<*teet\\16410 lot.r07 081197

ESFAS Instrumentation T

B 3.3.2 BASES

12. Passive Containment Cooling Actuation APPLICABLE SAFETY ANALYSES, The Passive Containment Cooling System (PCS) transfers LCOs, and heat from the reactor containment to the environment.

This Function is necessary to prevent the containment APPLICABILITY (continued) design pressure and temperature from being exceeded Heat following any postulated DBA (such as LOCA or SLt3).

removal is initiated automatically in response to a Containment Pressure - High 2 signal or manually.

A Passive Containment Cooling Actuation signal initiates water flow by gravity by opening one of two fail open The water flows onto the containment dome, valves.

The path for natural wetting the outer surface.

circulation of air along the outside walls of the containment structure is always open.

The LC0 requires this function to be OPERABLE in HODES 1,

2. 3. and 4 when the potential exists for a DBA that could require the operation of the Passive Containment In MODES 5 and 6. with the reactor shut Cooling System.

down less than 100 hours0.00116 days 0.0278 hours 1.653439e-4 weeks 3.805e-5 months , manual initiation of the PCS provides containment heat removal.

12.a. Manual Initiation The operator can initiate Containment Cooling at any time from the main control room by actuating two containment cooling actuation switches in the same actuation set.

There are two sets of two switches each in the main control room.

Simultaneously actuating the two switches in either set will actuate containment cooling in all Manual Initiation of containment divisions.

cooling also actuates containment isolation.

12.b. Containment Pressure - High 2 This signal provides protection against a LOCA or Four channels are provided SLB inside containment.

to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function.

(continued) h AP600 B 3.3'84 08/97 Amendment 0 imuun,mmmn,or.enn, a-n

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 12.b. Containment Pressure - High 2 (continued)

SAFETY ANALYSES.

The transmitters and electronics are located inside LCOs, and containment, thus, they will experience harsh APPLICABILITY environmental conditions and the trip setpoint reflects only steady state instrument uncertainties associated with the containment environment.

13. PRHR Heat Exchanger Actuation The PRHR Heat Exchanger (HX) provides emergency core decay heat removal when the Startup Feedwater System is not available to provide a heat sink.

PRHR is actuated when the discharge valves are opened in response to Steam Generator Narrow Range (NR) Level - Low coincident with Startup Feedwater Flow - Low, Steam Generator Wide Range (WR) Level - Low, ADS Stages 1, 2. and 3 Actuation, CNT Actuation, Pressurizer Water Level High 3. or Harual i

Initiation.

13.a. Manual Initiation Manual PRHR actuation is accomplished by either of two switches in the main control room. Either switch actuates all four ESFAC Divisions.

This Function is required to be OPERABLE in H00ES 1, 2, 3, and 4. and H00E 5 with the RCS This ensures that PRHR pressure boundary intact.

can be actuated in the ovent of a loss of the normal heat removal systems.

13.b. Steam Generator Narrow Range Level - Low Coincident with 5tartup Feedwater Flow - Low PRHR is actuated when the Steam Generator Narrow Range Level reaches its low setpoint coincident with an indication of low Startup Feedwater Flow.

The LCO requires four channels per steam generator to be OPERABLE to satisfy the requirements with a two out of four logic.

Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function.

The Setpoint reflects both steady state and adverse (continued) b AP600 B 3.3 85 08/97 Amendment 0 m.m..nnoicio,o,.osuir

ESFAS Instrumentation B 3.3.2 L

BASES 13.b. Steam Generator Narrow Range Level - Low APPLICABLE coincident with 5tartup Feedwater Flow - Low SAFETY ANALYSES.

LCOs. and (continued)

APPLICABILITY environmental instrument uncertainties as the

{

(continued) detectors provide protection for an event that results in a harsh environnent.

Startup Feedwater Flow - Low uses a one out of two logic on each of the two startup feedwater lines.

I This Function is required to be OPERABLE in H0 DES 1, 2, and 3 and in H00E 4 when the RCS is not being cooled by the Normal Residual Heat Removal This ensures that PRHR can be System (RNS).

actuated in the event of a loss of the normal heat In MODE 4 when the RCS is being removal systems.

cooled by the RNS, and in H0 DES S and 6. the SGs are not required to provide the normal RCS heat sink.

Therefore, startup feedwater flow is not required, and PRHR actuation on low startup feedwater flow is not required.

13.c. Steam Generator Wide Range Level - Low PRHR is also actuated when the SG Wide Range Level There are four wide reaches its Low Setpoint.

range level channels for each steam generator and a two out of four logic is used.

Four channels are arovided to permit one channel to be in trip or

)ypass indefinitely and still ensure no single random failure will disable this trip Function.

This Function is required to be OPERABLE in H0 DES 1, 2. and 3 and in H00E 4 when the RCS fs not This ensures that PRHR being cooled by the RNS.

i can be actuated in the event of a loss of the normal heat removal systems.

In H00E 4 when the RCS is being cooled by the RNS, and in H00ES S and

6. the SGs are not required to provide the normal Therefore, SG Wide Range Level is RCS heat sink, not required, and PRHR actuation on low wide range SG 1evel is not required.

(continued) h AP600 8 3.3 86 08/97 Amendment 0 mm.m,.mmam nr.mm

ESFAS Instrumentation B 3.3.2 i

BASES 13.d. ADS Stage 1 Actuation APPLICABLE

-PRHR is also actuated any time stage 1 ADS is SAFETY ANALYSES.

actuated. Tho PRHR actuation function LCOs, and APPLICABILITY requirements for the stage 1 ADS are the same as (continued) the requirem6nts for the ADS Functions.

13.e. CMT Actuation PRHR is also actuated by all the Functions that actuate CMT injection.

Therefore, the requirements are not repeated in Table 3.3.2 1.

Instead, Function 2 (CMT Actuation) is referenced for all This initiating functions and requirements.

Function is required to be OPERABLE in MODES 1, 2.

3, and 4, and in MODE 5 with the RCS 3ressure This ensures that PRHR can be boundary intact.

actuated in the event of a CMT actuation.

13.f. Pressurizer Water Level High 3 PRHR is actuated when the pressurizer water level reaches its High 3 setpoint. This signal provides protection against a pressurizer overfill following an inadvertent core makeup tank actuation with This-Function consequential loss of offsite power.

is automatically unblocked when RCS pressure isT above the P 19 set >oint.

to be OPERABLE in 100ES 1, 2, and 3, and in H00E 4 when the RCS is not being cooled by the RNS and This above the P 19 (RCS pressure) interlock.

function is not required to be OPERABLE in MODES 5 and 6 because it is not required to mitigate OCA in these MODES,

14. Steam Generator Blowdown Isolation The primary function of the steam generat heat

) resent in the steam generators to remove the excess wing generated until the decay heat has decreased to within the PRHR HX capability.

This Function clnses the isolation valves of the Ste Generator Blowdown System in both steam generators when signal is generated froa. the PRHR HX Actuation or Steam (continued)-

08/97 Amendment 0 h AP600 8 3.3 87 mm.m..naciom.,o.eenu.

.a

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE

14. Steam Generator Blowdown Isolation (continued)

SAFETY ANALYSES.

Generator Narrow Range Water Level - Low. This function LCOs. and is required to be OPERABLE in MODES 1. 2. and 3. and in APPLICABILITY MODE 4 when the RCS is not being cooled by the RNS.

This Function is not required to be OPERABLE in MODE 4 if the steam generator blowdown line is isolated.

14.a. PRHR Heat Exchanger Actuation Steam Generator Blowdown Isolation is also initiated by all Functions that initiate PRHR actuation. The Steam Generator Blowdown Isolation requirements for these Functions are the same as the requirements for the PRHR Actuation.

Therefore, the requirements are not rewated in Table 3.3.21.

Instead. Function 13.

)RHR HX Actuation, is referenced for all. initiating Functions and requirements.

14.b. Steam Generator Narrow Range Level - Low The Steam Generator Blowdown isolation is actuated when the Steam Generator Narrow Range Level reaches its low Setpoint.

The LCO requires four channels per steam generator to be OPERABLE to satisfy the requirements with a This function is required two out of four logic.

to be OPERABLE in MODES 1, 2, and 3. and in MODE 4 Four when the RCS is not being cooled by the RNS.

channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Setpoint reflects both steady state and Function.

adverse environmental instrument uncertainties as the detectors provide protection for an event that results in a harsh environment.

15. Boron Dilution Block The block of boron dilution is accomplished by closing the CVS suction valves to demineralized water storage tanks, and aligning the boric acid tank to the CVS makeup This Function is actuated by Source Range Neutron pumps.

Flux Multiplication. Reactor Trip, and Battery Charger Input Voltage - Low.

(continued) b AP600 8 3.3 88 08/97 Amendment 0 1891\\tetattet\\16010302 r07 082297.

~ - -.....

ESFAS instrumenta%1on B 3.3.2 BASES 15.a. Source Range Neutron Flux Multiplication APPLICABLE SAFETY ANALYSES.

A signal to block boron dilution in MODE 2 below LCOs. and the P.6 interlock and MODES 3. 4. or 5 is derived APPLICABILITY from source range neutron flow increasing at an (continued) excessive rate (source range flow multiplication).

This Function is not applicable in MODES 4 and 5 if the demineralized water makeup flowpath is isolated. The source range neutron detectors are used for this Function.

The LCO requires three divisions to be OPERABLE.

There are four divisions and two out of four logic is used. On a coincidence of excessively increasing source range neutron flow in two of the four divisions, demineralized water makeup is isolated to preclude In MODE 6. this function a baron dilution event.

is not required because administrative controls are in place to block the RCS boron dilution paths.

15.b. Reactor Trip Demineralized Water Makeup is also isolated by all The the Functions that initiate a Reactor Trip.

isolation requirements for these Functions are the same al the requirements for the Reactor Trip Therefore, the requirements are not Function.

Instead Function 18.a.

repeated in Table 3.3.2 1.(P 4 Reactor Trip B initiating Functions and requirements.

15.c. Battery Charger Input Voltage - Low Block of boron dilution is also actuated from the A short, preset time delay is loss of ac power.

provide to prevent actuation upon momentary power fluctuations: however, actuation occurs before ac power is restored by the onsite diesel generators.

The loss of all ac power is detected by undervoltage sensors that are connected to the input of each of the four Class 1E batteryThe chargers.

the detection of an undervoltage conditions by each of the tw sensors connected to two of the four This Function is required to be battery chargers.

This function OPERABLE in MODES 1, 2. 3. 4. and 5.

is not applicable in MODES 4 and 5 if the (continued) 08/97 Amendment 0 8 3.3 89 h AP600

- 04\\teet m \\t6010102.r07 041297

ESFAS Instrumentat9on B 3.3.2 BASES APPLICABLE 15.c. Battery Charger input Voltage - Low (continued) 4 SAFETY ANALYSES.

associated flowpath is closed.

In H00E 6. this LCO's, and function is not required because administrative APPLICABILITY controls are in place to block the RCS boron dilution paths.

16. Chemical Volume andf,ontrol System Makeup Line Isolation The CVS makeup line is isolated following certain events to prevent overfilling of the RCS.

In addition, this line is isolated on High 2 containment radioactivity to provide containment isolation following an accident.

i This line is not isolated on a containment isolation signal, to allow the CVS makeup pumps to perform their However, if very high defense in depth functions.

containment radioactivity exists-(above the High 2 setpoint) this line is isolated.

A signal to isolate the CVS is derived from two out -

of four high steam generator levels on either steam generator, two out of four channels of pressurizer level indicating high or two out of four channels of Four channels containment radioactivity indicating high.

are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function.

16.a. Steam Generator Narrow Range Water Level - High 2 Four channels of steam generator level are provided for each steam generator. Two out of four channels on either steam generator indicating level greater than the setpoint will close the isolation valves for the CVS, This Function prevents adding makeup water to the RCS during a SGTR. This Function is required to be OPERABLE in H00ES 1. 2. 3. and 4 This with the RCS not being cooled by the RNS.

function is not apolicable in H00ES 3 and 4 if the This Function is CVS makeup flowpat1 is isolated.

not required to be OPERABLE in H00ES 5 and 6 because the RCS pressure and tem xrature are reduced and a steam generator tu x rupture event is not credible.

(continued) 08/97 Amendment 0 h AP600 8 3.3 90 imu.m.numme.emm

ESFAS Instrumentation B 3.3.2 BASES

/

16 b. Pressurizer Water Level - High 1 Coincident with APPLICABLE SAFETY ANALYSES.

Safeguards Actuation LCO's, and Four channels of pressurizer level are provided on APPLICABILITY Two.out of four channels on the pressurizer.

indicating level greater than the High 1 setpoint (continued) coincident eith a Safeguards Actuation signal (Function 1) will close the containment isolation This Function prevents the valves for the CVS.

pressurizer level from reaching a level that could lead to water relief through the pressurizer safety valves during some DBAs. This Function is required This fu1ction to be OPERABLE in MODES 1. 2 and 3.

is not required to be OPERABLE in H0 DES 4. S. and 6 because it is not required to mitigate a DBA in This Function is not applicable in these H00ES.

MODES 3 and 4 if the CVS makeup flowpath is isolated.

16.c. Pressurizer Water Level - High 2 A signal to close the CVS isolatior, valves is generated on Pressurizer Water Level - High 2.

This function results from the coincidence of pressurizer level above the High 2 Setpoint in any This Function is two of the four divisions.

automatically blocked when the pressurizer pressure is below the P 11 permissive setpoint to wrmit pressurizer water solid conditions with t1e plant cold and to permit level makeup during plant This Function is automatically cooldowns.

unblocked when pressure is above the P 19 Setpoint.

This Function is required to be OPERABLE in H0 DES 1. 2, and 3 and in H00E 4 when the RCS is not This Function is not being cooled by the RNS.

required to be OPERABLE in H00E 4 if the CVS makeu flowpath is isolated. This function is not required to be OPERABLE in MODES S and 6 becaus is not required to mitigate a DBA in these MODES, 16.d. Containment Radioactivity - High 2 Four channels of Containment Radioactivity - High 2 are required to be OPERABLE in MODES 1. 2 and 3 when the potential exists for a LOCA. to ensure that the radioactivity inside containment is not released to the atmosphere. This Function is not (continued) 08/97 Amendment 0 B 3.3 91 AP600

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 16.d. Containment Radioactivity - High 2 (continued)

SAFETY ANALYSES.

LCOs and required to be OPERABLE in MODE 3 if the APPLICABILITY associated flowpath is isolated.

This signal results from the coincidence of containment radioactivity above the High 2 Setpoint in any two of the four divisions. This Function is not required to be OPERABLE in MODE 4 if the CVS These Functions are makeup flowpath is isolated.

not required to be OPERABLE in H00ES 4. S. and 6 because no DBA that could release radioactivity into the containment is considered credible in these MODES.

17. Normal Residual Heat Removal System Isolation The RNS suction line is isolated by closing the containment isolation valves on High 2 containment radioactivity to provide containment isolation following an accident.

This line is isolated on a containment isolation signal.

However, the valves may be reset to permit the RNS pumps to perform their defense in depth functions post accident.

Should a high containment radiation signal (above the High 2 setpoint) develop following the containment isolation signal, the RNS valves would re close. A high containment radiation signal is indicative of a high RCS source term and the valves would re close to assure offsite doses do not exceed regulatory limits.

17 a.

Containment Radioactivity - High 2 A signal to isolate the normal residual heat removal system is generated from the coincidenc.e of containment radioactivity above the High 2 setpoint in two out of four channels.

Four channels of Containment Radioactivity - High 2 are required to be OPERABLE in H0 DES 1. 2. and 3 when the potential exists for a LOCA, to ensure that the radioactivity inside containment is not released to the atmos >here. This Function is not required to be OPERAB_E in MODE 3 if the RNS suction line is isolated. These Functions are not required to be OPERABLE in HODES 4. 5. and 6 because no DBA that could release radioactivity (continued) 8 3.3 92 08/97 Amendment 0 if.0Miamo:,ormm

+

ESFAS Instrumentation B 3.3.2 BASES Containment Radioactivity. High 2 (continued)

APPLICABLE 17.a.

SAFETY ANALYSES.

into the containment is considered credible in LCOs. and these MODES. This Function was previously APPLICABILITY described as Function 16.d.

17.b. Safeguards Actuation This Function is also initiated by all Functions that initiated the Safeguards Actuation signal.

The requirements to isolate the normal residual heat removal system are the same as the requirements for the Safeguards Actuation Therefore. the requirements are not Function.

Instead. Function 1 is repeated in Table 3.3.2.1.

referenced for all initiating Functions and requirements.

18. ESFAS Interlocks To allow some flexibility in unit operations, several These interlocks are included as part of the ESFAS automatically enable otwr signals, prevent some actions The from occurring, and cause other actions to occur.

interlock Functions backup manual actions to ensure bypassable Functions are in operation under the conditions assumed in the safety analyses.

18.a.

Reactor Trip. P 4 There are eight reactor trip breakers with two The P 4 interlock is breakers in each division.

enabled when the breakers in two out of four The Functions of the P 4 divisions are open.

interlock are:

Trip the main turbine Permit the block of automatic Safeguards Actuation after a predetermined time interval following automatic Safeguards Actuation.

Block boron dilution (continued) 08/97 Amendment 0 h AP600 8 3.3 93 m. o... m m o m >. m m.

,-...-,--e.~-

m:..

ESFA3 Instrumentad on B 3.3.2 BASES APPLICABLE 18.a. Reactor Trip. P 4 (continued)

SAFETY ANALYSES,

!solate main feedwater coincident with low LCOs, and reactor coolant temperature (This function is APPLICABILITY not assumed in safety analysis therefore, it is not included in the technical specifications.)

The reactor trip breaker position switches that provide input to the P 4 interlock only Function to energize or de energize or open or close contacts. Therefore, this function has no adjustableTripSetpoint.

This Function must be OPER/BLE in MODES 1, 2, and 3 when the reactor may be critical or approaching This Function does not have to be criticality.

OPERABLE in MODES 4, 5, or 6 to trip the main turbine, because the main turbine is not in operation.

The P 4 Function does not have to be OPERABLE in MODES 4 or 5 to block boron dilution, because Function 15.a. Source Range Neutron Flux In Multiplication, provides the required block.

MODE 6. the P 4 interlock with the Boron Dilution Block Function is not required, since the unborated water source flow path isolation valves are locked closed in accordance with LCO 3.9.2.

18.b.

Pressurizer Pressure. P 11 The P 11 interlock permits a normal unit cooldown and depressurization without Safeguards Actuation With or main steam line and feedwater isolation.

pressurizer pressure channels less than the P 11 setpoint, the operator can manually block the Pressurizer pressure - Low, Steam Line Pressure -

Low, and Tcold - Low Safeguards Actuation signals and the Steam Line Pressure - Low and Teoid - Low steam line isolation signals. When the Steam Line Pressure - Low and manually blocked, a main steam isolation signal on Steam Line Pressure Negative Rate - High is enabled.

This provides protection for an SLB by closure of the main steam isolation valves.

Manual block of feedwater isolation on Tave - Low 1. Low 2, and Teoid - Low is also (continued) b AP600 B 3.3 94 08/97 Amendment 0 l*01\\t uatten16010 302. r0F + 0822t f

. ~.

,,c.

-r e

.. ~..

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 18.a. Reactor Trip. P 4 (continued)

SAFETY ANALYSES, Isolate main feedwater coincident with low LCOs, and reactor coolant temperature (This function is APPLICABILITY not assumed in safety enalysis therefore, it is not included in the technical specifications.)

The reactor trip breaker position switches that i

provide input to the P 4 interlock only Function to energize or de energize or open or close Therefore, this Function has no contacts.

-adjustable Trip Setpoint.

This Function must be OPERABLE in MODES 1, 2, and 3 when the reactor may be critical or approaching This Function does not have to be criticality.

OPERABLE in H0 DES 4, 5, or 6 to trip the main turbine, because the main turbine is not in operation.

The P 4 Function does not have to be OPERA MODES 4 or 5 to block boron dilution, because Function 15.a. Source Range Neutron Flux In Multiplication, provides the required block.

H0DE 6, the P 4 interlock with the Boron Oilution Block Function is not required, since the unborated water source flow path isolation valves 1

are locked closed in accordance with LCO 3 18.b. Pressurizer Pressure._ P 11 The P 11 interlock permits a normal unit cooldown and depressurization without Safeguards Actuation 4

With or main steam line and feedwater isolation.

prenurizer pressure channels less than the P 11 setpoint, the operator can manually block the Pressurizer pressure - Low. Steam Line Pressure -

Low, and Teolo - Low Safeguards Actuation signals and the Steam Line Pressure - Low and Te When the Steam Line steam line isolation signals.

Pressure - Low and manually blocked, a main steam isolation signal on Steam Line Pressure Negative This provides protection Rate - High is enabled.

for an SLB by closure of the main steam isolation Manual block of feedwater isolation on valves.

Tavg - Low 1. Low 2, and Teold - Low is also (continued)_

08/97 Amendment 0 h AP600 B 3.3 94 2P01\\tet*sH O M410102.rtf-04titP.

x

ESFAS Instrumentation B 3.3.2 BASES Pressurizer Pressure. P 11 (continued)

APPLICABLE 18.b.

With pressurizer pressure SAFETY ANALYSES.

permitted below P 11.

channels a P.11 setpoint. the Pressurizer LCOs. and APPLICABILITY Pressure - Low. Steam Line Pressure - Low, and Tcoid - Low Safeguards Actuation signals and the Steam Line Pressure Low and Teoid - Low ste The isolation signals arq automatically enabled.

feedwater isolation signals on Teoid - Low. Teve -

Low I and Low 2 are also automatically enabled The operator can also enable these above P 11.

signals by use of the reswetive manual rese mine Pressure - Low and buttons.Low steam line isolation signals are Teffa$ed, the main steam isolation on Steam Line The Pressure Negative Rate - High is disabled.

Setpoint reflects only steady state instrument uncertainties.

This Function must be OPERABLE in H0 DES 1, 2.

and 3 to allow an orderly cooldown and depressurization of the unit without the Safeguards Actuation or main steam or feedwater This Function does not have to be isolation.

OPERABLE in H00ES 4, 5. or 6. because plant pressure must already be below the P 11 setpoint for the requirements of the heatup and cooldown curves to be met.

Intermediate Range Neutron Flux. P 6 18.c.

The Intermediate Range Neutron Flux P 6 interlock is actuated when the respective NIS intermediate range channel goes approximately one decade abov Above the setpoint, the minimum channel reading.

the P 6 interlock allows a manual block of the flux multiplication actuation, permitting block of Normally, this Cunction is boron dilution.

blocked by the main control room operator during This Function i. required to be reactor startut OPERABLE in HO)E 2.

(continued) 08/97 Amendment 0 h AP600 8 3.3 95 vo w. m,. m sa w a v or.oet w.

ESFAS Instrumentation B 3.3.2 8ASES Pressurizer Level. P.12 APPLICABLE 18.d.

SAFETY ANAL.YSES, The P.12 interlock is provided to permit midloop LCOs, and operation without core makeup tank actuation.

APPLICABILITY reactor coolant pump trip, or purification line (continued)

With pressurizer level channels less isolation.

than the P 12 setpoint. the operator can manually block low pressurizer level signal used for these When the pressurizer level is above actuations.

the P 12 setpoint, the pressurizer level signal is i

automatically enabled and a confirmatory open signal is issued to the isolation valves on the This Function is CMT cold leg balance lines.

required to be OPERABLE in MODES 1, 2, and 3.

18 e.

RCS Pressure, P.19 The P 19 interlock is provided to permit water solid conditions (i.e., when the pressurizer water level is D924)) in lower MODES without automa With RCS isolation of the CVS makeup pumps, pressure below the P.19 setpoint, the operator can manually block CVS isolation on High 2 pressurizer When RCS pressure is above the P.19 water level.

setpoint, tnis Function is automatically This function is required to be un' locked.

OPERABLE IN HODES 1, 2, 3, and 4 with the RCS not u

When the RNS is cooled being cooled by the RNS.

by the RNS, the RNS suction relief valve provides the required overpressure protection (LCO 3.4.15).

19. Containment Air FiltrationJystem Isolation Some DBAs such as a LOCA may release radioactivity into the containment where the potential wo Isolation of the the acceptable site dose limits, Containment Air Filtration System provides protection to prevent radioactivity inside containment from being released to the atmosphere.

19 a. Containment Radioactivity. High 1 Three channels of Containment Radioactivity -

High 1 are required to be OPERABLE in MODES 1 when the potential exists for a LOCA, to protect against radioactivity inside containment ano (continued) 08/97 Amendment 0 h AP600 8 3.3 96 mm...munimuor.nmr.

ESFAS Ins %rumentation B 3.3.2 BASES APPLICABLE 19.a. Containment Radioactivity High 1 (continued)

SAFETY ANALYSES, LCOs. and being released to the atmosphere.

These Functions APPLICABILITY are not requireJ to be OPERABLE in MODES 4. 5.

and 6 because any DBA release of radioactivity into the containment in these MODES would not require containment isolation.

19.b. Containment Isolation Containment Air Filtration System Isolation is also initiated by all Functions that initiate Containment Isolation. The Containment Air Filtration System Isolation requirements for these Functions are the same as the requirements for the Containment Isolation. Therefore, the requirements are not repeated in Table 3.3.2 1.

Instead, Function 3. Containment. Isolation, is t

referenced for initiating Functions and requirements.

20. Main Control Room Isolation and Air Supply Initiation Isolation of the main control room and initiation of the air supply provides a protected environment from which operators can control the plant following an uncontrolled release of radioactivity.

This Function is required to be OPERABLE in H0 DES 1, 2. 3. and 4, and during movement of irradiated fuel because of the potential for a fission product release following a fuel handling accident, or other DBA.

20.a. Control Room Air Supply Radiation - High 2 Two radiation monitors are provided on the main control room air intake.

If either monitor exceeds the High 2 setpoint, control room isolation is actuated.

l 20.b. Battery Charger Input Voltage - Low Low input voltage to the 1E de battery chargers will actuate main control room isolation and air supply initiation.

This was previously described as unction 15.c.

(continued) h AP600 B 3.3 97 0B/97 Amendment 0

etu.m..m.omo w.e.im

ESFAS Instrumentation B 3.3.2 BASES

21. Auxiliary Spray and Purification Line Isolation APPLICABLE SAFETY ANALYSES.

The CVS maintains the RCS fluid purity and activity level LCOs, and within acceptable limits. The CVS purification line APPLICA31LITY receives flow from the discharge of the RCPs. The CVS (continued)

To also provides auxiliary spray to the pressurizer.

3 reserve the reactor coolant pressure in the event of a areak in the CVS loop piping. the purification line and the auxiliary spray line is isolated on a pressurizer This helps maintain reactor water level Low 1 setpoint.

coolant system inventory.

21.a. Pressurizer Water Level - Low 1 A signal to isolate the purification line and the auxiliary spray line is generated upon the coincidence of presturizer level below the Low 1 This setpoint in any two out of four divisions.

Function can be manually blocked when the pressurizer water level is below the P 12 setpoint. This Function is automatically unblocked when the pressurizer water level is abuve the P.12 set >oint. This Function is required to be OPERABLE in H0 DES 1 and 2 to help In MODES 3, 4. S. and 6, maintain RCS inventory.

this function is not needed for accident detection and mitigation.

22. IRWST Inlection Line Valve Actuation The PXS provides core cooling by gravity injection and recirculation for decay heat removal following an Each The IRWST has two injection flow paths.

accident.

path includes an injection flow path and a containm recirculation flow path.

normally open motor operated isolation valve and two parallel lines, each isolated by one check valve and one Manual initiation or automatic

-squib valve in series. actuation on an ADS 4th stage a coincident RCS Loop 1 and 2 Hot leg Level Low will generate a signal to open the IRWST injection line and actuateIRWSTinjection.

(continued) h AP600 B 3.3 98' 08/97 Amendment 0 Isol\\tecatM c\\t6060102.r01 0412tf

ESFAS Instrumenta% ion B 3.3.2 BASES APPLICABILITY 22.a. Manual Initiation SAFETY ANALYSES.

LCOs. and The operator can open IRWST injection line APPLICABILITY valves at any time from the main control room by (continued) actuating two IRWST injection actuation switches in the same actuation set. There are two sets of two switches each in the main control room.

This Function is required to be OPERABLE in H0 DES 1, 2.

3. 4. and 5.

This Function is also required to be OPERABLE in H0DE 6 with the upper internals in place and the refueling cavity less than full.

22.h. ADS 4th Stage Actuation An open signal will be issued to the IRWST injection isolation valves when an actuation signal is issued to the ADS 4th stage valves. The requirements for this function is the same as the requirements for the ADS 4th stage valves actuation Functions.

Therefore, the requirements are not repeated in Table 3.3.2 1.

Instead.

Function 10 is referenced for all initiating functions and requirements.

22.c. Coincident RCS Loop 1 and 2 Hot Leg Level - Low A signal to automatically open the IRWST injection line valves is also generated when coincident loop 1 and 2 reactor coolant system hot leg level indication decreases below an established setpoint for a duration exceeding an adjuseable time delay.

This Function is required to be OPERABLE in H00E 4 with the RCS teing cooled by the RNS. This Function is also required to be OPERABLE in H00E 5. and in H00E 6 with the upper internals in place and the refueling cavity less than full.

23. IRWST Containment Recirculation Valve Actuation The PXS provides core cooling by gravity injection and recirculation for decay heat removal following an accident.

The PXS has two containment recirculation flow paths.

Each path contains two parallel flow paths one path is isolated by a motor operated valve in series with a squib valve and one path is isolated by a check valve in series with a squib valve.

Manual initiation or automatic actuation on a Safeguards Actuation signal (continued) h AP600 B 3.3 99 08/97 Amendment 0 1801\\ t ech sH c\\16010 302. r0 f 0822t ?

ESFAS Instrumentation I

B 3.3.2 BASES APPLICABILITY

23. IRWST Containment Recirculation Valve Actuation SAFETY ANALYSES.

Icontinued)

LCOs. and coincident with a low 3 level signal in the IRWST will APPLICABILITY open these valves.

23.a. Manual Initiation The operator can open the containment recirculation valves at any time from the main

(?ntrol room by actuating two containment re:irculation actuation switches in the same actuation set. There are two sets of two switches each in the main control room. This Function is recuired to be OPERABLE in MODES 1, 2. 3. 4.

anc,5, and in MODE 6 with the upper internals in place and the refueling cavity less than full.

23.b. Safeguards Actuation Coincident with IRWST Level - Low 3 A low IRWST level coincident with a Safeguards Actuation signal will own the containment recirculation valves.

Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure that no single random failure will disable this trip Function.

This Function is required to be OPERABLE in MODES 1, 2, 3. 4. and 5, and in MODE 6 with the upper internals in place and the refueling cavity less than full.

24. Spent Fuel Pool Isolation The spent fuel pool lines from the refueling cavity /IRWST to the spent fuel system suction header and returning to the refueling cavity /lRWST are isolated on a low setpoint to maintain the water inventory in the spent fuel pool due to line leakage.

24.a. Spent Fuel Pool Level - Low This Function actuates the spent fuel pool valves to isolate the spent fuel pool when the spent fuel pool level is below the Low setpoint in any two of (continued) b AP600 8 3.3 100 08/97 Amendment 0 mm.o mumun...r.ur,,,

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE 24.a. Spent Fuel Pool Level Low (continued)

SAFETY ANALYSES.

three channels. This Function is required to be LCOs. and OPERABLE in H00E 6 to maintain water inventory in APPLICABILITY the spent fuel pool.

25. ESFACs Logic This LCO requires four sets of ESFACs. each set with one battery backed actuation logic groupThese logic OPERABLE to support automatic actuation.

groups are implemented as microprocessor based actuation The ESFACs provide the system level logic subsystems.

interfaces for the divisions.

25.a. Actuation Subsystems If one battery backed actuation subsystem w r ESFAC cabinet for all four divisions is OPERABLE, an additional single failure will not prevent ESF actuations because three divisions will still be available to provide redundant actuation for all If one ESF subsystem is failed in each Functions.

of the four divisions, an additional singleBecause failure will not prevent ESF actuations.

ADS can still operate if one division is unavailable, an additional single failure will not This Function is cause loss of the ADS Function.

required to be OPERABLE in H00ES 1, 2, 3, 4, and

5. and in MODE 6 with the upper internals in place and the refueling cavity less than full.

26. Protection Logic Cabinets This LCO requires that for each of the PLCs, one battery backed logic group be OPERABLE to support both automatic These logic groups are implemented and manual actuation.

The PLCs provide the logic as microprocessor subsystems.

and power interfaces for the actuated components.

26.a. Functional Logic Subsystem If one battery backed logic group is OPERABLE for each PLC in all four divisions, an additional single failure will not prevent ESF actuations because PLCs in the other three divisions are still available to provide redundant actuation for (continued) 08/97 Amendment 0 M AP600 B 3.3 101 IM1\\tumtpus!6010101.r07 08 tit?

^

ESFAS Instrumen%ation B 3.3.2 BASES APPLICABLE 26.a. Functional Logic Subsystem (continued)

SAFETY ANALYSES, The remaining logic cabinets in ESF Functions.

the division with a failed PLC are still OPERABLE LCOs, and APPLICA0!LITY and will provide their ESF Functions.

If one PLC logic group is failed in each PLC in all four divisions, an additional single failure will not Because ADS can operate prevent ESF actuations.

if one division is unavailable, an additional (silure will not cause loss of the ADS function.

This Function is required to be OPERABLE in H0 DES 1, 2. 3, 4, and 5, and in H0DE 6 with the upper internals in place.

The ESFAS instrumentation satisfies Criterion 3 of the NRC Policy Statement.

27, Pressurizer Heater Trip Pressurizer heaters are automatically tripped uponThis receipt of a core makeu1 tank operation signal.

pressurizer heater bloc ( reduces the potential for steam generator overfill and automatic ADS actuation for a Automatically steam generator tube rupture event.

tripping the pressurizer heaters reduces the pressurizer level swell for certain non LOCA events such as loss of normal feedwater, inadvertent CMT operation, and CVS malfunction resulting in an increase in RCS inventory.

For small break LOCA onalysis, tripping the pressurizer heaters supports depressurization of the RCS following actuation of the CMTs.

27a.

Core Makeup Tank Actuation A signal to trip the pressurizer heaters is generated on a core makeup tank actuation signal.

The requirements for this function are the same as the requirements for the Core Makeup Tank Actuation Function.

Therefore, the requirements are not repeated in Table 3.3.2.1.

Instead, Function 2 is referenced for initiating Functions and requirements and SR 3.3.2.9 also applies.

(continued)

B 3.3 102 0B/97 Amendment 0 h AP600 omover.oimt no m. o..._m

--~_

ESFAS Instrumentation B 3.3.2 BASES

28. Chemical and Volume Control System Letdown Isolation APPLICABLE SAFETY ANALYSES, (continued)

LCOs and The CVS provides letdown to the liquid radweste system to To help maintain RCS APPLICABILITY maintain the pressurizer level.

inventory in the event of a LOCA. the CVS letdown line is isolated on a low 1 hot leg level signal in either of the This Function is required to be RCS hot leg looos.

OPERABLE in H0DE 4 with the RCS being cooled by the RNS.

This Function is also required to be OPERABLE in H00E 5.

and in H00E 6 with the upper internals in place and the refueling cavity less than full.

28a.

Hot leg level Low 1 A signal to isolate the CVS letdown valves is generated upon the occurrence of a low 1 hot leg level in either of the two RCS hot leg loops.

This helps to maintain reactor system inventory in These letdown valves are the event of a LOCA.

also closed by all of the initiating Functions and requirements that generate the Containment Isolation Function in Function 3.

A Note has been added in the ACTIONS to clarify theThe Conditions o application of Comoletion Time rules.

ACTIONS specification may x entered independently for each Function The Completion Time (s) of the listed on Table 3.3.2 1. inoperable equipment of a function for each Function starting from the time the Condition was entered for that Function.

A second Note has been added to provide clarification that, more than one Condition is listed for each of the Function If the Required Action and associated in Table 3.3.2 1.

Completion Time of the first Condition listed inTab entered.

In the event a channel's Nominal Trip Setpoint is not met, or the transmitter, or IPC, associated with a spe that channel must be declared inoperable and the LC0 Condition (s) entered for the particular protection Function (s) affected. When the Required Channels are (continued) 08/97 Amendment 0 h AP600 8 3.3 103 imu.m..<ummuv.mm.

ESFAS Instrumentation B 3.3.2 BASES per SG basis, specified only on a per steam line, per loop,for each steam ACTIONS (continued) then the Condition my be entered separately line, loop. SG, etc., as appropriate.

When the number of inopereole channels in a trip function exceed those s)ecified in one or other related Conditions associated wit 1 a trip function, then the plant is outside Therefore. LCO 3.0.3 should be the safety analysis.

immediately entered if applicable in the current MODE of operation.

A.1 Condition A is applicable to all ESFAS protection Functions.

Condition A oddresses the situation where one or more channels / divisions for one or more functions are inoperable at the same time. The Required Action is to refer to Table 3.3.21 and to take t' 3 Required Actions for the The Completion Times are protection Functions affec ed.

those from the referenced Conditions and Required Actions.

y B.1 ei With one or two channels or divisions inoperable, the affected channel (s) or division (s) must be placed in a bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , If one or two are bypassed, the logic becomes two out of three o' one out of two, respcctively, while still meeting single failure criterion (a failure h1 one of the three or one of the two remaining channels or divisions will not prevent the protective However, with two channels or divisions in bypass, Function.

a single fr.ilure in one of the two remaining channels orThe divisions could cause a spurious protective function.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to ) lace the inoperable channel (s) or division (s) in the aypass condition is justified in Re'erence 8.

C.1 With one channel inooerable, the affected channel must be The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months placed in a bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . allowed to p If one the bypass condition is justified in Reference 6.

(continued) b AP600 8 3.3 104 08/97 Amendment 0 1*01\\teospecTIWl0132. r07 082297 x -___-______-_

ESFAS Instrumentation B 3.3.2 BASES ACTIONS C.1 (cc. l.inued) spent fuel pool isolation channel is bypassed, the logic becomes one out of two, respectively, wnile still meeting single failure criterion (a failure in one cf the two remaining channels will not prevent the protective Function.

If one CVS isolation channel is bypassed, the logic becomes one out of one. A single failure in one of the two remaining

)

}

channel could cause a spurious CVS isolation.

Spurious CVS isolation 4 while undesirable, would not cause an upset plant condition, 0.1

]

With one required division inoperable, the affected division must be restored to OPERABLE status within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

Condition D applies to one inoperable requirdd division of P 4 Interlock (Function 18.a). With one required division inoperable, the 2 remaining OPERABLE divisions are capable of providing the required interlock function, but without a

)

single failure. The P 4 Interlock is enabled when RTBs in

?

two divisions are detected as open. The status of the other e

inoperable, non required P 4 division is not significant, since P 4 divisions can not be tripped or bypassed.

In order to provide single failure tolerance, 3 required divisions

^

must be OPERABLE, Condition D also applies to one inoperable division of ESFAC or PLC (Functions 25 and 26). The ESFAC and PLC divisions are inoperable when their associated battery backed subsystem is inowrable. With one inoperable division, the 3 remaining OPERAB E divisions are capable of mitigating all OBAs, but without a single failure.

The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to restore the inoperable division is reasonable based on the ca) ability of the remaining OPERABLE divisions to mitigate all ) bas and the low probability of an event occurring during this interval.

(continued) b AP600 B 3.3 105 08/97 leendment 0 tP01\\techspet\\l6010502 r07 042217,

1

ESFAS 2nstrumentation B 3.3.2 1

BASES ACTIONS E.1

-(continued)

Condition E is applicable to manual initiation ot:

Safeguards Actuation:

CMT Actuation:

Containment Isolation:

Steam Line Isolation:

Main Feedwater Control Valve Isolation:

Main Feedwater Pump Trip and Valve Isolation:

ADS Stages 1, 2, & 3 Actuation:

ADS Stage 4 Actuation:

Passive Containment Cooling Actuation:

PRHR Heat Exchanger Actuation:

IRWST Injection Line Valve Actuation:

IRWST Containment Recirculation Valve Actuation.

This Action addresses the inoperability of the system level manual initiation capability for the ESF Funct'ons listed With one switch or switch set inoperable for one or above.

more Functiors, the system level manual initiation capability is reduced below that required to meet single failure Required Action E.1 requires the switch or ; witch criterion.

set for system level manual initiation to be restored to The specified Completion OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months .

4tch or Time is reasonable considering that the remaining s>:

switch set is capable of performing the safety function.

F.1. F.2.1. and F.2.2 Condition F is applicable to the Main Control Room (MCR) isolation and air supply initiation function which has only With one two channels of the initiating process variable.

channel inoperable. tha logic becomes one out of one and is (continued) b AP600 B 3.3 106 08/97 Amendment 0 m tu.<as stu w w a x,..,,,,,

ESFAS Instrumentation B 3.3.2 BASES ACTIONS F.1. F.2.1. and F.2.2 (continued)

Restoring all unable to meet single failure criterion.

channels to OPERABLE status ensures that a single failure will not prevent the protective Function.

radiation monitor (s) which provide equivalent Alternatively,d control room isolation and air supply information an initiation manual controls may be verified to be OPERABLE.

These provisions for operator action can replace one channel The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months of radiation detection and system actuation.

Completion Time is reasonable considering that there is one remaining channel OPERABLE and the low probability of an-event occurring during this interval.

G.1 With one switch, switch set, channel, or division inoperable, the system level initiation capability is reduced below that Therefore, the required to meet single failure criterion.

required Mitch, switch set, channel, or division must beThe sp returned to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months .

Completion Time is reasonable considering the remaining switch, switch set, channel, or division is capable of performing manual initiation.

H.1 With one channel inoperable, the inoperable channel must be placed in a trip condition within 6 aours.

Condition H is applicable to the PRHR heat exchangers actuation on SG narrow range water level low coincident with With one startup startup feedwater low (Function 13.b).feedwater ch If one channel is placed in a trip condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

The specified tripped, the interlock condition is satisfied.

Completion Time is reasonable considering the time required to complete this action.

Condition H is also applicable to Function 22.c, IRWST If one channel is injection line valve actuation (open).

tripped, the logic becomes one out of one and is unable to meet single failure criterion.

A single failure of the (continued) 08/97 Amendment 0 h AP600 B 3.3 107 om.m.uusomover.oimi

ESFAS instrumentation B 3.3.2 BASES H

(continued)

ACTIONS j

remaining channel could cause spurious IRWST injection. The s)ecified Completion Time is reasonable considering that t1ere is one remaining channel OPERABLE and the low probability of an event occurring during this interval.

I.1 and I.2 Condition I applies to IRWST containment recirculation valve actuation on safeguards actuation coincident with IRWST level Low 3 (Function 23.b). With one IRWST level channel inoperable, the one inoperable channel must be placed in a bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . With two channels ino>erable, one channel must be placed in a bypass condition wit 11n 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and the remaining ino>erable channel must be placed in a trip condition within 61ours.

If one or two channels are ir. operable, the logic becomes two out of three while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective Function.) However, with one channel in bypass and-one channel in trip, a single failure in one of the two remaining channels coincident with safeguards actuation could cause a spurious actuation. The 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months allowed to place the inoperable channel (s) in the bypassed or tripped condition is justified in Reference 6.

J.1 and J.2 Condition J epplies to the P 6, P 11. P 12, and P 19 interlocks. With one or two required channel (s) inoperable, the associated interlock must be verified to be in its required state for the existing plant condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , or any Function channels associated with inoperable interlocks ) laced in a bypassed condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

Verifying t1e interlock state manually accomplishes the interlock role.

If one or two associated. Function channels are bypassed, the logic becomes two out of three or one out of two, respectively, while still meeting single failure criterion (a failure in one of the three or one of the two remaining channels will not prevent the protective Function.) However, (continued) b AP600.omover.o.n,

8 3.3 108 08/97 Amendment 0 uo m ua..uu

ESFAS Enstrumen'.ation B 3.3.2 7

BASES ACTIONS J.1 and J.2 (continued) with two channels in bypass one out of two logic, a single failure in one of the two remaining channels could cause a spurious interlock state change.

K.1 Condition K is applicable to the MCR isolation and air supply initiation function, during movement of irradiated fuel If the Required Action and associated Completion assemblies.

Time of the first Condition listed in Table 3.3.21 is not met, the plant must suspend movement of the irradiated fuel The required action suspends assemblies immediately.

activities with xtentiai for releasing radioactivity that might enter the 4CR. This action does not preclude the movement of fuel to a safe position.

L.1 If the recuired Action and associated Completion Time of the first Concition listed in Table 3.3.21 is not met, the plant must be placed in a M00E in which the LC0 does not aooly.

This accomplished by placing the plant in MODE 3 wit 11n The allowed time is reasonable, based operating 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

experience, to reach the reouired plant conditions from full power conditions in an orderly manner without challenging plant systems.

H.1 and H.2 If the Recuired Action and associated Completion Time of the first concition listed in Table 3.3.21 is not met, the plant must be placed in a MODE in which the LC0 does not apply.

This is accomplished by placing the plant in H00E 3 within The allowed 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 4 within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an crderly mtnner without challenging plant systems.

(continued)_

b AP600 8 3.3 109 08/97 Amendment 0 o

tr01\\tentoec\\16030102.r07 062117

ESFAS Instrumentation-B 3.3.2 m

BASES ACTIONS N.1 and N.2 If the Recuired Action and associated Compl (continued) must be placed in a H00E in which the LCO does not apply.

This is accomplished by placing the plant in H The allowed Completion Times are within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

reasonable, based on operating experience, to reach the recuired plant conditions from full power conditions in an orcerly manner without challenging plant systems.

0.1 and 0.2 If the Recuired Action and associated Com must be placed in a MODE in which the LC The allowed 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 5 within 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months .

Completion Times are reasonable, based on operating experience, to reach the required plant conditions from power conditions in an orderly manner without challenging plant systems.

P.1. P.2.1. and P.2.2 If the Recuired Action and associated Completion Time of th first Concition listed in Table 3.3.21 cannot be met, the plant must be placed ia a condition where the instrume Th's is Function for valve isolation is no longer needed.

accomplished by isolating the affected flow water storage tank to the RCS. the need for automatic 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

isolation is eliminated.

To assure that the flow path remains closed, the flow path shall be isolated by the use of one of the specified means (P.2.1) or the flow path shall be verified to be isolated A means of isolating the affected flow path (s) includes at least one closed and deactivated automatic valv (P.2.2).

blind flange, or check valve with flow closed manuel valv' If one of the P.2.1 through the valve.ecured within 7 days.sweified s1all be verified to be isolated once per 7 days.

(continued) f 08/97 Amendment 0 h AP600 8 3.3 110 mtu.ca. <stusoiouu.emy,

ESFAS InstrumQnt/gion

' 3.3.2 BASES P.I. P.2.1. and P.2.2 (continued)

ACTIONS This action is modified by a Note allowin These administrative controls consist of stationing a dedicated operator at the valve controls, who is in In this way continuous-communication with the control roo path isolation is indicated.

t 0.1. 0.2.1. and 0.2.2 If the Recuired Action and ass.ociated must be placed in a condition where the instrumentation This is Function for valve isolation is no longer needC the use accomplished by isolating the affected flow path b of at least one closed manual or closed and d automatic valve within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

If the flow path is not isolated within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months the plant must be placed in a H00E in which the LC0 does not a This is accomplished by placing the plant in MODE 3 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months and in MODE 4 within 18 hours2.083333e-4 days 0.005 hours 2.97619e-5 weeks 6.849e-6 months .

This action is modified by a Note allow l

These administrative controls consist of stationing a dedicated operator at the valve controls. who is in In this way continuous communication with the contro path isolation is indicated.

R.1. R.2.1.1. R.2.1.2. and R.2.2_

If the Recuired Action and associated Completion T must be placed in a condition in whic This is accomplished consequences of an event are minimized.

by placing the plant in MODE 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and To assure that the affected flow path (s) within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .the verified to be isolated onu per 7 days.

(continued)_

08/97 Amendment 0 8 3.3-111 u.N.00amoz.cor om,7,

ESFAS Instrumentbtion B

3.2 BASES R.1. R.2.1.1. R.2.1.2. and R.2.2 (continued)

ACTIONS If the flow path is not isolated within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months the plant must be placed in a MODE in whicht the LC0 does not apply.

This is accomplished by placing the plant in MODE 4 with the The allowed RCS cooling provided by the RNS within 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months .

l Completion Time is reasonable, based on operating experience..

~

to-reach the required plant conditions from full power conditions in-an orderly manner without challenging plant systems.

This action is modified by a Note allowing the flw path (s) to be unisolated intermittently under administrative control.

These administrative controls consist of stationing a dedicated operator at the valve controls. who is inIn this way-continuous communication with the control room.

the flow path can be rapidly ~ isolated when a need for flow L

4 i

path isolation is indicated.-

S.I. S.2.1.1. S.2.1.2. S.2.1.3. and S.2.2 i

If the Recuired Action and assocW.ed Completion Time of the first Concition listed -in Table 3.3.21 is not met, the plant must be placed in a condition in which the likelihood andThis consequences of an event are minimized.

by placing the plant in H00E 3 within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in MODE 4 i

with the RCS cooling provided by the RNS within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months .

Once the plant has been placed in MODE 4 the affected flow To assure that the path must'be isolated within 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . flow path rem verified to-be isolated once per 7 days.

If the flow path is not isolated within 12-hours, the plant--

must be placed in a MODE in which the LC0 does not apply.

i This is accomplished by placing the plant in MODE 5 within 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months .- The allowed Completion Time is reasonable.-based on operating experience, to reach the required plant-t _

conditions from full power conditions in an orderly manner without challenging plant systems, t

This action is modified by a Note. allowing the flow path (s) to be unisolated intermittently under administrative control.

c

.These administrative controls consist of stationing-a.

dedicated operator at the valve controls, who is-in (continued)

J

)

M AP600 8 3.3 112 08/97 Amendment 0 l*01\\te n tee n 160 0102.r07 042297

-..a

- - - - = - - - - - -

=

ESFAS Instrumentation B 3.3.2 BASES-ACTIONS S.I. S.2.1.1 S.2.1.2. S.2.1.3, and S.2.2 (continued)

In this way continuous communication with the control room.

the flow path can be rapidly isolated when a need for flow path isolation is indicated.

T.1.1. T.1.2.1. T.1.2.2. T.2.1. and T.2.2 If the Recuired Action and associated Completion Time of the first Concition listed in Table 3.3.21 is met, the plant must be placed in a Condition in which the likelihood and consequences of an event are minimized. This is accomplished by isolating the affected flow 3ath within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and isolating the affected flow pat 1(s) by the use of at least one closed and deactivated automatic valve, closed manual valve blind flange or check valve with flow through the valve secured within 7 days or verify the affected flow path is isolated once per 7 days.

If the flow path is not isolated within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months the plant must be placed in a MODE in which the LC0 does not apply.

This is accomplished by placing the plant in MODE 3 within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months and in MODE 5 within 42 hours4.861111e-4 days 0.0117 hours 6.944444e-5 weeks 1.5981e-5 months . The allowed Completion Time is reasonable, based on operating experience.

to reach the required plant conditions from full power conditions in an orderly manner without challenging plant systems.

This action is modified by a Note allowing the flow path (s) to be unisolated intermittently under administrative control.

These administrative controls consist of stationing a dedicated operator at the valve controls, who is in continuous comunication with the control rocm.

In this way the flow path can be rapidly isolated when a need for flow path isolation is indicated.

U.1 If the Required Action and the associated Completion Time of the first Condition given in Table 3.3.2 1 is not met. and the required switch or switch set is not restored to OPERA 8LE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. This is accomplished by initiating (continued)

@ AP600 B 3.3 113 08/97 Amendment 0 tP01\\tacMosc\\1601010247 042291

l ESFAS instrumentation l

B 3.3.2 BASES ACTIONS U.1 (continued) action to place the plant in MODE 5 with the RCS open and a visible level in the pressurizer immediately.

Opening the RCS pressure boundary assures that cooling water can be injected without ADS operation.

Filling the RCS to provide a visible level in the pressurizer minimizes the consequences of a loss of decay heat removal event.

V.1 If the Required Action and the atsociated Completion Time of the first Condition listed in iable 3.3.21 is not met, and the required channel (s) or division (s) is not bypassed within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , the plant must be pla<.2d in a condition in which the likelihood and consequenois of an event are minimized. This is accomplished by initia';ing action to place the plant in MODE 5 with the RCS open and a visible level in the pressurizer within 168 hoars. The 168 hour0.00194 days 0.0467 hours 2.777778e-4 weeks 6.3924e-5 months Completion Time is reasonable based on the ability of the two remaining OPERABLE channels or divisions to provide the protective Function even with a single failure.

W.1, W.2, W.3 and W.4 If the Required Action and the associated Completion Time listed in Table 3.3.2 1 is not met while in MODES 5 and 6.

the plant must be placed in a H00E in which the likelihood and consequences of an event are minimized.

This is accomplished by immediately initiating action to be in MODE 5

-with the RCS open and a visible level in the pressurizer or to be in H00E 6 with the upper internals removed and the reactor cavity level full. The flow cath from the demineralized water storage tank to tne RCS shall also be isolated by the used of at least one closed and de activated i

automatic valve or closed manual valve. These requirements minimize the consequences of the loss of decay heat removal

/

by maximizing RCS inventory and maintaining RCS temperature as low as practical. Additionally, the pctential for a criticality event is minimized by isolation of the demineralized water storage tank and by suspension of positive reactivity additions, s

(continued) h AP600 B 3.3 114 08/97 Amendment 0 tr01\\techsoec\\16010102.r07 082297

ESFAS Znstrumentation B 3.3.2 BASES _

ACTIONS X.1. X.2 and X 3 (continued)

If the Required Action and the associated Completion Time of the first Condition listed in Table 3.3.21 is not met while in H00ES 5 and 6. the plant must be placed in a MODE in which the likelihood and consequences of an event are minimized.

This is accomplished by immediately initiating action to be in H00E 5 with the RCS open and a visible level in the pressurizer or to be in ODE 6 with the upper internals in These place and the reactor cavity level less than full.

requirements minimize the consequences of temperature as iow ac practical.for a criticality event is mini positive reactivity additions.

Y.1. Y.2. and Y.3 If the Required Action and the associated Completion Time of the first Condition listed in Table 3.3.21 is not m the likelihood and consequences of an event are minimized.

This is accom)lished by 1mmediately initiating action to be in H00E 5 witn the RCS intact and a visible level in the pressurizer or to be in MODE 6 with the upper internals in These place and the reactor cavity level less than full.

requirements minimize the consequences o temperature as low as practical.for a criticality event is m positive reactivity additions.

The Surveillance Requirements for each ESF Function are identified by the Surveillance Recuirements column of SURVEILLANCE A Note has been acded to the Surveillance REQUIREMENTS Table 3.3.2 1.

Requirement table to clarify that Tr.ble 3.3.21 d SR 3. 3. 2.1_

Performance of the CHANNEL CHECK once every 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months ensures A

that a gross failure of instrumentation has no (continued) 08/97 Amenoment 0 b AP600 8 3.3 115 t r01\\te ch spe c\\16010 302. r07 082217

~ - - - - - - -

ESFAS Instrumentation 8 3.3.2 BASES SURVEILLANCE SR 3.3.2.1 (continued)

It is REQUIREMENTS one channel to a similar oarameter on other channels.

based on the assumption tnat instrument channels monitoring the same paraineter should read a3 proximately the same value.

Significant deviations between tne two instrument channels could be an indication of excessive instrument drift in one A CHANNEL of the channels or even something more serious.thus, it is key to CHECK will detect gross channel failure:

verifying the instrumentation continues to operate properly between each CHANNEL CALIBRATION.

Agreement criteria are determined by the plant staff, based on a combination of the channel instrument uncertainties, If a channel is including indication and readability.

outside the match criteria, it may be an indication that the sensor or the signal processing equipment has drifted outside its limit.

The Surveillance Frequency is based on operating experience Automated that demonstrates channel failure is rare.

operator aids may be used to facilitate performance of the CHANNEL CHECK.

SR 3.3.2.2 SR 3.3.2.2 is the performance of an ACTUA One on a STAGGERED TEST 8 ASIS using the automatic tester.

half of the microprocessor subsystems in a division are tested while the remaining microprocessor subsystems continue Then the second half is tested while to provide protection.

Through the automatic the first half provides protection.

I tester, the possible logic conditions, with and without applicable permissives, are tested for each ESF Function.

Prior to the start of testing, the calibration of the automatic tester shall be verified and adjustments made as After the automatic tester has completed the tests required.

of the ESFAC and PLCs withi i 'he division, the results of the automatic test shall be reviewed to verify complettness and adequacy of results.

(continued) 08/97 Amendment 0 h AP600 8 3.3 116 I P01\\ t e ch s pe c\\16C 10 302, r07 -082217 o

ESFAS Instrumentation 1

B 3.3.2 f

BASES SURVEILLANCE SR 3.3.2.2 (continued)

REQUIREMENTS The Frequency of every 92 days on a STAGGERED TEST BASIS provides a complete test of all four divisions once per year.

This frequency is adequate based on the inherent high reliability of the solid state devices which comprise this equipment; the additional reliability provided by the and the use of redundant microprocessor subsystems:

continuous diagnostic test features, such as deadman timers, memory checks, numeric coprocessor checks, and tests of timers, counters, and crystal time basis, wh'ch will report a failure within these cabinets to the operator.

SR 3.3.2.3 SR 3.3.2.3 is the performance of a TAD 01 of the manual actuations, initiations, and blocks for varjous ESF functions, the Class 1E battery charger undervoltage inputs, This TADOT and the reactor trip (P 4) input from the IPCs.

is performed every 24 months.

The Frequency is based on the known reliability of the Functions and the multichannel redundancy available, and has been shown to be acceptable through operating experience.

The SR is modified by a Note that excludes verification of setpoints from the TAD 0T. The setpoints for the Class 1E battery charger undervoltage relays require bench calibration The other and are verified during CHANNEL CALIBRATION.

functions have no setpoints associated with them.

SR 3.3.2.4 SR 3.3.2.4 is the performance of a CHANNEL CALIBRATION every CHANNEL 24 months or approximately at every refueling.

CALIBRATION is a complete check of the instrument loop, including the sensor and the IPC.

The Frequency is based on operating experience and consistency with the refueling cycle.

(continued) h AP600 8 3.3 117 08/97 Amendment 0 tp01\\tecnspec\\16010302.r07 082297,

~ _ _ _ _______________ _ _ _ _ _

ESFAS instrumentation 8 3.3.2 BASES SURVEILLANCE SR 3.3.2.4 (continued)

The REQUIREMEN'S This Surveillance Requirement is modified by a Note.

Note states that this test should include verificationth where applicable.

SR 3.3.2.5 SR 3.3.2.5 is the performance of an CHANNEL OPERATIONAL TEST (C0T) every 92 days.

A COT is performed on each required channel to intended Function.

The automatic tester provided with the integrated Prior to the COT, the caliaration of the automatic tester shall be verified and adjustments made as required to COT.

the voltage and time base references in the automatic tester.

Subsequent to the COT, the results of the autom results.

The 92 day Frequency is based on Reference 6 and the use of continuous diagnostic test features, such as deadman timers, A/D channel automatic calibration, memory checks, numeric coprocessor checks, and tests of timers, cou protection cabinets to the operator.

During the COT, the integrated protection cabinets in the div.sion under test may be placed in bypass, 4

SR 3.3.2.6 idual channel ESF RESPONSE TIMES are This SR ensures the in maximum values assumed in the less than or equal toIn<.idual component response times are accident analysis.

The analyses model the overall not modeled in the anal,ses.

or total elapsed time, from the point at which the parameter (contin _u_edl e

08/97 Amendment 0 h AP600 8 3.3 118 tPOL\\tecMoec\\16010102.rQF 082297,

~--~~ ~ - - - - _ _

~ ~ ~ ~ -

l ESFAS Instrumentation I

B 3.3.2 BASES-SURVEILLANCE SR 3.3.2.6 (continued)

REQUIREMENTS exceeds the Trip Setpoint value at the sensor, to the point at which the equipment reaches the required functional state (e.g., valves in full open or closed position).

For channels that include dynamic transfer functions (e.g.,

etc.), the response time test may be lag, lead / lag, rate / lag,fer functions set to one with the performed with the transresulting measured response time compared Alternately, t n. response time SSAR (Ref. 2) response time.

test can be performed with the time constants set to their nominal value provided the required response time is analytically calculated assuming the time constants are setT at their nominal values.

by a series of overlapping tests such that the entire response time is measured.

ESF RESPONSE TIME tests are conducted on an 24 month Testing of the devices, which make up STAGGERED TEST BASIS.the bulk of the response time, is includ The final actuation device in one train is each channel.

Therefore, staggered testing tested with each channel.

results in response time verification of these devices every The 24 month Frequency is consistent with the 24 months.

typical refueling cycle and is based rn unit operating experience, which shows that random failures ofinst degradation, but not channel failure, are infrequent occurrences.

SR 3.3.2.7 SR 3.3.2.7 is the wrformance of an ACTUATION DEVICE Titis Surveillance Requirement is applicable to the equipment which is actuated by the Protection Logic Cabinets ex squib valves. checked by. exercising the equipment on an individual The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdowr, for refueling to prevent any upsets of plant operation.

(continued)_

08/97 Amendment 0 h AP600 0 3.3 119

!*01\\te ospe<\\16010102.r07 042217

ESFAS Instrumentation B 3.3.2

(

BASES SURVEILLANCE.

SR 3.3.2.7- (continued)

REQUIREMENTS This Surveillance Requirement is modified by a Note that states that actuated equipment, that is included in the Inservice Test (IST) Program, is exempt from this surveillance. The IST Program provides for exercising of the safety related valves on a more frequent basis. The results from the IST Program can therefore be used to verify-OPERABILITY of the final actuated equipment.

SR 3.3.2.8 SR 3.3.2.8 is the performance of an ACTUATION DEVICE TEST.

similar to that performed in SR 3.3.2.7. except this Surveillance Requirement is specifically applicable to squib valves. The OPERABILITY of the squib valves is checked by wrforming a continuity check of the circuit from the Notection Logic Cabinets to the squib valve'.

requency of 24 months is based on the need to perform The c this surveillance during periods in which the plant is shutdown for refueling to prevent any additional risks associated with inadvertent operation of the squib valves.

SR 3.3.2.9 SR 3.3.2.9 is the wrformance of an ACTUATION DEVICE TEST.

This Surveillance Requirement -is applicable to the circuit breakers which de energize the power to the pressurizer heaters upon a pressurizer heater trip.

The OPERABILITY of these breakers is checked by opening these breakers using the Plant Control System.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant-is shutdown for-refueling to prevent any upsets of plant operation.

This Frequency is adequate based on the use of multiple circuit breakers to prevent the failure of any single circuit breaker from disabling the function and that all circuit breakers are tested.

(continued)-

AP600-B 3.3 120 08/97 Amendment 0 t*01\\techseec\\ M030502.r07 042297

I ESFAS Instrumentation B 3.3.2 1

BASES (continued)

REFERENCES 1.

AP600 SSAR, Chapter 6 " Engineered Safety Features."

2.

AP600 SSAR, Chapter 7. " Instrumentation and Controls."

3.

AP600 SSAR. Chapter 15 " Accident Analysis."

4.

Institute of Electrical and Electronic Engineers.

IEEE 279 1971, " Criteria for Protection Systems for Nuclear Power Generating Stations," April 5,1972.

5.

10 CFR 50.49, " Environmental Qualification of Electric Equipment Important to Safety for Nuclear Power Plants."

6.

WCAP 10271 P A, Supplement 2, Rev.1. " Evaluation of Surveillance Frequencies and Out of dervice Times for the Reactor Protection Instrumentation System " dated June 1990.

7, 10 CFR 50, Appendix A. " General Design Criteria for Nuclear Power Plants."

8.

NUREG 1218, " Regulatory Analysis for Resolution of USI A 47," 4/88.

9.

WCAP 14606, " Westinghouse Setpoint Methodology for Protection Systems," April 1996 (nonproprietary).

10. ESBU TB 97 01, Westinghouse Technical Bulletin, " Digital Process Rack Operability Determination Criteria," May 1, 1997.

1 i

f 8 3.3 121 08/97 Amendment 0 j

b AF600.oioso,.m.,,,,

imuua.uu J

-

ML20210Q058

Text

Navigation menu

Search