ML20214V638
| ML20214V638 | |
| Person / Time | |
|---|---|
| Site: | Calvert Cliffs  |
| Issue date: | 12/03/1986 |
| From: | Mcneil S Office of Nuclear Reactor Regulation |
| To: | Tiernan J BALTIMORE GAS & ELECTRIC CO. |
| References | |
| NUDOCS 8612090769 | |
| Download: ML20214V638 (27) | |
Text
i December 3, 1986 Distribution Docket Nos. 50-317
[DoctetJ11e'*
ACRS(10) and 50-318
~ NRC/ Local PDR' "
PKreutzer PBD-8 Reading SAMcNeil FMiraglia NThompson JPartlow OGC-Beth Mr. J. A. Tiernan EGrimes RKendall Vice President-Nuclear Energy EJordan Baltimore Gas & Electric Company Gray File 3.2a P. O. Box 1475 Baltimore, MD 21203 l
Dear Mr. Tiernan:
SUBJECT:
REQUEST FOR ADDITIONAL INFORMATION; 10 CFR 50.62, ATWS RULE We have completed our review of your submittals dated May 1, 1986 and June 27, 1986, which detailed how you. intend to comply at Calvert Cliffs Units 1 and 2 with the requirements of 10 CFR 50.62, " Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plant."
The Comission finds that your submittals do not provide sufficient information to verify your compliance with the ATWS rule. To permit our staff to complete our review, it is requested that you provide the information requested herein.
Please respond to the enclosed request for additional information by January 8, 1987 to facilitate our staff's review prior to your completion of the ATWS modifications for Unit 2 during the spring 1987 refueling outage.
If you are unable to respond by this date, please notify us of your intended schedule within 15 days of your receipt of this letter.
This request affects fewer than 10 respondents; therefore OMB clearance is not required under P.L.96-511.
Sincerely, D. H. Jaffe signed for Scott A. McNeil, Project Manager PWR Project Directorate #8 Division of PWR Licensing-B
Enclosure:
l As stated cc: w/ enclosure See next page p
PBD-8:
PBD-8:
PBD-8:
Ey/gpy/86 ger SAMcN( j AThajani 11' 3 12/ /8 12/$86
~
8612090769 861203 PDR ADOCK 05000317 P
s i
Mr. J. A. Tiernan Baltimore Gas & Electric Company Calvert Cliffs Nuclear Power Plant i
CC:
Mr. William T. Bowen, President Regional Administrator, Region I Calvert County Board of U.S. Nuclear Regulatory Commission Commissioners Office of Executive Director Prince Frederick, Maryland 20768 for Operations 631 Park Avenue D. A. Brune, Esq.
King of Prussia, Pennysivania 19406 General Counsel Baltimore Gas and Electric Company P. O. Box 1475 Baltimore, Maryland 21203 Jay E. Silberg Shaw, Pittman, Potts and Trowbridge 2300 N Street, N.W.
Washington, DC 20037 Mr. M. E. Bowman, General Supervisor Technical Services Engineering Calvert Cliffs Nuclear Power Plant MD Rts 2 & 4, P. O. Box 1535 Lusby, Maryland 20657-0073 Resident Inspector c/o U.S. Nuclear Regulatory Commission P. O. Box 437 Lusby, Maryland 20657-0073 Bechtel Power Corporation ATTN: Mr. D. E. Stewart Calvert Cliffs Project Engineer 15740 Shady Grove Road Gaithersburg, Maryland 20760 Combustion Engineering, Inc.
ATTN: Mr. W. R. Horlacher, III Project Manager P. O. Box 500 1000 Prospect Hill Road Windsor, Connecticut 06095-0500 Department of Natural Resources Energy Administration, Power Plant Siting Program ATTN: Mr. T. Magette Tawes State Office Building Annapolis, Maryland 21204
s F
REQUEST FOR ADDITIONAL INFORMATION 10 CFR 50.62, ATWS RULE FACILITY OPERATING LICENSE NOS. DPR-53 AND DPR-69 BALTIMORE GAS AND ELECTRIC COMPANY CALVERT CLIFFS NUCLEAR POWER UNIT NOS. 1 AND 2 DOCKET NOS. 50-317 AND 50-318 I
INTR 0_ DUCTION AND DISCUSSION
~
i On July 26, 1984 the Code of Federal Regulations (CFR) was amended to include the ATWS rule (Section 10 CFR 50.62, " Requirements for Reduction of Risk from Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled NuclearPowerPlants"). An ATWS is an expected operational transient (such as loss of feedwater, loss of condenser vacuum, or loss of offsite power) which is accompaniedbyafailureofthereactortripsystem(RTS)toshutdownthe reactor. The ATWS rule requires specific improvements in the design and operation of commercial nuclear power facilities to reduce the likelihood of failure to shutdown the reactor following anticipated transients, and to mitigate the consequences of an ATWS event. Paragraph (c)(6) of the rule requires that infomation sufficient to demonstrate compliance with the requirements of the rule be submitted to the Director, Office of Nuclear Reactor Regulation. The ATWS rule requirements for Combustion Engineering (CE) plants such as Calvert Cliffs Units 1 and 2 are to provide a diverse scram system (DSS), diverse (fromtheexistingreactortripsystem) auxiliary feedwater system (AFWS) actuation, and diverse (from the existing reactor trip system)initiationofturbinetrip.
1 1-
+
l The information provided in Baltimore Gas and Electric (BG8E) letters dated May 1, 1986 and June 27,1986(bothtitledCompliancewith10CFR 50.62 Reduction of Risk from ATWS Events) is not sufficient to allow the staff to determine whether the Calvert Cliffs plants comply with the hardware diversity, electrical independence, reliability and testability at power requirenents of the ATWS rule. The information identified below is required by the staff to complete the review of implementation of the i
requirements of the ATWS rule at Calvert Cliffs Units 1 and 2.
The equipment required by 10 CFR 50.62 to reduce the risk associated with an ATWS event must be designed to perform its functions in a reliable manner. A method acceptable to the staff for demonstrating that the equipment satisfies the reliability requirements of the ATWS rule is to i
i provide technical specifications, including operability and surveillance requirements, which govern its availability and operation, and thereby ensure that the necessary reliability of the equipment is maintained.
- provides model technical specifications which can be used as an aid to develop plant specific technical specifications. The model technical specifications are intended to provide guidance in the scope and types of specifications in the areas of equipment and administrative i
[
requirements (includingactionstobetakenwhenoperabilityrequirements cannot be met, and limiting conditions for operation) considered necessary l
l to ensure adequate reliability of ATWS equipment. The parameters and number of channels listed in the model technical specifications are examples based on prelimir.ary information regarding ATWS equipment i
e_u+_
-a5e--
-C
-*4-w
_+a-_a.
aa
-J 3-designs.. Proposed technical specifications should follow the same format, but reflect the actual plant design.
The ATWS prevention and mitigation systems should be designed to provide 1
the operator with accurate, complete and timely information pertinent to their own status. Displays and controls (including those used for operating, test and maintenance bypasses) should be integrated into the main control room through system functional analysis and should conform to good human engineering practices in design and layout.
It is important that the displays and controls added to the control room as a result of f
the ATWS rule not increase the potential for operator error. A human
{
factor analysis should be performed taking into consideration:
l (a) the use of this information and equipment by an operator during both nomal and abnormal plant conditions; (b) integration into emergency procedures; i
i l
(c) integration into operator training, and; l
i (d) the presence cf other alarms during an emergency and need for prioritization of alarms.
L l
I I
i
i
_4 A
e REQUIRED INFORMATION 1.
Diversity from the Existing Reactor Trip System (RTS)
The basic premise behind the ATWS rule as documented in SECY-83-293,
" Amendments to 10 CFR 50 related to Anticipated Transients Without Scram (ATWS) Events" is to require systems / equipment that are diverse (and independent) to those portions of the existing reactor trip system (RTS) -
where only minimal diversity is currently provided, and which are capable of preventing or mitigating the consequences of an ATWS event. The failure niechanism of concern is a common mode failure (CMF) of identical components within the RTS (e.g., logic channels, actuation devices and instrument channelsexcludingsensors). The diversity required by the ATWS rule is intended to ensure that conn.on mode failures which disable the electrical portion of the existing reactor trip system will not affect the capability of systems / equipment installed in accordance with ATWS rule requirements
~
(to prevent or mitigate the consequences of ATWS events) to perform their design functions. Therefore, the divers'ity required by the ATWS rule is hardware / component diversity (to prevent 'CMFs from disabling both the existing RTS and ATWS prevention / mitigation systems.)
Diversity can be achieved by incorporating as many of the following methods as practicable:
o use of components from different manufacturers, o use of electromechanical devices versus electronic devices,
o use of AC versus DC power sources, and o use of equipment employing different principles of operation.
Con.ponents that use different principles of operation and/or different nanufacturing processes are considered to provide the best diversity.
Identical components with energize-to-actuate trip status versus deenergize-to-actuate trip status are not considered sufficient to provide an acceptable level of diversity.
Identical components used in both the existing RTS and the diverse scram system or mitigating systems are subject to potential conson mode failures, and therefore, are not acceptable.
In those cases where complete hardware / equipment diversity is not provided, and it can be demonstrated that other factors exist that similarly reduce the potential for CMFs to disable both the existing RTS and ATWS prevention / mitigation systems, these considerations and methods for achieving diversity will be reviewed.
Equipment diversity to minimize the potential for common mode failures is l
required from sensor output to and including the components used to interrupt control rod power (circuit breakers from different manufacturers alone is not sufficient to provide the required diversity for interruption i
of control rod power) for diverse scram systems, and from sensor output to, but not including, the final actuation device for mitigating systems l
j (e.g., diverse turbine trip and diverse auxiliary feedwater actuatien).
Therefore, for all diverse scram system and mitigating system instrument channel components (excluding sensors and signal conditioning equipment upstream of the bistables) and logic channel components, and all diverse scram system actuation devices, provide infomation sufficient to demon-strate compliance with the ATWS rule diversity requirements. This infor-mation should include electrical schematic / elementary diagrams for the i
diverse scram system, diverse auxiliary feedwater system actuation cir-cuitry and the diverse turbine trip circuits that clearly show all instru-ment channels, logic, actuation circuits, test circuits, interlocks, bypasses, alams, and indication. Also provide infomation concerning all i
components involved including manufacturer, model number, design principle, l
and power supply, and a diversity comparison of these components with the components used in the existing RTS. The similarities and differences in the physical and operational characteristics of these components must be t
analyzed to determine the potential for comon mode failure mechanisms that could disable both the RTS and ATWS prevention / mitigation functions.
The evaluation of the adequacy of the diversity provided must be perfomed at a detailed level to include hardware, design considerations and diversity aspects that might not be apparent from a cursory / audit review. For j
example, two electromechanical relays from the same manufacturer and j
having the same voltage / current ratings and energize-to-actuate /deenergize-to-actuate trip status, and therefore, which appear to be unacceptable for f
satisfying the diversity requirements of the ATWS rule, may actually be acceptable if different materials and different manufacturing processes are used. Conversely, two printed circuit cards from different manufac-l turers, and therefore, which appear to be acceptable for satisfying i
f g
,-e~
j-7-
~
4
~
diversity requirements'of the ATWS rule, may not be acceptable if they both use identical components.
The hardware / component-diversity between the existing RTS circuits and the existing AFWS actuation circuitry at 'Calvert Cliffs (as documented in Combustion Engineering Report CEN-315. " Summary of the Diversity Between the Reactor Trip System and the Auxiliary Feedwater Act'uation System for CEPlants,"datedSeptember1985)hasbeenreviewedbythestaif. The results of the staff's review were provided to the Combustion Engineering ;,
Owners Group (CE0G) ATWS Subcommittee'ty letter dated August 4, 19867 from I
D. Crutchfield, NRC to R. Wells, CE0G. The staff's preliminary conclusion was that Calvert Cliffs m_al have sufficier,t diversity between the existing RTS and the existing AFWS to satisfy thh requirements of Section (c)(1) of '
the ATWS rule, but dat additional review at e more detailed level would-be required prior to reaching a final conclusion. Specigcally,BG8E should address in detail the potential non-diversity bet' ween RTS and AFWS components identified in the staff's initial review:
P CEN-315 does not address potential non diversity between the RTS initiation relays and the AFWS final actuation relays. Both are GE AC powered relays. Sufficient diversity may exist between the GE initiation relays in the RTS and the GE matrix relays in the AFWS actuation circuitry by virtue of DC versus AC power'to the relays.
.r
The staff cannot reach e conclusion regarding the acceptability of diversity between the RTS initiation relays and the AFWS matrix relays or actuation relays hased cn the infcmation provided. The 4
yw-.w,w-.
i- - -
v-w,
-yw r-9 y.-.y..
e--+-g s
-m--
e m
urr-_.y---7
-r mi-----w-
-8.
differences in the physical and operational characteristics of these components must be analyzed to determine the podential for CMF mechanisms existing between the components.
A diversity analysis, similar to the one performed for the diverse AFWS actuation circuitry, should be performed for components used in the DSS and for diverse turbine trip. The information provided in the June 27, 1986 letter and in previous meetings between the NRC and the CE0G ATWS Subcommittee concerning the diversity between DSS components and the existing RTS is not sufficient to allow the staff to determine compliance of the Calvert Cliffs DSS design with the requirements of 10 CFR 50.62(c)(2). The components used for diverse actuation of turbine trip have not been addressed in detail by BG&E.
2.
Electrical Independence from the Existing Reactor Trip System Electrical independence of the diverse scram system (DSS), diverse AFWS actuation circuitry, and diverse turbine trip circuits from the existing RTS is required from sensor output to, but not including, the final actuation device. The staff considers a station battery not used to provide power to RTS components to be a preferred source for providing power to the systems / equipment installed per ATWS rule requirements. The electrical schematic / elementary diagrams provided in response to Item 1 above should clearly identify all power sourcer used. Electricel r
independence of non-safety related ATWS circuits from safety related circuits is required in accordance with the guidance provided in l
l l
l l
s
-9 IEEE Standard 384, "IEEE Standard Criteria for Independence of Class IE Equipment and Circuits," as supplemented by Regulatory Guide 1.75, Revision 2, " Physical Independence of Electric Systems." Where RTS power supplies are used, it must be demonstrated that faults within the DSS, diverse AFWS actuation circuits or diverse turbine trip circuits cannot degrade the reliability / integrity of the existing RTS below an acceptable level, and that a common mode failure affecting the RTS power distribution s3 stem (including degraded voltage conditions such as overvoltage and undervoltage; the effects of degraded voltage conditions over time must be considered if such conditions can go undetected) cannot compromise both the RTS and ATWS prevention / mitigation functions.
Information must be provided to demonstrate the adequacy of all isolation devices used to protect the integrity of safety related circuits from non-safety related ATWS circuits. The required information is identified in Attachment 2.
If the isolation devices are identical to isolation devices used in other applications (e.g., to isolate the safety parameter
~
display system from safety related circuits), and the requested informa-tion has been previously submitted for staff review, and the isolation devices have been approved for their applications, the related correspon-dence should be referenced, and no additional information need be provided.
3.
Reliability and Testability at Power The equipment required by 10 CFR 50.62 to reduce the risk associated with an ATWS event must be designed to perform its functions in a reliable
l i
manner. The DSS, diverse AFWS actuation circuitry, and diverse turbine trip circuits must be designed to allow periodic testing to verify opera-bility while at power.
The functions performed by the ATWS equipment /
circuits may be bypassed if necessary to prevent inadvertent actuations during testing at power. All bypass conditions should be automatically and continuously indicated in the main control room.
a.
Describe how periodic testing at power of equipment /cfrcuitry required by the ATWS rule will be accomplished.
~
b.
Describe the indication provided in the control room of the bypass condition when equipment / circuits required by the ATWS rule are bypassed / rendered inoperable during testing.
c.
Provide information sufficient to demonstrate that the systems and equipment required by the ATWS rule will be adequately maintained and capable of performing their design functions in a reliable manner when required.
If technical specifications are proposed, they should follow the format of the model technical specifications provided in.
d.
Describe any other bypass features incorporated into the design of systems /equipnent required by the ATWS rule, including the means used to effect the bypass (indiccte if the bypass involves undesirable practices such as installing jumpers, lifting leads, pulling fuses, tripping breakers, or blocking relays) and the indication provided in the control room of the bypass condition.
Discuss how good human factors engineering practices are incorporated e.
into the design of ATWS prevention / mitigation system components located in the control room. Specifically address coordination of displays used to provide the status of ATWS systems / equipment to the operator with existing displays.
O i
i I
i
MODEL TECHN_I_ CAL _ SPECIFICATIONS FOR ATWS SYSTEMS AND EQUIPMENT
ATWS MITIGATING SYSTEM ACTUATION CIRCUITRY (AMSAC) MODEL TECHNICAL SPECIFICATIONS
~~
~
(DIVERSE AUXILIARY FEEDWATER SYSTEM ACTUATION AND DIVERSE TURBINE TRIP)
INSTRUMENTATION 3/4.3.X ATWS MITIGATING SYSTEMS ACTUATION CIRCUITRY LIMITING CONDITION FOR OPERATION 3.3.X The ATWS Mitigating Systems Actuation Circuitry (AMSAC) instrumentation channels shown in Table 3.3.X-1 shall be OPERABLE with their trip setpoints set consistent with the values shown in the Trip Setpoint column of Table 3.3.X-2.
The AMSAC manual and automatic actuation logic and actuation devices shall be OPERABLE.
APPLICABILITY: Mode 1 ACTION:
With an AMSAC instrumentation channel trip setpoint less conservative a.
than the value shown in the Allowable Val.ues column of Table 3.3.X-2, declare the channel inoperable until the channel is restored to OPERABLE status with the trip setpoint adjusted consistent with the Trip Setpoint value.
b.
With the number of OPERABLE instrument channels (one or more) less than the Minimum Number of Operable Channels requirement of Table 3.3.X-1, restore the inoperable channels to OPERABLE status within ___ hours of decrease reactor power to below the bypass trip setpoint within the next ___ hours.
With the manual initiation circuits or the automatic actuation logic or c.
actuation device (s) inoperable, restore the operable equipment to OPERABLE status within __, hours or decrease reactor power to below the bypass trip setpoint within the next __ hours.
SURVEILLANCE REQUIREMENTS 4.3.X.1 Each AMSAC instrumentation channel and the manual and automatic actuation logic and actuation devices (e.g., master and slave relays) shall be demonstrated OPERABLE by the performance of the ATWS mitigating system actuation circuitry instrumentation surveillance requiremints specified in Table 4.3.X-1.
4.3.X.2 An integrated test of all system components (i.e., all relays and contacts, all trip units, all solid state logic elements, etc.) from sensors through and including actuated devices shall be performed to verify OPERABILITY of the system function (s) at least once per fuel cycle during shutdown. This test shall include simulated automatic operation of all channels.
~_
O 9
l V
)
TABLE 3.3.X-1 Af.!S MITIGATING SYSTEMS ACTUATION CIRCUITRY INSTRUMENTATION TOTAL NUMBER NUMBER OF CHANNELS MINIMUM NUMBER OF OPERABLE
. FUNCTIONAL UNIT OF CHANNELS REQUIRED TO TRIP CHANNELSPERTRIPFUNCTION(a) 1
) 1.
T rbine Trip and Auxiliary l
Feedwater System Initiation I
i a.
Manual 1
1 1
b.
Automatic Actuation Logic and Actuation Devices 1
1 1
c.
Pressurizer Pressure-High*
3(b) 2 2
d.
Steam Generator Level-Low **
4(b) 3 3
e.
Reactor Power Level 1
NA NA (AMSAC bypass) i I
' (a) A trip channel may be placed in a bypassed (inoperable) status for up to 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />' for required surveillance.
(b) This trip function may be bypassed when reactor power level is less than
% of RATED THERMAL POWER.
i*
The model Technical Specifications for these parameters assumed a 2-out-of-3 energize-l t::-actuate trip logic. Plant specifiertechnical specifications should provide for ',
si:::11ar instrument operability requirements for the installed AMSAC logic / circuit design.
- The model Technical Specifications for these parameters assumed a 4-loop plant using a 3-out-of-4 trip logic. Plant specific technical specifications should provide for stallar instrument operability requirements for the actual plant l
configuration. -
t-p TABLE 3.3.X-2 ATWS MITIGATING SYSTEMS ACTUATION CIRCUITRY INSTRUMENTATION TRIP SETPOINTS
- FUNCTIONAL UNIT
_ TRIP SETPOINT ALLOWABLE VALUES 1.
TURBINE TRIP, AUXILIARY FEEDWATER INITIATION a.
Manual Initiation NA NA vi b.
Automatic Actuation Logic and Actuation Devices NA NA c.
Pressurizer Pressure--High
<(
)psig
$( )psig d.
Steam Generator Level--Low 2(
) inches 2(
) inches l
l e.
Reactor Power Level (AMSAC bypass)
$(
)%
$( )%
j l
I I
c
e-i i
TABLE 4.3.X-1 ATWS MITIGATING SYSTEMS ACTUATION CIRCUITRY INSTRUMENTATION SURVEILLANCE j
FtMCTIONAL UNIT CHANNEL CHECK (a)
CHANNEL FUNCTIONAL TEST (b)
CHANNEL CALIBRATION l
3.
Turbine Trip and Auxiliary Feedwater j
System Initiation m
l a.
Manual Inittaction MA R
NA
)
- b. Automatic Actuation logic and Actuation Devices NA Q
NA c.
Pressurizer Pressure-High S
Q R
I d.
Steam Generator Level-Low S
Q R
e.
Reactor Power level 5
Q R
s (AMSAC bypass) i
!(a) If the system design prohibits a 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> Channel Check, then the Channel Functional Test must include physical actuation of the sensor.
! (b)
Channel Functional Tests should be perfomed on a staggered test basis (e.g., if I
j three instrument channels are provided, one channel should be tested each month such that all channels are tested each quarter).
l
4 IN'STRUMENTATION
~
BASES i
3/4.3.X ATWS MITIGATING SYSTEM ACTUATION CIRCUITRY f
The OPERABILITY of the ATWS Mitigating Systems Actuation Circuitry (AMSAC) ensures that sufficient means are provided to limit the consequences of anticipatedtransientwithoutscram(ATWS) events. The AMSAC is designed to
)
automatically initiate the auxiliary feedwater system (AFWS) and trip the main turbine to prevent the excessively high reactor coolant system pressures which i
could otherwise result from ATWS events, thus maintaining reactor coolant pressure boundary and containment integrity to ensure plant safety. The AMSAC is diverse from the existing reactor trip system (RTS) circuitry, and therefore, significantly reduces the consequences of ATWS events caused by I
comon mode failures in the RTS. The AMSAC is required by the ATWS Rule l
10 CFR 50.62, " Requirements for Reduction of Risk From Anticipated Transients Without Scram (ATWS) Events for Light-Water-Cooled Nuclear Plants").
The Technical Specification OPERABILITY requirements ensure that sufficient instrumentation remains in service to provide adequate protection from ATWS events in accordance with the ATWS Rule. If the OPERABILITY requirements cannot be met, the plant is placed in a limiting condition for operation (LCO) where appropriate ACTIONS must be taken to restore the inoperable AMSAC instrumentation to an OPERABLE status within a specified time, or otherwise reactor operation is restricted to safe levels / modes where the AMSAC safety function is no longer required.
l The surveillance requirements specified for the AMSAC instrumentation ensures i
that the overall system functional capability and availability is maintained at a level comensurate with the safety functions to be performed. The l
l l
periodic surveillance tests, when performed at the specified intervals, will assure that the necessary quality of systems and components is maintained to
(
accomplish the desired safety functions when required.
I 2
o..
DIVERSE SCRAM SYSTEM
.(DSS) MODEL TECHNICAL SPECIFICATIONS INSTRUMENTATION 3/4.3.X DIVERSE SCRAM SYSTEM INSTRUMENTATION C
LIMITING CONDITION FOR OPERATION 3.3.X The Diverse Scram System (DSS) instrumentation channels shown in Table 3.3.X-1 shall be OPERABLE with their trip setpoints set consistent with the values shown in the Trip Setpoint column of Table 3.3.X-2.
The DSS manual and automatic actuation logic and actuation devices shall be OPERABLE.
APPLICABILITY: Mode 1 c
i ACTION:
With a DSS instrumentation channel trip setpoint less conservative than a.
the value shown in the Allowable Values column of Table 3.3.X-2 declare i
the channel inoperable until the channel.is restored to OPERABLE status with the trip setpoint adjusted consistent with the Trip Setpoint value.
j b.
With the number of OPERABLE instrument channels (one or more) less than the minimum number of OPERABLE channels requirement of Table 3.3.X-1, i
restore the inoperable channels to OPERABLE status within __, hours or decrease reactor power to below the bypass trip setpoint within the next hours.
i
)
With the manual initiation circuits or the automatic actuation logic or c.
actuation devices (s) inoperable, restore the inoperable equipment to 3
i OPERABLE status within __ hours or decrease reactor power to below the bypass trip setpoint within the next __,hcurs.
,, SURVEILLANCE REQUIREMENTS 4.3.X.1 Each DSS instrumentation channel and the manual and automatic actuation logic.and actuation devices shall be demonstrated OPERABLE by the performance of the diverse scram system instrumentation surveillance requirements specified in Table 4.3.X-1.
4.3.X.2 Anintegratedtestofall'systemcomponents(i.e.,allrelaysand contacts, all trip units, all solid state logic components, etc.) from sensors through and including actuated devices shall be perfonned to verify i
OPERABILITY of the system function (s) at least once per fuel cycle during shutdown. This test shall include simulated automatic operation of all channels.
l 4
I O
en i
i w-
1 y
)
I j
TAglE 3.3.X-1 i
DIVENSE SCRAM SYSTEM INSTRtMENTATION
\\
4 MINIMlM l
TOTAL NtMBER NtMBER OF CHANNELS NUMBER OF OPERABLE CHANNELS t
F1MCTIONAL IMIT
_OF CHANNELS REQtilRED TO TRIP PER TRIP FUNCTION (a)'
1.
Reactor Scram I
- a. Manual 1
1 1
1
\\
- b. Automatic Actuation Logic and Actuation Devices 1
1 1
h g
c.
Pressurizer Pressure-High*
3 2
2 d.
Over Temperature. T-High**
4 3
3 i
(c) A trip channel may be placed in a bypassed (inoperable) status for up to 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> for required surveillance.
1 i!
i o The model Technical Specifications for this parameter assumed a 2-out-of-3 energize-to-actuate trip logic.
plant specific technical specifications should provide for similar instrument operability requirements for the
! Esta11ed DSS logic / circuit design.
- The model Technical Specifications for this parameter assumed 3-out-of-4 trip logic. Plant specific technical specifications should provide for similar instrument operability requirements for the actual plant configuration.
v f
l
_ TABLE 3.3.X-2 DIVERSE SCRAM SYSTEM iNSTRtMENTATION SETPOINTS j
1 j FUNCTIONAL UNIT TRIP SETPOINT
' ALLOWABLE VALUE
- 1. Reactor Scram i
i a.
Manual Inf tation NA l
NA
- b. Automatic Actuation Logic and Actuation Devices MA NA
.I i
c.
Pressurfrer Pressure-High 3( )psig g(
) psig d.
Over Tempe,rature. AT, High
~
$(
) *F
<( ) 'F '
l I
l l
i
TABLE 4.3.I-1 g
DIVERSE SCRAM SYSTEM INSTRIN NTATION SURVEILLANCE REQUIREMENTS MINCTIOML_ UNIT CHMNEL CHECK (a)
CMNNEL FUNCTIOML TEST (b)
CHANNEL CALIBR TION 1.
Neoctor Scram 9
- a. Manual Initation NA R
na b.
Automatic Actuation Logic and Actuatfon bevices NA 0
NA c.
Pressurizer Pressure-High S
Q R
d.
Overtemperature, T-High S
Q a
2 (a) If the system design prohibits a 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> CHMNEL CHECK, then the CHANNEL FUNCTIONAL TEST must include physical actuation of the sensor.
(b) CHfulNEL FUNCTIOML TESTS should be performed on a staggered test basis (e.g., if three instrument channels are provided, one channel should be tested each month such that all channels are tested each quarter).
l e
i.
l INSTRUMENTATION
~
BASES I
3/4.3.X DIVERSE SCRAM SYSTEM (DSS) INSTRUMENTATION The OPERABILITY of the Diverse Scram System (DSS) ensures that sufficient means are provided to limit the consequences of anticipated transient without -
scram (ATWS) events. The diverse scram system is designed to shutdown the i
reactor independent of the existing reactor trip system (RTS), thus preventing l
the high reactor coolant system pressures associated with an ATWS event. The diverse scram system is diverse from the existing reactor trip system (RTS) logic and actuation circuitry, and therefore significantly reduces the potential for ATWS events caused by comon mode failures in the RTS. The DSS i
is required by the ATWS Rule (10 CFR 50.62, " Requirements for Reduction of l
Risk From Anticipated Transients Without Scram (ATWS) Events for Light-Water CooledNuclearPlants").
,l The Technical Specification OPERABILITY requirements ensure that sufficient l
instrumentation remains in service to provide adequate protection from ATWS
~
events in accordance with the ATWS Rule.
If'the OPERABILITY requirements cannot be met, the plant is placed in a limiting condition for operation (LCO) where appropriate ACTIONS must be taken to restore the inoperable DSS instrumentation to an OPERABLE status within a specified time, or otherwise reactor operation is restricted to safe levels / modes where the DSS safety function is no longer required.
The surveillance requirements specified for the DSS instrumentation ensures that the overall system functional capability and availability is maintained at a level comensurate with the safety functions to be perfonned. 7he periodic surveillance tests, when perfonned at the specified intervals, will assure that the necessary quality of systems and components is maintained to accomplish the desired safety functions when required.
i i
INFORMATION REQUIRED TO DEMONSTRATE THE ADEQUACY OF ISOLATION DEVICES USED TO ACHIEVE ELECTRICAL INDEPENDENCE OF NON-SAFETY RELATED ATWS CIRCUITS FROM SAFETY RELATED CIRCUITS J
For the type of device used to accomplish electrical isolation, describe a.
the specific testing perfomed to demonstrate that the device is acceptable for its application (s). This description'should include elementary diagrams when necessary to indicate the test configuration and how the maximum credible faults were applied to the devices.
b.
Data to verify that the maximum credible faults applied during the test were the maximum voltage / current to which the device could be exposed, and
{
define how the maximum voltage / current was determined.
Data to verify that the maximum credible fault was applied to the output c.
of the device in the transverse mode (between signal and return) and other j
faults were considered (i.e., open and short circuits).
d.
Define the pass / fail acceptance criteria for each type of device.
e.
Provide a commitment that the isolation devices comply with the I
environmentqualifications(10CFR50.49)andwiththeseismic qualfications,which were the basis for p1' ant licensing, f.
Provide a description of the measures taken to protect the safety systems from electrical interference (i.e., Electrostatic Coupling EMI, Common ModeandCrosstalk)thatmaybegeneratedbytheATWScircuits.
4 i
g.
Provide infomation to verify that the Class IE isolator is powered from a Class 1E source.
1 i
j
. _ _.. _ _. _ _., -. _ _ _ _ _. _ - _ - _ _ _ _ _ _ _. _ _ _