Text

- _ - _ _ _ _ _ _ _ _ _ _ _

sa 2NRC-7-212 December 10, 1987 Beaver Vahey No. 2 Unit Project Organization (412)643-5200 S.F.G. Building Telecopy (412) 643 5200 Ext.160 P.O. Box 328 Shippingport, P A 15077 November 25, 1987 ND3VPN:5238 United States Nuclear Regulatory Commission ATTN:

Document Control Desk Vashington, DC 20555

REFERENCE:

Beaver Valley Power Station - Unit No. 2 Docket No. 50-412, License No. NPF-73 PSMS Verification and Validation Plan Gentlemen:

As stipulated in item 2.C.(7) of Facility Operating License No. NPF-73, enclosed, please find the BVPS-2 Plant Safety Monitoring System (PSMS)

Verification and Validation (V6V) Plan.

This Plan is currently in effect and all activities identified herein vill be implemented prior to the end of the first refueling outage.

Since costs associated with replication of the PSMS cannot be justified for V&V purposes alone, this plan relies upon use of equipment which is already installed in the plant for the V&V process.

We believe the proposed plan provides an optimum balance of confidence in software adequacy and costs of implementation for a system that does not provide a reactor protection function.

Very tru y yours, J. J. Carey Sr. Vice President GLB/ij r M11/GLB/NRC/PSMS Atta ent AR NAR cc:

Mr. J. Beall, Sr. Resident Inspector (Unit 2)

Mr. V. T. Russell, NRC Region I Administrator Mr. P. Tam, Project Manager 8712150441 971125 PDR ADOCK 05000412 b(

PDR bg q

s PSMS Verification and Validation (V&V) Plan BVPS #2 1.0 Description The BVPS #2 PSMS is a Class 1E System consisting of four (4) Class 1E Remote Processing Units (RPU), one (1) non-Class 1E RPU, two (2) Class 1E Display Processing Units (DPU) and two (2) Class 1E Plasma Di spl ays.

Figure 3 depicts the system inputs / outputs and displays.

The function of the PSMS is to provide displays which are diverse or redundant to the Main Control Board for Safety-Related R.G.

1.97 Parameters. The PSMS does not provide protection or control functions and is not the primary source of control information for all inputs (the Main Control Boerd is the primary source of control information).

2.0 V&V Program The V&V Program consists of two (2) specific activities; the Design and Manufacturing Activity (Westinghouse) and the Operational Activity (DLC).

These activities are depicted in Figures 1 and 2, respectively.

Unlike other plants, the PSMS at BVPS-2 functions solely as a display and actively performs no safety. functions.

But, the V&V program for this equipment is typical of V&V performed by Westinghouse for other 1E systems which do perfora active safety functions.

Therefore, the %V Act hiity performed by Westinghouse during the Design and Manuf acturing stages was in accordance with the requirements of 10CFR50, Appendix B.

An engineer in the Design Group was the second party reviewer.

i The V&V program performed by Westinghouse on the BVPS-2 PSMS is consistent with the V&V program performed on the Westinghouse generic SPDS.

The

" Emergency Response Facilities Design and V&V Program" applicable to the generic SPDS is outlined in WCAP-10170.

The " Key Safety Parameter Selec-tion for BVPS-Unit 2 SPDS" is outlined in WCAP-10170, Appendix C-S1.

(See 1

SSER-6, Section 18.2.2.2(5)).

DLC understands that the above WCAPs have been reviewed by the NRC.

2.1 Design and Manufacturing Activity - Figure 1 l

1 Figure 1 depicts graphically the V&V Program performed by Westing-house for BVPS #2 PSMS.

Referring to Figure 1, the Design Basis and i

Functional Requirements were developed by Westinghouse with input and review from the AE (Stone & Webster) and review approval by DLC.

These documents formed the basis fo r preparing the Syste Design Specifications and the Test Plan.

The hardware and software designs were then performed using the System Design Specification as the base.

The Source Code was developed and the Verified Sof tware was burned into Programmable Read-Only Memories (PROMS),

tailoring the RPU function to the specific plant requirements.

PSMS V&V Plan BVPS #2 Page 2 Test procedures are prepared using inputs from the Test Plan System Design Specification, detailed Hardware, Sof tware Designs and System Integration.

The Factory Acceptance Test is then performed using the Test Procedures developed as described above. The Factory Acceptance Test validated ' the Hardware, Sof tware/Firmware Configuration in performing the PSMS Design Basis functions.

The results of the Factory Acceptance Test was data validation based upon simul ated sensor inputs.

Although shown on Figure 1, the Site Acceptance Test was performed by Site personnel using independently prepared test procedures.

All documentation, Source Code, Specifications, etc., are updated and retained in the Westinghouse Design Group.

2.2 Operational Activity - Figure 2 Figure 2 depicts graphically the V&V Program that will be performed at BVPS #2 for the PSMS.

The Site Acceptance Test Procedure has been successfully performed and the PSMS is operational and functioning in accordance with design requirements.

Refe.rring to Figure 2, the Site Acceptance Test was performed satis-f actorily.

Inputs to the FSMS were simul ated and the test was performed essentially in accordance with the Factory Acceptance Test Methodology.

]

Operational History Documentation is presently being performed.

When a change is required to the Software /Firmware, the Vendor (Westinghouse) provides the revised PROMS and validates the change essentially as discussed in 2A ab ove.

A change typically is performed as follows:

The engineer changes the Code and performs preliminary testing prior to PROM burning.

Following the burn-in process, the PROMS are placed in a test bed, equivalent to a BVPS #2 DPU and a Factory Acceptance Test is performed on the changed PROMS.

When the revised PROMS are received at the site, they are tested in accordance with the test procedure develooed by the vendor.

Calibration of the PSMS will be performed periodically.

The proce-dures defining periodicity, methodology, etc., will be prepared in a time frame to support implementation of the PSMS V&V Plan.

Procedures to support Functional Testing wil l be developed and Functional Testing will be performed to verify changes and/or problem solving activities.,

1 It is to be noted that the vendor (Westinghouse) will maintain the Source Code and perform PROM changes as well as maintain the associa-i ted Design Documentation up to date until such +ime as DLC assumes responsibility for performing the changes.

r V & V PROGRAM DESIGN AND MANUFACTURING ACTIVITY Design Basis Document Functional Test Requirements Plan i

~~~

~~~~~,

System Design

N D

~

Specification Test

/

Procedures j

,/

g

)

/

/

l

/

,/

Hardware Software f

Design Design

,/

s'

/

~'

System Integration Factory Acceptance Test Site Acceptar. e Test Fiqure 1

V&V Program

,0perational Activity Site Acceptance Test Design Basis Document b

Equipment Access Operational History I

Control-Documentation Data Base l

Changes I

\\;

4

/

1 Change. Control _ _ -

/

Periodic Calibration

. Functional Testing -

l Figure 2

PSMS Block Diagram 4

RPU PLANT I

PARAMETER INPUTS RPU PLANT III EF COMPUTER DISPLAY E

A s s E

OPu A

II 4

RPU 4----

-4 Iy y

OPU I

b

(

a m

m O! SPLAY 3

If if ppy ERF PLANT N1 Figure 3 l

l 1

{