Forwards Committee on Safety of Nuclear Installations Completed Survey of Use of Digital Computers in Control Rooms of Nuclear Power Plants

ML20210U832
Person / Time
Site:	Seabrook
Issue date:	02/13/1987
From:	George Thomas PUBLIC SERVICE CO. OF NEW HAMPSHIRE
To:	Russell W Office of Nuclear Reactor Regulation
References
NYN-87018, NUDOCS 8702180602
Download: ML20210U832 (23)
v • d • e

Text

s-GeorgeS. M vie.Preed=* w N N:,w Hampshire Yankee Division NYN-87018 February 13, 1987 United States Nuclear Regulatory Commission Washington, DC 20555 ATTN:

Mr. William T. Russell Director, Division of Human Factors Technology -

References:

(a) Facility Operating License No. NPF-56, Construction Permit No. CPPR-136, Docket Nos. 50-443, 50-444 (b) USNRC Letter dated January 13, 1987, W. T. Russell to R. J. Harrison

Dear Sir:

As requested by Reference (b), enclosed please find a completed copy of the Committee on the Safety of Nuclear Installations' " Survey of the Use of Digital Computers in Control Rooms of Nuclear Power Plants" for Seabrook Station.

Should you have any questions regarding this matter please contact Mr. Warren J. Hall at (603) 474-9574.

Very truly yours, f/ h N

George S. Thomas Enclosure m22ms! 8'espaa 9

l P

P.O. Box 300. Seabrook, NH 03874. Telephone (603) 474-9574

W:

y e

I ENCLOSURE TO NYN-87018

5 Scales:

Appropriate Not Years until implementation:

Appropriate-Never 0 2

4 6 Unknoim i

2.1 General Plant Operations In the area of general plant operations, please indicate the appropriateness and the state of the implementation of computers:

1)Toincreasethereliabilityofoverallplantoperations:

Safety Control @

Q). :.:.:.:

l 2)Toprovideareplacementforoperator(s)inthecontrolroom:

j Safety Q)

O Control

(:)

h;

3) To provide additional functions similar to those c'f human operators in the control room:

.:.:.:.h Safety n

d Control G

.~.

it!I}

4) To provide new operations not possible with conventional means:

.:.:.:.G)

Safety

:.:.:.:.e j

Controi c.7

5) To provide routine or emergency control of plant operations remote 9

from the control room:

(

(i) t Safety Control

(.)

i.

6) To utilize the flexibility of computers in the overall plant control:

Safety I

Control (:]

I

i i

l Scales:

Appropriate Not Years until implementation-

, Appropriate Never 0 2

4 6 Unknown 2.2 Computer applications in data catherine In the area of data gathering, please indicate the appropriateness and state of implementation of computers:

1) To increase the reliability of data gathering systems:

C:). :

Safety (i)

Control

(:)

'\\.\\\\

2) To provide replacement data gathering systems:

[

Safety

@)

~

})

gy Control

3) To provide additional data gathering systems independent from current systems:

Safety

@)

6). :

Control

@)

$fi

4) To provide new data gathering not possible with conventional means:

(

Safety @.

S(.,

Control @

7

5) To provide information data gathering remote from the control room:

Safety @.

(p.:.:.:.:

e.:.:.:.:

Controi 9...:

6) To utilize the flexibility of computers in data gathering functions:

Safety Control @.

7) To utilize the data validation capabilities, such as complex rationality checks i

and cross checks with other data:

I Safety o...:

@). :

Control @

, l

~

Scales:

Appropriate Not Years until implementation:

1 Appropriate Never 0 2

4 6 Unknown 2.

2.3 Computer applications in information display In the area of information displays, please indicate the appropriateness and state of implementation of computers:

1) To increase the reliability of inforuntion displays:

G). :

Safety

(:)

@). :

Control (f)

2) To provide replacement information displays:

(:)

Safety

@)

@)

Control

3) To provide additional information displays independent from current systems:

I g

Safety

(:)

, el Control C9 0-)

m

4) To provide new information displays not possible with conventional means:

fiitib Safety

(!)

.h j

Control @

J I'

5) To provide information displays remote from the control room (e.. shift supervisor's office, emergency control room, engineering offices :

e i

Safety i

Control (i)

(i).:.:.:.:

1 t

6) To utilize the flexibility of computers in information display functions:

Safety (i)

Control @.

d). :.:.:.:

l i.

___,_,,_.._,,,._,,_..,_,,,.._.,7

O 3

Scales:

Appropriate Not Years until implementation:

Appropriate Never 0 2

4 6 Unknown eute; applications as operator aids 2.4 r In the area of operator aids, please indicate the appropriateness and state of implementation of computers:

1) To increase the reliability of operator aids:

Safety @.

Control h...:

^

lli

2) To provide replacement operator aids:

1 (D

f Safety t

Control

3) To provide additional operator aids independent from current systems:

Safety

.:.:.:.(?)

Control f:)

4) To provide new operator aids not possible with conventional means:

g fd}l) i Safety h

Control @

l ji

5) To provide operator aids remote from the control room (e.g. shift supervisor's office, emergency control room, engineering offices):

+j,

Safety (i).:.:.:.:

lll' Control (i)

6) To utilize the flexibility of computers in operator aid functions:

@).

Safety (D

Control @

(f).:.:.:.:

7) To improve the control by operators of processes which are difficult for operators to control, such as non-linearities or non-minimum phase effects:

Safety (i)

Control @.

.g.

Scales:

Appropriate Not Years until implementation:

Appropriate Never 0 2

4 6 Unknown r _...

8)Toprovidereplacementforsomeoperatoractionsbysemi-automatically (doinga sequence of actions during normal operations as directed by operators e.g.,

as the valve manipulations to switch operating pumps in a fluid system):

h Safety Control

$)

9)Toprovidereplacementforsomeoperatoractionsbysemi-automaticallydoinga sequence of steps in response to abnormal station states as directed by operators (e.g., response to a minor alaim condition):

h d) 5 Safety e

,[

Control @.

h.

10)Tomaximizesafecomercialoperationofoperatorcontrolledprocessesby g

providing better operator control close to the safety margins:

Safety @.

6).

o-Control (D

(:). :

i

11) To provide administrative functions for operators not related to operations of illiif the plant:

.h Safety @.

h Control

[:)

6 i

t'

12) To improve the efficiency and perfomance of the other than control' room

" - ~

operators, such as maintenance staff:

1II' Safety @.

Control @.

2 o

[ -..

Scales:

Appropriate Not Years until implementation:

Appropriate Never 0 2

4 6 Unknown 2.5 Computer applicationt in entering operator cosinands In the area of entering operator comunands, please indicate the appropriateness and state of implementation of computers:

1) To increase the reliability of the entering of operator coussands:

Safety Control C:)

l[l

2) To provide replacement methods of entering consnands:

@)

Safety

. :. :. :.@)

(3) l Control bl

3) To provide additional methods of entering casunands independent from current systems:

Ndi

(:)

(i)

Safety

.(?)

'f Control @

?

4) To provide new methods of entering consnands not possible with ' conventional 4UO means':

(i)

Safety i

Control

(:)

5) To provide consnand entering remote from the control room:

h

@)

t-Safety 6)

Control 1

6) To utilize the flexibility of computers in changing the methods of entering consnands:

(:)

Safety

.h Control f:).

r Years until. implementation:

Scales:

Appropriate Not Never 0 2

4 6 Unknown Appropriate 1.:.:.

2.6 Ca== uter applications in issuina control sinnels In the area of issuing control signals, please indicate the appropriateness and state of implementation of computers:

1)Toincreasethereliabilityofcontrolissuingsystems:

Safety @.

Control

(?)

~

2) To provide replacement control issuing systems:

. d)

{

Safety

(})

O :.:.:.:.:

Control

?

3) To provide additional control issuing systems independent from current systems:

'.. h Safety @.

Control

()

y@

4) To provide new control issuing not possible with conventional means:

6)

@)

a Safety i

(!

Control 5

?

5) To provide control issuing remote from the control room:

@)

(:)

i Safety

, 1l1!!

Control,@)

i

6) To utilize the flexibility of computers the methods of issuing controls:

Safety dy Control (J) 7)Toutilizethecontrolsignalvalidationcapabilities,suchascomplex rationality checks and cross checks with other information:

Safety b.

.h Control @.

l-l l

I i

i Scales:

Appropriate flot Years untti implementation:

Appropriate llever 0 2

4 6 Unknown I '. :.:.:.:

2.7 Computer applications as automatic controllers within plant systems In the area of automatic controllers, please indicate tiie appropriateness and state of implementation of computers:

1)Toincreasethereliabilityofautomaticcontrollers:

(!)

Safety Control

@)

.llli 2)Toprovidereplacementautomaticcontrollers:

Safety 6) 6)

(:)

Control

3) To provide additional automatic controllers independent from current systems:

.}lill Safety Control @.

4) To provide new automatic controllers not possible with conventional means:

L-Safety @

.:.:.:.(D

.i Control @.

d.

5) To provide automatic controllers remote from control functions normally

,7 performed in the control room (e.g. shift supervisor's office, emergency r

control room, engineering officas):

i l fill Safety d)

Control

(?)

6) To utilize the on-line flexibility of computers, such as to change the control i

of processes in progress:

(T)

Safety Control

7) To utilize the off-line flexibility of computers, not necessarily by operators, such as for modification of control algorithms, control constants, etc.:

Safety

(:S Control (p

1 - -

Scales:

Appropriate Not Years until implementation:

Appropriate Never 0 2

4 6 Unknown

8) To provide replacement for some operator actions by taking fully automatic corrective control action in response to abnormal station states (e.g., reduce reactor power on boiler low level):

d)

(fj Safety

.:.:.:.(:)

Control (h

9) To maximize the safe comercial operation of the process by automatically

~

operating close to the safety margins:

Safety

[d i

Control @

I 1

.dl 5

1 Ii l

ll 1

N

.a.

Scales:

Appropriate flot Years until implementation:.

Appropriate llever 0 2

4 6 Unknown I'.

2.8 Computer applications in data loccine In the area of data logging, please indicate the appropriateness and state of implementation of computers:

1) To increase the reliability of data logging systems:

Safety 6)

(f.:.:.:.:

Control

.l)ll

2) To provide replacement data logging systems:

Safety (i)'

{:). :.:.:.:

y Control li e

3) To provide additional data logging systems independent from current systems:

'h Safety Q)

Control (i)

(i).:.:.:.:

.M

4) To provide new data logging systems not possible with conventional means:

4 c.

U N Safety

. LT)

Control 6)

.:.:.:. (!)

)

5) To provide data logging outputs remote from the control room (e.g. shift supervisor's office, emergency control room, engineering offices):

9 6). :

E Safety (i)

'N" Control G.:.:.:.:

6) To utilize the flexibility of computers in data logging functions:

O.:.:.:.:

Safety

(:3 Control 6)

G.:.:.:.:

7) To provide record keeping for operators administration (eg. work orders.

l abnormal plant states, flow sheets, operating procedues):

Safety (1

(9. :. :. :. :

Control d)

SECTION 3: Specific Applications of Digital Computers of interest:

l This section is similar to Section 2. but includes specific applications of interest. The same instructions apply.

Scales:

Appropriate Not Years until implementation:

Appropriate Never 0 2

4

6. Unknown 2.2.:.:.:

3.1 Display Uses

1) To organize or prioritize alams and annunciations to limit overloading of operators or to otherwise organize the data:

O.:.:.:.:

lll Safety h...:

N (s. :. :. :. :

Control @

i.',

i-

2) To provide on-line display of numeric and trend data and other plant variaF's i;

or states:

(3). :. :. :. :

Safety ~@

Control (i)

sy

3) To display of standard and/or abnormal operating procedures:

Safety h)

@). :.:.:.:

Control (n II

4) To display of flow sheets and related plant data:

h Safety 6U h.:.:.:.:

I d). :

Control @

i.

' th' 3.2 Automated Assistance

1) To provide sequential display (i.e. prompting) and tracking of manually

)

executed sequence of control actions (e.g. testing of safety systems, startup of turbines):

safety 6).

G.-

1 Control (:)

2) To provide automated sequ'encing of operator actions (e.g.. testing of safety systems,startupofturbines):

(?'

@)

Safety

.:.:.:.h Control @.

\\

Scales:

' Appropriate Not Years until implementation:

Appropriate Never 0 2

4 6 Unknown 3)Toprovidedeterministicorexpertsystemsasdecisionaidstoassistthe operator in diagnosing abnormal conditions or in assessing the consequences of proposed actions:

(id.:.:.:.:

Safety d) 6)

Control

(:'

4)Toprovidedeterministicorexpertsystemtoassessplantorsystemstates, integrity and/or redundant systems:

01 Safety

()

(:)

Control

(:2. :.:.:.:

3.3 To provide Direct and Indirect Digital Computer Control

1) To provide direct digital, control of one or more rea'ctivity mechanisms:

6}

d)

Safety g

2) To provide indirect digital computer control through control of the setpoint for one or more analog reactivity mechanism control loops:

(:)

[llli Safety lu

3) To provide direct digital control of one or more processes (e.g. flows.

pressures):

i, f

6) d)

Safety Control (y

4) To provide indirect digital computer control through control of the setpoint j*p' for one or more analog process control. loops (e.g. flows, pressures):

6)

M i

Safety

.(0 Control G.)

l I

i l l l

P"'

3

,~ -

\\

Scales:

Appropriate Not Years until implementation:

Appropriate Never 0 2

4 6 Unknown 3.4 Data Loccing

1) To provide data logging of plant variables and states in a hard copy form for l

control or safety purpose:

Safety

d). :

Control @

2) To provide data logging of plant variables and states in a machine readable fom:

i Safety

@)

t k,

Control i

n

3) To provide event recording systems to record the timing of a sequence of T[

discrete events:

Safety

(~:)

.s &

Control (i)

^

1 3.5 Maintenance Assistance

{jijh

1) To support scheduling of routine maintenance:

s'

. :. :. :. h)

,q Safety (i>

i

)

{

Control (D

=

1 M

2) To provide deterministic or expert systems for the diagnosis by maintenance

)

personnel of component or system faults in or out of the control room:

~~

i 't!

SaTety l

Control (h

i :'

3) To display maintenance procedures:

i

.:.h Safety Control (:)

4) To perform maintenance procedures automatically:

h i

Safety l

Control (b

I' g.,,

V 3

=.

..u

...m.,_m,

Section 4: Digital Computer System Design Methc4s and

[

Implementation Techniques:

For this section, please indicate whether the method or technique is used for safety and control applications, is not used, or is unknown by circling either s

"S" for safety applications "C" for control applications "N" for not used "U" if unknown Please do not include applications that are only under evaluation or being experimented with. Please add to the lists as necessary to describe the methods and techni.gues in your country.

l!lli N1SystbSpecifications

! I

1) Please identify which of the following techniques are used to assure the acceptability of the f{

hardware of computer systems:

l a) Complete formal specifications

@([N U

hli; b) Control of the development process

[S) (C) N C

U c) Thorough testing of t and product h)h N U

j. -

d) Other (specify):

],

S C

N U

, J @.

2) Please identify wh)th of the fc11owing techniques s

are used to assure the acceptability of the i.E software of computer systems:

I a) Complete formal specif cations

@hN U

b) Control of the development process h) @ N U

j c) Thorough' test.ingoftheendproduct

($1(C) N U

d)Other(specify):

S C

N U

iC

3) Please identify which of the following plans

[

are prepared:

l a) Quality Assurance Plan S

C N

U b)SoftwareVerificationPlan h) h N U

c)ScftwareTestPlan S

C N

U d) Programing Conventions Plan S

C N

U l

c)Other(specify):

S C

N U

I..

4

"$" for safety applications-

"C" for control applications "N" for not used "U" if unknowr.

~

4)Pleaseidentifywhichofthefollowingdesign review techniques are used:

T U

h Li N

a)Preliminarydesignreview:

b) Critical design review:

h)(C)

C N

U c)Codewalk-through:

C N

U d)Other(specify);

5 C

N U

q 7

5) Please identify for which of the following areas human factors engineering specifications are y

prepared:

a) Display requirements h) h N U

h) (C')

N U

b)Inputdevicerequirements c) Input device and display interaction (M b) N U

requirements

,.g h

d) Control room er panel layouts, and input device @ h,)

and display arrancement requirements N

U

-ng e)Operatorinputdeviceanddisplayinteraction j

dialog requrisments

@hN U

J f) Other (specify):

S C

N U

f5 5

I l

l.

"S" for safety applications I

"C" for control applications j

"N" for not used "U" if unknown i

6)Pleaseidentifywhichofthefollowingmethods are used in the design of the human-computer interface:

i a)Operatorfunctionandtaskanalysis hhN U

b)Humanfactorsengineeringtestand evaluation program (5) h N U

c) Workload analysis S

C N

U h

d)Humanreliabilityanalysis S

C N

U h

e)Staticorpsuedo-dynamicfunctionmock-up V

studies S

C N

U h.I f)Operatorperformanceorplantdynamics simulator studies S

C N

U d

g) Studies of hardware or software failure effects on operators tasks and functions S

C N

U h) Experimental research on input device and display design S

C N

U fi{h l

1)Other(specify):

S C

N U

i i.

4.2 Development Methods t,

1. w.

1) Please identify which of the following software configuration management techniques are used:

1 a) Normal record keeping h,h N U

b) A computerized library of application source and object codes S

C N

U i

c) A computerized library of public source codes (ifavailable)andobjectcodes(e.g. operating system, compiler, editor)

S C

N U

i d)Designationofasoftwareconfigurationmanager S C

N U

e)Includingon-linereadablerecordofitsissue j

information S

C N

U i

f) On-line software checks (s) of the issue nu:nber compatibility of software with software, and i

of software and firmware media S

C N

U g)Other(specify):

S C

N U '

.m--

u.

..-,e,

-,-,---e

,e

.-m..

"$" for safety applications "C" for control applications "N" for not used "U" if unknown

2) Please identify which programming languages are used:

($) h N U

a) Assembly S

C N

U b)Ada 5

C N

U c) Basic 5

C N

U d)C hhN U

e) Fortran

-S C

N U

]{

f) Lisp S

C N

U g) Pascal S

C N

U h) Prolog S

C N

U 1)Other(specify):

w

3) Please identify which of the following programming standards are used:

.L

' fil l a)Acodingformattoindicateroutines S

C N

U b) Single entry, single exit of a routine 5

C N

U

.j c)Nounconditional60T0 statements-

@ (C) N U

C S

C N

U d) No Recursive routines

![i;;

e)Limitednestingdepthforroutines

@hN U

hhN U

f) Maximum routine length S

C N

U 1

g) Ninimum routine length h) Standard header format for routines (S) C) h U

5 C

N U

i)Other(specify);

l i.

"S" for safety applications "C" for control applications "N" for-. net.used -

"U" if unknown 4.3 Design Ootions

1) Please identify which of the following levels of redundancy are used:

a)Asinglecomputerwhichmayhaveredundant S

C N

U inputs and outputs b) A primary ccuputer which may have redundant inputs and outputs and has a duplicate backup computer which can automatically take over the hhN U

functions of,the primary computer

,U.' "'

c) Triplicated computers which function through j!

a two-out-of-three voting circuit S

C N

U I

d) Four computers which function through one or more, two out of three voting circuits; (one j

computer may be rejected by its own action or l

bythecombinedactionoftheotherthree)

S C

N U

e) Other (specify):

S C

N U

S.

C N

U

2) Is a single computer used 3)Aredistributedcomputersused S

C N

U S

C N

U

4) Are data highways used f

4.4 Testing g.

1) Please identify which of the following softwara validation tests are used

!lh a) Preparation of an Aceptance or Validation

@ (C/ N U

Test Plan

($1hN U

b)Staticinput/responsetests c) Pseudo-dynamic input / response tests (e.g.

rampinputsthroughtheirranges)

S C

N U

d) Simulated input / response tests S

C N

U

)

S C

N U

e)Openloop,onsitetests f) Stress tests (e.g. outside the input voltage j

($) @ N U

limits, excessive input data rates)

S C

N U

g) Quality Assurance Functional Audit h) Quality Assurance Physical Audit S

C N

U S

C N

U 1)Other(specify): a

~

e "S" for sa'fety applications f

"C" for control applications "N" for not used "U" if unknown 2)Pleaseidentifywhichoftheaboveareautomated:

a b c d a@g h 1

3) Please identify which are repeated for revisions to the systems:

(a)(b)e b

d a fg h 1 4.5 Applications Experience

'k 1)itasahumanfactorseninseringstudyforan

. J application indicated hat a non-dynamic, b

non-interactive CRT display was the system 1

of choice (i.e., fixed format with periodic 5

C@U dataupdates)?

3

2) Please identify which of the following k.

characteristics described in the most recent il control room display designs:

a) Principally all parallel (i.e., conventional S

C N

U C

analogdisplay) idh b) Principally all serial (i.e. CRT displays)

S C

N U

f[

c)Acombinationofparallelandserial

@@N U

o S

C N

U f

d)MonocromaticCRT's l'

@ h) N U

e)ColourCRT's 5

C N

U f) Other (specify);

3) Please identify which of the following characteristics describes the digital computer input devices used on the a:st recent designs:

1 I

a) Conventional switches (e.g., pushbutton, knobs,andswitches)

S C

N U-b)Keyboardswithalphanumericandspecialpurpose4hN U

keys f

c)Cursorcontroldevices(e.g., joysticks,nouse,($)(C)

N U

androllerball)

S C

N U

l d)Other(specify):

l

7

/

"S" for safety applications i

"C" for control applications "N" for not used "U" if unknown

4) For what period of time are spare parts stocked (i.e.toguardagainstobsolescence)?

hhN U

a)Upto5 years S

C N

U b)6 to 10 years S

C N

U c)11to20 years 1

S C

N U

d) 21 to 30 years g

5) Of the control loops closed through a digital computer, what percentage currently use direct a.

j, digital control?

a)755-1005 S

C N

U b)505-75%

5 C

N U

iiMI 5

C N

U c)255-505 hU h

d) 05 - 255 S

C 4.6 Research Needs

1) Determination of. hardware reliability S

C N

U b

2) Detemination of software reliability S

C N

U S

C N

U p

3) Software design techniques T

4)Softwareverificationtechniques S

C N

U 1

1l15

5) Software coding techniques (including S

C N

U programning languages) 5

6) Software validation techniques-S C.

N U

7) Software documentation techniques S

C N

U

8) Configuration management techniques S

C N

U

9) Software maintenance techniques S

C N

-U

i "S" for safety applications "C" for control applications "N".for not used "U" if unknown

10) Quality assurance techniques S

C N

U

11) Human-computer interface design techniques 5

C N

U 12)Inputanddatabaseintegritytecnhiques S

C N

U 13)Other(specify):

S C

N U

14) Please prioritize the top three research topics:

lj ist priority:

1 2nd priority:

h 3rd priority:

(:

4.7 Additional Consnents

'l0il h

44 tim l.

-