5 to Updated Final Safety Analysis Report, Chapter 7, Instrumentation and Controls

ML20335A126
Person / Time
Site:	Beaver Valley
Issue date:	11/23/2020
From:	Energy Harbor Nuclear Corp
To:	Office of Nuclear Reactor Regulation
Shared Package
ML20335A124	List: L-20-186, 5 to Updated Final Safety Analysis Report, Chapter 12, Radiation Protection ML20335A120 ML20335A121 ML20335A122 ML20335A125 ML20335A126 ML20335A127 ML20335A128 ML20335A129 ML20335A130 ML20335A131 ML20335A132 ML20335A133 ML20335A135 ML20335A136 ML20335A137 ML20335A138 ML20335A139 ML20335A140 ML20335A141 ML20335A142
References
L-20-186
Download: ML20335A126 (470)
v • d • e

Text

{{#Wiki_filter:BVPS-2 UFSAR Rev. 15 CHAPTER 7 TABLE OF CONTENTS Section Title Page 7 INSTRUMENTATION AND CONTROLS ...................... 7.1-1

7.1 INTRODUCTION

...................................... 7.1-1 7.1.1  Identification of Safety-Related Systems .......... 7.1-3 7.1.2  Identification of Safety Criteria ................. 7.1-4 7.1.3  References for Section 7.1 ........................ 7.1-23 7.2    REACTOR TRIP SYSTEM ............................... 7.2-1 7.2.1  Description ....................................... 7.2-1 7.2.2  Analyses .......................................... 7.2-18 7.2.3  Tests and Inspections ............................. 7.2-35 7.2.4  References for Section 7.2 ........................ 7.2-35 7.3    ENGINEERED SAFETY FEATURES ACTUATION SYSTEM ....... 7.3-1 7.3.1  Description ....................................... 7.3-1 7.3.2  Analysis .......................................... 7.3-10 7.3.3  References for Section 7.3 ........................ 7.3-25 7.4    SYSTEMS REQUIRED FOR SAFE SHUTDOWN ................ 7.4-1 7.4.1  Description ....................................... 7.4-2 7.4.2  Analysis .......................................... 7.4-7 7.4.3  References for Section 7.4 ........................ 7.4-9 7.5    SAFETY-RELATED DISPLAY INSTRUMENTATION ............ 7.5-1 7.5.1  Introduction ...................................... 7.5-1 7.5.2  Description of Information Systems ................ 7.5-1 7.5.3  Description of Variables .......................... 7.5-13 7.5.4  Additional Information ............................ 7.5-16 7.5.5  Bypass and Inoperable Status Indication ........... 7.5-17 7.5.6  Safety Parameter Display System ................... 7.5-19 7.5.7  References for Section 7.5 ........................ 7.5-20 7.6    ALL OTHER SYSTEMS REQUIRED FOR SAFETY ............. 7.6-1 7.6.1  Instrumentation and Control Power Supply System ... 7.6-1 7.6.2  Residual Heat Removal Isolation Valves ............ 7.6-2 7.6.3  Refueling Interlocks .............................. 7.6-4 7.6.4  Accumulator Motor-Operated Valves ................. 7.6-4 7.6.5  Switchover from Injection to Recirculation ........ 7.6-6 7.6.6  Reactor Coolant System Loop Isolation Valve Interlocks Description ............................ 7.6-6 7-i

BVPS-2 UFSAR Rev. 13 TABLE OF CONTENTS (Cont) Section Title Page 7.6.7 Interlocks for RCS Pressure Control during Low Temperature Operation ............................. 7.6-7 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY ........... 7.7-1 7.7.1 Description ....................................... 7.7-1 7.7.2 Analysis .......................................... 7.7-19a 7.7.3 References for Section 7.7 ........................ 7.7-29 7-ii

BVPS-2 UFSAR Rev. 12 LIST OF TABLES Table Number Title 7.1-1 Listing of Applicable Criteria 7.2-1 List of Reactor Trips 7.2-2 Protection System Interlocks and Blocks 7.2-3 Reactor Trip System Instrumentation 7.2-4 Reactor Trip Correlation 7.3-1 Instrument Operating Conditions for Engineered Safety Features 7.3-2 Instrument Operating Conditions for Isolation Functions 7.3-3 Interlocks for Engineered Safety Features Actuation System 7.3-4 FMEAs Performed on Instrumentation and Controls and Electrical Portions Engineered Safety Features and Auxiliary Supporting Systems 7.4-1 Instruments and Controls Outside Main Control Room for Cold Shutdown 7.4-2 Equipment with Control Switches and Control Transfer Switches on Alternate Shutdown Panel 7.4-3 Remote Shutdown Panel Monitoring Instrumentation 7.5-1 Safety-Related Display Instrumentation 7.5-2 Summary of Selection Criteria for Type A,B,C,D, and E Variables 7.5-3 Summary of Design, Qualification, and Interface Requirements 7.5-4 Summary of Type A Variables 7.5-5 Summary of Type B Variables 7.5-6 Summary of Type C Variables 7.5-7 Summary of Type D Variables 7.5-8 Summary of Type E Variables 7-iii

BVPS-2 UFSAR Rev. 12 LIST OF TABLES (Cont) Table Number Title 7.5-9 Summary of Variables and Categories 7.5-10 Bypassed and Inoperable Status Indication 7.7-1 BVPS-2 Control System Interlocks 7-iv

BVPS-2 UFSAR Rev. 15 LIST OF FIGURES Figure Number Title 7.1-1 Protection System Block Diagram 7.1-2 Deleted in Amendment 3 7.2-1 Functional Diagram 7.2-2 Set Point Reduction Function for Overpower and Overtemperature T Trips 7.2-3 Illustration of Overpower and Overtemperature T Protection (Typical) 7.3-1 DELETED 7.3-2 DELETED 7.3-3 Typical ESF Test Circuits 7.3-4 Simplified Elementary Engineered Safeguards Test Cabinet 7.3-5 Deleted from the UFSAR 7.3-6 Functional Diagram Index and Symbols 7.3-7 Functional Diagram Reactor Trip Signals 7.3-8 Functional Diagram Nuclear Instruments and Manual Trip Signals 7.3-9 Functional Diagram Nuclear Instruments Permissives and Blocks 7.3-10 Functional Diagram Primary Coolant System Trip Signals 7.3-11 Functional Diagram Pressurizer Trip Signals 7.3-12 Functional Diagram Steam Generator Trip Signals 7.3-13 Functional Diagram Safeguard Actuation Signals 7.3-14 Functional Diagram Rod Controls and Rod Blocks 7-v

BVPS-2 UFSAR Rev. 0 LIST OF FIGURES (Cont) Figure Number Title 7.3-15 Functional Diagram Steam Dump Control 7.3-16 Functional Diagram Pressurizer Pressure and Level Control 7.3-17 Functional Diagram Pressurizer Heater Control 7.3-18 Functional Diagram Feedwater Control and Isolation 7.3-19 Functional Diagram Auxiliary Feedwater Pumps Startup 7.3-20 Functional Diagram Turbine Trip, Runbacks and Other Signals 7.3-21 Functional Diagram Loop Stop Valve Logic 7.3-22 Functional Diagram Pressurizer Pressure Relief System (Train "A") 7.3-23 Functional Diagram Pressurizer Pressure Relief System (Train "B") 7.3-24 Logic Diagram - Digital Symbols 7.3-25 Logic Diagram - Analog Symbols 7.3-26 Logic Diagram - General Notes 7.3-27 Logic Diagram - Main Feedwater Control 7.3-28 Logic Diagram - Main Feedwater Control 7.3-29 Logic Diagram - Main Feedwater Control 7.3-30 Logic Diagram - Main Feedwater Control 7.3-31 Logic Diagram - Main Feedwater Control 7.3-32 Logic Diagram - Main Feedwater Control 7.3-33 Logic Diagram - Main Feedwater Control 7.3-34 Logic Diagram - Reactor Trips 7.3-35 Logic Diagram - Reactor Trips 7.3-36 Logic Diagram - Reactor Trips 7.3-37 Logic Diagram - Reactor Trips 7-vi

BVPS-2 UFSAR Rev. 0 LIST OF FIGURES (Cont) Figure Number Title 7.3-38 Logic Diagram - Reactor Trips 7.3-39 Logic Diagram - Emergency Generator - Starting 7.3-40 Logic Diagram - Emergency Generator - Starting 7.3-41 Logic Diagram - Emergency Generator - Starting 7.3-42 Logic Diagram - Emergency Generator - Starting 7.3-43 Logic Diagram - Emergency Generator - Starting 7.3-44 Logic Diagram - Emergency Generator - Starting 7.3-45 Logic Diagram - Emergency Generator - Starting 7.3-46 Logic Diagram - Emergency Generator - Starting 7.3-47 Logic Diagram - Emergency Generator - Starting 7.3-48 Logic Diagram - Emergency Generator - Starting 7.3-49 Logic Diagram - Emergency Generator - Starting 7.3-50 Logic Diagram - Emergency Generator - Starting 7.3-51 Logic Diagram - Emergency Generator - Starting 7.3-52 Logic Diagram - Emergency Generator - Starting 7.3-52a Logic Diagram - Emergency Generator - Starting 7.3-53 Logic Diagram - Steam Generator Auxiliary Feed Pumps and Valves 7.3-54 Logic Diagram - Steam Generator Auxiliary Feed Pumps and Valves 7.3-55 Logic Diagram - Steam Generator Auxiliary Feed Pumps and Valves 7.3-56 Logic Diagram - Steam Generator Auxiliary Feed Pumps and Valves 7.3-56a Logic Diagram - Steam Generator Auxiliary Feed Pumps and Valves 7.3-57 Logic Diagram - Main Steam Line Trip Valves 7-vii

BVPS-2 UFSAR Rev. 0 LIST OF FIGURES (Cont) Figure Number Title 7.3-58 Logic Diagram - Main Steam Line Trip Valves 7.3-59 Logic Diagram - Main Steam Line Trip Valves 7.3-60 Logic Diagram - Main Steam Line Trip Valves 7.3-61 Logic Diagram - Containment Depressurization and Isolation Signal Initiation System 7.3-62 Logic Diagram - Containment Depressurization and Isolation Signal Initiation System 7.3-63 Logic Diagram - Safety Injection and Containment Isolation Phase A 7.3-64 Logic Diagram - Safety Injection and Containment Isolation Phase A 7.3-65 Logic Diagram - Pressurizer Control 7.3-66 Logic Diagram - Pressurizer Control 7.3-67 Logic Diagram - Pressurizer Control 7.3-68 Logic Diagram - Pressurizer Control 7.3-69 Logic Diagram - Pressurizer Control 7.3-70 Logic Diagram - Pressurizer Control 7.3-71 Logic Diagram - Pressurizer Control 7.3-72 Logic Diagram - Pressurizer Control 7.3-72a Logic Diagram - Pressurizer Control 7.3-72b Logic Diagram - Pressurizer Control 7.3-72c Logic Diagram - Pressurizer Control 7.3-73 Logic Diagram - Charging Pumps 7.3-74 Logic Diagram - Charging Pumps 7.3-75 Logic Diagram - Charging Pumps 7.3-76 Logic Diagram - Charging Pumps 7-viii

BVPS-2 UFSAR Rev. 14 LIST OF FIGURES (Cont) Figure Number Title 7.3-77 Logic Diagram - Charging Pumps 7.3-77a Logic Diagram - Charging Pumps 7.3-77b Logic Diagram - Charging Pumps 7.3-78 Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-79 Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-80 Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-81 Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-82 Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-82a Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-82b Logic Diagram - Reactor Coolant System Reactor Coolant Letdown 7.3-82c Logic Diagram - Reactor Coolant Letdown 7.3-83 Logic Diagram - Safety Injection System Safety Injection Accumulators 7.3-84 Logic Diagram - Safety Injection System Safety Injection Accumulators 7.3-85 Logic Diagram - Safety Injection System Safety Injection Accumulators 7.3-86 Logic Diagram - Safety Injection System Safety Injection Accumulators 7.3-86a Logic Diagram - Safety Injection System Safety Injection Accumulators 7.3-87 Logic Diagram - Reactor Coolant Pumps 7.3-88 Logic Diagram - Reactor Coolant Pumps 7-ix

BVPS-2 UFSAR Rev. 12 LIST OF FIGURES (Cont) Figure Number Title 7.3-89 Logic Diagram - Reactor Coolant Pumps 7.3-90 Logic Diagram - Reactor Coolant Pumps 7.3-91 Logic Diagram - Reactor Coolant Pumps 7.3-92 Logic Diagram - Reactor Coolant Pumps 7.3-93 Logic Diagram - Reactor Coolant Pumps 7.3-94 Logic Diagram - Reactor Coolant Pumps 7.3-95 Logic Diagram - Reactor Coolant Pumps 7.4-1 Deleted 7.4-2 Deleted 7.4-3 Deleted 7.4-4 Deleted 7.4-4a Deleted 7.4-5 Logic Diagram Steam Bypass System 7.4-6 Logic Diagram Steam Bypass System 7.4-7 Logic Diagram Steam Bypass System 7.4-8 Logic Diagram Steam Bypass System 7.4-9 Logic Diagram Steam Bypass System 7.4-10 Logic Diagram Steam Bypass System 7.4-11 Logic Diagram Steam Bypass System 7.4-12 Logic Diagram Steam Bypass System 7.4-13 Logic Diagram Steam Bypass System 7-x

BVPS-2 UFSAR Rev. 12 LIST OF FIGURES (Cont) Figure Number Title 7.4-14 Logic Diagram Steam Bypass System 7.4-15 Logic Diagram Primary Component Cooling Water Pumps 7.4-16 Logic Diagram Cooling Water System Primary Component Cooling Water Pumps 7.4-17 Logic Diagram Primary Component Cooling Water Pumps 7.4-18 Logic Diagram Service Water System 7.4-19 Logic Diagram Service Water System 7.4-20 Logic Diagram Service Water System 7.4-21 Logic Diagram Service Water System 7.4-22 Logic Diagram Service Water System 7.4-23 Logic Diagram Service Water System 7.4-24 Logic Diagram Service Water System 7.4-25 Logic Diagram Service Water System 7.4-26 Logic Diagram Service Water System 7.4-26a Logic Diagram Service Water System 7.4-26b Logic Diagram Service Water System 7.4-26c Logic Diagram Service Water System 7.4-26d Logic Diagram Service Water System 7.4-27 Logic Diagram Ventilation System Containment Air Recirculation Fans 7.4-28 Logic Diagram Ventilation System Containment Air Recirculation Fans 7.4-29 Logic Diagram Ventilation System Containment Air Recirculation Fans 7.4-30 Logic Diagram Ventilation System Containment Air Recirculation Fans 7-xi

BVPS-2 UFSAR Rev. 12 LIST OF FIGURES (Cont) Figure Number Title 7.4-31 Deleted 7.4-32 Deleted 7.4-33 Deleted 7.4-34 Deleted 7.4-35 Deleted 7.4-36 Deleted 7.4-37 Deleted 7.4-38 Deleted 7.4-39 Deleted 7.4-40 Deleted 7.4-41 Deleted 7.4-42 Deleted 7.4-43 Deleted 7.4-44 Deleted 7.4-44a Deleted 7.4-45 Deleted 7.4-46 Deleted 7.4-47 Deleted 7.4-48 Deleted 7.4-49 Deleted 7.4-50 Deleted 7.4-51 Deleted 7.4-52 Deleted 7.4-52a Deleted 7-xii

BVPS-2 UFSAR Rev. 16 LIST OF FIGURES (Cont) Figure Number Title 7.4-52b Deleted 7.4-52c Deleted 7.4-53 Deleted 7.4-54 Deleted 7.4-55 Deleted 7.4-56 Deleted 7.4-57 Deleted 7.4-57a Deleted 7.4-57b Deleted 7.4-57c Deleted 7.4-58 Deleted 7.4-59 Deleted 7.4-60 Deleted 7.4-61 Deleted 7.4-62 Deleted 7.4-62a Deleted 7.4-63 Logic Diagram Safety Injection Control Valves 7.4-64 Logic Diagram Safety Injection Control Valves 7.4-65 Logic Diagram Safety Injection Control Valves 7.4-66 Logic Diagram Safety Injection Control Valves 7.4-66a Deleted 7.4-67 Deleted 7.4-68 Deleted 7-xiii

BVPS-2 UFSAR Rev. 12 LIST OF FIGURES (Cont) Figure Number Title 7.4-69 Deleted 7.4-70 Deleted 7.4-70a Deleted 7.4-71 Logic Diagram Boric Acid Transfer Pumps 7.4-71a Logic Diagram Boric Acid Transfer Pumps 7.4-72 Logic Diagram Volume Control Tank 7.4-73 Logic Diagram Volume Control Tank 7.4-74 Logic Diagram Volume Control Tank 7.4-75 Logic Diagram Volume Control Tank 7.4-76 Logic Diagram Residual Heat Removal System 7.4-77 Logic Diagram Residual Heat Removal System 7.4-78 Logic Diagram Residual Heat Removal System 7.4-79 Logic Diagram Residual Heat Removal System 7.4-79a Logic Diagram Residual Heat Removal System 7.4-80 Deleted 7.4-81 Deleted 7.4-82 Deleted 7.4-83 Deleted 7.4-84 Deleted 7.4-85 Deleted 7.4-86 Deleted 7.4-87 Logic Diagram Cold Leg Isolation Valves 7.4-88 Logic Diagram Cold Leg Isolation Valves 7.5-1 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-2 Bypassed and Inoperable Status Indication - Logic Diagram 7-xiv

BVPS-2 UFSAR Rev. 0 LIST OF FIGURES (Cont) Figure Number Title 7.5-3 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-4 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-5 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-6 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-7 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-8 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-9 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-10 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-11 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-12 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-13 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-14 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-15 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-16 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-17 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-18 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-19 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-20 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-21 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-22 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-23 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-24 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-25 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-26 Bypassed and Inoperable Status Indication - Logic Diagram 7-xv

BVPS-2 UFSAR Rev. 16 LIST OF FIGURES (Cont) Figure Number Title 7.5-27 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-28 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-29 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-30 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-31 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-32 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-33 Bypassed and Inoperable Status Indication - Logic Diagram 7.5-34 Bypassed and Inoperable Status Indication - Logic Diagram 7.6-1 Single Line Diagram of Instrumentation and Control Power Supply System 7.6-2 Logic Diagram for Outer RHRS Suction Isolation Valve and Discharge Isolation Valve 7.6-3 Logic Diagram for Inner RHRS Suction Isolation Valve and Discharge Isolation Valve 7.6-4 Functional Block Diagram of Accumulator Isolation Valve 7.6-5 Deleted 7.6-6 Deleted 7.6-7 Functional Diagram for PORV Interlocks for RCS Pressure Control During Low Temperature Operation 7.6-8 Logic Diagram for Switchover from Injection to Recirculation 7.7-1 Simplified Block Diagram Rod Control System 7.7-2 Control Bank Rod Insertion Monitor 7.7-3 Rod Deviation Comparator 7.7-4 Block Diagram of Pressurizer Pressure Control System 7.7-5 Block Diagram of Pressurizer Level Control System 7.7-6 Block Diagram of Steam Generator Water Level Control System 7-xvi

BVPS-2 UFSAR Rev. 0 LIST OF FIGURES (Cont) Figure Number Title 7.7-7 Block Diagram of Steam Dump Control System 7.7-8 Basic Flux Mapping System 7.7-9 Simplified Block Diagram of Reactor Control System 7.7-10 Control Bank D Partial Simplified Schematic Diagram Power Cabinets 1BD and 2BD 7-xvii

BVPS-2 UFSAR Rev. 0 CHAPTER 7 INSTRUMENTATION AND CONTROLS

7.1 INTRODUCTION

This chapter presents the various plant instrumentation and control (I&C) systems by relating the functional performance requirements, design bases, system descriptions, design evaluations, and tests and inspections for each. The information provided in this chapter emphasizes those instruments and associated equipment which constitute the protection system as defined in the Institute of Electrical and Electronics Engineers (IEEE) Standard 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations. The primary purpose of the I&C systems is to provide automatic protection and exercise proper control against unsafe and improper reactor operation during steady state and transient power operations (American Nuclear Society (ANS) Conditions I, II, III), and to provide initiating signals to mitigate the consequences of faulted conditions (ANS Condition IV). The ANS conditions are discussed in Chapter 15. Consequently, the information presented in this chapter emphasizes those I&C systems which are central to assuring that the reactor can be operated to produce power in a manner that ensures no undue risk to the health and safety of the public. It is shown that the applicable criteria and codes, such as the U.S. Nuclear Regulatory Commission (USNRC) General Design Criteria (GDC) and IEEE Standards, concerned with the safe generation of nuclear power are met by these systems. Definitions Terminology used in this chapter is based on the definitions given in IEEE Standard 279-1971. In addition, the following definitions apply: Degree of Redundancy: The difference between the number of channels monitoring a variable and the number of channels, which when tripped, will cause an automatic system trip. Minimum Degree of Redundancy: The degree of redundancy below which operation is prohibited, or otherwise restricted, by the Technical Specifications. Cold Shutdown Condition: When the reactor is subcritical by at least 1 percent k/k and Tavg is 200°F. Hot Standby Condition: When the reactor is subcritical by an amount greater than or equal to the margin to be specified in the applicable Technical Specification, and Tavg is greater than or equal to the 7.1-1

BVPS-2 UFSAR Rev. 0 temperature to be specified in the applicable Technical Specification. Containment Isolation Phase A: Closure of all nonessential process lines which penetrate containment, initiated by the engineered safety features (ESF). Containment Isolation Phase B: Closure of remaining process lines, initiated by containment Hi-3 pressure signal (process lines do not include ESF lines). System Response Times Reactor Trip System Response Time: The reactor trip system (RTS) response time shall be the time interval from when the monitored parameter exceeds its trip set point at the channel sensor until loss of voltage to the stationary gripper coils. Engineered Safety Features Actuation System Response Time: The interval required for the ESF sequence to be initiated subsequent to the point in time that the appropriate variable(s) exceed set points. The response time includes sensor/process (analog) and logic (digital) delay. Reproducibility - This definition is taken from Scientific Apparatus Manufacturers Association (SAMA) Standard PMC-20.1-1973, Process Measurement and Control Terminology: The closeness of agreement among repeated measurements of the output for the same value of input, under normal operating conditions over a period of time, approaching from both directions. It includes drift due to environmental effects, hysteresis, long term drift, and repeatability. Long term drift (aging of components, etc) is not an important factor in accuracy requirements since, in general, the drift is not significant with respect to the time elapsed between testing. Therefore, long term drift may be eliminated from this definition. Reproducibility, in most cases, is a part of the definition of accuracy (described as follows): Accuracy - This definition is derived from SAMA Standard PMC-20.1-1973. An accuracy statement for a device falls under Note 2 of the SAMA definition of accuracy, which means reference accuracy or the accuracy of that device at reference operation conditions: Reference accuracy includes conformity, hysteresis, and repeatability. To adequately define the accuracy of a system, the term reproducibility is useful as it covers normal operating conditions. The following terms, trip accuracy and indicated accuracy, etc, will then include conformity and reproducibility under normal operating conditions. Where the final result does not have to conform to an actual process variable but is related to another value established by testing, conformity may be eliminated, and the term reproducibility may be substituted, for accuracy. 7.1-2

BVPS-2 UFSAR Rev. 10 Normal Operating Conditions: These conditions cover all normal process temperature and pressure changes. Also included are ambient temperature changes around the transmitter and racks. Accuracies under post-accident conditions are not included. Readout Devices - For consistency, the final device of a complete channel is considered a readout device. This includes indicators, recorders, and controllers. Channel Accuracy - This definition includes accuracy of primary element, transmitter, and rack modules. It does not include readout devices or rack environmental effects, but does include process and environmental effects on field-mounted hardware. Rack environmental effects are included in the next two definitions to avoid duplication due to dual inputs. Indicated and/or Recorded Accuracy - This definition includes channel accuracy, accuracy of readout devices, and rack environmental effects. Trip Accuracy - This definition includes comparator accuracy, channel accuracy for each input, and rack environmental effects. This is the tolerance expressed in process terms (percent or span) within which the complete channel must perform its intended trip function. This includes all instrument errors but no process effects, such as streaming. The term actuation accuracy may be used where the word trip might cause confusion (for example, when starting pumps and other equipment). Control Accuracy - This definition includes channel accuracy, accuracy of readout devices (isolator, controller), and rack environmental effects. Where an isolator separates control and protection signals, the isolator accuracy is added to the channel accuracy to determine control accuracy, but credit is taken for tuning beyond this point, that is, the accuracy of these modules (excluding controllers) is included in the original channel accuracy. It is simply defined as the accuracy of the control signal in percent of the span of that signal. This will then include gain changes where the control span is different from the span of the measured variable. Where controllers are involved, the control span is the input span of the controller. No error is included for the time in which the system is in a nonsteady-state condition. 7.1.1 Identification of Safety-Related Systems 7.1.1.1 Safety-Related Systems The instrumentation discussed in Chapter 7 that is credited in the accident analyses, and those needed to shut down Beaver Valley Power Station - Unit 2 (BVPS-2) safely are given in this section. 7.1-3

BVPS-2 UFSAR Rev. 0 7.1.1.1.1 Reactor Trip System The RTS is a functionally defined system described in Section 7.2. The equipment which provides the trip functions is also identified and discussed in Section 7.2. Design bases for the RTS are given in Section 7.1.2.1.1. Figure 7.1-1 includes a single line diagram of this system. 7.1.1.1.2 Engineered Safety Features Actuation System The engineered safety features actuation system (ESFAS) is a functionally defined system described in Section 7.3. The equipment which provides the actuation functions is identified and discussed in Section 7.3. Design bases or the ESFAS are given in Section 7.1.2.1.2. 7.1.1.1.3 Instrumentation and Control Power Supply System Design bases for the I&C power supply system are given in Section 7.1.2.1.3. Further description of this system is provided in Section 7.6.1. 7.1.1.2 Safety-Related Display Instrumentation Display instrumentation provides the operator with information to enable him to monitor the results of ESF actions following a Condition II, III, or IV event. Table 7.5-1 identifies the safety-related display information. 7.1.1.3 Instrumentation and Control System Designers All systems discussed in Chapter 7 have definitive functional requirements developed on the basis of the nuclear steam supply system (NSSS) design. All equipment necessary to achieve the functions shown on the logic diagrams, Figure 7.2-1, Sheets 1 through 18, are supplied by the NSSS, except where noted on the diagrams as being supplied by others. 7.1.1.4 Plant Comparison System functions for all systems discussed in Chapter 7 are similar to those of the Beaver Valley Power Station - Unit 1. A comparison table is provided in Section 1.3. 7.1.2 Identification of Safety Criteria Section 7.1.2.1 gives design bases for the safety-related systems given in Section 7.1.1.1. Design bases for nonsafety-related systems are provided in the sections which describe the systems. Conservative considerations for instrument errors are included in the accident analyses presented in Chapter 15. Functional requirements developed on the basis of the results of the accident analyses, which 7.1-4

BVPS-2 UFSAR Rev. 0 have utilized conservative assumptions and parameters, are used in designing these systems and a pre-operational testing program verifies the adequacy of the design. Accuracies are given in Sections 7.2, 7.3, and 7.5. The criteria documents listed in Table 7.1-1 were considered in the design of the systems given in Section 7.1.1. In general, the scope of these documents is given in the document itself. This determines the systems or parts of systems to which the document is applicable. A discussion of compliance with each document for systems in its scope is provided in the referenced sections. Because some documents were issued after design and testing had been completed, the equipment documentation may not meet the format requirements of some standards. Justification for any exceptions taken to each document for systems in its scope is provided in the referenced sections. 7.1.2.1 Design Bases 7.1.2.1.1 Reactor Trip System The RTS acts to limit the consequences of Condition II events (faults of moderate frequency, such a loss of feedwater flow) by, at most, a shutdown of the reactor and turbine, with BVPS-2 capable of returning to operation after corrective action. The RTS features impose a limiting boundary region to BVPS-2 operation which ensures that the reactor safety limits are not exceeded during Condition II events and that these events can be accommodated without developing into more severe conditions. Reactor trip set points are given in Chapter 16, Technical Specifications. The design requirements for the RTS are derived by analyses of BVPS-2 operating and fault conditions where automatic rapid control rod insertion is necessary in order-to prevent or limit core or reactor coolant boundary damage. The design bases addressed in Section 3 of IEEE Standard 279-1971 are discussed in Section 7.2.1. The design limits specified for the RTS are:

1. Minimum departure from nucleate boiling ratio shall not be less than 1.30 as a result of any anticipated transient or malfunction (Condition II faults).

2. Power density shall not exceed the rated linear power density for Condition II faults. Chapter 4 describes fuel design limits.

3. The stress limit of the reactor coolant system for the various conditions shall not be exceeded as specified in Chapter 5.

4. Release of radioactive material shall not be sufficient to interrupt or restrict public use of those areas beyond the exclusion radius as a result of any Condition III fault.

7.1-5

BVPS-2 UFSAR Rev. 16

5. For any Condition IV fault, release of radioactive material shall not result in an undue risk to public health and safety.

7.1.2.1.2 Engineered Safety Features Actuation System The ESFAS acts to limit the consequences of Condition III events (infrequent faults such as primary coolant leakage from a small rupture which exceeds normal charging system makeup and requires actuation of the safety injection system). The ESFAS acts to mitigate Condition IV events (limiting faults, which include the potential for significant release of radioactive material). The design bases for the ESFAS are derived from the design bases given in Chapter 6 for the ESF. Design bases requirements of Section 3 of IEEE Standard 279-1971 are addressed in Section 7.3.1.2. General design requirements are as follows:

1. Automatic actuation requirements The primary requirement of the ESFAS is to receive input signals (information) from the various processes within the reactor plant and containment and automatically provide, as output, timely and effective signals to actuate the various components and subsystems comprising the ESF system.

2. Manual actuation requirements The ESFAS has provisions in the main control room for manually initiating the functions of the ESF.

7.1.2.1.3 Instrumentation and Control Power Supply System The I&C power supply system provides continuous, reliable, regulated single-phase ac power to all I&C equipment required for plant safety. Details of this system are provided in Section 7.6. The design bases are given as follows:

1. Each inverter has the capacity and regulation required for the ac output for proper operation of the equipment supplied.

2. Redundant loads are assigned to different distribution panels which are supplied from different inverters.

3. Auxiliary devices that are required to operate dependent equipment are supplied from the same distribution panel to prevent the loss of electric power in one protection set from causing the loss of equipment in another protection set. No single failure shall cause a loss of power supply to more than one distribution panel.

7.1-6

BVPS-2 UFSAR Rev. 0

4. Each of the distribution panels has access only to its respective inverter supply and a standby power supply.

5. The system complies with IEEE Standard 308-1974, Criteria for Class lE Power Systems for Nuclear Power Generating Stations, Paragraph 5.4.

7.1.2.1.4 Emergency Power Design bases and system description for the emergency power supply is provided in Chapter 8. 7.1.2.1.5 Interlocks Interlocks are discussed in Sections 7.2, 7.3, 7.6, and 7.7. The protection (P) interlocks for reactor trip and ESFAS are given in Tables 7.2-2 and 7.3-3. The safety analyses demonstrate that even under conservative critical conditions for either postulated or hypothetical accidents, the protective systems ensure that the NSSS will be put into and maintained in a safe state following an ANS Condition II, III, or IV accident commensurate with applicable Technical Specifications and pertinent ANS criteria. Therefore, the protective systems have been designed to meet IEEE Standard 279-1971 and are entirely redundant and separate, including all permissives and blocks. All blocks of a protective function are automatically cleared whenever the protective function would be required to function in accordance with GDC 20, 21, and 22 and Paragraphs 4.11, 4.12, and 4.13 of IEEE Standard 279-1971. Control interlocks (C) are identified in Table 7.7-1. Because control interlocks are not safety-related, they have not been specifically designed to meet the requirements of IEEE protection system standards. 7.1.2.1.6 Bypasses Bypasses are designed to meet the requirements of IEEE Standard 279-1971, Paragraphs 4.11, 4.12, 4.13, and 4.14. A discussion of bypasses provided is given in Sections 7.2 and 7.3. 7.1.2.1.7 Equipment Protection The criteria for equipment protection are given in Chapter 3. Equipment related to safe operation of BVPS-2 is designed, constructed, and installed to protect it from damage. This is accomplished by working to accepted standards and criteria aimed at providing reliable instrumentation that is available under varying conditions. As an example, certain equipment is seismically qualified in accordance with IEEE Standard 344-1975, Guide for Seismic Qualification of Class 1 Electrical Equipment for Nuclear Power Generating Stations. During construction, independence and separation are achieved, as required by IEEE Standards 279-1971 and 384-1974, Criteria for Independence of Class 1E Equipment and Circuits, and Regulatory Guide 1.75, either by barriers or physical 7.1-7

BVPS-2 UFSAR Rev. 0 separation or by analysis or test. This serves to protect against complete destruction of a system by fires, missiles, or other natural hazards. 7.1.2.1.8 Diversity Functional diversity has been designed into the ESFAS and the RTS. Functional diversity is discussed by Gangloff and Loftus (1971). The extent of diverse system variables has been evaluated for a wide variety of postulated accidents. For example, there are automatic reactor trips based upon neutron flux measurements, reactor coolant temperature and flow measurements, pressurizer pressure and level measurements, steam generator feedwater flow and level measurements, and reactor coolant pump (RCP) underfrequency and undervoltage measurements, as well as manually, and by initiation of a safety injection signal. Regarding the ESFAS for a loss-of-coolant accident, a safety injection signal can be obtained manually or by automatic initiation from two diverse parameter measurements.

1. Low pressurizer pressure.

2. High containment pressure (Hi-1).

For a steam line break accident, diversity of safety injection signal actuation is provided by:

1. Low compensated steam line pressure.

2. For a steam break inside containment, high containment pressure (Hi-1) provides an additional parameter for generation of the signal.

3. Low pressurizer pressure.

All of the preceding sets of signals are redundant and physically separated and meet the requirements of IEEE Standard 279-1971. 7.1.2.1.9 Trip Set Points The guidelines of Regulatory Guide 1.105 are followed with the clarification described as follows: The protection system will automatically initiate appropriate protective action whenever a condition monitored by the system reaches a preset condition or set point. Three groups of values are used in determining reactor trip and ESF actuation set points. 7.1-8

BVPS-2 UFSAR Rev. 0 The first group of values will be the safety analysis limits assumed in the accident analysis (Chapter 15). These will be the least conservative values. The second group will consist of limiting values as listed in Chapter 16, Technical Specifications. These will be the maximum/minimum allowable values for limiting safety system settings and limiting conditions for operation. Limiting values will be obtained by subtracting a safety margin from the safety analysis values. The safety margin will account for instrument error, calibration uncertainties, and process uncertainties, such as flow stratification and transport factor effects, etc. The third group will consist of the nominal values set into the equipment. These values will be obtained by subtracting allowances for instrument drift from the limiting values. The nominal values will allow for normal expected instrument set point drift such that the Technical Specification allowable values will not be exceeded under normal operation. These values are given in the trip set points in Chapter 16. As illustrated previously, the trip set point will be determined by factors other than the most accurate portion of the instruments range. The only requirement on the instruments accuracy value is that over the instrument span, and the error must always be less than or equal to that assumed in the accident analysis. The instrument does not need to be the most accurate at the trip set point value as long as it meets the minimum accuracy requirements. Range selection for the instrumentation will cover the expected range of the process variable being monitored, consistent with its application. The design of the protection system will be such that trip set points will not require process transmitters to operate within 5 percent of the high and low ends of their calibrated span or range. Functional requirements established for every channel in the protection system stipulate the maximum allowable errors on accuracy, linearity, and reproducibility. The protection channels will have the capability for and will be tested to ascertain that the characteristics throughout the entire span are acceptable, and meet the functional requirements specifications. In this regard, it should be noted that specific functional requirements for response time, set point, and operating span will be finalized contingent on the results and evaluation of safety studies to be carried out using data pertinent to BVPS-2. Emphasis will be placed on establishing adequate performance requirements under both normal and faulted conditions. This will include consideration of process transmitter margins such that even under a highly improbable situation of full power operation at the safety analysis limits, that adequate instrumentation response is available to ensure plant safety. 7.1-9

BVPS-2 UFSAR Rev. 0 7.1.2.1.10 Engineered Safety Features Motor Specifications Motors are discussed in Section 8.3. 7.1.2.2 Independence of Redundant Safety-Related Systems The safety-related systems in Section 7.1.1.1 are designed to meet the independence requirements of GDC 22 and Paragraph 4.6 of IEEE Standard 279-1971. The electrical power supply, instrumentation, and control conductors for redundant circuits of BVPS-2 have physical separation to preserve the redundancy and to ensure that no single credible event will prevent operation of the associated function due to electrical conductor damage. Critical circuits and functions include power, control, and analog instrumentation associated with the operation of the RTS or ESFAS. Credible events include, but are not limited to, the effects of short circuits, pipe rupture, missiles, fire, etc, and are considered in the basic BVPS-2 design. 7.1.2.2.1 General (Including Regulatory Guide 1.75 and IEEE Standard 384-1974) Description of separation is provided in Section 8.3. The physical separation criteria for redundant safety-related system sensors, sensing lines, wireways, cables, and components on racks within the NSSS scope meet recommendations contained in Regulatory Guide 1.75, with the following comments: The core thermocouple system satisfies Regulatory Guide 1.75 separation requirement except for the two channels/trains inside the refueling cavity. The method of installation of the core thermocouples within the reactor cavity was completed prior to upgrading of the system to satisfy Regulatory Guide 1.97 requirements. The design within the refueling cavity is acceptable because:

1. Only a small self-generated signal exists in the cabling from the thermocouples to the reference junction boxes and therefore no chance exists for a postulated propagating fault, and

2. Due to the interference provided by the rod control mechanisms and rod position indicator stack, no likelihood exists for rendering all thermocouples inoperable.

Separation recommendations for redundant instrumentation racks are not the same as those given in Paragraph C-16 of Regulatory Guide 1.75 for the main control boards because of different functional requirements. Main control boards contain redundant circuits which are required to be physically separated from each 7.1-10

BVPS-2 UFSAR Rev. 0 other. However, since there are no redundant circuits which share a single compartment of an NSSS protection instrumentation rack, and since these redundant protection instrumentation racks are physically separated from each other, the physical separation requirements specified for the main control board do not apply. To demonstrate the adequacy of the designs, test programs were conducted to supplement the isolator verification tests in order to assess any effects due to the manner in which isolators were wired in the protection cabinets. The programs demonstrated that Class 1E protection systems: nuclear instrumentation system (NIS), solid state protection system (SSPS), and 7300 process control system (PCS) are not degraded by non-Class 1E circuits sharing the same enclosure. Conformance to the requirements of IEEE Standard 279-1971 and Regulatory Guide 1.75 has 7.1-10a

BVPS-2 UFSAR Rev. 0 been established and accepted by the USNRC based on the following, which is applicable to these systems at BVPS-2. Tests conducted on the as-built designs of the NIS and SSPS were reported and accepted by the USNRC in support of the Diablo Canyon application (Docket Nos. 50-275 and 50-323). These programs are applicable to BVPS-2. Tests on the 7300 PCS are covered in the report entitled 7300 Series Process Control System Noise Tests subsequently reissued as WCAP-8892-A (Siroky and Marasco 1977). In a letter dated April 20, 1977, R. Tedesco to C. Eicheldinger, the USNRC accepted the report in which the applicability of BVPS-2 is established. Tests were conducted on the Eagle 21 Family of equipment of which the PSMS is included. The results of the testing are described in detail in WCAP-11340, Noise, Fault, Surge and Radio Frequency Interference Test Report same subject (Non-Proprietary). These WCAPs were officially submitted to the NRC on the South Texas Docket. 7.1.2.2.2 Specific Systems Independence is maintained through the system, extending from the sensor through to the devices actuating the protective function. Physical separation is used to achieve separation of redundant transmitters. Separation of wiring is achieved using separate wireways, cable trays, conduit runs, and containment penetrations for each redundant protection channel set. Redundant analog equipment is separated by locating modules in different protection rack sets. Each redundant channel set is energized from a separate ac power source. There are four separate process analog sets. Separation of redundant analog channels begins at the process sensors and is maintained in the field wiring, containment penetrations, and analog protection cabinets to the redundant trains in the logic racks. Redundant analog channels are separated by locating modules in different cabinets. Since all equipment within any cabinet is associated with a single protection set, there is no requirement for separation of wiring and components within the cabinet. In the NIS, 7300 PCS, and the SSPS input cabinets, where redundant channel instrumentation are physically adjacent, there are no wireways or cable penetrations which would permit, for example, a fire resulting from electrical failure in one channel to propagate into redundant channels in the logic racks. Redundant analog channels are separated by locating modules in different cabinets. Since all equipment within any cabinet is associated with a single protection set, there is no requirement for separation of wiring and components within the cabinet. Independence of the logic trains is discussed in WCAP-7672 (Katz 1971). Two reactor trip breakers are actuated by two separate logic matrices which interrupt power to the control rod drive mechanisms. 7.1-11

BVPS-2 UFSAR Rev. 0 The breaker main contacts are connected in series with the power supply so that opening either breaker interrupts power to all CRDMs, permitting the rods to free fall into the core.

1. Reactor trip system

a. Separate routing is maintained for the four basic RTS channel sets analog sensing signals, bistable output signals, and power supplies for such systems. The separation of these four channel sets is maintained from sensors to instrument cabinets to logic system input cabinets.

b. Separate routing of the redundant reactor trip signals from the redundant logic system cabinets is maintained, and in addition, they are separated by spatial separation or by provision of barriers or by separate cable trays or wireways from the four analog channel sets.

2. Engineered safety features actuation system

a. Separate routing is maintained for the four basic sets of ESFAS analog sensing signals, bistable output signals, and power supplies for such systems. The separation of these four channel sets is maintained from sensors to instrument cabinets to logic system input cabinets.

b. Separate routing of the ESF actuation signals from the redundant logic system cabinets is maintained. In addition, they are separated by spatial separation or by provisions of barriers or by separate cable trays or wireways from the four analog channel sets.

c. Separate routing of control and power circuits associated with the operation of ESF equipment is required to retain redundancies provided in the system design and power supplies.

3. Instrumentation and control power supply system The separation criteria presented also apply to the power supplies for the load centers and buses distributing power to redundant components and to the control of these power supplies (Section 8.3).

The RTS and ESFAS analog circuits may be routed in the same wireways provided circuits have the same power supply and channel set identified (I, II, III, or IV). 7.1-12

BVPS-2 UFSAR Rev. 0 7.1.2.2.3 Fire Protection For electrical equipment within the NSSS scope of supply, Westinghouse specifies noncombustible or fire retardant material and conducts vendor-supplied specification reviews of this equipment, 7.1-12a

BVPS-2 UFSAR Rev. 24 which includes assurance that materials will not be used which may ignite or explode from an electrical spark, flame, or from heating, or will independently support combustion. These reviews also include assurance of conservative current carrying capacities of all instrument cabinet wiring, which precludes electrical fires resulting from excessive overcurrent (I2R) losses. For example, wiring used for instrument cabinet construction has teflon or tefzel insulation and will be adequately sized based on current carrying capacities set forth by the National Electrical Code. Braided sheathed material is noncombustible. BVPS-2 fire protection is described in Section 9.5.1. 7.1.2.3 Physical Identification of Safety-Related Equipment There are four separate protection sets identifiable with process equipment associated with the RTS and ESFAS. A protection set may be comprised of more than a single process equipment cabinet. The color coding of each process equipment rack nameplate coincides with the color code established for the protection set of which it is a part. Redundant channels are separated by locating them in different equipment cabinets. Separation of redundant channels begins at the process sensors and is maintained in the field wiring, containment penetrations, and equipment cabinets to the redundant trains in the logic racks. The SSPS input cabinets are divided into four isolated compartments, each serving one of four redundant input channels. Horizontal l/8-inch thick solid steel barriers, coated with fire retardant paint, separate the compartments. Four l/8-inch thick solid steel, vertical wireways coated with fire retardant paint enter the input cabinets. The wireway for a particular compartment is open only into that compartment so that flame could not propagate to affect other channels. At the logic racks, the protection set color coding for redundant channels is clearly maintained until the channel loses its identity in the redundant logic trains. The color coded nameplates described as follows provide identification of equipment associated with protective functions and their channel set association: Channel Color Coding I Red with white lettering II White with black lettering III Blue with white lettering IV Yellow with black lettering All noncabinet-mounted protective equipment and components are provided with an identification tag or nameplate. Small electrical components, such as relays, have nameplates on the enclosure which houses them. All cables are numbered with identification tags. Section 8.3 discusses cables, cable trays, and conduit. 7.1-13

BVPS-2 UFSAR Rev. 14 7.1.2.4 Requirements for Periodic Testing Periodic testing of the RTS and ESFAS is described in Sections 7.2.2 and 7.3.2. Testing complies with Regulatory Guide 1.22 and IEEE Standard 338-1977, Criteria for the Periodic Testing of Nuclear Power Generating Station Class 1E Power and Protection Systems. The surveillance requirements of the Technical Specifications ensure that the system functional operability will be maintained comparable to the original design standards. Periodic testing shall be conducted at the intervals specified in Technical Specifications for reactor trip, for ESF actuation, and for post-accident monitoring. Sensors will be demonstrated adequate for the design by test reports, analysis, operating experience, or by suitable type testing. The NIS detectors are excluded since delays attributable to them do not constitute a significant portion of the overall channel response. Where the ability of a system to respond to a bona fide accident signal is intentionally bypassed for the purpose of performing a test during reactor operation, each bypass condition is automatically indicated to the reactor operator in the main control room by a separate annunciator for the train in test. Test circuitry does not allow two trains to be tested at the same time so that extension of the bypass condition to the redundant system is prevented. The actuation logic for the RTS and ESFAS is tested as described in Sections 7.2 and 7.3. As recommended by Regulatory Guide 1.22, where actuated equipment is not tested during reactor operation, it has been determined that:

1. There is no practicable system design that would permit operation of the equipment without adversely affecting the safety or operability of BVPS-2,

2. The probability that the protection system will fail to initiate operation of the equipment is and can be maintained acceptably low without testing the equipment during reactor operation, and

3. The equipment can routinely be tested when the reactor is shut down.

The equipment that cannot be tested at full power so as not to damage equipment or upset plant operation are:

1. Manual actuation switches for system level actuation of protective function,

2. Reactor coolant pump circuit breakers,

3. Turbine trip, 7.1-14

BVPS-2 UFSAR Rev. 17

4. Main steam line isolation valves (close),

5. Main feedwater isolation valves (close),

6. Feedwater control valves (close),

7. Reactor coolant pump primary component cooling water isolation valves (close),

8. Main feedwater pump trip, 9 Reactor coolant pump seal water return valves (close),

10. Main generator trip,

11. Primary component cooling to containment, and

12. "Miscellaneous" The justification for not testing these items at full power is discussed as follows:

1. Manual actuation switches Testing of these at full power would cause initiation of their protection system function, causing plant upset and/or reactor trip. It should be noted that the reactor trip function that is derived from the automatic safety injection signal is tested at power as follows:

The analog signals, from which the automatic safety injection signal is derived, is tested at power in the same manner as the other analog signals and as described in Section 7.2.2.2.3 (10). The processing of these signals in the SSPS, wherein their channel orientation converts to a logic train orientation, is tested at power by the built-in semi-automatic test provisions of the SSPS. The reactor trip breakers are tested at power, as discussed in Section 7.2.2.2.3 (10).

2. Reactor coolant pump circuit breakers No credit is taken in the accident analyses for an RCP breaker opening causing a reactor trip. Since testing them at power would cause a plant upset, the RCP breakers do not need to be tested at power.

7.1-15

BVPS-2 UFSAR Rev. 0

3. Turbine trip The generation of reactor trip from turbine trip is a testable function at power [similar to the other reactor trip generated from analog channels developing a bistable (on-off) output] as follows:

a. The signal derived from the trip fluid pressure switch may be testable at power by exercising the switches one at a time by means of observance of BVPS-2 operating procedures at full power.

b. The position signal derived from the turbine steam stop valves is testable at reduced load by means of observance of BVPS-2 operating procedures when the functional tests of the steam inlet valves is performed at a one-valve-at-a-time basis.

4. Main steam line isolation valves Main steam line isolation valves (MSIVs) are routinely tested during refueling outages. Testing of the MSIVs to closure at power is not practical. As the plant power is increased, the coolant average temperature is programmed to increase. If the valves are closed under these elevated temperature conditions, the steam pressure transient would unnecessarily operate the steam generator relief valves and possibly the steam generator safety valves. The steam pressure transient produced would cause shrinkage in the steam generator level, which would cause the reactor to trip on low-low generator water level. Testing during operation will decrease the operating life of the valve.

Based on the previously identified problems incurred with periodic testing of the MSIVs at power, and since 1) no practical system design will permit operation of the valves without adversely affecting the safety or operability of BVPS-2, 2) the probability that the protection system will fail to initiate the actuated equipment is acceptably low due to testing up to final actuation, and 3) these valves will be routinely tested during refueling outages, the proposed resolution meets the guidelines of Section D.4 of Regulatory Guide 1.22.

5. Main feedwater isolation valves The feedwater isolation valves are routinely tested during refueling outages. Periodic testing of these feedwater isolation valves by closing them completely, or partially, at power would induce steam generator water level transients and oscillations which would trip the reactor. These transient conditions would be caused by perturbing the 7.1-16

BVPS-2 UFSAR Rev. 0 feedwater flow and pressure conditions necessary for proper operation of the steam generator water level control system. Based on these identified problems incurred with periodic testing of the feedwater isolation valves at power, and since

1) no practical system design will permit operation of these valves without adversely affecting the safety or operability of BVPS-2, 2) the probability that the protection system will fail to initiate the activated equipment is acceptably low due to testing up to final actuation, and 3) these valves will be routinely tested during refueling outages, the proposed resolution meets the guidelines of Section D.4 of Regulatory Guide 1.22.

6. Feedwater control valves These valves are routinely tested during refueling outages.

To close them at power would adversely affect the operability of BVPS-2. The verification of operability of feedwater control valves at power is assured by confirmation of proper operation of the steam generator water level system. The operability of the slave relay which actuates the solenoid, which is the actuating device, is verified during this test. Although the actual closing of these control valves is blocked when the slave relay is tested, all functions are tested to assure that no electrical malfunctions have occurred which could defeat the protective function. It is noted that the solenoids work on the de-energize-to-actuate principle so that the feedwater control valves will fail closed upon either the loss of electrical power to the solenoids or loss of air pressure. Based on the preceding, the testing of the isolating function of feedwater control valves meets the guidelines of Section D.4 of Regulatory Guide 1.22.

7. Reactor coolant pump primary component cooling water isolation valves (close)

The primary component cooling water (PCCW) supply and return containment isolation valves are routinely tested during refueling outages. Testing of these valves while the RCPs are operating introduces an unnecessary risk of costly damage to all the RCPs. Loss of PCCW to these pumps is of economic consideration only, as the RCPs are not required to perform any safety-related function. The RCPs will not seize due to complete loss of component cooling water. Information from the pump manufacturer indicates that the bearing babbitt would eventually break down but not so rapidly as to overcome the inertia of the flywheel. If the pumps are not stopped within approximately 7.1-17

BVPS-2 UFSAR Rev. 0 10 minutes after PCCW is isolated, pump damage could be incurred. Additional containment penetrations and containment isolation valves introduce additional unnecessary potential pathways for radioactive leakage following a postulated accident. Also, since the PCCW flow rates and temperatures are about equal during both plant power operation and plant refueling, periodic tests of these valves during a refueling outage would duplicate accident conditions. Additionally, possibility of failure of containment isolation is remote because an additional failure of the low pressure fluid system, in addition to failure of both isolation valves, would have to occur to open a path through the containment. Based on the previously described potential RCP damage incurred with periodic testing of the PCCW containment isolation valves at power, the duplication of at-power operating conditions during refueling outages, and since 1) no practical system design will permit operation of these valves without adversely affecting the safety or operability of BVPS-2, 2) the probability that the protection system will fail to initiate the activated equipment is acceptably low due to testing up to final actuation, and 3) these valves will be routinely tested during refueling outages when the RCPs are not operating, the proposed resolution meets the guidelines of Section D.4 of Regulatory Guide 1.22.

8. Main feedwater pump trip No credit is taken in the analysis for tripping the main feedwater pumps and therefore, this function does not require periodic testing. These functions are routinely tested during refueling outages.

9. Reactor coolant pump seal water return valves Seal water return line isolation valves are routinely tested during refueling outages. Closure of these valves during operation would cause the safety valve to lift, with the possibility of valve chatter. Valve chatter would damage this relief valve so testing of these return line isolation valves at power would cause equipment damage. Therefore, these valves will be tested during scheduled refueling outages. As mentioned previously, additional containment penetrations and containment isolation valves introduce additional unnecessary potential pathways for radioactive release following a postulated accident. Thus, the guidelines of Section D.4 of Regulatory Guide 1.22 are met.

7.1-18

BVPS-2 UFSAR Rev. 17

10. Main generator trip The main generator trip cannot be actuated during BVPS-2 operation without causing plant upset or equipment damage.

Circuitry for these devices has been provided to individually block actuation of a final device upon operation of the associated solid state logic output relay during testing. Operation of the output relay, including its contact operation and continuity of the electrical circuit associated with the final devices control, is checked in lieu of actual operation. Interlocking prevents blocking the output from more than one output relay in a protection train at a time. Interlocking between trains is also provided to prevent continuity testing in both trains simultaneously. Therefore, the redundant device associated with the protection train not under test will be available in event protection action is required.

11. Primary component cooling to containment The PCCW containment isolation valves are required to perform a containment isolation function and will be leak-tested and exercised in accordance with the requirements of 10 CFR 50 Appendix J. These valves cannot be full-stroked or leak-tested during BVPS-2 operation. Closing of any of these valves would result in a loss of cooling water to one or two RCPs. These valves will be full-stroked and leak-tested during cold shutdown conditions, utilizing the leakage monitoring connections provided, in accordance with 10 CFR 50 Appendix J, Type C testing requirements.

12. "Miscellaneous" License Amendment No. 147 revised Technical Specifications to eliminate periodic response time testing requirements on selected sensors and selected protection channel components.

The Amendment permits the option of either measuring or verifying the response times by means other than testing. The NRC staff stipulated conditions in their Safety Evaluation related to License Amendment No. 147. Two of the conditions were not applicable at the time the License Amendment was issued but may be applicable in the future if the plant is modified. The staff conditions and licensee response are described below to ensure future modification of 7.1-19

BVPS-2 UFSAR Rev. 15 a Unit 2 Reactor Trip System or Engineered Safety Feature Actuation System pressure sensor (pressure or differential pressure transmitter) which requires response time verification will satisfy the two conditions. Condition For transmitters and switches that use capillary tubes, perform a response time test after initial installation and after any maintenance or modification activity that could damage the capillary tubes. Commitment BVPS Unit 2 has no pressure sensors (transmitters or switches) that use capillary tubes in any Reactor Trip System (RTS) or Engineered Safety Features Actuation System (ESFAS) application for which periodic response time testing is required. If BVPS Unit 2 replaces any RTS or ESFAS pressure sensors for which response time verification is required in the future with sensors using capillary tubes, then BVPS Unit 2 will implement plant procedure changes (and/or other appropriate administrative controls) to assure the sensors are response time tested after initial installation and after any maintenance or modification activity that could damage the capillary tubes. This commitment must be met prior to the application of WCAP-13632 methodology for the associated sensor. Condition If variable damping is used, implement a method to assure that the potentiometer is at the required setting and cannot be inadvertently changed or perform hydraulic response time testing of the sensor following each calibration. Commitment BVPS Unit 2 has no pressure transmitters with variable damping installed in any RTS or ESFAS application for which response time testing is required. If BVPS Unit 2 replaces any RTS or ESFAS pressure transmitters for which response time verification is required in the future with pressure transmitters which have variable damping capability, then BVPS Unit 2 will implement procedure changes and/or establish appropriate administrative controls to assure the variable damping potentiometer cannot be inadvertently changed. This commitment must be met prior to the application of WCAP-13632 methodology for the associated transmitter. 7.1-20

BVPS-2 UFSAR Rev. 15 7.1.2.5 Conformance to Regulatory Guide 1.47 Bypass/inoperability indication is in agreement with Regulatory Guide 1.47 with the following clarification:

1. An indicator of bypass/inoperability will be provided for redundant or diverse portions of each safety system. (Bypass includes any deliberate action which renders a safety system inoperable.)

2. Only permanently installed electrical control devices in accessible locations are considered for bypassing a safety system. The term permanently installed does not include the portable handle required to rack out a circuit breaker or devices within the containment which are not considered accessible. The term control devices applies to equipment intended to be acted upon by an operator, such as control switches. It does not include equipment which might be manipulated by prodding, such as relays.

System level bypass and inoperability status, in accordance with Regulatory Guide 1.47, is discussed in Section 7.5. 7.1.2.6 Conformance to Regulatory Guide 1.53 and IEEE Standard 379-1972 The principles described in IEEE Standard 379-1972, Application of the Single Failure Criterion to Nuclear Power Generating Station Class 1E Systems, were used in the design of the protection system. The system complies with the intent of this standard and the additional guidance of Regulatory Guide 1.53. The formal analyses have not been documented exactly as outlined, although parts of such analyses are published in various documents, such as the fault tree analysis, WCAP-7706, by Gangloff and Loftus (1971). The referenced topical report provides details of the analyses of the protection systems previously made to show conformance with single failure criterion set forth in Paragraph 4.2 of IEEE Standard 279-1971. The interpretation of single failure criterion provided by IEEE Standard 379-1972 does not indicate substantial differences with the interpretation of the criterion, except in the methods used to confirm design reliability. Established design criteria, in conjunction with sound engineering practices, form the bases for the protection systems. The RTS and ESFAS are each redundant safety systems. The required periodic testing of these systems will disclose any failures or loss of redundancy which could have occurred in the interval between tests, thus ensuring the availability of these systems. Protection system design conforms to Regulatory Guide 1.53 and IEEE Standard 379-1972, as interpreted as follows: The required failure modes and effects analyses analyze the channel power supplies, the balance of plant protection system logic, and the actuator system, as addressed in Section 7.3.2.

1. As stated in Position C.1 of Regulatory Guide 1.53, due to the trial use status of source document IEEE Standard 379-1972, departure from certain provisions may occur.

7.1-21

BVPS-2 UFSAR Rev. 15

2. With regard to Position C.2 of Regulatory Guide 1.53, the protection system, as defined by IEEE Standard 279-1971, incorporates the capabilities for test and calibration as set forth in Paragraphs 4.9 and 4.10 of IEEE Standard 279-1971.

Final actuation devices, as defined by IEEE Standard 379-1972, are capable of periodic testing in accordance with Regulatory Guide 1.22. The final actuation devices which cannot be fully tested during reactor operation (for reasons as stated in Positions 4.a through 4.c of Regulatory Guide 1.22) can be subjected to a partial test with the unit on-line and to full operational testing during reactor shutdown. These devices are tested and discussed in Section 7.1.2.4. Taken as a whole, the operability of all active components necessary to achieve protective functions can be demonstrated via the testing program described in this item.

3. With regard to Position C.3 of Regulatory Guide 1.53, single switches supplying signals to redundant channels are designed with at least 6 inches separation or suitable barriers between redundant circuits.

4. Compliance with the single failure criteria can be verified based on a collective analysis of both the protective system defined in IEEE Standard 279-1971 and the final actuation devices or actuators defined in IEEE Standard 379-1972.

7.1.2.7 Conformance to Regulatory Guide 1.63 Conformance to Regulatory Guide 1.63 is discussed in Section 8.3. 7.1.2.8 Conformance to IEEE Standard 317-1976 Conformance to IEEE Standard 317-1976, Electric Penetration Assemblies in Containment Structures for Nuclear Power Generating Stations, is discussed in Section 8.3. 7.1.2.9 Conformance to IEEE Standard 336-1971 The quality assurance requirements for installing, inspecting, and testing for instrumentation and electric equipment conforms to IEEE Standard 336-1971. 7.1.2.10 Conformance to IEEE Standard 338-1977 The periodic testing of the RTS and ESFAS conforms to the requirements of IEEE Standard 338-1977, with the following comments:

1. The surveillance requirements of the Technical Specifications for protection system ensure that the system functional operability is maintained comparable to the original design standards. Periodic tests at frequent intervals or verifications demonstrate this capability for the system, excluding sensors.

7.1-22

BVPS-2 UFSAR Rev. 15 Sensors within the Westinghouse scope will be demonstrated adequate for this design by vendor testing, onsite tests in operating plants with appropriately similar design, by suitable type testing, or verification. The NIS detectors are excluded since they exhibit response time characteristics such that delays attributable to them are negligible in the overall channel response time required for safety. Overall protection system response times are verified in accordance with the Technical Specifications. The verification of response times provides assurance that the protective and ESF action function associated with each channel is completed within the time limit assumed in the accident analysis.

2. Reliability goals in accordance with the program mentioned in Section 4 of IEEE Standard 338-1977 have been developed, and adequacy of time intervals has been demonstrated.

3. The periodic test interval as specified in the BVPS-2 Technical Specifications and following the guidance of Section 4, of IEEE Standard 338-1977, is conservatively selected to assure that equipment associated with protection functions has not drifted beyond its minimum performance requirements. If any protection channel appears to be marginal or requires more frequent adjustments due to BVPS-2 condition changes, the time interval will be decreased to accommodate the situation until the marginal performance is resolved.

7.1.3 References For Section 7.1 Gangloff, W. C. and Loftus, W. D. 1971. An Evaluation of Solid State Logic Reactor Protection in Anticipated Transients. WCAP-7706. Katz, D. N. 1971. Solid State Logic Protection System Description. WCAP-7488-L (Proprietary) and WCAP-7672. Siroky, R. M. and Marasco, F. W. 1977. 7300 Series Process Control System Noise Tests. WCAP-8892-A. 7.1-23

BVPS-2 UFSAR Tables for Section 7.1

BVPS-2 UFSAR Rev. 0 TABLE 7.1-1 LISTING OF APPLICABLE CRITERIA Criteria Title Discussed In

1. General Design Criteria (GDC),

10 CFR 50, Appendix A GDC 1 Quality Standards and Records 3.1.2, Chapters 7, 17 GDC 2 Design Bases for Protection Against 3.1.2, 3.10, 3.11, 7.2.1.1.11 Natural Phenomena GDC 3 Fire Protection 3.1.2, 7.1.2.2.3, 9.5 GDC 4 Environmental and Missile Design Bases 3.1.2, 3.11, 7.2.2.2 GDC 5 Sharing of Structures, Systems, and 3.1.2 Components GDC 10 Reactor Design 3.1.2, 7.2.2.2 GDC 12 Suppression of Reactor Power Oscillations 3.1.2, 7.7, Chapter 15 GDC 13 Instrumentation and Control 3.1.2, 7.3.1, 7.3.2, 7.7 GDC 15 Reactor Coolant System Design 3.1.2, 7.2.2.2 GDC 17 Electric Power Systems 3.1.2, 7.2.2.2, 7.6, Chapter 8 GDC 19 Control Room 3.1.2, 7.4.1.3, 7.7 GDC 20 Protection System Functions 3.1.2, 7.2, 7.3, 7.5 GDC 21 Protection System Reliability and Testability 3.1.2, 7.2.2.2, 7.3.1, 7.3.2 GDC 22 Protection System Independence 3.1.2, 7.1.2.2, 7.2.2.2, 7.3.1, 7.3.2 GDC 23 Protection System Failure Modes 3.1.2, 7.2.2.2, 7.3.1, 7.3.2 GDC 24 Separation of Protection and Control 3.1.2, 7.2.2.2, 7.3.1, 7.3.2 Systems GDC 25 Protection System Requirements for 3.1.2, 7.3.2 Reactivity Control Malfunctions 1 of 6

BVPS-2 UFSAR Rev. 0 TABLE 7.1-1 (Cont) Criteria Title Discussed In GDC 26 Reactivity Control System Redundancy 3.1.2 and Capability GDC 27 Combined Reactivity Control Systems 3.1.2, 7.3.1, 7.3.2, 7.7, Chapter 15 Capability GDC 28 Reactivity Limits 3.1.2, 7.3.1, 7.3.2, 7.7, Chapter 15 GDC 29 Protection Against Anticipated Operational 3.1.2, 7.2.2.2 Occurrences GDC 33 Reactor Coolant Makeup 3.1.2 GDC 34 Residual Heat Removal 3.1.2 GDC 35 Emergency Core Cooling 3.1.2, 7.3.1, 7.3.2 GDC 37 Testing of Emergency Core Cooling 3.1.2, 7.3.2 System GDC 38 Containment Heat Removal 3.1.2, 7.3.1, 7.3.2 GDC 40 Testing of Containment Heat Removal 3.1.2, 7.3.2 System GDC 41 Containment Atmosphere Cleanup 3.1.2, 7.3.2 GDC 43 Testing of Containment Atmosphere 3.1.2, 7.3.2 Cleanup Systems GDC 44 Cooling Water 3.1.2 GDC 46 Testing of Cooling Water System 3.1.2, 7.3.2 GDC 50 Containment Design Basis 3.1.2 GDC 54 Piping Systems Penetrating Containment 3.1.2 GDC 55 Reactor Coolant Pressure Boundary 3.1.2 Penetrating Containment GDC 56 Primary Containment Isolation 3.1.2 2 of 6

BVPS-2 UFSAR Rev. 0 TABLE 7.1-1 (Cont) Criteria Title Discussed In GDC 57 Closed System Isolation Valves 3.1.2

2. Institute of Electrical and Electronics Engineers (IEEE)

Standards: IEEE Std 279-1971 Criteria for Protection Systems for 7.1, 7.2, 7.3, 7.4, 7.5, 7.6 (ANSI N42.7-1972) Nuclear Power Generating Stations IEEE Std 308-1971, 1974 Criteria for Class 1E Power Systems 8.1 for 1971 and 7.6, 8.1, 8.2.1.4.4, for Nuclear Power Generating Stations 8.3.1.1.15 for 1974 IEEE Std 317-1976 Electric Penetration Assemblies in Chapter 8 Containment Structures for Nuclear Power Generating Stations IEEE Std 323-1971, 1974 Qualifying Class 1E Equipment for 3.10, 3.11* Nuclear Power Generating Stations IEEE Std 336-1971 Installation, Inspection, and Testing 7.1.2.9 (ANSI N45.2.4-1972) Requirements for Instrumentation and Electric Equipment During the Construction of Nuclear Power Generating Stations IEEE Std 338-1977 Criteria for the Periodic Testing of 7.1.2.4, 7.1.2.10, 7.2.2, 7.3.2 Nuclear Power Generating Station Protection Systems IEEE Std 344-1971, 1975 Guide for Seismic Qualification of 3.10B Class 1 Electrical Equipment for Nuclear Power Generating Stations IEEE Std 379-1972 Guide for the Application of the Single Failure 7.1.2.6 (ANSI N41.2) Criterion to Nuclear Power Generating Station Protection Systems IEEE Std 382-1972, 1980 Type Test of Class 1 Electric 3.9* Valve Operators IEEE Std 384-1974 Criteria for Separation of Class 1E 7.1.2.2.1, 7.1.2.2.2 (ANSI N41.14) Equipment and Circuits 3 of 6

BVPS-2 UFSAR Rev. 0 TABLE 7.1-1 (Cont) Criteria Title Discussed In IEEE Std 334-1974 Standard for Type Tests of Continuous 8.1, 8.3.1 Duty Class Motors Installed Inside the Containment of Nuclear Generating Stations

3. Regulatory Guides (RG)

RG 1.6 Independence Between Redundant Standby 1.8, 7.6, Chapter 8 (Onsite) Power Sources and Between Their Distribution Systems RG 1.11 Instrument Lines Penetrating Primary 1.8, 6.2.4, 7.3.1.1.2 Reactor Containment RG 1.22 Periodic Testing of Protection System 1.8, 7.1.2.4, 7.2.2.2.3, 7.3.2.2.5, Actuation Functions 8.3.1, 8.3.2 RG 1.29 Seismic Design Classification 1.8, 3.2.1 RG 1.30 Quality Assurance Requirements for 1.8, 8.3.1, 8.3.2, Chapter 17 the Installation, Inspections, and Testing of Instrumentation and Electric Equipment RG 1.32 Criteria for Safety-Related Electric 1.8, 7.5, 7.6, 8.2, 8.3.1, 8.3.2 Power Systems for Nuclear Power Plants RG 1.47 Bypassed and Inoperable Status Indication 1.8, 7.1.2.5, 7.5, 8.2, 8.3 for Nuclear Power Plant Safety Systems RG 1.53 Application of the Single-Failure Criterion 1.8, 3.1.1, 7.1.2.6, 15.0.8 to Nuclear Power Plant Protection Systems RG 1.62 Manual Initiation of Protective Actions 1.8, 7.2.2.2.3, 7.3.2.2.7 RG 1.63 Electric Penetration Assemblies in 1.8, 8.3 Containment Structures for Light-Water-Cooled Nuclear Power Plants RG 1.68 Initial Test Programs for Water- 1.8, Chapter 14 Cooled Nuclear Power Plants 4 of 6

BVPS-2 UFSAR Rev. 0 TABLE 7.1-1 (Cont) Criteria Title Discussed In RG 1.70 Standard Format and Content of Safety 1.8, Chapter 7 Analysis Reports for Nuclear Power Plants RG 1.73 Qualification Tests of Electric Valve 1.7, 1.8 Operators Installed Inside the Containment of Nuclear Power Plants RG 1.75 Physical Independence of Electric Systems 1.8, 7.1.2.2.1, 7.1.2.2.2, 8.3.1, 8.3.2 RG 1.89 Qualification of Class 1E Equipment 1.8, 8.3.1, 8.3.2 for Nuclear Power Plants RG 1.97 Instrumentation for Light-Water-Cooled Nuclear 1.8, 6.2, 7.5, 9.3.2, 11.5, 12.3 Power Plants to Assess Plant Conditions During and Following an Accident RG 1.100 Seismic Qualification of Electric 1.8, 3.10, 8.3.1, 8.3.2 Equipment for Nuclear Power Plants RG 1.105 Instrument Setpoints 1.8, 7.1.2.1.9, 7.5 RG 1.106 Thermal Overload Protection for 1.8 Electric Motors on Motor-Operated Valves RG 1.118 Periodic Testing of Electric Power and 1.8, 8.3 Protection Systems

4. Branch Technical Positions (BTP)

BTP ICSB 3 Isolation of Low Pressure Systems from 7.6.2 the High Pressure Reactor Coolant System BTP ICSB 4 Requirements of Motor-Operated Valves 7.6.4 in the ECCS Accumulator Lines BTP ICSB 5 Scram Breaker Test Requirements - 7.2.2.2.3, Chapter 16 Technical Specifications 5 of 6

BVPS-2 UFSAR Rev. 0 TABLE 7.1-1 (Cont) Criteria Title Discussed In BTP ICSB 9 Definition of Use of Channel Calibration - Chapter 16 Technical Specification BTP ICSB 12 Protection System Trip Point Changes 7.2.2.2.1, 4.1.1, Chapter 16 for Operation with Reactor Coolant Pumps Out of Service BTP ICSB 13 Design Criteria for Auxiliary Feedwater 7.3.2.3 Systems BTP ICSB 14 Spurious Withdrawals of Single Control 7.7.2.2, 15.4 Rods in Pressurized Water Reactors BTP ICSB 18 (PSB) Application of the Single Failure Tech Spec. 3/4.5 Criterion to Manually-Controlled Electrically-Operated Valves BTP ICSB 20 Design of Instrumentation and Controls 7.6.5, 7A, 6.3 Provided to Accomplish Changeover from Injection to Recirculation Mode BTP ICSB 21 Guidance for Application of Regulatory 1.8, 7.1.2.5 Guide 1.47 BTP ICSB 22 Guidance for Application of Regulatory 1, 8, 7.1.2.4 Guide 1.22 BTP ICSB 26 Requirements for Reactor Protection 7.2.1.1.2 System Anticipatory Trips NOTE:

• Effective dates based on purchase order dates.

6 of 6

CDIITIGL ICTUATf IGUD Hlt---------1--- lUll I

                                                            $Af[GIWD$

TO 11110 UALOi PIOHCT lOll SYSTEM IWCLUI JISTtiiiiUTUIOI SYITtM CIII'I/Ttl 01 FIUD tOIUCTS Dtllll 100 ISOUTIDII COITIOL SYII[N COIIrUTU NOIITOIIIMi IYPASS *1 I Tlllf Ill I "

                                                        "01" CULt                               (

(11111101. IIIMD NOIITOJIIG U¥ ( ICUHIIII

                                                                                        !liP Ill A          ITPASS Ill   ~I COin IIIII.
                                                                       -D DDIII CUII£1 CIIIITIDL                                                        (111111101.

IIIMD ~

                             *nc.3                           ACIIIATf TUII A                     SETS lUll A SAftGUliDS FIGURE 7. 1- 1 PROTECTION SYSTEM BLOCK DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 0 7.2 REACTOR TRIP SYSTEM 7.2.1 Description 7.2.1.1 System Description The reactor trip system (RTS) automatically prevents operation of the reactor in an unsafe region by shutting down the reactor whenever the limits of the safe region are approached. The safe operating region is defined by several considerations, such as mechanical/hydraulic limitations on equipment and heat transfer phenomena. Therefore, the RTS maintains surveillance on process variables which are directly related to equipment mechanical limitations such as pressure, pressurizer water level (to prevent water discharge through safety valves), and also on variables which directly affect the heat transfer capability of the reactor (that is, flow and reactor coolant temperatures). Still other parameters utilized in the RTS are calculated from various process variables. In any event, whenever a direct process or calculated variable exceeds a set point, the reactor will be shut down in order to protect against either gross damage to fuel clad or loss of system integrity which could lead to release of radioactive fission products into the containment. The following systems make up the RTS (Reid (1973); Lipchak (1974); and Katz (1971) provide additional background information on the systems):

1. Process instrumentation and control system,

2. Nuclear instrumentation system,

3. Solid state logic protection system,

4. Reactor trip switchgear, and

5. Manual actuation circuit.

The RTS consists of sensors which, when connected with analog circuitry consisting of two to four redundant channels, monitor various plant parameters, and digital circuitry, consisting of two redundant logic trains, which receives inputs from the analog protection channels to complete the logic necessary to automatically open the reactor trip breakers. Each of the two trains, Trains A and B, is capable of opening a separate and independent reactor trip breaker, RTA and RTB, respectively. The two trip breakers in series connect three-phase ac power from the rod drive motor-generator sets to the rod drive power cabinets, as shown on Figure 7.2-1, Sheet 2. During Beaver Valley Power Station - Unit 2 (BVPS-2) power operation, a dc undervoltage coil on each reactor trip breaker holds a trip plunger out against its spring, allowing the power to be available at the rod control 7.2-1

BVPS-2 UFSAR Rev. 0 power supply cabinets. For reactor trip, a loss of dc voltage to the undervoltage coil, as well as energization of the shunt trip coil, open the breaker. When either of the trip breakers opens, power is interrupted to the rod drive power supply and the control rods fall, by gravity, into the core. The rods cannot be withdrawn until the trip breakers are manually reset. The trip breakers cannot be reset until the abnormal condition which initiated the trip is corrected. Bypass breakers BYA and BYB are provided to permit testing of the trip breakers. 7.2.1.1.1 Functional Performance Requirements The RTS automatically initiates reactor trip:

1. Whenever necessary to prevent fuel rod damage for an anticipated operational transient (American Nuclear Society (ANS) Condition II),

2. To limit core damage for infrequent faults (ANS Condition III), and

3. So that the energy generated in the core is compatible with the design provisions to protect the reactor coolant pressure boundary (RCPB) for limiting fault conditions (ANS Condition IV).

The RTS initiates a turbine trip signal whenever a reactor trip is initiated. This prevents the reactivity insertion that would otherwise result from excessive reactor system cooldown and thus avoids unnecessary actuation of the engineered safety features actuation system (ESFAS). The RTS provides for manual initiation of reactor trip by operator action in the main control room. 7.2.1.1.2 Reactor Trips The various reactor trip circuits automatically open the reactor trip breakers whenever a condition monitored by the RTS reaches a preset level. To ensure a reliable system, high quality design, components, manufacturing, quality control, and testing are used. In addition to redundant channels and trains, the design approach provides a RTS which monitors numerous system variables, therefore providing protection system functional diversity. The extent of this diversity has been evaluated for a wide variety of postulated accidents. Table 7.2-1 provides a list of reactor trips, which are described as follows: Nuclear Overpower Trips The specific trip functions generated are as follows: 7.2-2

BVPS-2 UFSAR Rev. 16

1. Power range high neutron flux trip The power range high neutron flux trip circuit trips the reactor when two out of four power range channels exceed the trip set point. There are two bistable amplifiers for overpower protection in each of four redundant nuclear instrumentation power range channels. Each has its own trip setting. The bistable trip setting (high setting),

associated with monitoring the high end of the power range, provides overpower protection and is never blocked. The bistable trip setting (low setting), which provides a more restrictive protection limit during start-up and operation at low power level, can be manually blocked by the operator when two out of four power range channels indicate approximately 10 percent power (P-10). Three out of four channels below 10 percent automatically reinstates the trip (low setting) function. Table 7.2-2 provides a listing of all protection system interlocks and blocks.

2. Intermediate range high neutron flux trip The intermediate range high neutron flux trip circuit trips the reactor when one out of two intermediate range channels exceeds the trip set point. This trip, which provides protection during reactor start-up, can be manually blocked if two out of four power range channels are above approximately P-10. Three out of four power range channels below this value automatically reinstate the intermediate range high neutron flux trip. The intermediate range channels (including detectors) are separate from the power range channels. The intermediate range channels can be individually bypassed at the nuclear instrumentation racks to permit channel testing during BVPS-2 shutdown or prior to start-up. This bypass action is annunciated on the main control board.

3. Source range high neutron flux trip The source range high neutron flux trip circuit trips the reactor when one of the two source range channels exceeds the trip set point. This trip, which provides protection during reactor start-up and BVPS-2 shutdown, can be manually bypassed when one out of two intermediate range channels reads above the P-6 set point value and is automatically reinstated when both intermediate range channels decrease below the P-6 set point value. This trip is also automatically bypassed by two out of four logic from the power range protection interlock (P-10). This trip function can also be reinstated below P-10 by an administrative action requiring manual actuation of two control board-mounted switches. Each switch will reinstate the trip function in one of the two protection logic trains. The source range 7.2-3

BVPS-2 UFSAR Rev. 17 trip point is set between the P-6 set point (source range cutoff power) and the maximum source range power. The channels can be individually bypassed at the nuclear instrumentation racks to permit channel testing during BVPS-2 shutdown or prior to start-up. This bypass action is annunciated on the main control board.

4. Power range high positive neutron flux rate trip This circuit trips the reactor when an abnormal rate of increase in nuclear power occurs in two out of four power range channels. This trip provides departure from nucleate boiling (DNB) protection against rod ejection accidents of low worth from mid-power and is always active.

Core Thermal Overpower Trips The specific trip functions generated are as follows:

1. Overtemperature T trip This trip protects the core against low DNBR and trips the reactor on coincidence, as listed in Table 7.2-1, with one set of temperature measurements per loop. The set point for this trip is continuously calculated by analog circuitry for each loop by solving the equation found in Technical Specification Table 3.3.1-1.

7.2-4

BVPS-2 UFSAR Rev. 16 A separate ion chamber unit supplies the flux signal for each overtemperature T trip channel. Increases in beyond a predefined deadband will result in a decrease in trip set point (Figures 7.2-2 and 7.2-3). The required one pressurizer pressure parameter per loop is obtained from separate sensors connected to three pressure taps at the top of the pressurizer. Section 7.2.2.3.3 provides an analysis of this arrangement. Figure 7.2-1, Sheet 5, shows the logic for overtemperature T trip function.

2. Overpower T trip This trip protects against excessive power (fuel rod rating protection) and trips the reactor on coincidence, as listed in Table 7.2-1, with one set of temperature measurements per loop. Table 7.2-4 describes other events for which the overpower T trip may provide a backup or secondary trip function.

7.2-5

BVPS-2 UFSAR Rev. 17 The set point for each channel is continuously calculated, using the equation found in Technical Specification Table 3.3.1-1. The source of temperature information is identical to that of the overtemperature T trip, and the resultant T set point is compared to the same T. Figure 7.2-1, Sheet 5, shows the logic for this trip function. Reactor Coolant System Pressurizer Pressure Trips The specific trip functions generated are as follows:

1. Pressurizer low pressure trip The purpose of this trip is to protect against low pressure which could lead to DNB. The parameter being sensed is reactor coolant pressure, as measured in the pressurizer.

Above P-7, the reactor is tripped when the pressurizer pressure measurements fall below preset limits. This signal is compensated to account for the fact that the measurement is in the pressurizer rather than in the core proper. This trip is blocked below P-7 to permit start-up. The trip logic and interlocks are given in Table 7.2-1, and the trip logic is shown on Figure 7.2-1, Sheet 6. The reactor trips comply with the intent of NUREG-0737 (USNRC 1980), TMI Action Item II.K.1.17. 7.2-6

BVPS-2 UFSAR Rev. 13

2. Pressurizer high pressure trip The purpose of this trip is to protect the reactor coolant system (RCS) against system overpressure and to prevent opening of the pressurizer safety valves. The same sensors and transmitters used for the pressurizer low pressure trip are used for the high pressure trip except that separate bistables are used for trip. These bistables trip when uncompensated pressurizer pressure signals exceed preset limits on coincidence, as listed in Table 7.2-1. There are no interlocks or permissives associated with this trip function. This trip protects against overstressing the RCPB.

The logic for this trip is shown on Figure 7.2-1, Sheet 6.

3. Pressurizer high water level trip This trip is provided as a backup to the high pressurizer pressure trip and serves to prevent water relief through the pressurizer safety valves, and therefore provides for equipment protection. This trip is blocked below P-7 to permit start-up. The trip logic for this function is shown on Figure 7.2-1, Sheet 6.

Reactor Coolant System Low Flow Trips These trips protect the core from DNB in the event of a loss-of-coolant flow (LOCF) situation. Figure 7.2-1, Sheet 5 shows the logic for these trips. The means of sensing the LOCF are as follows:

1. Low reactor coolant flow The parameter sensed is reactor coolant flow. Three differential pressure transmitters in each coolant loop are used to provide the status of reactor coolant flow. The basic function of this device is to provide information as to whether or not a reduction in flow has occurred. An output signal from two out of the three bistables in a loop would indicate a low flow in that loop. Above P-7, two out of three loop low flow indications will trip the reactor. Above P-8, low flow in any one loop will cause a reactor trip.

The coincidence logic and interlocks are given in Table 7.2-

1. Trip logic for this function is shown on Figure 7.2-1, Sheet 5.

7.2-7

BVPS-2 UFSAR Rev. 16

2. Reactor coolant pump breaker trip One open breaker signal is generated for each reactor coolant pump (RCP). Above the P-7 set point, the reactor trips on two open breaker signals. One set of auxiliary contacts on each pump breaker serves as the input signal to the trip logic. The coincident logic and interlocks are given in Table 7.2-1. The trip logic for this function is shown on Figure 7.2-1, Sheet 5.

3. Reactor coolant pump bus undervoltage trip This trip is anticipatory to the low reactor coolant flow trip to protect against low flow which can result from loss of voltage to more than one RCP motor (for example, loss of offsite power or RCP breakers opening). There is one undervoltage sensing relay connected to each phase of each RCP bus. These relays provide an output signal when the bus voltage goes below approximately 70 percent of rated voltage.

Signals from these relays are delayed to prevent spurious trips caused by short term voltage perturbations. The coincidence logic and interlocks are given in Table 7.2-1.

4. Reactor coolant pump bus underfrequency trip This trip is anticipatory to the low reactor coolant flow trip to protect against low flow resulting from pump underfrequency, for example, a major grid frequency disturbance. The function of this trip is to trip the reactor for an underfrequency condition. There is one underfrequency sensing relay connected to each RCP bus.

Signals from relays connected to any two of the buses (time delayed up to approximately 0.5 second to prevent spurious trips caused by short term frequency perturbations) will trip the reactor if power is above P-7. 7.2-1, Sheet 5, shows the logic for the RCP underfrequency trip. Steam Generator Trips The specific trip functions generated are as follows:

1. Low-low steam generator water level trip This trip protects the reactor from loss of heat sink. This trip is actuated on two out of three low-low water level signals occurring in any steam generator. The logic is shown on Figure 7.2-1, Sheet 7.

7.2-8

BVPS-2 UFSAR Rev. 7 Reactor Trip On a Turbine Trip (Anticipatory) The reactor trip on a turbine trip is actuated by two out of three logic from low emergency trip fluid signals or by all closed signals from the turbine main stop valves. A turbine trip causes a direct reactor trip above P-9. The reactor trip on turbine trip provides additional protection and conservatism beyond that required. This trip is included as part of good engineering practice and prudent design. No credit is taken in any of the safety analyses (Chapter 15) for this trip. The turbine provides anticipatory trips to the reactor protection system (RPS) from contacts which change state when the turbine main stop valves close or when the turbine emergency trip fluid pressure goes below its set point. The anticipatory trips comply with the intent of NUREG-0737 (USNRC 1980), TMI Action Items II.K.3.10 and II.K.3.12. One of the design bases considered in the protection system is the possibility of an earthquake. With respect to these contacts, their functioning is unrelated to a seismic event in that they are anticipatory to other diverse parameters which cause reactor trip. The contacts are shut during BVPS-2 operation and open to cause reactor trip when the turbine is tripped. No power is provided to the protection system from the contacts; they merely serve to interrupt power to cause reactor trip. This design functions in a de-energize-to-trip fashion to cause a plant trip if power is interrupted in the trip circuitry. This ensures that the protection system will in no way be degraded by this anticipatory trip because seismic design considerations do not form part of the design bases for anticipatory trip sensors. (The RPS cabinets which receive the inputs from the anticipatory trip sensors are seismically qualified, as discussed in Section 3.10.) Circuit analysis show that the functional performance of the protection system would not be degraded by credible electrical faults, such as opens and shorts in the circuits associated with reactor trip from turbine trip. The contacts of redundant sensors on the steam stop valves and the trip fluid pressure system are connected through the grounded side of the ac supply circuits in the 7.2-9

BVPS-2 UFSAR Rev. 2B solid state protection system (SSPS). Loss of signal caused by circuit faults would produce either a partial or full reactor trip. The sensing devices associated with, or mounted on the turbine conform to requirements applicable to the anticipatory trip of the reactor. The anticipatory trips thus meet Institute of Electrical and Electronics Engineers (IEEE) Standard 279-1971 and Branch Technical Position ICSB 26, including redundancy, separation, single failure, etc. Seismic qualification of the contacts sensors is not required. The logic for this type of trip is shown on Figure 7.2-1, Sheet 15. Safety Injection Signal Actuation Trip A reactor trip occurs when safety injection is actuated. The means of actuating safety injection is described in Section 7.3. Figure 7.2-1, Sheet 8, shows the logic for this trip. Manual Trip The manual trip consists of two switches with two outputs on each switch. One output is used to actuate the Train A trip breaker, the other output actuates the Train B trip breaker. Operating a manual trip switch removes the voltage from the undervoltage coil and energizes the shut trip coils in the breakers. There are no interlocks which can block this trip. Figure 7.2-1, Sheet 3, shows the manual trip logic. 7.2.1.1.3 Reactor Trip System Interlocks Power Escalation Permissives The overpower protection provided by the out-of-core nuclear instrumentation consists of three discrete, but overlapping, ranges. Continuation of start-up operation or power increase requires a permissive signal from the higher range instrumentation channels before the lower range trips can be manually blocked by the operator. One of two intermediate range permissive signals (P-6) is required prior to source range trip blocking. A source range manual block is provided for each logic train and the blocks must be in effect on both trains in order to continue power escalation. Source range trips are automatically reactivated when both intermediate range channels are below the permissive (P-6) set point. There are two manual reset switches for administratively reactivating the source range trip and detector high voltage when between permissives P-6 and P-l0, if required. Source range trip block and high voltage cutoff are always maintained when power is above the permissive P-10 set point with high voltage manual control switch in the normal position. If the high voltage manual control switch, located on the source range drawer, is in the on or off position, it overrides any automatic actions. The intermediate range trip and power range (low set point) trip can only be blocked after satisfactory operation and permissive 7.2-10

BVPS-2 UFSAR Rev. 16 information are obtained from two of four power range channels. Individual blocking switches are provided so that the low range power range trip and intermediate range trip can be independently blocked (one switch for each train for a total of four switches). These trips are automatically reactivated when any three out of the four power range channels are below the permissive (P-10) set point, thus ensuring automatic activation to more restrictive trip protection. The development of permissives P-6 and P-10 is shown on Figure 7.2-1, Sheet 4. All of the permissives are digital, and they are derived from analog signals in the nuclear power range and intermediate range channels. Table 7.2-2 provides the list of protection system interlocks. Block of Reactor Trips at Low Power Interlock P-7 blocks a reactor trip (below approximately 10 percent of full power) on a low reactor coolant flow in more than one loop, two or more RCP breakers open, RCP undervoltage, RCP underfrequency, pressurizer low pressure, or pressurizer high water level. Figure 7.2-1, Sheets 5 and 6, illustrate permissive applications. The low power signal (P-7) is derived from three out of four power range neutron flux signals below the set point in coincidence with two out of two turbine first stage pressure signals below the set point (low plant load). The permissive logic is shown on 7.2-1, Sheet 4. The P-8 interlock blocks a reactor trip when the plant is below approximately 30 percent of full power, on a low reactor coolant flow in any one loop. The block action (absence of the P-8 interlock signal) occurs when three out of four neutron flux power range signals are below the set point. Thus, below the P-8 set point, an automatic reactor trip will not occur until two loops are indicating low flow. Figure 7.2-1, Sheet 4, shows derivation of P-8, and Sheet 5, for its function in the low flow reactor trip logic. The P-9 interlock blocks reactor trip on a turbine trip when the plant is below approximately 49 percent of full power. The block action (absence of the P-9 interlock signal) occurs when three out of four neutron flux power range signals are below the set point. Thus, below the P-9 set point, the reactor will be allowed to operate if the turbine has tripped. Figure 7.2-1, Sheet 4, depicts derivation of P-9, and Sheet 15 shows applicable logic. The list of protection system blocks is given in Table 7.2-2. 7.2-11

BVPS-2 UFSAR Rev. 12 7.2.1.1.4 Coolant Temperature Sensor Arrangement The hot and cold leg temperature signals required for input to the protection and control functions are obtained using thermowell mounted RTDs installed in each reactor coolant loop. The hot leg temperature measurement in each loop is accomplished using three fast response narrow range RTDs mounted in thermowells. Two of the three thermowells in each loop are located within the scoops previously used to supply temperature samples to the RTD bypass manifold. The third RTD could not be located within the scoop due to structural interferences and is located upstream from the scoop plane. The two scoops used to accommodate the thermowells were modified by machining a flow hole in the end of the scoop to facilitate the flow of water through the existing holes in the leading edge of the scoop and passed the temperature sensitive tip of the RTD. Due to temperature streaming the temperatures measured by the three hot leg RTDs are different and therefore these signals are electronically averaged to generate a hot leg average temperature. Provisions were made in the RTD electronics to allow for operation with only two RTDs in service. The two RTD measurement can be biased to correct for the difference compared with the three RTD average. The cold leg temperature measurement in each loop is accomplished by one fast response, narrow range, dual element RTD. The original cold leg RTD bypass penetration nozzle was modified to accept the thermowell. Signals from these instruments are used to compute the reactor coolant T (temperature of the hot leg, Thot, minus the temperature at the cold leg, Tcold,) and an average reactor coolant temperature (Tavg). The Tavg for each loop is indicated on the main control board. Wide Range Cold Leg and Hot Leg Temperatures Wide Range temperature detectors, located in the thermometer wells in the cold and hot leg piping of each loop, supply signals to wide range temperature recorders. This information is used by the operator to control coolant temperature during start-up and shutdown. 7.2-12

BVPS-2 UFSAR Rev. 0 7.2.1.1.5 Pressurizer Water Level Reference Leg Arrangement The design of the pressurizer water level instrumentation includes a tank level arrangement using differential pressure between an upper and lower tap. 7.2.1.1.6 Analog System The analog system consists of two instrumentation systems: the process instrumentation system and the nuclear instrumentation system (NIS). Process instrumentation includes those devices (and their interconnection into systems) which measure temperature, pressure, fluid flow, and fluid level as in tanks or vessels. Process instrumentation specifically excludes nuclear and radiation measurements. The process instrumentation includes the process measuring devices, power supplies, indicators, recorders, alarm actuating devices, controllers, signal conditioning devices, etc, which are necessary for day-to-day operation of the nuclear steam supply system as well as for monitoring BVPS-2, and providing initiation of protective functions upon approach to unsafe plant conditions. The primary function of nuclear instrumentation is to protect the reactor by monitoring the neutron flux and generating appropriate trips and alarms for various phases of reactor operating and shutdown conditions. It also provides a secondary control function and indicates reactor status during start-up and power operation. The NIS uses information from these separate types of instrumentation channels to provide three discrete protection levels. Each range of instrumentation (source, intermediate, and power) provides the necessary overpower reactor trip protection required during operation in that range. The overlap of instrument ranges provides reliable continuous protection, beginning with source level through the intermediate and low power level. As the reactor power increases, the overpower protection level is increased by administrative procedures after satisfactory higher range instrumentation operation is obtained. Automatic reset to more restrictive trip protection is provided when reducing power. Various types of neutron detectors, with appropriate solid state electronic circuitry, are used to monitor the leakage neutron flux from a completely shutdown condition to 120 percent of full power. The neutron flux covers a wide range between these extremes. Therefore, monitoring with several ranges of instrumentation is necessary. The lowest range (source range) covers six decades of leakage neutron flux. The lowest observed count rate depends on the strength of the neutron sources in the core and the core multiplication associated with the shutdown reactivity. This is generally greater than two 7.2-13

BVPS-2 UFSAR Rev. 11 counts per second. The next range (intermediate range) covers eight decades. Detectors and instrumentation are chosen to provide overlap between the higher portion of the source range and the lower portion of the intermediate range. The highest range of instrumentation (power range) covers approximately two decades of the total instrumentation range. This is a linear range that overlaps with the higher portion of the intermediate range. The system previously described provides main control room indication and recording of signals proportional to reactor neutron flux during core loading, shutdown, start-up, and power operation, as well as during subsequent refueling. Start-up rate indication for the source and intermediate range channels is provided at the main control board. Reactor trip, rod stop, control and alarm signals are transmitted to the reactor control and protection system for automatic plant control. Equipment failures and test status information are annunciated in the main control room. Reid (1973) and Lipchak (1974) provide additional background information on the process and nuclear instrumentation. 7.2.1.1.7 Solid State Protection System The SSPS takes binary inputs (voltage/no voltage) from the process and nuclear instrument channels corresponding to conditions (normal/abnormal) of BVPS-2 parameters. The system combines these signals in the required logic combination and generates a trip signal simultaneously to the shunt trip coils and to the undervoltage trip attachment and shunt trip auxiliary relay coils of the reactor trip circuit breakers when the necessary combination of signals occur. The system also provides annunciator, status light, and computer input signals which indicate the condition of bistable input signals, partial trip, and full trip functions and the status of the various blocking, permissive, and actuation functions. In addition the system includes means for semi-automatic testing of the logic circuits. 7.2.1.1.8 Isolation Amplifiers In certain applications, it is advantageous to employ control signals derived from individual protection channels through isolation amplifiers contained in the protection channel, as permitted by IEEE Standard 279-1971. In all of these cases, except as stated below, analog signals derived from protection channels for nonprotective functions are obtained through isolation amplifiers located in the analog protection racks. By definition, nonprotective functions include those signals used for control, remote process indication, and computer monitoring. Steam flow and feedwater flow no longer have protective functions since the low feedwater trip was eliminated, but portions of these loops are still protection grade due to their association with the protection racks and color coded signal cable routing. Additional informationand discussions can be found in Section 7.1.2.2.1. 7.2-14

BVPS-2 UFSAR Rev. 0 7.2.1.1.9 Energy Supply and Environmental Variations The energy supply for the RTS, including the voltage and frequency variations, is described in Section 7.6 and Chapter 8. The environmental variations, throughout which the system will perform, are given in Section 3.11 and Chapter 8. 7.2.1.1.10 Set Points The set points that require trip action are given in Chapter 16. Further discussion on set points is found in Section 7.1.2.1.9. 7.2.1.1.11 Seismic Design The seismic design considerations for the RTS are given in Section 3.10. This design meets the requirements of General Design Criterion (GDC) 2. 7.2.1.2 Design Bases Information The following information presents the design bases information requested by Section 3 of IEEE Standard 279-1971. Functional logic diagrams are presented on Figure 7.2-1. 7.2.1.2.1 Generating Station Conditions The following are the generating station conditions requiring reactor trip.

1. The DNBR approaching 1.30,

2. Power density (kW/ft) approaching rated value for Condition II faults (Chapter 4 discusses fuel design limits), or

3. The RCS overpressure creating stresses approaching the limits specified in Chapter 5.

7.2.1.2.2 Generating Station Variables The following are the variables required to be automatically monitored in order to provide reactor trips (Table 7.2-1).

1. Neutron flux,

2. Reactor coolant temperature,

3. Reactor coolant system pressure (pressurizer pressure),

4. Pressurizer water level,

5. Reactor coolant flow, 7.2-15

BVPS-2 UFSAR Rev. 7

6. Reactor coolant pump operational status (bus voltage and frequency, and breaker position),

7. Steam generator water level, and

8. Turbine-generator operational status (trip fluid pressure and stop valve position).

7.2.1.2.3 Spatially Dependent Variables The following variable is spatially dependent: Reactor coolant temperature: Section 7.3.1.2 discusses this variable's spatial dependence. 7.2.1.2.4 Limits and Margins The parameter values that will require reactor trip are given in Chapter 16, Technical Specifications, and in Chapter 15, Accident Analyses. Chapter 15 demonstrates that the set points used in Chapter 16 are conservative. The set points for the various functions in the RTS have been analytically determined such that the operational limits so prescribed will prevent fuel rod clad damage and loss of integrity of the RCS as a result of any Condition II incident (anticipated malfunction). As such, during any Condition II incident, the RTS limits the following parameters to:

1. Minimum DNBR = 1.3,

2. Maximum system pressure = 2,750 psia, and

3. Fuel rod maximum linear power = 15.2 kW/ft.

The accident analyses described in Chapter 15 demonstrate that the functional requirements as specified for the RTS are adequate to meet the preceding considerations, even assuming, for conservatism, adverse combinations of instrument errors. A discussion of the safety limits associated with the reactor core and RCS, plus the limiting safety system set points, are presented in the Technical Specifications. 7.2.1.2.5 Abnormal Events The following malfunctions, accidents, or other unusual events which could physically damage RTS components or could cause environmental changes are considered in design:

1. Earthquakes (Chapters 2 and 3),

7.2-16

BVPS-2 UFSAR Rev. 17

2. Fire (Section 9.5),

3. Explosion (hydrogen buildup inside containment, Section 6.2.5),

4. Missiles (Section 3.5),

5. Flood (Chapters 2 and 3), and

6. Wind and tornadoes (Section 3.3).

The RTS fulfills the requirements of IEEE Standard 279-1971 to provide automatic protection and to provide initiating signals to mitigate the consequences of faulted conditions. The RTS includes provisions to provide protection against destruction of the system from fires, explosions, flood, wind, and tornadoes (refer to items 1 through 6). The discussions in Section 7.1.2.1.7 and this section adequately address or reference the coverage of the effects of abnormal events on the RTS in conformance with the applicable GDC. 7.2.1.2.6 Minimum Performance Requirements Reactor Trip System Response Times The RTS response time is defined in Section 7.1. Allowable response times are contained in Licensing Requirements Manual Table 3.3.1-1. Section 7.1.2.7 provides a discussion of periodic response time verification capabilities. Reactor Trip Accuracies Accuracy is defined in Section 7.1. Reactor trip accuracies are tabulated in Table 7.2-3. The trip set point is determined by factors other than the most accurate portion of the instruments range. The safety limit set point is determined only by the accident analysis. As described previously, allowance is then made for process uncertainties, instrument error, instrument drift, and calibration uncertainty to obtain the nominal set point value, which is actually set into the equipment. The only requirement on the instruments accuracy value is that over the instrument span, the error must always be less than or equal to the error value allowed in the accident analysis. The instrument does not need to be the most accurate at the set point value as long as it meets the minimum accuracy requirement. The accident analysis accounts for the expected errors at the actual set point. 7.2-17

BVPS-2 UFSAR Rev. 13 Protection System Ranges Typical protection system ranges are tabulated in Table 7.2-3. Range selection for the instrumentation covers the expected range of the process variable being monitored during power operation. Limiting set points are at least 5 percent from the end of the instrument span. 7.2.2 Analyses 7.2.2.1 Failure Modes and Effects Analyses A failure modes and effects analysis of the RTS has been performed. Results of this fault tree analysis are presented by Gangloff (1971). 7.2.2.2 Evaluation of Design Limits While most set points used in the RTS are fixed, there are variable set points, most notably the overtemperature T and overpower T set points. All set points in the RTS have been selected on the basis of engineering design or safety studies. The capability of the RTS to prevent loss of integrity of the fuel clad and/or RCS pressure boundary during Condition II and III transients is demonstrated in Chapter 15. These accident analyses are carried out using those set points determined from results of the engineering design studies. Set point limits are presented in the Technical Specifications. A discussion of the intent for each of the various reactor trips of the accident analyses (where appropriate) which utilizes this trip is presented as follows. It should be noted that the selected trip set points all provide for margin before protection action is actually required to allow for uncertainties and instrument errors. The design meets the requirements of GDC 10 and 20. 7.2.2.2.1 Trip Set Point Discussion It has been pointed out previously that below a DNBR of 1.30 there is likely to be significant local fuel clad failure. The DNBR existing at any point in the core for a given core design can be determined as a function of the core inlet temperature, power output, operating pressure, and flow. Consequently, core safety limits in terms of a DNBR equal to 1.30 for the hot channel can be developed as a function of T, Tavg, and pressure for a specified flow, as illustrated by the solid lines on Figure 7.2-3. Also shown as solid lines on Figure 7.2-3 are the locus of conditions equivalent to 118 percent of power as a function of T and Tavg representing the overpower (kW/ft) limit on the fuel. The dashed lines indicate the maximum permissible set point (T) as a function of Tavg and pressure for the overtemperature and overpower reactor trip. Actual values of set point constants in the equation representing the dashed lines are as given in the Technical Specifications. These values are conservative to allow for instrument errors. The design meets the requirements of GDC 10, 15, 20, and 29. 7.2-18

BVPS-2 UFSAR Rev. 12 The DNBR is not a directly measurable quantity; however, the process variables that determine DNBR are sensed and evaluated. Small isolated changes in various process variables may not individually result in violation of a core safety limit; whereas the combined variations, over sufficient time, may cause the overpower or overtemperature safety limit to be exceeded. The design concept of the RTS accommodates this situation by providing reactor trips associated with individual process variables in addition to the overpower/overtemperature safety limit trips. Process variable trips prevent reactor operation whenever a change in the monitored value is such that a core or system safety limit is in danger of being exceeded should operation continue. Basically, the high pressure, low pressure, and overpressure/overtemperature T trips provide sufficient protection for slow transients, as opposed to such trips as low flow or high flux which will trip the reactor rapidly for changes in flow or flux, respectively, that would result in fuel damage before actuation of the slower responding T trips could be effected. Therefore, the RTS has been designed to provide protection for fuel cladding and RCS pressure boundary integrity where: 1) a rapid change in a single variable of factor which will result in exceeding a core or a system safety limit, and 2) a slow change in one or more variables will have an integrated effect which will cause safety limits to be exceeded. Overall, the RTS offers diverse and comprehensive protection against fuel clad failure and/or loss of RCS integrity for Condition II and III accidents. Table 7.2-4 lists the various trips of the RTS. 7.2-19

BVPS-2 UFSAR Rev. 0 The RTS design was evaluated in detail with respect to common mode failure and is presented by Reid (1973). The design meets the requirements of GDC 21. Preoperational testing is performed on RTS components and systems to determine equipment readiness for start-up. This testing serves as a further evaluation of the system design. Analyses of the results of Condition I, II, III, and IV events, including considerations of instrumentation installed to mitigate their consequences, are presented in Chapter 15. The instrumentation installed to mitigate the consequences of load rejection and turbine trip is addressed in Section 7.4. 7.2.2.2.2 Reactor Coolant Flow Measurement The elbow taps used on each loop in the RCS are instrument devices that indicate the status of the reactor coolant flow. The basic function of this device is to provide information as to whether or not a reduction in flow has occurred. The correlation between flow and elbow tap signal is given by the following equation: P w Po

    = ( )

wo 2 (7.2-3) where Po is the pressure differential at the reference flow Wo, and P is the pressure differential at the corresponding flow, w. The full flow reference point is established during initial BVPS-2 start-up. The low flow trip point is then established by extrapolating along the correlation curve. The expected absolute accuracy of the channel is within +/-10 percent of full flow and field results have shown the repeatability of the trip point to be within +/-1 percent. 7.2.2.2.3 Evaluation of Compliance to Applicable Codes and Standards The RTS meets the GDC and IEEE Standard 279-1971 as follows: General Functional Requirement The protection system automatically initiates appropriate protective action whenever a condition monitored by the system reaches a preset value. Functional performance requirements are given in Section 7.2.1.1.1; Section 7.2.1.2.4 presents a discussion of limits and margins; Section 7.2.1.2.5 discusses unusual (abnormal) events; and Section 7.2.1.2.6 presents minimum performance requirements. 7.2-20

BVPS-2 UFSAR Rev. 10 Single Failure Criterion The protection system is designed to provide two, three, or four instrumentation channels for each protective function and two logic train circuits. These redundant channels and trains are electrically isolated and physically separated. Thus, any single failure within a channel or train will not prevent system protective action at the system level when required. Single failure within the protection system shall not prevent proper protective action at the system level when required. Components and systems not qualified for seismic events or accident environments and nonsafety-grade components and systems are assumed to fail to function if failure adversely affects protection system performance. These components and systems are assumed to function if functioning adversely affects protection system performance. All failures in the protection system that can be predicted as a result of an event for which the protection system is designed to provide a protective function are assumed to occur if the failure adversely affects the protection system performance. After assuming the failures of nonsafety-grade, non-qualified equipment and those failures caused by a specific event, a random single failure is arbitrarily assumed. With these failures assumed, the protection system must be capable of performing the protective functions credited in the accident analyses. Loss of input power, the most likely mode of failure, to a channel or logic train will result (except for containment spray) in a signal calling for protective action. This design meets the requirements of GDC 23. To prevent the occurrence of common mode failures, functional diversity, physical and electrical separation, and testing are employed, as discussed by Gangloff (1971). The design meets the requirements of GDC 21 and 22. Quality of Components and Modules The quality assurance requirements imposed on the components and modules used in the RTS satisfy GDC 1. Equipment Qualification Sections 3.10 and 3.11 discuss the type tests made to verify the performance requirements. The test results demonstrate that the design meets the requirements of GDC 4. Channel Integrity Protection system channels required to operate in accident conditions maintain necessary functional capability under extremes of conditions relating to environment, energy supply, malfunctions, and accidents. Vital power for the RTS is described in Section 7.6 and Chapter 8. The environmental variations throughout which the system will perform is discussed in Section 3.11. 7.2-21

BVPS-2 UFSAR Rev. 10 Independence Channel independence is carried throughout the system, extending from the sensor through to the devices actuating the protective function. Physical separation is used to achieve separation of redundant transmitters. Separation of wiring is achieved using separate wireways, cable trays, conduit runs, and containment penetrations for each redundant channel. Redundant analog equipment is separated by locating modules in different protection cabinets. Each redundant protection channel set is energized from a separate ac power feed. This design meets the requirements of GDC 21. Two reactor trip breakers are actuated by two separate logic matrices which interrupt power to the control rod drive mechanisms (CRDMs). The breaker main contacts are connected in series with the power supply so that opening either breaker interrupts power to all CRDMs, permitting the rods to fall into the core (Figure 7.1-1). The design philosophy is to make maximum use of a wide variety of measurements. The protection system continuously monitors numerous diverse system variables. The extent of this diversity has been evaluated for a wide variety of postulated accidents. Generally, two or more diverse protection functions would terminate an accident before intolerable consequences could occur. This design meets the requirements of GDC 22. Control and Protection System Interaction The protection system is designed to be independent of the control system. In certain applications the control signals and other nonprotective functions are derived from individual protective channels through isolation amplifiers. The isolation amplifiers are classified as part of the protection system and are located in the protection racks. Nonprotective functions include those signals used for control, remote process indication, and computer monitoring. The isolation amplifiers are designed such that a short circuit, open circuit, or the application of credible fault potentials on the isolated output portion of the circuit (that is, the nonprotective side of the circuit) will not affect the input (protective) side of the circuit. The signals obtained through the isolation amplifiers are never returned to the protection racks. In addition to employing isolation between protection and control circuits, control circuit design also prevents adverse protection/control circuit interaction. An example of such a design is the use of the median signal selector in the steam generator water level control circuit. The median signal selector receives the three level measurement signals and transmits the median of these signals for level control purposes. This signal will reject a failed high or low steam generator level measurement and therefore this failure will not affect the system. The control and protection system interaction has been eliminated by the median signal selector design. This design meets the requirements of GDC 24 and Paragraph 4.7 of IEEE Standard 279-1971. 7.2-22

BVPS-2 UFSAR Rev. 10 The results of applying fault conditions on the output portion of the isolation amplifiers show that no significant disturbance to the isolation amplifier input signal occurred. Section 7.1.2.2.1 provides a discussion of additional tests on the protection system. Derivation of System Inputs To the extent feasible and practical, protection system inputs are derived from signals which are direct measures of the desired variables. Variables monitored for the various reactor trips are listed in Section 7.2.1.2.2. Capability for Sensor Checks The operational availability of each system input sensor during reactor operation is accomplished by cross-checking between channels that bear a known relationship to each other and that have readouts available. Channel checks are discussed in Chapter 16. Capability for Testing The RTS is capable of being tested during power operation. Where only parts of the system are tested at any one time, the testing sequence provides the necessary overlap between the parts to assure 7.2-22a

BVPS-2 UFSAR Rev. 12 complete system operation. The testing capabilities are in conformance with Regulatory Guide 1.22, as discussed in Section 7.1.2.4. The protection system is designed to permit periodic testing of the analog channel portion of the RTS during reactor power operation without initiating a protective action. This is because of the coincidence logic required for reactor trip. These tests may be performed at any plant power from cold shutdown to full power. Before starting any of these tests with BVPS-2 at power, all redundant reactor trip channels associated with the function to be tested must be in the normal (untripped) mode and the plant in stable operation in order to avoid spurious trips. Set points are located in the technical specifications.

1. Analog Channel Tests Analog channel testing is performed at the analog instrumentation cabinet by individually inputting signals into the instrumentation channels and observing the tripping of the appropriate output bistables. Proving lamps and analog test switches are provided in the analog racks. The bistable output is put in a trip condition by placing the test switch in the test position. This action connects the proving lamp to the bistable and disconnects and thus de-energizes (operates) the associated input relays in Train A and Train B logic cabinets. This permits injection of a test signal to the channel. Relay logic in the process cabinets automatically blocks the test signal unless the bistable amplifier is tripped. This is done on one channel at a time. Interruption of the bistable output to the logic circuitry for any cause (test, maintenance purposes, or removed from service) will cause that portion of the logic to be actuated (partial trip) accompanied by a partial trip alarm and channel status light actuation in the main control room. A simulated signal is then injected at a test jack. Verification of the bistable trip setting is now confirmed by the proving lamp. Each channel contains those switches, test points, etc., necessary to test the channel. It is estimated that analog testing can be performed at a rate of several channels per hour. Reid (1973) provides additional information.

The following periodic tests of the analog channels of the protection system are performed:

a. Tavg and T protection channel testing,

b. Pressurizer pressure protection channel testing,

c. Pressurizer water level protection channel testing, 7.2-23

BVPS-2 UFSAR Rev. 16

d. Steam generator water level protection channel testing,

e. Reactor coolant low flow, underfrequency, and undervoltage protection channel testing,

f. Turbine first stage pressure channel testing,

g. Steam pressure protection channel testing, and

h. Containment pressure testing.

2. Nuclear Instrumentation Channel Tests The power range channels of the NIS are tested by either superimposing a test signal on the actual detector signal being received by the channel at the time of testing or by injecting a test signal in place of the actual detector signal. The output of the bistable is not placed in a tripped condition prior to testing when testing is performed by superimposing a signal.

Also, since the power range channel logic is two out of four, bypass of this reactor trip function is not required. To test a power range channel, a test-operate switch is provided to require deliberate operator action, and operation of which will initiate the channel test annunciator in the main control room. Bistable operation is tested by increasing the test signal to bistable trip set point and verifying bistable relay operation by main control board annunciator and trip status lights. The positive rate trip bistables are tested using the same procedure. Detailed step-by-step test procedures are described in the Nuclear Instrumentation Technical Manual. It should be noted that a valid trip signal would cause the channel under test to trip at a lower actual reactor power. A reactor trip would occur when a second bistable trips. No provision has been made in the channel test circuit for reducing the channel signal level below that signal being received from the NIS detector. An NIS channel which can cause a reactor trip through one of two protection logic (source or intermediate range) is provided with a bypass function which prevents the initiation of a reactor trip from that particular channel during the short period that it is undergoing test. These bypasses are annunciated in the main control room. The following periodic tests of the NIS are performed:

a. Testing at BVPS-2 shutdown:

1) Source range testing,

2) Intermediate range testing, and 7.2-24

BVPS-2 UFSAR Rev. 12

3) Power range testing.

b. Testing between P-6 and P-10 permissive power levels:

1) Source range testing,

2) Intermediate range testing, and

3) Power range testing.

c. Testing above P-10 permissive power level.

1) Source range testing, and

2) Power range testing.

Any deviations noted during the performance of these tests are investigated and corrected in accordance with the established calibration and trouble shooting procedures provided in the BVPS-2 technical manual for the NIS. Protection trip set points are indicated in the BVPS-2 technical specifications. Additional background information on the NIS, is discussed by Lipchak (1974).

3. Solid State Logic Testing The reactor logic trains of the RTS are designed to be capable of complete testing at power. After the individual channel analog testing is complete, the logic matrices are tested from the Train A and Train B logic rack test panels. This step provides overlap between the analog and logic portions of the test program.

During this test, each of the logic inputs are actuated automatically in all combinations of trip and nontrip logic. Trip logic is not maintained sufficiently long enough to permit master relay actuation (master relays are pulsed in order to check continuity). Following the logic testing, the individual master relays are actuated electrically to test their mechanical operation. Actuation of the master relays during this test will apply low voltage to the slave relay coil circuits to allow continuity checking but not slave relay actuation. During logic testing of one train, the other train can initiate any required protective functions. Annunciation is provided in the main control room to indicate when a train is in test (train output bypassed) and when a reactor trip breaker is bypassed. Logic testing can be performed in less than 30 minutes. Additional background information on the logic system testing is given by Katz (1971). A direct reactor trip resulting from undervoltage or underfrequency on the RCP buses is provided as discussed in Section 7.2.1 and shown on Figure 7.2-1. The logic for these trips is capable of being tested during power operation. When parts of the trip are being tested, the sequence is such that an overlap is provided between parts so that a complete logic test is provided. Opening of the RCP breakers during power operation 7.2-25

BVPS-2 UFSAR Rev. 0 is not possible since a reactor trip would occur as a result of low reactor coolant flow. This design complies with the testing requirements of the applicable criteria as addressed in Section 7.1.2.4. Details of the method of testing and compliance with these standards are provided in Section 7.2.2.2.3. The permissive and block interlocks associated with the RTS and ESFAS are given in Tables 7.2-2 and 7.3-3 and designated protection or P interlocks. As a part of the protection system, these interlocks are designed to meet the testing requirements of IEEE Standards 279-1971 and 338-1977. Testing of all protective system interlocks is provided by the logic testing and semi-automatic testing capabilities of the SSPS. In the SSPS, the undervoltage trip attachment and shunt trip auxiliary relay coils (reactor trip) and master relays (engineered safeguards actuation) are pulsed for all combinations of trip or actuation logic with and without the interlock signals. For example, reactor trip on low flow is tested to verify operability of the trip above P-7 and nontrip below P-7 (Figure 7.2-1, Sheet 5). Interlock testing may be performed at power. Testing of the logic trains of the RTS includes a check of the input relays and a logic matrix check. The following sequence is used to test the system:

a. Check of input relays During testing of the process instrumentation system and NIS channels, each channel bistable is placed in a trip mode causing one input relay in Train A and one in Train B to de-energize. A contact of each relay is connected to a universal logic printed circuit card. This card performs both the reactor trip and monitoring functions.

Each reactor trip input relay contact causes a status lamp and an annunciator on the control board to operate. Either the Train A or Train B input relay operation will light the status lamp and annunciator. Each train contains a multiplexing test switch. At the start of a process or NIS test, this switch (in either train) is placed in the A + B position. The A + B position alternately allows information to be transmitted from the two trains to the main control board. A steady status lamp and annunciator indicates that input relays in both trains have been de-energized. A flashing lamp means that the input relays in the two trains did not both de-energize. Contact inputs to the logic protection system such as RCP bus 7.2-26

BVPS-2 UFSAR Rev. 11 underfrequency relays operate input relays which are tested by operating the remote contacts as described previously and using the same type of indications as those provided for bistable input relays. Actuation of the input relays provides the overlap between the testing of the logic protection system and the testing of those systems supplying the inputs to the logic protection system. Test indications are status lamps and annunciators on the main control board. Inputs to the logic protection system are checked one channel at a time, leaving the other channels in service. For example, a function that trips the reactor when two out of four channels trip becomes a one out of three trip when one channel is placed in the trip mode. Both trains of the logic protection system remain in service during this portion of the test.

b. Check of logic matrices Logic matrices are checked one train at a time. Input relays are not operated during this portion of the test.

Reactor trips from the train being tested are inhibited with the use of the input error inhibit switch on the semi-automatic test panel in the train. At the completion of the logic matrix tests, closure of the input error inhibit switch contacts is verified by either a continuity check or by channel inputs that are tripped. The logic test scheme uses pulse techniques to check the coincidence logic. All possible trip and nontrip combinations are checked. Pulses from the tester are applied to the inputs of the universal logic card at the same terminals that connect to the input relay contacts. Thus, there is an overlap between the input relay check and the logic matrix check. Pulses are fed back from the reactor trip breaker undervoltage trip attachment and shunt trip auxiliary relay coils to the tester. The pulses are of such short duration that the reactor trip breaker undervoltage coil does not de-energize. Test indications that are provided are: an annunciator in the main control room indicating that reactor trips from the train have been blocked and that the train is being tested, and green and red lamps on the semi-automatic tester to indicate a good or bad logic matrix test. Protection capability provided during this portion of the test is from the train not being tested. 7.2-27

BVPS-2 UFSAR Rev. 12

4. General Warning Alarm Reactor Trip Each of the two trains of the SSPS is continuously monitored by the general warning alarm RTS. The warning circuits are actuated if undesirable train conditions are set up by improper alignment of testing systems, circuit malfunction, or failure, etc as listed subsequently. A trouble condition in a logic train is indicated in the main control room. However, if any one of the conditions exists in Train A at the same time any one of the conditions exists in Train B, the reactor will be automatically tripped by the general warning alarm system. These conditions are:

a. Loss of either of two 48 V dc or either of two 15 V dc power supplies,

b. Printed circuit card improperly inserted,

c. Input error inhibit switch in the inhibit position,

d. Slave relay tester mode selector in test position,

e. Multiplexing selector switch in inhibit position,

f. Train bypass breaker racked in and closed,

g. Permissive or memory test switch not in off position,

h. Logic function test switch not in off position, or

i. Loss of power to the output cabinet.

5. Testing of Reactor Trip Breakers Normally, reactor trip breakers 52/RTA and 52/RTB are in service and bypass breakers 52/BYA and 52/BYB are withdrawn (out of service). In testing the protection logic, pulse techniques are used to avoid tripping the reactor trip breakers. The following procedure describes the method used for testing the trip breakers:

a. With bypass breaker 52/BYA racked out, manually close and trip it to verify its operation.

b. Rack in and close 52/BYA. Manually trip 52/RTA through a protection system logic matrix while at the same time operating the "Auto Shunt Trip Block" pushbutton on the automatic shunt trip panel. This verifies operation of the undervoltage trip attachment (UVTA) when the breaker trips. After reclosing RTA, trip it again by operation of the "Auto Shunt Trip Test" pushbutton on the automatic shunt Trip panel. This is to verify tripping of the breaker through the shunt trip device.

7.2-28

BVPS-2 UFSAR Rev. 0

c. Reset 52/RTA.

d. Trip and rack out 52/BYA.

e. Repeat preceding steps to test trip breaker 52/RTB using bypass breaker 52/BYB.

7.2-28a

BVPS-2 UFSAR Rev. 0 Auxiliary contacts of the bypass breakers are connected in the alarm system of their respective trains such that if either train is placed in test while the bypass breaker of the other train is closed, both reactor trip breakers and both bypass breakers will automatically trip. Auxiliary contacts of the bypass breakers are also connected in such a way that if an attempt is made to close the bypass breaker in one train while the bypass breaker of the other train is already closed, both bypass breakers will automatically trip. The Train A and Train B alarm systems operate separate annunciators in the main control room. The two bypass breakers also operate an annunciator in the main control room. Bypassing of a protection train with either the bypass breaker or with the test switches will result in both audible and visual indications. The complete RTS is normally required to be in service. However, to permit online testing of the various protection channels or to permit continued operation in the event of a system instrumentation channel failure, a Technical Specification defining the minimum number of operable channels and the minimum degree of channel redundancy, has been formulated. This Technical Specification also defines the required restriction to operation in the event that the channel operability and degree of redundancy requirements cannot be met. Channel Bypass or Removal From Operation The protection system is designed to permit periodic testing of the analog channel portion of the RTS during reactor power operation without initiating a protective action, unless a trip condition actually exists. This is because of the coincidence logic required for reactor trip. Operating Bypasses Where operating requirements necessitate automatic or manual bypass of a protective function, the design is such that the bypass is removed automatically whenever permissive conditions are not met. Devices used to achieve automatic removal of the bypass of a protective function are considered part of the protective system and are designed in accordance with the criteria of this section. Indication is provided in the main control room if some part of the system has been administratively bypassed or taken out of service. Indication of Bypasses Bypass indication is discussed in Section 7.1.2.5. 7.2-29

BVPS-2 UFSAR Rev. 0 Access to Means for Bypassing The design provides for administrative control of access to the means for manually bypassing channels or protective functions. Additional background information is provided by Reid (1973). Multiple Set Points For monitoring neutron flux, multiple set points are used. When a more restrictive trip setting becomes necessary to provide adequate protection for a particular mode of operation or set of operating conditions, the protective system circuits are designed to provide positive means or administrative control to assure that the more restrictive trip set point is used. The devices used to prevent improper use of less restrictive trip settings are considered part of the protective system and are designed in accordance with the criteria of this section. Completion of Protective Action The protection system is so designed that, once initiated, a protective action goes to completion. Return to normal operation requires action by the operator. Manual Initiation Switches are provided on the main control board for manual initiation of protective action. Failure in the automatic system does not prevent the manual actuation of the protective functions. Manual actuation relies on the operation of a minimum of equipment. This meets the intent of Regulatory Guide 1.62. Access The design provides for administrative control of access to all set point adjustments, module calibration adjustments, and test points. Additional background information, is provided by Reid (1973). Identification of Protective Actions Protective channel identification is discussed in Section 7.1.2.3. Indication is discussed subsequently. Information Readout The protection system provides the operator with complete information pertinent to system status and safety. All transmitted signals (flow, pressure, temperature) which can cause a reactor trip will be either indicated or recorded for every channel, including all neutron flux power range currents (top detector, bottom detector, algebraic difference, and average of bottom and top detector currents). 7.2-30

BVPS-2 UFSAR Rev. 16 Any reactor trip will actuate an alarm and an indicator in the main control room. Such protective actions are indicated and identified down to the channel level. Alarms and indicators are also used to alert the operator of deviations from normal operating conditions so that he may take appropriate corrective action to avoid a reactor trip. Actuation of any rod stop or trip of any reactor trip channel will actuate an alarm. System Repair The system is designed to facilitate the recognition, location, replacement, and repair of malfunctioning components or modules. The capability for testing was previously discussed in Section 7.2.2.2.3. 7.2.2.3 Specific Control and Protection Interactions 7.2.2.3.1 Neutron Flux Four power range neutron flux channels are provided for overpower protection. An isolation signal is also provided for automatic rod control. If any channel fails in such a way as to produce a low output, that channel is incapable of proper overpower protection but a two out of four overpower trip logic ensures an overpower trip, if needed, even with an independent failure in another channel. In addition, channel deviation signals in the control system will give an alarm if any neutron flux channel deviates significantly from the average of the flux signals. Also, the control system will respond only to rapid changes in indicated neutron flux. Slow changes or drifts are compensated by the temperature control signals. Finally, an overpower signal from any nuclear power range channel will block manual rod withdrawal. The set point for this rod stop is below the reactor trip set point. The automatic rod withdrawal function has been removed from the plant. 7.2.2.3.2 Coolant Temperature The accuracy of the RTD loop temperature measurements is demonstrated during BVPS-2 start-up tests by comparing the temperature measurements from all RTDs with one another, as well as with the temperature measurements obtained from the wide range RTD located in the hot leg and cold leg piping of each loop. The comparisons are done with the RCS in an isothermal condition. The RTS setpoints are based on percentages of the indicated T at nominal full power rather than on absolute values of T. This is done to account for loop differences which are inherent. Therefore, the percent T scheme is relative, not absolute, and provides better protective action without the expense of accuracy. For this reason, the linearity of the T signals, as a function of power, is of importance rather than the absolute values of the T. As part of the BVPS-2 start-up tests, the loop RTD signals will be compared with the core exit thermocouple signals during isothermal RCS conditions. 7.2-31

BVPS-2 UFSAR Rev. 16 Plant control is based upon signals derived from protection system channels after isolation, by isolation amplifiers such that no feedback effect can perturb the protection channels. The input signals (one per loop) to the Reactor Control System are obtained from electronically isolated protection Tavg and Delta-T signals. A Median Signal Selector (MSS) is implemented in the Reactor Control System, one for Tavg and one for Delta-T. The MSS receives three signals as input and selects the median signal for input to the appropriate control systems. Any single failure, high or low, in a calculated temperature will not result in an adverse control system response since the failed high or low temperature signal will be rejected by the MSS. Hence, the implementation of a MSS in the Reactor Control System in conjunction with two out of three protection logic satisfies the requirements of IEEE 279-1971, Section 4.7, "Control and Protection System Interaction". The response time allocated for measuring RCS hot and cold leg temperatures using thermowell mounted fast response RTDs is four seconds. This response time does not include the process electronics. In addition, channel deviation signals in the control system will give an alarm if any temperature channel deviates significantly from the median value. The manual rod withdrawal blocks and turbine runback (power demand reduction) will also occur if any two out of the three overtemperature or overpower T channels indicate an adverse condition. 7.2.2.3.3 Pressurizer Pressure The pressurizer pressure protection channel signals are used for high and low pressure protection and as inputs to the overtemperature T trip protection function. Separate control channels are used to control pressurizer spray and heaters and pressurizer power-operated relief valves (PORVs). Pressurizer pressure is sensed by fast response pressure transmitters. A spurious high pressure signal from one channel can cause decreasing pressure by actuation of either spray or relief valves. Additional redundancy is provided in the low pressurizer pressure reactor trip 7.2-32

BVPS-2 UFSAR Rev. 7 and in the logic for safety injection to ensure low pressure protection. Overpressure protection is based upon the positive surge of the reactor coolant produced as a result of turbine trip under full load, assuming the core continues to produce full power. The self-actuated safety valves are sized on the basis of steam flow from the pressurizer to accommodate this surge at a set point of 2,500 psia and an accumulation of 3 percent. Note that no credit is taken for the relief capability provided by the pressurizer PORVs during this surge. In addition, operation of any one of the pressurizer PORVs can maintain pressure below the high pressure trip point for most transients. The rate of pressure rise achievable with heaters is slow, and ample time and pressure alarms are available to alert the operator of the need for appropriate action. 7.2.2.3.4 Pressurizer Water Level Three pressurizer water level channels are used for reactor trip. Isolated signals from these channels are used for pressurizer water level control. A failure in the level control system could fill or empty the pressurizer at a slow rate (on the order of 1/2 hour or more). The high water level trip set point provides sufficient margin such that the undesirable condition of discharging liquid coolant through the safety valves is avoided. Even at full power conditions, which would produce the worst thermal expansion rates, a failure of the water level control would not lead to any liquid discharge through the safety valves. This is due to the automatic high pressurizer pressure reactor trip actuating at a pressure sufficiently below the safety valve set point. For control failures which tend to empty the pressurizer, two out of three logic for safety injection action on low pressure ensures that the protection system can withstand an independent failure in another channel. In addition, ample time is available and alarms exist to alert the operator of the need for appropriate action. 7.2.2.3.5 Steam Generator Water Level The basic function of the reactor protection circuit associated with low steam generator water level is to preserve the steam generator heat sink for removal of long term residual heat. Should a complete loss of feedwater occur, the reactor would be tripped on low-low steam generator water level. In addition, auxiliary feedwater pumps are provided to supply feedwater in order to maintain residual heat removal after trip. This reactor trip acts before the steam generators are dry to reduce the required 7.2-33

BVPS-2 UFSAR Rev. 7 capacity and increase the starting time requirements of these auxiliary feedwater pumps, and to minimize the thermal transient on the RCS and steam generators. A low-low steam generator water level reactor trip circuit is provided for each steam generator to ensure that sufficient initial thermal capacity is available in the steam generator at the start of the transient. It is desirable to minimize thermal transients on a steam generator for credible loss of feedwater accidents. Hence, it should be noted that controller malfunctions caused by a protection system failure will affect only one steam generator. Additionally, the steam generator level signals used in the feedwater control are processed by a median signal selector as discussed in Section 7.2.2.2.3. A spurious high signal from the feedwater flow channel being used for control would cause a reduction in feedwater flow, preventing that channel from ultimately tripping. However, the mismatch between steam demand and feedwater flow produced by this spurious signal will actuate alarms to alert the operator of this situation in time for manual correction or the reactor will eventually trip on a low-low water level signal independent of the indicated feedwater flow. A spurious low signal from the feedwater flow channel being used for control would cause an increase in feedwater flow. The mismatch between steam flow and feedwater flow produced by the spurious signal would actuate alarms to alert the operator of the situation in time for manual correction. If the condition continues, a two out of three high-high steam generator water level signal in any loop, independent of the indicated feedwater flow, will cause feedwater isolation and trip the turbine. The turbine trip will result in a subsequent reactor trip. The high-high steam generator water level trip is an equipment protective trip preventing excessive moisture carryover which could damage the turbine blading. In addition, the three element feedwater controller incorporates reset action on the level error signal such that with expected controller settings, a rapid increase or decrease in the flow signal would cause only a small change in level before the controller would compensate for the level error. A slow change in the feedwater signal would have no effect at all. A spurious low or high steam flow signal would have the same effect as high or low feedwater signal, as discussed previously. 7.2-34

BVPS-2 UFSAR Rev. 15 A spurious high or low steam generator water level signal from the protection channel will be rejected by the median signal selector eliminating spurious feedwater control actions. 7.2.2.4 Additional Postulated Accidents Loss of plant instrument air or loss of primary plant component cooling water is discussed in Section 7.3.2. Load rejection and turbine trip are discussed in further detail in Section 7.7. The control interlocks, called rod stops, that are provided to prevent abnormal power conditions which could result from excessive control rod withdrawal are discussed in Section 7.7.1.4.1 and listed in Table 7.7-1. Excessively high power operation (which is prevented by blocking of rod withdrawal), if allowed to continue, might lead to a safety limit (Chapter 16) being reached. Before such a limit is reached, protection will be available from the RTS. At the power levels of the rod block set points, safety limits have not been reached. Therefore, these rod withdrawal stops do not come under the scope of safety-related systems and are considered as control systems. 7.2.3 Tests and Inspections The RTS meets the intent of the testing requirements of IEEE Standard 338-1977. The testability of the system is discussed in Section 7.2.2.2.3. The test intervals are specified in Chapter 16. Written test procedures and documentation, conforming to the requirements of IEEE Standard 338-1977 will be available for audit by responsible personnel. Periodic testing complies with Regulatory Guide 1.22, and as discussed in Sections 7.1.2.10 and 7.2.2.2.3. 7.2.4 References for Section 7.2 Gangloff, W.C. and Loftus, W.D. 1971. An Evaluation of Solid State Logic Reactor Protection In Anticipated Transients. WCAP-7706. 7.2-35

BVPS-2 UFSAR Rev. 0 Katz, D.N. 1971. Solid State Logic Protection System Description, WCAP-7488-L (Proprietary). (Additional background information only.) Lipchak, J.B. 1974. Nuclear Instrumentation System. WCAP-8255. (Additional background information only.) Reid, J.B. 1973. Process Instrumentation for Westinghouse Nuclear Steam Supply Systems. WCAP-7913. (Additional background information only.) U.S. Nuclear Regulatory Commission (USNRC) 1980. Clarification of TMI Action Plan Requirements. NUREG-0737. USNRC 1981. Requirements for Reactor Protection System Anticipatory Trips. Branch Technical Position ICSB 26. 7.2-36

BVPS-2 UFSAR Tables for Section 7.2

BVPS-2 UFSAR Rev. 16 TABLE 7.2-1 LIST OF REACTOR TRIPS Coincidence Reactor Trip Logic Interlocks Comments

1. High neutron flux 2/4 Manual block High and low setting; (power range) of low setting manual block and permitted by automatic reset of low P-10 setting by P-10

2. Intermediate 1/2 Manual block Manual block and range high permitted by automatic reset neutron flux P-10

3. Source range high 1/2 Manual block Manual block and neutron flux permitted by automatic reset; P-6, automatic block above interlocked P-10 with P-10

4. Power range high 2/4 No interlocks positive neutron flux rate

5. Deleted

6. Overtemperature 2/3 No interlocks T

7. Overpower T 2/3 No interlocks

8. Pressurizer low 2/3 Interlocked Blocked below P-7 pressure with P-7

9. Pressurizer high 2/3 No interlocks pressure

10. Pressurizer high 2/3 Interlocked Blocked below P-7 water level with P-7 1 of 3

BVPS-2 UFSAR Rev. 16 TABLE 7.2-1 (Cont) Reactor Trip Coincidence Interlocks Comments Logic

11. Low reactor 2/3 per loop Interlocked Low flow in one loop coolant flow with P-7 and will cause a reactor P-8 trip when above P-8, and a low flow in two loops will cause a reactor trip when above P-7; blocked below P-7.

12. Reactor 2/3 Interlocked Blocked below P-7 coolant pump with P-7 breakers open (anticipatory)

13. Reactor 2/3 Interlocked Low voltage coolant pump with P-7 permitted below bus P-7 undervoltage (anticipatory)

14. Reactor 2/3 Interlocked Under frequency on Coolant pump with P-7 two pump buses will bus trip all RCP underfrequency breakers and cause (anticipatory) reactor trip; blocked below P-7

15. Low-low steam 2/3 per loop No interlocks generator water level

16. Safety Coincident No interlocks Section 7.3 injection with discusses ESF signal actuation of actuation conditions safety injection 2 of 3

BVPS-2 UFSAR Rev. 7 TABLE 7.2-1 (Cont) Coincidence Reactor Trip Logic Interlocks Comments

17. Turbine-generator (anticipatory)

a. Low 2/3 Interlocked Blocked below P-9 emergency with P-9 trip fluid pressure

b. Turbine 4/4 Interlocked Blocked below P-9 main stop with P-9 valve close

18. Manual 1/2 No interlocks 3 of 3

BVPS-2 UFSAR Rev. 14 TABLE 7.2-2 PROTECTION SYSTEM INTERLOCKS AND BLOCKS Desig-nation Condition and Derivation Function I. POWER ESCALATION PERMISSIVES P-6 Presence of P-6: 1/2 neutron flux Allows manual block of source range reactor trip. (intermediate range) above set point Absence of P-6: 2/2 neutron flux Defeats the block of source range reactor trip. (intermediate range) below set point P-10 Presence of P-10: 2/4 neutron flux Allows manual block of power range (power range) above set point (low set point) reactor trip. Allows manual block of intermediate range reactor trip and intermediate range rod stops (C-1). Blocks source range reactor trip (backup for P-6). Input to P-7. Absence of P-10: 3/4 neutron Defeats the block of power range flux (power range) below set point (low set point) reactor trip. Defeats the block of intermediate range reactor trip and intermediate range rod stops (C-1) input to P-7. II. BLOCKS OF REACTOR TRIPS P-7 Absence of P-7: 3/4 neutron flux Blocks reactor trip on: Low reactor (power range) below set point coolant flow in more than one loop, and (from P-10), and 2/2 turbine undervoltage, underfrequency, or RCP breakers first stage pressure below open in more than one loop, pressurizer set point (from P-13) low pressure, and pressurizer high level. P-8 Absence of P-8: 3/4 neutron flux Blocks reactor trip on low reactor coolant (power range) below set point flow in a single loop. 1 of 2

BVPS-2 UFSAR Rev. 14 TABLE 7.2-2 (Cont) Desig-nation Condition and Derivation Function P-9 Absence of P-9: 3/4 neutron flux Blocks reactor trip on turbine trip. (power range) below set point P-13 2/2 turbine first stage pressure Input to P-7. below set point 2 of 2

BVPS-2 UFSAR Rev. 16 TABLE 7.2-3 REACTOR TRIP SYSTEM INSTRUMENTATION Typical Reactor Trip Signal Range Trip Accuracy

1. Power range high neutron 1 to 120% full power +/-5% (NOTE 1) flux.

2. Intermediate range high 8 decades of neutron flux +/-9.8% (NOTE 1) neutron flux overlapping source range by 2 decades and including 100% power

3. Source range high neutron 6 6decades of neutron flux (1 to +/-10.8% (NOTE 1) flux 10 counts/sec)

4. Power range high positive 2 to 30% of full power +/-1.5% (NOTE 1) neutron flux rate

5. Deleted

6. Overtemperature T: TH 530 to 650°F +/-8.0% (NOTE 2)

TC 510 to 630°F Tavg 530 to 630°F P przr 1,700 to 2,500 psi F -50 to +50 T set point 0 to 100°F

7. Overpower T Refer to overtemperature T +/-4.9% (NOTE 3)

8. Pressurizer low pressure 1,700 to 2,500 psig +/-25 psig

9. Pressurizer high pressure 1,700 to 2,500 psig +/-52 psig

10. Pressurizer high water Entire cylindrical portion of +/-3.3% of full range level pressurizer between taps at design temperature and pressure 1 of 2

BVPS-2 UFSAR Rev. 16 TABLE 7.2-3 (Cont) Typical Reactor Trip Signal Range Trip Accuracy

11. Low reactor coolant flow 0 to 120% of rated flow +/-2.1% (Note 4)

12. Reactor coolant pump 0 to 100% rated voltage +/-13.6% of rated undervoltage voltage

13. Reactor coolant pump under 50 to 65 Hz +/-0.1 Hz frequency

14. Low-low steam generator +/-6 ft from nominal full +/-20.2%

water level load water level

15. Turbine trip NOTES:

1. In percent span (120% Rated Thermal Power (RTP))

2. In percent T span (* °F = 150% RTP), Tavg -100°F, Pressure 800 psig, +/-30% I

3. In percent T span (* °F = 150% RTP), Tavg -100°F, Pressure 800 psig

4. In percent span (120% flow)

• NOTE: Temperature value is based on cycle specific measurements 2 of 2

BVPS-2 UFSAR Rev. 12 TABLE 7.2-4 REACTOR TRIP CORRELATION Technical 1 2 Trip Accident Specification

1. Power range a. Uncontrolled rod cluster control 2.b high assembly bank withdrawal from a neutron subcritical condition (Section flux trip 15.4.1)

(low set point)

b. Excessive heat removal due to feedwater system malfunctions (Sections 15.1.1 and 15.1.2)

c. Rupture of a control rod drive mechanism housing (rod cluster control assembly ejection)

(Section 15.4.8)

2. Power range a. Uncontrolled rod cluster control 2.a high assembly bank withdrawal from neutron subcritical condition (Section flux trip 15.4.1)

(high set point)

b. Uncontrolled rod cluster control assembly bank withdrawal at power (Section 15.4.2)

c. Excessive heat removal due to feedwater system malfunctions (Section 15.1.1 and 15.1.2)

d. Excessive load increase incident (Section 15.1.3)

e. Accidental depressurization of the steam system (Section 15.1.4)

f. Major secondary system pipe ruptures (Section 15.1.5) 1 of 5

BVPS-2 UFSAR Rev. 16 TABLE 7.2-4 (Cont) 1 Technical 2 Trip Accident Specification

g. Rupture of a control rod drive mechanism housing (rod cluster control assembly ejection) (Section 15.4.8)

3. Intermediate Uncontrolled rod cluster control 5 assembly bank withdrawal from a range high subcritical condition (Section 15.4.1) neutron flux trip

4. Source range Uncontrolled rod cluster 6 high neutron control bank withdrawal flux trip from a subcritical condition (Section 15.4.1)

5. Power range Rupture of a control rod 3 high drive mechanism housing positive (rod cluster control neutron flux assembly ejection) (Section rate trip 15.4.8)

6. Deleted

7. Overtempera- a. Uncontrolled rod cluster 7 ture T trip control assembly bank withdrawal at power (Section 15.4.2)

b. Uncontrolled boron dilution (Section 15.4.6)

c. Loss of external electrical load and/or turbine trip (Sections 15.2.2, 15.2.3, and 15.2.5)

d. Excessive heat removal due to feedwater system malfunctions (Sections 15.2.1 and 15.1.3)

e. Excessive load increase incident (Section 15.1.3)

f. Accidental depressurization of the reactor coolant system (Section 15.6.1) 2 of 5

BVPS-2 UFSAR Rev. 16 TABLE 7.2-4 (Cont) 1 Technical 2 Trip Accident Specification

g. Accidental depressurization of the main steam system (Section 15.1.4)

h. Loss of reactor coolant from small ruptured pipes or from cracks in large pipes which actuates ECCS (Section 15.6.2)

8. Overpower a. Uncontrolled rod cluster 8 T trip control assembly bank withdrawal at power (Section 15.4.2)

b. Excessive heat removal due to feedwater system malfunctions (Sections 15.1.1 and 15.1.2)

c. Excessive load increase incident (Section 15.1.3)

d. Accidental depressurization of the main steam system (Section 15.1.4)

9. Pressurizer a. Accidental depressurization 9 low of the reactor coolant pressure system (Section 15.6.1) trip

b. Loss of reactor coolant from small ruptured pipes or from cracks in large pipes which actuates ECCS (Section 15.6.2)

c. Major reactor coolant system pipe ruptures (LOCA)

(Section 15.6.5)

d. Steam generator tube rupture (Section 15.6.3)

10. Pressurizer a. Uncontrolled rod cluster 10 high control assembly bank pressure withdrawal at power trip (Section 15.4.2) 3 of 5

BVPS-2 UFSAR Rev. 16 TABLE 7.2-4 (Cont) Technical Trip 1 2 Accident Specification

b. Loss of external electrical load and/or turbine trip (Sections 15.2.2, 15.2.3, and 15.2.5)

c. Major rupture of a main feedwater pipe

11. Pressurizer a. Uncontrolled rod cluster 11 high water control assembly bank level trip withdrawal at power (Section 15.4.2)

b. Loss of external electrical load and/or turbine trip (Sections 15.2.2, 15.2.3, and 15.2.5)

c. Major rupture of a main feedwater pipe

12. Low reactor a. Partial loss of forced 12 coolant reactor coolant flow flow (Section 15.3.1)

b. Loss of offsite power to the station auxiliaries (station blackout) (Section 15.2.6)

c. Complete loss of forced reactor coolant flow (Section 15.3.2)

d. Reactor Coolant Pump Shaft Seizure (Locked Rotor)

(Section 15.3.3)

13. Reactor Not used nor credit taken in Note 3 coolant any accident analysis pump breaker trip

14. Reactor Not used nor credit taken in 15 coolant any accident analysis pump bus undervoltag e trip 4 of 5

BVPS-2 UFSAR Rev. 17 TABLE 7.2-4 (Cont) Technical Trip 1 2 Accident Specification

15. Reactor Not used nor credit taken in 16 coolant any accident analysis pump bus under-frequency trip

16. Low-low a. Loss of normal feedwater 13 steam (Section 15.2.7) generator water level trip

b. Major rupture of a main feedwater pipe.

17. Reactor a. Loss of external electrical Note 3 trip on load and/or turbine trip turbine (Sections 15.2.2, 15.2.3, trip and 15.2.5)

b. Loss of offsite power to the Note 3 station auxiliaries (station blackout) (Section 15.2.6)

18. Safety a. Accidental depressurization Note 4 injection of the main steam system signal (Section 15.1.4) actuation trip

b. Major secondary system pipe ruptures.

19. Manual trip Available for all accidents 1 (Chapter 15)

NOTES: 1 References refer to accident analysis presented in Chapter 15. 2 References refer to Technical Specifications. 3 A Technical Specification is not required because this trip is not assumed to function in the accident analyses. 4 Accident assumes that the reactor is tripped at end of life, which is the worst initial condition for this case. Pressurizer low pressure is the initial trip of safety injection. 5 of 5

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-6 FIGURE 7.2-1 (SH. 1 OF 18) FUNCTIONAL DIAGRAM INDEX AND SYMBOLS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-7 FIGURE 7.2-1 (SH. 2 OF 18) FUNCTIONAL DIAGRAM REACTOR TRIP SIGNALS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-8 FIGURE 7.2-1 (SH. 3 OF 18) FUNCTIONAL DIAGRAM NUCLEAR INSTRUMENTATION & MANUAL TRIP SIGNALS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-9 FIGURE 7.2-1 (SH. 4 OF 18) FUNCTIONAL DIAGRAM NUCLEAR INSTRUMENTATION PERMISSIVES & BLOCKS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-10 FIGURE 7.2-1 (SH. 5 OF 18) FUNCTIONAL DIAGRAM PRIMARY COOLANT SYSTEM TRIP SIGNALS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-11 FIGURE 7.2-1 (SH. 6 OF 18) FUNCTIONAL DIAGRAM PRESSURIZER TRIP SIGNALS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-12 FIGURE 7.2-1 (SH. 7 OF 18) FUNCTIONAL DIAGRAM STEAM GENERATOR TRIP SIGNALS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-13 FIGURE 7.2-1 (SH. 8 OF 18) FUNCTIONAL DIAGRAM SAFEGUARD ACTUATION SIGNALS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-14 FIGURE 7.2-1 (SH. 9 OF 18) FUNCTIONAL DIAGRAM ROD CONTROLS & ROD BLOCKS BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-15 FIGURE 7.2-1 (SH. 10 OF 18) FUNCTIONAL DIAGRAM STEAM DUMP CONTROL BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-16 FIGURE 7.2-1 (SH. 11 OF 18) FUNCTIONAL DIAGRAM PRESSURIZER PRESSURE & t.EVEL CONTROL BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-17 FIGURE 7.2-1 (SH. 12 OF 18) FUNCTIONAL DIAGRAM PRESSURIZER HEATER CONTROL BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-18 FIGURE 7.2-1 (SH. 13 OF 18) FUNCTIONAL DIAGRAM FEEDWATER CONTROL & ISOLATION BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-19 FIGURE 7.2-1 (SH. 14 OF 18) FUNCTIONAL DIAGRAM AUXILIARY FEEDWATER PUMPS STARTUP BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-20 FIGURE 7.2-1 (SH. 15 OF 18) FUNCTIONAL DIAGRAM TURBINE TRIP RUNBACKS & OTHER SIGNALS (W REQUIREMENTS) BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-21 FIGURE 7.2-1 (SH. 16 OF 18) FUNCTIONAL DIAGRAM LOOP STOP VALVE LOGIC BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-23 FIGURE 7.2-1 (SH. 17 OF 18) FUNCTIONAL DIAGRAM PRESSURIZER PRESSURE RELIEF SYSTEM (TRAIN "A") BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 9 REFER TO FIGURE 7.3-22 FIGURE 7.2-1 (SH. 18 OF 18) FUNCTIONAL DIAGRAM PRESSURIZER PRESSURE RELIEF SYSTEM (TRAIN "8") BEAVER VALLEY POWER STATION - UNIT 2 FINAL SAFETY ANALYSIS REPORT

f (l1f) c t1q. - NEUTRON FLUX DIFFERENCE BETWEEN UPPER AND LOWER LONG ION CHAMBERS A1. Az -LIMIT OFF (6,) DEADBAND B1. Bz - SLOPE OF RAMP; DETERMINES RATE AT WHICH FUNCTION REAC~ES IT'S MAXIMUM VALUE O~CE DfADBAND IS EXCEEDED C -MAGNITUDE OF MAXIMUM VALUE T~f FUNCTION MAY ATTAIN FIGURE 7.2*2 SETPOINT REDUCTION FUNCTION FOR OVERPOWER AND OVERTEMPERATURE ~T TRIPS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 13 eo 78 76 72 70 68 66 u. 0 I 62 60 <( ..... 58 ...J 0 OVERTEMPERATURE 52 ~T TRIPS 50 46 LOCUS OF CONDITIONS WHERE DNBR =1.3 FOR 44 THERMAL DESIGN FLOW LOCUS OF POINTS DESIGN HOT CHANNEL WHERE STEAM 42 FACTORS GENERATOR VALVES OPEN 40 38~~--~--~--~--~--~~--_.~~--~--~~--~ 560 !565 570 575 580 585 590 595 600 685 610 615 620 625 T AVERAGE -°F FIGURE 7.2-3 ILLUSTRATION OF OVERPOWER AND OVERTEMPERATURE fl. T PROTECTION (TYPICAL) BEAVER VALLEY POWER STATION- UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 16 7.3 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM In addition to the requirements for a reactor trip for anticipated abnormal transients, the facility shall be provided with adequate instrumentation and controls to sense accident situations and initiate the operation of necessary engineered safety features (ESF). The occurrence of a limiting fault, such as a loss-of-coolant accident (LOCA) or a main steam line break (MSLB), requires a reactor trip plus actuation of one or more of the ESF in order to prevent or mitigate damage to the core and reactor coolant system (RCS) components, and ensure containment integrity. In order to accomplish these design objectives the engineered safety features actuation system (ESFAS) shall have proper and timely initiating signals which are to be supplied by the sensors, transmitters, and logic components making up the various instrumentation channels of the ESFAS. Figures 7.3-6, 7.3-7, 7.3-8, 7.3-9, 7.3-10, 7.3-11, 7.3-12, 7.3-13, 7.3-14, 7.3-15, 7.3-16, 7.3-17, 7.3-18, 7.3-19, 7.3-20, 7.3-21, 7.3-22 and 7.3-23 show Westinghouse Electric Corporation functional diagrams and 7.3-24, 7.3-25, 7.3-26, 7.3-27, 7.3-28, 7.3-29, 7.3-30, 7.3-31, 7.3-32, 7.3-33, 7.3-34, 7.3-35, 7.3-36, 7.3-37, 7.3-38, 7.3-39, 7.3-40, 7.3-41, 7.3-42, 7.3-43, 7.3-44, 7.3-45, 7.3-46, 7.3-47, 7.3-48, 7.3-49, 7.3-50, 7.3-51, 7.3-52, 7.3-52a, 7.3-53, 7.3-54, 7.3-55, 7.3-56, 7.3-56a, 7.3-57, 7.3-58, 7.3-59, 7.3-60, 7.3-61, 7.3-62, 7.3-63, 7.3-64, 7.3-65, 7.3-66, 7.3-67, 7.3-68, 7.3-69, 7.3-70, 7.3-71, 7.3-72, 7.3-72a, 7.3-72b, 7.3-72c, 7.3-73, 7.3-74, 7.3-75, 7.3-76, 7.3-77, 7.3-77a, 7.3-78, 7.3-79, 7.3-80, 7.3-81, 7.3-82, 7.3-82a, 7.3-82b, 7.3-82c, 7.3-83, 7.3-84, 7.3-85, 7.3-86, 7.3-86a, 7.3-87, 7.3-88, 7.3-89, 7.3-90, 7.3-91, 7.3-92, 7.3-93, 7.3-94 and 7.3-95 show logic diagrams for the ESFAS. 7.3.1 Description The ESFAS uses selected plant parameters, determines whether or not predetermined safety limits are being exceeded and, if they are, combines the signals into logic matrices sensitive to combinations indicative of primary or secondary system boundary ruptures (Condition III or IV faults). Once the required logic combination is completed, the system sends actuation signals to the appropriate ESF components. The ESFAS meets the functional requirements of General Design Criteria (GDC) 13, 20, 27, and 38. 7.3.1.1 System Description The ESFAS is a functionally defined system described in this section. The equipment which provides the actuation functions identified in Section 7.3.1.1.1 is listed as follows and is discussed in this section.

1. Process instrumentation and control system (Reid 1973),

2. Solid state protection system (Katz 1971),

3. Engineered safety features test cabinet (Mesmeringer 1980),

and

4. Manual actuation circuits.

7.3-1

BVPS-2 UFSAR Rev. 13 The ESFAS consists of two discrete portions of circuitry: 1) an analog portion consisting of three to four redundant channels per parameter or variable to monitor various Beaver Valley Power Station - Unit 2 (BVPS-2) parameters such as the RCS and steam system pressures, temperatures, and flows, and containment pressures, and 2) a portion consisting of two redundant logic trains which receive inputs from the analog protection channels and perform the logic needed to actuate the ESF. Each actuation train is capable of actuating the minimum ESF equipment required, thereby assuring that any single failure within either of the redundant trains shall not result in the defeat of the required protective function. The redundant concept is applied to both the analog and logic portions of the system. Separation of redundant analog channels begins at the process sensors and is maintained in the field wiring, containment vessel penetrations, and analog protection racks, terminating at the redundant group of logic racks. The design meets the requirements of GDC 20, 21, 22, 23, and 24. The variables are sensed by the analog circuitry as discussed in WCAP-7913 (Reid 1973) and in Section 7.2. The outputs from the analog channels are combined into actuation logic as shown on Figure 7.2-1, Sheets 5, 6, 7, and 8. Tables 7.3-1 and 7.3-2 give additional information pertaining to logic and function. The interlocks associated with the ESFAS are outlined in Table 7.3-3. These interlocks satisfy the functional requirements discussed in Section 7.1.2. System level manual initiation from the main control board is provided for the following systems: Safety Injection Two switches, operating either switch will actuate. Containment Isolation Phase A Two switches, operating either switch will actuate. Control Room Isolation Two switches, operating either switch will actuate. Steam Line Isolation Four switches, operating two associated switches per train, simultaneously controls all steam line isolation valves (SLIVs) and bypass valves. Containment Spray and Containment Isolation Phase B Four switches, actuation will occur if two associated controls are operated simultaneously. For the transfer of emergency core cooling system (ECCS) injection to the recirculation mode, refer to Sections 6.3.2.8 and 7.6.5 and Table 6.3-7. 7.3-2

BVPS-2 UFSAR Rev. 17 7.3.1.1.1 Function Initiation The specific functions which rely on the ESFAS for initiation are:

1. A reactor trip, provided one has not already been generated by the reactor trip system.

2. Cold leg injection isolation valves, which are opened to align the charging pumps for high pressure safety injection into the cold legs of the RCS.

3. Charging pumps, low head safety injection (LHSI) pumps, and associated valving, which provide emergency makeup water to the cold legs of the RCS following a LOCA.

4. Automatic transfer of ECCS injection to recirculation on extreme low refueling water storage tank (RWST) level.

5. Pumps and valves, which serve as part of the heat sink and as part of the heat sink for containment cooling, for example, service water pumps.

6. Motor-driven auxiliary feedwater pumps and associated valves and the valves required to initiate a steam supply to the turbine-driven auxiliary feedwater pump.

7. Containment isolation Phase A, whose function is to prevent fission product release. (Isolation of all lines not essential to reactor protection.)

8. Steam line isolation to prevent the continuous, uncontrolled blowdown of more than one steam generator and thereby uncontrolled RCS cooldown.

9. Main feedwater line isolation, as required, to prevent or mitigate the effects of excessive cooldown.

10. Start-up of the emergency diesel generators to assure the backup supply of power to emergency and supporting systems components.

11. Isolation of the main control room air ducts to meet control room occupancy requirements and start of the emergency ventilation fans to pressurize the control room.

7.3-3

BVPS-2 UFSAR Rev. 18

12. Containment quench and recirculation spray systems, which performs the following functions:

a. Initiate quench and recirculation sprays to reduce containment pressure and temperature following a LOCA or MSLB accident inside containment.

b. Initiates containment isolation Phase B which, except for ESF lines penetrating containment, isolates the containment following a LOCA, or an MSLB or feedwater line break within containment to limit radioactive releases. (Section 6.2.4 considers isolation valves in further detail.)

13. Sequencers for loss of offsite power (LOOP) or safety injection (Chapter 8).

7.3.1.1.2 Analog Circuitry The process analog sensors and racks for the ESFAS are discussed in WCAP-7913 (Reid 1973). Discussed in this report are the parameters to be measured including pressures, flows, tank and vessel water levels, and temperatures, as well as the measurement and signal transmission considerations. Other considerations discussed are automatic calculations, signal conditioning and location, and mounting of the devices. The sensors monitoring the primary system are located as shown on the piping flow diagrams in Chapter 5, Reactor Coolant System and Connected Systems. The secondary system sensor locations are shown on the steam system flow diagrams given in Chapter 10. There are four instrument lines which penetrate the containment and which are required to remain functional following a LOCA or MSLB inside containment. These lines sense the pressure of containment atmosphere on the inside and are connected to pressure transmitters on the outside. Signals from these transmitters can initiate safety injection and containment isolation on Hi-1 containment pressure, and initiate main steam line isolation on Hi-2 containment pressure. These signals also, upon Hi-3 containment pressure, produce the automatic signal to initiate containment depressurization system spray and provide for post-accident monitoring (PAM) of containment pressure. In view of these functions, these lines do not have automatic isolation valves since it is essential that the lines remain open and not be isolated following an accident. This system is described in Section 6.2.4. 7.3.1.1.3 Digital Circuitry The ESF logic racks are discussed in detail in WCAP-7488-L (Katz 1971). The description includes the considerations and provisions 7.3-4

BVPS-2 UFSAR Rev. 18 for physical and electrical separation as well as details of the circuitry. Katz (1971) also discusses certain aspects of on-line test provisions, provisions for test points, considerations for the instrument power source, and considerations for accomplishing physical separation. The outputs from the analog channels are combined into actuation logic as shown on Figure 7.2-1, Sheets 5 (Tavg), 6 (Pressurizer Pressure), 7 (Low Steam Line Pressure), 8 (Engineered Safety Features Actuation), and 14 (Auxiliary Feedwater). To facilitate ESF actuation testing, two cabinets (one per train) are provided which enable operation, to the maximum extent practical, of safety features loads on a group by group basis until actuation of all devices has been checked. Final actuation testing is discussed in detail in Section 7.3.2. 7.3.1.1.4 Final Actuation Circuitry The outputs of the solid-state protection system (SSPS) (the slave relays) are energized to actuate, as are most final actuators and actuated devices. These devices are listed as follows:

1. Safety injection system pump and valve actuators. (Chapter 6 provides flow diagrams and additional information).

2. Containment isolation Phase A and Phase B (Chapter 6.)

3. Automatic transfer of ECCS injection to recirculation on extreme low RWST level.

4. Service water pump and valve actuators (Chapter 9).

5. Auxiliary feedwater pumps start (Chapter 10).

6. Emergency diesel generators start (Chapter 8).

7. Feedwater isolation (Chapter 10).

8. Main control room ventilation isolation valve and damper actuators (Chapter 6).

9. Steam line isolation valve actuators (Chapter 10).

10. Containment quench spray, recirculation spray, and valve actuators (Chapter 6).

If an accident is assumed to occur coincident with a LOOP, the ESF loads are sequenced onto the emergency diesel generators to prevent overloading them. This sequence is discussed in Chapter 8. The design meets the requirements of GDC 35. 7.3-5

BVPS-2 UFSAR Rev. 0 7.3.1.1.5 Support Systems The following systems are required for support of the ESF:

1. Service water - heat removal (Section 9.2.1).

2. Safety-related ventilation systems (Section 9.4).

3. Electrical power distribution systems (Section 8.3).

4. Emergency diesel generator fuel oil system (Section 9.5.4).

7.3.1.2 Design Bases Information The functional diagrams presented on Figure 7.2-1, Sheets 5, 6, 7, and 8 provide a graphic outline of the functional logic associated with requirements for the ESFAS. Requirements for the ESF systems are given in Chapter 6. Given by the following is the design bases information required by the Institute of Electrical and Electronics Engineers (IEEE) Standard 279-1971. 7.3.1.2.1 Generating Station Conditions The following is a summary of those generating station conditions requiring protective action from the ESFAS to mitigate an accident (for transient termination, refer to Section 7.2).

1. Primary System:

a. Rupture in small pipes or cracks in large pipes,

b. Rupture of a reactor coolant pipe (LOCA), and

c. Steam generator tube rupture.

2. Secondary System:

a. Minor secondary system pipe breaks resulting in steam release rates equivalent to a single dump, relief, or safety valve,

b. Rupture of a major steam pipe, and

c. Rupture of a major feedwater pipe.

7.3.1.2.2 Generating Station Variables The following list summarizes the generating station variables required to be monitored for the automatic initiation of ESF during each accident identified in the preceding section. Requirements for PAM are given in Table 7.5-1. 7.3-6

BVPS-2 UFSAR Rev. 16

1. Primary system accidents:

a. Pressurizer pressure,

b. RWST water level, and

c. Containment pressure (not required for steam generator tube rupture).

2. Secondary system accidents:

a. Pressurizer pressure,

b. Steam line pressures and pressure rates,

c. Containment pressure, and

d. Steam generator water level.

7.3.1.2.3 Limits, Margins, and Levels Prudent operational limits, available margins, and set points before onset of unsafe conditions requiring protective action are discussed in Chapters 15 and 16. 7.3.1.2.4 Abnormal Events The malfunctions, accidents, or other unusual events which could physically damage protection system components or could cause environmental changes are as follows:

1. LOCA (Chapter 15),

2. Secondary system accidents (Chapter 15),

3. Earthquakes (Chapters 2 and 3),

4. Fire (Section 9.5.1),

5. Missiles (Section 3.5),

6. Flood (Chapters 2 and 3),

7. Environmental transients (temperature/pressure/humidity) due to ventilation system failures (Section 3.11), and

8. High energy line breaks (Section 3.6).

7.3.1.2.5 Minimum Performance Requirements Minimum performance requirements are as follows: 7.3-7

BVPS-2 UFSAR Rev. 17

1. System response times.

The ESFAS response time is defined as the interval required for the ESF sequence to be initiated subsequent to the point in time that the appropriate variable(s) exceed set points. The ESF sequence is initiated by the output of the ESFAS, which is by the operation of the dry contacts of the slave relays (600 series relays) in the output cabinets of the SSPS. The list of response times which follows, includes the interval of time which will elapse between the time the parameter, as sensed by the sensor, exceeds the safety set point and the time the SSPS slave relay dry contacts are operated. These values are maximum allowable values consistent with the safety analyses and the Licensing Requirements Manual and are systematically verified during plant preoperational start-up tests. For the overall ESF response time, refer to Table 3.3.2-1 of the Licensing Requirements Manual. In a similar manner for the overall RTS instrumentation response time, refer to Table 3.3.1-1 of the Licensing Requirements Manual. The ESFAS is always capable of having response time tests performed, using the same methods as those tests performed during the preoperational test program or following significant component changes.

a. Typical maximum allowable time delays in generating the actuation signal for loss-of-coolant accident (LOCA) protection are:

(1) Pressurizer pressure 1.0 second (2) RWST water level 1.5 seconds (3) Containment pressure 1.5 seconds

b. Typical maximum allowable time delays in generating the actuation signal for main steam line break (MSLB) protection are:

(1) Steam line pressure 1.0 second (2) Steam line pressure rate 1.0 second (3) Pressurizer pressure 1.0 second (4) High containment pressure for closing main steam line stop valves (Hi-2) 1.5 seconds (5) Actuation signals for auxiliary feedwater pumps 2.0 seconds

2. Systems accuracies.

a. Typical accuracies required for generating the required actuation signals for LOCA are:

7.3-8

BVPS-2 UFSAR Rev. 17 (1) Pressurizer pressure (uncompensated ) +/-25 psi (2) Containment pressure +/-2.9 percent of full scale (3) RWST water level +/-5.7 percent of span

b. Typical accuracies required in generating the required actuation signals for MSLB protection are given:

(1) Steam line pressure +/-8.3 percent of span (2) Steam generator water level +/-18.2 percent of span (3) Pressurizer pressure +/-25 psig (4) Containment pressure signal +/-2.9 percent of span

3. Ranges of sensed variables to be accommodated until conclusion of protective action is assured.

a. Typical ranges required in generating the actuation signals for LOCA protection are given:

(1) Pressurizer pressure 1,700 to 2,500 psig (2) Containment pressure 0 to 115 percent of containment design pressure (3) RWST water level 0 to 144 inches

b. Typical ranges required in generating the required actuation signals for MSLB protection are given:

(1) Steam line pressure (from which steam line pressure rate is also derived) 0 to 1,300 psig (2) Steam generator water level 0 to 144 inches (3) Containment pressure 0 to 115 percent of containment design pressure 7.3-9

BVPS-2 UFSAR Rev. 0 7.3.1.3 Final System Drawings Functional block diagrams, electrical elementaries, and other drawings, as required to assure electrical separation and to perform a safety review, are provided in the drawing supplement (Section 1.7) prepared by Stone & Webster Engineering Corporation. These will include Westinghouse process block diagrams, Westinghouse nuclear instrumentation system block diagrams, and Westinghouse safeguards test cabinets drawings. The functional logic diagram is shown on Figure 7.2-1. 7.3.2 Analysis Failure modes and effects analyses (FMEAs) have been performed on ESF systems equipment within the Westinghouse scope of supply. The interfaces between the Westinghouse ESF systems and the BVPS-2 ESF systems have been analyzed and found to meet the interface requirements specified in WCAP-8760 (Mesmeringer 1980). The BVPS-2 ESF systems, although not identical, have been designed to equivalent safety design criteria. For balance of plant (BOP) safety systems, FMEAs have also been performed on the instrumentation and controls and electrical power portions of those systems used to initiate the operation of the ESF systems and their essential auxiliary supporting systems (Table 7.3-4). The analyses were made to assure that each system satisfies the applicable design criteria and will perform as intended during all BVPS-2 operations and accident conditions for which its function is required. The ESF and supporting systems are designed so that a LOOP, the loss of cooling water to vital equipment, a plant load rejection, or a turbine trip will not prevent the completion of the safety function under postulated accidents and failures. Evaluation of the individual and combined capabilities of the ESF and supporting systems can be found in Chapters 6 and 15. Compliance with the IEEE Standards, Regulatory Guides, and GDC is as follows: discussion of the GDC is provided in various sections of Chapter 7 where a particular GDC is applicable; applicable GDC include Criteria 13, 20, 21, 22, 23, 24, 25, 26, 27, 28, 35, 37, 38, 40, 43, and 46; compliance with certain IEEE Standards is presented in Sections 7.1.2.6, 7.1.2.8, 7.1.2.9, and 7.1.2.10; compliance with Regulatory Guides is discussed in Section 7.1. 7.3.2.1 Failure Mode and Effects Analyses The systematic, organized, analytical procedure for identifying the possible modes of failure and evaluating their consequences is called a FMEA. Its purpose is to demonstrate and verify how the GDC of 10 CFR 50 Appendix A and IEEE Standard 279-1971 requirements are satisfied. The FMEAs that are performed on the Class 1E electric 7.3-10

BVPS-2 UFSAR Rev. 0 power and instrumentation and controls portions of the safety-related auxiliary supporting systems also determine if they will meet the single failure criteria. 7.3-10a

BVPS-2 UFSAR Rev. 17 The FMEA for a BOP safety-related system is produced in the form of a computerized tabulation that identifies the component, its failure mode, the method of failure detection, and its effect on the safety-related system. This tabulation is derived from the fault tree analysis (FTA). The FTA is a technique by which failures that can contribute to an undesired event are systematically and deductively organized from a top event down to subordinate events. It is pictorially represented by rectangular blocks connected via flow lines to logic gates, all placed together in a tree-shaped configuration called a fault tree diagram. The fault tree diagram identifies all the failure modes that are significant to the failure of the BOP safety-related system, the failure paths from the failed items up through the fault tree to a single top failure event, and any single failures that may result in the failure of the system to perform its intended safety function. It also provides a visual display of how the system can malfunction. When the event blocks and logic gates on the fault tree diagram have been assigned unique computer-readable codes, they can be computer-processed and printed out in a standard format as an auditable, permanent record called the FMEA. The FMEAs for the BOP safety-related systems of BVPS-2 are provided in a separate document entitled Failure Modes and Effects Analysis (Section 1.7). 7.3.2.2 Compliance with IEEE Standard 279-1971 The discussion that follows shows that the ESFAS complies with IEEE Standard 279-1971. 7.3.2.2.1 Single Failure Criteria The discussion presented in Section 7.2.2.2.3 is applicable to the ESFAS, with the following exception: In the ESF systems, a de-energization of the bistable will call for actuation of ESF equipment controlled by the specific bistable that lost power (containment spray and RWST extreme low bistables excepted). The actuated equipment must have power to comply. The power supply for the protection systems is discussed in Section 7.6 and in Chapter 8. For containment spray and RWST extreme low bistables, the final bistables are energized to trip to avoid spurious actuation. In addition, manual containment spray requires a simultaneous actuation of two manual controls. This is considered acceptable because spray actuation on Hi-3 containment pressure signal provides automatic initiation of the system via protection channels, meeting the criteria in IEEE Standard 279-1971. Moreover, two sets (two switches per set) of the containment spray manual 7.3-11

BVPS-2 UFSAR Rev. 0 initiation switches are provided to meet the requirements of IEEE Standard 279-1971. Also, it is possible for all ESF equipment (valves, pumps, etc) to be individually manually-actuated from the main control board. Hence, a third mode of containment spray initiation is available. The design meets the requirements of GDC 21 and 23. 7.3.2.2.2 Equipment Qualification The subject of equipment qualification is addressed in Sections 3.10 and 3.11. 7.3.2.2.3 Channel Independence The discussion presented in Section 7.2.2.2.3 is applicable. The ESF slave relay outputs from the solid state logic protection cabinets are redundant, and the actuation signals associated with each train are energized up to and including the final actuators by the separate ac power supplies which power the logic trains. 7.3.2.2.4 Control and Protection System Interaction The discussions presented in Section 7.2.2.2.3 are applicable. 7.3.2.2.5 Capability for Sensor Checks and Equipment Test and Calibration The discussions of the system testability in Section 7.2.2.2.3 are applicable to the sensors, analog circuitry, and logic trains of the ESFAS. The following discussions cover those areas in which the testing provisions differ from those for the RTS. Testing of Engineered Safety Features Actuation Systems The ESFAS are tested to provide assurance that the systems will operate as designed and will be available to function properly in the unlikely event of an accident. The testing program meets the requirements of GDC 21, 37, 40, and 43 and Regulatory Guide 1.22, as discussed in Section 7.1.2.4. The tests described herein, and further discussed in Section 6.3.4, meet the requirements on testing of the ECCS, as stated in GDC 37, except for the operation of those components that will cause an actual safety injection. The test demonstrates the performance of the full operational sequence that brings the system into operation, the transfer between normal and emergency power sources, and the operation of associated cooling water systems. The charging pumps and LHSI pumps are started and operated and their performance verified in a separate test discussed in Section 6.3.4. When the pump tests are considered in conjunction with the ECCS test, the requirements of GDC 37 on testing of the ECCS 7.3-12

BVPS-2 UFSAR Rev. 0 are met as closely as possible without causing an actual safety injection. Testing described in Sections 6.3.4, 7.2.2.2.3, and 7.3.2.2.3 provides complete periodic testability during reactor operation of all logic and components associated with the ECCS. This design meets the requirements of Regulatory Guide 1.22, as discussed in the previous sections. The program is as follows:

1. Prior to initial plant operations, ESF system tests will be conducted.

2. Subsequent to initial start-up, ESF system tests will be conducted during each regularly scheduled refueling outage.

3. During on-line operation of the reactor, all of the ESF analog and logic circuitry will be fully tested. In addition, essentially all of the ESF final actuators will be fully tested. The remaining few final actuators whose operation is not compatible with continued on-line plant operation will be checked by means of continuity testing.

Performance Test Acceptability Standard for Safety Injection Signal and Automatic Signal for Containment Depressurization Actuation Generation During reactor operation, the basis for ESFAS acceptability will be the successful completion of the overlapping tests performed on the initiating system and the ESFAS (Figure 7.3-3). Checks of process indications verify operability of the sensors. Analog checks and tests verify the operability of the analog circuitry from the input of these circuits through and including the logic input relays except for the input relays during the solid state logic testing. Solid state logic testing also checks the digital signal path from and including logic input relay contacts through the logic matrices and master relays and perform continuity tests on the coils of the output slave relays. Final actuator testing operates the output slave relays and verifies operability of those devices which require safeguards actuation and which can be tested without causing plant upset. A continuity check is performed on the actuators of the untestable devices. Operation of the final devices is confirmed by control board indication, and by visual observation that the appropriate pump breakers close and automatic valves have completed their travel. The basis for acceptability for the ESF interlocks will be control board indication of proper receipt of the signal upon introducing the required input at the appropriate set point. 7.3-13

BVPS-2 UFSAR Rev. 0 Frequency of Performance of Engineered Safety Features Actuation Tests During reactor operation, complete system testing (excluding sensors or those devices whose operation would cause plant upset) is performed in accordance with the Technical Specifications. Testing, including the sensors, is also performed during scheduled BVPS-2 shutdown for refueling. Engineered Safety Features Actuation Test Description The following sections describe the testing circuitry and procedures for the on-line portion of the testing program. The guidelines used in developing the circuitry and procedures are:

1. The test procedures must not involve the potential for damage to any BVPS-2 equipment,

2. The test procedures must minimize the potential for accidental tripping of BVPS-2 systems, and

3. The provisions for on-line testing must minimize complication of ESF actuation circuits so that their reliability is not degraded.

Description of Initiation Circuitry Several systems (listed in Section 7.3.1.1.1) comprise the total ESF system, the majority of which may be initiated by different process conditions and be reset independently of each other. The remaining functions (listed in Section 7.3.1.1.1) are initiated by a common signal (safety injection signal) which in turn may be generated by different process conditions. In addition, operation of all other vital auxiliary support systems, such as auxiliary feedwater, primary component cooling water, and service water is initiated by the safety injection signal. Each function is actuated by a logic circuit, which is duplicated for each of the two redundant trains of ESF initiation circuits. The output of each of the initiation circuits consists of a master relay, which drives slave relays for contact multiplication as required. The master and slave relays are mounted in the ESFAS cabinets, designated Train A and Train B, respectively, for the redundant counterparts. The master and slave relay circuits operate various pump and fan circuit breakers or starters, motor-operated 7.3-14

BVPS-2 UFSAR Rev. 17 valve (MOV) contactors, solenoid-operated valves, emergency diesel generator starting, etc. Analog Testing Analog testing is identical (except as noted) to that used for reactor trip circuitry and is described in Section 7.2. An exception to this is containment quench spray, which is energized to actuate two out of four and reverts to two out of three when one channel is in test. Solid State Logic Testing Except for containment spray channels, solid-state logic testing is the same as that discussed in Section 7.2. During logic testing of one train, the other train can initiate the required ESF function (Katz 1971). Katz (1971) gives additional information on solid-state logic testing. Actuator Testing At this point, testing of the initiation circuits through operation of the master relay and its contacts to the coils of the slave relays has been accomplished. Slave relays do not operate because of the reduced voltage. The ESFAS final actuation device or actuated equipment testing will be performed from the engineered safeguards test cabinets. These cabinets are normally located near the SSPS equipment. One test cabinet is provided for each of the two protection trains, Trains A and B. Each cabinet contains individual test switches necessary to actuate the slave relays. To prevent accidental actuation, test switches are of the type that must be rotated and then depressed to operate the slave relays. Assignments of contacts of the slave relays for actuation of various final devices or actuators have been made such that groups of devices or actuated equipment can be operated individually during BVPS-2 operation without causing plant upset or equipment damage. In the unlikely event that a safety injection signal is initiated during the test of the final device that is actuated by this test, the device will already be in its safeguards position. During this last procedure, close communication between the main control room operator and the operator at the test panel is required. Prior to the energizing of a slave relay, the operator in the main control room assures that plant conditions will permit operation of the equipment that is to be actuated by the relay. After the test panel operator has energized the slave relay, the main control room operator observes that all equipment has operated, as indicated by appropriate indicating lamps, monitor lamps, and annunciators on the main control board, and using a prepared checklist, records all operations. This operator then resets all devices and prepares for operation of the next slave relay-actuated equipment. 7.3-15

BVPS-2 UFSAR Rev. 0 By means of the procedure outlined previously, all ESF devices actuated by the ESFAS initiation circuits, with the exceptions noted in Section 7.1.2.4 under a discussion of Regulatory Guide 1.22, are operated by the automatic circuitry. Actuator Blocking and Continuity Test Circuits Those few final actuation devices that cannot be designed to be actuated during BVPS-2 operation (discussed in Section 7.1.2.4) have been assigned to slave relays, for which additional test circuitry has been provided to individually block actuation of a final device upon operation of the associated slave relay during testing. Operation of these slave relays, including contact operations and continuity of the electrical circuits associated with the final devices control, are checked in lieu of actual operation. The circuits provide for monitoring of the slave relay contacts, the devices control circuit cabling, control voltage, and the devices actuation solenoids. Interlocking prevents blocking the output from more than one output relay in a protection train at a time. Interlocking between Trains A and B is also provided to prevent continuity testing in both trains simultaneously. The redundant device associated with the protection train not under test will be available in the event protective action is required. If an accident occurs during testing, the automatic actuation circuitry will override testing as noted previously. One exception to this is that if the accident occurs while testing a slave relay whose output must be blocked, those few final actuation devices associated with this slave relay will not be overridden; however, the redundant devices in the other train would be operational and would perform the required safety function. Actuation devices to be blocked are identified in Section 7.1.2.4. The continuity test circuits for those components that cannot be actuated on-line are verified by providing indicating lights on the safeguards test racks. The typical schemes for blocking operation of selected protection function actuator circuits are shown on Figure 7.3-4 as Details A and B. The schemes operate as explained by the following and are duplicated for each safeguards train. Detail A shows the circuit for contact closure for protection function actuation. Under normal BVPS-2 operation, and equipment not under test, the test lamp DS* for the various circuits will be energized. Typical circuit path will be through the normally closed test relay contact K8* and through test lamp connections 1 to 3. Coil X2 will be capable of being energized for protection function actuation upon closure of solid-state logic output relay contact K*. Coil X2 is typical for a breaker closing auxiliary coil, motor starter master coil, coil of a solenoid valve, auxiliary relay, etc. When the contact K8* is opened to block energizing of coil X2, the white lamp is de-energized and the slave relay K* may be energized to 7.3-16

BVPS-2 UFSAR Rev. 0 perform continuity testing. This continuity testing is verified by depressing test lamp DS* and observing that the lamp lights through connection 2 (Contact K8* open) through solid-state logic output relay contact K* (now closed) and finally through actuator coil X2. Sufficient current will flow in the circuit to cause the lamp to glow but insufficient to cause the actuator coil X2 to operate. To verify operability of the blocking relay in both blocking and restoring normal service, open the blocking relay contact in series with lamp connections - the test lamp should be de-energized; close the blocking relay contact in series with the lamp connections - the test lamp should now be energized. This test verifies that the circuit is now in its normal, that is, operable condition. Detail B shows the circuit for contact opening for protection function actuation. Under normal BVPS-2 operation, and equipment not under test, the white test lamp DS*, for the various circuits will be energized, and green test lamp DS* will be de-energized. Typical circuit path for white lamp DS* will be through the normally closed solid-state logic output relay contact K* and through test lamp connections 1 to 3. Coil Y2 will be capable of being de-energized for protection function actuation upon opening of solid-state logic output relay contact K*. Coil Y2 is typical for a solenoid valve coil, auxiliary relay, etc. When the contact K8* is closed to block de-energizing of coil Y2, the green test lamp is energized and the slave relay K* may be energized to verify operation (opening of its contacts). To verify operability of the blocking relay in both blocking and restoring normal service, close the blocking relay contact to the green lamp - the green test lamp should be energized; open this blocking relay contact - the green test lamp should be de-energized, which verifies that the circuit is now in its normal (that is, operable) condition. Time Required for Testing It is estimated that analog testing can be performed at a rate of several channels per hour. Logic testing of Train A or B can be performed in less than 2 hours. Testing of actuated components (including those which can only be partially tested) will be a function of main control room operator availability. It is expected to require several shifts to accomplish these tests. During this procedure automatic actuation circuitry will override testing, except for those few devices associated with a single slave relay whose outputs must be closed and then only while blocked. It is anticipated that continuity testing associated with a blocked slave relay could take several minutes. During this time, the redundant devices in the other trains would be functional. Summary of On-Line Testing Capabilities The procedures described provide capability for checking completely from the process signal to the logic cabinets and from there to the individual pump and fan circuit breakers or starters, valve 7.3-17

BVPS-2 UFSAR Rev. 23 contactors, pilot solenoid valves, etc, including all field cabling actually used in the circuitry called upon to operate for an accident condition. For those few devices whose operation could adversely affect BVPS-2 or equipment operation, the same procedure provides for checking from the process signal to the logic rack. To check the final actuation device a continuity test of the individual control circuits is performed. The procedures require testing at various locations:

1. Analog testing and verification of bistable set points are accomplished at the process analog racks. Verification of bistable relay operation is done by the main control room status lights.

2. Logic testing through operation of the master relays and low voltage application to slave relays is done at the logic rack test panel.

3. Testing of pumps, fans, and valves is done at a test panel located in the vicinity of the logic racks, in combination with the main control room operator.

4. Continuity testing for those circuits that cannot be operated is done at the same test panel mentioned in item 3.

The reactor coolant pump (RCP) essential service isolation valves consist of the isolation valves for the component cooling water (CCW) and the seal water return header. For the discussion of testing limitations of these valves, refer to Section 7.1.2.4, Items 7 and 9. Containment spray system tests will be performed periodically. The pump tests will be performed with the isolation valves in the spray supply lines at the containment and spray chemical additive tank closed. The valves tests are performed with the pump stopped. During this testing, automatic actuation circuitry will override testing. Testing During Shutdown The ECCS tests will be performed in accordance with the Surveillance Frequency Control Program with the RCS isolated from the ECCS by closing the appropriate valves. A test safety injection signal will then be applied to initiate operation of active components (pumps and valves) of the ECCS. This is in compliance with GDC 37. 7.3-18

BVPS-2 UFSAR Rev. 0 7.3.2.2.6 Manual Resets and Blocking Features The manual reset feature associated with containment spray actuation is provided in the SSPS design for two basic purposes: 1) the feature permits the operator to start an interruption procedure of automatic containment in the event of false initiation of an actuate signal, and

2) although spray system performance is automatic, the reset feature enables the operator to start a manual takeover of the system to handle unexpected events which can be better dealt with by operator appraisal of changing conditions following an accident.

It is most important to note that manual control of the spray system does not occur, once actuation has begun, by just resetting the associated logic devices alone. Components will seal in (latch) so that removal of the actuate signal, in itself, will neither cancel nor prevent completion of protection action, nor provide the operator with manual override of the automatic system by this single action. In order to take complete control of the system to interrupt its automatic performance, the operator must deliberately unlatch relays which have sealed in the initial actuate signals in the associated motor control center in addition to tripping the pump motor circuit breakers, if stopping the pumps is desirable or necessary. The feature of manual reset associated with containment spray does not perform bypass function. It is merely the first of several manual operations required to take control from the automatic system 7.3-19

BVPS-2 UFSAR Rev. 12 or interrupt its completion should such an action be considered necessary. In the event that the operator anticipates system actuation and erroneously concludes that it is undesirable or unnecessary and imposes a standing reset condition in one train (by operating and holding the corresponding reset switch at the time the initiate signal is transmitted), the other train will automatically carry the protective action to completion. In the event that the reset condition is imposed simultaneously in both trains at the time the initiate signals are generated, the automatic sequential completion of system action is interrupted and control will have been taken over by the operator. Manual takeover will be maintained, even though the reset switches are released, if the original initiate signal exists. Should the initiate signal then clear and return again, automatic system actuation will repeat. Note also that any time delays imposed on the system action are to be applied after the initiating signals are latched. The manual block features associated with pressurizer and steam line safety injection signals provide the operator with the means to block initiation of safety injection during BVPS-2 start-up and shutdown. These block features meet the requirements of Paragraph 4.12 of IEEE Standard 279-1971 in that automatic removal of the block occurs when plant conditions require the protection system to be functional. 7.3.2.2.7 Manual Initiation of Protective Actions (Regulatory Guide 1.62) The ESFAS agrees with Regulatory Guide 1.62 with the following clarification:

1. Manual initiation at the system level is interpreted to mean no more than three operator actions will be required to initiate at least one train, division, or channel of final actuation devices, including support systems.

2. Engineering judgement will be exercised to assure that a minimum of operator actions are required to achieve system level manual initiation without unnecessarily jeopardizing the return to operation of the power plant. For protective actions that significantly affect return to operation, or for those protective actions that may, if inadvertently initiated, result in a less safe plant condition, operator actions on two control devices will be required.

3. Designs requiring more than two operator actions per train, division, or channel to achieve protective action are to be limited to those actions required only in the long term and will be evaluated on a case-by-case basis.

7.3-20

BVPS-2 UFSAR Rev. 0

4. All equipment that contributes to the protective action will be initiated at the system level.

5. Switches for manual initiation will be located in the main control room in such a manner as to permit deliberate expeditious action by the operator.

6. Equipment common to both manual and automatic initiation will be minimized. Where manual and automatic action sequencing functions and interlocks that contribute to the protective action are common, component or channel level initiation will also be provided in the main control room.

7. Manual initiation portions of the protection system will meet the single failure criterion.

8. Manual initiation portions of the protection system will not impair the ability of the automatic system to meet the single failure criterion.

9. Manual initiation portions of the protective system are designed such that once initiated, a protective action at the system level (indication of the final actuation device associated with a given protective function) goes to completion.

Having gone to completion (that is, once sufficient breakers are closed or sufficient MOVs or other actuators are operated), a device shall only be returned to its pre-initiation status by deliberate operator action. This action shall be similar in nature for all protection systems. This design is in compliance with Paragraph 4.16 of IEEE Standard 279-1971.

10. In addition, manual initiation is provided to allow the operator to take early action based on observation of plant parameters. It is not to be treated as a backup to automatic features. Operator actions will not be required to compensate for single failures.

This discussion represents an interpretation of the stated position of Regulatory Guide 1.62 with regard to philosophy and definition of terms. As such, it describes, in as much detail as required, exactly how the subject guide will be implemented. It does not take any exceptions to the stated position in the regulatory guide. The ESFAS agrees with Regulatory Guide 1.62 with the following additional clarification: 7.3-21

BVPS-2 UFSAR Rev. 0 There are three individual main steam stop valve control devices (one per loop) mounted on the main control board. Each device when actuated will isolate one of the main steam lines. In addition, there will be two sets (two momentary controls per set) of system level control devices, with either set capable of actuating all steam lines at the system level. No exception to the requirements of IEEE Standard 279-1971 has been taken in the manual initiation circuit of safety injection. Although Paragraph 4.17 of IEEE Standard 279-1971 requires that a single failure within common portions of the protective system shall not defeat the protective action by manual or automatic means, IEEE Standard 279-1971 does not specifically preclude the sharing of initiated circuitry logic between automatic and manual functions. It is true that the manual safety injection functions associated with one actuation train (for example, Train A) shares portions of the automatic initiation circuitry logic of the same logic train; however, a single failure in shared functions does not defeat the protective action of the redundant actuation train (for example, Train B). A single failure in shared functions does not defeat the protective action of the safety function. It is further noted that the sharing of the logic by manual and automatic initiation is consistent with the system level action requirements of IEEE Standard 279-1971, Paragraph 4.17, and consistent with the minimization of complexity. For the transfer of ECCS injection to the recirculation mode, refer to Sections 6.3.2.8 and 7.6.5, and Table 6.3-7. 7.3.2.3 Further Considerations 7.3.2.3.1 Instrument Air and Component Cooling In addition to the considerations given previously, a loss of reactor plant instrument air or loss of CCW to vital equipment has been considered. For the discussion concerning loss of component cooling water to the RCPs, refer to Section 7.1.2.4 under Item 7, which addresses closure of the CCW isolation valves. Loss of instrument air does not prevent the operation of the minimum systems necessary for hot standby or cold shutdown, assuming limited operator action outside the main control room, as well as operator control of the control room. Furthermore, all pneumatically-operated valves and controls will assume a safe operating position upon loss of instrument air. It is also noted that, for conservatism during the accident analysis (Chapter 15), credit is not taken for the instrument air systems nor for any control system benefit. Circuitry is not provided which directly trips the RCPs on a loss of primary CCW. The BOP design provides for alarms in the main control room whenever CCW is lost. The RCPs can run about 10 minutes after a loss of CCW. This provides adequate time for the operator to correct the problem or trip the plant if necessary. 7.3-22

BVPS-2 UFSAR Rev. 10 7.3.2.3.2 Auxiliary Feedwater System The auxiliary feedwater system (AFWS) complies with the intent of NUREG-0737 (USNRC 1980), Action Item II.E.1.2. For the description of the AFWS, refer to Section 10.4.9. The two motor-driven AFW pumps are started automatically by any one or more of the following conditions. Starting the motor-driven AFW pumps will cause the blowdown isolation and sampling isolation valves for all steam generators to close.

1. Safety injection,

2. Two out of three low-low level in any two steam generators (from SSPS),

3. Automatic trip of main feedwater pumps,

4. AMSAC Auto Start.

The turbine-driven AFW pump is started automatically by any one or more of the following conditions. Starting the turbine driven AFW pump will cause the blowdown isolation and sampling isolation valves for all steam generators to close.

1. Safety injection,

2. Two out of three low-low level in any steam generator (from SSPS),

3. Two out of three reactor coolant pump bus undervoltage, or

4. AMSAC Auto Start.

7.3.2.4 Summary The ESFAS detects Condition III and IV faults and generates signals which actuate the ESF. The system senses the accident condition and generates the signal actuating the protection function reliably and within a time determined by and consistent with the accident analysis in Chapter 15. Much longer times are associated with the actuation of the mechanical and fluid system equipment related with the ESF. This includes the time required for switching, bringing pumps and other equipment to speed, and the time required for them to take load. For the maximum time duration associated with ESF load sequencing, refer to Section 8.3. Operating procedures require that the complete ESFAS normally be operable. However, redundancy of system components is such that the system operability assumed for the safety analyses can still be met with certain instrumentation channels out of service. Channels that 7.3-23

BVPS-2 UFSAR Rev. 16 are out of service are to be placed in the tripped mode or bypass mode in the case of containment spray. Containment isolation satisfies the intent of NUREG-0737 (USNRC 1980), Action Item II.E.4.2, Position 4, by providing containment isolation either by a safety injection signal or by a high containment pressure signal, as shown in Table 7.3-2. 7.3.2.4.1 Loss-of-Coolant Accident Protection By analysis of LOCAs and in system tests it has been verified that except for very small coolant system breaks, which can be protected against by the charging pumps followed by an orderly shutdown, the effects of various LOCAs are reliably detected by the low pressurizer pressure signal and the ECCS is actuated in time to prevent or limit core damage. For large RCS breaks, the passive accumulators inject first because of the rapid pressure drop. This protects the reactor during the unavoidable delay associated with actuating the active ECCS phase. Hi-1 containment pressure also actuates the ECCS. Therefore, emergency core cooling actuation can be brought about by sensing this other direct consequence of a primary system break, that is, the ESFAS detects the leakage of the coolant into the containment. Section 7.3.1.2.5 gives the time between the occurrence of the low pressurizer pressure signal or the Hi-1 containment pressure signal and the generation of the actuation signal. Containment spray will provide additional emergency cooling of containment and also limit fission product release upon sensing elevated containment pressure (Hi-3) to mitigate the effects of a LOCA. The delay time between detection of the accident condition and the generation of the actuation signal for these systems is assumed to be about 1.0 second, well within the capability of the protection system equipment. However, this time is short compared to that required for start-up of the fluid systems. The analyses in Chapter 15 show that the diverse methods of detecting the accident condition and the time for generation of the signals by the protection systems are adequate to provide reliable and timely protection against the effects of loss-of-coolant. 7.3.2.4.2 Main Steam Line Break Protection The ECCS is also actuated in order to protect against an MSLB. Section 7.3.1.2.5 gives the time between occurrence of low steam line pressure, high containment pressure (for breaks in containment), or high steam line pressure rate and generation of the actuation signal. Analysis of MSLB accidents, assuming this delay for signal generation, shows that the ECCS is actuated for an MSLB in time to limit or prevent further core damage for MSLB cases. 7.3-24

BVPS-2 UFSAR Rev. 16 Additional protection against the effects of MSLB is provided by feedwater isolation, which occurs upon actuation of the ECCS. Feedwater isolation is initiated in order to prevent excessive cooldown of the reactor vessel and thus protect the RCS boundary. Supplementary protection against a MSLB accident is provided by closure of all SLIVs in order to prevent uncontrolled blowdown of all steam generators. The generation of the protection system signal is again short compared to the time to trip the fast acting SLIVs which are designed to close in less than approximately 5 seconds. In addition to actuation of the ESF, the effect of an MSLB accident also generates a signal resulting in a reactor trip on overpower T or following ECCS actuation. The core reactivity is further reduced by the highly borated water injected by the ECCS. The analyses in Chapter 15 of the MSLB accidents and an evaluation of the protection system instrumentation and channel design show that the ESFAS are effective in preventing or mitigating the effects of an MSLB accident. 7.3.3 References for Section 7.3 Katz, D. N. 1971. Solid-State Logic Protection System Description. WCAP-7488-L (Proprietary) and WCAP-7672. (Instrumentation operation details apply to three loop plants; however, block diagram may not.) Mesmeringer, J. C. 1980. Failure Modes and Effects Analysis of the Engineered Safety Features Actuation System. WCAP-8760. Reid, J. B. 1973. Process Instrumentation for Westinghouse Nuclear Steam Supply System. WCAP-7913 (Instrumentation operation details apply to three loop plants; however, block diagrams may not). U.S. Nuclear Regulatory Commission 1980. Clarification of TMI Action Plan Requirements. NUREG-0737. 7.3-25

BVPS-2 UFSAR Tables for Section 7.3

BVPS-2 UFSAR Rev. 17 TABLE 7.3-1 INSTRUMENT OPERATING CONDITIONS FOR ENGINEERED SAFETY FEATURES No. of No. of Channels Functional Unit Channels to Trip Safety Injection Manual 2 1 Containment pressure (Hi-1) 3 2 Low compensated steam 3/steam line 2/steam line (lead-lag compensated) any steam line Pressurizer low pressure* 3 2 Containment Quench Spray Manual** 4 2 Containment pressure (Hi-3) 4 2 high high Containment Recirculation Spray Manual** 4 2 RWST level low 3 2 Coincident with Containment 4 2 Pressure high high NOTES:

 *Permissible bypass if reactor coolant pressure is less than 2,000 psig.
**Manual actuation of containment spray is accomplished by actuating either of two sets (two switches per set). Both switches in a set must be actuated to obtain a manually initiated containment depressurization signal per train.

1 of 1

BVPS-2 UFSAR Rev. 12 TABLE 7.3-2 INSTRUMENT OPERATING CONDITIONS FOR ISOLATION FUNCTIONS No. of Channels Functional Unit Channels Needed to Trip Containment Isolation

1. Automatic safety injection (Phase A)

a. Containment pressure (Hi-1) 3 2

b. Low compensated steam line 3/steam line 2/steam line pressure (lead-lag any steam line compensated)

c. Pressurizer low pressure* 3 2

2. Containment pressure (Phase B)

a. Hi-3 4 2

3. Manual

a. Phase A 2 1

b. Phase B** 4 2 Steam Line Isolation

1. High steam pressure rate 3/steam line 2/steam line any steam line

2. Containment pressure (Hi-2) 3 2

3. Low steam line pressure 3/steam line 2/steam line any steam line

4. Manual 1 loop*** 1/loop Feedwater Line Isolation

1. Safety Injection

a. Manual 2 1

b. Containment pressure (Hi-1) 3 2

c. Low compensated steam line 3/steam line 2/steam line pressure (lead-lag any steam line compensated)

d. Pressurizer low pressure* 3 2 1 of 2

BVPS-2 UFSAR Rev. 12 TABLE 7.3-2 (Cont) NOTES:

  *Permissible bypass if reactor coolant pressure is less than 2,000 psig.
 **Manual actuation of containment spray is accomplished by actuating either of two sets (two switches per set). Both switches in a set must be actuated to obtain a manually-initiated containment depressurization signal per train.
***Additionally there will be two sets of control devices (two momentary controls per set) on the main control board. Operating either set will actuate all three main steam line stop and bypass valves at the system level.

2 of 2

BVPS-2 UFSAR Rev. 16 TABLE 7.3-3 INTERLOCKS FOR ENGINEERED SAFETY FEATURES ACTUATION SYSTEM Designation Input Function Performed (1) P-4 Reactor tripped Presence of P-4 signal actuates turbine trip Presence of P-4 signal allows manual reset/block of the automatic reactuation of safety injection Absence of P-4 signal defeats the manual reset/block preventing automatic reactuation of safety injection Presence of P-4 signal closes main feedwater valves on Tavg below setpoint. Presence of P-4 signal prevents opening of main feedwater valves which were closed by safety injection high-high steam generator water level P-11 2/3 pressurizer pressure Allows manual block of below setpoint (Presence safety injection on signal permits functions low pressurizer shown. Absence of signal pressure signal defeats functions shown) Allows manual block of safety injection actuation on low compensated steamline pressure signal Permits steamline isolation via high steam pressure rate if low pressure signal manually blocked 1 of 2

BVPS-2 UFSAR Rev. 16 TABLE 7.3-3 (Cont) Designation Input Function Performed P-12 2/3 Tavg below setpoint Blocks steam dump (Presence of P-12 signal except for cooldown performed or permits condenser dump valves functions shown. Absence of signal defeats function Allows manual bypass shown) of steam water dump block for the cooldown valves only (1) See Table 7.7-1 for control system functions. 2 of 2

BVPS-2 UFSAR Rev. 0 TABLE 7.3-4 FMEAs PERFORMED ON INSTRUMENTATION & CONTROLS AND ELECTRICAL PORTIONS ENGINEERED SAFETY FEATURES & AUXILIARY SUPPORTING SYSTEMS FMEA Title FMEA Dwg No. Steam Systems Main steamline isolation system 15-2 Steam generator blowdown system 5-15 Water Systems Station service water system 17-1 Primary component cooling water system 12-7 Condensate and feedwater system 5-4 Auxiliary feedwater system 5-13 Engineered Safety Features Systems Residual heat removal system 25-7 High head safety injection system 26-1 Low head safety injection system 26-2 Recirculation spray system 27-1 Quench spray system 27-9 RCS - pump hot/cold leg, bypass isolation 25-4 RCS - pressurizer control 25-6 RCS - reactor coolant letdown 25-13 Electrical Systems Class 1E ac power system 22-5 Class 1E dc power system 22-10 Vital bus uninterruptible power system 22-12 Engineered safety features load sequencing 22-6.1 480 V ac emergency power supply 22-8 Containment isolation signal initiation system 27-12 Emergency Diesel Generator Systems Emergency diesel generator fuel oil storage and transfer system 8-9 Emergency diesel generator starting system 22-6 Emergency diesel generator spurious trip 22-6.5 1 of 2

BVPS-2 UFSAR Rev. 0 TABLE 7.3-4 (Cont) FMEA Title FMEA Dwg No. Ventilation Systems Control room ventilation system 21-1 Control building ventilation system 21-2 Main steam and feedwater valve area ventilation system 21-6 Safeguards area ventilation system 21-7 Cable vault and rod control area ventilation system 21-8 Auxiliary building ventilation system 21-21 Primary intake structure ventilation system 21-23 Emergency diesel generator building ventilation system 21-34 Emergency switchgear room ventilation system 21-55 Battery room ventilation system 21-56 Service Systems Reactor plant and process sampling system 14-15 Supplementary leak collection and release system 21-18 Containment purge air system 21-19 Containment vacuum leakage monitoring system 27-10 Combustible gas control system 27-13 Spent fuel pool cooling and cleanup system 29-8 2 of 2

~Testing .,, J.,. Master Relay Testing *I I j... Logir Tesling *I ~ .. _ Final Device or Actuator Testing __:::;____~ I Bistable Input ~ Logic Circuit

                              ~

Master Relay -* Slave Relay

                                                                                                   *I   Solenoid Valves I

Motor Motor 01)Cr.

                                                                          ~

Starters Valves

                                                  ....      Slave Relay Solenoid Valves

___... Motor Starters ~* Motor Opcr. Valves r+ Slave Relay Breaker

                                                                                                    *I    Pump Motors     I Slave
                                                  ..... Relay Actuators
                                                  ...       Slave Relay Actuators FIGURE 7.3-3 TYPICAL ESF TEST CIRCUITS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

TEST LIGHT os* OEVJ REAR OF PANEL h'

                          . .)[.:-:

LOCA liON LEGEND SI'S - STC - SOLID STATE PROTECTION SYSTEM SAFEGUARDS TEST CABINET X- SWGR, MCC, AUXILIARY RELAY RACK, UC. ILLUMINA TEO PUSHUUTTON SWITCH WITH 28V LAMP NO. 327 ASC- AUXILIARY SAFEGUARDS CABINET lEXCEPT AS NOTED) CONTACT LOCATION SCHEME SPS SPS

   -* L21 s*                                                                                       s1c I

U)

   ~                                                                                                   (11) rKa*

L22 RESEll S821

   ~>

r -

   ~ -* I 0STC                                                                                           1!:1
                .1802                      141                                                          ~(:   1121 1101 SI'S                                                                                                ~

\.. IN) Of TAIL A : TYPICAL PROTECTION AClUA liON CIRCUIT BLOCK lNG SCHEMES

                                                                        .-/

NOTE 1 DETAIL B: TYPICAL PROnCTION ACTUATION CIRCUIT (CONTACT CLOSURE FOR ACTUA TIONI BLOCKING SCHEMES (CONTACT OPENING FOR ACTUATION)

• DETAILS A AND 8 OF THIS FIGURE ARE NOT TO BE CONFUSE 0 WITH AlPHA DESIGNATION OF LOGIC TRAINS A AND 8 FIGURE 7. 3-4 NOTES:

1 SOLID STATE PROT EC TtON S VSTEM OUTPUT (SLAVE R ELAV I SIMPLIFIED ELEMENTARY

2. ALL DIODES ARE IN~408 ENGINEERED SAFEGUARDS

3. ALL VARISTORS ARE GE VI30LA20A UNLESS OTHERWISE TEST CABINET SPECIFIED. POLARITY NEED NOT TO BE OBSERVED.

BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

I REV: 9 (961 lOGIC SYMBOlS A00 IT JONA L SYMBOI.S DEVICE FUNCTION liDERS AND NUMIERS FB R.OW CWINNft . SYMBOL LOGIC FUNCTION - - - - - INSTRUMENT CHANNEL BISTABLE LB l[\l[~liANNE L NC NUC CHAIHL

                                                                                                                               ~ IN 0 ICATES lHAT THE            ()['I{C£ OR INSTRUMENT CHANNEl HAS A Ill STAB L£ LOGIC 1 PB        PRESS RE CliA~L AND           A DEY ICE WHICH PRODUCES AN OUTPUT ONlY                                                Ill"'             OOTPUT WHEN:                                                                                               RC        RAD IAT ION CHANNEL WHUt EVt:RY INPUT {X ISTS.                                                       [_                   .STilE PARAMETER MEASURED IS GREATER THAN A PRESET VALUE                                                      SB        SPEEDCHAMEL L.. THE PARAMETER MEASURED IS l£ SS THAN A PRES£T VALUE                                                       TB U"Tl!E     PARAMETER MEASURED DEVIATES FROM A PRESET VALUE BY MORE THAN A                                        ZB tEMPERA lURE CHANNEL POSITION CHANNEL PRESET AMOUNT.

l::::f OR :f OR =t: SAME AS AllOY£ t:XCEPT WITH AN AUTOMA HCALLY SET VAR lAB L£ IJALUE 20 27 EL£CTRIC OPERATED VALVE UNDERVOl TAG£ RELAY NOT A DEVICE WH ICH PRODUCES AN OUTPUT ONLY WHEN THE INPUT DOES NOT {X IST.

                                                                                                                  -u-          OR  _f OR  L      SAME AS ABOVE EXCEPT WITH REOU IRED HYS TERES IS B£TWEEN TURN ON                                      33        POS IliON SWITCH SUFfiX l£ffiR:

AND HJRN OFF. IC. 10. be. bo LIM IT SWITCH

                                                                                                                             -----NON-INSTRUMENT BfSTABL£                                                                                                           ~ It            - TOIIQUE SWITCH OR            A )){ V ICE WH ICH PRODUCES AN OUTPUT WHEN ONE INPUT lOR MOREl t:XISTS.

i Z7 c'.~~---- OUTPUT INDICATOR SAME AS EXPLAINED ABOVE POS IliON SW ITCH DEVELOPMENTS

                                                                                                                    & -----                  ALARM ANNUNCIATOR !ALARMS ON THE SAME SHm WITH ThE SAME SUBSCRIPT                                                                                .Q. - f U l l TRAVEL OFF RETURN        A DEVICE WH ICH RETAINS THE COND ITJON OF

z. SHARE A COMMON ANtiUNCiATCR WI~DOW

                                                                                                                                                                                                                                                                       ~~:. tc MEMORY           OUT PUT CORRES POND lNG TO THE LAST ENE R-
                                                                                                                    & -----                  REACTOR TRIP fiRST OUT" ANNUNCIATOR bll,lo GIZED INPUT, t:XCEPT UPON INTERRUPTION OF                                                                                                                                                                                           Ill POWER IT RETURNS TO THE OFF CON 0 ITJON.                                         ,1, - - - - -            TURBINE TRIP fl RST OUT" ANNUNC lA TOR                                                                                   be (f)                     INDICATOR LA'-IP
                                                                                                                                                                                                                                                                        *. ms RETENTIVE         A DEVICE WH ICH RETAI NS THE CONO IT ION OF                                                                                                                                                                                          b.IOS MEMORY           OUTPUT COR RES PON 0 ING TO THE LAST EN ER-                                                              A ACTUATION STATUS LIGHTS GIZE 0 I NPUT lAlSO UPON INTER RU PTI ON 'Of                                                             T TRIP STATUS LIGHTS NAIVE CtOS EDI   IV AlVE OfiOO POWERl.                                                                                                  P PERMISSIVE STATUS LIGHTS i

B

• BYPASS STATUS LIGHTS I AOJUSTABL£ A DEVICE WH ICH PRODUCES AN OUTPUT { f ) - - - - - - COMPUTER INPUT 52 AC Cl RCU IT.BREAKER TIME DELAY FOLLOW lNG DEFINITE INTENTIONAL TIME -----LOGIC INFORMATION TRAI>SMISSION SUFFIX u:TJtR, ENERGIZ lNG DELAY AFTER RECEIVING AN INPUT. - - - - - - - ANALOG INFORMAl ION TRANSMISSION a AU~ILIARY CONTACT -OPEN WHEN M'IN CONTACTS ARE OPEN b AUXIliARY CONTACT -CLOSED WHEN !MIN CX1NrAC1S AlE OPRI H-IN CEll SW ITCH - CLOSE WHEN BREAKER I S IN THE CONNECTED POSf'TICH 0 -----ANALOG DISPLAY I AN"ALOG INDI CAlOR 63 11 PRESSURE SWITCH L£VEl SWITCH R RECORDER 80 FLOW SWITCH R2 RECORDER 2 F't.N 81 UN OERFREQUEN CY RELA'(

COINCIDENCE A DEVICE WHICH PROOUCES AN OUTPUT R3 RECORDER 3 PEN l2 OUT OF 3 SHOWNI WHEN THE PRESC RIB EO NUMBER OF INPUTS RS RECOROER 8 POINT t:X IS T l EXAMPLE 2 IN PUTS .MU ST t:XlST FOR AN OUTPUT I. ©L.. - - - - - ANALOG SUMMER ANALOG RETINTIVE A DW ICE HAV lNG 1lE lOG ICAL FUNCTION INPUT MEMORY AS iMD!CATED BY THE DIAGRAM BROW 1 A OEVICE WHICH Pf:RMITS AN ANALOGS IGNAt TO PASS IN AN ISOLATED CIRCUJT IF Tit: CON-WITH MANUAl CONTRO~ TITLE ACTUAlJNG SlGAAL MANUAL RESET AAALOG TROL LOGIC INPUT EXISTS. RESET LOGIC GAll

                                                                                                                                                                                                                                                                                                    ----------1 lMOMENTARY P. B;. l INPUT ot 5 b 7 6
                                                                                                                                                                                                                                                                                                      --------2 INOt:XANDSYMI!OlS-                             1 2 3 I

N01ES: ANALOG OUTPUT ftACTORTRIJSIGNAlS--

                                                                                                                                                                                                                                                                         ~UCI.fAI  lNSTI; ANIIWG.!All'IIP S IGAAlS - l IIUCLEAR INSTI. PDIMISSMSMOIUICKS--4 l 2 3 I 2 2 1 1 2 3 3 4 4 4 l
                                                                                                                                                                                                                                                                                                                               ?.

2 2 2 2 3 3 3 3 PRIMARY COOIAifl' SYStEM TIIP SlliiWS- --5 1 <2 3 4 4 5 5 I. IN ALL LOGIC CIRCUITS. THE IND ICATEO ACTUA T!ON Of A SYSTEM OR DEVICE 5. THIS SET OF DRAWINGS ILLUSTRATES THE FUNCTIONAL REQU lREMENTS OF THE PR£SSURIZEiliiP SIGNAlS-- - - - - -- 6 fI 2 3 4 5 5 GG OCCURS WHEN A LOGIC I SIGNAL IS PRESENT. EXCEP1 WHERE INDICATED OTHER- REACTOR CONTROL AND PROTECT\ ON SYSTEM , INC LUD I NG ENG INEE RED SAFEG UA R0S. $TEAM GENERATOR TIIP SIGNALS - - - - -7 I 2 3 't 4 4 4 4 WISE.. All BISTABL£S ARE DE-ENERGIZE TO ACTUATE" SUCH THAT A LOGIC I THESE DRAWINGS DO NOT REPRESENT ACTUAL HARDWARE IMPL£MEN.TATION. FoR $AFEGUARDS ACTUATIOI S IGIIAlS- - - - - -& 1 2 3 4 5 (;; 7 8 SIGNAL IS DEFINED TO BE PRESENT WHEN T\1E BISTABLE OUTPUT VOLTAGE IS OFF. HARDWARE IMPL£11'{NTATION. REfER TO THE FOLlOWING LIST, 110D COIGIUit.S I ROIIIOI:KS------- -9 1 -2 2 2 2 2 2 2

2. EXCEPT WHERE INDICATED OTHERWISE. THE FOLLOWING IS TRUE, ALL LOGIC FUNCTIONAL DlAG RAM BLOCK OR WI RlNG 0 lAG RAM STEAM DUMP COHTIOI. - - - - - - - - - ~10 1 2 3 4 4 4 4 4 CIRCUITS ARE REDUNDANT. ALL INSTRUMENT CHANNELS. BI STABLES. ANNUNC 1- I'RESSURIZEI NESSUREI LliiELCONliOL- -If I 2 '3 3 4 4 4 4 ATORS. COMPUTER INPUTS. AND INDICATOR LAMPS ARE NOT REDUNDANT. REACTOR PROTECTION SYSTEM DRAWING NUMBERS: 1243005 %55~'1 5b55050 pRESSURIZO H£A10 CCIIGIOl- - - - - -12 1 1 2 2 2 2 2 2 MANUAL CONTROLS 00 NOT HAVE REDUNDANT ACTUATORS. BUT DO HAVE RED UNO ANT \SHEETS I TO SAND 16] ~,.l.!Mlli.,'tliCB'I.I: 108}HB5:~'. fnDWAmt COHTIOL IISCIATICII- - - - -I) I 2 3 3 3 3 44 CONTACTS WHERE LOGIC IS REDUNDANT. All INDICATOR LAMPS. ANNUNCIATORS. REACTOR CONTROl SYSTEM 0 RAW I NG NUMBERS* 1243005 %5505?. ?.11C821

                                                                                                                                                                            \SHEETS 910151                                         *---,---,---*                         4UXI UARY FEEDWAlER PUMPS STAIJWI- - -lot 1 2 '3 3 3 3 3         3 AND COMPUTER INPUTS ARE CONNECTED TO BOTH TRAINS \WHERE LOGIC IS RE-                                                                                                                        TURBI~ TRIPS RUNBACKS & OlliUtSIGNA L.S -15 I 2 3 ~ 4 4 5        5 OUNDANTJ SO THAT A SIGNAL IN EITHER TRAIN WILL ACTUATE.                                     G. FOR DUAL BISTABL£S (I. E. BISTABL£ WITH COMMON INPUT CIRCUITRY. BUT WITH

3. FOR UNIT 2 TAG NJM&RS ADD A PREFIX '2: 2 SET POINTS. 2 OUTPUTS I THE OUTPUT/ SET POINT NUMBER lAS TAGGED PHYS \CALLY

( i REQU I REMENTSl ON THE BISTABLE/1 5 SHOWN CIRCL£0 BELOW THE BI STABL£ SYMBOL LOOP STOP VALVE I~---- --16 l 2~ t 2 2 2 2 EXAMPLE' 2PB-1<13A. 2 EXAMPle 1 rm~1 ZER PRESSURE RELIEF SVSTEM--17 l 2 2

4. WHENEVER A PROCESS SIGNAL IS USED FOR CONTROL AND IS OER IV EO FROM A F!iESSURlZER PRESSURE RELIEF SVSTEM- -I 8 12 2 2 PROTECT ION CHANNEL. ISOLATION MUST BE PROV I OED. !TRAIN 81 H-++-H!::.+==-1-=-1-1-1 OUTF"'JT SIGiNA..\...

FIGURE 7. 3-6 FUNCTIONAL DIAGRAM INDEX AND SYMBOLS BEAVER VALLEY PCNIER STATION-UNIT-2 UPDATED FINAL SAFETY ANALYSIS REPORT

REACTOR ffi IP sIG*NALS MANUAL REACTOR TRIP_....,

                                                                                                                                                                                                                                                                                                                                                                      ;'-'-R;. =E.. .;_V--'-1=-t2 ZG.O   V AC. BUS (SHEET 3)

TRAIN 't>: r---------""---~ MANUALSI----------~~ M., G Slli (SHEET 8)

                                                                                                                                                                                                                                                                                                                  ) 52./ 8YB MANUAL TRIPS IGNAL      -----------------------------~------------,

(SHEET~~ r---------~--~.~~

                           ,.           SOURCE RANGE. HIGH FLUX (INTERLOCKED BY P-6 & P-10)                                                                                                               M- G SE.T REACTOR TRIP
                                                                                                                                                                                                                                                                                                                                       &WITCHGEAFt ROD DRIVE-POWER                            SUPPLY NEUTRON FLUX INTERMEDIATE RANGE. HIGH FLUX (INTERLOCKED BY P-101     *----------------;                                                                                                                                                                         ) 5~/ ~TA
                                                                                                                                                                                                                                                                                                                  ) S'/!YA TRIP SIGNALS (SHEET 3)                                      ,.                     HIGH FLUX. HIGH SETPOINT
                                                                                                                                                                                       -                                                                                                 j                      l
                                                                                                                                          ;J.                                     a.   ~<t POWER RANGE                            HIGH FLUX RATE                                                                                            c:t:

o./l~

                                                                                                                                                                                       ~a:                                                                                          ROD      D,..IVE POWER           BUS HIGH FLUX. LOW SETPOINT <INTERLOCKED BY P~IO) f-
                                                                                                                                                                                       ~                                                                                                           (NOTE 1)
                                                                                                                                                    <                                                       a.

OVERTEMPERATURE 6 T - - - - - - - - - - - - - - - - - - - - - - - , - ex: 1-c:t:

                                                                                                                                                                                                            ~

a.

                                                                                                                                                                                                                 ~
                                                                                                                                                                                                                 ~~                                        ROD       DRIVE   SUPPLV 0"->E LINE.
                                                                                                                                                    -                                                       ~    .!lla:

OVERPOWER6 T

                                                                                                                                                    \!)

0 f?i LOGIC TRAIN FIG. 7. 3- 3 8

                                                                                                                                                    ~

a. c 'Au r--lil'\ 19 cr > ~ ~ .

(\ 1-

>~

f- 52b OPEN ~---~P__ -4_________ ~EACTOR TRIP SIGNAL. ex: LOW FLOW OR REACTOR ~ L (ijc:t: (NOTES 1 e;. 2) ...... r --f-__j FOR TURBINE TRIP

                                                                                                                                                                                                                                                  "'                                                                                        (SHEET 15)

I{) COOLANT PUMP BREAKERS _ _ _ _ ____,J c-*t--_.

                                                                                                                                                                                             -a.cr II)

OPEN fANY I OF 3 LOOPS, INTERLOCKED BY P-8) PRIMARY COOLANT $1Il

                                                                                                                                                                                                                                                                                                          &-----+-----                       TO FEEDWATER
                                                                                                                                                                                              ~

LOW PRIMARY  :::>>- SYSTE,'A TRIP SIGNALS CL 5:2 HIN OPERATE ' ISOLATION LOGIC

                                                                                                                                                                                                   ~[])

COOLANT FLOW ~ (SHEET 13) (SHEET 5) LOW FLOW OR I(

a. ~ 52a CLOSED TO STEAM DUMP REACTOR COOLANT PU,'A P -"

CONTROL lSH EE T 1O) BREAKERS OPEN lANY 2 OF ~~-([) (I)

                                                                                                                                                                                                                                                 ......_ 52 b OPEN
                                                                                                                                                                                                   ~->-                                          N 3 LOOPS. INTERLOCKED BY P-71                                                                                           ~          C\IID                                         Ill                                                                                         TO S. I.

I{)

                                                                                                                                                                                                                                                                                                                       ...!.                 BLOCK LOGIC (SHEET 8)

UNDER VOLTAGE (NOTE 3)' ~FIG. 7. 3-64 (INTERLOCKED BY P-7) ll::======~ UNDER FREQUENCY TO S. I. BLOCK LOGIC (INTER LOCKED BY P-7) ~ Ill l~2b OPEN (SHEET 8) ID 1-

                                                                                                                                                                                                                                                ~           52a CLOSED                                                                       TO STEAM DUMP z

HIGH PRESSURE - cO 52H INOPERAT.E CONTROL (SHEET 10)

                                                                                                                                                                         ~
                                                                                                                                                                                                                                                <'I Lll                                                                                          TO FEEDWATER PRESSURIZER                                                                                                                                                              u
                                                                                                                                                                                                                                                                                                          /r'r~.-+----- ISOLATION LOGIC (NOTES! C. 2)                                                           LOGIC        *                              (SHEET 13)

TRIP SIGNALS LOW PRESSURE <INTERLOCKED BY P~7) ~ Q. TRAIN (SHEET 6) ... 0 - usn {----

                                                                                                                                                                                                                                            ~    a)

REACTOR TRIP SIGNAL. I- 52b OPEN f'-4 FOR TURBINE TRIP

                             ..          HIGH LEVEL (INTERLOCKED BY P-7) - - - - - - - - - - - - - - - - - - - - '                                                                                                                               tt rv                                                                          zo (SHEET 15)
                                                                                                                                                                                                                               .----~

11'1 c 1----e-f FIG. 7. 3-38 r FIG.7.3-29 NOTES: STEAM GENERATOR

1. TRIPPING THE REACTOR TRIP BREAKER5 52/RTA AND 52/RTB REDUNDANTLY OE-ENERGfZES TRIP SIGNALS THE ROD DRIVES. ALL. FULL LENGTH CONTROL. RODS .bN D SHUTDOI't4 ROD$ ARE THEREBY (SHEET 7) LO-LO ST. GEN. WATER LEVEL RELEASED FOR GRAVITY INSERTION INTO THE REACTOR CORE.

                             ...                                                                                                                                                                                                                                           2. NORMAL. REACTOR OPERATION IS TO BE WITH REACTOR TRIP BREAKERS 52/RTA AND 52/RTB IN SERVICE AND BY-PASS BREAKERS 52/BYA AND 52/BYB WITHDRAWN. DURING TEST ONE BY-SAffniNJECTIONSIGNAL _ _ _ _~~~---------------~--~--------~-~                                                                                                                                                                                                                   PASS BREAKER IS TO BE PUT IN SERVICE AND THEN THE RESPECTIVE REACTOR TRIP (SHEET 8)                                                                                                                                                                                                                                                             BREAKER IS OPERATED USING A SIMULATED REACTOR TRIP SIGNAL. IN THE TRAIN UNDER TEST. THE REACTOR WILL. NOT BE TRIPPED BY THE SIMULATED SIGNAL SINCE THE BY-PASS BREAKER IS CONTROLLED FROM THE OTHER TRAIN.

TURBINETRIPSIGNAL(INTERLOCKED BY P-9)~--~-~~--~---~---~~--~-~~~---~-___,J 3. THE BY-PASS BREAKER INTERLOCK IS OPERATIVE ONLY WHEN BOTH BY-PASS BREAKERS ARE IN (SHEET 15) THE OPERATE POSITION.

4. ALL. CIRCUITS ON THIS SHEET ARE NOT REDUNDANT BECAUSE BOTH TRAINS ARE SHOI't4.

MANUAL REACTOR TRIP _ _ ____,~J..---... (SHEET 3) r \ TRAIN 'B' MANUAL S I 1\ 1--___;,...;;....;_;,_...;;.__ __. (SHEET 8) FIGURE 7. 3-7 FUNCTIONAL DIAGRAM REACTOR TRIP SIGNALS BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORl

POWER RANGE HIGH NEUTRON fLUX RATE REACTOR TRIP REACTOR TRIP INTERMEDIATE RANGE REACTOR TRIP POWER RANGE REACTOR TRIP SOURCE RANGE I II I II ll Ill c::L:D r-rs-J

                                                                                                                                                                     ~                                       ~

I/N 41K' I/N 43K

• MANUAL : MANUAL :

RESET *--------. RESET *-------,

                                                                                                                                                                 !NOTE 61'        I                      !NOTE 6)*

• I Ill TO TO

                                          !.A. ROO                                       I.R. ROO STOP                                           STOP                              HIGH NEUTRON FLUX:                                                         ---------@)FIG. 7.3*34
                                         !SHEET 4l                                     !SHEET 4l                               tHIGH SET POINT!
                                                     ~--_.                                                                       REACTOR TRIP
                                                                                                                                   !SHEET 2l                                                  HIGH NEUTRON FLUX RATE REACTOR TRIP TO                                                                                                                                            !SHEET 2J I.R- ROO STOP
                                              !SHEET 41 HIGH NEUTRON FLUX                    HIGH NEUTRON FLUX HIGH NEUTRON FLUX                                                                    !LOW SET POINTJ REACTOR TRIP                                  REACTOR TRIP
                                                               <SHEET 2)                           REACTOR TRIP                      NOT REDUNDANT!                                                       NOTES:
                 !SHEET 2l                                                                           !SHEET 21

1. THE REDUNDANT MANUAL BLOCK CONTROLS CONSIST OF TWO CONTROLS ON THE CONTROL BOARD FOR EACH RANGE. ONE FOR EACH TRAIN.

2. 1/N 33A IS IN LOGIC TRAIN A.

REACTOR TRIP l/N 338 IS IN LOGIC TRAIN B.

                                                                                                                                                      <SHEET 21

3. J/N 38A IS lN LOGIC TRAIN A.

liN 388 IS IN LOGIC TRAIN B.

4. l/N 47A IS IN LOGIC TRAIN A, f/N 4 78 IS IN LOGIC TRAIN 8.

5. TWO COMPUTER INPUTS ARE CONNECTED TO THIS CIRCUIT. INOIVlOUAL FOR EACH TRAIN.

6- MANUAL RESET CONTROLS CONSIST OF FOUR MOMENTARY CONTROLS IN THE CONTROL ROOM. ONE CONTROL FOR EACH INSTRUMENT CHANNEL.

7. TWO PERMISSIVE STATUS LIGHTS ARE CONNECTED TO THIS CIRCUIT. INOIVlDUAL FOR EACH TRAIN.

8. HIGH VOLTAGE MANUAL CONTROL SWITCH 5104 IS LOCATED ON FRONT OF SOURCE RANGE DRAWER. ONE F=OR EACH TRAIN.

THIS FIGURE SUPERSEDES FIGURE OF SAME NUMBER. REVISION 9 FIGURE 7.3-8 FUNCTIONAL DIAGRAM NUCLEAR INSTRUMENT & MANUAL TRIP SIGNALS Olillil8IZI-200l.409-00HH 9, REV. M) BEAVER VALLEY POWER STATION UNIT-2 UPDATED FINAL SAFETY ANALYSIS REPORT

POWER RANGE INTERMEDIATE RANGE POWER RANGE I n m

                                                                                                                                                                    /----------------

f I n I I n m m. P-Ia TUReiNE IMPULS!. fi'I.OM liN 3""' CIW'IBER PRE-01'1~ SYP"'SS (SHEET 3) (SHE:ET!5) FROM liN 35,.J IR BYPASS (St-IEET 3)

                                                                     ~- 6 (sMH.T J)

C-1 p_q P*7 P*IO t-101 RE.OUt-IO~"T 1-!ICOH NE uTROioi l'l.. u.._ (SHEET 15) (SHEETS'S ~ '-) (SHE.£ T 3 ) ROO STOP (&.OCK A\J1't)MA1"1C ~ MAN!JA\..ICOD WITI-IDI2AWA\..~HEET '7) POWER RANC,E POWER RANGE

                                                                                                                                                                                 ~TES:

I* 1}£ BY *PASS S IGI'W.S ARE lolAOE Lf' BY ~ CF TliO TtllEE- F'OS 1T1C>>1 Sl!ITCI£S ON A NI S RACI< . SW I TO! liN ~9.1 BYPASSES Eln£R NC. ~ 1L OR NC-0... Sill~ liN 49!! BYPASSES Em£R NC-42l OR NC-441.. Z. Tl£ TWO P *S BISTASLES ~- NC-350 ~ NC-360 4RE "ENERG IZEC ro ACTUI. TE" 5UC.H TH.t.T A LOG I C I 5 IGNAL IS OEF It£D Ttl BE PRESENT I'I£N Tl£ BI STABLE WT!'UT VOLTAGE IS Ctl. NOT REOlJNOANT P*ll (51-!E.ET 5) c -2 OVE.RPOWE/1. '100 STOP (BLOCK A\JTOMATIC.l MANUAl.. POD v.; ITH OR"W"'L) (SHE<:T ~) FIGURE 7. 3-9 FUNCTIONAL DIAGRAM NUCLEAR INSTRUMENT PER MISSIVES ~BLOCKS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 9 f 961 UNDERVOLTAGE RCP BUSSES OVEI'i!. TI:M'i"E<Uo.."T L.lli!'a. .O,T OVC.Q PoNE.~ AT BUS I 8 us 3 (LEA.q'LA.u COM PE.N"'A.TE.C) (L~ LA.G> COH<>i.'-ISO....TC.C) lOOP 2. li

                                                                      ~

BY O"T~E.~ BY O"THa~ BY il NES FIG. 7. 3-34 R.EI\C. OR TRIP (SHE.ET 2)

                                                                                                                                                                               '<>T"'-'ii!.T T~Sio.\E Q\flf.lli.TE MP!ilii .....TU ...... .O.T OVI!JC..<=CW~~      AT AIJ)c 11..1 A.RY                                                                 BY @ NES                      BY  @ NES
                                                                                                                                                                             ~'U)W. ."Ti.~

( I..EA.C/. I>.G C.oMP&.NSA.."TE.O) Co MPe.N'io .....'Te.C) P\JMP n m (LI<. A.D/ LA..<O,

                                                                                                                                                                                           *,4)

I II m (~H'E.E.o

                                                                                                                                           -+-N07' ,.EDLJNDAN7' 5

7 c I __ _j c-~ c 7n STA.CT TUR81Nfi. RUNSACK. ISL OCK AVTOI>t AT 1C ~ N!.VJU"- ROO W/THORAw>.l( S MEETS 9, l!i) LOW TAV~ ~IGH TAVG ~TES; LOOP/ LOOP~ L00P3 LOOP I LOOP 7. LOOP~ LOOP I LOOP 2 LOOP 3 I. THE SET PO I NT OF THE UNDERI'OL TAGE RELAYS ~Oll_O BE ADJUST ABLE 1 .II m I D m BETWEEN 60% AND 80% OF N(]oil NAL \Q.. TAEE. Ill TH THE ADJUSTABLE T IME !lELA Y SET TO ITS MIN lloUI VALUE , THE U.'IJERVOL TAGE DETECTOR SHJLJ._O HAVE A T I ME RESP~SE OF LESS THAN 0 *2 SEOJND. THE AD.AJS TABLE DB._AY SH\U..O ALLOW AN ADD I TIO:JNAL I NTENT I DNAL DELAY BETWEEN 0 TO I . 0 SECOND. 2* TIE SET PO I NT OF THE UN DERFREWENCY RELAYS SHJULO BE A[;JIJS TABLE BETIIEEN 54 Hz AND 59 Hz . Ill TH THE ADJUSTABLE T I ME DELAY SET TO I TS M I ~ I MUM VALUE, THE UNDERFREQJENCY DETECTOR SfO.J..D HAVE A Fl-8 Tl ME RESPONSE OF LESS THAN 0 . 2 SE~D. THE ADJUSTABLE DELAY ( ~ E'E.T 4) SHOULD ALLOW AN ADD I Tl ~AL I NTENT I ONAL DELAY BE TilE EN 0 TO 0 . 5 SEDOND.

3. THE MAXIIoUI ALLOWABLE RCP BREAKER TRIP Tl ME DELAY IS 0. I SEDOND.

TIE IIAX I Mllol ALLOWABLE RO" BREAKER OPEN S I Q-IAL T I ME DELAY I S 0

• I SECOND.

lii:EACTOii Tli!IP R£1\C.oO~ TRIP (~I!'CT'Z.) (SHEer 2.) FIGURE 7. 3-10 FUNCTIONAL DIAGRAM PRIMARY COOLANT SYSTEM TRIP SIGNALS BEAVER VALLEY POWER STATION-UNIT2 lPOATEO FINAL SAFETY ANALYSIS REPQ;T

REV. 14 PRESSURIZER LOW PRESSURE

 <LEAD/LAG COMPENSATEDl LOW PRESSURIZER PRESSURE PRESSURIZER SI BLOCK CONTROL
                                                                                                                                                                                                       <NOTE Jl P7 (SHEET4)

REACTOR TRIP 52 FIG. 7. 3*83

                <SHEET 2>                                                                                            OPE ALL                    P*ll ACCUMULATOR               (SHEETS  7, 11)

ISOLATION VALVES (NOTE3) TO SAFETY INJECTION (SHEET 81 PRESSURIZER LOW PRESSURE l\.. EAD/LAG COMPENSATED) REACTOR TRIP tSHEET 2> I PB NOTES: II II I. 11 RECUICAHT NAHUAL llLOCK CCHTRO.. COISISTS f;, TllO ClllTRDLS ON T>E CONTill. l!OMD , ONE FOR EACH TAAIN.

2. T1IO IXM'l/TER li.llTS ARE COINECTED TD THIS CIRCUIT, INDIYIDUIL FOR EAQI TRAIN.

                                                                                                                                                                   '*  TllO PERMISSIVE STATUS LIGKTS ARE ECTED TD THIS Cl'ICUIT, INOIYllllJI. FOR EAQi TRAIN.

P7(SHcET4) PRESSURE REllEF IHT!RlOCK ISHEETS 171> 18) REACTOl'I TRIP (SHHTi?) THIS FIGURE SUPERSEDES FIGURE OF SAME NUMBER REV.3 FIGURE 7.3-11 FUNCTIONAL DIAGRAMS PRESSURIZER TRIP SIGNALS (2001.409-001-022, REV Kl BEAVER VALLEY POWER STATION - UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV 12 HIGH STEAM PRESSURE RATE STEAM GENERATOR HI- f.ll LEVEL (RATE-LAG COMPENSATED) LOOP I RESET BL!l;l< MWENURI . . ENTIRI 4 6 3

                                                                                             .,_-I'T                                                                                                          P-I I (SHEET  6)

STEAM GENERATOR LOW-LOW WATER LEVEL r----------------------------~*~----------------~~------~, P-14 TO. TURBINE TRIP & FEEOWATER ISOLATI()l 9 (5t£ET 13) NOTES: I. THE REDUNDANT MANUAL. BLOCK* CONTROL. CONSISTS OF c p TWO CONTROLS ON THE CONTROL BOARD, ONE FOR EACH (NOTE 2) (NOTE 3) TRAIN*.I SUPPLIED BY OTHERS

2. TNJ CXM>UTER INPUTS ARE CCII>H:CTED TO THIS. CI.RCU IT, INOI~IDUAL FOR EACH TRAIN.

3. TWO PERMISSI~E STATUS LIGI*I.TS ARE CONNECTED TQ, THIS STEAMLINE ISOLATION (SHEET 8)

CIRCUIT, INDIWIDUAL FOR EACH, TRAIN.

                                                             ~

TO AlJX ILl ARY FEEDWATER PLM" START-UP LOGIC (SHEET 14) LOW STEAWLINE PRESSURE ( L.E AO-LAG COWPE NSAT EO) SAFETY INJECTION ANO STEAMLINE ISOLATION (SHEET 8) FIGURE 7.3-12 FUNCTIONAL DIAGRAM STEAM GENERATOR TRIP SIGNALS BEAVER VALLEY POWER STATION -UN IT 2 UPDATED Fl NAL SAFETY ANALYSIS REPORT

REV 23 BY CONTAIXITTEHT COHTROL RAOIOACTIYITY ROOI' AREA CONTAIHIJIENT PRESSURE MANUAL ACTUATION FROM @BIROL BOARD r{.E. OETECTORS MOI{ITORS STEAIA GENERATOR PEESSUEIz.EB H (BY OTHERS) {BY OTHEHSI lltcr{ STE tr LOU SNE\ilL]NE LO'V PRESSTJRIZER EY OTEETS PRE55UfiE RATE PRES6UFE Pf,IE5S{.IRE H$II ($tlEET 1) (sHEEr 1) (NorE 4) EEEilAV AIR Roro I ACfLATI+l GAS I gY BY (sneer c) tr TI TE$T r TEST TEST TEST E ffiifioc Ul'll T BY CYF!ASs r Bi cr B/

                                                                                                                                                                                                                                                                                                                                                          .l 4t     Ht-                         Ht-z 6.73-61 3                                             E, fot*66                                                                                TO      I IVTANUAL EESET                         P-{

AHD BLffi,I1 REACTOR TFIIP e' l @ rr.s.r. CONTEOL sft ROOM 6HEET ?) (NCrE 4) 4a t{r- 3 CREBAPS MANUAL ISOLATION AHb INITIATION co AIR BOTTLE CREBAPS SYSTEH MANUAL RESET (NOTES 8 & C} evlev

                                                                                                                                                                                                                                                                                                                                       -+
                                                                                                                                                                                                                                                                                                                                        @ lmtsns N.E.Sl FtG, HAI.{UAL   f,'TET tNo"E cfs) 6, ?S-!7                                                                                                                                         SrCtNAl-1r.5{

Ft6 FIG. (NOTE FEEtrYI1{?ET rEaLAttof{

                                                                                                                                        ,3ragEf r!)                              ri-{,lFB I                                                                    t SHeEr .4) 7S:t9
                                                                                                                                      ,3{o                                                                                          7J.6a
                                                                                                                                      ?l{r t\roTE t3)          (NOTE r:Il  trETG 13)

INJECf,QH tF')ne tS0llTtON PAFT EY @ SvgrErt iSOL A PHASE B 52 ftoTE 'o) - I Norg ?i (rlofE 6 ) t (roTE I ilOTE {:}

                                                                                               ]SIES:
                                                                                                !. Til' littrtrraf c(I.fiIl.s o{ r}E (tltTHL cufiD. FgHrTlliG                                 6. fiIf,SlElTS rnE lflolvlgJllrY SElrEE lH (L 1U), SE lllAT LDSS 0F                         II. ILSO CI.6ES TTE SYPTSS     YIYE II{ FIRAIJJL TIIH lHE ISTEIAIED SIEIH ELotE          II                  il Ern'fi ctllIEL illl     lgruAIE,                                                               Tf AEruATIOI SIOIIL IILL IOT UIJSE ]ICsE OOfiilB{TS IO RflIJil TI         IHE                 LITI SITf YALYE.

coolTloll l.Il Pf,lofi III llf llrl,Et{r {F IHE rcll,lTl{x slB{tL' r?. LtErls rflto E Pfl)vrEE lN n{E fixrntI. mox rE EAo{ SrErt lliE snF rr.JEi 5?6F STEP S-lOF 2, rlf HrrurL sFnrY rgrurrlor oilrsr$s 0F FUJE r{tEl{TAFr  ?. SERUICE IAIEE Sr$IEl lS(LATl0{ lS USo O,l.Y lF fiEqrlfiED. VTLtIf ID IIOICTTT l{E{ THE YTLVE I$ FJIY CLSEP (n FTIIY IFE{. csrl$s, lfruATlol ,lLL $ctn oilLY rF trE ASglGlarED Ir. nc rflulrror HaY E E-IYEE r.o sEg.E(Eo rF tr{E ErEiEEr, urEsEL pffiR No VALVE VALVE NO CO{T(LS TNE CEEATEO SIIIJ-Til8,'SLY. c, lllE lEUlElllr llI{JlL RESET COlSlSrS 0F IrE l0G{r$Y cq{rm's fi{ Tl{E cfl8llrTy ts LESE n,lll{ I1I ][TtL L0r0 ttllr rr sr$Els st5rt]G. ttf

                                                 '                                                                                                                                               cilfim. rffiD, oE Fof Etol rnalf.

S. Of TOEJTAFY TITIIE PER UIF O{ IHE COIIEL T}TE. TllC E_AY(S]. tF tED. t{ t r{tT EtEfo I{E Hililtll sTlf,fll$ ?uf'

a. cfltTilflE{r FESSJf,E Ersilc.Es Fffi spF y AcrurilO{ l8E t. sfFLrEU Ef onfrEl. nEIUTiEf'{I(S) Fon El0{ sYslEr, tmEeI ltgrEtI N6rE ro. s FErY rH#rl0{ $qJsrcE EOJIRA{I8 (lF SEqr$EE ls tcEssaFY) lr, m Eu.tErl{t ruaurl. rfiurTt0l Ffi sttlEr LEvg- sTErlt-ttf tgq.ATtot ctltst!}Is (f Etn rf,E{Tlfrf c((Tf,.s. Iilt FIf, E or TRIll4, AEruAflC{ ilLL f I 12) S'EfiGIZE.TO.TCruATE (011#F EISTTS-ES TiE OE.EIEFGIZE TO

                                                                                                                                                                  ^SIUAIE}                        tnE   gPECrTro rY o  r{.E.s, 5                                                                                                                                                                                                                                             ffi0.F tft A gnEr t8 l1{ ilLy rF m IE rssDctAlttr oo{mol.s af, (FElIEI) slItLTilfitrLY.

EOTE ,}EHERGEHCY FILTNATIOTI SYSTEM 13 DELAYED 60 MIT{UTES FIGURE 7.3.13 FUNCTIONAL DIAGRAM SAFEGUARD ACTUATION SIGNAL (2001.409-001-024 REV. L) BEAVER VALLEY POWER STATION . UNIT No. 2 UPDATED FINAL SAFETY ANALYSIS REPORT l.tr.U2r.iJF iAR'.F lC 7.3-i3..Jc,,

~-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------- ---------------------------- REV 15 TI>."G T"'VG 6T O.T b.T ROC BO'T'TOM C-4 C-3 c-z ~-I T "'VG L.OOP I LOCPZ I..OOP$ I.CCP I LOOP 2 \..OOPS

                                                                                     "!.I <iN.._\.                                                                                                                                                  H16iW FLUX                    fiiGiH l=LWC                                                                                                                                                                                                                                 I
                                                                                ~NY            FU\..1..                                                                                                 ~l'l-~-                 ~~-

I I I I I l.,.liNCiiTH J;IO C) 'F"'W'ER . TEMP. ( 1/4) (vz) I I I I I I I I FIIIOM ReO AT 0. T (P'OWtE.It 1t-IIIE'R WI E'OI"-T£ I I I

                                                                                       !IC)S.I'T IC N INCIC.A'TICN SV'Io'T'*M (2/:3.)               (2/3)               ~""'Civ)                    ~I>.NG£.                        I                                                                                          I                 I I

r I I (SH e.e."T 4) I ' I t-

                                                                                                                                                                                                      ~E'ET5) (SHES.T5) ~\oliiT4)                                                                                                                                                                            I                 I                                                                                               I                                                                                               I            I I                                                                                                                                                                        I                 I                                                                                               I                                                                                               I            I CD~I                          t-0;                                                                                            t-                                                                                 -'1                     ~@

i---- 'T' T -.T ---; 1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        -f ----; ,_----
                                                                                                                                                                                                                     . . - - - - - - - - - - ' - '_ ___.                                                                                    ---.                           -                                 1                 1                                                                                                                                                                                                            1 JIOHI,IIt IIIA,Netll
                                                                                                                                                                                                         ..,.~HIIJT'rN~L.U"'C TURIWWS. IMPIJ\..'it~ I cH~aE~                PREssuRE
                                                                                                                                                                                                                                                                                                                                      ..tJ'~                        __;;,;' +
                                                                                                                                                                                                                                                                                                                                                                                                                               ~----,Tr;

__!t~- f --- ~

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ~-             ;-        ~                                                     I                    ~

y 1 (> I I I

                                                                                                                                                                                                                                                                                                                                            .l                                                                                                                                                                                                                ..l r                                                                           I                           I               I              I                                                I                             I                                                                 I                                 I                              I                              I 1                                                                            .J.....

l I I I I l :

l+(cc; 1 I I I I I

• I L- ~---- -f1 1 1lo'~~ 1 ~?a>  :  : (4T~r:.~ ~ (.;rcr~)  : ~~ r:;rl :

A '9' I lJ I V ) ~ c \ rl I A 1.f I ~e I I ~.:o-n's I 1 I I I u ~ I 1 I I U~ J+ns 1 1 r- -'- i

• 1 1* 1 1 1 I I

                                                                                                                                                                                                                                                       ~                                                           1 1                         £ 1               :

I A I I I I ~~~ I I A 3 l A 3 I I I A 3 I I I)  : Ir 1 (NoT~ s) 1 (t.loTE s)  !  : ~~ s>' I (Nor~ :t)  : (No* e. 5) 1 ~ <t-~O"t~ S) 1 II' I L I

• I I
• I I

I I r-_....l_ _,ta_

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              .L            I I

I 1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ~ ~~~~~~-~I =~ -~ ~ -_- :_ :~~~~f~A~

L - - - -- I 4 I -_I_ - - - MEDIAN SIGNAL I XX ~-2~ TR~~ ~- ~ - --@-- -~ ~1 - -r --- -- -s~L=T~R- - - - --- --~--_J I

• I T'-+ __.. I l+I"3S . I I

                                                                                                                                                                                                                                                                                                                                                                                                                                                                   --+        ----

ns+t L_ - Hl.45l(HI5S 'I I J --r- --------, L__ --~L:k------

                                                                                                                                                                                                                                                                                   +      ,r-'

i- --,---- I r+:, ---,-- -~ -~- ;J.-- ;;t;- ;;i, J-,

                                                                                                                                                                                                                                                                                                                                                                                                                                  ~------

T @gs)  : ~ K2A ~ ~ ~ qSJ Cri ~

                                                                                                                                                          ~      - - --- - - - - - - - t - - - - - -                                                                            _j                                                   U                ._      - - - I                                           BIAS              I                       BIAS          I                  1     BIAS I

BIAS I NOTES:

                                                                                                                                                      ~

• I I' j:

I I' l.+ I _,l+ I

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   *g+ I    I I.      ALL CIRCUITS ON THIS SHEET ARE NOT REDUNDANT.

( * * (.NOTE 4) A 1 I I I I I I 1 1 4~v L~ L ,;1 Ltc L: )1.] L~ L }!J l~J 2. KQTMAY VARY INVERSELY PROPORTIONAL TO LOAO WITH A

                                                                                                                                                  <D     c       lL                                                         ~
                                                                                                                                                                                                                                   '+-'

1 r To -=aT&.,.... OUMP COMTROI. ro PREssuRIZER LINE.\.CO!<o4'M'C\.. I . T ,,

                                                                                                                                                                                                                                                                                                                                                                                                                                      \!'IO"R 3
                                                                                                                                                                                                                                                                                                                                                                                                                                                        } r
                                                                                                                                                                                                                                                                                                                                                                                                                                                              ..-- - -,               r -- *                     (i:.!oT* !)                i FIXEO LIMIT OR MAY VAFf'f .IN 00 DISCRETE STEPS WITH BREAK POINTS AT ~0-50% AND 60-80% TURBINE LOAD.

I (SHS.~ 10) (,"DI-It.;.'T I 1) t- - - - - -I - ...... .iJ I I 3, THE SUI+ER OUTPUTS HAVE FIXED MANUALLY ADJUSTABLE UPPER LIMITS, I I. ~-- - I- -.., R~ - -; - - - - - --.,

                                                                                                                                                                                                                                       .                                                                                                                                                                                                                                                                                                                                                    4. THE ROO DIRECTION BISTABLES ,.,.SB408C ARE "ENERGIZE TO ACTUATE".

MANUAL I I l I ( -. "I I I 5. ALARM I AND ALARM 3 KIST HAVE REFLASH CAPABILITY. ROD CONTROL 8A.NI( OPOSITioN - - - - - - * - --~--..!__!__I_.__ I__ ) I

                                                                                                                                                                 ~~,.s                                                                                                                                                                                                                                               I                     1                   I           :1                        I                                      I MOMENiAI0.~-1---- - - - ,                                               I                                                                                     SA Nl( c. ~ITIOM                               -     -      -    -      -    -      -

I I I I

                                                                                                                                                                                                                                                                                                                                                                                                                                                                            -   -+1                  I             I                        I I                                                                                                    e. ~ITION                       ~--                                                                                I                                     I             I                        I I
                                                                                                                                                                                                                                                                                                                             &I>.NK.                                                        -     -     -       -      -     -       - ...                                 I      I I                                                                                     BANI(,         A      F'IOSillON               -      -     - .... -             _lI - - - LI - _l.I _ j I                                                                            I                        lI

liOI ~s.ac

                                                                                                                                                                 ~O<:o I F I lt E 0       M li>.NUA.l..

• I IN tmeNTAr;rf L~J L'VJ l~J ~-~J I '

_ _ _ __.'\.~---~ 6 A \I'TO- M ..N\UI*"- r-___.I r-___.I

• r--+

I 1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                         ,\}v~'~""'L 1               I                           1*             I                       1             I                                    I                1
                                                                                                                                                                                                                                                                                                                                                                                        ~) (i
                                                                                                                                                                                                                                                            ~\.I.C,'TQR ~I'TC:~

RO~ IN

                                                                                                                                                                 --                                                                  AN~ \.OG QOCt.PIUlO
                                                                                                                                                                                                                                              ~-----@
                                                                                                                                                                                                                                                                                                                                                                                     <D         ~               l_

d~ (}~, CD ... ~ L. CD'

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         ~

CD a~~ r-~ ""L J ~

                                                                                                                                                                                                                                    .. ,6 ... ~                                                                                                                                            A              A                                       A                           A            A                                     A                A
                                                                                                                                                     '                                                                                                                                                                                                                                  LOW BANK A Lo-1.0                      LON BANK B LO-L.O                   LOW BANK C 1.0-LO                               I..O'fi BANK 0 l..o-t..O FIGURE 7. 3-14 FUNCTIONAL DIAGRAM ROD CONTROLS &ROD BLOCKS (2001.409-001-025. REV. U BEAVER VALLEY POWER STATION-UNIT2                                                                                                                                                                              :;
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~

UPDATED FINAL SAFETY ANALYSIS REPORT

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~

0 8

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        ~

25-0CT -2005 06:52 M: \u2\g 7 0 31400.e 12 ~

REV 3 BY BY BY BY

   --- -- ____c_r                          __!i?EDU~ANT N.E.~      O!Mt.RO:.

T;J~B,NE PI?ESSllRE (NOTE 4) MEDIAN TA\1'4 I (5>-!EET":l) REF"EIIE>-!CE 5TEAN\ DuMP I I PRESSURE T AVC::o c: IRC.ULATIO"-J* JV.>.TER I P-4

      !NIERI...OC.\( SELE.CTOii!                                                                                                                                                                              INTERNAL I
          ~WIT"CH ("-'OTE             3)                                   CONDEN::.ER                      PuMP            Jl    REACTOR TRIP SETPOPNT" STEAM Do..J!V.P COI-J"11<CL N\ODE SELEC"ToiC' SW.

I (SKEET 2) I

• P1'2. PI<'ES'>UF<-E ':>WlTC>-1 6REA~<E!i?S LO.OSED ~

(NOTE 9) LO-lO TRNN"' TRAIN 6

                                                                                                                         ~!

S2.._ I I ,------~~'-~-------, 5TEJ>M l-1 E.AOEIC' STEAM GENU<tl.TOR STEt>MGE>EI?AlOR S~ AM G. <;;N ERA "TOii l_r I P!<'E.SSlRE t TA"" I'<CE!>5WRE ~~ I C ONT"IO'qC LE R CDNT"OtOLLE.R C~L~R PFIESSWRS. ( s><e:eT 5) I "a(l *r*s) T~~s) ..,'2(1+..!.. )

                                                                                                                                                                                                                                                                                                               "*2 (1 *
                                                                                                                                                                                                                                                                                                                                                                ~clt~~FI Ej                                      I                             ~                                                                                                         I I                        l I

I I L L --- I' I I I r---, - _ _ _I I I (NOTE. 5) I : r-I I I I I I I I I I I I I I I I I I I I I I .._ I I I I I L ___ _ I I

                                                                                                @ N.E.S.                                                                                                                                                                                                                    I
                                                                                                                    ----+                                                                          .__---.

I I aY'

                                                                                                            ,--                                                                 L_ ____ ~-- - - - - - -                                                               I            I                                                               I I                                  - -t- -*                    -  --
                                                                                                                                                                                                                                                       -1 I

I I I

• I I

I I I

                                                                                                           ~l_

I 4g

                                                                                                                                                                             ~J ~_f ~~~_r                                                                                                                                I I                                                               I 4                                                                                                   I            I I

_[ J CD I (j) I I I I I I

                                                                                                                                                             "' z                    "14                                                                             I                                                      I                      I
                                                                                                                                             "' I (NOT£.4,)
                                                                                                                                                                                                      "' 1 (toCTECO.)                                         I                         I                           ..,.I I                                                                                                     I N.E.S.                                                I                       I
                                                                                                                                                                                                                                                                     !             I                          ~'"*I I                       I I

I i I I I I I I I I I MODULATE. MODULA.fE LOOP2

                                                                                                                                                                                                                                                                                                                                                                 ~00\lL.I>.TE.

I I LOOP 1 ~E 1'1--\'i; LOOP:5 I

                                                                                                                                                                                                                                                                                                               ~E
                                                                                                                                                                                                                                                                                                                .>.TMOSP'-'ER*C            AT'VIOSA<ERIC.        AT...,OSPHe.RIC.

i I '?E:LLE"' VALVE. !eEL IEF VALVE. I R;o;I...IE'F V .....LVE. I I I I NOTES: I . STENol [lJiof' I S BLOCKED BY BlOCK I NG A I R TO lHE 11M' VAI...VES AND VENT I NG I lHE wI APHR~

• THE REIJ..tiOANT LDG I C WTPUT lPERATES 2 S0LEN0 I D VENT i

I VAlVES IN SER I ES TO RElX.NDANTLY I NTERlOCK THE A I R ll NE BETI'IEEN EAO!

                                                                                                                                                                                                                                                                                                                   \1 Al VE 0 I APHF!AGI AND I TS AS SOC I ATED POS 1T I ~ER. THE NCJI. REIUIDANT I                              LOGIC WTP\JT lPERATES OOE SOLENOID VENT VALVE TO INTERLOCK THE AIR .

I L I NE BE1l'IEEN EAO! VALVE DI APHF!AGI AND I TS AS SOC I ATED P0S IT I ONER _ lHE SOLENOID VALVES ARE DE-ENERGIZED TO VENT, CAUSING lHE MAIN 11M' v.&I...\IE

                                                                                                                                                ~                                                                                                                                  I                               TO Q..OSE I N F I \IE SECCNOS . EITHER OF THE TW 0 REDUNDANT BLOCK SIGNA I             I                               OR THE NON*RE~T BLOCK SIGN.O.l WILL Bt.OO. STEAM DUMP INDEFEMDOIT OF
                                                                                                                                                                                                                                          ~6 6 THE OTHERS.

I I I 2 . CI RCU I TRY CN TH I S SHEET I S '(IT REIUilAHT EXCEPT JII£RE Hll I CATED REOJtt:JNIT.

3. 5aECTOR SW I Tai WI TH Tl£ FOLLOW I NG 3 POS Ill OOS :

CN

• STEAM !lM' IS PRM I TTEO.

BYPASS - T A\IG I NTERUJCK IS BYPASSED F"OR LO* L0 T AVG. SPRING RETURN TO ~ POSITICN. OFF - STEAM CUP I S NOT PERM I nED AND RESEr T A\IG BYPASS . L---+- __ THE REWNDANT IIITE~ SELECTOR SWITCH CCNSISTS OF T1110 CQiTIQ.S ~ j -

                                                                                                                                                                                                                                                                                 .J THE CCNTRa. IIOARIJ, IN: FOR EAO! TRA I N*

I

                                                                                                                                                                                                                                                                    +---@
                                                                                                                                                                           ------ ----- - ----1----                                                                  I                                                                                      BY      t~N.E.S.                                                                     BY    @ N.[.S,                                                  4. THE T1IIO ANAl..OC SI GNAl I HPUTS CQot IN; FIDI TURBINE PRESSUIE !oUST COl£ r                                                                                                                                                  FI'Ot Dl FFERENT PRESSURE TAPS TO IEET Tl£ S IHGI.E FA llliRE CfllrERI~.
                ~                                                                                                               r--- -

SY OT\IER'S 5. THE CCNDENSER AVA ll.ABLE SIGNAL LOGIC IS TYPICAL., 1 ACTllAl IK'!.DENTATI CN MAY BE DIFFERENT.

---

=----.t..SJ"*** -E..-s..

-_ 8Y OTI-lEil"' r------~ ~

                                      .-.---                                                        ~

___ _j . '

                                                                                                                                                                                                                                          ~~~~A~l ~t ~':lfC:l'\l~~~l~~<.pRO-,

6. 7* ALL TEM'ERA lUlE B I STABLES ~ TN IS SfEET AND TUR!III£ 114'll.SE CHAMBER PRESSLJlE BISTABLES "' PB-447A AND PB-447!1 o\RE "ENERGIZE TO ACTUATE". ll GHTS SlfJlJ...O liE PR0\1 IDEO I N THE CCNTRa.. RCXJo1 FOR EACH 1XM' VAL.\IE TO S!E'.t*M VAL.VES MOD\.Jl.AiED 0$=£~ Ofii2: INO I CATE WI£N THE VAL \IE I S FLU.Y CLOSED ()l FUlLY OPEN

• BLOCK STM. DUMP BLOCK STM. Dl!MP TC I BLOCK STM. Dll~P BLOC!( STM. DUMP m1P OPEN lfo<1 ~u:> OP!i:N 1/.t:J, ~o:> OPEN 1/~

                                                                                                                                                                                             <::o>JOEfoJ Sii.IO
                                                                                                                                                                                                                       ~P Of'EN I!~

C O>J CEON"'ii. Q.

                                                                                                                                                                                                                                           &~~~D C<O~ (ZE~ "10 ~LL OPEN )                                   8*    THE STEAM ll NE PRESSURE SI GNAL OR I G IN loi.JST liE 0 I FFERENT FIDI lHAT TO COOLDOWN       ~Ll CDNDE>>SER                TO CONDENSER             TO CONE.NSE.R                  ~~                            coNDE~ER                                                                 o

• 2SOk PCV*IO!OA,B,C, TC\1 -IOIDH, L ~ I CH I S USED FOO THE STEAtol...ll£ PRESSURE PROTECT I ON Sl G.N ALS COt.IDENSER 011,1\P VAlYES EWXNCEPT I llUM~ VALVES DUMP VALVES D"""""' VALVES DUMP VAL'II!S DUMP VA.L'iE.S DUMP VAL\IE.S 25 *50'!: TC\1-IOO.O.E.M}' SfiOl'tl ~ 9iEEr 7 TO MEET THE SI NGLE FA I Ll!RE CR ITER I ON
• DU lf.P VALVES THE. COOLOO TCV-IOGH,L, ll,E ,M,P TCV *IOOA,B, ~.K.Q, PCV- I O(C A, B, C TC\1-I~D.E ,M, P TC'I-1 OG~ ,B.~ ,K ,Q TCV -1 O(OC,G.,J, N 50*75"1 TC\1-IOlDA,B,~.K.Q PCV-IOGA,B,C DUMP VI'.LVES PCV-IOGA, B,C C,C..,J, N TC\1-10(0 11, L l5 *100% TCV*IOC.C, G,J,N (NOTE. I') (NOTE I)

(NOTE 7) REDUNDANT FIGURE 7.3-15 FUNCTIONAL DIAGRAM STEAM DUMP CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 14 PRESSURIZER LEVEL CHANNELS PRE':>SURIZf.R CHARGING PRE':>SURt. (IIANNtLS (I) PUMP T STATION I I I MEDIAN,. AVG AUX. F.P. 0+------------~ i I J.I (51.1EET9) STATION  : - - - - - - - - - - ~---- j II CD----~  : APJU6TASLe NO ***c ,.-. 1 1  : r-- - - -r--- - - --1 G I I 1 I t----@ Aux. l'.P. L---~----;_,-rr~~~T:~:oLL!It ~I t 1  ;~--- +--- __1 : I ,.TATION

                                                                                                                '                                                                                       I ... ,                   r'1 I I

I 11: :11 I

                                                                                                                       ~~!;!AM                                                                        ,.b,$,6                    Pi}PI I

I COIJTRCX.LER ~------...§.-------j' I i',_ -~"-

• ADJUSTABLE PRESSURE '-------

                                                                                                                ' L REF         ___ __._____'             - L:      + -------                        _ __J LEvEL CHtlNNEL L_ - -              - -  - - REFERENCE                                                                                                                                   ( SELECTOR SWITCH           1 I                                               SETPOINT WITHIN                                                                                    (L-L~>.o)                                I
                              ..(R2)                                                                                                                                                                          (POSITION 2. NORMA.LL '(

y I (P-<>R~i:l') CONTROLLER ~---, I SELECTEOJ  :

~-r-- ~-----                             K (<*~*r s)                                                                                                  ~~~~                               I                                             I I

~L~s~;""' ~--~-! ~ I s

                                                                                                                                                                                                                                       ~--

I 11_ 4~~L.. I r-+---@+~~N:'E ?1 ALL ORifiCE ISOLATION VALVES CLOSED PORV PRESSURE PORV PRESSURE RELIEF SIGNAL RELIEF SIGNAL llZJG TO PCV- 466 PCV- 4!5!SO SIGNAL TO I PCV-4!5!SC (SHEET 17) (SHEET 18) SPRAY CONTROLLER CLOSE I FIG. 7.3-66 I FIG. 7.3-66 ALL ORIFICE 1&(0 I K0 I I SOLATION VALVES ("o"Ta "') I I TOTURNON TO VARIABLE I  ! MODULATE I MODULATE CHARGING TO TURN ON TO HEATER ALL BACK UP HEATER SPRAY SPRAY FLOW ALL BACK UP INTERLOCK HEATERS CONTROL VALVE"'I VALVE"' 2 CONTROL HEATERS (BLOCK ALL (SHEET 12) SIGNAL PCV-444 C PCV-4440 (SHEET 12) EXCEPT LOCAL (SHEET 12) (NOTE 5) (NOTE 5) C'ONTROL) (SHEET 12) THIS FIGURE SUPERSEDES FIGURE OF THE SAME NUMBER REV. 10

l. ALL CIRC!_I[TS ON THIS SHEET ARE NOT REDUNDANT.

2. LOCAL CONTROL OvE.;RIDES ALL OTHER SIGNALS. LOCAL OIIERRlDE ACTUATES ALARtv'. IN CONTROL ROOM.

FiGURE 7.3-16 PB-444!" AND PS-444A AND LEVEl 2 ~RE 'ENERGIZE -:-o ACTUATE'. 8I'STABLES FUNCTIONAL DIAGRAM PRESSURIZER PRESSURE

                                                                                                                                                                                                                                  & LEVEL CONTROL SF RAY                                                                                                                          (2001.409~001~027 REV. Jl BEAVER VALLEY POWER STATION - UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

AUTOt.IATIC HEATER TURN-ON VARIABLE t<EATER COt.! PE NSATED REMOTE CONTROL STATION REt.IOTE CONTROL STATION , HEATER INTERLOCK ON-OFF STATION PRESSURE FO~ GROUP D HEATERS REt.IOTE CONTROL STATION

                                                                                                                                                                                 ° FOR GROUP B HEATERS LOW PR E5SU RE HIGH LEVEL DEVIATION                               LOW LEVEL FROM (CONTROL SOARD)              DEVIATION      (CO 7 ROL BOA RO}

FOR GROUPA HEATERS (CONTROL BOAR D) "ONTROL BOAR D) FROM PB-444 F FROM LB-459 D LB 459 C & LB 46 C ( 'i ELECToR SW 1TCHJ (SHEET II) (SE.. c ' T'l R SW lTC H ( ) (SELECTOR SWITCH) (SHEET rl) (SHEET II) (SHEET 11) I ~a~* AUTO 0"1 ! I [$] I I I I I I j (HOTE Z)

                                                                                                             '.PC. II.. I.. CON'1'RO\.. ,"T..._"T ION
                                                                                                              ~OR        GROUP 1!o HE_,O..~E.~

(<a.lO.LEC.""'"OR '5W 1'1'C.H'E.1io) sv BY OTHERS TURNOFF GRO U R A (NOTE 2& 4) TURN ON GROUP A TURN OFF GROUP 9 (NOTE 2 &. 4~ TURN ON GROUP B TURNOFF GROUP C HEATERS TURN ON GROUP C HEATERS VARIABLE CONTROL SIGNAL TURN OFF GROUP D (NOTE 4) GROUP D TURN ON TURN OFF GROUP E (NOTE 4) TURN ON G~P E HEATERS HEATERS HEATERS HEATERS

• HEATERS HEATERS HEATERS HEATERS FOR GROUP C HEATERS t<liTS:

I* ALL C I RCU I TS at TH IS SHEET .t.RE t()T REO..N:IANT

• 3. T>£ ~R OF BACKUP foE ATER GI10UPS I S Ti'P I CAl. . AC~ '"'-MIER Of 2* GID.J' ~ ANl GID.J' S fV. TERS ~T BE at SEPARATE VI TAI.. f'OWER SUPPL IES GIUPS ~ Y 0 I FFER OEPENJ I NG OH ELEC TR I CAl. lDAIJ I NG REOJ I REM EN TS .

         ~~tf:~~TH~ SEP.W.TED SO TH.t.T N1Y Sl~ F~IUJ'lE OOES                                  4. BACKI.I' H~ TER STULS I NO I CUI ON IN CONTRQ ~.

FIGURE 7.3-17 FUNCTIONAL DIAGRAM PRESSURIZER HEATER CONTROL BEAVER VALLEY POWER STAT ION-UN IT 2 FINAL SAFETY ANALYSIS REPORT

STEAM GENERATOR 1f I STEAM GENERATOR lf2 STEAM GENERATOR II 3 REV. 9 C96l t---0 I TRIP l!o...LL FE£ DWA..Te.R. I PUMP 'it I I I (NO!E.5t(J I I

                                                                                                                                                                                                     ...I --<!J I

NOTES: I. ANALOG GATE CON 51ST S OF .ONE SCUNOID t--- +----@ VENT VALVE INTER LOCKlN5 If£ AIR LINE BETWEEN EACH VALVE DIAPH RAG t.! AND ITS ASSOCI ATEO POSIJKlNER. I THE SOLEfiOIDVALVE IS DE-ENERGIZED TOVENT CAUSING

.ltE.FEEDWATER VAL\' E T 0 CLOSE IN Fl YE SECONDS.                                                                                                       I

2. ALL ClRCUHS ON THIS SHEET ARE NOT A EDUN DANT, EXCEPT WHERE lNDICATED "REDUNDANT".

J. OPEN/SHUT INDICATION FOR EACH FEEDWATER VALVE JN CONTROL fi:(I()M.

4. THE M A.N UAL RESET CONSISTS 0 F ONE MOMENTA RY GO NTROL ON THE CONTROL BOARD.

5. TRIPPING OF FEEDWATE-R PUMPS CAUSES CLOSU A E Of ,!!..SSOCIATED PUMP DISCHARG-E VAl liES.

6. THE' FEEDWATER PUMPS AND PUMP DISCHARGE VALVES AAE SUPPliED BY OTH'ERS.

7, TH£ 'STEAM G£\IERATOR LEVEL SIGNAL US EO F 0 G' FE E~AfEIR CCNH'O L IS T-HE M':D LAN (M I DOLE ~ SIGNAl FOR THE THA.EE LEVEt CH.r..NNEL'S. I t I I I MODULA"T£ MODUU\TE. MOOU\;;ATt FE.E.DWATE. R

                                                                                                                                              ~<~ODUL,I>..i"l:;                               MODULATE f££DWA TE.R                                      fE.E.OwATE.R                                                  FU.OWA"T"-tt MA.I~ VA.L'{E    BYPA5S VALVE.                   MJ>..\N VAlVE. FE.E.OWA.T E.A.

(Ft.~ -4:1'78) (BY Oi"'E.Iii':::o) i=C"-486 BYP"'S'D 'IA~\fii. BYPASS V"Wt. (l!oY 0"1"\.IUi'i.) (e.Y d'Tioi1!:.A._) (N~'!o) (NOTE..~) <~-~~~)

                                                                                                                                                   \.NOTE~)                                   (W 0'1"15. !l)

FIGURE 7. 3-18 FUNCTIONAL DIAGRAM FEEDWATER CONTROL fA ISOLATION BEAVER VALLEY POWER STATION uPDATED FINAL SAFETY ANALYSIS REPORT

REV? 5TEI\M Gerve"P.To.ct 1 <;;TEAM GENERATOR 2 STEAM G6NERATOR 3 ~~ 01" PC¥1'E.R -;.l<iNI>..\o, S,i..I'Ei'r' I N~'EC.T\ON 2/' LOW \.OW LE.VEI.. 2/3 lOW LOW ~VE\..

                        'SIGNA..\..

Z/3 LOw LOW LEV i:L- ( .<;/' WMOE.R\'OI..""A..Go e..} (.S>IE'E.,- 8) (SHEET 1) (SH&ET 7) (SHEE.T 7) (.OS.I-lE.E..,.. 5) FIG.7.3-53 @r-- ~FIG,CJ-19 r------SAFETY I~JECTICN(SHEET 8) ______s_Y----jl-@-N. E._s_.- - - - - N.. E.S.

                                                                                                                                                                                                          -                                                                                                                                 BY     @IU .. S ..

OTI-\EI'I.<;, TRIP 0~ !""-"'IN f'E.EC PL..d"\PS ISY O"'T"HERS BY O"'T"H'IO,RS FP*i FP-2 (

                                                                                                                                                                                                                                                       , . . . . . - - - - - - - - AU:ro START AIVSAC (NOTE 12)
                                                                                                                                                                                                                                                         , - - - - - - - MpjNlJAL START AUTO-STAr:- T AM SAC ( NCTE 1 2 ) - - - - - - - - - - - - - - ,                                                                                                                                                                                                                     COJNTROL ROOM
                                                                                                 ~T   REIJYND.O..WT                                          BY       OTHE..I"'.':>                              I<OT~fiD.O..><'T
                                                                                                                -     ----........                                         -                                  /                                                                    M~NUAL START
                                                                                                                                                                                                                                                           . - - - - - - - LOCAL (NOT~ 2~ 3)

BLACKOUT SIGNAL~ M4NUAL STOP BLACKOUT . . . . - - - - CONTROL ROOM (NOT<;: 4) T MAIVUAL CONTROL MANUAL CONTROL MA"--UAL CONTROl. SEQUENCE ~

               """'L                                                                           COI\ITROL ROOM                             COIUTROL ROOM                                                                                                                            M~'-lUAl 5TOP
                                                                                                                                                                                                                                                                      , - - - - LOO:A L (NOTE e $ 3) t I           (lllOTE 7)                                  (NOT£ 7)                                  COt.IT"ROl ROOM
                                                       ~-------,

l 1 ~ I *' MANUAL CONTROL MANliAL CONTROl MANUAL COtJTROl ooj-e:s I. TilA IN A CONTROLS MAFP I :BREAKER NU '-1 B ER. lOCAL. LOCAL. LOCAL (NOT'C.9) TRA I N B aJN TROLS 1-!AFP ~ : 8REAKER N U ~ 8 E R.. (NOTES 2$7) (I\IOTES2~7) (lllOT E. ZJ 2. LOCAL COOTRQ OVERR I DES All OTHER SI GNALS . t:-- i I l @;---+---0 C. .. R ..

                                                                                                                                                                                                      ~
                                                                                                                                                                                                      ~       LOCI>.\..

3* 4. LOCAL OVERR I DE ACTUATES ALARM IN C!l-ITROL ROOM

• MN<UAL STOP 0 \'ERR I DES THE AUTCMAT I C START.

MIINUAL STA Rl'; CONTROl.. ROOM(IJOT£5}-----------,

                                                                                      !        MOTOR DRI VE.J\1                           TURBINE DRIVE.t.l                                                                                                                              MANUAL ST0° OVERR I CE ACTUATES ALARM I N CON TRU.. ROCM .

MAr.JUAL START, lOCAL(NOTES 2,3¢8) AUX. FEED PliMP AUX .. FEED PIJMP TURBINE. Sf'C.E..C I 5. OPEN/!iiUT INCICATI!l-l IN CONTROL ROCJ-1. I FEED VALVES S"iSTEM VALVES 6. MOlOR OPERA T I NG Ll GHTS I N CONTRa.. ROGL MANUAL STOP, CONTROL ROOM(N07tS41f9)-------, M!\NUA L STOP, LOCAl.. (NOT E.S 2,3 ~ 8) I (NOT!: 5) (lliOTE 5) CON TAO\..

                                                                                                                                                                                                                   -       _j                                                       7.:

8. INOIVI CUAL fOR EACH VAL \'E. INOIVIOUAL FOR EACH ~P.

                                                          ""~

9* THE TLRB I NE SFEEC ~TOOL I S TYP I CAL . ACTUAL I t-f'LEMENT AT I 00

                                                                                                                                                                                                                                                                  ~TOP lolA Y NOT I NQ.UJE SFE£0 CONTROL ..

THE f'I.M' START MAY BE DELAYED AND SE QJENCED I F THE B-1ERGENCY FIG. 7.3-54 D 1ESEL P!li'IER CAPAS Ill TY IS LESS THAN THE TOTAL LOAD WITH All SYS-

                                                                           "'"'                                                                                                                                                        ST*eT                                             TB-15 STARTING. THE TIME DELAY. IF USED. MAY NOT EXCEED THE MAX 1-(fldiE  I!) r---'-T-U_R_B_I_"-l_E.L.----,             ioi.IM START I NG T I ME REQU I REMENTS FOR TH I S SYSTEM .

MOTOR I:JRJVEN (NOTES 10~11) C:l...O$E aU)WQOWN 1I . THE PLM' STAll T '"'-.1ST BE SEALED I N ( LATa*IED J, SO THAT LOSS OF 11-1 ~ AUX. FEED PUMPS l~OL..A.,-ION -"'-NO ~Pl..!. ORIY£1\1 ACTUAT I ON S I GNAL WILL lilT CAUSE THE PLJ-IP TO STOI' .. I ~2 l...IN'i V...._LV!.$ 12.~UTO START FROM AM SAC SYSTEM (NOTES I ~6) FO'IIt. ..._1...1... ~T~ GENEAA'TO~ FIGURE 7. 3-19 FUNCTIONAL DIAGRAM -AUXILIARY FEEDWATER PUMPS STARTUP BEAVER VALLEY POWER STATION -UNIT 2 FINAL SAFETY ANALYSIS REPORT

                               ~g1.)

av BY I ..~.s. OTHE~ TURBINE POWER TURBINE FIRST STAGE OlAMBER PRESSURE P*ll T~R&IN& TMRUST TO P-7 KARKG f.-.LUAE tsH&a.T4) I I 1 R£DuNDANT / l'Uit.. Na 1'fVN8.4111Ctc v..- .*\.DAD IIII.P'UtS:NCI. NT c-a C*4 OVUtTlM..UT""& OV&.. NW&It loTI&<!~) t.*CIIs> (lllti£Ta) llltU' I. 1IEa 1.-.. IIBIQTE H G.Giu* Ill' 'DE 111P

                                                                                                                                                                                 - . . . . ...TKIIIE'IICTtal II ACCDft.l. . aY I *11DB Pill S'ftP WUI, DC mt 1101 TMNI.

M LaiC . . . . II Jill

• IV M..VIS. 1H1 AC1WL 11ME1t ar mP WLVIS JaY. DIFPEMHT, I. ~==-~v='.:a.:=f'~:.

I, M . . . . DIIN1QIIN8 IS

                                                                                                                                                                                                                     '""CM..

UIII.DIJft'ATiat _., IGT tta..UilE JINOlt MnU1L 01..-rotttG.

4. CPEWSIUT INDICATICJI 1411 c:oma. IIXM.

IIi,* GliNEM.ltlll IGI'OIHHG PROTGn!* SHa.LD fiJT rEFEAT 1HE JQ IEC, tELA't'. I. SlD IEGJIIEI lHl 3D SEC. TillE DELAY TO BE M* 1 IIIOEjT~'"[I"'!£jr!;*~~1GTO£~iic:Osr=.n:JH3;:!~

                                                                                                                                                                                                                 *tRED SO 'TK'T EITIER IIIU.

TOR *TRIP. *

1. AUlO TRIP FlDM AM SAC SYSTEM I'll. 7.3-14

                      'F"A'!.T         TO               ICI--F=::;t.-.0)
                    ~XIUA.RY        6ENIPtATO"      TO flt&AC:TOflt Tfltt~

aus TRIP (6M!t&T Z) TftANSFE.R REDUNDANT I FIGURE 7.3-20 FUNCTIONAL DIAGRAM TURBINE TRIP, RUNBACKS & OTHER SIGNALS (2001.409-001-031, REV. M) BEAVER VALLEY POWER STATION UNIT No. 2

'                                                                                                                                                             UPDATED FINAL SAFETY ANALYSIS REPORT
~----~:~-~------~~~!~~----------------------------------------------------------------------------------------------------------------------------------------------------------------------'

REV 14 LOOP I LOOP 2 LOOP 3

                                                                                                                       ~-

BYPASS RELIEF COLO LEG LOOP ~-0,--L-EG~LO~D~P---~~RE~L~IE~F~~~~~==~ ~r*-LE_G_L_OOp----;::BY:;;P::A;:;SS::"--::::-::::--:CC:O-:LD~LE;:;Gc-L:-;OC:O;:"P---... VALVE LINE STOP VALVE STOP VALVE VALVE UNE STOP VALVE VALVE STOP VALVE FLo*.t SELECTOR SWITCH SELECTOR SWITCH FLOW SELECTOR SW[TCH SELECTOR SWITCH NOTES: 1 lH£ E~CLOSED (!RCU!T Ml:.ET? THE PROTECTION REOu.-.OA"JCY REGUIREMEN 7 BY

  .. COHBiN!NG SIGNALS FROM To.JE HOT AND COLD LEG.

2. PQS!T!ON OETECT!Qr~ FOR HOT LEG AND COLD LEG STOP_ VALVES IS BY 2

      !NOEPENQ[Nf LJM[T SWiTCHES FOR EAC>-1 VALVE, 1 FOR t:ACH TRA!N.PUS!TlON JETECTIQN FOR LOOP BYPASS VALVES IS NOT CONNECTED TO TRAIN 8 DUR!~iG "100ES 1-4.

3. S!Gt~ALS ARE REGIJIREO IN BOTH TRAINS BEFORE THE ACTUATION IS PERMiTTED.

4, L..OSS 1)F SIGNAL TO THE T!t-~E DELAY Wlll CAUSE THE TIMER TO RESET TO THE BEG!"lN[NG OF T!-JE: SYCLE:_. 5., LOW )fTECTlO"l FOR EACH LJOP IS BY 2 !*~DEPE"'OENT SWITCHES. 1 FOR EACH -:-"lAIN.

6. All BIS 7 A8LES ON THIS SHEET ARE' ENERG!ZE TO ACTUAiE'.

7. OPEN/SriLT !NO:CATION IN CONTROL RQQI-1.

3. TWO PE.:;H;SS!~<E STATUS LIGHTS ARE CONNECTED TO THIS C!RCUiT.!N*:::J!V:OUA~ FJR t.:.CH -R~lN.

                                                                                                                                                                                                                                                ~

v NOT REDUNDANT ' NOT REDUNDANT PERMIT START PERMIT START OF LOOP 2 OF LOOP 3 REACTOR COOLANT REACTOR COOLANT PUMP PUMP THIS UFSAR FIGURE SUPERSEDES FIGURE OF SAME NUMBER, REV. 1 FIGURE 7.3-21 FUNCTIONAL DIAGRAM LOOP STOP VALVE LOGIC (2001.409-032, REV. J) BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV. 4 WIDE RANGE RC.S TEMPERATURE II:II:ll: {NOTE ;<~5) WIDE RA;.H,~ RC.S PRESSURE {NOTE 4) ITI PCV-455C BLOCK VALVE TRAIN 'E:I" RCS COLD I PORV 1- 800C8 C.ONTP.Ol SWITCH OV~ R?RESSURE Mi'tl GATION I COl*~ TP.OL SWI TO-I (ON MCil) PRESS. RELIEF PRESS'JRIZER (ON MCB) ACTUATIQN(ONMCB) I I SIGNAL PRESS. REUEF I ... --~---...., 1'~,~1 l (SHEET II} INTLK SIGNAL (NOTE l) (SHEE'F6)* j ' L----~---- I (NOTE 3) OPEN BLOCK VALVE l* 800013 (NOTE 10} PC.V-455C (NOTE 0:.) NOT~S:

1. THIS'. SIGNAL IS THE OUTPUT FROM BISTABLE PB-444 B. ELECTRICAL ll50ATION IS REQUIRED IN THE TRAIN 'B.' SSPS CABINET /N ORDER TO NNECT THIS SIGNAL TO THE SAFETY GRADE CIRCUITS.

Z. PR ECTION GRADE WIDE RANGE RCS TEMPERATURE SIGNALS FR TRAIN *13* RElATED PROTECTIOI-J SETS.

3. A .UNC:ATION IN THE MAIN CONTROL P.O.OMJ5 REQUIRED TO BE ViSfiL£ TO THE OPERATOR AT THE MAIN CONTROL BOARD.

4. PRgTECTION GRADE WIDE RANGE RG5 PRESSURE SIGNAL FROM TRII!N 'B* R£LAT£0 PROT-ECTIOM SET.

5. TH~ RCS LOOP AND HOT LEG OR COLO l£G A5516NMENTS FOR THE WI E RANGE RCS TEMPERATURE SIGNALS MUST BE CONSISTENT WIT THE REQUIREMENTS FOR PAMS.

6. STA US LIGHTS MUST PROVIDED FOR EACH PORV AND EACH PORV BL CK VALVE. AT THE MAIN CONTROL BOARD TO INDICATE WHEN TH VALVE 15 FULLY CLOSED OR FULLY OPEN.

7. NO E CF THE CIRCUITS ON THIS SHEET ARE REDUNDANT.

FIGURE 7.3-22 FUNCTIONAL DIAGRAM PRESSURIZER PRESSURE11 11 RELIEF SYSTEM {TRAIN 8 ) BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV. 4 WIDE PANG£ RCS PRESSURE (~T1E4) ~-----~ L----v------ BLOCK VALVE TRAIN'A'RCS GCLD I p T5 J PCV-45(. CONTROl SWITCH (ON M::8) PORV Pf\E55URE P.EU EF PAESSURIZEF\ 1-8000A CONTROL SWITCH (ON MCB) DVERP~ESSURE MITIGATIO,<J ACTUATION (O>J MGB)

~T) 4138 5~GNAL PRESSURE RELIEF (SHEET 11) INTU\ SIGNAL

{NOTE 1) (SilEET 0) (NOTE:3)

                                                                                                                                                              §----~5 _f 40 0

t------+1 75 (NOT£ 3) FIG. 7.3-729 BLOCK ""'LVE 1-80()()A (NOTE 6) FIG. 7,3-65 PCVC45<0 (NOTE <0) BLOCK VALVE PCV-4550 1-BOOOC CONTROL SWITCH CONTROL SWITCH (ON MC8) (ONMGB) 1-JOTES:

                                                                                                                                                                                    '* THIS SIGNAL 15 iHE OUTP!JT FROM 815Tl\BLE E'fl 445A, ELECTRICl\L ISOLATION IS REQ!JIRED IN THE TRAIN "A' SSPS GABINET IN ORDER TO CONNECT Tl-115 *SIGNAL TO THE SAFETY GRADE CJACUITS.

2.. PROTECTION GRJioE WIDE RANGE RCS TEMPEAATLAE SIGNALS FROM TRAIN"A" RELATED PROTE!CTION SETS.

3. MJNUNCIATIOt-.1 u.j THE MAIN CONTROl.. ROOM IS REQUIRED TO BE VISIBLE TO THE OPERATOR AT r[HE MAIN 'CONTROL BOARO.

4. PROTECTION 6R~*OE WIDE RANGE RCS PRESSURE SlGNAL FROM TRAIN "A*

RELATED PROT CTION SET.

5. rl-IE. RCS LOOP t-JU H6T LEG OR COLD l£6 ASSIC:>NMENTS FOR THE WIDE R4~E RCS TE!MRATLJAE SIGNAL!t MUST BE CONSISTENT WITH THE REQUIREMENTS Ofl PAMS.

6 STATUS LIGHTS UST *BE PROVIDED FOR EACH PORV AND EACH FQRV ELK. 1/ALV£ AT TilE MAIN fDNTAOL- RO 10 INDICATE WHEN THE WllVE IS FULLY CLOSED OR FULLY OPE/J.

7. NOl-lE OF THE C UITS ON THIS SHEET ARE REDUNDANT OPEN i BLOCK VALVE 1-8000C (NJTE <0)

FIGURE 7. 3-23 FUNCTIONAL DIAGRAM PRESSURIZER PRESSURE 11 11 RELIEF SYSTEM (TRAIN A ) BEAVER VAL LEY POWER STAT I ON-UN IT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SYMBOL LOGIC FUNCTION OESCR IPT IOM SYMBOL LOGIC FUNCTION uESCRIPTION SYMBOL LOGIC FUNCTION DESCRIPTION

    - AND l R - RED 0

A G - GREEN

       ~                                                                        2CWS     INSTRUMENT             2 -UNIT NUMBER                                      INDICATING             A - AMBER B                       ..... AND          ALL INPUTS A, B, AND C ARE c       ~
       ...         r    - D REQUIRED BEFORE PROCEEDING PS21A    SOURCE               CWS - SYSTEM CODE                                     LJGHT                   W-WHITE REFER TO 2BVM-146                                                      B - BLUE 8

TO D. SL - ENGRAVED STATUS LIGHT PS -EQUIPMENT IDENT. L00' REFER TO 2BVM-146 A -ANNUNCIATOR ALARM SEM - SEQUENCE OF EVENTS INPUT ANNUNCIATOR SYMBOLS NUMBERED 8 A 27- UNDERVOLTAGE RELAY B OR OR ANY INPUT A, B, OR C IS IN THE LOWER RIGHT CORNER ARE D ELECTRICAL 33 - POSITION SWITCH COMMON ALARM COMMON TO OTHER ANNUNCIATORS c ~ REQUIRED BEFORE PROCEEDING SOURCE ~2 - MAGNETIC STARTER OR COIITACTOR SIMILAR EQUIPMENT WITH THE SAME HUMBER FOR THAT TO 0. ~9 - MACHINE THERMAL RELAY A SERIES OF LOGIC DIAGRAMS. 52- AC CIRCUIT BREAKER 52H - CELL SWITCH CONTACT-CHANGES COMPUTER STATE WHEN SWITCHGEAR c

       -                                                                                                        CIRCUIT BREAKER IS REMOVED FROM OPERATING POSITION.                                                   L- LEVEL
                                                                                                                                                 § A
                                                                                     )

B ..... 2/3 1 0 COUNTING ANY TWO INPUTS A, B, OR C 7~ - ALARM RELAY F - FLOW c .... I ARE REQUIRED BEFORE PROCEEDING INDICATOR OR P- PRESSURE TO D. CONDITION STATEMENT OF OPERATING STATUS RECORDER AMM - AMMETER l CONTROL DEVICES LOCATIONS CONTROL CS - CONTROL SWTICH I PCP - POST ACCIDENT SAMPLE CONTROL PANEL ABP- AUXILIARY BOILER CONTROL M - AT MOTOR ~~B NOT OUTPUT B EXISTS ONLY WHEN INPUT A DOES NOT EXIST. ACTION PB - PUSHBUTTON SS - SELECTOR SWITCH A& - PANEL I STATION AIR COMPRESSOR Mkk - ~BOV MOTOR CONTROL CENTER lik- ROD DRIVE M-G SET CONTROL PANEL ,; PANEL ASP - ALTERNAtE SHUTDOWN Rtt - SWITCHYARD RELAY HOUSE I PANEL !l.K - RACK I RESULTANT STATEMENT OF FINAL ACTION Atlf- AUXILIAiY HYDROGEN 1 - ~160V SWITCHGEAR CONTROL'PANEL SQf - SHUTDOWN PANEL \

  ...... 0   M                                                                                                                                a-  MAIN CONTROL BOARD                SP - SAMPLE PANEL RETENTIVE    MOMENTARY INPUT A CAUSES                                                                                  BUILDING SERVICE CONTROL         ~ - SEC. SYS. SAMP. PANEL E ~c                                                                                                                          ~-

1-- MEMORY CONTINUOUS OUTPUT C PANEL Shf - SOLID WASTE DISPOSAL 3 .... R M MOMENTARY INPUT B CANCELS CFP - CHEMICAl FEED CONTROL CONTROL PANEL OUTPUT C IF INPUT A ABSENT

                                                                            ~             ALPHABETICAL REFERENCE                                      PANEL                           !YP - TURBINE ROOM VENT PANEL kf - CHLORIN~TION CONTROL             ~ - ~80V SWITCHGEAR TO SAME SHEET                                               PANEL (UNIT 1)                  VPif' - VIBRATION MONITORING PANEL
                                                                                                                                                                                       !k- WATER CHILLER CONTROL PANEL Whr - WASTE NEUTRAliZING CONTROL GAS WASTE CONTROL
                     ~*

T.D. ~fA - PANEL I TIME CONTINUOUS INPUT A PRODUCES PANEL A. {B SIMILAR) ~ - RADIATION MONITORING

                                                                            ~

SEC. DELAY OUTPUT B AFTER DESIGNATED TIME, NUMERICAL REFERENCE ~ - CONTAINMENT INSTRUMENT CAB INET WHEN INPUT IS REMOVED, OUTPUT TO ANOTHER SHEET AIR COMPRESSOR CONTROL IS LOST AND TIME DELAY RESET. PANEL L- LOCAL I

 *~*           SEC.

TIME RETENTION CONTINUOUS INPUT A PRODUCES IMMEDIATE OUTPUT B FOR DESIGNATED RETENTION TIME THEN OUTPUT B IS ~OST. RESET BY i

                                                                                                                                                               ~IGURE LOGIC DIAGRAM 7.3-24 REMOVAL OF INPUT.                                                                                                  DIGITAL SYMBOLS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SYMBOL DESCRIPTION SYMBOL DESCR IPTt ON SYMBOL DESCRIPTION -G- PROPORTIONAL NON-LINEAR OR UNSPECIFIED FUNCTION HAND - AUTOMATIC SELECTOR STATION -G- REVERSE PROPORTIONAL POS ITt VE Bl AS -G- INTEGRAL, RESET NEGATIVE BIAS ADD HAND - AUTOMATIC SELECTOR STATION WITH 81 AS --G- DERIVATIVE, RATE HIGH SELEC Tl NG =LJ- ADD OR TOTALIZE LOW SELECTING K + J (TYPICAL) HAHD - AUTOMATIC SELECTOR STATION WITH SET PO INT ~ Dt FFERENCE HIGH LIMITING ---8-- AVERAGING LOW LIMIT! NG MAHUAL STAT I011 -G-DIG I TAL IN PUT AT UPPER LEFT BLOCK (B~ A) ALLOWS MULTIPLYING INCOMING SIGNAL AT 8 TO TRANSFER TO A. DIG ITAL INPUT AT LOWER LEFT BLOCK {C ~A) ALLOWS INCOMING SIGNAL AT C TO TRANSFER TO A. -G- DIVIDING

                             -B-(TYPICAL)

FOR INPUT/OUTPUT CONVERSION OF THE FOLLOW! NG: E VOLTAGE H HYDRAULIC I CURRENT P PNEII4ATI C A ANALOG D DIGITAL ~ SQUARE ROOT TIME FUNCTION -o- EXPONENTIAL RATE OF CHANGE LIMITER

                                                                                                     ~IGURE   7. 3-25 LOGIC DIAGRAM ANALOG SYMBOLS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

I. GUIDE LIMES TO LOGIC DIAGRAMS 2. MEDIUM VOLTAGE SWITCHGEAR 3. LOW VOLTAGE SWITCHGEAR 5. MOTOR OPERATEO VALVES 1.1 THE PURPOSE OF THE LOGIC DIAGRAMS IS TO RECORD 2. I THE FOLLOWING IS A LISTING OF CONTROLS AND 3. I THE FOLLO~IMG IS A LISTING OF CONTROLS AND i 5.1 UNLESS OTHERWISE NOTED OM THE LOGIC DIAGRAMS, AM UNDERSTANDING OF THE CO~TROL AND 1MSTRUMENTA- MONITORING DEVICES WHICH ARE PROVIDED FOR ALL MOMITQRIMG DEV!CES WHICH ARE PROVIDED FOR LOW All MOTOR OPERATED VALVES WILL, ONCE INITIATED, TID~ PROVISIONS FOR THE INDIVIDUAL EQUIPMENT MEDIUM VOLTAGE SWITCHGEAR BUT ARE MOT SHOWN VOLTAGE SWITCHGEAR BUT ARE !tOT SHOWII ON THE GO FULL TRAVEL UNTIL STOPPED IN FULL-OPEN OR COMPONENTS AMD SYSTEMS OF THE POWER STATION. OM THE LOGIC DIAGRAMS. LOGIC DIAGRAMS. FULL-CLOSED POSITION. WHEN TORQUE SEATING IS THEY ARE, HOWEVER, MOT INTENDED TO SUMMARIZE A. WITH THE BREAKER IN- TEST POSITION, THE MAIM REQUIRED, THE LOGIC DIAGRAM WILL SO STATE. AND SPECIFY THE HARDWARE THAT IS REQUIRED. A. WITH THE BREAKER IN TEST POSITION, THE MAIM DISCONNECTS ~REOPEN AM~ BREAKER CONTROL IS THIS WILL BE SHOWN IN D~TAIL ON FLOW, ELEMENTARY DISCONNECTS ARE OPEN AND BREAKER CONTROL IS AVAILABLE AT THE SWITCHGEAR ONLY. '5.2 IF OM THE LOGIC DIAGRAMS THROTTLING SERVICE AND INSTRUMENT-LOOP DIAGRAMS. AVAILABLE AT THE SWITCHGEAR ONLY. IS REQUIRED FOR A VALVE, THE VALVE TRAVEL B. WITH THE BREAKER IN THE OPERATE POSITION, WILL STOP WHEN THE ~OPEN~ OR "CLOSE" SIGNAL 1.2 LOGIC DIAGRAMS AND SYSTEM DESCRIPTIONS_ARE NOT B. WITH THE BREAKER IN THE OPERATE POSITION, THE BREAKER CAN BE OPERATED ONLY REMOTELY IS REMOVED. INTENDED TO REPLACE EQUIPMENT OPERATING THE BREAKER CAM BE OPERATED ONLY REMOTELY, UNLESS OTHERWISE NOTED. INSTRUCTIONS. UNLESS OTHERWISE NOTED. c.. AUXILIARY CONTACTS LOCATED OM THE BREAKER s.a NORMAL VALVE TRAVEL IS ONLY STOPPED IN AM INTERMEDIATE POSITION BY MOTOR OVERLOAD OR 1.3 ALL ALARMS ARE LOCATED IN THE CONTROL ROOM UNLESS c. STATIONARY CONTACTS LOCATED OM THE BREAKER MECHANISM ARE USED FOR INTERLOCKING PURPOSES. HIGH TORQUE. THE ABOVE CONDITIONS ARE BYPASSED OTHERWISE NOTED. STRUCTURE ARE USED FOR INTERLOCKING PURPOSES, OPERATION OF THE BREAKER IN THE TEST POSITION WHEN CERTAIN VALVES ARE PERFORMING A OPERATION OF THE BREAKER IN THE "TEST" PO- WILL CAUSE THE AUXILIARY CONTACTS TO OPERATE. SAFETY FUNCTION 1.~ THE ELECTRICAL POWER SOURCE FOR CONTROL AHD SITIOM, OR COMPLETE WITHDRAWAL OF THE BREAKER CELL SWITCHES ARE PROVIDED TO PREVENT INAD-INSTRUMENTATION IS NOTED OM ONE LINE DIAGRAMS, WILL NOT CAUSE THESE CONTACTS TO CHANGE VERTEMT OPERATIO~ OF INTERLOCKED EQUIPMENT. 5.4 OPERATION INDICATING L1 GHTS SHOW: ELECTRICAL ELEMENTARY DIAGRAMS, AND INSTRUMENT- STATUS. LOOP DIAGRAMS. D. MECHANICAL TRIP SWITCHES AT THE SWITCHGEAR A. GREEN - VALVE CLOSED D. MECHANICAL TRIP SWITCHES AT THE SWITCHGEAR CAM BE USED TO OPEN THE BREAKER MECHANICALLY. B. RED - VALVE OPEN 1.5 REFER TO LSK-0-IA AND 1B DIGITAL AND ANALOG CAN BE USED TO OPEl THE BREAKER MECHANICALLY. C. RED AND GREEN - VALVE IN AN INTERMEDIATE SYMBOLS. THIS MAY BE NECESSARY IF 125 V DC CONTROL 3.2 OPERATION INDICATING LIGHTS SAME AS FOR MEDIUM POSITION. POWER IS LOST AT THE TRIP CIRCUIT. VOLTAGE SWITCHGEAR, PARAGRAPH 2.2. D. NO Ll GHTS ON - WITH CS IN "PULL TO 1.6 MARK NOS.HAVING AM ASTERISK AND ELECTRICAL 3.S LOW VOLTAGE SWITCHGEAR IS TRIPPED FOLLOWING A LOCK" OR LOSS OF CONTROL POWER. O'IERCODING INDICATE EQUIPMENT REQUIRED 2,2 OPERATION INDICATING LIGHTS LOCATED ON THE MAIM SUSTAINED UNDERVOLTAGE INCIDENT, EXCEPT FOR TO FUNCTION DURING OR AFTER AN ACCIDENT. CONTROL BOARD SHOW: EMERGENCY SWITCHGEAR MOTORS WHICH WILL FOLLOW A. WHITE (NORMAL)- BREAKER OPEN THE EMERGENCY LOADING PROGRAM. THE MECHANICAL FLOW PATH AND ELECTRICAL POWER - BREAKER CLOSED SOURCE AS FOLLOWS: B. RED THIS LIGHT ALSO INDICATES 3.~ OVERCURRENT PROTECTION WILL REQUIRE MANUAL RESET {AD) MECHANICAL FLOW PATH A,ELECT~ POWER SOURCE THAT POWER IS AVAILABLE AT AT THE SWITCHGEAR. ORANGE. (BP) MECHANICAL FLOW PATH B,ELECT.POWER SOURCE THE BREAKER TRIP CIRCUIT. PURPLE. c. WHITE (BRIGHT}- BREAKER OPEN (AUTO TRIP (SG) DEMOTES SPARE,ELECT.POWER SOURCE GREEN COMO IT IOM} ~. LOW VOLTAGE MOTOR CONTROL CENTER (MCC) MOTORS (CAPABLE OF BEING POWERED FROM EITHER D. NO Ll GHTS ON - WITH CONTROL SWITCH IN ~PULL EMERGENCY BUS}. TO LOCK~ OR LOSS OF CONTROL PWR ll.l LOW VOLTAGE MCC MOTORS, ARRANGED FOR MAINTAINED OR BREAKER RACKED OUT START WILL RESTART WHEN POWER IS RESTORED REFER TO 2BVM-12,1MSTRUCTIONS FOR PREPARATION 2,3 MEDIUM VOLTAGE SWITCHGEAR IS TRIPPED FOLLOWING OF FLOW DIAGRAMS. FOLLOWING AN UNDERVOLTAGE INCIDENT. A SUSTAINED UMDERVOLTAGE INCIDENT, EXCEPT FOR EMERGENCY SWITCHGEAR MOTORS WHICH ARE TRIPPED WILL ~.2 START SIGNAL WILL BE MOMENTARY UNLESS OTHERWISE 1.7 WITH REGUARD TO EQUIPMENT CAPABLE OF CONTROL FOLLOW THE EMERGENCY LOAOI NG PROGRAM. FROM THE CONTROL ROOM {B) ALTERNATE SHUTDOWN PANEL NOTED. {ASP) OR THE SHUTDOWN PANEL (SOP), IND!CAT ING 2.11 MEDIUM VOLTAGE SWITCHGEAR WITH AM AUTO START THERMAL OVERLOAD PROTECTION TRIPS WILL REQUIRE

                                                                                                                          ~.9 LIGHTS ON THE SOP WILL BE ACTUATED                         FEATURE WILL HAVE A MANUALLY RESET LOCKOUT RELAY,            MANUAL RESET AT MCC.

ONLY WHEN CONTROL IS AT THE SOP, LOCATED AT THE SWITCHGEAR, OPERATED BY BREAKER INDICATING LIGHTS IN THE OVERCURREMT OR GROUND CONDITIONS. OPERATION INDICATING LIGHTS SHOW: CONTROL ROOM WILL BE ACTUATED ONLY ~-~ WHEN CONTROL IS AT THE CONTROL ROOM, AND A. GREEN- MAGNETIC STARTER DE-E~ERGIZED INDlCAT!NG LIGHTS ON THE ASP WILL BE ACTUATED ONLY B. RED - MAGNETIC STARTER ENERGIZED WHEN CONTROL IS AT THE ASP.

c. NO LIGHTS ON -WITH CS IN *PULL TO LOCK* OR LOSS OF CONTROL POWER.

FiGURE 7. 3-26

                                                                                                                                                                                   ~OGIC DIAGRAM GENERAL NOTES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 7 MCIU TOR COIIO!TI OM CONTROL ACTION RESULTANT r<<<MITOif FEEOWATER TO STEAM GENERATOR 2R~SG21 A FLOW B SS. MAl NT.\ I NED)

                                                                                                              .------.....-----f"JJ STM;GIM.

2RC*GlU FEEDWATEfl FLOW SIGNAL I

         ~9SQ FEtD WATER FLCW CHANNEL 3 FEEDWATER TO SJEAM GENERATOR 2RC~G21A FLOW RC~G21A 2RC~G21A                                                                     1------{11   STE1iM GENERATOR                      FIG. 7.3-28
                                              \_STEAM GENERATOR                                                                            FLOW ERROR SIGNAL STEAM FLOW F(X) 2RC~G21A SS (MAINTAIKED)

STEAM GEMER!TOR STEAM FLOW STEAM PRESSURE 2RC$Q21A (H.Il,NNEL 3 r:-----~ ----~:. STM.uEHERATOit_ STEA!-4 2RC~G2lA SS (MAINTAINED) ,FLOW (PRESS.COMPEN.) .B: STE GENERATOR SfEAIA FLOW STEAM PRESSURE CHAt\INEL 4 2RCS*SG21A STEAM GENERATOR STEAM PRESSUR 2RC~G21A STEAM GENERATOR STEAM FLOW STEAM FLOW> FEEOWATER FLOW LOOP *

                                              \,   {CHANNEL 3)                               STEAM FLOW)

FEEDWATER FLOW STEAM FLOW> I FEEOWATER FLOW {CHANNEL 4) FEEDWATER FLOW

                                                 ) STEAM FLOW FEEDWATER FLOW
                                                 .) STEAM FLOW MOTES: 1. LOGIC FOR LOOP 21 SHOWN,                                                                                                           FIGURE 7. 3-27 LOGIC FO~ LOOI'S 22 00 23 SlM I LAR, LOGIC DIAGRAM

2. # BY WESTINGHOUSE.

MAIN FEEDWATER CONTROL

3. LOGIC fOR 2M5S-P1475F ON LOOP 21 FOR ALTERNATE SHUTDOWN PANEL SHOWN.

LOG !C FOR 2M S5- P!485F ON LOOP 22 FOR All ERN ATE SHUTDOWN PANEL S 1M ll.AR. BEAVER VALLEY POWER STATION-UNIT 2

4. STEAM FLOW>FEEDWtHER FLOW IS A RESULT OF A COMPUTER CAl..CULATlQN FINAL SAFETY ANALYSIS REPORT BASED ON STEAM FLOW, STEAMLINE PRESSURE, AND FEEOWATER FLOW.

No. 10080-LSK-5-48 1 2 3 4 5 6 7 8 SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR LSK-11-140 10 TURBINE FIRST A STAGE PRESSURE A 2MSS-20 SS CMAINTAINEDl B c TURBINE FIRST STAGE>---. A B PRESS.CHANNEL 3 B 8 ,. A A STEAM GENERATOR LSK-5-13F r---~ T r------------------ { F<Xl } F<Tl PROGRAMMED LEVEL C 1\111 A SETPOINT SS <MAINTAINEDl 2MSS- TURBINE FIRST STAGE PRESS.CHANNEL 4

                                                                                                                                                                                                                >-~-~

c LEAD/LAG 2FWS-B NOTE 3 LI478 2MSS- B TURBINE FIRST B PT447 STAGE PRESSURE

                        <ZYl 21
                         -      LSK-5-4A LSK 13F 2RCS-SG21A B               (    1                                                                                                        STEAM GENERATOR FLOW ERROR SIGNAL                                                                                                                                                                                                                                                                                    B
                                                                                                                                                                                                                                                                    ~---*             K +   f                           H/A            FEEDWATER VALVE                                    1---------~              2   I  LSK-5-4C STEAM GENERATOR                                                                                                                                                                                     CONTROL SIGNAL r   A                                                                                                         PROGRAMMED LEVEL SETPOINT                                                                                                                                                                        '------~B 4         LSK-5-4G c                                                                                                                 MEDIAN
                                                                                                                                                                                                                             ~----*         K +j PAM I                                        --SELECTOR BYPASS FEEDWATER t

2FWS-L T474 - - - - - - - MODULE

                                                                                                                                                                  ...                                                                                                                                                                  VALVE CONTROL                                      !--------~               5   ) LSK-5-40
                                                                                                                                                                                                                                                                                                                                     , SIGNAL 2FWS-                       2FWS-                 2FWS-LT475 F<Yl FR478                       LI476 2FWS-                                                                         B                <AOl B 2RCS-SG21A LT476                                                                                                       STEAM GENERATOR c                  <ABl                                                                                                       WATER LEVEL                                           LEAD/LAG                                                      2/3 r-----~-------*

c 7 LSK-5-4G STEAM ( / ~ TRAIN A GENERATOR y

• OR }1---------j ANY STEAM GEN 1---------.( 17 ) LSK-5-4F 2FWS- 21B I " ..____, 213 HI -HI LEVEL f----*

NOTE 4 s LI477 F 14 ) LSK-5-4G ASP 2RCS-SG21A 2FWS- STEAM STEAM GENERATOR GENERATOR ~ STM GEN A LT477F WATER LEVEL A/D 1------@11-----------------------1 21C HI-HI LEVEL PAM II TURBINE TRIP A

                                                                 /                                                  2FWS-                                                                                                                                                                                                                                                                                       B C ~                 ..._4___. l LSK-5-4G                       LI475                                                                             ~         15    LSK-5-4G
                                                                                                                      <BPl r-.1-------*

2FWS- B 2RCS-SG21A LT475 STEAM GENERATOR A/0 r-~~----------------~~-* 2/3 SEM CAWl WATER LEVEL c D PAM I 0 LSK-5-4G 2FWS-4 ) LSK-5-4G c LI474 16 LSK-5-4G

                                                                                                                      <AOl t---.1-------*

2FWS- B 2RCS-SG21A STEAM ( / TRAIN B LT474 STEAM GENERATOR A/0 r-~--------------~~ GENERATOR~ 218 ) - OR ANY STEAM GENERATOR f------.( 3 CAR> WATER LEVEL 2/3 HI-HI LEVEL LSK-5-4C SEM / NOTES:

1. " BY WESTINGHOUSE.

                                                                                                                                                               -.{'l c                                                          2.       LOGIC FOR LOOP 21 SHOWN, LOGIC FOR LOOP 22 AND LOOP 23 SIMILAR.
                                                                                                                                                                                                                                                           ~~~~~A TOR ("--1--
                                                                                                                                                                                                                                                        ~ 21C            J --

2FWS- STEAM GENERATOR 21A 3. SWITCH COMMON TO ALL LOOPS. LEVEL DEVIATION. LSK-5-4G 4. LOGIC FOR 2FWS-LI477F ON LOOP 21 FOR ALTERNATE SHUTDOWN PANEL SHOWN, LS478D FROM SETPOINT LOGIC FOR 2FWS-LI487F ON LOOP 22 FOR ALTERNATE SHUTDOWN PANEL SIMILAR. STM GEN A LEVEL 5* g~tn~g FINALIZED FLUID sYsTEM

                                                                                                                   ~g~~1~~N  FROM                                         ~:       ALL ASTERISKS (*)HAVE BEEN REPLACED BY DASHES.REFER TO THE ASSET                                                                                                                     UFSAR                    FIGURE          7.

• 3 - 28 E EQUIPMENT LIST CAEU AS THE OFFICIAL LISTING OF ANY ASSET'S QA CATEGORY. .

       ~r-~-~--~~\TI~Hm~~~~~~~~~~----B-------------------~8~.~~~b~~~~~~~i;P~~J~EL;I~~-~C~O~NS~T=A=N=T=S=G==LE=V=E=L=C=O=N=TR=O=L==SE=T=P=O=IN=T==EQ=U=A=L=T=0==4~4%:.:A:T:A:L:L~~~====~~~~~==~==~======T=====~Q~.M~.~F~~I~G~U~R~E~==2~4~~5~8~========~

FENOC ill MGB 11-10-01 (")U) I RWR 10/23/03

                        ~Ul r-:w 0/CHK:RJK,TGZ ~~ 0 ~~                              D/CHK: ,Jf.1                                                                                                                                                                                                       ARSTfi.IER6Y                                           BEAVER VALLEY POWER STATION UNIT 2 0 ww~

o~o owo:p

                                       ~3-             ISI~w~~

1 ISif-Y:ISI NUCLEAR OPERATIN6 COMPANY

                        ~zoz 0~ Z o     ~
                                      ~~~

N O'j ~ (")I~Ull ISI~~_J~ t/1 ll-31ZJ-'J3 FPE: N/A FINAl M'P. LOGIC DIAGRAM MAIN FEEDWATER CONTROL SCAlE DATE ARCH.-. z i w ' o ....... '

                        ~u 0~ z 1- ~- z o.. o I                              ..,g_                                                                                                                                                                 N/A ORAWN BY KKR              EL.ECT..APP.

FOR ISSU . A UO::O..o::NlJ-1 Z oww, .. .. .. ~ D!R,EE: io.-;;-------,-,,.------,----.-=:=-:c::-------------------,-=--! ow

                             ~0 0

z o..

J o::

o WUozal m uu~ . o.. ~ z oiSI ......

J I))

                                                                                               ~

N OFG./CI<< RWK FMc ME-CH.APP. KEH ~.E. ~~.. 100014 1-a-<)4 '""'(}g;:.;,:"--1-5<)-6--rc....:..:e:=-'--~ DWG NO i

                                                                                                                                                                                                                                                                                                                                                                                                     . 0 0 8 0- L SK- 5-4 B REV.

15 W (J)  :::2: ...-a - ......,.. lSI IS) (f) E*GR./CHK BLP TAS CIVL f>PP. f...-----------1 _____________2_____________3____--'-------- PREPARED ON CAEDDI 5 6 7 i 9

                                                                                                                                                                                                                      ----------------------------------------------------------------------------------------------------------------------~~

23-0CT -2003 11:41 k:".u2\ l050040b.e13 THE ENP$ SYSTEM 8 li!

SOURCE COIID IT1 011 RESUL TAIIT MOIUTOR FIG. 7.3-28 FEEOWATER YALYE L--...t0EEOWATER J ~ FIG. 7.3-30 COIITROL SI GliAL FIG. 7.3-18@ ISOLA T100\, _ _r::/:\

                                                                                                                                     \...._~ IGIIAL TRAIN B FIG. 7.3-13 (i)   TRAIII B SAFETY IIIJECTI 011 SIGIIAL TRAIN 8 ANY STEAIII GENERATOR 2/3 HI-HI LEVEL c

Ell ERG I ZE REACTOR TRIP 2FW.CY1178 (-PI TRAIII 8 2FW~SY1i78B (-pI T FlMCOMTROL VALVE MODULATE YEIIT AIR TO CLOSE MAIM FEEOWATER COIITROL YALYE FIG. 7.3*10@ IIOTES: FIGURE 7.3-29 J.. LOGIC FOR 2FWSXFCYii 78 (- Pl, LOOP 21 SHOWN LOGIC DIAGRAM LOGIC FOR 2FWSXFCY1i88 {* P ), LOOP 22 AND 2FWS*FCV498 (- P), LOOP 23 Sl NILAR. MAIN FEEDWATER CONTROL

2. it BY WESTINGHOUSE BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 CONTROL ACT I ON RESULTANT MOM I TOR SOURCE CONDITION Fl G 7.3-28 BYPASS FEEOWATER VALVE CONTROL SIGNAL H/A 1080993 POWER RANGE N E U T R0 N F L U.X PB c FEEDWATER R M OPEN ISLN. RESET t---1 E (---t=ill--~ 2FW-CY~79 ( -P)

                                                                                  ---+ill NOT ~----+311       0   M                                                                    t-A----Bit FEEOWATER BYPASS AND MODULATE FIG. 7.3-29    FEEDWATER ISOLATION CLOSE:

SIGNAL TRAIN B 8 FEEDWATER FEEDWATER BYPASS CONTROL VALVES BYPASS VALVES FEEDWATER BLOCIC ISOLATION VALVES ~ CLOSE SIGNAL NOTE:

1. LOGIC FOR 2FW~CY,79 I- P), LOOP 21 SHOWtt c LOGIC FOR 2FW$iEFCY~9 (*P),LOOP 22 AND 2FWS*FSV499 (-P),LOOP 23 SIMILAR.

A 2FWS*FSV479BI (-P) T

                                                                                                                                ' - - - - - - - " " " B ' DE -ENERGIZE B --9r> A B

VEN AIR TO CLOSE FIGURE 7. 3-30 LOGIC DIAGRAM MAIN FEEDWATER CONTROL BEAVER VALLEY POWER STATION- UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SOURCE MOM ITOR COIIDITIOII CONTROL ACT I ON RE'!ULTAIIT MDIII TOR cs 2FW5-MOVI5U DPEJI 2FWS-NOVI511A FEEDWATER VALVE OPEII 2FWS-MOY ISU

                                           .JIO MOTOR THERMAL OYERlOI.D 2FWS-MOV15U FEEDWATER VALVE CLOSE cs PAtH                                   2FWS-MOY15U                                  TORQUE SEAT CLOSE CLOSE STEAM GENERATOR FEED LIME VALVES FIG.7.3-55 2RCS*-SG21A StEAM GENERATOR WATER LEVEL 2RC91:SG218 STEAM GENERATCR WATER LEVEL 2.RCSltSG21C STEAM GENERATOR WATER LEVEL MOTES: 1. LOGIC FOR 2FWS-MOVI5~A SHOWII.

LOGIC FOR 2FWS-MOVI5-B AMD C, AMD 2FWS-MOVI55A, B, AIID C SIMILAR, FIGURE 7. 3-31 LOGIC DIAGRAM MAIN FEEDWATER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITIO"' CONTROL ACTION RESULTANT MONITOR HYDRAULIC PUMP MOTOR THERMAL OVERLOAD HYDRAULIC PRESSURE HIGH 2FWS*II YV !57 A(AD) NITROGEN PRESS FD'ITR ISOL TRIP VALVES LOW N1T ROG EM PRESSURE LO 'I 2FWS*HYV1578 ( BO) 8 NITROGEN PRESS LOW cs

                                                                   \ 2FWSO!kHYVI57A Vl-0) 2FWS*H YV 157C (CO)     ,_  _______,a OPEN NITROGEN PRESS LOW FEEDWATER ISO LH I01 VALVE CLOSE SIGNAL (TRAIN A) cs 2FWS HYVI5 7A ( AO) 2 FWS *HYVI5 7A ( AOl CLOSE
                                                                     '---------' 8                                                       J-------91 FEEDWATER I SOL.

FEEDWATER ISOLATION VALVE CLOSE VALVE CLOSE SIGNAL TRAIN A FEEDWATER ISOLATION VALVE TRAIN A FIG 7.3-28 ANY STEAM GEN. 2; 3 HI-HI LEVEL FEEDWATER ISOL. VALVE CLOSE SIGNAL TRAIN A TRAIN A FIG. 7. 3-13 SAFETY INJECTION SIGNAL PB FEEDWATER ISOL. SIGNAL RESET FEEDWATER ISOL. VALVE CLOSE SIGNAL TRAIN A NOTES: I , LOGIC FOR 2FWs?ffiYV I 57 A ( AO) SHOWN, LOGIC FOR 2FW~YV157B (80), AND 2FW~YVI57C (CO) SIMILAR.

2. VALVE FAILS AS IS ON LOSS OF POWER, FIGURE 7. 3-32 LOGIC DIAGRAM MAIN FEEDWATER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 7 NOTES: I, LOGIC FOR STEAM GENERATOR 2RC~G21A WATER LEVEL SHOWN. LOGIC FOR STEAM GENERATORS 2RC~G21B AND 2RC~G21C SIMIL~R.

2. STEAM GENERATOR LEVEL IS THE RE.SULT OF A COMPUTER CALCULATION *.

FIGURE 7. 3-33 LOGIC DIAGRAM MAIN FEEDWATER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 10 (97)

  .SUURCE                                                    MONITOR                                         CONDITION                                                  MCNlTOR REACTOR TRIP DUE TO TIIRB IME TRIP FIG. 7. 3-20   @                                                li IU S SOURCE RANGL IIIEIITROII FlUX HIGH a REACTOR TRIP FIG. 7.3-8                                                                                         1/2 SOORCE IWIGE HI IITit.

FWX UP CCUfTS/SEC. AND IllS I HTER RAIIQE REACiOR Nl < 50."7.. IIEUTROM FLUX HIGH REACTOR TRIP 1 2 llfiM). !WEE HI NOTE 3 FIG.7.3-8 I 3 Fl.IJX-a.llREMT E(Q IY. 10 IllS 2/~ POWER RANGE 25j RILL PO'IER HIGH SETPOIIIT NEUTRON 1 FLUX HIGH REACTOR TRIP 2N I'(M(R ~WEE HI IITit. FIG. 7.3-8 FLUX HIGH SET POINT) lfiS 2/" PlrftER RANGE 108% Fill Pl7fi'ER lOW SETPOIIIT NEUTRON I FLUX HIGH REACTOR TRIP 2N POWER RAMlE HHII FIG.7.3-8 @> NOTE 3 IIBJTROII FLUX LOW SET PT. F\G.7.3-35 IllS 2/" POWER RANGE >25% R.U POe IIEIITROII FLUX RATE FIG. 7._ 3-8 @> I HIGH REACTOR TRIP 2/" POWER RANGE MOTE 2 6 IIIGH IIEUTROII FLUX 2 3 LOOPS OYER TEMP RATE AT REACTOR TRIP FIG. 'l3-IO @ NOTE 2 7 2/3 LOOPS OYERPnwER AT REACTOR TRIP FIG. 7. 3-10 @ I IIOTE 2 FIG. 7. 3-13@ SAFETY INJECTION REACTO~ TRir SIGNAL

1. TRAIN A SHOWN, TRAIN B SINilAI.

FIGURE 7. 3-34 2- FOR SETPO lilT IIIFORMATI 01 REFER TO WEST IIIGitOUSE MAIIUAL - *PRECAUT I OilS, Ll MITAT IOilS, AID SET PO lilTS FOR NUCLEAR STEAM SUPPLY SYSltMS*. LOGIC DIAGRAM

3. MANUAL BLOCK OF ntiS TRIP IS PROVIDED ABOVE A PRESET PERMISSIVE VALUE (REACTOR POWER > ~.) REACTOR TRIPS

4. AIUIUIIC lATORS, A!!D CCIMPUTE- INPUTS CaM<<<II T~ BOTH ru I IllS.

BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE MONITOR CONbiTIOM FIG. 7.3-34 REACTOR TRIPS FROM LSK ... l ... IJA l/3 h'FACTOR (001 ANl I OOF' FLOW LO- REACTOR TRIP LOW~OW ANY lOOP FIG. 7. 3-:10 I Z/3 0£ TcCTORS (POWER ) IJO~) 2/3 REACTC:\ COOLAffl PIJt.tP LOOP FLOW REACTOR TRIP B LOW FIG. 7.3-10@ I 2/3 LOOPS LOW NOTE 3 c FLOW OR 2/3 RCP 213 REACTOR COOLAMl A PEN

                                                 ~p BUS UMDER FRF.Q.
                                                  ~~CTOR TRIP 0       FIG. 7. 3-IO@

2/3 UNDER- NOTE 3 FREQUENCY ON 2/3 REACTOR COOLA"T RCP BUSES AN 0 P7 PUt.tP BUS LINDER VOLTAGE RUCTOR TIH P 2 FIG.?. 3-:36 FIG. 7. 3-10 @) 2/3 UNDER- NOTE 3

                                                     >>.                              VOLTAGE ON RCP BUSES P~ESSURIZER    PRESSURE HIGH REACTOR TRIP FIG. 7.3-11                                                                     2/3 PRESSURIZER I                               HIGH PRESSURE PRESSURIZER PRESSURE                ) 2385 PSIG L~ REACTOR TRIP
                                                                                   .2/3 PRESSURIZER           NOTE 3 F IG. 7. 3-11@)                                I                                LOW PRESSURE
                                                                                  *.. ( 188 5 PSIG
                                                 ,_ESSURIZER LEVEL
                                               , HIGH REACTOR TRIP A                                         2/3 PRESSURIZER FIG. 7. 3-11@                                 I                                HIGH WATER        L~VEL
                                                                                      ) 9~ OF SPAN MOTES:   1. TRAIN A SHOWN, TRAIN 8 SIMILA~.

2. ANMUMCIATORS AND COMPUTE~ INPUTS C~OM TO ROTH TRAINS.

3. THESE TRIPS ARE COMO IT IOMED l'Y TIJRB IfiE IMPULSE CHAMAER PRESSURF.

             ) 1~ LOAD OR 2N REACTOR PO"'-:R ) 1()( ( ~EE WESTINGHOUSE DRAWl MA NO. 10809~3 SHEET~).

FIGURE 7.3-3S LOGIC DIAGRAM REACTOR TRIPS BEAVER VALLEY POWER STATION-UNIT 2 UPDATED Fl NAL SAFETY ANALYSIS REPORT

REV12 SOURCE CONDITION

                                             'REACTOR TRIPS FROM FIG. 7.3-35 TRAIN A J - - - - - - - - t REACTOR TRIP SIGNALS ANY
      ~:::.:....::.~~;.....__-----------1 STEAM GErERATOR LOW*LOW WATER LVL.

FIGURE 7. 3

• 36 LOGIC DIAGRAM REACTOR TRIPS BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE CONDITION CONTROL ACTION RESULTAHT TRAIN A 52 RTA REACTOR TRIP BREAKER SIGNALS TRIP TRAIN B 52 RTB TRAIN B REACTOR TRIP BREAKER SIMILAR SIGNALS TRIP NOTES: I. NORMAL OPERATION IS WITH REACTOR TRIP BREAKERS 52 RTA AND 52 RTB IN SERVICE AND BYPASS BREAKERS 52 BYA AND 52 BYB WITHDRAWN,

2. THE BYPASS BREAKER INTERLOCK IS OPERATIVE ONLY WHEN BOTH BYPASS BREAKERS ARE IN THE OPERATE POSITION (RACKED IN).

3. CS 2.~RTC IS ABLE TO CLOSE THE BREAKERS AS WELL AS .TRIP TH.EM. CS 2*RT IS ONLY ABLE TO TRIP THE BR.EAK.ERS ..

FIGURE 7. 3-37 LOGIC DIAGRAM REACTOR TRIPS BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

Diet RESULTANT l'3 FiG. 7._!-7 Q .... f"IG.l3-37 Q .....

                           -v I

REACTOR. TRIP 20 FIG.23-7 6ib FIG. 7.3-37

      *m=

1. IEACTOI TIIP IESULTS II TUIIIIE TIIP, FEEDWAT£1 ISOUTIOif, AU SAFm llt.IECTI11 IESET AIO ILOCI PEIMISSIYE.

FIGURE 7. 3-38 LOGIC DIAGRAM REACTOR TRIPS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR NCTE 4 FIG. 7.3-41 DIESEL GENERATOR 33 BARRING DEV1CE #) &"2 SS !MAINTAINED! DISENGAGED 2EGS*EG2-H-Ol REMOTE L AND* 14 FIG. 7.3-42 DIESEL GENERATOR ENGINE TROUBLE RESET AND .... FIG. 7.3-44 DIESEL GENERATOR 35 ELECTRICAL PROTECTION RESET ( 16 FIG. 7.3-44 DIESEL GENERATOR ELECTRICAL PRD'ECTION

                                                                             .....                                     D RESET
                                                                                           ......                     -         ...   \OT
                                                                                                                                            ... v AND FIG. 7.3-45                    ACB 2E7 BUS 2AE SUP.
                                                                                           ..... I"-

OR 20 BKR. TRIPPED AND GEN. SYNCH. SW. IN OFF __.... OR PB 2EGS*EG2-l<-Ol

                                                                                                                                            .. I'-._        I STA"<T                                                          __..,

ASP AND ..... 10sogg3 SH. 8. SAFETY INJECTION SIGNAL *.... 1/- DR TRAIN A I\.. SS ltv"AINTAINEOl

                                                                                                                                                                   ......                                        ...       SEM FIG. 7.3-40 7

2EGS*EG2-11-0l FIG. 7.3-41 NORMAL c ~ 4 FIG. 7.3-50

                                                                                                                                                                              ...v                                                           ..                                                   -

B BUS 2AE __.., - 27 SUSTAINED BUS .....

• DIESEL GENERATOR __....

UNDERVOLTAGE AND EMERGENCY START A SIGNAL AND iJG AUTO PB START 2EGS*EG2-ii-Ol 7 START OR A B

                                                                                                                                    -                                                I"-                                     B DIESEL GENERATOR                                                                                          NCT A                                     EMERGENCY START SIGNAL
                                                                              ....                                                                                                                                              SOURCE (

O:ESEL GENERATOR PB START CIRCUIT "2 17 IDENTICAL) DE -ENERGIZED FIG. 7.3-52 2EGS*EG2-11-0l CONTROL TRANSFER SOP DIESEL GENERATOR B START CIRCUIT #'. AND * ~ NOT DIESEL GENERATOR START CIRCUIT "1 *....- 18 ENERGIZED PB DE-ENERGIZED FIG. 7.3-52

                                                                                     /-                       2EGS*EG2-11-0I OR                   START SOP
                                                                                     \._                                             -

2 FIG. 7.3-40 DIESEL GENERATOR FIG. 7.3-43 START CIRCUIT "2 FIG. 7.3-46 ENERGIZED R NOT M DIESEL GENERATOR FIG. 7.3-49 E START CI"<CUIT #' B M ENERGIZED AND 0 FIG. 7.3-40 FIG. 7.3-40 DIESEL FIG. 7.3-43 1 GENERATOR FIG. 7.3-46 TEST START NOT O:ESEL GENERATOR FIG. 7.3-49 NOTE 4 SOURCE IDENTICAL START CI"<CUIT "2 c ENERGIZED SS IMAINTAINE'JI 2EGS*EG2-li-OI REMCTE 0 CCNTROL AT FIG. 7.3-41 DIESEL L M S~UTDOWN GENERATOR TRIP E 2EGS*EG2-11-0l PANEL SIGNAL M '---II~ CONTROL AT SHUTDCWNI---------~ R PANEL PB NOTE 2 2EGS*EG2-1:-0I CONTROL -RANSFER SOP FIG. 7.3-41 FIG. 7.3-43 DIESEL GENERA-OR B 13 ENGINE SPEED 30 HIGH c 2EGS*EG2-11-01 SEM ASP '-------' 1-'t;NUAL RESET 2EGS*EG2-J:-OI AT RELAY CONTROL t;T ALT. L SHUTDOWN PANEL c FIG. 7.3-43 DIESEL GENERATOR START FAIL'~RE PB D 2EGS*EG2-11-0l cow-ROL TRANSFER 0 FIGURE 7,3-39 ASP M NOTES: 1. LOGIC FOR DIESEL GENERATOR 2EGS*EG2-11-0I SHO'WN. E LOGIC DIAGRAM LOGIC FOR D!ESEL GENERATOR 2EGS*EG2-21-P: SIMILAR EXCEPT NO CONTROL AVAILABLE FROM ALT SHU-DOWN PANAL. M EMERGENCY GENERATOR STARTING 2EGS*EG2-JI-OI R

2. CONTROL AT ALTERNATE SHUTDOWN PANEL. BEAVER VALLEY ~OWER STATION - UNIT 2 MANUAL RESE-

3. ;; Bv WESTI~,GHOUSE A- RELAY L~CATED FINAL SAFETY ANALYSIS REPORT

4. KEYLOCKED, KEY RE"10VABLE IN RE~C-E POSITION. L

REV 12 SOURCE CONDITION CONTROL ACTION RESULTANT FIG. 7.3-39 DIESEL GENERATOR 2 START CIRCUIT "1 ENERGIZm DIESEL GENERATOR SS l'v!A:NTAINEO) NOTE 2 BARRING DEVICE "1 & "2 2EGS*EG 2-1:-0l DISENGAGED LOCAL vi--------i PB1 A\iD .----------1~ ENERGIZE OPEN (,:\ FIG. 7.3-42 DIESEL GENERATOR 2EGS*EG 2-1\-Q) ENGINC: TROUBLE START 2E GA *SOV 202 -!( -Ol RESET L

                                                                                                                                                                     ~JT 1----.-.! DE-ENERGIZE       CLOSE vi--------i 0      FIG. 7.3-44                        DIESEL GENERATOR ELECTRICAL PROTECTION RESET AND ENERGIZE         OPEN 2EGA*SOV202-21 -01 FIG. 7.3-44                         DIC:SEL GENERATOR                                                                                                         NOT 1---~      DE-ENERGIZE      CLOSE ELECTRICAL PROTECTION RESET                                                                                       AND FIG. 7.3-43                         DIESEL GENERATOR                                                                                     DIESEL GENERATOR AIR START SOLENOIDS 12                                       ENGINE SPEED LOW 3

FIG. 7.3-39 DIESEL GENERATOR START CIRCUIT "2 ENERGIZED SS IMAI~ TAINEDI 2EGS*EG 2-11-01 G REMOTE FIG. 7.3-13 SAFETY INJECTION -L SIGNAL TRAIN A PB AND 2EGS*EG 2-11-0l START

                                                                                /                                    -B BUS 2AE 27                                       SUSTAINED BUS                              OR      NOT UNDERVOLTAGE cs 2EGS*EG 2-11-0l                                 iJ EXERCISE                                            M                               DIESEL GENERATOR B                                E                               TEST                                              1 ACB 2E7 4160 VOLT                                                         -

52 BUS 2AE SUPPLY BREAKER TRIPPED NOT .... R

                                                                                                                                                       'vi                             START FIG. 7.3- 39 NOTE 2 FIG. 7.3- 42 SS IMAINTAINEDI
  -                                                                                                2EGS*EG 2-11-0l
                                                                         -v LOCAL

( FIG. 7.3-41 DIESEL

                                                                         ....                                         L 6                                       GENERATOR TRIP SIGNAL
                                                                                                                                     /

OR OR

  -                                                                             I'-..                                                \.

11 FIG. 7.3-43 DIESEL GENERATOR START ...... FAILURE 4 FIG. 7.3-39 DIESeL GENERATOR EMERGENCY START S!GNAL FIGURE 7,3-40 NOTES: LOGIC DIAGRAM

1. LOGIC FOR DIESEL GENERATOR 2EGS*EG2-11-0l SHOW~. EMERGENCY GENERATOR STARTING LOGIC FOR DIESC:::L GENERATOR 2EGS*EG2-21-PI SIMILAR.

BEAVER VALLEY POWER STATICN - UNIT 2

2. KEY LCCKED, KEY REMOVABLE IN REMOTE POSITION.

UPDATED FINAL SAFETY ANALYS:S RE~ORT

REV 12 SOURCE MONITOR CO"DITION CONTROL ACTION RESULTANT MONITOR FIG. 7.3-42 DIESEL GENERATOR ENGINE TROUBLE NOT AND TRIP PB DIESEL 2EGS;;f-EG 2-1 (-0) GENERATOR TRIP DIESEL GENERATOR START SIGNAL ELECTRICAL FIG. 7.3-39 FIG. 7.3-40 PROTECTION FIG. 7.3-45 PB FIG. 7.3-52A DIESEL GENERATOR 2EGS:*EG 2-1 ( -0) NOT OVERS PEED CONTROL TRANSFER TRIP M DIESEL GENERATOR E NOT TRIP SIGNAL SEM AND M RESET PB FIG. 7.3-42 DG 2-1 LOCAL FIG. 7.3-50 PANEL TROUBLE 2EGS~EG 2-1 (-0} NOTE 4 STOP FIG. 7.3-51 DIESEL GENERATOR ENERGIZE OPEN FIG. 7.3-52 NOT EMERGENCY START PB NOT SIGNAL 2EGS?IHG 2-1 (-0) M 2EG~SOY201-1(-0) STOP E M NOT DE-ENERGIZE CLOSE NOT 2EG S*EG2 -I (- 0) NOTE 6 T. R. NOT SHUTDOWN SOLENOI~ FIG. 7.3-39 SS (MAINTAINED) CONTROL AT ALT. 2EG~ EG 2-1 ( -0) SHUTDOWN PANEL LOCAL L AND PB FIG. 7.3-13@) SAFETY 2EG~EG 2-1 ( -0) INJECTION SIGNAL STOP L TRAIN A BUS 2AE PB SUSTAINED BUS 2EGS*EG2-I {- 0) UNDERVOLTAGE STOP ASP AND DIESEL GENERATOR BARRING DEVICE #I ENGAGED FIG. 7.3-39 DIESEL GENERATOR BARRING DEVICE #2 D.G. 2-1 LOCAL ENGAGED PANEL TROUBLE I I NOTES: I. LOGIC FOR DG 2-1 SHUTDOWN SOLENOID 2EGA~SOV201-I(-O) IS SHOWN; LOGIC FOR DG 2-2 SHUTDOWN SOLENOID 2EG"*'SOV201-2(-P) IS SIMILAREXCEPTNOCONTROLFROMASP.

2. LOqiC FOR CONTROL FROM THE CONTROL ROOM IS SHOWN.

LOGIC FOR CONTROL FROM THE SHUTDOWN PANEL IS SIMILAR,

3. CONTROL FROM THE CONTROL ROOM IS ONLY AVAILABLE WHEN THE CONTROL TRANSFER RELAY HAS BEEN MANUALLY RESET. CONTROL FROM THE SHUTDOWN PANEL IS ONLY AVAILABLE WHEN THE CONTROL TRANSFER RELAY IS ACTUATED, ij, ENERGIZING SHUTDOWN SOLENOID 2EGA~SOV201-I WILL ADMIT AIR TO THE FUEL RACK BOOST SOURCE CYLINDER ISOLATING DIESEL GENERATOR FUEL OIL SUPPLY. FIGURE 7.3-41

5. NO CONTROL AVAILABLE FROM ALTERNATE SHUTDOWN PANEL FOR 2EGS *EG2 *2 (- P). LOGIC DIAGRAM

6. KEYLOCKED, KEY REMOVABLE IN REMOTE POSITION. EMERGENCY GENERATOR-STARTING

1. RESET FROM MB SHOWN, RESET FROM SOP AND ASP SIN ILAR. BEAVER VALLEY POWER STATION- UNIT 2 UPDATED Ff NAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT Dl ESEL GENERATOR FIG. 7.3-46 FUEL OIL PRESSURE LOI DIESEL GENERATOR LUBE OIL PRESSURE EXTREME LOW DIESEL GENERATOR FIG. 1.3-41 TRIP SIGNAL RESET FIG.U-43 DIESEL GENERATOR ENGINE SPEED HIGH IESEL GENERATOR LUBE OIL PRESSURE LOW NOTE 2 DIESEL GENERATOR PB LUBE OIL PRESSURE 2EG~EG2-1 ( -0) LOW-LOW RESET DIESEL GENERATOR ENGINE TROUBLE DIESEL GENERATOR RESET LUBE OIL PRESSURE M FIG. 7.3-39 EXTREME LOW E FIG.7.3 -40 M Dl ESEL GENERATOR DIESEL GENERATOR JACKET COOL! NG WATER ENGINE TROUBLE TEMPERATURE HIGH TRIP FIG. 1.3-41 DIESEL GENERATOR LUBE OIL TEMPERATURE 1----C:>I HIGH DIESEL GENERATOR LUBE OIL TEMPERATURE HIGH-HIGH DIESEL GENERA TOR JACKET CLNG. ITR. TEMP. HIGH DIESEL GENERATOR JACKET COOLING WATER TEMPERATURE HIGH DIESEL GENERATOR FIC.U-40 TEST START 6, ASSOCIATED EQUIPMENT IDENTIFICATION NUMBERS: 2EG S*EG2 -I ( -0) 2EGS;*:EG2 -2 ( -P) NOTES: 2EG OlPS20 I -1 I- 0I 2EGO*PS202 -I HI I. LOGIC FOR Dl ES EL GENERATOR 2EGS *" E G2-1 (- 0) ENGINE TRBL. SHOWN 2EG())Kf'S201 0 I 2EGO*-PS202-2 1-P I *FIGURE 7.3-42 LOGIC FOR DIESEL GENERATOR 2EGS ¥ E G2-2(- P )ENGINE TRBL. SIMILAR 2EG~PS20 I -3 I -0 I 2EG011PS202 -3 I-PI

2. FOR ADO ITI ON AL RESET PUSHBUTTON I NTE RLOC KS REFER TO LSK 6 E 2EGO~PS201-LII-OI 2EGOtPS202-LI I-PI LOGIC DIAGRAM 3.0G 2-1 JACKET COOLING WATER TEMPERATURE HIGH 2EGF)(?S202-1 1*01 2EGF*PS202-2 1-Pl EMERGENCY GENERATOR- STARTING 2EG O*l'S21 0-1 1-01 2EG:tTS21 0-2 1-P l

4. DG 2-1 FUEL 01 L PRESSURE LOW BEAVER VALLEY POWER STATION-UNIT 2 2EGSlTS21 11-1 I- 0l 2EGSliJ'S 21 Ll-2 1- PI 5.DG 2-1 LUBE OIL PRESSURE LOW FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE COHDITION CONTROL ACTION RESULTANT MONITOR DIESEL GENERATOR DIESEL GENERATOR FIG. 7. 3-39 START CIRCUIT #I T. D. 1-----+-=oo~ START FA ILURE ENERGIZED RESET NOTE 2 M DIESEL GENERATOR PB E FIG. 7. 3-39 START CIRCUIT #2 T.D. 2EGS EG2-1(-0) M ENERGIZED RESET DIESEL

                                                                                                                                                  "'-------+311 GENERATOR               START                                 FIG. 7. 3-39 DIESEL GENERATOR                                                                                                                              FA ILURE                                          FIG. 2.3-40 START CIRCUIT #I                                                                                                                                                                    DG 2-1 GliNERATOR LOSS OF CONT. PWR.                                                                                                                                                                  START     FAILURE
                                                                                                                                                                                                         '---~       .L DIESEL GENERATOR                                                                                                                                                                       DG2-I LOCAL START CIRCUIT #2                                                                                                                                                                       PNL TROUBLE LOSS OF CONT. PWR.
                                                                                                                                                                                                         '--...J....~I DIESEL GENERATOR                                                                                                                                                                       SEM STOPPING CIRCUIT LOSS OF CONT, PWR.

DIESEL GENERATOR DG 2*1 LOSS OF SHUTDOWN CIRCUIT CONTROL POWER LOSS OF CONT. PWR.

                                                                                                                                                                                                         '---~.L DIESEL GENERATOR                                                                                                                               DIESEL G(NERATOR EXCITER BREAKER                                 ~----------------------------------------------------~NOT                                      ENC,INE SPEED                                     FIG. 7. '3 -40 LOSS OF CONT. PWR.                                                                                                                             <HIGH DIESEL GENERATOR                                                                                                                               DIESEL GENERATOR VOLTAGE REGULATOR                                                                                                                              ENGINE SPEED
                                                                                                                                                                             >HIGH r------~FIG. 7.3-39 LOSS OF CONT. PWR.                                                                                                                                                                              FIG. 7.3-42 FIG.7. 3-45 DIESEL GENERATOR                                                                                                                                                                                FIG. 7. 3-46 ENGINE SPEED                                                                                                                                                                                    FIG.7.'3-47 HIGH                                                                                                                                                                                            FIG. 7. 3-52 FIG. 7.3-52A DIESEL GEN,JACKET                                                                                                                                                                               FIG. 7.3-48 CLNG. WTR. PRESS.
                             ) PRESS. AT HIGH SPEED NOTES:

I, LOGIC FOR DIESEL GENERATOR 2EGS~EG2-1(-0) START FAILURE SHOWN, ij, ASSOCIATED EQUIPMENT IDENTIFICATIOk NUMBERS: LOGIC FOR DIESEL GtNERATOR 2EGS~EG2-2(-P) START FAILURE SIMILAR, 2EGS EG2-1 -0 2EGS~EG2-2 -P

2. FOR ADDITIONAL RESET PUSHBUTTON INTERLOCKS REFER TO FIG. l 3-42 2EGS~PSIOOA -0 2EGS~PSIOOB -P

3. LOGIC FOR JACKET COOLING WATER TEMPERATURE CONTROL VALVE 2EGS~TCV216-I (*0) SHOWN. 2EGS~TT216-I(-O) 2EG~TT216-2(-P)

LOGIC FOR JACKET COOLING WATER TEMPERATURE CONTROL VALVE 2EGS*TCV216-2 (-P) SIMILAR. 2EGS~TCV216-1(-0 2EGS~TCV216-2(-P) FIGURE 7.3-43 2EGS#SOY218-1 ( -0 2E&s*~CinV218-2 ( _p\ LOGIC DIAGRAM EMERGENCY GENERATOR-STARTING BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR SEM DIESEL GEN. REVERSE POWER c B DIESEL GENERATOR 32 REVERSE POWER SEM c DIESEL GENERATOR POTENT:AL TRANSF BLOWN "USE SEM D:ESEL GEN PT c BLOWN FUSE

                                               -B       DIESEL GENERATOR 40                                               EXCITER                                         T.D.

LOSS OF FIELD D.G. 2-1 LOSS 0" FIELD/LOW EXCITATION B

                                 -                      DIESEL GENERATOR EXCITER                                                                       1 OR DIESEL GENERATOR OVERCJRRENT                                                                                                                                                   ELECTRICAL                           15 SEM                                                                                                                                                                                     PROTECTION AND                                                                                                                                               FIG. 7.3-41 NOTE 2                                                                                                                                                                                                             FIG. 7.3-45 AND                                        0                                                          FIG. 7.3-51 DIESE_ GENERATOR                                                                                                                       M                                                      FIG. 7 .3-52A 64                                               EXCITER                                                                                                                                E GROUND OVERCURRENT                                                                                MAI'-IUA_ RESET AT                   M RELAY                            R L

AND D:ESEL GENERATOR DIESEL GENERATOR NOT ELECTRICAL PROT. 16 FIELD RESET FLASHED FIG. 7.3-39 ACB 2E7 FIG. 7.3-40 52 BUS 2AE SL;PPLY BREAKER CLOSED SEM c DIESEL GENERATOR DIESEL GENERATOR ELECTRICAL .- 34 59 H OVERVOLTAGE PROTECTION VOLTS/HERTZ AND 1/- FIG. 7.3- 41 DIESEL GENERATOR Flu. 7.3- 45 59 l-i OVERVOLTAGE OR 0 FIG. 7.3- 51 VOLTS/HERTZ M FIG. 7.3- 52 A I~ E DIESEL GENERA-OR MANUAL RESET AT M 51 PHASE A TIME RELAY R 0A OVERCURRENT **

                                                                                                                                                                                -L DIESEL GENERATOR                                                             /                                                                                                                   DIESEL GENERATOR 51   l-i     PHASE B TIME                                                                    OR                                                                                                        NOT    ELECTRICAL PROT.                     35 0B            OVERCURRENT **                                                                                                                                                                                ~  RESET DIESEL GENERATCR 51                                                      PHASE C T:ME                                                  AND                                                                                                                             FIG. 7.3-3 9 FIG. 7.3-4 0
                                                                                                                                                             *v-0:::                                                    OVERCURRENT **

SEM D:ESEL GENERATOR 50 l-i INSTANTANTANEOUS PHASE 1-03 OVERCURRENT ** .._ OR 7 c 1'\.... DIESEL GENERATOR ... 50 INSTANTANTANECUS PHASE 1-03 CJVERCURRENT ** I .. AND

                                                                                                                                                                =-

DIESEL GENERATOR 50 H INSTANTANTANEOUS P-1ASE DIESEL GEN.2-1 1-03 OVERCJRRENT ** 1/ EI_ECTRICAL

                                                  ** - OVE'lCURRENT RELAY T'l!P TOROUE CONTROLLED BY                                                 1                       OR                       FAULT
         ...                                           DISTANCE RELAYS.
                                                                                                                                                     =

I'-..._ A B 7 SEM c 2 87

     -                                                  DIESE_ GENERATOR DIFFERENTIAL OVERCURRENT                                                                                                                                                  FIGURE 7.3-44 CIESEL GENERATOR                                                                                                                                                                                 LOGIC DIAGRAM 51G   H      GRCJUND CVERCURRENT EMERGENCY GENERATOR-STA RTING NOTES:                                                                                                                                                              BEAVER VALLEY POWER STATION - UNIT 2

1. LOGIC FOR DIESEL GENERATOR 2EGS*EG2<1-0; ELECTRICAL P=iOTECTICN S-10WN. LPDATED F:NAL SAF ETY ANA LYS.S

                                                                                                                                                                                                                                                  - REPORT LOGIC FOR DIESEL GO:NERATJR 2EGS*EG2-21-Pi ELECTRICAL PROTECTICN SIMILAR.

2.COMMON COMPWER :NPUT ALSO S-10WN ON LSK-22-6G.

REV 12 SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR CONTROL AT

                               ~

SHUTDOWN ?YNEL P9

                      'C3 ?E10 T~ANSFER
                     ~------_) SCP 52
                   ~
                   \ ~R:;>        I -----------------~
                     ~-----_;8

(~',_______....,

                                              \   ~
                                               \,, _/

2.

~OURCE CONDITION CONTROL ACTION RESULTANT MONITOR PB 2EGS*M21A( -0) 2EGS7jEM21 A{ -0) 2EGS~M21 A{-0) FORWARD .L BARRING DEVICE MOTOR NO MOTOR THERMAL START (FORWARD) OVERLOAD 2EQ~N21A(-O) DIESEL GENERATOR BARRING DEVICE MOTOR BARRING DEVICE HI START (REVERSE) DISENGAGED PB 2EGS*N21 A( -0) DIESEL GENERATOR REVERSE BARRING DEVICE #2 DISENGAGED 2EGSIII21 A(-OJ BARRING DEVICf IIGffiR

                                                                                                                                                                                                       .STOP PB 2EGS tM21 AI -OJ STOP 2EGs+-M21 A( -0)

MOTOR THERMAL OVERLOAD DIESEL GENERATOR BARRING DEVICE MOTOR 2EGFiE"P22A(-O) NO MOTOR THERMAL OVERLOAD DIESEL GENERATOR SS (MAINTAINED) EG~P22A( -0) FIG. 7.3-39 START CIRCUIT Iii UEL OIL PUMP 2EGF:¥,P22A( -0) EM ERG I ZED llANO TART .L DIESEL GENERATOR FIG. U-39 START CIRCUIT #2 ENERGIZED EGF;lltP22A(-O} fiG. 7.3-42 ,-----.j.::;jf'UEL 0 ll PUMP DIESEL GEitERATOR SS {MAINTAINED) TOP FUEL OIL PRESSURE 2EGF*P22A(-O) LOW AUTO T.D. J ESEL GENERATOR fiG. 7.3-43 ENGINE SPEED KIGII EG F%::P22A ( -0) MOTOR Til ERMA L O~ERLOAD SS {MAINTAINED) NOTES: I, LOGIC FOR BARRING DEY ICE MOTOR 2EGS;¥:-M21 A( -0) SHOWN, 2EGF*P22A{-O) 3, ASSOCIATED EQUIPMENT IDENTIF!CATION NO'S. OFF LOGIC FOR BARRING DEVICE MOTOR 2EGS1fM21B(-P) SIMILAR, 2EG&*EG2H.(-O) 2EGS-1E:EG2-1{-P) '-------..../ .L DIESEL GENERATOR AUXILIARY FUEL O;L PUMP 2, LOGIC FOR FUEL OIL PUMP 2EGF~P22A{-O) SIIOWN, 2EGS~M21A(-O) 2EGS~M21B(-P) LOGIC FOR FUEL OIL PUMP 2EGF~P22B(-P) SIMILAR, 2EG F)(PS 202 -I (-0 I 2EGFM'S 202-2 I-PI FIGURE 7.3-46 2EGF~P22A{-O) 2EGF~22B(-P) LOGIC DIAGRAM EMERGENCY GENERATOR-STARTING BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITIOf\J COf\.!TROL ACTION RESULTANT MONITOR SS {MAFHAINEf]; 2EGA-C21AC-Ol HA!,JO 2EGA-Ti02!A AIR RECEIVER PRESSURE LO\T

                                                                                                                                                       -0 AND
                                                                                                                                                                                                                                                                                "----/

I 2EGA C2lA(-O; A!R r:: MPRESSOR I-----~- R )

if AH SS fMAFHAINEnl ~'=-

2EGA-C21AC-Ol AUTO (-~-)t--------+-i --,,

                                                                                                                                           -.ti!- -11                                    --     .-        I  AC.ii) I           2EGA-E21A fiG Af"TE"f"1COf"1!.Er?

• M,JO * - ~ NOT} - ~ - _I START rG 2EGA-TK21A 0"1---------------------1

(~

                                                                                                                                            ~1-----'

f AIR RE"CEIVFR PRESSURF HIGli . v--/ 2EGA-C<:'IA<-Ol MOTOR THE"RMA! 1--------------------------+---__.,_' OR )

                                                                                                                                                                                      -------------------.i[~iAci~~~ii~:      STOC                       I------<*-;------  (   G )

OVERLOAD

                                                                                                                                                                                                                                                                                /-'"-!:.

SS JM/JtrHr,rNE 2EGA-C21AC-Ol OFt 2EGA-C22AC-Ol SOURCE ( SHrILAr< "')- - - & J i AlR COMPRECSOR SfOP il.:GA E21A nG AFffRCOfl!.ER fOI" 2EGS-P23AC-OJ KEEP Wt\RM PUMP STArn

               "~

LSK 22 LiE OILLEL GENLRn OR

             /  13                                                   ENGINE SPEED HICH AND 2EGS-P23AC-Ul KEEP WAr?M PUMf' STOP SS !Ml'cTNT/\lNEnl i,OH:S:                                                                                                          2ELS-P23A,*Ol OFF LOUC    *m,  STfiRT T1IR COPPRE"JSO!i 2LLJJA-F21 Ti(-OJ SHUWN.
                                                                                                               ~------~!:.

LOGIC FOR START AIR COMPRESSOR ZEGA-CZ! BC-Pl,C22AC-Ol ANU C22Bi*Pl 2lMILJ1R.

2. LOGIC FOR KEEP WARM PUMP 2EGS-P23 AC-Ol SHOWN. DIESEL GENERATOR JACKET WATER KEEP WARM PUMP LUJ;[C J'OH KE ;> JJJ\RP PUMP ,"!,Gil P2 1 8( ill n>JD :,:'AU HAT! 'lS 2EGS-H21AC-Ol AND HZIBC-Pl SIMILAR.

AFSOCI:HED EDUIP:-1ENT IOENTIF!Ct,TION NLJMBFRS: ZFGS- FG2-IC-O) 2EGS- EGZ-21-P) 2EGS- EG2-l!-Ol 2EGS- EG2-2C-Pl 2LGA- c21r1(-L) 2EGr1--=-- LziIH :Pl -LLGS PL.;AT ui" Ku Li-=-, '2'°'.rl.H 1'5 i-"IliURt:: / .J-4 / ZEGA- TKZIA ZEGA- TKZIB 2EGS- HZIAC-Ol 2EGS- HZIBC-Pl 2t:GA- PS201C*Dl ZEGA- C22AC-Ol 2EU11- PS2P2C-PJ ZEGA- C228(-Pl 2EGn-E21:1 ZEGA- FS20!A 2EGJ1- t:218 ZEGA- FS201B LOGIC DlAGRAM 2FGA- TKF2A 2EPA- K2Pl3 TEGf1*TST04A .:ZffA- TSZrlTB FMFRCENCY CFNFRATOR STARTTNO ZEGA- PS203!-0l ZEGA- f'S2~4(-f'l BEAVER VALLEY POWER STATION - UNIT 2 LULAL TOLGLL SWIICH IS PROVIDLU PUR LYPncs UF LEGf1-FSE01A ANL F5E01L UP AfEU FINAL UAF~TY ANALYSIS H~POHf FOR OPERATION OF COMPRESSORS WHEN AIR DRYING EQUIPMENT IS NOT OPERATING.

SOURCE CONDITION CONTROL ACT ION RESULTANT NOitiTOR SS (MA 1NTAINED) 2EGS*E23A(-Ot) HAND J. 2EGS*E23A(-O) MOT OR TH ERMA L OVERLOAD SS (MAINTAINED) 2EGS:*E23A(-O) 1. 2EGS*P23A (-0) OFF KEEP WARM PUMP STOPPED 2EGO*P2JA{-O) L_----------------------~~s~n_R_T PRE LUBE ____ PUMP J. FIG. 7.3-43 DIESEL SS (MAINTAINED) GENERATOR SPEED 2EG~P23A ( -0) HIGH AUTO 2EGO:*:P23A( -0) 2EG0*'23A{ -0) MOTOR THERMAL ------------------------------'1us~ro~P PRE LUBE PUMP OVERLOAD 1. NOTES* JAC~ ATER HEATER 2EG""~!(:P) ( O' SIMilAR. SH~WN,

                                                 ~P23A(-O) SHOWH.

LOGIC I

• LOGIC

2. LOGIC LOGIC FOR :ATER HEATER 2EGS>fE FOR JACK R ARN pRE LUBE PUMP FOR ROCK~R ARM PRE LUBE PUMP FOR ROCK

                                              ~;:Oli<P23B( *P)

• 3.

                                                                                                                          *iFIGUR E 7

• 3-48 iLOGIC DIAGRAM RATOR-STARTING

                                                                                                                           *!EMERGENCY GEN;ER STATION-UNIT 2 REAVER VALLEY
                                                                                                                           ,fiNAL  SAFETY A

~LYSIS REPORT

SOURCE CONDITION CONTROL ACT ION RESULTANT MONITOR fiG. 7.3-39 DIESEL GENERATOR START G!RG Utl fl. 1 ENERGIZED ~EGO.*P2~A(-O) II .EEP WARN PUMP fIG. 7.3-39 DIESEL GENERHOR E START L START CIRCUIT If 2 II ENERGIZED 2EGO*P 24A {-OJ MOTOR THERMAL tEG~~A(-0) OVER LO.t.D SS (MAINTAINED) IEEP WARN PUMP 2EG0~2~A(-O) STOP L OFF L DIESEL GENERATOR PRE LUBE AHD KEEP WARN PUMP SS (MAINTAINED) 2EGffl2~A(-O) HAND 2EGOJ!!;-P2~A{-O) KEEP WARN PUMP RUNNING SS (J.IAIHTAINED) lEG~2~A(-O) 2EG011E::E2~A {-0) tRE LUBE OIL HEATER AUTO HERGIZE L DIESEL GENERATOR LUBE OIL TEMPERATURE HIGH DIESEL GENERATOR SPEED HIGH 2EGO :f E2~A {-0) ~EG~2~A(-O) t<<lTOR THERMAL PRE LUBE OIL HEATER OVERLOAD SS (MAINTAINED) I'E -ENERGIZE 1. 2EG07!E£2~A(-O) 2EGO .j-P2~A( -0) OFF  !. KEEP WARM PUNP STOPPED DIESEL GENERATOR .PR~ LUBE OIL HEATER NOTES: I., LOGIC FOR PRELUB£ OIL AND KEEP WARM PUMP 2EG~P2~A{-O) SHOWN., LOGIC FOR PREfUBE OIL AND KEEP WARM PUMP 2E~P2~B(-P) SIMILAR.

2. LOGIC FOR PRELUBE OIL HEATER 2EGO~E2~A{-D) SHOWN.

LOGIC FOR PREUJBE OIL HEATER 2EG~2~B{-P) SIMILAR,

3. RfPRfSf~TS SHUNT TRI~ FIGURE 7. 3-49 LOGIC DIAGRAM EMERGENCY GENERATOR-STARTING aEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 16 SOURCE CONDITION CONTROL ACTION RESULTANT cs GOVERNOR CONTROL RAISE

                                                                                                                                                           "'-------J                      .e.

cs AND t - - - - - - - - - - . t MANUAL GOVERNOR CONTROL GOVERNOR CONTROL RAISE INCREASE ENGINE SPEED

                                                                                                                                                           " ' - - - - - - - 1.

AND ~----------------------~-~ r----.t NOT ~--.t DIESEL GENERATOR cs MANUAL SPEED GOVERNOR CONTROL AND ~--------~ GOVERNOR CONTROL LOW LOWER LOWER ENGINE SPEED FIG. 7.3-.39 DIESEL GENERATOR EldERGENCY START cs SIGNAL GOVERNOR CONTROL LOWER AUTOMATIC 1------------------+------------------..t GOVERNOR CONTROL

                                                                                                         ' - - - - - . t NOT      ~..-t cs VOLTAGE RAISE                                                                                                                          AUTOMATIC AND   1---------~                                    VOLTAGE REGULATOR FIG. 7.3-41                 DIESEL GENERA TOR TRIP SIGNAL SETPOINT RAISED RESET AND AU TOM ATIC cs                                                                       AND   1-------------..                                VOLTAGE REGULATOR VOLTAGE                                                                                                                        SETPOINT LOWERED
                                                                                                                                                           --------.e.

LOWER f:\

                           ~f---------------------------------------------------.!l VOLTAGE CONTROL J AUTOMATIC NOTES:

1. LOGIC SHO'M-1 FOR DIESEL GENERATOR 2EGS*DG2-1(-0) SHOWN.

DIESEL GENERA TOR 2EGS-DG2*2( -P) SIMILAR. FIGURE 7.3-50 LOGIC DIAGRAM EMERGENCY GENERATOR- STARTING BEAVER VALLEY POWER STATIION - UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT (\ 03-MAY-2007 11:27 M:\u2\ UFSAR\g 7030500.dgn PREPARED ON<:::::~"~/ CAE DO! THE CNSU L.-~1\~~ SYSTEM

---

_':(_--------------------------------------------------- -----------------------------------

ACIJ'l£/ 4161'111.! BUS 2AE Slfl'tY BR11R Tllii'PED ACIJ 2Eli DltSELGEN.m Tllii'PED FIGURE 7.3-51 I. LOGIC SHOWN FOR DIESEL GENERATOR 2EGS*OG2-IC-Ol SHOWN. DIESEL GENERATOR 2EGS*DG2-2<-Pl SIMILAR LOGIC DIAGRAM

2. INITIATION OF ISOCHRONOUS DROOP CONTROL PERMITS SLOW LOADING OF DIESEL GENERATOR DURING THE EXERCISE MODE OF OPERATION INSTEAD OF THE NORMAL FAST LOAD CAPABILITIES. EMERGENCY GENERATOR - STARTING

3. REFER TO FIGURE 7.3-44 FOR LOGIC DEVELOPMENT OF DIESEL GENERATOR ELECTRICAL PROTECTION.

BEAVER VALLEY POWER STATIION - UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT 0 28-AUG-2008 13:54 K:\u2\UFSAR\g7939510.dgn PREPARED 'A? THE CNSUON C.."-~~ SYSTEM CAEDDI , ~---------------------------------------------------------------------------------------------------------------------------------------------------Y------------------------------------------------*

l-ION !TOR COHO IT ION loiONITOR DIESEL GENERATOR 2-1 RSVRiil START AIR PRES/-----------~ LOW DIESEL GENERATOR 2-1 FIG. 7. 3-39 START CKT !i I NOTES: DE-ENERGIZED 1.. LOGI'C FOR DIESEL GENERATOR 2-1 SHOWN.. DIESEL GENERATOR 2-1 LOGtC FOR DIESEL GENERATOR 2-2 SI Ml LAR., FIG-7. 3-39 START CKT 112 2. ASSOCIATED EQUIPMENT IDENTIFICATION NUMBERS: DE-ENERGIZED 2EG~EG2-1(-0) 2EGS~G2-2(-P) 2EGAJWS205 -I I-OJ 2EGA~S205-2 (-Pl DIESEL GENERATOR 2- 2EGA):PS206 0l 2EGA;f.PS206-2 I- PJ RSVRii2 START AIR P R E S J - - - - - - - - - - - - + 7 1 2EG$-LS201-l 2EGS-tS201-2 LOW 2EG Q)1.S212 -I I-OJ 2EGOld-S21 2 -2 I -P l 2EG~S21 0-1 I -OJ 2EG~S 2 10-2 I* Pl n.Q.2-I JACKET CLNG, 2EGqfrrS212-I I*OJ 2EGO*TS212-2 (- PJ WTR..EXPANS ION TK..LVL. f---------------------~ 2EG*"S21 0-1 f-01 2EGS~S21 0-2 I -PJ LOW 2EGIJW'S2 II -I I-OJ 2EGO*"S2 II PJ 2EDWS21 0- I I -0 J 2ED<>f_f'S21 0-2 I* PJ O.G.2-1 ROCKER ARM 2EOGI.'fll.S211 -I I-OJ 2EDG *LS2 f I -2 (

• PJ LUBE 01 L LEVEL RSVR. 1---------------------8ol 2EGS~S2<N- f ( -0 J 2 EGS'I'JS20~-2 I-P J HIGH 3. DG 2-1 RECI EVER #I A IR PRESSURE lOW

4. DG 2,-1 RECIEVEA+tZAIR PRESSURE LOW n,Q,2-I LUBE OIL S, OG 2~1 JACKET CLNG, WTR, EXPANSION TK. LVL, LOW SUMP LEVEL 6. DG 2-1 ROCKER ARM LUBE OIL RSVR HIGH 7, DG ~-1 LUBE OIL SUMP LEVEL LOW LOW

8. DG ~I LUBE OIL TEMP. LOW

9. OG 2'-1 JACKET COOLitJG WATER PRESSURE LOW DIESEL GENERATOR 2-1 D*. G..2-I LOCAL

10. DG 2*1 ROCKER ARM LUBE. OIL PRESSURE LOW LUBE OIL TEMPERATURE PANEL TROUBLE II. 06 ?~I CRANKCASE PRESSURE HIGH LOW 12. DG 2J.r LUBE OIL SUMP LEVEL HIGH I 3. DG 2d JACKET COOLING WA TEA TEMP. LOW

14. THIS ALARM IS CUTOUT WHEN LOW SPEED RELAY {LSR)

O.G..2-I JACKET CLHG., IS E;NERGIZED. WATER PRESSURE LOW DIESEL GENERATOR FIG. 7. 3-41 TRIP SIGNAL RESET FIG. 7. 3-43 DIESEL GENERATOR ENGINE SPEED T. D.. HIGH O.*Q.2-I ROCKER ARM LUBE OIL PRESSURE LOW DIESEL GENERATOR 2-~" CRANKCASE PRESSURE HIGH DIESEL GEK.2-I LUBE OIL SUMP LEVEL 1----------------------f~ HIGH FIGURE 7.3-52 O..G.2-I JACKET CLHG. J..:OGIC DIAGRAM WATER TEMPERATURE LOW

                                                                                                                      ~ MERGENCY GENERATOR -STARTING BEAVER VALLEY POWER STATION-UNIT 2 Fi 1NAL SAFETY ANALYSIS REPORT 1

REV 12 CONTROL ACTION RESULTANT MOM ITOR SOURCE CONDITION PB AC82EIO CONTROL TRANSF N ACB2EIO E CONTROL AT ALT. M SHUTDOWN PANEL CONTROl AT ALT. BUS2AE Fl G. 7.3-45 SHUTDOWN PANEL NOT UNDERFREQ.

                                                                                                                                                                             .a FIG. 7.3-45               AC82E7 BUS 2AE NORM.SUPPLY BRKR, TRIPPED ACB2EIO FIG. 7.3*43                 DIESEL GENERATOR                                                                 DIESEL GEN. BRKR.

ENGINE SPEED . CL HIGH FIG. 7.3-45 DIESEL GENERATO 2-1 UNDERVOLTAGE cs ACB2EIO DIESEL GEN£RATOR CLOSE F'IG. 7.:3-44 EL.ECTRICAL PROT .ECT ION cs ACB2EIO FIG. 7.3-44 DIESEL GENERATOR* TRIP ACB2EIO ELECTRICAL DIESEL GEN. BRkR. PROTECTION TRIP FIG. 7.3-41 DIESEL GENERATOR TRIP SIGNAL (BRI&HT) NOTE 3 LOW SPEED RELAY ENERGIZED 1---------. SS (MAINTAINED) 2EDG*P21A(-0) HAND 2EDG* P21A(-O) AND ......,.-BIItCRANKCASE VAC. PMP 1 - - - - - - - - - - - - { START -L 2EDG*P21A (-0) MOTOR THERMAL OVERLOAD SS (MAINTAINED) 2EDG*P21A 2EDG *P21A (-0) ....--&~CRANKCASE VAC. PM Pt--------......( NOTES~ AUTO STOP --!: !.ONLY MANUAL MODE OF OPERATION IS AVAILABLE FROM THE ALTERNATE SHUTDOWN PANEL FOR AC82EIO 2 LOGIC FOR ACB2EIO ALSO SHOWN ON LSK-22-66

3. RELAY CONTACT CLOSES AS ENGINE SPEED INCREASES.

4. CONTROL FOR 2EDG*P21A SHOWN. FIGURE 7.3-52A CONTROL FOR 2EDG*P21B SIMILAR. SS (MAINTAINED) 2 EDG* P21A (-0)

LOGIC DIAGRAM

5. SUPPLIED BY MFG.

OFF EMERGENCY GENERATOR-STARTING BEAVER VALLEY POWER STATION-UNIT 2 UPDATED F!NAL SAFETY ANALYSIS REPORT CRANKCASE VACUUM PUMP

REV.[) (97) SOUR;;E i..ON.ili ICIC CONTROL ACTION RESUI.l ANT NOJIITCR 2 OUT OF 3 2AIE 'Jf P23A( AO) STEAU GCHER\TORS STJ.1. GEN. AUX. FO. PIINP 1---~ LOW LOW LEVEL cs AUTO START/ STOP 2Ri=* P2ZA( AO) FIG.U-54 AUTO FIG. 7.3-13@) SAFETY INJECTION SI,ONAL TRAIN A cs 2FWS-P21A AFTER START 2FWE* P22( s-) cs DISCHARGE PRESSURE +----~--< 2FWS-P21 B LOW ~----J ~FTER START 2FWS-P21A STM.GEN.FEED PUMP STOPPED 2FWS-P21B STM.GEM.FEED PUMP STOPPED I cs 2FWE~ P23A( AO) ACB 2E7 2FWE *P23A( AD) 1--~ ..\U).I:..IARY FEED PUMP BUS 2AE SUPLY. BRKR.I----91 'I..,;,ST.;.;.A;;.;.RT;...__ _ _..J !! START CLOSED (NOTE 5) DIESEL LOADING SEQUENCE SIGNAL PB 2FIHP23AUO) CONTROL TRANSFER 2FWE* P23A( AO) MOTOR ELECTRICAL 2 FIE +P23A lAO) PROTECTION TRIP MANUAL RESET AT RELAY

                           ~160V BUS 2AE BUS UMDERVOLTAGE cs                                         2FWE'*P2::t~( AD) 2FWE,.P23A{-AO)                            AUXILIARY FEED PUMP        1----er AM SAC                                                                    STOP                            !.         STOP INITIATE AUX FW BRIGHT MOTOR DRIVEN AUXILIARY FEED PUMP I.  # ~ESTIMCHOUSE FUNCTIONAL DRAWINGS.

FIGURE 7. 3-53 .

4. SEE ADDITIONAL CONTROL OF 2FWE*P23A(AO) ON FIG.T.;3-56A LOGIC DIAGRAM

2. f.CIITROL FROM toNTROL R0014 SHOWN, 5. DIESEL LOADING SEQUENCE SIGNAL WILL BE RETAINED FOR 5 SECONDS THEN STEAM GENERATOR AUXILIARY 3.

tO~TROL FROM SHUTDOWN PANEL SIMILAR. L.OGIC FOR 2FWE P23A(AQ SHOWN LOGIC FOR 2FWE*P238lBP) SIMILAR BLOCKED UNTIL THE SEQUENCER CYCLE HAS BEEN COMPLETED FEED PUMPS & VALVES BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION CONTROL ACTION RESULANT AUX. FW PUMP AUX. FD. PUMP STM SPL AUTO /AUTO START STOP f - - - + - - - - - - 1 FROM 2RCS*SG21ACA-) PRESSURE 55 MAINTAINED 2MSS*SOVIB5AIADI 2MSS-SOVIB5AIAOI

                 } - - - - - - - - - ; STM. ADMISSION VALVE OPEN OPEN 2MSS*SOVIB501AOI
                 } - - - - - - - - - - { STM. ADMISSION VALVE OPEN 55 MAINTAINED LO-LO LEVEL                      2MSS-SOVIB5ACAOI CLOSE AUX. FW PUMP RAIN A STM. ADM. VLY.                                                                                                         STM SUPPLY SOY
            }-...r..&J...._.....::...__ _ _ _ _; CONTROL AT CONTROL          J-------1p--                                                                                            SS IN CLOSE PDS ROOM                          55 MAINTAINED 2MSS-SOYIIJ50CAOI e

AUTO NOTES*

1. LOGIC FOR 2HSS*SIVIIJ5AlADI ANO 2MSS*SOVIIJ50CAOI SHOWN SS MAINTAINED LOGIC FOR 2HSS*SOVI05BCBPI ANO 2MSS*SOVIB5ECBPI SIMILAR 2MSS-SOVIIJ50CA01 LOGIC FOR 2HSS*SOVIB5CCCOI ANO 2MSS*SOVIII5FCCPI SIMILAR OPEN 2- OPENING OF BOTH VAL YES WILL ADMIT STEAM TO THE TURBINE ORIYE OF 2FWE*P22CS-l SS MAINTAINED 2MSS-SOVIB5DCADI AUXILIARY FEED CLOSE PUMP TURBINE AUX. FW PUMP OVERSPEED STM SUPPLY SOV SS IN CLOSE POS PB TURBINE DRIVEN AUX. 2FWE*P22CS-l }--------~ENERGIZE

            } - - - - - - - - - - - { FD. PUMP AUTO START SIGNAL
                                                                                                                 ~T=RI:P::::::::~R MANUAL RESET
                                                                                                                                 }-N-"O-'-TE;;....;5;._----~ DE-ENERGIZE RESET
                                                                                                                 '-----__JL TURBINE DRIVEN AUX.                                                                                  FIGURE 7.3-54
            } - - - - - - - - - - - { FD. PUMP AUTO START SIGNAL                                                                                                LOGIC DIAGRAM

3. # WESTINGHOUSE FUNCTIONAL DRAWINGS STEAM GENERATOR AUXILIARY

4. SUPPLIED BY MFG.

5. VALVE MUST BE MANUALLY ,QPENED ANO LATCHED AT THE PUMP.

FEED PUMPS AND VALVES

6. FOR VALVES 2MSS*SOVI05A & D ONLY.

BEAVER VALLEY POWER STAlliON - UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

2B-AUG-2BB8 !3.58 K;\u2\UFSAR\g71131154B.dgn PR_f~ARg:s: ~0~ ~"ffr:

L---------------------------------------------------------------------------------------------------------------------------------------------------v------------------------------------------------*

SOURCE MONITOR CONDITION CONTROL ACTION MON4TOR SS (WAI NTA I NED) 2MSS~YJ05A~O) OPEN SS (No\ I MTA I NED) 2MS S~OY I 05A~O) 2FWE P22 (S- I TURB. DRIVEN FD. PUMP INBD. CLOSE BRG. TEMP. 2FWE*P23A(AO)

                                                                          'PB 1 STM ADM vv's 1--...._----~ AUX.FD.PUHP LUBE TRAIN A                                                                                                                                   FIG. 7.3-54 OIL     PRESSURE                   CONlltOL TRANSFER                                                                             TRAINA STM   ADM I        *
                                                                                                                                    ~---------"':!. VVS CONTROL                       Al CONTROL ROOM 1

2FWE*P2 3B(BP) MANUAL RESET

          )---....a.-----~AUX                 FO PUMP LUBE                                                                                                                                                       CONTROL AT AT RELAY                                                                                                                              SHUTDOWN PANEL OIL PRESSURE
                                                                                                                                                                                                                 .1!

2FWE P2 2(5 -) TURB. 0 RIVEN FD. PUMP LUBE OIL PRESS. 2RCS*SG21A A-STEAM GENERATOR WAH:R LEVEL TURBINE DRIVEN AUX fEED PUHP-SHUTDQWN eAMEL*CONTROL SS{MAIN TA I NED 2MSS*SOVI05D(AO) \-----------~1-----, OPEN ~--------------~ 2MSS* SOV IOSD(AO) SS(MA IN TAl NEO) 1-------------~ ENERGIZE CLOSE: FIG. 7.3-31 2HSS)I(SOVIOSO(AO) ' r - - - - - - - - - - - - - Q o L - - 1 CLOSE SDf 2RCS!tSG21C(C-) STEAM GENERATOR F'¥15 'WATER LEVEL Ll-497 4) 8 NOTES: .h L LOGIC FOR 2MSS*SOVIOSA(A0~ AND 2M55)(-S0VIOSD~O~ SHOWN LOGIC FOR 2.MSS*SOVIOSB{BP AND 2MSS*SOVJ05E 8P. SIMILAR

  . LOGIC FOR 2MSS*SOV 105C (CO AND 2MSS* SOVJOSF CP SIMILAR 2.. OPENING OF BOTH VALVES WILL AOHIT STEAM TO THE             TURBINE DRIVE OF 2FWEltP22(S-:)

3. LOGIC FOR 2 FWE- TE122A SHOWN, LOGIC FOR 2 FWE- TE12 28 TURBINE FEED FIGURE 7. 3-55 PUMP OUTS OARD TEMPER AT UR E IS Sl MILAR LOGIC DIAGRAM

4. LEVEL INDICATORS 2FWS-LI4778, 4878, AND 4978 ARE LOCATED NEAR ASSOCIATED FEEDWATER CONTROL VALVES STEAM GENERATOR AUXILIARY FEED PUMPS AND VALVES

                                                                                                                                                                                 ~EAVER   VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT I

SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR PB B 2FWE*HCVIOOC lAO) 2F WE* HCVIOOA ( AO) CONTROL TRANSFER 2FWE*HCVIOOC ( AO) AUX FOWTR.CNTRL, V.V. ASP CLOSE 2FWE*HCV100C lAO} MODULATE 2RCS!tSG21 C( C-) MANUAL RESET C ,: VALVE FAILS AS IS ON LOSS OF480V AT RELAY ~VALVE FAILS OPEN ON LOSS MAIN FEED LINE L PRESSURE  : OF CONTROL POWER PB B 2 FWE* HCV IOOC \AOl CONTROL TRANSFER 2RCS X SG21 c (C-) SOP AUX FEED FLOW 2 FWE*HCV IOOC (AOl MANUAL RESET AT RELAY

                                                                                                                        .b..

2 FWE HCV IOOA (AO) B AUX. FDWTR. CNTRL. V. V. OPEN HIC 2 F WE

• HCVIOOA (AO)

AUX.FDWTR. CNTRL. V.V. -SOP CLOSE PB 2FWE HCVIOOA( A<l CONTROL TRANSFER

                                                                                                                                                              '    B v    B~A                       2FW E*HCVIOOA (AO)

SOP A --"' T 2 RCS SG21 C(C-1 2 FWE*H CV I OOA ( AOl ",.. C-+A MODULATE AUX FEED FLOW MANUAL RESET J p.C VALVE FAILS AS IS ON LOSS OF 4BOV AT RELAY L VALVE FAILS OPEN ON LDSS OF CONTROL POWER 2RCS*SG21A HIC AUXILIARY FEED FLOW 9 NOTES: AUXILIARY FEEDWATER CONTROL VALVES I. LOGIC FOR 2FWE HCV IOOC ( AO) SHOWN LOGIC FOR 2 FWE HCVIOOE (AO) SIMILAR

2. LOGIC FOR 2 FWE HC V 100 A (AO) SHOWN LOGIC FOR 2 FWE HCV 1008 (BP),2FWE* HCVIOOD( BP)

AND 2 FWE !tHCVIOOF( BP) SIMILAR.

3. ASSOCIATED EQUIPMENT LIST 2 FWE !tFT IOOA (AR) 2FWE!tFT 100 B (BR) 2FWE x FTlOO(CR) (SHOWN) 2 FWE FIIOO A (AO) 2FWEx FIIOOB ( 80) 2FWE x FIIOOC(CO) 2 FWE- FIIOOAI 2FWE-FIIOOBI 2FWE- FIIOOCI 2 FWE

• FT IOOAI (AWl 2FWE
• FTIOOBI ( BW) 2FWE* FTIOOCI (CW) (SHOWN) 2FWE
• Fll OOA2 ( AP) 2FWE!t FTIOOB2(BP)
• 2FWE FIIOOC2 ( CP) 2FWE-FIIOOA3 2FWE- FIIOOB3 2F WE- FIIOOC3 2FWE-FRIOO 2FWE-FRIOO 2FWE-FRIOO FIGURE 7.3-56

4. LOGIC FOR 2FWE-FIIOOAF LOGIC FOR 2FWE-FtlOOBF FOR ALTERNATE SHUTDOWN PANEL SHOWN.

FOR ALTERNATE SHUTDOWN PANEL SIMILAR. STEAM GENERATOR AUXILIARY FEED PUMPS AND VALVES f(IEAVER VALLEY POWER STATION-UNIT 2

                                                                                                                                                                        ~INAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR PB 2FWE* P23A(AO) CONTROL TRANSFER ASP 2FWE*P23A(A ) 1-------------Pll CONTROL AT ALT. 2FWE*P23A(A0) SHUTDOWN . EL MANUAL RESET CONTROL AT ALTERNATE AT RELAY A SHUTDOWN PANEL 2 B

                                                                                                                                                                     '----L.::::..l cs                                                     2FWE

• P23A ( AO) 2FWE* P23A (AO) AUX. FEED PUMP START START ASP MOTOR ELECTRICAL W (BRIGHT)

PROTECTION TRIP - ASP r--:------------------e. W {DIM) cs 4160V BUS2AE BUS UNDERVOLTAGE 2FWE* P23A {AO) STOP 2FWE P23A(AO) AUX. FEED PUMP ASP STOP MOTOR DRIVEN AUXILIARY FEED PUMP NOTES: 1. SEE ADDITIONAL CONTROL OF 2FWE*P23 {AO) ON FIG. 7.3-53.

2. ONLY MANUAL MODE OF OPERATION IS AVAILABLE FROM THE ALTERNATE SHUTDOWN PANEL.

fiiGURE 7. 3- 56A JoGIC DIAGRAM

                                                                                                                                                   $TEAM GENERATOR AUXILIARY i

EED PUMPS AND VALVES EAVER VALLEY POWER STATION- UNIT 2 INAL SAFETY ANALYSIS REPORT

SOURCE: CONDITION CONTROL ACTION R~SULTANT ,MOfriiTOR 0 FIG. 7.3-13 fj MAIN STEAM LINE ISOLATION SIGNAL MAll STEAM LINE ISO~TION SIGNAL TRA ~ N A PB TRAINA STEAM U NE ISOL. MANUAL INIT!ATION PB TRAIN A STEAM LINE ISOL. MANUAL INITIATION PB TRAINA STEAM LINE ISOL.

                                          '-'R~E::.::S:.:.ET.!.-.---.J a FIGURE 7.3-57 LOGIC DIAGRAM MAIN STEAM LINE TRIP VALVES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION STEAM L1NE

      ~=..~.~.:K:...Lfio._.::u.:....___ _ _ _ _ _ _ _ _--1 I SOLATION/SAFETY INJECTION BLOCKED G      FIG. 7.3-12 FIGURE 7.3-58 LOGIC DIAGRAM MAIN STEAM LINE TRIP VALVES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE MONITOR CONDITION MONITOR CONTROL ACTION RESULTANT

                                                                                                                                    ~        1       LSK-15-2E cs 2MSS*AOV 101Aif\OI
                                                                                                                                    - - ...-                    ~

11 LSK-15-2E

                                                                                                                                                                                                                 ./

SUPPLY I f OPEN AIR B

                                                                   -                                                                                                                ..... v B

J

                                                                                                                               -                   AND MSTA
                  ~        '1'1                                        7    LSK-15-2E                                                                                                                                          OR             ENE"lGIZE NOT                                                                                                                        B    .. A OR               NOT                                                              A 2MSS*SOV 101A-[(A01                 T STEAMLINE ISOLATION                                                                                                                     ~I"-

1 SIGNAL TRAil\ A c .. A

                                                                                                                                                                                                                   .... /

J-FIG. 7.3-57 STEAMLINE :0 DE-ENERGIZE STOP VALVE

                                                                                                                                                                                                                  ...... 1"-

NOT FULLY OPEN/ LSK-15-2:0: BYPASS VALV:O: NJT ... I/- OR A FULLY CLOSED BLOCK 'C 1 OR AIR cs

                                                                                                                                                                                                                                                                      )

2MSS *AOV 101A:AOIIAPI 1

                                                                              -B                  2MSS*AOV101AI AOl                    *I"-_

33 TRIP VALVE NOT FULLY CLOSE 5 LSK-15-2E B OPO:N -

                                                                                                                                     ~      2         LSK-15-2E
                                                                                                                                                                ~     12   I LSK-15-2E
                                                                       ~

L,

                                                                                                                                     ~      3         LSK-15-2E 1/               ..-                                 ts cs 2 "1 SS

• AOV 101 AI API

                                                                                                                                       *                                           */-                             ....... 1"- OR                    ENERGIZE B    .. A
                                                                                                                                                                                               )--------.
                                                                                                                                                                                                                 ./ w OPEN                                                                                                                                                                               A OR               NOT                                    2MSS*SOV B                                                                                                                                               T            13   LSK-15-2E
                                                                                                                               -                                                                                                                   101A-1BIAPI MSTA                                                                                                               AND LSK-15-2E                                                                                                                                                                             c
                  ~         w                                          8 9                                                                          DE -ENERGIZE
                                                                                                                                                                                                                                                                        .. A
                           -                                                                                                      NCT
                                                                                                                                                                                                                   ...         OR SCURCE (

STEAM'-lNE ISOLATION LSK-15-2E ~~ c SWILA;::: ) BLOCK c

                                                                                                                                        ........ /

SIGNAL TRAIN B T0 TRAIN AIR ) A MSTA w OR -.( 6 LSK-15-2E 33 2"1SS *SO V101 C;- 3A:AOI MSIV TEST BLOCK VALVE cs 2MSS

• f\OV 101AIAPI CLOSE CLOSED B

                                                                                                                                     ~        4    I LSK-15-2E NOTES:

1. CONTROL FOR 2MSS*AOV101A:AOIIAPI SHOI-IN.

CONTROL FOR 2MSS*AOV 101BIBOIIBPI AND 2MSS*AOV101CICOIICPI SIMILAR.

2. 1\JFUTS "ROM 2MSS*AOV101AIA0)(API SH0 1tJN.

1\JPUTS "ROM 2MSS*AOV101BIBOIIBPI AND 2MSS*AOV101CICOIICPI SIMILAR. COMPUTER POINTS A;:::E PROVIDED. 01\E FOR EACH VALVE. FIGURE 7,3-59 LOGIC DIAGRAM MAIN STEAM LINE TRIP VALVES BEAVER VALLEY ~owE;:: STATIO\J - UNIT 2 UPDATED FINC.L Sf\FETY ANALYSIS REPORT

SOURCE MONITOR COHO ITI ON CONTROL ACTION RESULTAiH HONITOR cs AIJt.tiT AIR 2MSS~AOV102A (AO} OPEN 8 B--+~{>A MAIN ST'EAM LINE FIG 7.3-57. ISOLATION SIGNAL A: 2MSS~SOV102Al{AO) T TRAIN A DE-ENERGIZE E>A c---+~ ST~LINE STOP YLY. c I NOT FULLY OPEN cs BYPASS VLY, 2MSS~AOV102A {AO)

                                    *or FULLY CLOSED                                 CLOSE                                                         VENT AIR 2MSS *'- AOV 102A ( AOlAP BYPASS TRIP VALVE NOT FULLY Clu'iED cs 2MSS*AOV102A (AP}

OPEN B ENERGIZE B~A

                \SOURCE SIMILAR TO TRAIN A                MAIN STEAM Ll NE                                                                                            A     2.14SS )llc AOY I 0 2A( AO W'.PI           B I SOLA Tl ON SIGNAL                                               2MS~ SOYI02A2( AP)                             BYPASS TRIP VALVE TRAIN S                                                                                                           EPIERGIZE TO OPEN 0£ -ErkRG IZE    C~A VALVE CLOSES c       ON AIR FAILURE cs 2MSS*AOVI02A {.~P)

CLOSE iE!fT AIR NOTE 2 MAIN STEAM I.INE BYPASS TRIP VALVE NOT!::S:

 . I. BYPASS Tl\ I P ~*ALVE 2MSSJf< AOV102A( AO)lAP) SHOWN, BY I' ASS TRIP VAL YES 2MSS* AOV I 028 ( BO)\BP} AND 102C/CO)ICP) SIMILAR *

2. TWO SWITCHES ARE PROVDED FOR EACH BYPASS VALVE FOR INDICATION.

FIGURE 7. 3-60 LOGIC DIAGRAM MAIN STEAM LINE TRIP VALVES I SEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION RESULTANT MONITOR CHANNEL l l CONTAINMENT PRESSURE CHANNEL IY CONTAINMENT PRESSURE!----+---~-----~ HIGH COIITAINIIENT PRESS. - HIGH REACTOR TRIP AND S.l. CHANNEL III CONTAINMENT PRESSURE FIG.7.3-64 CHANNEL i l l HI -1 CONTAINMENT CO NT~ I N'-lfNT PRESSURE I - - - - .....__..,._~PRESSURE HIGH TRAIN A FIG. 7.3-13@) CHANNEL l l CONTAINMENT PRESSURE CHANNEL l l CONTAII!!MEHT PRESSURE I - - - - HIGH COMTAINMEIT PRESS. HIGH/HIGH~IGH I NOTES: 1. HI-I CONTAINMENT PRESSURE {TRAIN A) IS SHOWN. HI-I CONTAI~MENT PRESSURE (TRAIN B) IS SIMILAR.

2. ANNUNCIATORS, AND CO!IPUTER INPUT ARE CONNON TO BOTH TRAINS.

3, REFER TO FIG. 7.3-63ANO 64 FOR CONTAINiotENT ISOLATION PHASE A AND SAFETY INJECTION.

4. 2LMS-PR950 ALSO SHOWN ON FIG. 7.3-62 FIGURE 7.3-61 LOGIC DIAGRAM- CONTAINMENT DEPRESSURIZATION AND ISOLATION SIGNAL INITIATION SYSTEM eEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR SOURCE CS CONTA 1NMENT

                                                                     !SOL PHASE B                                  NOTE 3 ACTUATE CS CONTAINMENT
                                                                      !SOL PHASE B ACTUATE CS CO NTA INMEMT ISOL PHASE 8                                NOTE 3 ACTUATE CHANNEL I CONTAINMENT   PRESS~RE          CS CONTAINMENT ISOL PHASE B ACTUATE PB CONTAINMENT ),

r----el~llf L~ ISOL PHASE 8 >--------__:___..=:==~---~

                                                                  .._RE_S_ET_ _ _ _-..J B CHANNEL I                                                                                                                              CQfi:TA IMMENT A/0           CO NTA INMEMT PRESSURE  1-----------------f~----,                                                                                       ISOLATION PHASE B HI-HI                                                                                                                                  TRAIN A NOTE:Ii TEST SWITCH                                                                                   FIG. 7. 3-13 (i' CHANNEL I TEST BYPASS CHANNEL n A/D            CONTAINMEMT   PR~SSURE FIG. 7.3 -SI HI-HI NOTE:Ii                                                     "'E M

TEST SWITCH CHANNEL II TEST BYPASS CHANNEL m A/D COMTAIN~ENT PRESSURE HI-HI FIG.7.3 -SI NOTE:Ii TEST SWITCH CHANNEL ID TEST BYPASS CHANNEL II _a_ A/D CONTAINMENT PRESSURE HI-HI FIG. 1.3-61 NOTE:Il TEST SWITCH CHAHNEL 1Y NOTES: TEST BYPASS I, CONTAINMENT ISOLATION PHASE 8 {TRAIN A) SHOWN, CONTAINMENT ISOLATION PHASE B (TRAIN B) SIMILAR. 2, .~NNUNCIATOR COMMON TO BOTH TRAINS. FIGURE 7.3-62 3, MANUAL ACTUATION CONSISTS OF FOUR MOMENTARY CONTROLS, CONTAINMENT ISOLATION PHASE B ACTUATION WILL OCCUR ONLY IF LOGIC DIAGRAM- CONTAINMENT TWO ASSCCIATED CONTROLS ARE OPERATED SIMULTANEOUSLY. 5. CONTAINMENT ISOLATION PHASE 8 DEPRESSURIZATION AND ISOLATION

6. CONTAINMENT PRESSURE HIGH/ HIGH- HIGH q, WH~N TWO CHANNELS ARE TESTED SIMULTANEOUSLY THE TEST SIGNAL INITIATION SYSTEM

           ¥10LATION ANNUNCIATOR IS ACTUATED.                                       1. 2LMS- PR950 ALSO SHOWN ON FIG. 1. 3-61 BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 SEM SOURCE MONITOR CONDITION MONITOR CONTROL ACTION MONITOR RESULTANT MONITOR c

                          ...... A/0 2RCS* 0 RE21 PRESSURIZER PRESSURE HIGH    f---e---*                                                                                                        ..                                                                                                                  NOTE 4 SEM                                                                                                                                                                                                                                                  SL
                                                                                                                                                                                                                                                      ~-----------------~                                  I S~    .                                                                                                                                                                                                                      B
                                                                                  -        B
                 ,....-----*                           2RCS*PRE21 1-----*                                     ...                                :~RESSURIZER

s TRAI \J A '---__..,I"-..

A/0 PRESSURIZER 2/3 SAF. INJ ., _.

                                                                                                                                                                                                             ...... R                                                                                    SEM PRESSURE HIGH                                                            F:G. 7.3-728           'lESE-;-

SEM 1----.....J M B E c SL M c

                                                                                                                                                                                                             ... 0
                                                                                                                         \JOT ~~--------------------------------*r--,

B _.... AID 2R:::S*PRE21 PRESSURIZER

                                                                        ~f-----*                                                                                                             AND

__. f.-OT PRESSURE HIGH CS TRAil\ A PRESSURIZER SAF. INJ .}-----j~~---'

                                      .... SL                            ..... s:...                                                                BLOCK B

B NOTE 5 2RCS*PRE21 6 A/0 PRESSURIZER 1-------e----------* FIG. 7.3-65 SEM PRESSURE LOW A PRESSU'i!ZER

                                                                          ~---------------*1/-                                                  PRESSU'iE                                                                                                      2RCS*PRE21 0R                         HIGH/LOW                                                                                        ?>NO           PRESSURIZER          ~------~           1 PRESSURE LOW 1-------*1""'--"                                                                                                                                                                                    -     FIG. 7.3-6L A                                                    B I--*

SL SEM B NOTE 8 SEM _ 7 I-----< A/0 2RCS* 0 RE21 PRESSURIZER 1--------------~~-* .... __.., SL I c FIG. 7.3-65 SEM PRESSURE LOW B 2RCS*PRE21 c PRESSURIZER PRESS. NOT HIGH

                                                                                                                                                                                                                                                                                                           -rG. 7.3-58 2/3 ~-----------------------------------------------*
                                              -                                                                                                                                                                                                                                                          NOTE 6
                                      ..*     SL

• r--.----*

PB TRAI'J A B

                                              -      B                                                                                                 SAFETY INJ. SYS.

2'1CS*PRE21 BLOCK/RESET TRANS. 8 A/0 PRESSURIZC::R SOP .... 0 PRESSURE L0 1tl r--_...z_,. M SAFETY INJECTION SEM c 1---------------1.,~ BLOCK -RESC: T CONTROL 1-------j C FIG. 7.3-65 M .... AT SOP

                                                                                                                                                                                                             ...,   R c

MANUAL RESET AT RELAY L

                                     ~        SL  I                                                                                                                                                                                                                                                  -    FIG. 7.3-58 B

2RCS*PRE21 A/0 PRESSURIZER PRESSURE HIGH 1------------------* SEM NOTES:

1. CONTROL AT MAIN BCARD SHO'tiN. CONTROL A- SHL. TJOWI\ PANEL SIMILAR.

c 2. LOGIC FOR TRAIN A IS SHOWN. LOGIC FOR TRAIN B IS SIMI:...AR.

3. REDGNDANT MANUAL BLOCK-RESET CONSISTS OF TWO MOMEI\TARY CONTROLS AT THE CON-ROL RCOM,ONE FOR EA:::H TR?>If.-.

4. PRESSURIZER SAFC:TY INJEc-;oN BLOCKC:D. RED (BLOCK! AND GREC:N (RESET! IND. LIGHTS "ROV:DED AT SOP .

s_ J

1. PRESSURIZER LOW PRESSURE RE?>CTOR TRIP AND S?>F::TY INJECTION B

2R:::S*PRE21 /

                                                                                                                                          -                           6. CONTRCL AT SHUTCOWN P<'\~1EL

7. INST. FOR ~RC:SSURIZER PReSSURE HIGH R:O?>CTCR TRIP SHOWN.

AID PRESSURIZER 1--------------------* OR 1-----~ A INST. FOR PRESSURIZE'i PRESSURE LOW REACTOR TRIP SIMILAR. SEM ?RESSURE HJ:::;H 1"-_ 8. P-11 PERM:SSIVE. c NOTE 7 SL FIGURE 7.3-63

                                     ~

B LOGIC DIAGRAM - SAFETY INJECTION

                                                     - 2R:::S*PRE21 A/0                   PRESSU'i!ZER                                                                                                                                                                                   AND CONTAINMENT ISOLATION PHASE A SEM   PRESSURE -IIGH                                                                                                                                                                                 BEAVER VALLEY ~OWER STATIO'J - UNIT 2 UPDATED FINAL SA"ETY ANALYSIS REPORT 7    c

SOURCE CONDITION CONTROL ACTION RESU*.U.NT MONITOR SAFETY INJECTION SIGNAL T,D, TRAIN A PB AUTO SAFETY SAFETY INJ. TRAIN A INJECTION BLOCKED RESET MOTE 3

                                                                                    ~

REACTOR TRIP TRAIN A STEAM LINE PRESSURE LOW LOW PRESSURIZER PRESSURE FIG. 7.3- !3 (!) CONTAIHN~NT PRESSURE SAFETY INJECTION HI-I TRAIN A REACTOR TRIP SIGNAL cs SAFETY INJECTION ACTUATE cs SAFETY INJECTION MANUAL SAFETY INJECTION ACTUATE ACTUATION FROM MAIN CONTROL BOARD PB CO NTA INNENT ISOL: PHAS( A (TRAIN A) RESET CONTAINMENT 1--"""""t'lfl I SOLATION PHASE A cs {TRAIN A) CONTAINMENT ISOLATIO PHASE A .ACTUATE NOTE 3 cs CONTAINMENT ISOLATIO PHASE A ACTUATE NOTE: FIGURE 7.3-64 LOGIC DIAGRAM - SAFETY

t. LOGIC FOR TRAIN A IS SHOWN.

LOGIC FOR TRAIN B IS SI~ILAR. INJECTION AND CONTAINMENT

2. ~ONITOR DEVICES ARE SHOWN ON LOGIC DIAGRAM 27-l2A. *ISOLATION PHASE A

3. REFER TO LSK-27-15 FOR A SU~MA~Y OF COMPONENTS ACTUATED BY CIA AND SIS. BEAVER VALLEY POWER STATION-UNIT 2

  ". s.\FETY rHJECTION sr GNAL.

FINAL SAFETY ANALYSIS REPORT

REV 23 SOURCE MONI TOR CONDIT ]ON CONTROL ACTION RESULTANT MONITOR 2RC5 PHESSURIZEH RELIEF gLOCK PH55 A B FIG. 7.3-63 SDP 2HCS-PRE2I PEESSURIZER PEESSURE PRESSURIZER L0W PRESSURE

 ?RCS-zRCS                                                                                                                                                     FIG. 7.3-728 PT455 PI455                                                                                                                                               SEM (ZRI E           2RCS-PREZI A/O                                             PRESSURIZER    PRESSURE L0W B

FI0. 7.3-63 55 (HAINTATNEOI 2RCS-PRE2I 2RCS-PCV455D{C0) PRESSURIZER OPEN PRESSURE s 2RCS- PZR. PORV zRCS PT456 OPEN PERM. PI456 (zt{) B 2RCS-PRE2I AlO PRESSURIZER PRESSURE  ?/3 NOT L0r{ 55 IMAINTAINEI]) B zRCS-PCV455D-SW NORM L B ANO AND FIG. 7.3-63 ANT] 2RCS-PRE2I PRESSURIZER PRESSURE 2RCS- ENERGIZE OPEN zRcs SS (MAINTATNEOI PT457 2RC5-PCV455D(80) zRCS-PCV45sD(C0r (ZB} PI457 AUTO I]E-ENERGIZE ELOSE E 2RCS-PREzI A/0 PRESSURIZER PRESSURE L0h, ANI] NOT B FtG.7.3-725 PZR CONTROL PRESS. HIGH PWR. RLF. ACT B 2RCS-PRE2I SS (MAINTAINET]) AlD PZE, CONTROL PRE55. 2RCS-PCv4550-SW HIGH-HIGH ISOL SEM SEM L B 2RCS-PRE2I A/O PZR. CONTROL PBESS. L0w PZR. CONTROL S5 IMAINTAINET]) 2FCS- PRESSURE 2RCS-PCV455D(E0r PT445 HIEH/LOW CLOSE E. E. 2RE5-PREZI A/O PZR. CONTROL PRESS. HIGH SEM PRESSUBIZER POT{ER RELIEF VALVE 2RCS-PRE2I PRESSURIZER CONTROL PRESSURE 2RC5 PT445 B PZR PRESSURE B FIG. 7.3-56 CONTROL SIGNAL FIGURE 7.3-65 LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION - UNIT 2 UPI]ATED FINAL SAFETY ANALYSIS REPORT

CONTROL ACT I CN ~ESULTANT I<<<NITOR SOURCE MONITOR CONDITION OPEH 2RCSHPCV1155A"-} j K PZR SPRAY VALVE NODULATE CLOSED B *a SOP 2RCSJr PRE2J pRESStfk"i UR PZR PRESSURE FIC. 7.3-65 K + I CONTROL SIGNAL PR~SS\JRE FlU.3-71 OPEN 2RCS*PCV"55B{B-J j K PZif SPiiAY YAi..VE MODULATE 2RCSHRE21 CLOSED PRESSURIZER ~ LEVEL PRESSURIZER SPBAY VALVES 2RCS* PRE21 PRESSURIZER PRESSURE PZR. PRESSURE DEYIATION FROM SP HIG,.-, PZR ~OHTROL PRESS DEY I AT I OM KI Gil/LOW PRESSURIZER POWER RELIEF VALVE FIGURE 7. 3-66 J_OGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURC~ MONITOR CONDITION MONITOR CONTROL o\CTI 0N RESULTANT MONITOR ZR POWER RELIEF A/0 DISCHARGE LINE TEMP.

                  ) AMBIENT + 20F PZR SAFETY RELIEF A/D  OISCH.LINE C TEMP.
                  ) AMBIEIH + 20F                          PRESSURIZER POWER/SAFETY RELIEF TROUBLE
                                                             ~

PZR SAFETY RELIEF A{O DISCH. t; INE B TEMP.

                  ) AMB IENT + 20F PZR SAFETY RF.LIEF A/0 OISCH.LINE A TEMP.
                  ) AMBIENT + 20F PRESSURIZER SPRAY A/0 LIME TEMPERATURE l~

PRESSUR IZER SURGE/SPRAY Ll NE TEMP LOW PRESSURIZER SPRAY A/0 LIME TEMPERATURE '--..L-:-" ft LOW FIGURE 7. 3-67 LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

MONITO~ COMO IT I ON CONTROL ACT I ON RESULTANT MOIHTOR 2RCS*-PRE21 PRESSURIZER LEVEL SS (MAINTAIKED) A 2RCS -L T0ij59Z rr

• m B PRESSURIZER

                                                                                                        ~   Fl G.7.3-75 LEVEL S1GNA L SS (MA I MTA I NED) 2RCS-LTOij59Z 2RCS¥PRE.21        I+ I I                          c PRESSURIZER                                                                               PZR CONTROL PAM I         LEVEL LVL HIGH/LOW PRESSUR I ZER A/0       CONTROL LEVEL                 8 SS (MAINTAINED)                              HIGH 2RCS-LTOij59Z I+ III 2RCS*"RE21 PRESSURIZER c

LEVEL SS (MAINTAINED) 2RCS- LTOij59Y A 8 I I>C SS (~IAINTAINED) c PRESSUR \ZER 2RCS-LTD~59Y f;.!oC T PRESSURIZER LEVEL A/D TI LEVEL HIGH E>C 8 SS (MA INUl NED) 2RCS- LTD't59Y D

                                   .lli A/D              PRESSURIZER LEVEL HIGH A/D              PRESSURIZER LEVEL HIGH FIGURE 7. 3-68 LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12

    ,.                                                                                                         CONli<O L ACT ION                  R£SULTAfH                             MONITJR SOURCE                 MONITOR                                 CONDITION PB GROUP A HEATERS CONTROL TRANSFER GROUP A HEATERS CONTROL AT SOP MANUAL RESET                                                              CONTROL AT PZR. CONTROL LEVEL                                                     AT RELAY                                                                  SHUTDOWN DEVIATION HIGH/LOW
                                                                                                                                                                                  ..__ _ PANEL
                                                                                                                                                                                          .8 cs 2RCP* H2A( ZO)

PZR LEVEL BELOW ON REFERENCE LEVEL NOT LO~ cs 2RCP* H2A{ ZO) ON iji60V BUS 2AE DIES GEN SUPP BRKR 2RCP*H2A{ ZO) PZR. CONTROL PRESS. OPEN DEVIATION HIGH/LOW PREiSURIZER HEATERS ON 8 PZR PRESS BELOW NOT REFERENCE PRESS. ow cs 2RCP H2A( ZO) PRESSURIZE~ LEVEL AUTO (AFTER OFF) ABOVE REF LEVEL HIG~ UD r:"\, NOT ij80V BUS 2N

          \
~~---------------------------~                          '-B-US__U_ND_E_Rv_o_LT_A_G_E~

G 51 ~---------------------------1 ELECTRICAL

                                                         ,_P_R_OT--E-CT_I_OH--TR_I_P__

cs 21\Cf*H2A (ZO) AUTO (AFTER ON AND

                                                                                                                                                                                                .8 BRT)

PRESSUR17ER PZR. CONTROL LEVEL LEVEL LOW HIGHILOW ~(DIM) A 3 ~ 2RCP*H2A{ZO) I >---:' 2DP PRESSUR17ER PRESSURIZER HEATERS I..L----.....--t'l

                                                              ~EVE L LOW                                                                      OFF cs 2RCf*K2A(ZO)                      G~OUP  A PRESSURIZER HEATERS OFF FIG. 7. 3 -1 3@)

SAFETY

NJECTION SIGNAL 1 TRAINA NOTES: cs I, LOGIC FOR GROUP A HEATERS (TRAIN A) SHOWN, 2RCP*H2A(ZO)

3. PRESSURIZER BACKUP HEATER GROUP AUTO OFF FIGURE 7. 3-69 LOGIC FOR GROUP B HF.ATERS (TRAIN B) SII~ILAR~ CLOSE/TRIP. ~-------'

EXCEPT NO CONTROL IS AVAILABLE (:ROM THt 4, ONLY THE MANUAL MODE OF OPERATION IS AVAII.ABLE FROM LOGIC DIAGRAM ALTERNATE._SHIITnC1WN PANEL. 2 ONE COMPUTER INPUT WILL PROVIO£ BOTH ON AND l'HE SHUTDOWN PANEL PRESSURIZER CONTROL OFF INDICATIONS. 5 U.)(jll F()R PRESSUR]ZER HEATERS 2RCP-H2A(ZO) ALSO BEAVER VALLEY POWER STATION- UNIT 2 SHOWNONFIG,7,~~72C * -

• UPDATED FINAL SAFETY ANALYStS REPORT

SOURCE CONDITION cs2RCP*K2D (ZO) RESULTA.IIT 1-CMITOR OM

                                  !li60V SUS 2AE DIES GEH SUPPLY SRKR OPE~

2RC P H2D (ZO.k PRESSURIZER ATERS PRESSURIZER PRESS/ cs OM LEVEL REFERENCE 2RCP*H2D{ZO) SIGNAl AUTO (AfTER OFF)

                                                                                        ~

ll160V BUS 2N BUS UNDERVOLTAGE ELECTRICAL PROTECTION TRIP 2RCP *H20 ZO) cs ?RESSlJR IZER "!(EATERS 2RCP H2D{ZO) OFF OFF PRESSURIZER lEVEL LOI BRIGHT cs

                                                                                                                                                           § 2RCP* H2D(ZO)

FIG. 7.3-13 <!) SAFETY ---.:.(AFTER OM) __.: ____~~ INJECTION SIGNAL TRAIN A PRE~SURIZER BACK-UP HTR GROUP 0 GROUP AUTO PRESSURIZER HEATERS CLOSE/TRIP OM ft cs 2RCP

• H20{ ZO)

(AFTER OFF) GROUP 0 PRESSURilER HEATERS NOTES: I. LOGIC FOR GROUP D PRESSURIZER HEATERS (TRAIN A) SHOWN. LOGIC FOR GROUPE PRESSURIZER HEATERS (TRAIN B) SIMILAR.

2. ONE COMPUTER INPUT WILL PROVIDE BUTH H~ATER ON AND OFF IN!liCATIONS. FIGURE 7. 3-70 LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 ltiNAL SAFETY ANALYSIS REPORT

SOURCE J.eONITOR CONDITION CONTROL ACTION RESULTANT MONITOR cs 2RCP-H2C ON ACB FOR GROUP C PRESSURIZER HEATERS.f...---41 CLOSE 1180Y 8US 2D BUS UNDERYOLTAGE ELECTRICAL PROTf.CTiON TRIP

                                                                                                                                ~:IM 0       FIG. 7.3-17                     PRESSURIZER LEVEL LOW ACB FOR GROUP c PRESSURIZER HEATERS TRIP 1-----f I~

cs 2RCP-H2C OFF PRESSURIZER POWER TO 2RCP-H2C PRESSURE CONTROL K PRESSURIZER HEATERS SIGNAL NODULATE {BRIGHT) NOTE I ACB FOR GROUP C HEATERS OPEN cs 2RCP-H2C {AFTER ON) PZR, CONTROL HEATER GROUP PZR CONTROL HEATER TROUBLE POWER CONTROLLER J TROUBLE PRESSURIZER HEATERS - CONTROL GRQUP MOTES: I, S ILICON CONTROllED RECTI FIER ( SCR) TO CONTROL POWER TO GROUP C PRESSURIZER HEATERS.

2. 11 BY WESTINGHOUSE.

3. ONE COMPUTER INPUT WILL PROYIOE BOTH TRIP AND CLOSE FIGURE 7.3-71 IREAKER POSITION INDICATIONS. Lr.OGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MOMITOR COMDITIOM

                                  ~LR  SURGE/SPRAY LIME TEioiP~------

A 2 tgw PRESSURIZER SURGE A/D J---f--...=;;;;;;::;;;;::;:;!...;-~ ll NE TEMPERATURE LOW PRESSURIZER SURGE LIME TEMPERATURE PRESSURIZER A/D LIOUJD TEMPERATURE HIGH PZR STN/WTR TENP HIGH PRESSURIZER LIQUID TEMPERATURE PRESSURIZER A/0 VAPOR TEMPERATURE IUGH PRESSU~IZER VAPOR TEMPERATURE PRESSURIZER FIGURE 7.3-72 LEVEL LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION-UNIT 2 F'NAL SAFETY ANALYSIS REPORT

REV12 SOURCE CONDITION MONITOR CON TF\OL ACTION MONITOR cs 2RCS*MOVS35~P) OPEN

                                                                       .B.

SS (MAINTAINED) TRAIN B ARM cs 2RCS*MOVS35(AP) AUTO 2RC5*HOV53S(AP) I. AND PZR. RELISOLAT ION FIG. 7. 3-65 PZR PRESSURE AND OPEN I IN 2/3 LOOPS NOT LOW 2RCS*MOV53S(AP) ANDt---~alli!PZR. REL.ISOLATION t-------~~ CLOSE PRESSURIZER BELIEF ISOLATION VALVE . SS (NAINTAJNED) TRAIN B BLOCK 2RCSMMOV537 CO 2F\CS*MOV537(Cd) NO PZR.REL.ISOlATION OPEN OPEN

                                                                        .i                                                                I NOT AND FIG. 7.~ -65        PZR PRESSURE             cs IN2/3 LOOPS              2RCS*MOV537(CO) 2RCSM MOV537{CO)

LOW AUTO NOTE I.LOGIC FOR 2RCStrHOVS3S ~ SHOWN

• AND PZR RELISOLATION CLOSE i.

LO,IC FOR 2RCSttMOVS36(JK). SIMILAR 2.CONTROL SWITCHES ARE MAINTAINED cs . (NOTE 2) IN THE CLOSE POSITION. 2RCS)t MOV S37(CO) NO CLOSE FIGURE 7.'3-72A LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION- UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV Z3 SOURCE CONDITION MONITOR CONTROL ACTION RESULTANT MONITOR WIOE RANGE SS (MAINTAINEI]I RCS PRESS. zRCS-PCV456-SW HIGH NORH L E. SS (MAINTAINEDI zRCS-PCV456(BO} OPEN B FIG. 7.3-23 WIDE RANGE REACTOR COOLANT SYS. PZR, PORV PRESSURE HIGH OPEN PERI'I. 55 (MAINTATNED} TRAIN A ANI] ARM B B 55 (MAINTAINED) 2RCS-PCV455(BO) AUTO ANO ANO ASP NOT SS (},IAINTAINEI]) FIG. 7.3-65 2HC5-PEV456(80) PZR. PRESSURE IN 2/3 LOOPS NOT OPEN AND ANO ENER6IZE OPEN L0I{ 2RCS-PCV456tE0l E ANO DE.ENERGIZE CLOSE 5S (MAINTAINEO) FIE. 7.3-55 zRCS-PCV456(BOr 2ECS-PRE2I CLOSE PZR CONTROL PRESS. ANt} HIGH-HIGH E SS (MAINTAINEOI PFESSURIZER POWER RELIEF VALVE 2RC5-PCV456-SU ISOL A5P AND NOT S5 II,IAINTAINEDI TRAIN A BLOCK B AND NOT ANT] 5S (MAINTAINEB) zRCS-PCV456(80) CLOSE B CONTHOL AT NOTES: ALTERNATE zRCS-PCV456(BOI

l. LoGIC FoR 2RCS-PCV456(B0I SHoWN. MANUAL RESET SHUTU0tIN PANEL LOGIC FOR zRES-PCV4ssC(API SIMILAR EXCEFT NO AT RELAY CONTROL IS AVAILABLE FROM THE ALTERNATE SHUTOOWN PANEL. R

2. ONLY MANUAL MOOE OF OPERATION IS AVAILABLE FROM THE L. M 2RCS-PCV456(B0r CONTROL AT ALT. B ALTERNATE SHUTDOWN PANEL. E

3. IT BY WESTINGHOUSE. M SHUTDOWN PANEL 0

PB 2RC5-PCV455(80) CONTROL IRANSFER ASP FIGURE 7.3-7ZB LOGIC DiAGRAM PRESSURIZER CONTROL BEAVEH VALLEY POWER STATION - UNIT 2 UPOATEO FINAL SAFETY ANALYSIS REPORT

CONTROL ACTION RESULTANT 1.40NITOk sruRiE CONDITION CONTROL AT ALTERNATE PB SHUTDOWN A 2RCP- H2A{ZO) 6 PANEL CONTROL TRANSF 2RCP-H2A(ZO) a. CONTROL AT ALl 2RCP- H2A(ZO) SHUTDOWN PAN L MANUAL RESET AT RElAY L~ cs 2RCP-H2 0 i 2 RC P-H2A(ZO) ON PRESSURIZER HTRS. ON AS!' 480V BUS 2N BUS UNOERVOLTAGE BRIGHT ASP ELECTRlCAL PROTECTION 2RCP-H2A{ZO) TRIP DIM cs PRESSURIZER HlRS 2 RC P- H2 A(ZO) OFF ~ OFF NOTES: I. ONLY THE MANUAL MODE OF OPER,J,TION IS AVAILABlE *ROM THE ALTERNATE SHUTDOWN PANEL 2 LOGIC FOR PRFSSURIZER HEATERS 2RCP-H2A{ZO)ALS(J SHOWN ON Fl G. 7. 3- 69 FIGURE 7.3- 72C 1LOGIC DIAGRAM PRESSURIZER CONTROL BEAVER VALLEY POWER STATION -UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR LSK-27-17A RECIRCULATION 1 MODE INITIATION SIGNAL TRA;N A AND 62 DIESEL LOADING SEQUENCE TI~ED-OUT

• PB
• c 2CHS*P21AIAQ)

CCNTROL TRANSFER 0 SOP M 2CHS*P21AIAOI

                                                                                                                                                   -                  E                                CONTROL AT 2CHS*P21AIAOl                                                                                                M                                SHUTDOWN PANEL 2CHS-                                                                                                               2CHS*P21AIAQ)                          R                                                                                          c ONTWJL A7 CHARGING PUMP DISCH.

z FT170 eLOW MEASUREMENT MANUAL RESET AT RELAY NOTE 4 __., s HUTDOWN p ANEL _/2cHs- L A

                                 ""'\FI170                                                                                                                                                                                                                  1      B B            AC3-2E7                    __.,

52 BUS 2AE SPL Y. BRKR. CLOSEC cs ANC ... 2CHS*P21AIAQ) START B FIG. 7.3-13 @ SAFETY 59 INJECTION SIGNAL 1/ TRAIN A OR OR s EM 1"-. 1'-._ NCTE 5 7 A c 62 DIESEL LOADING SEQUENCE s;GNAL

• cs 2CHS*P2;AIAOl
• AND AUTO B

AND - 2Ci-"S*P21AIAOl AND CHARGING PU~P R J LSK-27-17A START RECIRCULATION B 1 MODE INITIATION NOT SIGNAL TRAIN A AMM 2CHS*P21CISGI 52 CHARGING PUMP _L NOT B RUNNING ON BUS 2AE NOT .... SE 1/- _. NOTE 5 2CHS*P21AIAQ) 7 50 MOTCR ELECTRICAL OR c 5~ PROTECTION TRIP '"-.__ l

                                                                                                                                                                                     ..... 1/          2CHS*P21f\IAOl A   }----+ NOT                                              OR       CHARGING PUMP                ~

1"-._ s-:-oP 4160V BUS 2AE AND IDIM I 27 UNDERVOLTAGE ..... w

s _.,

2CHS*P21AIAOl ..... B STOP

                         /2::Hs-\
                                         - /2CHS-\ SOP                                                                                             B CHARGING PP Tll23             TI123A                                                                                                                                                                                                        AUTO START/

B REGEN. HEAT cs STOP EXCH. CHARGING 2CHS*P21AIAOl LINE DISCH. TEMP. AUTO !AFTER STOPI B AND B c 2CHS*P21AIAOI CHARGING PUMP c RUNN1NG NOTES:

1. ~-CGIC FOR CHARGING PUMP 2CHS*P21AIAOI SHOWN, NCT IBR:GHI L.CGIC FOR PUMP 2CHS*P21B\BPI SIMILAR.

AND

2. CONTROL FROM BENCH BOARD SHCWN, CCNTROL FROM SHUTDCWN PANEL SIMILAR.

3. CONTROL FROM BENCH BOARD AVAILABLE ONLY AFTER MANUAL B RESET OF CONTROL TRANSFER SWITCH.

4. ANNU~CIATOR DISPLAY IS COMIVON TO ALL. SHUTDO'..JN PANEL TRANSFER SWITCHES.

cs 2CHS*P21AIAOI

5. ONE C0"1PUT~R INPL T WIL~ PROVIO~ 80-H ON AND OFF INDICATICNS. AUTO !f:>FTER START!

6. SEE ADDITIONAL CONTROL CF 2CHS*P21AIACI ON ciG. 7.3-77A. B CHARGING =>LMP FIGURE 7.3-73 LOGIC DIAGRAM CHARGING PUMPS BEAVER VALLEY POWE~ STAT:ON - UNIT 2 UPDATED FINAL SAFETY ANA~vSIS REPORT

10080-LSK 18 REV 12 SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR PAM 1 2SIS* FI940 IAOl 2SIS* B FT940 C-IARGING PUMP DISC-I. TO HOT & COLD LEGS PAM 2 PB lAB I 2SIS* 2CHS*P21CISOI c CONTROL TRANSFER I FIC:43 SOP 0 IZPI - ~ 2CHS*P21CISGI 2SIS* B E CONT:::OL AT C-lllRGING PUMP DISC-I. f." S-IUTJOWN PANEL FT943 TO HOT & COLD LEGS R c ONFWL AT IZY I . NOTE 5 2CHS*P21CISOI MANUAL RESET AT J NOTE 2 sHUTOOWN p ANEL RELAY A L ACB-2E7 __., - 1 B 52 BUS 2AE SPL Y. BRK=i. CLOSED AND cs 2CHS*P21CISOI F:G. 7.3-13 SAFETY START B 59

                                          ~NJECTION TRAIN A SIGNA'-                                                                                   -

A I/ 1/ OR OR SEM z CIESO:L LOADING I" I"._

• 52 SEQUENCER

                                                                   ~                                                                                                                                                                            c TIMED OUT                                                                                                                                                                                NOTE 5 AND                                              cs 2CHS*P21CISOI                      AND LSK-27-17A                                                                                                        AUTO RECIRCULATION B

1 MODE INITIATION SIGNAL TRAIN A ~ - AND 2CHS*P21CISGI CHARGING PUMP -.( R START B 52 DIESEL LOilOING SEQUENCE SIGNAL

                                                                                  *          ...                                                                                                                                               AM)-1 AND LSK-27-17A                                                                                                                                                                                                                                      s 1

RECIRCLLATiON MODE INITIATION __. NOT SIGNAL TRAIN A NOT sEM 52-I 2CHS*P21AIAOI RACKED IN ON

                                                                                                                    -

• NOT c

BUS 2AE NOTE 6 A NOT

                                                                                                                                                                                               /-
    <:0 2CHS*P21CISGI MOTO=i ELECTRICAL                                                                                                    AND                        .... OR 2CHS*P21CISGI CHARGING PUMP 51 PRJ-;-ECTION TRIP                                          /-                                                                                                STOP cs                                                                                                                           IDIMI OR                                                                                                                                        w 2C-iS*P21CISO!

STOP s 4160V BUS 2AE B 27 - UNDERVOLTAGE cs c 2CHS*P21CISOI AUTO !AFTER STOP! B AND CHARG:"JG PP AUTO START/ 2CHS*P21CISG: STOP 52 CHARGI\JG ::>UMP OR RUNNING s BORIC NOT IBRIGHTJ 2C-IS-ACID BYPASS FTLO FLOW Al\0 cs 2CHS- 2CHS*P21C!SOI B FI111Z AUTO !AFTER STARTI B B NOTES: CHARGING PUMP

1. LOGIC =-oR CHARGING PUMP CN BUS 2AE SHO\v\J, LOGIC =-oR PUMP 0~ BUS 2DF SIM;LAR. 4. CONTROL FROM BENCI-' BCARD AVAILAB_E O~LY AFTER MANUAL 2CI-'S- 2. A\JhUNCIPTOR DISPLAY IS COM~ON TO ALL SHUTCO\VN RESET OF TRANSFER SWITCH.

                           -Ill0A                    PANEL TRANSFO:R SWITCHES.                            5. FLOW I\JDICATCRS ARE COMMCN TO ALL CHARGING PUMPS.

3. CJNTRCL FROM BENCH BOARD S~OWN, CONTRCL FROM 5. CNE COMP'TER :~~PUT "ROVIOES BOTH ON llND OFF INDICATICN.

L S-IUTJOWN PANEL SIMILAR. FIGURE 7.3-74 LOGIC DIAGRAMS CHARGING PUMPS BEAVER VALLEY POWO:R STATIOl\ - JNI- 2 LPOATEO F:NAL SA=-ETY ANALYSIS REPORT

SOURCE IGMilOII COitDI TIGM CONTROL ACT I Ofl RESULT All MOliTOR 2CU-P21A-I I AUXILIARY LUBE OIL PU!! ITAIIT ' QIAII6UIG PUMP LUBE OIL PRESSURE LOW I 2CHS-P21A*I 2CH$-P21A-l AUXILIARY LUIE OIL MOTOR THERMAL PUMP STOP OYEIILOAD FIG. 7. 3-68 PRESSURIZER LEVEL SIGIAL AUXILIARY LUIE OIL PU!! 1+/

                                                                                       --------------------------------------------------------~---------------------------~

AUCTIOIIEEREO T .lYG I +I A 2CHS*FCV122 (Z-) MANUAL RESET (>I CONTROL AT AT RELAY SHUTDOWN I. 8 I PANEL T PB CH.liiGIMG P'UNP CHSHCV122 ( Z-) ~I FIG. 7.3-16@ OISCH.liiGE FLOW CONTROL TRANSFER HI &It c CH.liiGIIIG PUMP DISCHARGE FLOW LOW CHARGING PUMP OISdiARGE A FLOW CONTROL VALVE A - - - t : ;~B 2CHS *FCVI22(Z*) IICITES: T 8 MODULATE VALVE OPENS ON AIR FAILURE I* LOGIC F911 .lUX I L1 AllY LUBE 0 I L PiMP 2Cii$-P21A-t SHCMI. LOGIC FO~ PUMPS 2CHS-P218*t AIIO P2lt-t SIMILAR. . [)B

2. I SUPPLIED BY M~UFACTUREII. c RIGURE 7. 3-75

3. AIIMUitCIATOI DI$PLAY IS COIN)II 10 All SHUTDOWI PAJIEL TRAJCS FEll SWITCHES, lOGIC DIAGRAM CHARGING PUMPS

4. ONLY MANUAL MODE. Of OPERATION 15 AVAILABLE FROM THE ALTE.RNATE SHUTDOWN PANEL BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 CONTROL ACTION RESULTANT MONITOR sour;cr MONITOR CHARGING FLOW CONDITION PA lll TROUBLE CHARGING PUMP AID DISCH.HEADER PRESS. B CHARGING PUMP cs 2CHS~MOV8l32A( ZO)

                                                                                                                                                                                                --0~

DISCHARGE HEADER 2CHS.j MOV8l32A (ZO) PRESSURE OPEt4 AND DISCHARGE VALVE 8 OPEN 2CHS~MOV8132A(ZO) MOTOR THERMAL NOT NOTE 1 OVERLOAD 2CHS~M0¥8132A(ZOj 2CHSfNOV8130A ( ZO) cs AND DISCHARGE VALVE SUCTION VV. NOT 2CHS*MOV8132A(ZC) ClOSE fULLY OPEN CLOSE TORQUE SEAT CLOSE 2CHSfMOV8130B(ZP) CHARGING PUt1P DISCHARGE VALVE I CHARGING PUMP INPUTS SIMILAR 2CHS~MOV 8131 PI.,ZO) SUCTION VALVES NOT FULLY OPEN 2CH&tMOV8131B{ZP) cs 2CHS~MOV8130A(ZO) OPEN 2CH$~MOV8130A(ZO) AND SUCTION VAL.YE OPEN I LOOP FILL HEADER cs 2CHS {MOV8130A(ZO) PRESSURE CLOSE 2*:H'S *.MOV8130A!ZO) AND 1-----:~------------t3Jt

• SUCTION VALVE CLOSE 2CHS~OV8130A(ZO) I MOTOR THERMAL CHARGING PUMP SUCTION VALVE OVERLOAD 2CHS~FCVI60{Z-)

LOOP FILL HEADER FLOW A K+J ~----------------t:J~ LOOP FILl HEADER VV. MODULATE. VALV£ CLOSES Cf4 .UR FAILURE NOTES:

• REACTOR COOLANT LOOP FILL HEADER VALVE I. DISCHARGE VALVE 2CHS~MOV8*a2A{ZO) SHOWN.

DISCHARGE VALVES ;2CHS~MOV8l32B( ZP) ,*MOV8133A( ZO) ,.fMOV8133B(ZP) SIMILAR.

2. DURING NORMAL PLANT OPERATION DISCHARGE VALVES 2CHS~MOV8132A(ZO), FIGURE 7. 3-76

            -*MOV8132B(ZP), :*MOV8133A{ZO), AND ~t.IOV8133B(ZP) ARE TO BE LEFT OPEN WITH THEIR POWER REMOVED. REFER TO FIG. 7.3-778                                                                                                                 LOGIC DIAGRAM

3. SUCTION VALVE 2CHS*t.IOV8130A{ZO) SHOWN. SUCTION VALVES 2CHS*-MOV8130B(ZP), CHARGING PUMPS

            *MOV8131A(ZO), 71\t.IOV8131B{ZP), LOOP FILL VALVES 2RCS .. MOV556A(A-), *t.tQV556B(B-),
            *:,MOV556C( C-).   *         .

• BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SOuRCE CONOITiuN CONTROL ACTiON MONITOR cs 2CHS*SOv206 (ZJ) >--------------------~DE-ENERGIZE. OPEN OPE !'II

                                                                              ~~----~a 2CHS

• 0~

S 20G (l 0) ( ~~H s*sov zo.s \>----------------------t~ (ZO) ENE RSI ZE CLOSE CLOSE

                                                                              ~---------.a
                                                                                                         ~                                                    ~---~---~

EMERGENCY 80RATION VALVE rc.

                                                                                '-~

2CH9fMOV 350 (Z F') 2CHS?ii.MOV350(Z P)

)PEN SUCTION VALVE OPEN 2CHS MOV350{ZP)

MOTOR THERMAL OVERLOAD 2C HS>!<MO~ 350 (Z P) cs SUCTION V1LVE 2CH9F*MOV350 {ZP) CLOSE ' CU:JSE TOROUE SE~T CLOSE BORIC ACID TANK TC CHAR(,* NG PUMP SUCTION VALVE Fe 2CHS*SOV206 [20) TRANSFER M 2CHS* SOV 206{20) E CONTROL ,.f,T 2C HS*- SOV 206 (ZO) SHUTDOWN PANEL M MANUAL RESET AT RELAY _ _

                                                                              ~~:::.:;;.,;.;..,._    -..~l:.

CONTF,0L AT I SHUTDOWN PANEL PB L.-.....L.!-l.a 2C HS* MDV 350 {Z P) TRANSFER M 2CHS*MOV350(ZP) E 1----------------f:~ CONTROL AT 2CHS*MOV350{Z P) M SHUTDOWN;PANEL

                                                                               ~---::..:;:_  ___

MANUAL RESET AT RELAY .._) ~ NOTES: L ANNUNCIATOR DISPLAY IS COMMON TO ALL SHUTDOWN PANEL TRANSFER SWITCHES fiGURE 7.3-77 2.CONTROL FROM eE NCHBOARD FOR 2CHS*SOV 20E SHOWN, CONTROL FOR 2CHS*-MJV350 SHOWN, CON TAOL fROM SHU TOOW N PANEL SIMILAR. ~OGIC DIAGRAM

3. SEE ADD IT 10 NAL CONTROL OF 2CHS

• SUV2 06 (ZO} ON FIG. 7.3-77 A. CHARGING PUMPS

                                                                                                                                                                             ~EAVER VALLEY POWER STATION-UNIT 2 fiNAL SAFETY ANALYSIS REPORT

$OURCE CONDITION CONTROL ACTION RE&i.TANT MONITOR 2CHSlfSoV206 {20) 1--4~o--------...j~ CONTROL AT ALT. 2CHS*SOV206(Z()} SHUlboWN PANEL MANUAL RESET. AT RELAY EMERGENCY: BORATION VALVE I 2C~P21A(AQ

                                                                                                           '-------a!           CONTROL AT ALT.

2CH5*P21A(AO) SHUTDOWN PANEL MANUAL RESET AT R£LAY cs 2CHS*- P21.al.AO) 2CHSt P2lA(A(J 1----1~ CHARGING PUMP MOTOR START START

     ,__-------IELECTRICAL PROT.

TRIP (BRIGHT) 4160V BUS2AE ASP 2CHS.-!P21A(AO) (DIM) UNDER VOLTAGE cs "'---~~ CHARGING PUUP 2CHS~l P21/liAQ) s p STOP CHARGING PUMP NOTES: I. SEE ADOlT IONAL CONTROL Of 2CHS SOV206(ZO) ON FIG. 7. 3 - 7 7.

2. S£E AODIT tONAL COHT ROL Of 2CHS P21.4(AQ ON FIG. 7. 3 - 73 .

S.ONLY MANUAL MODE OF OPE RAT ION. IS AVA K-ABLE FROM THE ALTERNATE SHUTOOWN PANEL. f!IGURE 7.3-77 A LOGIC DIAGRAM GHARGING PUMPS BEAVER VALLEY POWER STATION-UNIT 2 F.:INAL SAFETY ANALYSIS REPORT

SOURCE MONITOR RESULTANT ZCHS* P21A (A 0I CHARbiNG PUMP LUBE OIL TENPERATUR 2CtiS-TC 150A PN[U~TIC TEMP. CONT. \-----------~ SET POINT MODI.JLATE 2CHSXP 21A (AO I LUBE OIL TEMPE.RATURE J--------------------4 HI'H OPEN VALVE FAILS OPEN TO LUBE Ol. COOLER 20fS* p~ LUliE OIL TEMP, BLENDING VALVE

                                                                                                                                                               !    (NOTE *1) 2CHS~P21A (AO)

CHAR(;IN(, PUMP LUBf OIL PRESSURE (NOTE 4)

                                     ~               2CHSlif HOV8\32A SLAVE CONTACTOR PWER AVAILABLE 2CHS* P21A lAOJ CHAR GlNG PP. LO COOLER OISCH. TEMP.

NOTES:

1. 2CHS*P2\A{AO) LUBE OIL TEMPERATE BLENDING VALVE 2CHS*TCVI50A SHOWN.

BLENDING VALVES 2CHS-TCV I':>OB ~ 2CHS-TCV I?OC FOR 2CHS~P21B{BP) C.

5. 2CHS- TE250A FOR 2CHS P2 JA{AO) SHOWN, 2CHS-T E2 508 AND 2CHS- TE250C FOR 2CHS* P21B (BP) AND 2CHS

• P21C(SG) SIMILAR.

ZCHSw PZIC (SG) ARE SIMILAR. 2.CHA~INfio PUMP LUBE OIL TEMPERATURE HI&H COI-IPUTER POINT COM~IOH TO 2CHS-TSH !~OA,-TSH-1~6 7 0R I

  -TSH !'flOC HIGH TEMPERATURE CONDITION.                                                                                                                     ~IGURE      7.3-778

3. CHARbl N' PUMP 2CiiS* PIT250A LU I~E OIL PRESSUR[ COMPUTER INPUT SHQ\.JN.

2CHS_; PIT250B t;.- PI T250C IN PUTS SIMILAR. ll.OGIC DIAGRAM

4. 2CHS!tMO\I8132A SlA'iE (ONT-'CTOR PO\oiER AVAILABLE INDICATION SHQ\.IN. CHARGING PUMPS IND!(ATION FOR 2C HS,.MOV8132B,*HOV8133A,&."' MOV813 36 SIMILAR. BEAVER VALLEY POWER STATION-UNIT 2 REFER TO FIG. 7.3-76 NOTE 2. .

F. IN AL SAFETY ANALYSIS REPORT

SOURCE NOM I TOR COMO I TIOII CONTROL ACTION RESUL TAIIT NOiiiTOR PB 2CHS-t LCV460A(ZO) CONTROL TRANSFE 2CHS*LCV460A(ZO)

                                                                                                                         ~--------------~~CONTROLAT                           '

2CHS~LCV460A(ZQ SHUTDOWN PANEL MANUAL RESET AT RELAY FIG. 7.3-16 0 LETDOWN LINE ISOLATION VALVE OPEN SIGNAL I EXCESS LETD~M HEAT

       ~-----+------; EXCHANGER DISCHARGE                                                                                                                                                                                      I PIIESS URE FIG. 7.3-16  0                            LETDOWN ll NE I SOLATION VAlVE CLOSE SIGNAL LETDOWN LIME ISOLATION VALVE SS (MAINH.INEO)

LE TO ()I N FLOW 2CHSI<HCV389 TO PATH TROUBLE "VOUM CCtiTROl TAHK"  ! EXCESS LETDOiiN HEAT Ato 1-4~===-:..---4 EXCH. DISCHARGE TEMP. SS (MAINTAINED) HIGH 2CHSorHCV389 TO "PRIMARY ORA! NS"  ! J VOLUME CONTROL TANK{PRIMARY DRAIN VALVE FAILS WIT' FLOW TO VOLUME CONTROL TANK TRANSFER TANK DIVERSION VALVE 201S1t£Vl'!l EXCESS 2CHSH I C137 PRESS.RBU:IMG W, EXCESS LElDOirfl HEAT "MODULATE" >-----------------~ lO REim: PIISS."'"""~'"" OF 1l£ EmS lETtOfl 1£AT EXOI. DISCHARG£ IDP. EXOWilER FAILS CLOSED ON LOSS OF AIR ZK)tt£Vltt2(Z -lPESIDuAL H R&DY.tt. A.R IFICATI(II' VY.

                                                                                                                                   ,.------E"' ~m             FLQrj  F!DITIE RES Iru.ll.. IlEAT R&DYAl SYS. AT SS{MAINTAINED                                                     l..loi.:IIUII.:::.w.:lu..:li~:II'..IIDP~*.J FAILS CLO::;t.O ON LOSS OF AIR 2CH5-i HCV142fl-)

BENCH BOARD MOTES:

                                                                                                                                                                                =IGURE 7.3-78 I. CONTROL fROM CONTROL ROOM SHOWN. CONTROL FROM SHUiOOWN PANEL SIMILAR FOR 2CHStLCV460A(ZO},'f"LCV460~ZO).                                                                                                                  LOGIC DIAGRAM

2. LOGIC FOR LETDOWN LINE !SOLATION VALVES 2CHS ;HCV460A(ZO) REACTOR COOLANT SYSTEM AND 2CHS-;iE-LCV4608(ZO) ALSO SHOWN ON FIG. 7.3-82A. REACTOR COOLANT LETDOWN BEAVER VALLEY POWER *sTATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

CONTROL ACTION PB RESULTANT 2CHSJAOV204(ZP) SOURCE CONDIT! ON H 2CHS*tAOV204(ZP) CONTROL TRANS NON ITOR E t - - - - - - & 1 CONTROL AT H SHU TO OWN PAN a CONTROL AT SHUTDOWN PANEL I

                                                                                              .                                                                                                                                   8 2CHS *AOV2~/ZPJ "OPEN" CONTA I iiMENT ISOLATION SIGNAL PHASE A (TRAIN B) cs 2C HS ~A OV2011{Z P}
                                                                                            "CLOSE"              "'    ~

CONTAINMENT LETDOWN ISOLATION VALVE SS ( !olt6. INTA I NED) 2CCP ~AOVI30{Z -) \'[NT AIR OPEN "OPEN SS ( f.IA. I NTA I NED) 2CC P AOV 130(Z -) 2CC P-*' AOV 130(Z -) ADMIT AIR CLOSE "CLOSE" NON-REGENERATIVE HEAT EXCHANGER ISOLATION VALVE cs 2RCS -f-MOV 557A (A-)

                                                                                            "OPEN"                                                                          2RC S !f MOV557 A I A-)

1------------~NO. 2t LOOP OPEN 2RCS t MOV557 AI H

                                  .NO MOTOR THERKII L OVER LOAD 2RCS '¥ MOVS57A lA-)

NOTES: 1 - - - - - - - - - - - - t : : : ' ! N O . 21 LOOP cs CLOSE 8

1. LOGIC FOR NOM-REGENERATIVE HEAT EXCHANGER ISOLATION VALVE 2CGP'*"AOVI30(Z-)

SHOWN. LOGIC FOR SEAL WATER HEAT EXCHANGER I SOLA Tl ON VALVE 2CC P f.AOV I 32 ( Z-) 2Rc ~ MOV557 AI H "CLOSE" AND CC P WATER SUPPLY VALVE TO EXCESS LETDOWN COOLER 2CCP ;ll. AOV I 05 (Z- J SIMILAR. REACTOR LOOP DRAIN VALVE

2. LOGIC FOR NO. 21 LOOP CRAIN VALVE 2RCSA;MOV557A(A-l SHOWN.

LOGIC FOR NO. 22 AND NO. 23 LOOP ORA IN VALVES 2RCS ;t;t.IOV 557 B( 8-l AMO

    ~ NOV557C ( C-l SIMILAR.

3. CONTROL FROM CONTROL ROOM SHOWN, CONTROL FROM SHUTDOWN FIGURE 7. 3-79 PANEL SIMILAR FOR 2CHSt-AOV204(ZP)

                                                                                                                                                                                                           ~OGIC   DIAGRAM REACTOR COOLANT SYSTEM REACTOR COOLANT LETDOWN eEAVER VALLEY POWER STATION-UNIT 2 fiiNAL SAFETY ANALYSIS REPORT

SOURCE CONDIT IOM , COHTROL ACTIOM I ~ESULTANT WON ITO~ PB 2CHS*AOY200B(BO) >---....., CONTROL TRANSFER ........___,71 2CHS .tt-AOV 20fl8 (BO)

                                                                                                                           ._--------+---------------,_,.:::.j COMTROL AT 2CHS*AOV 200B(B0)                                                                              SHUTDOWN PANEL MAMUAL RESET AT RELAY cs 2CHS!tAOV2008{80) }-~I=!Jij OPEN                   A                                                                 ADMIT AIR B

A

@   ~ ~-----l PRESSURIZER LEVEL I~) 1~% OF LEVEL PRESSURIZER SPA~                              cs 2 CHSlt AOV2008(80)

OPEN

                                                                                                  >----1,_

VENT AIR c LEVEL

                        ) 1~% LEVEL SPAN COMTAIMMENT ISOLATIOM SIGNAL PHASE A (TRAIN A)                                                                                                                                   2CHS ~AOV 200BIB 0)

I SOLATION VALVE ACTUATE VALVE CLOSE OM AIR FAILURE KEACTQR COQLANT LE!OOWN RESTBIC I!NG OBI FICE ISO!.. AI ION VALVE MOTES; I. 2. LOGIC FOR LETDOWN ORIFICE ISOLATION ~ALVE 2CKS~AOV2008(BO) SHOWN. LOGIC FOR LETDOWN ORIFICE ISOLAT IOM VALVE 2CtiS*AOV200C ( C0) AHD

• AOV200C(CO) SIMILAR.

AMHUHCIATOR AND COMPUTER INPUT COMMON TO ALL SHUTDOWN PA~£L TRANSFER SWITCHtS. FIGURE 7.3-80

3. CONTROL FROM THE CONTROL ROOM IS OMLY AVAILABLE WHEN THE CONTROL TRANSFER RELAY LOGIC DIAGRAM HAS BEEN MANUALLY RESET. CONTROL FROM THE SHUTDOWN PANEL IS ONLY AVAILABLE WHEM REACTOR COOLANT SYSTEM THE CONTROL TRANSFER RELAY HAS BEEN ACTUATED. REACTOR COOLANT LETDOWN BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

COKTROL ACTIOK RESULT.I.IfT NOifl TOR SOO RCE MOK I TOR COKOITION SS (MAl NTAINEO) 2CHSI'H02~~ >----------------~DE-ENERGIZE VENT AIR I OPEN TO VOL "VOLUME CO'ITROL TK" ~ ' CONTROL TKI-----+'"i

                                                             ~            SEM 2CHS-H:;v2~~

2CH~CV2~~ 01 VAL YE VERT RE GEitER AT I VE HEAT SS (MAINTAINED) A /0 E~CHA NGER OUTLET 2CH S~ HCV 2~~ }---------------~ EN ERG I Zf. ADMIT AIR i 094INERAI..IZER ~--~ LETDOWN FLCifli , TEMP. HIGH noEMr"ERALIZER"

                                                                                                                                                    ~

PATH TROUBLE VALVE OPENS WITH flOW TO VOLUME VOLUME CONTROL TANK/OEMINERALIZER OIVEkT VALVE CONTROL TANK ON All R FAILURE cs 2CH S.t.tOV20 \( l-) 2CHSif MOV 20I(.Z -) REGENERATIVE HEAT "OP EM" f-------------t~ SUPPLY VALVE EXCHANGER OUTLET OPEN e. TEMPERATURE 2CHSJ(- MOV 201 (Z-cs 1-------------~SUPPLY VALVE 2CH S>>>O V20 l (Z-) 2CHS*MOV20I{Z0 CLOSE NO MOTOR 'cLOS(' THERMAL OVERLOAD EXCESS LETDOWN HEAT EXCHANGER SUPPLY VALVE 2CH ~tRV 20 3 0 I SCHAR GE ll lit rEMPERA TU RE HI 2CH SJ:RV203 DISCHARGE LINE TEMPERATURE 2CHS HOV 31HZ-) Sl ~ VE COM TACT OR POWER AVAILABLE 2CHS* MOV 3111Z-) SLAVE COMTACTOR POtE R AVAILABLE PB 2 CHS ~H-10VI 0 OA(-0) CONTROL TRA M 2CHS*MJVIOOA:tO) E ~--------~CONTROL AT ; 2CHS*t..,OVIOO -0 M SHUTDOWN PAN IIO!ES: MANUAL RESET AT I. STATUS "IGHTS fOR POWER HAILI.BLE SHOWN FOR 2CHSHH311!Z-I ON'.Y. RELAY

5. AUXILIARY SPRAY VALVE 2CHS)(M0V.311{Z-) HAS POWER REMQYED

2. LOGIC f" OR EXCESS LETDOWN HEAT EXCHANGE SUPPLY VALVE 2C HSHII'l\'20 !\Z-SHO'!'tN,LOG I C FOR LETDOWN SUP PLY VALH BY MEANS OF' A BANNAN A PLUG ON THE MC 8. FIGURE 7.3-81 TO I'~ <SS URI ZER <; PR.A Y '1CHs.t MOV 31 r:.z.; CCI' WATER TO NON~ EGENERAl 1V~ /SEAL WATER HEAT DC HANGER SUPPLY vALVE

    '2ff P ~ ~0~ r7 31Z PI 2CHS~HOV IOOAI- 0) A..ND

• HCVIOOB{-C) l E ~DOWN TO COOLANT RE COVEH'r TANKS SIH I_:; M, LOGIC DIAGRAM

3. WNTROL FROM MAIN BOARD SHOWN CONTROL FROM SHUTDOWN PANEL SIHILAR FOR 2CHS REACTOR COOLANT SYSTEM J- MOV311(Z-). t r--*,oviOOA(-0), AND 't"MOV 1008(-0)

4. LCC:IC FOR 2 :H9cMCV IOO.A.(- C) AND 2CHS* MOV\008(-0) ALSO SH;,'\Ii ~ ON FIG. 7 3-8 2A REACTOR COOLANT LETDOWN

                                                                                                                                                                                                                      .BEAVER VALLEY POWER STATION-UNIT 2
                                                                                                                                                                                                                      !FINAL SAFETY ANALYSIS REPORT

RESUL TAM! MONITOR SOURCE MONITOR COMOI TlON CONTROL ACTION cs 2CIIS;\-TCVI143 VOLUJ.E C'JNTROL TK. !l cs 2CKSHCVI k!~ EM TO VOL. AUTO OE-ENERGI ZE VEMT AIR 1ti MOOL TAHK ~ VALVE FAILS WITH FLOW TO THE REACTOR COOLANT cs VOLUME COKTROL TAMK LETDOWN 2CH Sl TCVI 143 TEMPERATURE "OIVERTn VOLUME CONTROL TAHK/pEMINERALIZER piVERSIOM VALVE REACTOR COOLANT A/0 LFTOOW!I TEMPERATURE IIIGH LETDOWN FLOW PATH 2 TROUBLE 8 EXCESS LETDOWN COOLER OUTLET TEMPERA ~URE 2CCPHCV144(Z4 LNG. NOM-REGENERATIVE TO !ClH-REGENERA VE IlEAT HEAT EXCHANGER K+f+ 0 }---------~ EXOINIGER TIM'. TtllL 0 I SCH ARGE TEMP. VV. l()llJLATE lO AINTAIN R I RED mtPERAiruRE VALVE OPENS 0~ AIR FAILURE NON-REGENERATivE HEAT EXCHANGER TEMPERATURE CONTROL VALVE REACTOR COOLANT LETDOWN FLOW FIGURE 7. 3-82 REACTOR COOLANT A {D LETDOoi'N FLcM LOGIC DIAGRAM REACTOR COOLANT SYSTEM REACTOR COOLANT LETDOWN BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION MONITOR RESULTANT PB 2CHS)(LCV460A(20) CONTROL TRANSFER ASP 2C HS*L CV4GQA tZO)

                                                                                                                                            ~._----I~CONTROL         AT ALT.

2CHS )fLCV41)()A(.ZO) SHUTDOWN PANEL MANUAL RESET

                                                                                    '-A....:..T....:..R:.=.E.=.:lA...:.:.Y_ __ _ j .I._

cs 2CHS)( LC V46CA (ZQ) ADMIT AIR ':OPEN OPEN cs 2 CH S* LCV460AlZO) CLOSE ' ~ L~ TDOiVN LINE ISQLATION VA~VE Fd 2 CHS* MOV IOOA(-0) COII'Tin. TRANSFER ~ cs 2C HS*MOVIOOA(-Q) 2 CHS*MCWIOOA( -~ 1-----~:LTON TO CLNT RCVY OPEN ASP OPEN 2CHSJfHOVIOOA(-O) NO MOTOR THERMAL l - - - - - - < t OVERLOAD NOTES; cs 2 CHS*MOVIOOA -Cj !.LOGIC FOR 2CHS*LCV460A(ZO) FROM ALT. SHUTDOWN PANEL SHOWN 2CHSX MOV IOOA{-0) 1-----~LTON TO CLN T RCVY LOGIC FOR 2CHSJfLC\f460B{ZO) FROM ALT. SHUTDOWN PANEL SIMilAR CLOSE 2.LOGIC FOR 2CHS*MOVIOOA(-Q)FROM All* 51-l.JTOOWN FNIEL SHOWN CLOSE LOGIC FOR 2CHS*MOVIOOB (-Q) FROM AlT. SHVTOOWN PANEL SIMILAR LETDOWN TO CQOLANT RECOVERY TANKS 3.0NLY MANUAL MODE OF OPERATION IS AVAILABLE fROM THE AlTERNATE SHUTDOWN PANEL

4. LOGIC FOR 2CHS*LCV460A(ZQANO 2CHS*LCV46QB(Z(jALSO SHOWN ON FIG 7. 3-78 S. LOGIC F'OR 20fSM- HOY IOQA{-Q}ANO 2CHS* MOVlOOB(-ct ALSO SHCWN ON FIG 7. 3- 8 I FIGURE 7. 3-8 2A LOGIC DIAGRAM REACTOR COOLANT LETDOWN BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION R.ESULTANT MONITOR CONTROL AT SHUTDOWN A PANEL M 2CHS*AOV200~0 I ll. E ~--------------~~------------------~CONTROLAT M SHUTDOWN PA 2 CHS*AOV 200A(A0 t------------_.------------4~CONTROL AT ALT. 2CHS*ACN200A~ SHU TO MANUAL RESE T AT RELAY cs 2CHS*AOV200A(AO) >--------G;;L--l OPEN cs 2CHS~AOV200A~O) OPEN cs 2CHS*AOV200A(AO) r--------sMAN PRESSURIZER OPEN LEVEL

                   >147.0Fl£VEL SPAN 8

2CHS*ACN200A(AQ ISOLATION VALVE ACTUATE CONTAINMENT VALVE CLOSE ON AIR ISOLATION SIGNAL c FAILURE PHASE A(TRAIN' A NOTES LETDOWN ORIFICE ISOLATION VALVE 1

   *~~tR':t:TUEAL MODE OF OPERATION IS AVAILABLE FROM THE SHUTDOWN PANEL FIGURE     7. 3-828 L.OGIC DIAGRAM REACTOR COOLANT LETDOWN BEAVER VALLEY POWER STATION- UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION CONTROL ACTION MONITOR RESULTANT MONITOR CONTROL AT ALTERNATE A SHUTDOWN 2C H5* PCV 145 3 PANEL r-~====~------------------------------~--~CONTROL AT Alt

                                                                                                                                                                             .__..........._~.a SHUTDOWN PANEL 2CHS* PCV 145 MANUAL RESET AT RELAY                                          c VALVE OPENS ON AIR FAILURE CONTROL AT HUTDOWN A. PANEL 2CHSJI(.PCVI45
                                                                                                                       ----------------f:.tCONTROl AT                                  I   .a SHUTDOWN PANEL 8

2CHS* PCVI45 MANUAL RESET AT RELAY NON- REGENERATIVE HEAT EXCHANGER DISC H/A K + f+D 1-------e,;:: SET POINT PRESSURE

                                                                                                    '--,---'.B.

LOW PR.ESSUBf LETDOWN VALVE NOTE

1. ONLY MANUAL MODE OF OPERATION IS AVAILABLE FROM THE AL lERNA TE SHUTDOWN PANEL FIGURE 7.3 -82C LOGIC DIAGRAM FREACTOR COOLANT LETDOWN SEAVER VALLEY POWER STATION- UNIT 2 FINAL SAFETY ANALYSIS REPORT

REVI2 IOUICE COIID ITl 011 COITIOL ACT I01 IEIULTAIIT MDIII Til ca 2SI~MOVIISA(AO) OPEII I PU.PIESSUIE FIG. 7. :3 -II Ill 2/1 LOOPS HI Cit ca .l 2SI~VII5A(AO) AUTO 2SI'*'MD¥115A(AO) COITAIIIMEIIT t-------,_.,p~ OUTLET VALVE Sli4P WATER LEVEL ( OPE Ill I H1811 8' ~ -~-------- FIG.7.:3-1:3 2SI'*-VII5A(AO) ) MOTOR THERMAL OVERLOAD SAFETY 1 - *- - - - lliOT 2SI~NOVII5A(AO) I IIIJECTIOII SI&IAL 1-------.......jii!IIIIIAIID VALVE TRAil A --------~~==========~----~111~ ~------+~OUTLET CLOSE CS(MAINTAINEO) I 2S~VIIIA(AO} ACCUMULATOR CLOSE DI SCII

• VALVES I

                                                                                                                                                                                                                  "-----'-...1 IIOT FULLY OPEl IIOTEI.

2SIS~V865A(AO) A~ ~------------------------4 ~ OUTLET VALVE  ; IIOT FULLY OPEII SAFETY IIIJECTIDII ACCUHULATOR OUTLET ISOLATIOII VALVE cs 28 IS*M0V851 A( A-) OPEl AIID 2SI S ~MOVI5U(A-) t------......fiiilll TEST LIWE VllVE 2s1 s~u*ovasl A(A-) MOTOR 111!RMAL ~-------~~

                                                                       ~                   liM ~-----------------~
                                                                                                                                             ~------~~~                                        ~Ell
                                                                                                                                                                                             ~------------~

OVERLOAD 2SI Uh10V851 A(A-) cs AID t-------~lall TEST LIIE VALVE 21 I S~MOYISI A(A-)

                                                                                                                         ~--------------~~~                                                  ~-CL-~-E----------~

CLOSE .L

                                                                                                                          .1.

NOTES! I, CONTROL AT SHUTDCJIIN PANEL SHCMN FOR 251StNOI865A(AO) CONTRCL SIMILAR FOR 261Sft4()18&58(~ AND *MOV86SC(CP) Z OUTLET VALVE 2S IS1tMOV885A(AO) SHM, OUTLET VAL\IL41 2SISit'MOVM58(8Pl AIID MOV865C(CPl SIMILAR. 3, DURING NORMAL PLAIT OPERATIOII ISOLATION VALVES 2SISJlMOVI65A(AO); ittiOVIISI(IP) AID *MOVI66C(CP) HAVE THEIR POWER REMOVED BY NEAliS OF A IANAIIA PLU8 DISCONIIECT 011 THE MAl II COIITROL BOARD TO PREYEIIT SMIOUS OPERATIOII OF THfSE VALVEs.* ~--.....----' .1.. 4.* MOTOR SUPPLY BREAKER IS SHUIIT TRIPPED 011 COITAIIIMENT SUMP WATER 7. MAKE-UP VALVE 2SIS.MOYI61 AlA-) SHM, MAKE-UP VALVES 2StS ftM0¥161 B{A-), MOVI61 C(B-1, LEVEL lti8H FOit 2SIS;t"MOV865A(AO), MOV8658(8P) AIID *MOV885C(CP). DRAIN VALVES 2SIStffiOYI52A(A-), MOYI621(1~J, AID MOVI52C(C-) SIMILAR

5. f BY WEST I N&HOUSE 8. CONTROL SWITCHES FOR 2SIS~MOV86SA BAND CARE SPRING RETURN FROM

6. ANIIUICIATOR WILl BE ACTUATED BY VAlVE LIMIT SWITCH WHEII VALVE IS OPEN TO AUTO AND MAINTAINED IN CLOSED.'

IIOT FULLY OPEII AND PRZR. PRESSURE IN 2/3 LOOPS IS HIGH. THE SI&IIAL WILL BE REMOVED AFTER ACKIOWLEDGMERT BUT THE WIIDDI IEMIIMS FIGURE 7. 3-83 LIGHTED UIITIL THE VALVE FULLY OPEIIS. A SEPARATE LIMIT SWITCH WILL IEFLASH THE AMIIUICIATOR EVERY 10 MIIIUTES IF THE VALVE II lOT FULLY LOGIC DIAGRAM OPEJI.* SAFETY INJECTION SYSTEM SAFETY INJECTION ACCUMULATORS BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV 2 SOURCE CONDIT ION ~ONTROL ACTION MONITOR 2SISvTK 21 A(A-l A/0 S I. AGCUI( PRESSURE HIGH-CHANNEL I 2SISllK 21A(A-l SAFETY I NJ. ACCU M. PRESSURE 2SISo~TK 21A lA-l A/0 S.l. AGCUM. PRESSURE LOW 2SISt TK 21A (A-l A/D S. I. AGCUr.l. PRES SURE HIGH CHANNEL 1I 2SIS*TK 21A (A-l SAFETY IN J. ACCU M. PRESSURE 2SIS¥TK 21A (A-) A/0 S. I. ACCUM. PRESSURE ACCUMULATOR LOW LEVEL I PRESSURE HIGH/LOW 2 SIS~ TK 21A (A-) A/0 S.l. ACCUt.l. LEVEL HIGH CHANNEL I 2SISITK 21A(A-l SAFETY INJ. ACCUit LEVEL 2SIS4TK 21A(A-l A/0 S.l. ACCUM LEVEL L0\11 2SIS4TK 21A(A-l A/0 S. LACCUM. LEVEL HIGH CHANNEl ll 2SIS.-H 21A(A-l SAFElY INJ. ACCllM. LEVEL 2SIS~ H. 21 A( A-) A/0 S.l. ACCU M. LEVEL LOW NOTES: I, 2SIS*TK21A(A-) SHOW'!, 2SIS?fTK21B(B-) ANO~K21C(C-) SIMILAR. Fl GURE 7. 3-84 LOGIC DIAGRAM SAFETY INJECTION SYSTEM SAFETY INJECT ION ACCUMULATORS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

CONDITION CONTROL ACTION RESULTANT MONITOR SOURCE cs 2SISjfMOV8112(Z1) OPEN 2SIS~V8112(tP) 1-------~ TEST LINE ISO~.YALVE OPEN  ! I 2SI~V8~2(ZP) MOTOR THERMlL OVERLOAD 2SI~V8112(ZP) cs l---------+~ TEST Ll HE IS4l., VALVE CLOSE I 2S I*MOV8112( ZP} CLOSE , COMTA INMENT ISOLATION PHASE A TRAIN B SAFETY INJECTION ACCUHUL!TOR TEST LINE ISOLATION VALVE cs 2SI~AOV889(Zb} OPEN I CONTAINMENT I ~----------------~ ISOLATION PHASE A TRAIN l I cs 2SI'*"OV889(ZO) CLOSE I cs 2GMS OPEN

                                                                                                 '* SOVB53A( AD)                                                       OPEN 2GNS~SOV853A(AO)

I cs 11nr'"s: I, TEST L1 ME ISOLATION VALVE 2S IS*~UOV889~0) SHOWN,, NITROGEN MAKE-UP ISOLATION VALVES 2GN$~AOVIOI-I~O)

• 2GNS SOV853A( AD)

CLOSE

                                                                                                                 )--------------~ DE-ENERGIZE                          CLQSE I

AND AOVIOI-2~) SIMILAR, I NITROGEN MAKE-UP VALVE 2; I BY WESTINGHOUSE

3. NIT ROGEM MAKE -uP VALVE 2GNS~ SOVB 53 A( AQ) SHOWN, NITROGEM MUE -uP VALVES 2GNS SOY8538 (80) , ~ SOVB&3C (CO)

              ~SOV853D(AP), ~SOV853E(BP}, +tSOVB53F(CP), AMO SAFETY '

INJECTION ACCUMULATOR Vt~T VALVES 2GNSitSOVBSIIA{AO) AND ;FIGURE 7.3-85 2GNS~SOV85118(BP) SIMILAR. LOGIC DIAGRAM SAFETY INJECTION SYSTEM SAFETY INJECTION ACCUMULATORS

BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MOMITOR CONDITION CONTRuL ACTION RESULTANT MONITOR cs 2SIS-P22 START zs1:s-nz I 1----------------AI HYDRO TEST PUNP ST RT 2SIS-P22 MOTOR ELECTRICAL PROTECT lOll mv aus 2A ZS1is-P22 UNDERVOL TAGE 1---------------..+::;;,~ HYDRO TEST PUMP cs T.o. STOP ZSIS-P22 STOP SAFETY INJECTION ACCUHUL!TOR HYDRO TEST PUNP HYDRO TEST PUMP COOUJIT C IRC, WTR, POT LEVEL LOW HIC 2SIS-HIC9'7 RA I SE/LOIIIE R 8 v _______--lc~~~:O~ST f.;\,___ PUMP )1--------------- _RUNII!It&

                                                                                          ~--------~~                               ZSIS-SOY9117      T A          2SiiS-P22 r-----F=311 SPEED CONTROL RAISE/LOWER (NOTE I) c 2SIS-P22                                                                                                     VENT AIR HYDRO TEST PUMP S.TOPPED                                      SAFEJI INJ£CT!QN AccUMYLiTORS HYDRO TEST PUHP SPEED CONTROLLER (BRIGHT)

I HYDRO TEST cs PUMP TROUBLE 2SIS-f'22 (AFT£1 START) I IOTES: I. VEMTIMG SPEED CONTROL SOLENOID 2SIS-SOV9'7 CAUSES VARIDRIYE TO ASSl~ LOWEST SPEED. FIGURE 7.3*86 LOGIC DIAGRAM SAFETY INJECTION SYSTEM SAFETY INJECTION ACCUMULAlORS

                                                                                                                                                                         ~EAVER VALLEY POWER STATION-UNIT 2 f'INAL SAFETY ANALYSIS REPORT

SOURCE ~QNITOR CONDITION CONTROL ACTION RESULTANT MONIT0.~ HYDRO TEST 2 GNS>t.SO\I 3A(AO) PUMP DISCHARC.E i--.._-~8111 CONTROL AT!~ ALT. t - - - -..... 2 GNS>t SOV 853 SHUTDOWN PAN CONTROL AT ALT. FLOW MANUAL RESET SHUTDOWN PANEL AT RELAY

                                                                                                                                                                     &....-'-~  B
                                                                                                              .__-fiJI ENERGIZE      OPEN 2GNS"' SOV8S3A(A(j) cs 2 GNS>F SOV 853A(AO) >---e&  ---81 DE*ENERGIZE CLOSE i CLOSE.                                                                                       ASP NITROGEN MAKE* UP VALVE.        i OPEN CLOSE TEST LINE \'ALVE NOTES:

I, LOGIC FOR 2 GN S 'tSOV 853A ~0) SHOWN

• LOG 1C. FOR 2 GNS 't8538 (BO) 1 853C(CO) AND 85AA~O) SIMILAR.

2. SEE ADDITIONAL CONTROL OF THE ABOVE sov's IN NOTE 1 ON FIG. 7.3-85.

3. ONLY MANUAL MODE OF OPERATION IS MAILABLE FROM THE ALTERNATE SHUTDOWN PANEL. 'FIGURE 7. 3-86A 4 LOGIC FOR TEST LINE VALVE 2 Sl S>tAOV850A(f\-) SHOWN. LOGIC FOR LOGIC DIAGRAM lEST LINE VALVES 251S'tAOV8508(A-). 850C(B-), 8500(B-) I 850E.(C*), SAFETY INJECTION ACCUMULATORS 8SOF(C-) SIMILAR.

BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REVS SOURCE COMOITIOM COMTIOL ACTIOI RESULT AliT MONITOR 211CS* N3YSIK)( 1.-) LOOP 21 HOT LE& lsdLATION VALVE OPEl 2JICS<<MJ¥!'BI(A-)U.. 21 C~LD LEG ISOLATION ALVE OPU 2RCS .. P21A A-l

                                                                                                  .,_.......,~  RElCTOit COO Alll PUMP l----------1-~

START 1 2RCS¥" P21 A(A-) LOWE.R BEARING OIL LYL LOW II 2RCS-P21AI LIFT OIL PUMP RUNNING 2RCS-P21AI LIFT 0 I L PtJMP PRESS. 1--------~ HIGH 4160 V BUS 2A (SRIGHi) BUS UKDERYOLTAGE 2RCS* P21 A( A-) MOTOR REACTOR COOLUT PUMP 2RC P21A( A-) Dl FFERENT IAL AUTO STOP MOTOR ELECTRICAL I REACTOR TRIP PROTECTION TRIP c.-.-..- I 2/3 REACTOR COOLANT PP.III60Y BUSSES UMDEif--------~ FREQ. 2RCSt.MJY585( A-)l.D(f' 21 cs 2RCS

• P21 A( A- \

                                                                                                                                               ------+--at 1

BY-PASS ISOLATION YV.t------------~ 2RCS.¥'P21i(A-) RUCTOR CO~.t.ltT PUMP 5----..... DIN MOT FULLY OPEN STOP STOP I  ! BREAlER OPEl B

                   ~~1.-)LOOP               21 1 - - - { HOT LEG ISOLATION                                                                                                FIGURE 7.3-87 VALVE CLOSED LOGIC DIAGRAM MOTE:   I. REACTOR COOLAKT PUMP 2RCS* P21A(A-) IS SHOWN.

REACTOR COOLANT PUMPS Rf.I.CTOR C.OOWT PIJioiP 2RCS~P2li(B-) AIID P21C(C-) AilE SIMILAR. BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS

SOURCE lo!ONITOR CONDITION CONTROL ACTION RESUL TAIIT i<<llll fOR It 160V BUS 28 T.O. Uiii1ERVOLTA2E SS {MAINTAINED) 2RCS-P21AI 2RCS-P21Al OFF LIFT OIL PUMP STOP LIFT OIL PUMP FOR THE REACTOR COOLANT PUMP lti60V BUS 2C cs UNOERVOLTAGE 2RCS-M{ VS 22A 1 2RCS-Io!OV522A OPEN lliLET VALVE OrEN 2RCS-MOVS22A MOTOR THERMAL OV ERLOAO 1------------------------------------------~l----_.

                                       ---------                                                                                       L----f;l..r---,    7RCS-IoiDVS22A cs                                                           INLET VALVE 2RCS-MOV522A                                                CLOSE CLOSE

1. LIFT OIL PUMP 2RCS-P21A1 SHOWN, LIFT O!L PUMPS 2RCS-P21Bl ANO P21C1 SIMILAR.

R~P PRIMARY GRADE SEAL WATER INLET VALVE

2. INLET VALVE 2RCS-MOV522A IS SHOWN, INLET VALVES 2RCS-MOV522B. ANO MOV522C ARE SIMILAR.

FIGURE 7.3-88 LOGIC DIAGRAM REACTOR COOLANT PUMPS aEAVER VALLEY POWER STATION-UNIT 2

                                                                                                                                                       ~INAL SAFETY ANALYSIS REPORT

SOURCE NON ITOR CONDITION COJHROL ACTION RESULTANT NOM ITOR REACTOR COOLANT PO NP COOLING WATER 3 TROUBLE

                                                 .._....._..... 8           ZRCS

• PZIA THERMAL BARRIER CCW PRESS. HIGH 2 RCS
• P21A THERMAL BARRIER CC'I cs PRESS. HIGH 2CCP~AOVI07A(AO)

OPEH ADMIT AIR OPEN ZRCS* P21A 2CCP.JV"AOV I07 A( AO) THERMAL BARRIER CCII FLOW HIGH VENT AIR CLOSE ZRCS* P21A TH ERNAL BARRIER CC'I FLOW H!G H cs 2CCP }I{ AOV 107 A( AO) CLOSE THERMAL BARRIER THERMAL BARRIER ISOLATION VALVE COMPONENT COOLING WATER FLOW 2CCP¥ r-!OV I03A( AO) NO MOTOR THERMAL OVERLOAD cs 2CCP "'OV I 03A( AO) ISOLATION VALvt 2CCP.X MOV I03A( VJ) OPEN 2RCS i P21 A( A-) OPEN UPPlR BEARING OIL LV liiGH 2CCP1(HQV103A(AO) cs ISOLATION VALVE 2CC Pi'- MOV 103A ( AO) CLOSE CLOSE NOTE 4 RCP COOLING WATER ISOLATION VALV~ RCP OIL TROUBLE 2RCS*- P21 A( A-)  ! LOWER BtARING OIL LVL 2RCS- TK 2.3 RCP OIL COLLECT Iptl TANK HIGH LEVEL HIGH NOTES: I. THE,~M.I.L BARR!ER ISOLATION VALVE 2CCP1HOV107A(AO) IS SHOWN. THERMAL BARRIER ISOLATION VALVES 2CCP~AOV107B(BP) AND AOV107C(BP) ARE SIMILAR.

2. RCP BEARINGS COOLING WATER ISOLATION VALVE 2CCP~MOVI03A(AO) IS SHOWN.

RCP BEARINGS COOLING WATER ISQLAT!ON VALVES 2CCP~MOV103B(BP) ANO MOV103C(BP) ARE SIMILAR.  ; FIGURE 7. 3- 89

3. LOGIC FOR 2 RC S- LS 103A SHOWN, LOGIC FOR 2RCS- LS 103 B AND C IS SIMILAR. ,LOGIC DIAGRAM

4. LOGIC FOR 2.RCS- LS4l7 AND LS419 SHOW FOR 2RCS* P2.1A, LOGIC FOR 2RCS-LS42.7/429 .REACTOR COOLANT PUMPS FOR 2 RCS!!- P 21 B AND 2 RCS-LS437 /439 FOR 2RCS P21 C SIMILAR .. BEAVER VALLEY POWER STATION-UNIT 2

                                                                                                                                                                            . FINAL SAFETY ANALYSIS REPORT

cs 2CHSoliMOV303A OPEN 2CHsaN 303A 1------------------F~ LEAKOF ' VALVE OPEN 2CHS~OV303A MOTOI< THERMAL OVERLOAO 2CHS>>>OV303A LEAKO~f VALVE cs CLOSE 2CHSAMOV30 3A CLOSE REACTOR COOLANT PUMP MO. 1 SEAL W}.TER LEAKOFF VALVE cs 2CHS )(MOV378\.21J) OPEN ?CH S~r-"'OV 37BQIO) I St:ILATION VALVE OPEN 2CHS *MDV 37 8IZDJ MOTOR TIHRN.U OVERLOAD 2CIIS* HOV378\2.0) ISOLATION VALVE FIG. 7. 3-13 CONTAINMENT CLOSE ISOLATION PHASE A TOROUE SEAT CLOSE NOTE 3 TRAIN A cs 2C'!S~OV~78(ZO) CLllSE REACTO!i COOLANT PUt<'~ SUL \'lATER ISOLATION VALVE SEALWAID INJECTION HIC 2CHS)!.HCV\86(Z-) FILTER A DIFFERENTIAL 2CHS*-HCV 186(Z-) ~----------------------I::SJII INJECTION FILTER V. PRESS. HIGH MODULATE MODULATE REACTOR COOLANT PUMP SEAL WATER INJECTION FILTER VALVE VALVE OPENS OM MOTES: AIR FAILURE

1. LEAKOFF VALVE 2CH~OV303A SHOWN, LEAK OFF VALVES 2CHS¥10V303B, AND II DY.liE303C ARE SIMILAR

2. ISOLATION VALVE 2CHS *MOV37E (20} SHOWN, FIGURE 7.3- 90 ISOLATION VALVE 2CHS*MOV381(ZP) SIMILAR.

LOGIC DIAGRAM

3. ~ BY WESTINGHOUSE

• REACTOR COOLANT PUMPS

      .-, 2CHS-DIS I57 A SHOWN, 2CHS-DI S157B SIN ILAR.                                                                                                      BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR COMO ITl ON RESULTANT MONITOR REACTOR COOlANT PlN' TRruiL£ NOTE 5 2RCS'f P21 A( A- f 2RCS¥ p21 A( AL) NO. I SEAL LEAKOFF A/0 1---------~ NO. I SEAL LfAtOFF TEMP. HIGH , 1-----. !1: TEMPERATURE 2RCS*P21 A( A-} THRUST BEARING UPPER 1---~ SHOE TEMPERATURE REACT(I! COOLANT 2RCS¥f21 A{ A-) PIW TRruJLE THRUST BEARING LOWER L---Hf NOTE 5 SHOE TEMPERATURE 2RCS~21A(Af)METAL .!! A/0 t - - - - - - - - - - 8 ! 1 BEARING T£MPERATURE HIGH . 2RCS -¥f>21 A{ A-) UPPER GUIDE BEARING R'HE 6 TEMPERATURE 2RCHP21 A{A-) LOWER GUIDE BEARING t..---+31 TEMPERATURE

                                                                                          ~160V BUS 2A UN OER FREQUENCY                                                                                                                   REACTOR CQOLANT PUMP BUS UNDERVOLTAGE/

UNDER FRECUENCY ltl60 V BUS 28 UNDERFREOUENCY 2/3 REACTOR COOLANT FIC. 7.3*87

                                                                                          ~160    V BUS 2C                                                                           PUMP BUSSES Ull OERF REOUEKCY                                                                          UNDER FREQUeNCY 2RCS ¥ P21 A{ A-)

LOWER RADIAL BEARING J-------f~ A/0 1 - - - - - - - - - e t RADIAL BEARING TEMP TEMPERATURE HI Gil . 21i:CS¥ P21 A(A-) MOTOR STATOR WINDING TEMPERATURE NOTES:

1. REACTOR COOLA~T PUMP 2RCS~P21A(A-} MONITORING DEVICES SHOWN. ~. EACH REACTOR COOLANT PUMP MOTOR IS SUPPLIED WITH SIX RTD'S.

REACTOR COOLANT PUMPS 2RCS~P21B(B-} AND P21C(C-} MONITORING DEVICES SIMILAR. ONE IS USED FOR COMPUTER INPUT, ONE FOR RECORDER INPUT AND ONE FOR ELECTRICAL PROTECTION, THREE ARE SPARES.

2. UNDERFREQUENCY STATUS LIGHTS, COMPUTER INPUTS, AND ANNUNCIATORS, 2RCS-P21A 2RCS-TE~IBBI, 2, 3, ~. 5, 6 INPUTS ARE COMMON TO BOTH TRAINS (NOT SHOWN}.

2RCS-P21 B 2RCS-TE~28BI, 2, 3, ~. 5, 6

3. REACTOR COOLANT PUMP ASSOCIATED EQUIPMENT MARK NUMBERS: 2RCS-P21C 2RCS-TE~38BI , 2, 3, ~. 5, 6 2RCS ,( P21 A( A-} 2RCS~P21 B( B-) 2RCS*"P21 C( C-) RECORDER 5. AN RUNCIATOR SET PO INT CE RERATE D BY RECOROE R.

2CIIS-TE132 2CHS-TE129 2CHS-TE126 2RCS-~~BA 2Ct1S-TE131 2CHS-TE128 2CHS-TE125 2RCS-~~BA

6. PUMPS 2RCS*P21A, P21B, AND PZIC UTILIZE 2RC'i- TE~ 18B 2RCS-TE~38B 2RCS-1P+BA FIGURE 7.3-91 2RC5-TE~2BB COM M0N RECORDER GENE RATED SET POINT.

2RCS-TE~17A 2RCS-TE!t27A 2RCS- TE~37 A 2RCS-~~BB LOGIC DIAGRAM 2RCS-TE~178 2RCS-TE~278 2RCS-TE~37B 2RCS-~~BB 2RCS-TE~1BA 2RCS-TE~28 A 2RCS-TE~38A 2RCS-~~BB :REACTOR COOLANT PUMPS 2RCS-TE~19 2RCS-TE~29 2RCS-TE~39 2RCS-~~BB :SEAVER VALLEY POWER STATION-UNIT 2

                                                                                                                                                                                                   !FINAL SAFETY ANALYSIS REPORT

MOtiiTOR COIDITIOI SOURCE MDIII TOR COIIDITIOM SOURCE 2RCS*'P21 A( A-) UPPER BEARIIIG LUBE OIL COOLING WATER FLOW 2RCS~P2JA(A-\UPPER A/0 BEAR lNG l.UIIe:' 0 I( COOLII<<i MATER FUltl l.4rl 2RCS'*P21 A( A-) UP PER BEARING LUBE OIL COOL.WTR.DISCH.TEMP 2RCS~P21A(A-) THRM. 2RCS*P21A{A-) BARRitR COOLING WATER STATOR COOLING WATER DISCHARGE TEMP. FLOW 2RCS~P21A{A-)THRM. 2RCS;KP21A{A-)STATOR A/D BARRIER COOLING WTR. A/D WINDING COOLING WATER DISCH. TEMP. HI. LOW LOW 2RCS~P21A(A-)LOWER 2RC~P21A{A-)STATOR BEARING LUBE OIL COOLING WATER COOLING WATER FLOW DISCHARGE TEMP. 2RC~P21A(A-)LOWER 2RC~P21A{A-)PUMP BEARING lllBE OIL COOLING COOLING WATER A/0 WATER FUJtrl LOW 0 ISCHARGE TEMP. MOTES: I I. REACTOR COOLANT PUMP 2RCS~P21A(A-) MONITORING DEVICES SHOWN. 2RCS~21A(A-)PUMP REACTOR COOLANT PUMP 2RCS~P21B(B-) AND P21C{C-) MONITORING DEVICES SIMILAR. A/D COOLING WTR.DISCH. TEMP. HICH

2. REACTOR COOLANT PUMPS ASSOCIATED EQUIPMENT MARK NUMBERS:

2RC~ P21A{A-) 2RCSi! P21 B( B-) 2RCS~P21 C{ C-) 2CCP-TEIOV. 2CCP -TE I02B 2CCP-TE102C 2CCP- TE103A 2CCP-TEID3B 2CCP- TEl 03C 2CCP-TEIO!lA 2CC~*TEID!lB 2CCP-TE IOllC 2CCP-FTIO'lA 2CCP-fTID~B 2CCP-FTI~C 2CCP-TE105A 2CCP-TE105B 2CCP-TE106C 2CCP-FT105A 2CCP- FT IOSB 2CCP-FTIOSC FIGURE 7. 3-92 2CCP-FT106A 2CCP-FTID68 2CCP-FT106C LOGIC DIAGRAM 2CCP-TE107A 2CCP- TE1078 2CCP- TEl 07C REACTOR COOLANT PUMPS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONOI TlON SOURCE MONITOR CONDITION 2RCS-:t'P21AkA-t NO. I SEAL OIFFE EN IAL PRESSURE SEAL INJECTION WAlE RETURN HEADER TEMPERATURE B 2RCS~P21A(A-) NO. I A/D SEAL DIFFERENTIAL PRESS. LO 2RCS~P21A(A-)THRM. BARR.LABYRINTH SEAL WATER FLOW 2RCS.~<P2lA(A-) SEAL LEAKOFF FLOW

                                                                    .!!          2RCS~P21A(A-)TKRM .

A/D BARR.LABYRINTH SEAL WATER FLOW LOW 2RCSJt P21 A(A-) A/D .!! SEAL LEAKOFF FLOW LOW 2RCS f P21 A( A-) 2RCS* P21 A IA-J SEAL SEAL LEAKOFF FLOW WTR BYPASS FLOW TO V.C. TK. LOW . 2CHS + NOY30l SEAL WATER BYPASS VALVE OPEN

                                                                                                                                     .REACTOR COOlANT ' - - - - J 2RCS~ P21  A( A-)                                      PlW SEAL VEKr POr A/D                                               SEAL LEAKOFF fLOW                                       LEVEL HIGII/U1fl HIGH                                                      ~                                 2RCS *P21 A{ A-)

SEAL VENT POT LEVEL HIGH REACTOR COOLANT RM' NOTES: SEAL VEHT POr

1. REAC TOR COOLANT PUMP 2RCS "- P21 A( A-) M0N 1TOR ING DE VI CES SHOWN.

LE\'EL HIGH/ J.Oif

     ~EACTOR COOLANT PUMP 2RCS~P21B(B-) AND P21C(C-) MONITORING DEVICES SIMILAR.

2RCS;t.P21 A{ A-) SEAL YFNT POT LEVEL LOW

2. REACTOR COOLANT PUMPS ASSOCIATED EQUIPMENT MARK NUMBERS:

2RCS* P21 A( A-) 2RCS ~P21 B( B-) 2RCS t P21 C( C-) 2CHS-FT130 2CHS-FT127 2CHS-FT12~ 2CHS-FT156t. 2:;H:>-FT15 5A 2CHS-FT1 S~A 2CHS-FT156B 2CHS-FT155B 2CHS-FT151tB 2CHS-DT156 2CHS-DT155 2CHS-DT1 5~ FIGURE 7. 3- 93 2CHS-FIS156 2CHS-FIS155 LOGIC DIAGRAM 2CHS-FIS15~ 2RC S-LS406 2RCS- LS407 2 RCS- LS 408 REACTOR COOLANT PUMPS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

HORIZONTAL SHAFT A/D VIBRATION UMP SHAfT VIBRATION HQNITOR VERTICAL/P.ORIZONTAL MOTES: DANGER

1. 2RCS-¥ P21 A( A-) SHAFT VI BRAT ION MOH ITOR SHOWN.

2RCS~ P21 A( A-) FR AidE VI BRA Tl ON MOM ITOR, 2RCS 'H2! B(B-) SHAFT AND FRAME VIBRATION MONITORS AND 2RCS~P1tC{C-) SHAFT AND FRAt~E VI BRAT ION MONITORS ARE SJ MILAR.

2. VIBRATION MONITORS ASSOCIATED EQUIPMENT MARK NUMBERS:

VERTICAL Si-~,i.FT HORIZONTAL VERTICAL fRAME HORIZONTAL

3. A KEY PHASOR PROBE 2RCS-NBE2GSA, B. & C IS PROVIDED FOR EACH REACTOR PUMP WHICH IS REQUIRE~ FOR !NITI~L AND ANY SUBSEQUENT BALANCING,

      ~. VMP - VIBRATION MONITORING PANEL IS LOCATED IN THE CONTROL ROOM.
                                                                                                                           ;FIGURE 7.3-94

5. A MANUAL RESET IS LOCATE~ ON THE VIBRAT\0~ MONITOR PANEL FOR EACH VJBRATI~H MONITOR. LOGIC DIAGRAM .

iREACTOR COOLANT PUMPS

                                                                                                                           !BEAVER VALLEY. POWER STATION-UNIT 2 fiNAL SAFETY ANALYSIS REPORT

SOURCE CONDIT ION COIITROL ACT I ON RESULTAIIT MOICITOR FIG.7.3-93 cs 2CH~V307 OPEN 2CH~V307 1-----------~ SEAL 'fiATER BYPASS VALVE OPEN 2CHS~OV307 MOTOR THERMAL OVERLOAD 2CHstMOV307 1------------~ SEAL 'fiATER BYPASS cs 'IALVE CLOSE 2CHS;Wo!OV307 CLOSE SEAL 'fiATER BYp,5S VALvE

                                                                                  !FIGURE 7.3 -95 iLOGIC DIAGRAM iREACTOR COOLANT PUMPS
                                                                                 'SEAVER VALLEY POWER STATION-UNIT 2 I
                                                                                 ;FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 0 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN The functions necessary for safe shutdown are available from instrumentation channels that are associated with the major primary and secondary systems of the nuclear steam supply. These channels are normally aligned to serve a variety of operational functions, including start-up end shutdown as well as protective functions. However, procedures for securing and maintaining Beaver Valley Power Station - Unit 2 (BVPS-2) in a safe condition can be instituted by appropriate alignment of selected components in the nuclear steam supply. The discussion of these systems, together with the applicable codes, criteria, and guidelines, is found in other sections of this safety analysis report. In addition, the alignment of shutdown functions associated with the engineered safety features, which are invoked under postulated limiting fault situations, is discussed in Chapter 6 and Section 7.3. Two kinds of shutdown conditions, both capable of being achieved with or without offsite power, are addressed in this section: hot standby and cold shutdown. Hot standby is a stable condition of the reactor achieved shortly after a programmed or emergency shutdown of BVPS-2. Although hot standby is the safe shutdown design basis for BVPS-2, safety grade provisions have been incorporated in the design of the plant to facilitate cold shutdown. Cold shutdown is a stable condition of the plant achieved after the residual heat removal (RHR) process has brought the primary coolant temperature below 200°F. For a description of the RHR system and how it is used for cold shutdown, refer to Section 5.4.7. For either case of the safe shutdown, that is, hot standby or cold shutdown, the reactivity control systems maintain a subcritical condition of the core. The plant Technical Specifications explicitly define both hot standby and cold shutdown conditions. The electrically-powered instrumented and controlled systems and equipment which are required to be aligned for achieving and maintaining cold shutdown without offsite power, with main control room occupancy, with a single random failure, and with limited operator action outside of the control room are a minimum set listed as follows. These systems and equipment are available from inside the main control room:

1. Emergency, vital electrical power supply,*

2. Auxiliary feedwater system (AFWS),*

3. Residual heat removal (and isolation) system,

4. Borated water inventory supply to centrifugal charging pump suction via the emergency boration path and the boric acid transfer pump, which takes suction directly from the boric acid tank through a normally open path when the emergency boration valve is opened. In addition, there is an 7.4-1

BVPS-2 UFSAR Rev. 16 alternate source of boration supplied to the charging pump suction from the refueling water storage tank,

5. Redundant discharge system from the centrifugal charging pumps, both having throttling capability through safety injection lines,

6. Power operated relief valves (PORVs) for reactor coolant system (RCS),

7. Pressurizer safety valves,*

8. Decay heat removal, using steam line atmospheric dump valves (ADVs) and limited operator action, as well as steam generator safety valves,*

9. Safety grade head vent letdown to pressurizer relief tank isolation system, which will withstand an active failure,

10. Reactor protection system,* and

11. Redundant accumulator isolation venting, in addition to the normal isolation valves.

• The minimum number of instrumentation and control functions permitted under nonaccident conditions, which are required to be aligned for maintaining hot standby. They are available outside as well as inside the main control room, and accomplish the following functions:

1. Prevent the reactor from achieving criticality in violation of the Technical Specifications,

2. Provide an adequate heat sink such that design and safety limits are not exceeded,

3. Pressurizer pressure control, and

4. Provide RCS inventory control.

7.4.1 Description Instrumentation and control provisions associated with the hot standby systems are identified in Sections 7.4.1.1 and 7.4.1.2. The equipment and services for cold shutdown are identified in Section 7.4.1.4. Loss of the monitoring instrumentation and local controls outside the main control room and normal automatic systems are not assumed coincident with control room evacuation. For applicable drawings, refer to Section 1.7. 7.4-2

BVPS-2 UFSAR Rev. 12 7.4.1.1 Monitoring Indicators The characteristics of these indicators, which are provided outside as well as inside the main control room, are described in Section 7.5. The necessary indicators are as follows:

1. Water level indicator (wide range) for each steam generator,

2. Pressure indicator for each steam generator,

3. Pressurizer water level indicator, and

4. Pressurizer or RCS pressure indicator.

The remote shutdown monitoring instrumentation channels, with readouts displayed external to the control room, are shown in Table 7.4-3. 7.4.1.2 Controls 7.4.1.2.1 General Considerations

1. The turbine is tripped (Note that this can be accomplished at the turbine as well as in the main control room). This closes the turbine steam stop valves.

2. The reactor is tripped (Note that this can be accomplished at the reactor trip switchgear as well as in the main control room).

3. All automatic systems continue functioning (discussed in Section 7.7).

4. Selected controls for safe shutdown are located inside as well as outside the main control room. Those controls located outside the control room are provided with a control transfer pushbutton which transfers control from the main control room to the emergency shutdown panel (ESP). Placing the pushbutton in the local operating position is annunciated inside the main control room.

7.4.1.2.2 Pumps and Compressors

1. Auxiliary feedwater pumps In the event of feedwater pump stoppage due to a loss of electrical power, the auxiliary feedwater pumps start automatically. The pumps can be started manually at the ESP as well as inside the main control room.

2. Charging pumps Start/stop motor controls for these pumps are located on the ESP as well as inside the main control room.

7.4-3

BVPS-2 UFSAR Rev. 16

3. Boric acid transfer pumps Start/stop motor controls for these pumps are located on the ESP as well as inside the main control room.

4. Service water pumps Start/stop motor controls for these pumps are located on the ESP as well as inside the main control room.

5. Component cooling water pumps Start/stop motor controls for these pumps are located on the ESP as well as inside the main control room.

6. Instrument air compressors These compressors start automatically on low air pressure.

However, loss of instrument air does not prevent the operation of the minimum systems necessary for hot standby. 7.4.1.2.3 Emergency Diesel Generators These units start automatically following a loss of normal ac power. Manual controls for emergency diesel generator start-up are also provided locally at the diesel generators as well as inside the main control room. 7.4.1.2.4 Valves and Heaters

1. Charging flow control valves Charging flow control valves fail open upon loss of instrument air. Subsequent control of the flow can be maintained through control of the charging pumps at the ESP.

2. Letdown orifice isolation valves Manual control is provided both at the ESP and inside the main control room.

3. Auxiliary feedwater control valves Controls for these valves are located at the ESP and inside the main control room.

4. Steam generator safety valves and steam line atmospheric dump valves

a. Spring-loaded safety valves The safety relief valves on each steam header are located upstream of the isolation valves. They are spring-loaded, self-opening on an increase in pressure in the steam header.

7.4-4

BVPS-2 UFSAR Rev. 16

b. Atmospheric dump valves The ADVs are located upstream of the isolation valves, one on each steam header. Control of these valves is automatic by steam line pressure, with remote manual control by adjustment of the pressure set point from the main control room as well as at the ESP. In addition, local manual operators are provided in the event of complete loss of automatic control.

5. Pressurizer heater control On-off control with selector switches is provided for two backup heater groups at the ESP. The heater groups are connected to separate buses, such that each group can be powered from separate emergency diesel generators in the event of loss of offsite power (LOOP). The controls are grouped with the charging flow controls at the ESP and duplicate functions are available in the main control room.

7.4.1.3 Main Control Room Evacuation The instrumentation and controls listed in Sections 7.4.1.1 and 7.4.1.2, which are used to achieve and maintain a safe shutdown, are available in the event an evacuation of the main control room is required. These controls and instrumentation channels, together with the equipment and systems listed in Section 7.4.1.4, identify the potential capability for cold shutdown of the reactor subsequent to a main control room evacuation through the use of suitable procedures. Control room evacuation shall not occur coincident with an abnormal operating condition (Condition II, III, or IV event) except the loss of offsite power. The emergency shutdown panel and the equipment used to maintain remote shutdown fulfill the single failure criterion. Normal control from the main control room would normally be expected to function under all conceivable events. In accordance with General Design Criterion (GDC) 19, provisions are made to control certain vital systems required for hot standby of the unit from a central location (ESP) (Table 7.4-1) outside the main control room in the event of inaccessibility of the main control room (Section 6.4 on main control room habitability). The design bases for establishing the functional requirements to provide hot shutdown capability from the ESP are as follows:

1. As previously stated, inaccessibility of the main control room shall not occur simultaneously with or subsequent to an accident condition other than a LOOP.

7.4-5

BVPS-2 UFSAR Rev. 24

2. The main control board, although not necessarily remaining operable, shall not be affected because of main control room inaccessibility to the extent that the control board generates spurious or unwanted control signals which would prevent hot standby from the ESP.

3. A sufficient quantity of auxiliary feedwater shall be available for decay heat removal until such time as the RHR system can be placed in operation. The AFWS is described in Section 10.4.9.

In the event that a main control room evacuation is required, the controls and monitoring instrumentation, which are located on the ESP, will be utilized. The design criteria for control room evacuation includes single failure and coincident loss of offsite power. Power sources for all Class 1E control circuitry of pumps and valves are the same power sources as those used in the main control room. Separation of redundant train-related and non-Class 1E circuits is maintained by barriers or appropriate air space. All control equipment (other than indicators) which is part of a Class 1E circuit meet the requirements of IEEE Standard 344-1975, "Seismic Qualification of Class 1E Equipment," and IEEE Standard 323-1974, "Qualifying Class 1E Equipment." Transfer of control to the shutdown panel is accomplished by the transfer pushbuttons and switches on the shutdown panel. Transfer separates all control from the control room. Reset (override) is accomplished by hand reset transfer relays at the local relay panel. In the event of an exposure fire in the instrumentation and relay room, cable spreading room, west communication room (ESP), or the cable tunnel, the alternate shutdown panel (ASP) is designed to provide instrumentation and controls to support safe shutdown. The switching capability of the ASP (Table 7.4-2) provides a means of shutdown capability support that bypasses all equipment and electrical cables located in the previously mentioned four fire areas. All electrical cables that pass through these areas and which are required for safe shutdown, are electrically removed from their circuits to ensure isolation of the affected fire area and allow independence of the ASP. The ASP will control one train of one redundant division of the Class 1E systems supporting safe shutdown of BVPS-2. 7.4-6

BVPS-2 UFSAR Rev. 0 7.4.1.4 Equipment and Systems Available for Cold Shutdown

1. Auxiliary feedwater system pumps (Section 10.4.9),

2. Boric acid transfer pumps and tanks (Section 9.3.4),

3. Charging pumps (Section 9.3.4),

4. Service water system pumps (Section 9.2.1),

5. Main control room ventilation (Section 9.4.1),

6. Component cooling water pumps (Section 9.2.2.1),

7. Residual heat removal system pumps (Section 5.4.7),

8. Certain motor control centers and switchgear sections associated with motors, valves, and heaters on this list (Section 8.1),

9. Controlled steam release and feedwater supply (Sections 7.7 and 10.4.9),

7.4-6a

BVPS-2 UFSAR Rev. 0

10. Accumulator piping and valving for isolation and venting (Section 6.3),

11. Nuclear instrumentation system (source range or intermediate range) (Section 7.2),

12. Reactor coolant inventory control (charging and letdown)

(Section 9.3.4),

13. Pressurizer pressure control, including opening control for pressurizer relief valves and heater control (Sections 10.4 and 7.6),

14. Safety injection trip block control, and

15. Accumulator isolation valve control.

Detailed procedures to be followed in effecting cold shutdown from outside the main control room are best determined by plant personnel at the time of the postulated incident. During such time, the plant could be safely maintained at hot standby. 7.4.2 Analysis Hot standby is a stable plant condition, automatically reached following a reactor trip from power. Additionally, the plant design features permit the achievement of cold shutdown as referred to herein, such as in Sections 5.4.7 and 7.4.1.4. In the unlikely event that access to the main control room is restricted, the plant can be safely kept at hot standby through the use of monitoring indicators and controls listed in Sections 7.4.1.1 and 7.4.1.2 until the main control room can be re-entered. Cold shutdown conditions can be achieved through the use of suitable procedures and by virtue of control of the equipment listed in Section 7.4.1.4 from the ESP. The controls available at the ESP provide the capabilities of achieving and maintaining a safe shutdown when the main control room is inaccessible. The controls necessary for immediate operator action to establish a stable plant condition are available at the ESP or in adjacent emergency switchgear rooms. The controls, along with limited operator action, provide a means of sustaining the capability for boration, letdown, RHR, natural circulation, continuing reactor coolant pump essential water services, and secondary system depressurization. The preceding instrumentation and control functions, which are required to be aligned for maintaining safe shutdown of the reactor, are the minimum number of instrumentation and control functions needed. Some of the equipment that provides part of these instrumentation and control functions are control systems discussed in Section 7.7 that are not part of the protection system. Proper operation of other nonsafety-related control systems will allow a 7.4-7

BVPS-2 UFSAR Rev. 0 more normal shutdown to be made and maintained by preventing a transient. In considering the more restrictive conditions that Section 7.4 deals with, it can be said that certain accidents and transients are postulated in the Chapter 15 safety analyses which take credit for safe shutdown, when the protection systems' reactor trip terminates the transients and the ESF systems mitigate the consequences of the accident. In these transients, in general, no credit is taken for the control system operation should such operation mitigate the consequences of a transient. Should such operation not mitigate the consequences of a transient, no penalties are taken in the analyses for incorrect control system actions over and above the incorrect action of the control system whose equipment failure was assumed to have initiated the transient. These Chapter 15 analyses show that safety is not adversely affected when such transients include the following:

1. Uncontrolled boron dilution,

2. Loss of normal feedwater,

3. Loss of external electrical load and/or turbine trip, and

4. Loss of ac power to the station auxiliaries (station blackout).

The results of the analysis which determined the applicability of the nuclear steam supply system safe shutdown systems to the USNRC GDC, IEEE Standard 279-1971, applicable USNRC Regulatory Guides, and other industry standards are presented in Table 7.1-1. The functions considered include both safety-related and nonsafety-related equipment and are:

1. Reactor trip system,

2. Engineered safety features actuation system,

3. Safety-related display instrumentation for post-accident monitoring,

4. Main control board,

5. Emergency shutdown panel,

6. Residual heat removal,

7. Instrument power supply, and

8. Control systems.

For the discussion addressing how these requirements are satisfied, the column in Table 7.1-1, entitled Applicable Criteria Discussed in Section, provides the appropriate reference. 7.4-8

BVPS-2 UFSAR Rev. 24 7.4.3 References for Section 7.4 U.S. Nuclear Regulatory Commission (USNRC) 1981. Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants. NUREG-0800. 7.4-9

BVPS-2 UFSAR Tables for Section 7.4

BVPS-2 UFSAR Rev. 16 TABLE 7.4-1 INSTRUMENTS AND CONTROLS OUTSIDE MAIN CONTROL ROOM FOR COLD SHUTDOWN Instruments on ESP Mark No. Steam generator level indicators 2FWS-LI477A, 487A, 497A (1 each) Steam generator pressure indicators 2MSS-PI474A, 485A, 496A (1 each) Pressurizer level indicators (2) 2RCS-LI459C, 460C Pressurizer pressure indicators (2) 2RCS-PI444A, 455A Loop hot leg temperature indicators 2RCS-TI413A, 423A, 433A (1 each) Loop cold leg temperature indicators 2RCS-TI410A, 420A, 430A (1 each) Reactor coolant pressure indicators 2RCS-PI441B, 440A (2) Auxiliary feedwater flow indicators 2FWE-FI100A3, 100A1, (2/Steam Generator) 100B3, 100B1, 100C3, 100C1 RHR return to loop temperature 2RHS-TI606A, 606B indicators (2) RHR flow indicators (2) 2RHS-FI605A1, 605B1 RHR (Heat Exchanger Outlet) flow 2RHS-FI606A1, 606B1 indicators (2) Volume control tank level indicators 2CHS-LI112A, LI115A (2) Charging flow indicator 2CHS-FI122A1 Regenerative heat exchanger to loop 2CHS-TI123A temperature indicator Emergency bus voltmeters (2) VM-BUS2AE, 2DF Source range NI (4) 2NMS-NI31BA, 31DA, 32BA, 32DA Intermediate range NI (4) 2NMI-NI35BA, 35DA, 36BA, 36DA 1 of 4

BVPS-2 UFSAR Rev. 0 TABLE 7.4-1 (Cont) Equipment with Control Switches and Control Transfer Switches on ESP Mark No. Auxiliary feedwater control valves 2FWE*HCV100A, 100B, 100C, 100D, 100E, 100F Emergency boration valve 2CHS*SOV206 Non-regenerative heat exchange 2CHS*PCV145 discharge valve Letdown to coolant recovery tanks 2CHS*MOV100A, 100B Turbine driven auxiliary feed pump 2MSS*SOV105A, 105B, steam supply valves 105C, 105D, 105E, 105F Atmospheric steam dump valves 2SVS*PCV101A, 101B, 101C Pressurizer auxiliary spray isolation 2CHS*MOV311 valve Non-regenerative heat exchanger 2CHS*AOV204 letdown isolation valve Letdown orifice isolation valves 2CHS*AOV200A, 200B, 200C Letdown isolation valves 2CHS*LCV460A, 460B Charging line to RCS isolation valve 2CHS*MOV310 Boric acid tank to charging pump 2CHS*MOV350 suction Reactor coolant system spray valve 2CHS*MOV311 Charging pump suction from RWST 2CHS*LCV115B, 115D Volume control tank isolation valves 2CHS*LCV115C, 115E Residual heat exchanger PCCW outlet 2CCP*MOV112A, 112B valve and pump seal cooler Residual heat removal inlet isolation 2RHS*701A, 701B, 702A, valves 702B Residual heat removal safety injection 2RHS*MOV720A, 720B return isolation valves 2 of 4

BVPS-2 UFSAR Rev. 14 TABLE 7.4-1 (Cont) Equipment with Control Switches and Control Transfer Switches on ESP Mark No. Atmospheric residual heat release 2SVS*HCV104 valve Safety injection accumulator isolation 2SIS*MOV865A, 865B, valve 865C Charging pump discharge flow 2CHS*FCV122 Residual heat removal purification 2CHS*HCV142 valve Residual heat removal bypass valve 2RHS*FCV605A, 605B Residual heat exchanger outlet valves 2RHS*HCV758A, 758B Residual heat removal cross-connection 2RHS*MOV750A, 750B valves Primary plant component cooling water 2CCP*P21A, 21B, 21C pumps Charging pumps 2CHS*P21A, 21B, 21C Boric acid transfer pumps 2CHS*P22A, 22B Steam generator motor-driven auxiliary 2FWE*P23A, 23B feed pumps Containment air recirculation fans 2HVR-FN201A, 201B, 201C Pressurizer heaters 2RCP*H2A, H2B Residual heat removal pumps 2RHS*P21A, 21B Service water pumps 2SWS*P21A, 21B, 21C Miscellaneous Controls Bus 2A supply from system station BRKR 42A Transformer 2A breaker Bus 2D supply from system station BRKR 342B Transformer 2B breaker Bus 2AE normal tie breaker BRKR 2A10 Bus 2DF supply breaker BRKR 2D10 Bus 2AE supply breaker BRKR 2E7 3 of 4

BVPS-2 UFSAR Rev. 0 TABLE 7.4-1 (Cont) Equipment with Control Switches and Control Transfer Switches on ESP Mark No. Bus 2DF supply breaker BRKR 2F7 Diesel generator 2-1 breaker BRKR 2E10 Diesel generator 2-2 breaker BRKR 2F10 Emergency diesel generator 2-1 Emergency diesel generator start Emergency diesel generator stop Emergency diesel generator 2-2 Emergency diesel generator start Emergency diesel generator stop Pressurizer SI block/reset Steam line SI block/reset 4 of 4

BVPS-2 UFSAR Rev. 0 TABLE 7.4-2 EQUIPMENT ON ALTERNATE SHUTDOWN PANEL Equipment Equipment Mark No. Residual heat removal pump 2RHS*P21A(AO) Residual heat removal supply isolation valve 2RHS*MOV701A(AO) Residual heat removal supply isolation valve 2RHS*MOV702A(AO) Residual heat removal isolation to CL22 2RHS*MOV720A(AO) Primary component cooling 2CCP*P21A(AO) Residual heat removal heat exchanger 21A supply 2CCP*MOV112A(AO) Service water pump 2SWS*P21A(AO) Steam generator auxiliary feed pump 2FWE*P23A(AO) Auxiliary feed pump header to steam generator 2FWE*HCV100C(AO) Auxiliary feed pump header to steam generator 2FWE*HCV100E(AO) Pressurizer heater 2RCP-H2A(ZO) Atmosphere steam dump valve to steam generator A 2SVS*PCV101A(AO) Atmosphere steam dump valve to steam generator B 2SVS*PCV101B(AO) Charging pump 2CHS*P21A(AO) Charging pump discharge flow line 2CHS*FCV122(Z-) Pressurizer power relief 2RCS*PCV456(BO) Nitrogen supply valve to safety injection 2GNS*SOV853A(AO) Nitrogen supply valve to safety injection 2GNS*SOV853B(BO) Nitrogen supply valve to safety injection 2GNS*SOV853C(CO) Safety injection accumulator nitrogen vents 2GNS*SOV854A(AO) Letdown isolation valve supply 2CHS*LCV460A(ZO) Letdown isolation valve 2CHS*LCV460B(ZO) Letdown valve - coolant recovery 2CHS*MOV100A(-O) Letdown valve - coolant recovery 2CHS*MOV100B(-O) Letdown orifice isolation valve 2CHS*AOV200A(AO) Nonregenerative heat exchanger discharge 2CHS*PCV145 Boric acid transfer pump 2CHS*P22A(AO) Redundant to emergency boration 2CHS*SOV206(ZO) Emergency diesel generator set 2EGS*EG2-1(-O) Steam generator level (Loop 21) 2FWS-LI477F Steam generator level (Loop 22) 2FWS-LI487F Steam generator discharge pressure (Loop 21) 2MSS-PI475F Steam generator discharge pressure (Loop 22) 2MSS-PI485F Presurizer level protection (Loop 21) 2RCS-LI459AF Reactor coolant pressure (Loop 21) 2RCS-PI403F Pressurizer pressure protection (Loop 21) 2RCS-PI455F Reactor coolant hot leg temperature (Loop 21) 2RCS-TI413F Reactor coolant hot leg temperature (Loop 22) 2RCS-TI423F Reactor coolant cold leg temperature (Loop 21) 2RCS-TI410F Reactor coolant cold leg temperature (Loop 22) 2RCS-TI420F Steam generator auxiliary feed line 2FWE-FI100AF Steam generator auxiliary feed line 2FWE-FI100BF 1 of 2

BVPS-2 UFSAR Rev. 0 TABLE 7.4-2 (Cont) Equipment Equipment Mark No. Source range count rate 2NMS-NI31BF Source range start-up rate 2NMS-NI31DF Bus 2A supply breaker ACB-42A Bus 2AE supply breaker ACB-2A10 Bus 2AE emergency supply breaker ACB*2E7 Emergency diesel generator supply breaker ACB*2E10 Diesel generator heat exchanger service 2SWS*MOV113A(AO) water header valve Service water pump discharge valve 2SWS*MOV102A(AO) Charging pump suction valve from refueling 2CHS*LCV115B(AO) water storage tank 2 of 2

BVPS-2 UFSAR Rev. 13 TABLE 7.4-3 REMOTE SHUTDOWN PANEL MONITORING INSTRUMENTATION INSTRUMENT MEASUREMENT RANGE

                                                -11       -3

1. Intermediate Range Nuclear Flux 10 to 10 amps

2. Intermediate Range Startup Rate -1.5 to +5.0 DPM 0 6

3. Source Range Nuclear Flux 10 to 10 CPS

4. Source Range Startup Rate -1.5 to +5 DPM

5. Reactor Coolant Temperature - Hot Leg 0 - 700°F

6. Reactor Coolant Temperature - Cold Leg 0 - 700°F

7. Pressurizer Pressure 1700 to 2500 psig

8. Pressurizer Level 0 - 100%

9. Steam Generator Pressure 0 - 1200 psig

10. Steam Generator Water Level 0 - 100%

11. RHR Temperature - HX Outlet 50 - 400°F

12. Auxiliary Feedwater Flow 0 - 400 GPM 1 of 1

No. t0080-LSK-1H4A 1 2 3 4 5 6 7 8 SOURCE MONI":OR CONDITION CONTROL ACTION RESULTANT MC~JITOR A ~~~~~~--~----~~ A L

                                                                                                                                                                                                                                                       \

A CONTROL AT ALTERNATE SHUTDOWN PANEL B A L B B l_~/\.

                    / c \

( c t c

                                /,-~.,
                                            \
                                              \

P[lV'il

                                \~c::.,   /
                                            /
                                                §_

i LOOP 21 MAIN S TEAH liNE

                                                   \,:RES SURE D                                                                                                                                                                                    ).                                                                                      D 2SVS-PCV101A<AOl OPEN-DUMP VALvE:.

NOTES:

                                                                 *******~ 1. LOGIC FOR ATMOSPHERIC OUHP VALVE 2SVS-PCVl01A(A0l SHOWN STEA>1 0U>1P SYS CONTROL CIRCUITS
                                                                             ~~g~~t~~v~~~g~~~l~7~6l g~~R N~Atb~r~b~5~~~ 0 W~~ 01~~~R~z~~:k0J.S~~~w~IM~~~~l.                                                                          FINALIZED FLUID SYSTEM POWER FAILURE       2. >1AJN STEA>1 LINE PRESSURE INDICATED ON 2>1SS*PI485A FOR LOOP 22.

PAM2 2MSS-PI484 A!\1[: HA!N STEAM LI~E PRESSURE INDICATED ON 2r~SS-P{4g6A FOR LOOP 23, PAt-12 2MSS_:fi4'H. UFSAR FIGURE 7.4--5 E

3. LIGHTS ARE ONLY LIT ,:,T PAN[!_ 'w'H[CH HAS CnNTRUL.

E O.M. FIGURE 21-9A FENOC HRSTfNERGY NIXLEAR OPERATING COMPANY BEAVER VALLEY POW~R i------*-- - - - - - SlATION UNil

                                                                                                                                                            ~~( ~10-29-01_                                                                    LOGIC DIAGRAI"i N ' S ~ -~~~--~-~-- __ !3_~_w .R.Q T"1_

STEAM BYPASS SYSTEM f>..l/A A 1808Q-LC'!;-ll-l4(1l 0 2 3 4 PFlEPAfi£0 f).'l 5 6 TNE 8'."?5

REVI2 I SCILJRCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR lST STAGE 1V~.PRE~ 1 SUDDEN LOAD LOSS 6 ss STEAM DYPASS M SMALL LOAD 15% OF FULL LOAD E CONTROL MODE SELECTOR REJECTION RESET M I ss STEAM BYP CONTROL MODE SELECTO 108D993 SH 2. STEAM PRESSURE I

                                                                      ~E"ACTOR    TRIP                                                                                                     Fl G. 7.4-9 TRAIN A                                                                                                           FIG.7.4-10 FIG.7.4-11 2CWS-P21A                                                                            ST AND 2ND SANK VV' COOLING TOWER PUMP                                                       AND        STEAM BYPASS RUNNING                                                                             PERMISSIVE 2CWS-P21B COOLING TOWER PUMP                                                                                                 STEAM RUNNING                                                                                                            DUHP a    ACTUATION 2CWS-P21C                                                                                                      SEM COOLING TOWER PUMP RUNNING C) 2CWS-P21D COOLING TOWER PUMP RUNNING              AND                                          lOT 2CNM-CND21A                                                                                                      CONDENSER B MAIN CONDENSER VAC                                                                                                UNAVAILABLE NORMAL 2CNM-CND21B                                                        NOT MAIN CONDENSE~ VAC        ss STEAM BYPASS NORMAL                     CONTROL MODE SELECTOR                                    3RD AN:> 4-TH BANK vv I:)

T AVG AND STEAM BYPASS

                                                                                                                           ~                                 PE~ ISS I VE LSK-5-78                 11ST STAGE TURB. PRES SUDDEN LOAD LOSS 50% OF FULL LOAD          ss STEAM BYPASS                       M CONTROL MODE SELECTO                  E RESET                                 M B

STEAM BYPASS PERMISSIVE$ A LARGE LOAD REJECT ION NOTES: 1, STEAM BYPASS CONTROL MODE SELECTOR SWITCH IS MAINTAINED IN "STEAM PRESSURE", SPRING RETURN TO "T AVG" FROM "RESET". FIGURE 7.4-6 2, "#BY WESTINGHOUSE* LOGIC DIAGRAM STEAM BYPASS SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 UPDATED Fl NAL SAFETY ANALYSIS REPORT

SOURCE MOM ITOR COMO ITIOM CONTROL ACTION RESULTANT MONITOR

                                                                                                                                                                                                                          ~~K.

SS TRAIN A r------------------------------------------- SL Dg_ff~TID ST. BYP. IKTLK. S[LECTOR ON J-----------------------------------------+:..1 FIG. 7. 4-9 SS TRAIN ACMOMEN ST.BYP. INTLK.SELECTOR ) - - - - - - - - - l ; , t DEFEAT T AVG COOLDOWN VALVES TRA!N A 10BD993 SH. 5 TRAIN A BLOCK S IGMAL 1-----------------+--------1 2/3 REACTOR COOL. LOOPS J - - - - - - - - - - 4 0-LO TAYG. FIG. 7.4-10 FIG. 7.4-ll SS TRAIM A I ST BANK AND ST.BYP.INTLK.SELECTOR >------....... 2ND BANK VALVES OFF/RESET TRAIN A BLOCK SIG . FIG. 7. 4-12 FIG. 7.4-13 3RD BANK AND IHH BANK VALVES TRAIN A BLOCK SIG, STEAM BYPASS BLOCK SIGNALS NOTES: 1. 1ST BANK VALVES 2ND BANK VALVES 3RD BAliK VALVES IHH BANK VALVES 2MSS-PCV106A 2MSS-TCVI 060 2MSS-TCV106A 2MSS-TCV106C 2MSS-TCV106H 2MSS-TCVJ06E 2MSS-TCV106B 2MSS-TCV106G 2MSS-PCYJ06B 2MSS-TCV106M 2MSS-TCV106F 2MSS-TCV106J FIGURE 7.4-7 2MSS-PCV106C 2MSS-TCV106P 2MSS-TCV106K 2MSS-TCV106N 2MSS-TCV 106L 2MSS-TCV106Q LOGIC DIAGRAM STEAM BYPASS SYSTEM

2. STEAM BYPASS INTERLOCK SELECTOR SWTICH IS MAINTAINED IN "OFF/RESET",SPRING RETURN TO "OK" FROM "DEFEAT T AVG."

BEAVER VALLEY POWER STATION-UNIT 2

3. LOGIC FOR TRAIN A BLOCK SIGNALS SHOWN, LOGIC FOR TRAIN B BLOCK SIGNALS SIMILAR. FINAL SAFETY ANALYSIS REPORT 4 =!=!= BY WESTINGHOUSE.

REV 12 SOURCE MONITOR CONDITION CONTROL ACTION MONITOR 2MSS* PH6ij A MAIN STEAM HEADER PRESSURE

                                                                              -.:;;;o" 6 r-
                                                                                             ........ K+ J H/A SETPOINT I'. JMll...                                                         L~                                                           .e
                  """'  PIL~6ij                                                                       STEAM PRESSURE A                                                                          CONTROLLER
                                ~
                                                                                                                                                                                                                                      ..... 2gc~    NOTE 2
                                                                                                                                                                                                                      \? A            I""'

Jlij08 SS STEAM BYPASS """ A--e..B B CONTROL MODE SELECTOR T STEAM PRESSURE a ' C~B L~ c .... 6 FIG. 7.4-9 loo"'

                                                                                                                                                                                  ...... NOT 2MSS*                                              FIRST STAGE TURBINE                                                                                                                                                                                 FIG. 7.4-10 PT446                           ..... F(X)
                                                                                                                                                                                  ~

FIG. 7.4 -II

                                """'                PRESSURE CONVERTED (28)                                          TO TEMPERATURE                                                                                                                                                                                      FIG. 7.4-12 t~                                                                                                         FIG. 7.4-13 LOOP 21 , 22, 23 7                                             MEDIAN T I..VG.

1"'>..

                                                                                                                                  ....... 6          ~   K ~         F(X)

LSK-11-14K LOAD REJECTION CONTROLLER

                                                                                                                   ......      NOT             ...

r-... AND

                                                                                                                                               ......                                         \ iJ A SS STEAM BYPASS                                                                        ,_.....

REACTOR TRIP B CONTROL MODE SELECTOR A~B T B I TRAIt~ 108D993 SH. 2 T AVG. ~ r-... I.' C~B

                                                                                                                                               ......                                         L~   c AND r-..
                                                                                                                                 ~

6 ,..._

                                                                                                                                                              """'     F !x l
                                                                                                                                            ~~

REACTOR TR~P NO LOAD T REF. CONTROLLER NOTES: I. STEAM BYPASS CONTROL MODE SELECTOR SWITCH IS MAINTAINED IN "STEAM PRESSURE", SPRING RETURN TO "T AVG." FROM "RESET".

2. ANALOG DISPLAY TO SHOW MAGNITUDE OF CONTROL SIGNAL.

FIGURE 7.4-8

3. BY WESTINGHOUSE LOGIC DIAGRAM STEAM BYPASS SYSTEM BEAVER VALLEY POWER STATION- UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SOURCE NON I TOR CONDIT! OM CONTROL ACT I OM RESULTANT 2MSS-PCV106A OPEN COOLDOWh VALVES 1----t~ TO ALLOW STEAM BYPASS TO CONDENSER VALVE CLOSES ON AIR FAILURE TRIP OPEN' c ADMIT NOTE 3 SUPPLY A I R FIG.7. 4-10 108D993 SH 2 SS STEAM BYPASS TRAIN B CONT. MODE SELECTOR REACTOR TRIP B T c TAVG. -NO LOAD TRE p----------------l~ HIGM I ST BANK STEAM; BYPASS COOLDOwtl VALVES FIG. 7. 4-8 NOTES: 1. LOG I C FOR 2MSS-PCV I 06A SHOWN, LOG I C FOR 2MS 5-PCV I 068 AND C SIMI LAR 3. COMNON ~OR All STEAM BYPASS VALVES.

2. ASSOCIATED MARK NUMBERS: 4. ~ BY WESTINGHOUSE VALVE 1ST SOV 2ND sov 3RD SOV LITH SOV FIGURE 7.4-9 2MSS-PCV1 06A 2MS5- PSV1 06A 1( -0) 2MSS- PSV I 06A2{ -P) 2MSS-PSVI06A3 2MSS-PSVI06A~ LOGIC DIAGRAM 2M SS-PCV 1068 2MS~ - PS V10681 ( -0) 2MS~- l'SV 10682{ -P) 2MSS-l'S VI 06B3 2MSS-PCV1 06 C 2MSS- PSV 106CI { -0) 2MS5 - PSV I 06C2 ( -P) 2MSS-PSV106C3 2MSS-PSV106B~

2MSS-PSV106C~

                                                                                                                                                                             ~TEAM BYPASS SYSTEM t;!EAVER VALLEY POWER STATION-UNIT 2 IFINAL SAFETY ANALYSIS REPORT

SOURCE MOM !TOR CONDITION CONTROL ACT ION RESULTANT VENT A 1ST BANK AND 2MSS-TCV106H B 1ST BANK VALVE OPEHS 2ND BANK VALVES TRAINt-------------~----------------------------------------------------*------4 A BLOCK SIGNAL TO ALLOW STEAM BYPASS TO CONDENSER 2MSS-TCV106H VALVE CLOSES ON AIR FAILURE STEAM BYPASS VALVE c OPEN VENT 2MSS-TCVI 06H STEAM BYPASSSVALVE CLOSED SOURCE SIMILAR 1ST BANK AND TO TRAIN A 2ND BANK VALVES BLOCK SIGNAL TRAIN B BLOCK SIG. VENT A FIG. 7. 4-6 1ST AND 2ND BANK VALVES STEAM BYPASS PERMISSIVE TRIP OPEN FIG- 7. 4-9 TAVG. - TREF. NOTE 3 ADMIT c HIGH ~ SUPPLY AIR A 1OB0993 SH. 2 TRAIN B SS STEAM BYPASS B CONTROL MODE SELECTO 2MSS-TSV106H~ T REACTOR TlUP T FIG. 7.4-9 TAVG. - NO LOAD TREF. HIGH J-----------------------------&1 1ST BANK STEAM BYPASS VAL~ES 0 FIG. 7. 4-8

     ~*----------
                                             /REACTOR TRIP, LOAD 1

REJECIION, OR STEAM PRESSURE CONTROLLER OUTPUT NOTES: 1. LOGIC FOR 2MSS-TCV106H SHOWN, LOGIC FOR 2MSS-TCV106L SIMILAR. 3. COMMON FOR ALL STEAM BYPASS VALVES. '

2. AS SOC IATED MARK NUMBERS: 4. 1t BY WESTINGHOUSF FIGURE 7.4-10 VALVE 1ST SOV 21\0 sov 3RD SOV liTH SOV ~OGIC DIAGRAM 2MSS-TGV106H 2MS~- TSV I06Hl {-0) 2MS:- TSV106H2{-P) 2MSS-TSV106H3 2MSS-TSV106Hll 2MS S-TCVI 06 L 2MSS- TSV 106Ll {-0) 2MSS- rsv 166 L2 ( -P) 2MSS-TSVI06L3 2MSS-TSV106Lll ~TEAM BYPASS SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT VENT A DE-ENERGIZE 2MSS-TCV106D 1ST BANI< AND FIG. 7. 4-7 T J..!B:..._-AII 2ND BANK VALVE OPENS 2ND BANK VALVES 2MSS - TSV~OOJ I ( -0) TO ALLOW STE.A.M TRAIN A BLOCK SIGH BYPASS TO CONDENSER 2MSS-TCV1060 STEAM BYPASS VALVE c VALVE CLOSES ON AIR FAILURE OPEN 2MSS-TCV1 060 STEAM BYPASS VALVE CLOSED SOURCE SIMILAR TO 1ST BANK AND TRA IH A BLOCK 2ND BANK VALVES SIGMAL TRAIN B BLOCK SIG. FIG. 7. 4-6 I ST AND 2ND BA HK VALVES STEAM BYPASS B PERMISSIVE RCS T~~OB 1----------1 ......_ ______ ADMIT SUPPLY AIR

                                                                                                                                                           ~A IOBD993 SH 2            TRAIN B                              SS STEAM BYPASS CONTROL MODE SELECTOR                                                         T B REACTOR TRIP T

c TAVG. - NO LOAD 'iREF.

                                                                ~------------4~

HIGH 2ND BANK STfAM BYPASS VALVES EACTOR TR IP, LOAD FIG. 7. 4-8 REJECTION, OR STEAM PRESSURE CONTROLLER OUTPUT NOTES: VALVE 1ST SOV 2ND SOY 3RD SOY llTH SOY 3. COMMON FOR ALL STEAM BYPASS VALVES. I, LOGIC SHOWN FOR; 2MSS-TCV106D 2MSS -ISV1 06Dl (-0) 2M Sf- T5V1 C6D2( -P) 2MSS-TSV106D3 2MSS-TSV106Dil 2MSS-TSV106Eil 4, .ft BY WESTINGHOUSE FIGURE 7.4-11 LOGIC SIMILAR FOR: 2MSS-TCV106E 2MSS- TSV 106E1 ( -0) 2MSS- TSV 1O~E2.( -P) 2MSS-TSVl 06E3 LOGIC DIAGRAM 2MSS-TCV106M 2MSS - TSV 106h'i [ -0) 2MSS- TSV 106M2( -P) 2MSS-TSV106M3 2MSS-TSVI06Mil 2MSS-TCVl 06P 2MS~ -TSV106Pli-O) 2MSS - TSV 106P2 ( -P) 2MSS-TSV 106P3 2MSS-TSV106Pil STEAM BYPASS SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 fiNAL SAFETY ANALYSIS REPORT I

SOURCE COHO IT I ON RESULTANT MONJTO~ CONTROL ACT I ON VENT A 2MSS-TCV1 06A 3RO BANK AND FIG. 7.4-7 3RO BANK VALVE OPENS LITH BANK VALVES TO ALLOW STEAM TRAIN A BLOCK SiG *. BYPASS TO CONDENSER 2MSS-TCV 106 A 3RO oANK VALVE c VALVE CLOSES ON AI~ FAILURE OPEN 2MSS-TCV1 06A 3RD BANK VALVE CLOSED B SOURCE S l MILAR 3RO BANK AND TO TRAIN A LITH BANK VALVES BLOCK SIGNALS TRAIN B BLOCK SIG. FIG. 7. 4-6 3RO AND LITH BANK B 2 VALVES STEAM BYPASS T 1---_, PERMISSIVE rR IP OPEN c NOTE 3 ADMIT

                                                                                                                                            .!!c                     SUPPLY AIR A

SS STEAM BYPASS B CONTROL MODE SELECTOI?.---'::..1 T T c IOBD993 SH 2 TP.A!N B REACTGR Til J P 3RD BANK STEAM BYPASS VALVES REACTOR TRIP, LOAD FIG-7.4-8 REJECltON, OR STEAM PRESSURE CONTROLLER OUTPUT NOTES:

3. COMMON TO ALL STEAM BYPASS VALVES.

VALVE 1ST SOY 2ND SOV 3RD SOY IJTH SOY 4 * .:l:f. BY WESTINGHOUSE FIGURE 7. 4-12

 !.LOGIC SHOWN FOR:       2MSS-TCVI06A  2MSS - TSV 106A 1 ( -0} 2MSS- TSV 106A2( -P}           2MSS-TSVl 06 A3 2MSS-TSVI 06 All LOGIC SIMILAR FOR:     2MSS-TCV106B  2MS~ - rsv1 06BJ ( -o)  2MSS- TSY106B2(-P}             2MSS-TSV 106 B3 2MS S-TSV 1Of 811
                                                                                                                                                                                           'LOGIC DIAGRAM 2MSS-TCVI 06F 2MSS - TSV 1:>6F1 ( -0) 2MSS- TSV106F2(-P}             2MSS-TSVI 06 F3 2MSS-TSVl 06 Fll                                                             STEAM BYPASS SYSTEM 2MSS-TCV106K  2MSS - TSVI 06Kl ( ~0)  2MSS- TSV 106K2( -P)           2MSS-TSV I 06 K3 2MSS-TSV1 06 Kll                                                            BEAVER VALLEY POWER STATION-UNIT 2 2MSS-TCVI06Q  2MSS- !SV 106Q 1( -0}   2MSS -TSV106Q2{-P)             2MSS-TSVI 06 Q3 2MSS- TSVI 060ll FINAL SAFETY ANALYSIS REPORT

SOURCe MONITOR CONDITION CONTROL ACTION R~~ULTANT VEIH A 3RD BANK AND 2MSS-TCVl 06 C FIG. 7. 4-7 I-'S'--"""""""'~ ltTH SANK VALVE OPEitS ltTH BANK VALVES TO ALLOW STEAM TRAIN A BLOCK SIG. BYPASS TO CONDENSER 2MSS-TCV106C VALVE CLOSES ON AIR FAILURE 11-TH SANK VALVE c OPEN 2MSS-TCV106C ltTH BANK VALVE CLOSED 3RO BANK AND SOURCE SIMILAR TO ~-----I LITH BANK VALVES TRAIN A BLOCK TRAIN 8 BLOCK SIGNAl SIGNAL FIG. 7. 4-6 3RD AND LITH BANK VALVES STEAM BYPASS B PERiollSSIVE 1 AVG. - 1 REF. TRIP OPEN c NOTE 3 HIGH SS STEAM BYPASS B CONTROL MODE SELECTOR>----f~ T c 10SD993 SH 2 TRAIN B. REACTOR TRIP LITH BANK 'sTEAM BYPASS VALVES EACT~RlP, LOAD FIG. 7. 4-8 REJECTION, OR STEAM PRESSURE CONTROLLER OUTPUT

3. COMMON FOR ALL BYPASS VALVES FIGURE 7.4-13 NOTES: VALVE lSI soy 2ND SOV 3RD SOV LITH SOY 4. #-BY WESTINGHOUSE

1. LOGIC SHOWN FOR: 2MSS-TCV106C 2MSS- TSVl 06Cl ( -0) 2MSS - TSVl 06C2{ -P) 2MSS-TSV106C3 2MSS-TSV106CII- LOGIC DIAGRAM LOGIC SIMILAR FOR: 2MSS-TCV106G 2MS5 -TSV106G1 ( -0) 2MSS - :-svl 06G2 ( -P) 2MSS-TSV106G3 2MSS-TSV106GL! STEAM BYPASS SYSTEM 2MSS-TCV 106J 2MSS - ~SVl 06Jl ( -0) 2MSS - TSV 106J2 (-P) 2MSS-TSV106J3 2MSS-TSV106JL!

2M:,S-TCV106N 2MSS- [SV106Nl ( -0) 2MSS- fSV106N2{-P) 2MSS-TSV106N3 2MSS-TSV106Klt BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 12 SOURCE CONDITION CONTROL ACTION RESULTANT 2RCS* REACTOR COOLANT TX4:2k1 LOOP 21 AVERAGE TEMPERATURE TL0-006-042-02

                                                                                                                                           ,r
                                                                                                                                                                                         ... /zRcs-
                                                                                                                                                                                         .,.. \TR408
                                                                                                                                                                                                              -B 2RCS*

TX422k1 REACTOR CCOLI'>NT LOOP 22 AVERAGE TEMPERATURE

                                                                                                                                    ..-  MEDIAN         LOOP 21,22,23 MEDIAN T AVG
                                                                                                                                                                                             ...... 7 TLD-006-058-02                                                                                                                                                                        FIG. 7.4-8
                                                                                                                                           ~~   TLC-006-041-04 7     c 2RCS*                                               REACTOR COOLANT TX432K1                                              LOOP 23 AVERAGE TEMPERATLRE TL0-0;:)6-074-02 SOP                                                                                                                                                CCNTROL AT SI-UTOOWN PANEL 2SVS*HCV1e41ZPI         2SVS*HIC1041ZWI HEAT RELEASE VALVE OPEN

==========~ B B SOP 2SVS*HCV:04:ZPI "1ANUAL RESET AT 'iELAY B___.A 2SVS*HCV1041ZPI c

==========~

C__.A L T RESID HEAT RELEASE 2SVS*HCV1041ZPI PB A MODULATE HEAT RELEASE VALVE 2SVS*HCV 10 41ZP I '----------___J NOTE 1 CLOSED CJ~T'iCL TRANSFER VALV~ FAILS CLCSEC 0~ LCSS OF 480V

==========::::: s 0 p VALV~ FAILS CLCSEC 0~ LCSS OF CONTROL SIGNAL t\OTE: 2SVS *H IC; 0 4-11 ZWI

l. 2SVS*HCVliJ41ZPI 1-IILL l-AVE POWE'i REMOVED SOP ATMOSPHERIC RESIDUAL HEAT RELEASE VALVE DURING ~ORMAL PLA~T OPERATION. '------------..J FIGURE 7.4-14 LOGIC DIAGRAM STEAM BYPASS SYSTEM BEAVER VALLEY POWER STATION - UN:T 2 UPDATED FINAL SAFE-Y ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULT~T MONITOR PB 2CCP*P21 A(AO} CONTROL TRANS r ER I 2CCF k-P.: IA(AO} CONTROL AT ', 2CCP*P21A 0 SHUTDOWN PAN~L MANUAL RESET I NOTE 2 AT RELAY

                                                                                                                                                                                      .a CONTROL AT COMPONENT COOLING                                 cs                                                                                   SHUTDOWN WATER HEADER PRESSURE                              2CCP-:H21 A(AD}                                                                      PANR LOW                                               START DIESEL LOADING cs SEQUENCE SIGNAL 2CCP AUTO

• P21 A(AD) ft 2CCP*P21C (SG) 2CCF# P21 A(A~)

COMPONENT COOLING PUM COMPOM ENT coqu NG PUM RUNNING ON BUS 2AE START I! 2CCP~ P21A (AD} DISCHARGE

                                                                                                                                                                            !HOTE 1 I PRESSURE 2CCP-t P21 A {AD)

MOTOR ELECTRICAL PROTECTION TRIP BUS 2AE UNOERVOLTAGE 2CCP #P21A(IIO) COMPONENT COOL 1NG PUMill----------1 1080993 Sit. 8 CONTAINMENT STOP ISOLATION PHASE B 1.~09-001-02~B TR.UNA cs 2CCP *'lHz"HI(AO) STOP cs 2CC P P21A (.t.O) . AUTO (AFT£r. STOP} 2CCP'* P21A (AD) COMPONENT COOLING PMP}----_. RUNii I NG NOTES: 1, LOGIC FOR PR HIARY COMPONENT COOLING WATER PUMP cs ANO ;..---... 2CCP'* P21 A(AO} 2CCP*P21A(AO) SHOWN. LOGIC FOR PUMP P!Hl(B!') SIMILAR AUTO (~FTER START). I! (BRIGHT)

2. ANNUNC I ATORS AND COMPUTE F\. INPUTS COMMON I!

TO ALL SHUTDOWN PANEL TRANSFER SWITCHES. PRI~ARY COMPONENT CODLING WATER PUMP ~. PRESSURE SWIT£11 2CCP- ?S102 FOR PUMP 2CCP~P21B(BP). FIGURE 7.4-15 ~. CONTROL FROM BENCH BOARD SHOWN. CONTROL FROM SHUTDOWN PANEL SIMILAR. LOGIC DIAGRAM

5. CONTROL FROM BENCH BDARJ 13 ONLY AVAILABL~ WHEN CONTROL TRANSFER IS RESET.

PRIMARY COMPONENT

6. SEE ADDITIONAL CONTROL OF 2CCP *P21A(AO) ON FIG. 7.4-17 COOLING WATER PUMPS

1. ONE CO~ PUT ER INPUT WILL PROVIDE BOTH ON AND Off INO I CAll 0MS. BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MO!U+QJ! CONDITION CONTROL ACTION RESULTANT MONITOR PRI COMP COOLINr., WATER SYSTEM PB p TRCUBLE 2CCP *P21 C(SO) COMPOOENT COOLING CONTROL TRA NSFE R 2CCP* P21 C( SG)

                                             .B.      WTR. HDR. PRESSURE                                                                    CONTROL AT LON                                2CCP*P21C(S                                       SHUTDOWN PANEL MANUAL RESET ACB 2E7                             AT RELAY BUS   2AE SUPPLY    BRKR.                                                                                                    /.!!

CLOSED CONTROL AT SHUTDOWN PANEL CuMPONENT COOLING cs NOTE: 3 WATER HEADER PRESS. 2CCP* P21 C(SO) FIG. 7. 4-15 LOW START DIESEL LOADING cs 2CCP ~ P21 C(SO) SEQUENCE SIGNAL AUTO ~ 2CCP*'P21 A(AO)

• _2CCP P21 C( SG)

RACKED IN ON COMPONENT COOLING BUS 2AE PUMP START .!! 2CCP*P21(SG) DISCHARGE PRESSURE 2CCP 'H21 C(SG) MOTOR ELECTRICAL PROTECTION TRIP BUS 2AE 2CCP .-P21 C( SG) UNDERVOLTAGE COMPONENT COOLING cs PUMP STOP lCCP* P21 C( SO) CONTAINMENT STOP 1080993 SH.B ISOLATION PHASE B l.ll09-001-024-B TRAIN A cs 2CCP*P2 i C{SO) AUTO (AFTLR STOPj PRI COKP COOLING 2CCP*P21 C(SG) PUHP AUTO COMPONENT COOLING START WATER PUMP RUNNING Sl'CP NOTES: '---t.:...:..l.!! I. LOGIC FOR PRIMARY COMPONENT COOLING WATER PUNP cs 2CCP~P21C(SG) ON BUS 2AE SHOWN. LOGIC FOR PUMP 2CCP *'P21 C( SO) 2CCP~P21C(SG) ON BUS 2DF SIMILAR. AUTO (AfTER START

2. ANNUNCIATOR AND COMPUTER IN PUTS CONN ONTO All SHUTUOWN PANEL TRANSFER SWITCHES. .PRIMARY COMPONENT COOLING WATER PUMP

3. PRESSURE SWITCH 2CCP -*f>s 102 FOR PUMP 2~CP*P21C(SG) ON BUS 2D~.

FIGURE 7.4-16 ll. CONWOL FROM BENCH BOARD SHOWN, CONTROL FROM SHUTDOWK PANEL SIMI LAR. '-OGIC DIAGRAM COOLING WATER SYSTEM

5. CONT~OL IN THE BENCH BOARD IS ONLY AVAILABLE WHEN THE CONTROL TRANSFER IS RESET.

PRIMARY COMPONENT

6. ONE CON PUTE R IN PU! WILL PROVIDE BOTH o* HO Off IMD ICATI OKS.

                                                                                                                                    ~OOLING WATER PUMPS
                                                                                                                                    ~EAVER VALLEY POWER STATION-UNIT 2 rlNAL SAFETY ANALYSIS REPORT

REVI2 SOURCE COND I Tl ON CONTROL ACTION RESULTANT MONITOR cs 2CCP* MOV150-1 (APJ OPEN 2CCP*MOV150-1 (AP) HEADER ISOLATION VV. ~---.........f!iilll OPEN 2CCP*MOVI50-1 (AP) NO MOTOR THERMAL OVERLOAD

                                                                                                                                                             -2CCP7if MOV 150-1 ( APl cs                                          )-----------~ HEADER ISOLATION VV. 1----~ilf 2CCP*MOV150-I (AP)                                          CLOSE CLOSE TORQUE SEAT CLOSE 1080993 SH.B                                   CONTAINMENT ISOLATION PHASE B TRAIN B PRIMARY COMPONENT COOLING WATER HEADER ISOLATION VALVE NOTES:

1. HEADER ISOLATION VALVE 2CCP*MOV150-l(.I:P} SHOWN, FIGURE 7. 4- I 7 HEADER ISOLATION VALVES 2CCP~MOVI50-2(AO}, MOV151-1 (BO), MOVI51-2(BP} LOGIC DIAGRAM MOVI56-1(Af'4, MOV156*2(AO), MOVI57-1{BO), AND MOVI57-2{BP) SIMILAR.

2. ONLY MANUAL MODE OF Ol'ERATION IS AVAilABLE FROM THE AlTERNATE ,SHUTDOWN PANEL.

PRIMARY COMPONENT

3. SEE ADDITIONAL CONTROL OF 2CCP*P21A(A0)0N FIG. T. 4*15. COOLING WATER PUMPS BEAVER VALLEY POWER STATION- UNIT 2 UPDATED FINAL SAFETY ANA LYSIS REPORT

REV 12 SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR A

                                                                                                                                           !NOTE 3)                                                                                                                                         CCNTROL AT PB                                                                                                                                                   NOTE 4                       SHUTDOWN PANEL OR                                                                          2SWS*P21AIA0)

TRANSFER SOP 0 B At\J 2SWS*P21AIA0) R MANUAL RESET AT RELAY SEAL WATER L 2SWS-PS105A INJECTION PRESSURE LOW B 33 2S'w'S*MOV 102AI AOl DISCHARGE VALVE CLOSED c AND SEM cs 2SWS*P21AIAOl START *- -....

                                                                                                                                    -B                                                          v-                                                                                    R
                                                                                                                                                             ~         B
                                                                                                                                                                      -                                                                                                                           B OR 52 2SWS*P21CISG)

SERVICE WATER PUMP NOT 1"-.

                                                                                                                                                                                                                                                                             \

RUNN:NG ON BUS 2AE . . , / AMM cs B 2SWS*P21AIAOl AND ....

                                                                                                                                                                                       ....                    2SWS*P211AOl AND   SERVICE 'riATER PUMP AUTO                                                                                                                      ~

START DIESEL _OAJING NQTE 5 B 62 -

• 7 SEOLENCE SIGNAL

                                                                                                    /-                                                                                                                                                                                c OR

( T0 L NIT 1 CP ACB 2E7 ) IN OTE 8) 52 BUS 2AE SPL v .BRKR. AND CLOSED AND

                                                                                              .....       cs
                                                                                                                                                                                        ....      t\OT
                                                                                                                                                                                                                                                       /

OR ~ A sERV:CE WATER

                                                                                                                                                                                                                                                                                              ? UMP AUTO s TART/STOP 108D=i93 SH.8                        SAFETY 2S'w'S

• P21AI AOl AUTO !AFTER STOP)

                                                                                                                                                                                                                                                    ~  "                                   2     B
                                                                               ~

INJECTION SIG\JAL B TRAIN {" -

                                                                                                                                                                      -                                                                                                        7 c

A ) 2SWS*P21AI{"Q) cs 50 MOTOR ELECTRICAL 2SWS*P2JA:AQ) 51 PROTECTION AUTO !AFTER START! IB=ii::;HTI 1/- - B AND ~ w ) OR ~ B 1"-. NOT BUS 2AE 1/- (J[M) 27 Ut\DERVJLTAGE .... 2SWS*P211AQ)

                                                                                                                                                                                                                                                                         -.( w AND               OR                          SERVICE WATER PUMP ~

cs STOP 2SWS*P21AIAOl I'-._ B STOP B SERVICE WATE=i PUMP NOTE 5 7 c NOTES:

1. SERVICE WATER PU!v1P 2SWS*P21AIAOl SH0 1riN, SERVICE viATER PUMP 2SWS*P21BIBP) SIMILAR.

2. CONT=iOL FROM MAIN BOARD SHmm, CONTROL FROM SI-UH)OWN PANEL SIMILAR.

3. =>LMP COt\ TROL FROM E MA:N BOARD IS ONLY AVAILABLE WHE\J THE CONTROL TRANSFER Sw'ITCfc IS RESET. FIGURE 7.4-18

4. ANNUNCIATOR DISPI_AY IS COM'v!ON TO ALL SHUTDOWN PANEL TRANSFER SWITCHES. LOGIC DIAGRAM

5. ONE COMPUTER INPL T 'w'ILL PROVIDE BOTH Ot\ AND SERVICE WATER SYSTEM OFF !ND:C?>TIONS.

BEAVER VALLEY POWER STATION - LNIT 2

5. " BY WESTJt\::;HOUSE UPDATEC FINAL SAFETY ANALYS:S REPORT

7. SEE ADOI-:Ot\AL CONTRCL OF 2SWS*P2:AIA0) ON FIG. 7.4-26A.

8. UNIT 1 NaOCl :NJECTION CONTROL PANEL IP'\IL -WT -4)

BUS 2AE UNDER VOLTAGE cs 2SWS P21 C SG MOTOR ELECTRICAL 2SWS-!P21 C(SO) (BRIGHT) AUTO (AFTER START) B PROTECTION B cs SEAL WATER 2sws* P21 c(so} INJECTION PRESSURE STOP 2SWSJIE.P21C SG (DI t.f) LOW t----------t~ SERVICE WATER PUMP STOP

                                                       ~----------------------------------~NOT~--~

NOTES: 1. SERVICE WATER PUMP 2SWS~P21C(SG) ON BUS 2AE SHOWN, ij. PUMP CONTROL FROM THE MAIN BOARD IS NOTE 6 SERVICE WATER PUMP 2SWS~P21C(SG) ON BUS 2DF SIMILAR. ONLY AVAILABLE WHEN THE CONTROL TRANSFER IS RESET.

2. SERVICE WATER PUMP 2SWS)fP21C(SG) PROVIDED WITH TWO CONTROL SWITCHES 2SWS-*P21C(SO} FOR BUS 2AE AND 2SWS*P21C(SP) 5, ANNUNCIATOR DISPLAY IS COMMON TO ALL FOR BUS 2DF. SHUTDOWN PANEL TRANSFER SWITCHES.

6, ONE COMUPTER INPUT WILL PROVIDE BOTH

3. CONTROL FROM MAIN BOARD SHOWN, ON AND OFF INDICATIONS.

CONTROL FROM SHUTDOWN PANEL SIMILAR. FIGURE 7. 4-19 7, ~BY MANUFACTURER LOGIC DIAGRAM

8. UNIT I NaOCI TNJECTTON CONTROL PANEL <PNL*WT*4J SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR COHO IT I ON CONTROL ACTI OH RESULTAkT ~toN I TOR 2SWS 7!:, MOV I 02A (AD) AUTO 2SWS1. P21A( AO) SERVICE WATER PUMP 2SWS""' MOV f02A(.I.O) RUNNING 0 I SCHARGE VALVE cs OPEN

                                                                                                                                                                                               ~

2SWSlfMOV 102A( AD) OPEN  !! 2SWS* MOVI 0 2A( AD) NO MOTOR THERMAL OVERLOAD 0;

                                                                                                                     '-..:LOSE MOV102A(AO)               2SWS¥ MDVI 02A{ AO)

DISCHARGE VALVE CLOSE NOTES:

1. LOGIC FOR DISCHARGE VALVE 2SWS>Ic M01'102A( AO) StiOWk. SERVICE WATER PU~P DISCHARGE VALVES LOGIC FOR Dl SCHARGE VALVE 2SWS' MOV102B( BP) SIMILAR.

2. LOGIC FOR DISCHARGE VALVE 2SWS !!( MOV102C1 (AD) SHOWN.

LOGIC FOR DISCHARGE VALVE 2SWS~ f.IOVI02C2( BP) SUH LAR. 3, SEE AOOITIONAL com OL 0F OISCHARGE VALV f 2SWS *IIOVI 02 A(A Ill OM fIG. T. 4 - 26C

                                                                                                                                                       *:FIGURE 7.4-20 i LOGIC DIAGRAM SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2
                                                                                                                                                       ; FINAL SAFETY ANALYSIS REPORT

SOUICE COlD IT I Oil COIITROL ACT I011 RESULT AliT MetiiTOit cs 2SWS*MOVI07A~) OPEN 2SWS*MOV 1074 (Ao* ) I ISOLATIOtl VlLV£ OPE II 2SWS;II MOY I07A MOTOR THERMlL OVERLOAD cs 2SWS* MDV 1D7A( AD) 2SWS'*.MOY 107A AO CLOSE ) - - - - - - - - - - t : M ISOUTI 011 VALU CDNTl I liME liT CLOSE ISOUTIOII PHASE A TRAIN A SECOIIDARY COMPONENT COOLING WATER HEAT EXCHANGER SERVICE WATER lSOLATION VALVE SERVICE WTR SYS. VV. PIT AREA HEADER PRESSURE STANDBY SERVICE SS(MAINTAINED) WATER PUMP START PERMISSIVE 2SWS *lOY IIII(AO) ADMIT AIR OPEN OPEN TO SERVICE WTR, SYS. LSK-17-2A l A/D VALVE PtT AREA HDR. 2SWS *AOYIIII(AO)

                                                 .PRESSURE LOW                                      SS(MAINUINED) 2SWS*AOYI III(AO}                                                                                              CLOSE CLOSE           '

I A/D CONTAINMENT AIR RECIRCULATION COOLIN& COILS CHILLED WATER RETURN VALVE SERVICE WTR.SY'S. L

                                                                                      ------;======~----------------------1 VALVE PIT AREA HDR                                                                           T.D.

SS INAINTAINEDI P ESSURE LOW 2SWS-P22A START .!. 2SWS-P22A ADO IT ION PUMP START 2SWS-P22A MOTOR THERMAL OVERLOAD I 2SWS-P22A ADDITI 011 PUioiP SS (NAINTAINEOI STOP 2SWS-P22A NOTES: STOP I, ISOUTIOII VALVE 2SWS*MDY107A.{AO) IS SHOWII ISOLATION VALVES 2SWS~MOYI07B(API, MOY107C(BO) SERVICE WATER SYSTEM CHEMICAL ADDITION PUMP AND MDY1070{BP) ARE SIMILAR. 2 SERVICE WATER HEADER PRESSURE LOW. 3, ADDITION PUMP 2SWS-P22A IS SHOWN, ADDITION PUMP 2SWS-P22B IS SIMILAR.

                                                                                                                                                                                        ~IGURE        7.4- 21

4. II BY MAIIUFACTURER L;.OGIC DIAGRAM SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 F,INAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR cs 2SWSl.<-MOYI53-1 (AD) 2SWU NOV153-l {AD) OPEN I SOLATION VALVE OPEN 2SWS"*;NOY 153-1 AO NO l<<lTOR THERMAL OVERLOAD cs 2SWSfNOVI53-I (AO) 2SWS,i; NOV 153-I(AO) 1--------------t3ill I SOLAri ON VALVE CLOSE CLOSE I 08099 3 SH. 8 CONTA IIINENT CONTAINMENT AIR RECIRCULATION COOLER SERVICE WATER SUPPLY ISOLATOII Vf>J...VE I SOLATION PHASE 8 TRAIN A 2SWS"*J.MOV 103A (AD) cs )--------------~ HEADE~ VALVE 2SWS-* NOV I 03A (AD) OPEM OPEN SWS"*-NDY 103A(AO) NO MOTOR THERMAL OYER LOAD 2SWS*iMOV1 03A(AO) 1 - - - - - - - - - - - - - . e ! HEADER VALVE CLOSE cs 2SWS~~OV103A{APl CLOSE RECIRCULATION SPRAY HEAT EX£HANGER SERVICE WATER HEADER VALVE 2SWS ;(MDV I 06A (AD ) cs 1-------------~ INLET VALVE CLOSE 2SWS *NOV I 06A (AD) CLOSE 2SWS *MDVI 06A (AO) cs NO MOTOR THERMAL 2SWS* MDV 106A (AD) OVERLOAD OPEN 2SWS *NOV 106A {AD) INLET; VALVE OPEN I PRIMARY COMPONENT COOLING WATER HEAT EXCHANGER SERVICE WATER INLET VALVE NOTES:

1. HEADER VALVE 2SWS* MDV 103A(AO) SHOWN, 3, ISOLATION VALVE 2SWS*MDV.!__53-I (AD) SHOWN, HEADER VALVE 2SWS* N!lV 1038( BP) SIHI LAR. ISOLATION VALVE 2SWS* MDV I 53-21 AP) ,MOV152-J ( 80),

MOY152-2{BP) 3 MOV15~-1 (AO), MOVI5~-2(AP), MOV155-l(BO} FIGURE 7.4-22

2. INLET V.U VE 2SWSJiiHo!OVl 06A( AO) SHOWN, AND NOV 155-2(BP) SIMILAR.

INLET VALVE 2SWS*MOV106B(BP) SIMILAR. LOGIC DIAGRAM q, ' BY MANUFACTURER SERVICE WATER SYSTEM B~AVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

COND IliON CONTROL ACTI 011 RESULTANT MONITOR SOURCE I 08D993 SH. 8 SAFETY IIIJECTI 011 SI GilA L TRAIII A 2SWS-f NOV 113A(AO) OPEN 2SWS~MOVII3A AO

                                                                                                                                  ~-----'---------811 HEADER VA LYE

.!SWSof_MOV 113A{AO) OPEN NO MOTOR THERMAL OVERLOAD 2EGS*.EG2-t (AO)

DIESEL bENERATOR START SIGNAL t---------~

                                                                                                                                                                ~

2SWSj*MOVI13A{AO) t-------------------P!JI HEAD~R VALVE G cs ~C~L~OS~--------~ § 2SWS1!' NOVI13A(AO) CLOSE DIESEL GENERATOR HEAT EXCHANGER SERVICE WATER HEADER VALVE (NOTE 3) cs 2SWS* MOVI20A(AO) 2SWS MOV120A{AO) OPEN HUDtR VALVE OPEN. 2SWS:* MOVI20A(AO) 110 MOTOR THERMAL OVERLOAD 2SWS ~ MoV 120A (AD) HEADtR VALVE CS {NOTE 3) CLOS~ 2SWS* MOVI20A{AO) r------~ NOTES: CLOSE !, HEADER VALVE 2SWS~MOVII3A(AO) SHOWN, HEADER VALVES MOV 1130 ( BPl S!MILAR. AIR CONDITIONING CONDENSER SERVICE WATER HEADER VALVE

2. HEADER VALVE 2SWS* MDV 120A (AD) SHOWN, HEADER VA LYE 2SWS~ NOV I 208 f BP J S1H ILAR.

3. HEADER VALVE 2SWS*.MDY 120A (AO) AND *NOV 1208( BP) ARE LOCKED I II THE OPEN POSITION AT THEIR RESPECTIVE MCC WITH POWER SECURED.

~. D BY MANUFACTURER.

5. SEE ADDITIONAL CONTROL OF HEADER ~AL~E 2SWS* MOV 113A (AO) ON FIGURE 7.4- 26G.

                                                                                                                                                                          ~;IGURE      7.4-23 LOGIC DIAGRAM SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2
                                                                                                                                                                           ~INAL SAFETY ANALYSIS REPORT

REVI2 SOURCE MONITOR COMO IT I ON CONTROL ACT I ON RESULTANT MOtiiTOR SEAL WATER A/0 1------ -----...f:!W HEADER PRESSURE FIG. 7.4 *26 SERVICE LOW

                                     .----J::w A WATER SYS                                                      cs B TROUBLE                     SEAL WATER                     2SWS *-STRM-~ 7 (AO)

A/o HEADER PRESSURE MANUAL LOW SAFETY AIN A 2SWS *.STRM-~ 7 AO 1080993 SH. 8 INJECTION SIGNAL SEAL WATER SUPPLY AND ~----t:ll)l BACKWASH MOTOR TRAIN A SERVICE WATER START .L NOT E W SERVICE WATER INJECT I ON STRAINER s SYSTEM TROUBLE DIFF.PRESS. ltiGI} .. 2SWS *.STRM-~ 7 (AO) 3 .a AUTO L SERVICE WATER SYS TROUBLE NOT CS TRAIN A SEAL WATER SUPPLY CLARIFIED WATER 2SWS *STRM-Ii 7 (AO) cs 1----~ BACKWASH MOTOR 2SWS*STRM-47(AO) STOP .L OFF 2SWS*STR~- 47(AO) MOTOR THERMAL OVERLOAD SEAL WATER INJECTION STRAINER BACKWASH MOTOR 2SWS*P21C SG} RACKED IN ON 2SWS*. MOV 170A ( AO) BUS 2AE AND 1-----------------J:~ ISOLATION VALVE OPEN I

• 2SWS;t MOV 170A (AO 1----------------~ . . . . ,. . ._. .,{ NO MOTOR THERMAL OVERLOAD 2SWS.*MOV 170A (AO)

AND 1--------------~~ ISOLATION VALVf NOTES: NOT 1 - - - - - - 9 4 - - . . J CLOSE D I. LOGIC FOR BACKWASH MOTOR 2SWS*.STRM-Ii7(AO) SHOWN. LOGIC FOR BACKWASH MOTOR 2SWS*STRM-Ii8(BP) _SIMILAR. SERVICE WATER TO SEAL WATER HEADER ISOLATION VALVE

2. LOGIC FOR PRESSURE CONTROL VALVE 2SWSfPCVI17A(AO) SHOWN LOGIC FOR PRESSURE CONTROL VALVE 2SWS ;t,PCVII7B(BP) SIMILAR

3. LOGIC FOR ISOLATION VALVE 2SWS.fMOVI70A(AO) SHOWN.

LOGIC FOR ISOLATION VALVE 2SWS~MOVI70B(BP) SIMILAR. FIGURE 7. 4- 24 li. N BY MANUFACTURER LOGIC DIAGRAM SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 UPDATED Fl NAL SAFETY ANALYSIS REPORT

,:ou~ct. CONDITION CONTROL ACT I ON kC.:SULTANT MO~ IT OR 2SWS'* MDV 163 ( AO)

CHILLED WTR.INL,VV, CLOSED 2SWS:* MOV 16~(AO) Ctll LLED WTR. OUT. VV. CLOSED 2SWS.*MOYI61 {AO) 1----~ SVCE,WATER INLET YY * .,_--f::.t OPEN 2SWS *loiOV 16 I (AO) NO MOTOR THERMAL 2SWS*MDV 161 {AO) OVERLOAD 1------~~ SYCE.WATER lttLET VV. 1---......,illl CLOSE SS (MAINTAINED) CCGLI NG IIITR. TRANSFER }---6-----4==!11 2SWS* MDV 167( AO) CLOSE 1--------l:::;.t SYCE.WATER OUTLET VY.~-~ OPEN 2SWS *MDV 167(AG) 2SWS* MDV 167 ( AO) ,__----t=-t SVCE.WATER OUTLET *1v. ~--8( NO MOTOR THERMAL CLOSE OVERLOAD CONTAINMENT AIR RECIRCULATION COOLING COILS TRANSFER TO SERVICE WATER 2SWS~MOV 163(AO) NO MOTOR THERMAL OVER LOAD 2SWS* MDV 161 {AD) SVCE.WTR. IHL.YALYE LOS ED 2SWS*HOVIG7(AO) SYCE.WTR.OUT.~ALYE CLOSED 2SWS* MDV 16~ ( AO) NO MOTOR THERMAL OVERLOAD CONTAINMENT AIR RECIRCULATION COOLING COILS TRANSFER TO CHILLED WATER NOTES: I. LOGIC FOR VALVES hiOV I GI(AO), MOV\67(AO), MOVI63{AO), AND MOVI6~(A01 SHOWN. FIGURE 7.4-25 LOG I C FOR VA LVH MOY 160(BP1 NOV 166(8P), MDVI62{BP), AND MOV165{8P) SIMILAR. LOGIC DIAGRAM SERVICE WATER SYSTEM B;EAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

COli Til OL ACTION RES:JLTAiiT MONITO~ SOURCE rtOiiiTOR CONDITION CLARI FlED 2SW$~V IIB(Z-) WATER PRESSURE -K+f t - - - - - - - - - - - - - - - - - - - - - - - - - - - j : : : > j PRESSURE CONT. VALVE MODULATE (fAILS CLOSED) SET POINT CLAR I F I ED WATER PR ESSU R£ COtiTR Ol VALVE TO SEAl WATER HEADER NOTE 2,3 CS TRAIN A SEAl WATER SUPPLY ..-------------------P!I ENERGIZE ADMIT OPEN CLAR I FlED WATER ~z=s~ws~~=--~~~_J AIR TO SOV II SA (AO) 2SWH.AOV I ISA (AD) VENT

                                                                                                                                           .---------------P>!!          DE-ENERGIZE         AIR TO CLOSE CS TRAIN A SEAl WATER SUPPLY SAFETY                        SERVICE WATER                 fl                                                                                                   CLOSE I 080993   SH. 8 INJECTION SIGNAL TRAIN A                                                                                                                            2SW:S*SOV 130A (AO l SEAL WATER OPEK FIG. 7. 4-24 HEAD Ell PRESSURE LOW CS  TRAit~    B 1080993    SH. 8        SAFETY                       SEAl WATER SUPPLY                                                e----------------~ EKE~SilE                                        CLOSE INJECTION SIGNAL            CLARIFIED WATER                                                                                     ~~*--------~L-----~

TRAIN B 2SW&fSOV 130 B( BP l SEAL WATER CS TRAIN B ,___...,.._ _ - - - - - - - - - - - - - - - - 9 1 OE-[NERGIZE OPEN A /D HEADER PRESSURE SEAl WATER SUPPLY L-------------L-----~ LOW SERVICE WATER SERVI~E WATER SEAL lATER VALVES CLARIFIED WATER TO SEAL nATER HEADER ISOLAT 1ON VALVES '-----------------~ENERGIZE ADMIT OPEN

• AIR TO zsws*

SOVIISB(BP) 2SWS*AOVII8B(BP) B

                                                                                                                            .___ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _~DE-ENERGIZE                  ¥6~TR    CLOSE 8

NOTES: I.~ BY ~NUFACTURER 2* FOR ADDITIONAL CONTROL SWITCH INTERLOCKS REFER TO FIG* 7. 4-24. FIGURE 7. 4-26

3. HOLDING C.S. IN CLARIFIED WATER POSITION LOGIC DIAGRAM WITH NO SIS SIGNAL WILL ALLOW RETURN TO CLARIFIED WATER FROM SERVICE WATER SERVICE WATER SYSTEM AND RESET PRESSURE PERMISSIVE. BEAVER VALLEY POWER STATION-UNIT 2 FI~AL SAFETY ANALYSIS REPORT

CONTROL ACTION RESULTANT NOHITOR SOURCE CONDITION M 2 SWSll-P21 A (AO) E t---1---""1'1 CONTROL AT ALT. SHUTDOWN PANEL CONTROL. AT 2 SWS" P21A(AO) ALTERNATE MANUAL RESET 4 SHUTDOWN AT RaAY ....._........._~ .! PANEL C5 2SWS"'k P21 A(AO) 25W5't P2!A(AO) SERVICE WATER START PROTECTION PUMP START Asp BUS 2AE UNDERVOLTAGE 2 5WS'tP21 A (AO) cs SER\11 CE WATER 2SWS'tP21A(AO) PUMP STOP STOP ASP 2SWS~t-P21A(AO) THRUST BEARIN() TEMPERATURE SERVICE WATER PUMP 2 SWS ~P21B (BP) THRUST BEARING TEMPERATURE 25WS 'tP21C (S{,) UPPER BEARING TEMPERATURE 2SWS'f:P21C (SG) THRUST BEARING TEMPERATU NOTES: I. SEE ADO I TIONAL CONTROL OF 2SWS "1: P 21 A (AO) ON FIG. 7. 4-18. 2.0NLY THE MANUAL MODE OF OPERATION 15 AVAILABLE FROM THE ALTERNATE SHUTDOWN PANEL. FIG;UR E 7. 4- 26A 3.0NE COMPUTER POINT IS COMMON FOR ALL ALTERNATE SHU TOOWN PANEL INPUTS, LOGIC DIAGRAM SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE COMOITIOII MONITOR CONTROL ACTION RESULTANT MONITOR CONT. RM AIRCO NOT N. COND. 2 HVC REF 24A cs 2SWS:>t P25A(AO) IN OPE RAT ION 2SWS>t- P25A l------4iit C0 NDENSER RECI R 1----1~ START PUMP START 2HVC-tREF 24A A/D 1 - - - - - - - f SERVICE WATER TEMP LOW cs 2SWS >I:'P25A AUTO cs ZSWS.>t P25A(AO) 25WS>I-P25A ,____.._....;,.CONDENSER REURCI----1~ STOP PU!llP ST 2 SWS >rP 25A(A0) MOTOR THERMAL OVERLOAD CONTROL ROOM REFRIGE FfANJ CONDENSER RE(! RCULATION PUMP SfRY. WTR. SYS.

                                                '/LV. PIT AREA HOR. A TEMPERATURE ZSWS*HCVIOI,'..(/\0 VALVE FAILS OPEN 2HVC>tREF 24A                                                                              COOLING COIL RE'TU SERVICE WATER                                       K+S ..__-----------~ VALVE MCDULA'TES INLET TEMP                                                                                  TO MAINTAIN INLET SETPOII'iT                                                 CON'TROL RQOM COOUNG COIL RET URN TEMPERATURE CONTROL VALVE SERV. ITR. SYS.

VLV. PIT AREA HDR. 8 TEMP ERHURE NOTES LCONOENSER RECIRCULATION PUhiP 2SWS-'t PZ5A(AO) SHOWN, CONDENSER RECIRCULATION PUMP 25WS'tP2~B (SP)SIMILAR.

2. TEMPERATURE CONTROL VALVE 2SWS.\I.TC\IIO!A(AO) SHOWN, TEMPERATURE CON TF;-QL VALVE 2SWS.!J.TCVIOI B(BP)SIMILAR.

FIGURE 7. 4-268

                                                                                                                                  ~OGIC DIAGRAM
                                                                                                                                  $ERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2
                                                                                                                                  ~INAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR PB 2SWS >t MOVI02A~O) l - - - . CONTROL TRA M 25WS'tMOV~02A{AO) E 1 - - - . - - - - B t CONTROL AT ALT. f----4 2 SWS >t-MOVIO M SHU TOOWN: PANEL MANUAL RESET AT RELA'< 2 SW S'tMOV 102AV\C) DISCHARGE VALVE 1 - - - - - - a f OPEN . cs. 2 SW5'1M0VIb2A(AO) 2 SWS~MOV 102ACAO) ) - - - - - B I 1 - - - - - - - l i f DISCHARGE *vALVE 1 - - - - - - e t CLOSE ClOSE . SERVICE WATER PUMP DISdHARGE VALVE 2 SWS>t MOV lli3A(AO) 1---e-----at CONTROL AT ALT. 2 SWS~ MOVI13 Af..AO) SHU TO OWN ~f',NEL MANUAL RESET AT RELAY

                                                                                       ~~~~--~~

cs 2SW5'1'MQVII ~A CAO) 2 SWS\ MOY 113/!JI/\0) 1---------t:W HEADER VAtVE 1------et OPEN OPEN cs 2 SWS'tMOV II!A(AO) 2SWS:tMOVI13A(AO) 1 - - - - - - - t : i ) l HEADER VALVE NOTES: CLOSE CLOSE

1. SEE ADDITIONAL CONTROL OF DISCHARGE VALVE 25WS>tMOV 102A(AO) ON FIG. 7.4-20.

2. SEE ADO IT I ONAL CONTROL OF HEADER VALVE 2SWS'tM OV 113A(AO) ON FIG. 7. 4- 23. DIESEL GENERATOR HEAT EXCHANGE:R SERVICE WATER HEADER VALVE 3.0NLY THE MANUAL UODE OF OPERATION IS AVAILABLE FRO~ THE ALTERNATE SHU fDOWN PANEL.

4. ONE COMPU TEA POINT 15 COMMON FOR All ALTERNATE SHU TOOWN PANEL INF'UT5.

FIGURE 7.4-26C LOGIC DIAGRAM SERVICE WATER SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FI~AL SAFETY ANALYSIS REPORT

ts ZSWS*IOII138(AP) CI'£H

                                                                          .JL        ~------------- ~ t1-tf.~            25W~:<<<~IIl8(AJ<) *1 --------t-
                                                                                                                                  't,.LVf                      n
                                                                                                                                                              ~.,~
                                                                                                                 ~~0"-'ft.:..:.h""\",:-----...J 1-*

29.f'SfNOr'1131(4P) 10 f()TOI TH(RMI.l OYERl.OW cs zsws.: ~113 ~""') }-----i:.,t CLOSE _OifSEL "t:HEBAIOB HEAT fta':Js!\cfelti f!A!tH HEA'*b VALVE

                                                                                                                        ~NOTE 1)

MOTES: 1o HEADER VALVE 2SWS t...,., 1138{AP) SI-0\./N o HOOER 'tkLVE 2SWS HOI113C (BO) SIMILAR

• I;IGURE 7.4-260 LOGIC DIAGRAM

                                                                                                                               ,SERVICE WATER SYSTEM f3EAVER VALLEY POWER STATION-UNIT 2 fiNAL SAFETY ANALYSIS REPORT

REV 12 RESULTANT ~NITOR MO'TE:2 CONTROL AT A SHUTOOW"-4 1 PANEL

                                                                                                                                                                                               '----"'-~..L 2HVR-FN201A( -0)

AND t---~ COMTAIItBT AIR RECIRC. FAN START cs 2HVR- FN20IA( -0)

                                                                                         "AUTO~(AFTER START)

BUS UNDERVOLTAGE

  -   1 2HVR -FN 201A{-0)
                 ------------~--~ """~-0-TO-R--EL_E_cr_R_IC-A-l.~

PROTECTION TRIP ~----~~ AND 1--4 SAFETY INJECTION SIGNAL TRAlN A cs 2HVR-FN2t>1A( -0} 2HVR-FN2)1 A( -0) LSI< 27*1A CONTAINWENT STOP COO'AINMBIT AIR RECIRC, SUMFI WATER FAN STOP [ Dlflll, LEVEL HIGH ill.

                                                                         ""--'"' N0 T 2HVR-FN201A(-O)
   ~5~C--------~                      COMTAIMMT AIR RECIRC, FAN HI-HI VIBRATION NOTES:                                                                                                      CONTAINMENT AIR RECIRCULATION FAN

1. LOGIC: FOR CONTAINMENT AIR RECIRCliLA'iiON FAN 2HVR-FN201A(-O} ON BUS 2N SHOWN,

  *LOGIC FOR FAN 2HVR-FN2018(-P) ON BUS 2P SI'MILAP.

2. ANNUNCIATORS AND COMPUl ER INPUTS CCMMON TO ALL SHUTDOWN PANEL TRANSFER SWITCHES.

3, CONTROL FROM BUILDING SERVICE PANEL SHOWN. CONTROL FROM SHUTDOWN PA~EL SIMILA~. FIGURE 7.4-27 ~. FAN CONTROL FROM THE BUILDING SERVICE CONTROL LOGIC DIAGRAM PANEL IS ONLY AVAILABLE WHEN THE CONTROL TRA'JrtSFER SWITCH IS RESET. VENTILATION SYSTEM CONTAINMENT AIR

5. ~BY WESTINGHOUSE RECIRCULATION FANS

6. CONTAINMENT AIR RECIRC. FAN AUTO-STOP. BEAVER VALLEY POWER STATION-UNIT 2 UPDATED Fl NAL SAFETY ANALYSIS REPO~T

REV r2 SOURCE COMO ITl ON CONTROL ACTION RESULTANT MOW! TOR PB 2HVR-FN201C(*O) TRANSFER 2 HVA-FN 201 r (-0) MANUAL 'RESET \------' AT RELAY cs 2HVR-FN201C(*O) STAAT 2HVR'-FN201 C( -G) AND"--~ CONTAINMENT AIR RECIRC. FAN START 2HVR-FN201 C( -0) AUTO {AFTER START) BSC BUS UNDERVOLTAGE 2HVR- FN201C(-') AND MOTOR ELECTRICAL PROTECT IC N (BRIGHT' CONTAIN~~ENT 108099., ISOLATION PHASf. B NOTE~ .TRAIN A cs c: 2HVR-FN201C(*O)

                                                                                                                                              .._-----------t::iJt CONTAINMENT 2HVR-FN20l C( -G) 8 STOP                                                                                    AIR ONTAINMENT SUMP )                                                                                                        RECIRC, FAN STOP LS.K-27-lA                . WATER LEVEL             1-----~~~-

HIGH SIMILAR TO 2HVR *FN201A( -0) VIBRATION SIGNAL .f-------1 NOTES: CONTAINMENT AIR RECIRCULATION FAN

1. LOGIC FOR CONTAINMENT AIR RECIRCULATION FAN 2HVR-FN201C(-G) ON BUS 2N SHOWN, LOGIC FOR FAN 2HVR-FN201C(-G) ON BUS 2P SIMILAR.

2. ANNUNCIATOR AND CONPUlER INF-1.1 r CO~ON TO ALL SHUTDOWN PANEL TRANSFE~ SWITCHES.

S. CONTROL FROM BUILDING SERVICE PANEL SHOWN. CONTROL FROM SHUTDOWN PANEL SIMILAR.

~. FAN CONTROL FROM THE BUILDING SERVICE CONTROL PANEL                                                                                                                   FIGURE 7.4-28 IS ONLY AVAILABLE WHEN THE CONTROL TRANSFER SWITCH IS RESET, LOGIC DIAGRAM VENTILATION SYSTEM

5. ~BY WESTINGHOUSE CONTAINMENT AIR 6 CONTP.OL AT SHUTDOWN P~NEL REC I RCU LAT 10 N FANS 7, CONTAINMENT AIH RECIRC. FAN AUTO-SlOP BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

C

-c U)

F {

5 I

l.J

\0 b-                                                                                 z                                a q9 Hry                              C)

(^) C rro N  :-Z 53 T l\) Dr N c-) l.J m cl -{T <r)c) m E O flC =OO t0 z-a 'r vI Yzz b { *-{-r UJ H D , v,^ {DD (}J l.il z =F =zz 3 y. Y - m3m3 lrl ii-r z- r lF o - z Z z a-- D c=>> 1r1N { aln { -nC) DOI oDc) oDo i zz< zz H -;; {ft c") (-)z z-{ oT:on P P+ I<D I<D r-) u vrmm -zz 9;,2 m zi!rv 9AZ c)

                                                                -mG)                                                z
           !                                                                   83fi l--lz e3fi r12        g T                 fJfJ;!                             6='    I             o-c)        a      mc-)c-)                                            ,- v. Z                  - zo>-

{ 99 D C CC 7t gi ai t- D (nr r- 5 D N =DD D 9 a 6 r z

           -{                           -1                         m                 =m                    =m

{ -S-1 r) H , l H H r3 r! I, 7 D o cr_oo r) c-) z T z).) zz P

           -t'l                   rlr cJ' D         Z            DD zrzz
           =         {            N-H         O            T<

{ <f] a 3 T+ -l .aZ-f-t

           =

15NS zN r39; 6mPr rO f {  !- Y F a 3 s(/) mt 3

                                  -  :aE o

mnO 3 r c)N zt z-q Nz = s zl! oa ol@ D2 o 6 a) Tl? o sg z @(9 g D ili Dll, ilT cl Cf 2 6 9 z 3 z m z n c) I r D D m c-) r-) a, n c 5 D z { o z

                                                'rl D

z s T D 6 z 3 o

                                                =

o 7t g H F Q<t r C EHfl??E dt AtFo T TNN 1111 N

      ;f i=rs F                                         >zr                                DZI
                                                        =1;                                2-=
                                                                                              -{A)

Il

     =f;=ffidBx                                                                                                   fJ l:        Az_=tg                                 i* sr 3l                            F i o6                 m
      =xY 'a                                                                               <r=

a C EBf DT= D:o Y -{

     '+zz'><

i= T=a F 6Ei rr')

                                                        =P                                                        D rn          C]                                  o                      z z                                  z l;" >*i
      },2F' =                              !

rii 2> NJ a)- \o 3 35 O H= PT = r--l  :! E6 F

                                                   \ l                      DE cf    rn
     $ru
     -{                                           *F                                                              D     s NJ IE                                             ts

SOUtCE MONITOR COJIDITIOII COIITROL ACTION RESULTAMT MONITOR cs 2SWS~AOVIIOA(AO} VENT AIR OPEN OPEN

                                                                                        !                                                             2SWS1-AOY I lOA ( AO)         ~

cs 2SWS~AOYIIOA(AO) ADMIT AIR CLOSE CLOSE

                                                                                        !                                                                                           R CONTAINMENT AIR RECIRCULATION COOLING COILS COOLING WA'$R INLET VALVES COifT.AIR RECIRC.

CLG.COILS CLG.WTR. OUTLET FLOW COJIT.AIR RECIRC. CLG.COILS CLG.WTR. OUTLET T-EMPERATURE JIOTES:

1. IJILET Y.llYE 2SWS~.lOYIIO.l(AO) IS SHOWN.

INLET Y.llYE 2SWS*AOYIIOB(BP) AND 2SWS*AOV110C\SOl SIMILAR.

2. ASSOCIATED INSTRUMEifTS:

2HYR* CLC201.l 2HYR~CLC2018 2HVRilfCLC201 C FIGURE 7.4-30 2SWS-FTI32.l 2.SWS-FT 1328 2SWS-FT132C 2SWS-TEI32A 2SWS-TEI328 zsws-TEI32C LQGIC DIAGRAM V~NTILATION SYSTEM CONTAINMENT AIR RECIRCULATION FANS B~AVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 7 SOURCE CONDITION CONTROl ACTION RESULTANT NON I TOR cs 2CHS* MOV275A(A0) OPEN 2~H MOV275A(AO) 1----------~ ISOliATIIJN VALVE OPE~ 2CHS~MOV275A{AO) MOTOR THERMAL OVERLOAD cs 2CHS~~V175A{AO) 2CHS~ MOV275A(A0) I SOLATION VALVE CLOSf CL~SE TORQUE S~T rLOSE CHARG!!G PUMP MINIMUM FLOW LINE ISOLATION VALVE HIC 2S!St"HIC~68A(AO) MODULATE VALVE LATE

                                                                                                                 ~                                             1/ALVE I FAILS CLOSED ON LOSS OF POWER I

HIGH HEAD SAFETY INJECTION COLD LEG THROTTLING VALVE P8 2CHS* LCVII58 ( AOl COn'ROL TRANSFER 2CH$* LCV 1158 (AO l

                                                                                                                                    ......- - - - - - - - 9 1 CONtROl AT ALTERNATE 2CH S* LCVII5 8 {AO l                                                       SHU DOWN PANEl                             CONTROL AT MANUAl RESET                                                                                                            ALTERNATE SHUTDOWN AT RElAY
                                                                                                                                                                                                   "----L..~ PAN El B

cs 2CHf. HCV115B(AO l 2CHS*LCV!! 58 ( AO l t-----------e~ CHA GJNG PUMP OPEN SUC ION VAL V£ OPEN ASP 2CHS

• LCVIl58 (AQ)

NO MOTOR THERMAL OVERLOAD 2CH *LCVI!SB (AOl cs -------+~CHA,GING PUMP 2CHS *LCV 115 B(AOl SUCTION VALVE CLOSED ASP NOTES CLOSE FIGURE 7.4-63 I. LOGIC FOR ISOLATION VALVE 2CHS* MOV 215A ( AO l SHOWN 1 LOGIC FOR ISOLAT 10 N VALVES 2CHS MOV 215 B( BO l 1

• MOV215C{CO 11 AND *MOV313 (ZPl SIMILAR. LOGIC DIAGRAM

2. LOGIC FOR THROTTL IN G VALVE 2S IS* HCV868A (AO l SHOWN 1 SAFETY INJECTION CONTROL VALVES LOG lC FOR THR OTT LING VALVE 2SIS* HC V868 B (BPl SIMILAR.

3. SEE ADDITIONAL CONTROL OF SU CTlO N VALVE 2CHS

• LCV BEAVER VALLEY POWER STATION-UNIT 2 ll5B{AOlOH FIG. 7.4-65. FINAL SAFETY ANALYSIS REPORT

4. ONE COMPUTER IN PUT l S COMMON FOR ALL ALTERNATE SHUT DOWN PANEl l NP UTS.

REV. 18 SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR 2SIS*MOV867AIZOI

                                                                                                                                      ) - - - - - - - - -.... ISOLATION VALVE OPEN 2SIS*MOV867AIZOI 4'1                                 MOTOR THERMAL                                  NOT OVERLOAD 2SIS-MOVII67AIZI>>

ISOLATION VAI.YE CLOSE 80RON INJECTION TANK INLET ISOLATION VAI.YE 11180'1'13 SH.II SAFE TV INJECTION SIGNM. TRAIN A NOTE 2 NOT 2CHS*MOV2ti'IIZOI ISOLATION VAl.VE R OPEN 2SIS*MOV28'11Z0l 4'1 MOTOR THERMAL NOT OVERLOAD NOTE 2 2CHS*MOV28'11ZOI ISOLATION VALVE CLOSE NOTES.

1. LOGIC FOR ISOLATION VALVE 2SIS*MOV867AIZOI SHOWN.

LOGIC FOR ISOLATION VALVES 2SIS*MOVII678CZPI, -MOV867CCZOI ANO *MOV86701ZPI SIMILAR.

2. ONE COMPUTER INPUT WILL PROVIOE BOTH OPEN ANO CLOSEO INDICATIONS.

3.

• BY WESTINGHOUSE. CHARGING HEAOER ISOLATION VALVE FIGURE 7.4-64 LOGIC DIAGRAM SAFETY INJECfiON CONTROL VALVES BEAVER VALLEY POWER STATION UNIT No. 2 FINAL SAFElY ANALYSIS REPORT I

I K1\u2\lFSAR\g78411648.dgn PREPARED ONC::::J'"&? CAEDDI  : THE CNSU ~-..---~ SYSTEM  : L---------------------------------------------------------------------------------------------------------------------------------~------------------------------------------1

SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR NOTE 2CHS ~LCV 115B(AO) NO MOTOR THERMAL OVERLOAD cs 2CHS~LCVI15B(AO) 2CHS* LCV 115B(AO) SUCTIOI+ VALVE OPEN OPEN cs 2CHS* LCVI15B{AO) LSK-27-17A AUTO RECIRCULATION MODE 2CHS~ LCV IISB(AO) II+ITIATION SIGNAL 1-----""B! SUCTION VALVE CLOSE 2S IS* MOV863A(AO} DISCHARGE VALVE cs TORQuE SEAT CLOSE OPEN

• 2CHS LCV 115B(AO)

CLOSE 1080993 SH.8 SAFETY I NJ ECTI ON SIGNAL (TRAIN A) CHARGING PUMP SUCTION VALVE FROM RWST LSK-26-IIA l:CHS-TK22 cs VOLUME CONTROL TA;~K 1----F~ 2CHS*LCV\15C(ZD} LVL. LO-LO CLOSE cs 2CHS-* LCV IISC/ZO} AUTO }--------t::311 SUCTION 2CHS

• LCV 115C fZO)

VA LYE CLOSE 7.CI1S* LCV 115S(AO) CHARGING PlM' SUCTION TORQUE SEAT CLOSE F1!()4 RWST RILLY *OPEN 2CHS*LCV115C( -0) NO MOTOR THERMAL OVERLOAD 2CHS~LCV115C(ZO) 1 - - - - - - - - t : ' l SUCTION VALVE cs OPEN

• 2CHS* LCV 115C {ZO}

OPEN NOTES:L CONTROL FROM MAIN BOARD SHOWN CONTROL FROM SHUTDOWN PANEL SIMILAR CHARGING PUMP SUCTION VALVE FROM VOLUME CONTROL TANK 2CHS LCV II ~B(A<) CONTROL AT CONTij()L AT SHUTDOWN

2.

• LOGIC FOR SUCTION VA LYE 2CHS LCV 115B(AO) SHOWN, PB 20i9' LCV 115B(AO)

SHUTDOWN PANEL PANEL LOGIC FOR SUCTION VALVE 2CHS'*'LCV115D{BP) SIMILAR. GOI TAO L TR AIISFER ~ M

3. LOGIC FOR SUCTION VALVE 2CHS* LCV 115C (l_O) SHOWN, E 1------'

LOGIC FOR SUCTION VALVE 2CHS~LCV115E(ZP) SIMILAR. 2CHS*-LCV 115B(AO) M MANUAL RESET

4. ONE COMPUTER INPUT WILLPRCWIOE BOlH OPEN AT RELAY AND CLOSED INDICATIONS FIGURE 7. 4-65 LOGIC DIAGRAM

5. SEE ADDITIONAL CONTROL OF SUCTION VALVE 2 CHS LCV1158 ON FIG. 7.4- 63. SAFETY INJECTION CONTROL VALVES BEAVER VALLEY POWER STATION- UNIT 2 FI~AL SAFETY ANALYSIS REPORT

REV 12 SOURCE CONDITION CONTROL ACT I ON I RESULTANT MONITOR PB 2CH~ MOV310 ( ZP) CONTROL TRANSFER M 2CH MOV310( ZP) E 1-----BIIICONTROL AT M SHUTDOWN PANE NOT cs CONTAINMENT 2CH~MOV310 ( ZP) LSI<* 27*1A SUMP WATER LEVEL OPEN 2CHS*MOV 310 ( ZP) OTE 5 HIGH t--------~;..t ISOLATION VALVE OPEN t--------------1 2CHSt"MOV310 (Z Pl NO MOTOR THERMAL OVERLOAD cs 2CHS*HOV310 ( ZP) SAFETY CLOSE 108099 INJECTION SIGNAL 2CHStMOV310 (ZP) TRAIN A t-----f3111 ISOLATION VALVE CLOSE cs 2CHS*M0/310 (ZP) CHARGING FLOW PATH ISOLATION VALVE AUTO SS (MAINTAINED) 2SIS*MOV840 {AO} 2SIS*MOV840(AO) ANDI-----------1'* ISOLATION VALVE 2515* MOV840(AO} . OPEN OPEN a NOMOTORTHERMALr---------~=:=:=::=:=::~~--__, OVERLOAD SS{MAINTAINED) 2515+ MOV 840 (AO) 2515 iMOV84Q(AO) ANOI-------------A~~~ ISOLATION VALVE CLOSE CLOSE 2SIS*MOV869A (AO) cs HIGH HEAP SAFETY INJECTION COLO LEG THROTTLING ISOLATION VALVE SLAVE CONTACTOR 2S IS..l!fMOV869A(AO) POWER AVAILABLE OPEN 2SIS~MOV869A(AO) NOTE: 2 AND 4 AND ~-----+~ ISOLATION VALVE OPEN 25 IS'*MOV869A(AO) NO MOTOR THERMAL OVER LOAD 2S IS *MOV869A{AO) J. CONTROL FROM MAIN BOARD SHOWN FOR 2CHS*MOV310(ZP) AND .,....__ _--+o311 ISOLATION VALVE CLOSE CONTROL FROM SHUTDOWN PANEL SIMILAR ~~IS*Mova 6 sA(AO} TORQUE SEAT CLOSE

2. DURING NORMAL PLANT OPERATION ISOLATION VALVES 251SlMOV869A(AO) CLOSE

   ~MOV869B(BP) 'tMOV836(AO) *-M(}JS41(ZP)                 HAVE THEIR POWER'---------'

REMOVED BY MEANS OF A BANANA PLUG DISCONNECT ON THE MAIN CONTROL BOARD TO PREVENT SPURIOUS OPERATION OF THESE VALVES, HOT LEG SAFETY INJECTI.ON ISOLATION VALVE

3. ONE COMPUTER INPUT WILL PROVIDE BOTH OPEN AND CLOSE INDICATIONS

4. LOGIC FOR ISOLATION VALVE 2S IS*MOVB69A(AO) SHOWN, LOGIC FOR ISOLATION VALVES 2SIS*MOV869B(BP)*MOV836(AO)AND*MOV841(ZP) SIMILAR FIGURE 7.4-66 5.. MOTOR SUPPLY BREAKER IS SHUNT TRIPPED ON CONTAINMENT SUH? WATER LOGIC DIAGRAM LEVEL HIGH FOR 2CHStrMOV310 (ZP) SAFETY INJECTION CONTROL VALVES BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

CONTP"L ACT I :j_i RESULTANT SOURCE CONDIIION 8-----4" 2CHS*-P22A (AO) CONTROL AT EMCH BOARD 2CHS¥P22A (AO) . 1----P31 BOr:l~ ACID XFR. Puj.ws~-------__. cs START  : 2CH S)'C P22A ( AO) START LSK-Z8-2A BORATE t>EMANO cs SIGNAL 2CH~ P22A {AD) AUTO cs 2CH&*P22A (AD) STOP BORIC ACID TANKS/ TRANSFER PUMPS CONTROL FROM CONTROL ROOM 2CHS* P22A { AO) : TROUBLE FIG. 7. 4-7\A BORIC ACID XfR. PUMP 1-------------t

                         .a        2CH~ P22A ( AO)                                                                    STOP
    ~---+-=~===!:..____~           MOTOR THERMAL OVERLO~[)

cs 2CHS *P22A ( AO) START PB 2CHS* P22A (AO) CCNTROL TRANSFER M MANUAL RESET A.T RELA l L NOTE: I.

• LOGIC FOR rUio4P 2CHS P22~ ( ~0) SHOWN, ~~HS.*-P22A (AO) )

LOGIC FOR PUMP 2CHS.*P22B (BP) SIMILAR. STOP

                                                      .__________..,            ill

2. SEE ADDITIONAL CONTROL OF 2 CHS II P22A (AO)

ON LS K- 26-6 8. tONTROL FROM SHUT~OWN PANEL FIGURE 7.4-71 LOGIC DIAGRAM BORIC ACID TRANSFER PUMPS SEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION CONTROL ACTION RESULTANT MONITOR 2CHS -t;P22A{A0) 1o--__.,.-----~ CONTROL AT ALT. 2CHS -t- P22A(A0l SHUTDOWN PANEL MANUAL RESET AT RELAY cs 2 C HS t: P22A (AOl 2CHS

• P22A{A0l t--------E:;..t BORIC ACI DTFR. PUMPI--r----~

START START

   '1-------------1 FIG. 7.4-71 MOTOR  THERMAL OVERLOAD 2CHS *P22AlAOl cs                               )---&!BORIC ACID TFR. PUMP I------13Jt.l 2CHS -t-P22 A lAO)                            STOP STOP BORIC ACID TRANSFER PUMP NOTES:

I. SEE ADDITIONAL CONTROLS FOR 2CHS t: P22AtAO) ON LSK 26-SA, 2.0NLY MANUAL MODE OF OPERATION IS AVAILABLE FROM THE ALTERNATE SHUTDOWN PANEL. FIGURE 7. 4-71A LOGIC DIAGRAM BiORIC ACID TRANSFER PUMPS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONDITION CONTROL ACTIO~ RESULT.U T IIOIITOR VENT 2CHS(TK22 AIR TO VOLUME CONTROL TK LVL B VOLUII£ A/0 LOW CONTROL SS {NAINTAINEO) DE-ENERGIZE 2CH5;11LCVII5A TAlK 2CHS4LCYIISA COOLANT LETDOWN TO .B 2CHS* TK22 VOLUME CONTROL TANK 2CHS-LSVI15AI T DEGASifiER DIVERSION A/D VOLUME CONTROL VALVE TO Of CAS-TK. LVL HIGH* H! GH HIC ENERGIZE MODULATES If lEI 2CHS-HICIISA {NOTE I) RAISE-LOWER c .I 2CH~K22 A/D VOLUME CONTROL TK LVL HIGH K+J > 2CHOOK22 VOLUME CONTROL TANK LEVEL 2CHS

• TK22 B A/o VOLUME CONTROL Tl< ,

LEVEL LOW DE-ENERGIZE SS (MAINTl..INED) 2CHS-LSVIISA2 T A 2CHS-..LCV liSA AUTO ENERGIZE 2CHS)(TK22 VOLUME CONTROL TK LVL LO-LO ADNIT FULL SS (MAINTAINED) AIR SUPPLY 2CHS~CY liSA DIVERT 2CHS-LSV112A2 T A DE-ENERGIZE c 2CH3jl"K22 VOLUME CONTROL TANK A K+j LEVEL B TO VOLUIIE comot 2CHS-LCY I 12 TAU A DEGASIFIED LETDOWN s: 2CHS-LSVII2AI T RETURN DIVERSION HOlES: TO COOL AU I

• UIIT AIR TO 2C HS HCV 115A TO DIVERT TO DWSI FIE RS, VALVE RECOVERY YEll AIR FROII 2CHHCYI15A TO DIVERT TO VOlUIIE CONTROl TUK. DE-ENERGIZE MODULATE TAMI (NOTE 2) B

2. A>>ll IT AIR TO 2C NS- LCY 112 TO DIVERT TO THE COOLAIT RECOVEU TAU, c VEIT AIR FRO II 2CHS-l CY 112 Til DIVE U TO THE VOLUIIE COlTROL Tm. VEIH AIR

3. VOLUIIE COIITROL TAll<< TROUBLE.

FIGURE 7. 4-72 LOGIC DIAGRAM VQLUME CONTROL TANK BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION WRIROL ACTIOII RESULTANT 201S-PCVII8 WL. aJIIT. Tl .. IMlROOEN UPLY PRESSURE

      ~----------f     VOLUME CONTROL TAIIK                                                                K+f  t-*----9fRBlJCUI6 VV tm.UTES 10 PRESSURE                                                                                              MUirTAIIf A SET PRESS 10 ~

VOL!JHE COHIBOL TANK H(QBOGEN SUPPLY lliE WLLME <XIfTII)l.. TNil PRESSURE REPutiNG VALVE SS {MAIN TAl NED) 2CH~OV8101 ENERGIZE OPEN 2CHSI!ITK22 OPEN* I r----------4 VOLUME COIITROL TAIIK 2CHS-50V8101 I SCHARGE TEMPERATUR SS (MAIN TAlNEO) YENl CLOSE 2CH~OV8101 DE-ENERGIZE AIR'TO CLOSE' I VOLUME CONTROL TANK VENT VALVE VOLUME

                  ---f 2CHS~TK22 A/0      CONTROL TANK 0 l SCHARGE 1 - - - - - - - - 4 ENP. HIGH 2CHS*TK22 VOLUME CONTROL TAIIK ElfT HEADER PRESSURE 2CHS*TK22 VOLUME CONT.                            FIG. 7. 4-74 A/D      TANK VENT HEADER PRESS OW 2CHS*TK22 VOLUME CONT.

A/D TANK VENT HEADER PRESS GH 201S-PCV119 WL.aJIT. TK. VOLUME CONTROL TANK NITIIIGEII &IPPLY PRESSURE K+f REDJCING VV MOOLATES TO NITROGEN SUPPLY PRESS NAIIIT-'IN ASET PRE$S TO SET POINT VOLUME CONTROL TAJI K NITROGEN SUPPLY PRESSURE REDUCING ViLVE 2CHS~K22 2CHHCV117 VOLUME CPNTROL TANK K+J REDUCING VALVE PRESSURE MODULATE VOLUME CONTROL TANK PRESSURE I!EDUCING VALVE SET POl NT FIGURE 7.4-73 LOGIC DIAGRAM VOLUME CONTROL TANK BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

S~RCI MONITOR t;ONPITION t;OIHROL ACTION RESULTANT MONITOR cs 2CH$tHO\' Ill(- P} OPEN 2CH0040Vlll (- P) RETURN IS~L VALVE OPEN 2CHOOIOYII! NO MOTOR THERMAL OVERLOAD 2CH$*Mi)Yill (- P) RETURN ISOL 'ALVE cs CLOSE

£CH~VIII (-Pl TORGUE SEAT CLOSE CLCSE DEGASIFIED LcTDOW" RETURN ISOLATION VALVE cs 2CHmOVIO~ 1- P) >------------------------811 ENERGIZE OPEtl ~----~,_~~~------~--~

2CHS*SOVI02 2C~S¥AOVI02 (-P) cs 2CH~~AOV102(- P/ >-------------------------'-f~ DE-EHERG IZE VENT AIR TO CLOSE q kECYClEC ~YOROGEN SU~PLY VALVE 2CHS:.:PC\'li~A I A -K"f PRESSURE VALVE. MODULATE 2CHs-a-K22 VOLUME CONTROL TANK PRESSURE K+J OPEN ElfERGIZE 2CHWK22 2CH:)lt.PCV 1168 I FIG. 7. 4 -73 VOLUME CONT TK VENT PRESSIJRE VALVE 2CHS-PSVII53 H~AOER PRESS LOW MODULATE

                                                                                                                                                                 .l YftLUHE CONTROL TANK PRESSURE COHJROL VAlVES WIT All FIGURE 7. 4 -74 LOGIC DIAGRAM V!OLUME CONTROL TANK BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

CONTROL ACTION RESULTANT NONITOR I~PEN I cs ADMIT 2CHS~AOV203(-P) "

                             ~    ENERGIZE        AIR TO                             ........ R OPEN              fl              2CHS~OV203                                                           fl 2CHS*AOV2Q3{ -P)

( -Pl I~LOSE cs 2CHS~AOV203{-P) ... DE-ENERGIZE VENT " v AIR TO G CLOSE B I B VOLUME CONTROL TANK N2 BLANKET HEADE~ ISOL AT ION VALVE I FIGURE 7.4-75 LOGIC DIAGRAM VOLUME CONTROL TANK BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SCt1 ~CE 140tlllOR COMO! TIOII OONTRDL At;Ti 011 RESU~TAIIT MC'll TOR r-. 8 l!!f M E OOIITROL AT SHUTDQWN PAIIEL IIOTE3 2P.!IS~P~ lA( AD) M 2RKS*P21.1( AD) !4A..'IIJAL RESET 0 A/0 HEAT REMOVAL PUMP \AT RELAY DISCH. PRESS. HIGM ~ cs Q) 2!!!1S*P211l{ AO) 2RHS.P21.1{ AO) START 2RtiS*P~ \"( AO) 51 MOTOR ELECTRICAL HEAT REMOVAl PUMP PROTECT lOll START ,

                                                           '! 160V BUS 2AE UNDER VOLTAGE                                             ~
                                                                                                                                                                                                           !RKS*P21A( AI))

I :18)99 3 Sll. 8 COIITA I liM ENT

                                                                                                                                                                                                           !!EAT REMOVAL P'JSI' I SOLATIOII PHASE B TEST PEit!ISSIVE TRAIII A                                                                                                                                                                                RES I ruAL HE.6T
                                                                                                                           !'B 2!!!!S*P21J.( AD)                                                                                                      REMOV\1. PUMP 2RHS*MOV70 lA( AO)                                              TEST                                                                                                                    A/8 itc TEST RKR 3.1CTIOM \'AI..YE                                                                                                                                                                      -~

CLOSED cs 2!!MS* P21 A( ItO) 2RHS*MO V702A( AP) STOP \ RHR SUCTION YALYE Q.OSED

                                                                                                                                                                                                                                                  'a RESIDUAl HEAT                                                                                                                                                                             ~

ROOVAL. SYSTEM OUTLET TEMPERATURE 2RH Sa P21A(...,) 1--------1:~ HEAT ROOVAL PUMP STCP RES\ OOAl HEAT § REMOVAL SYSTEM INLET TEMPE~ATURE RES I iXJ.\1. HE.AT REMOVAL SY<;Te.t TROUBLE I cs 2R!i s. !'21.1( AD) AFTER START) I. RES I DUAL HEAT ROO VAL PUMP 2RHS.P21 A{ AD) ~!!!ll'!t, 2RHS*P11 a{ BP) Sli-lll.A.!! B RES I DUAL !!EAT P.e<<<VAL PU!-iP

        !!IJTES:

2. CONTROL FROM MAiiUIOARD SHO*, CONTR!)l~UTD0'1111 PA!IEL SIHILAR

3. CONTROL AT THE MAl II BOARD IS DillY AVliLAet..E ~E!! -THt: CO!!TROL TRAHSF!~ I~ R.~SET 6. #BY WESTINGHOUSE q, AMMUNC I ATOR- AltO COMPUTER Pli I II TS ARE ~ 'ro .\ll EOU I PMENT TRAil SFE!!S 7. SEE ADDITIONAL CONTROL OF 2RHS*P21A{A0}

5. ASSOCIATED EQUIPMENT FLCM' PATH A FLOW PATH B ON FIG. 7.4-79A 2RHS~P21A(AO) 2RHS*P2.1B(BP) a ONE COMPUTER INPUT WILL PROVIDE BOTH 2RHS-PT602A 2RHS-PT6028 ON AND OFF INDICATION :FIGURE 7.4-76 2RHS- PI602A 2RHS- P\6029 2RHS -TE604A ZRHS-TE604 9 LOGIC DIAGRAM 2RHS-TE606A 2RHS-TE606B . RESIDUAL HEAT REMOVAL SYSTEM 2RHS- T 1606A 2RHS-TI606 B 2RHS- TR604A 2.RHS- TR604 9 BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REVI2 SOURCE MONITOR MONITOR CONDITION CONTROL ACTION itESULTANT PB 2CCP*MOYI 12A(AO) CONTROL TRANSFER CONTROL AT Mt----------~ E SHUTDOWN 2CCP*MOVII2A(AO) M PANEL MANUAL RESET AT RELAY CONTROL AT SHUTDOWN PANEL cs 2CCP*MOVII2 A(AO) 2CCP~MOVI 12A(40) OPEN ,..-----~ AMD ~---------+:a.i CLG. WATER SUPPLY VV * ..,_._.....,. 2CCP*MOVII~ A(AO) OPEN NO MOTOR THERMAL I 2CCP*MOV 112A(AO) A cs l---------'=::.. AND +------------f==!lll CLG. WATER SUPPLY VV .......--t:.iiill 2CCP*MOVII2A(AO) CLOSE CLOSE cs RESIDUAL HEAT REMOVAL EXCHANGER SUPPLY VALVE 2RHS~MOV702A<AOl l----+;;;t---..TRA IN A 2RHS* MOV702A{A0l OPEN AND NO MOTOR THERMAL 2RHSeNOV702A(AG'l OVERLOAD r-----------f~ SUPPLY ISOLATION VlLVtt---.~~ REACTOR COOLANT OPEN PRESSURE LOW (TRAIN A) cs 2RHS*t<<JV702A CAP> REACTOR COOLANT A/D OPEN PRESSURE TRAIN B LOW (TRAIN B) 2HRS*t<<JV702A (AP l NO MOTOR THERMAL YERLOAD cs 2RH S*HOV702 A (A P) CLOSE REACTOR COOLANT 2RHS~MOV702-(A~ PRESSURE SUPPLY ISOLATIOft VALVE FIG. 7.4*79 HIGH (TRAIN B) Cl.O SE REACTOR COOLANT cs B PRESSURE 2RH S*t<<) '1702 A(A 0 l TOROUE SEAT CLOSE HIGH (TRAIN A) CLOSE RHR SUCTION VALVES TRANS TO ALTERNATE RHR SUCTIO" VALVES TRANS. TO ALTERNATE POWER SOURCE RESI~JAL HEAT REMOVAL SUPPLY ISOLATION VALVE PB POWER SOURCE 2RHS*NOY702A (AO) CONTROL TRANSFER N 2RHS*MOV702A(A0) B

                                                                                                                                              ~ 1--NO-TE-5-----------....fi!J.I CONTROL AT ALT.

MOTES: I. CONTROL FROM MAIN BOARD SHOWN, CONTROL FROM SHUTDOMI PANEL SIMILAR . 2RHS*NOV702A(A0) "' SHUTDOWN PANEL

2. COMPONEJIT COOLING WATER SUPPLY VALVE 2CCP*MOVI J2A(AO} SHOWN, HOY t12B(BP) NANUAL RESET SIMILAR. AT RELAY

3. RESIWAL HEAT REMOVAL SUPPlY "lSOLATION VALVE 2RHS*MOV702A(AG) SHO.e 2RHS*MOY701B(BG) 'SIMILAR FIGURE 7. 4-77

           ,,. TRANSFER OF POWEk SU-PPLIES IS DONE AT lHE TRAttSFER Bf!EAKER ASSEMBLIES NEAR                                                                                      LOGIC DIAGRAM RESPECT! VE MCC.

5. ONLY MANUAL NODE OF OPERATION IS AVAILABLE FROM THE ALTERNATE SHUTDOWN PANEL RESIDUAL HEAT REMOVAL SYSTEM

8. CONTROLS AT ALTERNATE SHUTDOWN PANEL BEAVER VALLEY POWER STATION~ UNIT 2

7. 2RCS*PR441 ALSO SHOWN ON FIG. 7.4*79 UPDATED FJNAL SAFETY ANALYSIS REPORT

8. SEE FIG. 7.4*79A FOR*ADDITIONAL CONTROL OF 2CCP*NOVII2A(A0)

SOURCE MOll I TOR COIIDITI 011 COIIiROL ACTIOII RESULT AliT MOll I TOR RES I DUAL HEAT RB<<<VAL SYSTel PB TROUBLE 2~S*P21A(AO) 2RHSM-MOV720A(AOi>--..., H~T RBI>VAL '!.D. CONTROl 1 tCAII SFEk '--~~ f'l~~!" RIJIIIIING

                                                                                                                                          -~              2RHS*MOV 7ZOA(.A.O)

MANUAL RESET AT TELAY RES !DUAL HEAT A/D REMOVAL SYSTEM

                                                         ~LOW       LOW SS(MAINTAINED)                                                 B 2RHS*FCV605A(A-) ) - - o i i - - - -

RESIDUAL HEAT SHUTDOtYN R\NEL .sop 2RHS* FCV605A(A-REMOVAL SYSTEM t-----l T ~A.l.---£~BYPASS*FLOW COtH,V, FLOW SS(MAINTAI NED) 2RHS*FCV605A(A -1 ._M_OD_UL.;...A_;T....::E~-----' FAILS CLOSED ON LOSS BENCH BOARD OF AIR Kt..S RESIDUAL HEAT ROOVAL SYSTEM FLOW R~SIDUAL HEAT REMOVAL HEAT EXCHANGER B't'PASS VALVE cs 2RHSJIE-MC1/720ACAC9 2~H ~MOV72~A(AO) REACTOR COOLANT OPEN R~TU~N ISOL~TIUN V. A/D I'RESSURE OPEN L~~ 2RHS i!IMOV720A(AO) MOTOR THERMAL OVERLOAD 2RHS*MOV 720A{AO) RU.CTOR COOLANT 1--------f::MRETURN ISOLATION V, t------1~ A/0 PRES3URE CLOSE

                                                        !!1~-

NGTEs: I. CONTROL FROM MAIN BOARD SHOWN RESIDUAL HEAT REMOVAL SAFFfY lhJECT!OM RETURN ISOLATION VALVE CONTROL FROM SHUTDOWN PANEL SIMILAR 2, RETURN ISOLATION VALVE 2RHSifMOV720B(BPl 1. ASSOCIATED EQUIPMENT SS(MAINTAINED) RECI!IVES REACTOP. COOLANT PRESSURE SIGNAL A.OW PATH A FLOW PATH 8 2RHS*HCV758A(A-) FROM 2RCS*PT441 (BY) 2RHstfCV605A{A-) 2RHS.FCV605B<B-) SHUTornJN PA 2RHS* HCV 758A{A-) 3, RETURH ISOLATION VALVE 2RHS'!fr MOVIZ::OA( AO) SHOWN. 2RH~T605A(A Ef} 2RHSfFT605BtB'O ;;;:~~~~:::::: r-:---------&-1 MA"UAL CONTROL VV, 2 RH5-FI605AI 2R HS- F 160581 SS(MAINTAINED RETURN I SOLATION VALVE 2RHS* MOV7:0B( BP) SWI LAR. 2R HS*F16Q5A(AQ l 2RHS* F I 605 B(BF) 2RHS* HCV758A{A-) MOOuLATE FAILS OPEN ON LOSS OF AIR 4, BYPASS VALVE 2RHS* FCV605A (A-\ SHOWN, 2RHS-FTG06A 2RHS- FT606B BENC RESIDUAL HEAT REMOVAL HI=" AI ~="XCHANG~B QWl.ET VALVE 2RHS-FI606A 2RHS-fl606 B H BOARD BYPASS VALVE 2RHS~FCVEOSB(B-) SIMILAR. 2RHS IMov 1 zoAl"AO) zRHstNov 720B{BP) 5 1 OUTLET VALVE 2RHS*HCV15BA(~-) SHOWN, 2RCSfPT440(ABl 2RCSfPT44 I (BY l OUTLET VALVE 2RHS*- HCY758 B{ 8-) SUll LAR. 2RHS- F1606AI 2RHS- F 160bBI FIGURE 7. 4-78

8. SEE ADDITIONAL CONTROL OF 2RHS*MOV720A(AO) 6, 2R'IS-FT606A RESIDUAL _HEAT ROOYAL SYSTEM FlO~ S!iOVC ON FIG. 7.4-79A LOGIC DIAGRAM 2RHS-FT606B RESIDUAL HEAT ROO VAl SYSTEM FLOW SI!HLAR RESIDUAL HEAT REMOVAL SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MOM I TOR .;oMD1TION CONTROL ACT1 ON RESUL TAIT MONITOR CONTROL AT SHUT-PB -DOWN PANEL 2RH S* MOV750A (AO} CONTROL TRANSFER CONTROL AT SHUTDOWN 2RHS*MOV750A{ AO} PANEL NI.MUAL RESET AT RELAY cs 2RHS*NOV750A{AO l 2RHS*MOV 750A(AO) OPEN R* H* S* allSS aiiiECTI (II 2RHS*MOV 750 A(AO NO MOTOR THERMAL OP N OVERLOAD 2RIS.MW 73¥( /('))

                                                                                                                           ~---------+------e-1                         R.H.s. aoss CDMB:Tllll

w. Q..OSE TOROUE SEAT Cl.GSE RESIDUAL HEAT REMOVAL SYSTEM CROSS COMNECTIOM VALVE IOTE 4 2RHS*MOY 701 A AO

                                                                                                                           ~;;.;.;;...~------...;-----~ 9FPlY ISI..A.TION W.

CP9I 2111SaMW7UI A( lfJ) NOTE 4 9J'PLY I SI..A.TION YY. Ci.DSE RESIDUAL HEAT P.EMOVAL SUPPLY ISOLATION VALVE REACTOR COOLAKT PRESSURE MOTE: I . CONTROL FROM MAIM BOARD SHOWN CONTROL FROM SHUTDOWN PAMEL SIMl LAR

2. RHS CROSS COMMECTIOM VALVE 2RHS*MOV7SOA(AO) SHOWN FIGURE 7. 4-79 RHS CROSS CONNECTION VALVE 2RHS*MOV750B(BP) SIMILAR LOGIC DIAGRAM

3. ISOLATION VALVE 2RHS*MOV701~(AO) SHOWN RESIDUAL HEAT REMOVAL SYSTEM ISOLATION VALVE 2RHS*MOV702B(BP} SIMILAR BEAVER VALLEY POWER STATION-UNIT 2

4. SEEm. 7.4-79A fOR A!JDITIONAL COMTROL Of 2RHSHOV701AIAOJ FINAL SAFETY ANALYSIS REPORT

5. 2RCS- PR441 ALSO SHOlfl! Oil FIG. 7. 4-77

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR PB 2RHSttP21A(AO) CONTROL TRANSFER ASP CONTROL AT ALTERNATE 2RHS*P21A(AO) SHUTDOWN PANEL CONTROL AT ALTERNATE MANUAL RESET SHUTDOWN PANEL AT RELAY B cs 2RHS tt P21A (AO) 2RHS

• P2tA {AO)

MOTOR HEAT REMOVAL PUMP ELECTRICAL START START PROTECTION 4160 V BUS2AE UNDERVOLTAGE 2RHS* P21A {AO) HEAT REMOVAL PUMP I STOP cs 2RHS* P21A (AO) STOP M CONTROL AT E t---.--£il'l ALTERNATE 2RHS*MOV720A(AO} M SHUTDOWN PANEL CONTROL AT ALTERNATE. MANUAL RESET A SHUTDOWN PANEL AT RELAY Ji. cs 2RHS* MOV720A{AO} J - - - - - B C 2RHS* MOV720 A ( AO) OPEN 1-----~ RETURN ISOLATION f - - - - - - & - 1 VV. OPEN

• MOTOR THERMAL OVERLOAD 2RHS* MOV7 20A {AO) 1--------19>1 RETURN ISOLATION cs VV. CLOSED NOTES: 2RHS*MOV720A(AO) r----&1

1. ONLY MANUAL MODE OF OPERATION IS AVAILABLE FROM THE ALTERNATE SHUTDOWN PANEL. CLOSE ASP 2 . LOGIC FOR 2R HS MOV720A { AO) SHOWN.

LOGIC FOR 2RHSttMOV701A(AO) AND 2CCPttMOV112A{AO) SIMILAR.

3. SEE ADDITIONAL CONTROL OF 2RHSttP21A(AO} ON FIG. 7.4-76.

4. SEE ADDITIONAL CONTROL OF 2RHSttMOV720A(AO) ON FIG. 7.4-78.

5. SEE ADDITIONAL CONTROL OF 2CCP MOV 112 A ( AO) ON FIG. 7. 4 - 77.

FIGURE 7. 4-79A LOGIC DIAGRAM RESIDUAL HEAT REMOVAL SYSTEM BEAVER VALLEY POWER STATION- UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR sv INTERLOCI!. ISOLA Tl OK VAL YES TRAIN B VENT RELIEF LINE FLOW l SHISFACTORY SIMILAR ZRC~OVSB~(A-)LOOP2 I SOLA Tl ON BTPASS VALVE OPEN 2RCS-ttMO V590(j\ -) ~00 P2 HOT L[G ISOLATION cs ALVE OPEN Z.RC S>I:MOV591 (A-) ISOLATION VALVES OPEN REAC. COOLANT VENT RELIEF LINE FLOW LOOP BYPASS FLO CS¥-M0¥591 {A-) LOW LOW C~LD LEG ISOLATION TRAIN B V/riLYE OPEN OOP 21 HOT LEG SIMILAR B ~ FIG. 7.4-88 TEMPERATURE WITHIN cO~F. OF AUCTIONEERED TEMPERATURE OF ERATIIIG LOOPS FIG. 7.4-88 2RCS MOV591 (A-) MOTOR THERMAL OVERLOAD !lCs,Ho!OV591(A-)

                                                                                                                                  !----~CilLO     LEG ISOLATION cs                            VALVE CLOSE ZRCSJOO)V591 ( A-1 NOTES:                                                                                                        CLOSE I. LOGIC FOR LOOP 21 COLD LEG ISOLATION VALVE 2RCS*MOV591 (A-} SHOWN.

LOGIC FOR LOOPS 22 AND 23 COLD LEG ISOLATION VALVES 2RCstMOV593(B-} AND 2RCSfMOV595(C-) RESPECTIVELY ARE SIMILAR.

2. 2R CS-'f'19180A (AO) FOP TRA IN A IN fER LOCK SHOWN.

2RCS~ISI+80S ( BP) FOR TRA IN B INTERLOCK S IM ILA R 3 ASSOCIATED EQUIPMENT IOE~TIFICATION NUMBERS: LOOP 21 LOOP 22 LOOP 23 2RCS~ MOV591 A(A-) 2RCS)!MQV 593 (B-) 2RCS'+-MOV595 (C-) 2RCS1-F IsqSQA/ AQ} 2RCS.ll~ *.;qsl A( BC) 2RCS*~ I ~ij82A( CO) FIGURE 7.4-87 2RCS.fiSq8061ArJ 2RCS*Ft~q81B(BP) 2RC~FISqB2B(CP) LOGIC DIAGRAM COLD LEG ISOLATION VALVES

                                                                                                                                              *BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE MONITOR CONO ITI ON CONTROL ACTl ON RESUL~ ANT MONITOR PAM I B {3 PEN RECORDER) LOOP 21 HOT LEG TEMPERATURE LOOP 21 HOT i.EG TEMP B _LOOP 22 > A/0

                                                                         'iiMILAf-1 { LOOP 23  -----t:!JL_ __J 1

_/ FIG. 7.4

• 87 LOOP 22l IM ILAR 1-----b> LOOP 23 ( ;)

LOOP 21 HOT LEG TEMPERATURE ( 3 PEN RECORDER) LOOP 21 COLD LEG TEMPERATURE LOOP 21 COLD LEG TE;.tP LOOP 21 COlD I ~r, r LOOP 22 ---Bo! SIMILlR ~LOOP 23 ---f."'!t ____ l

                                                                                                            >                                             A/0 Tr~PE~ATUR! WITHIN 1------~20~ OF AUC I~EERED TEMPERATUR OF OP ER I.T I HG LOOPS NOTES:

FIG. 7.4-87 LOOP 22} I. lOOP 21 HOT AND COLD LEG TEMPERATURE PERMISSJVES SHOWN. 1--..--+-~. LOOP 23 SI lot IL AR LOOPS 22 AND 23 HOT AND COLD LEG TEMPERATURE PERMISSIVES SIMILAR.

2. ASSOCIATED EQUIPMENT IDENTIFICATION NUMBERS:

LOOP 21 LOOP 22 LDD:e 23 2RCS*TEIJ! 3( AR) 2RCS*-TEII23 ( BR) 2RCsfrEIJ33(CR) 2RCSII."TIII13 2RCS*TIII23 2RCS-TR1113 2RCS-TRIJI3 2RCS-TRII13 2RCS-Till I 3A 2RCS-TIIJ23A 2RCS-TIII33A 2RC&f<TEIJ I 0 ( AW) 2RCSI":TEII2D(BW) 2RCSi:TEIJ30{ CW) 2RCStTIIII 0 2RCSi:TIIJ20 2RCS-TRIJIO 2RCS-TRIJIO 2RCS-TRIIIO 2RCS-TIIJIOA 2RCS-TIIJ20A 2RCS-TIIJ30A 2RCS-TE413F(A) 2RCS- TE423F 18-l 2RCS-TI413F 2RCS- TI423F FIGURE 7.4-88 2RCS-TE410F(A-l 2RCS-TE420F{B-l LOGIC DIAGRAM 2RCS'-T 1410F 2RCS-TI420F COLD LEG ISOLATION VALVES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 0 7.5 SAFETY-RELATED DISPLAY INSTRUMENTATION 7.5.1 Introduction An analysis was conducted to identify the appropriate variables and to establish the appropriate design bases and qualification criterion for instrumentation employed by the operator for monitoring conditions in the reactor coolant system (RCS), the secondary heat removal system, and the reactor containment, including engineered safety functions and the systems employed for attaining a safe shutdown condition. The instrumentation is used by the operator to monitor Beaver Valley Power Station - Unit 2 (BVPS-2) throughout all operating conditions, including anticipated operational occurrences, accident, and post-accident conditions in accordance with the position stated in Section 1.8 for Regulatory Guide 1.97. 7.5.2 Description of Information Systems The BVPS-2 safety analyses and evaluations referenced in Chapter 15 and the Westinghouse Owners Group Emergency Response Guidelines define the design basis accident (DBA) event scenarios for which preplanned operator actions are required. Accident monitoring instrumentation is necessary to guide the operator in taking required actions to address these analyzed situations. However, instrumentation is also necessary for unforeseen situations (that is, to ensure that should BVPS-2 conditions evolve differently than predicted by the safety analyses, the main control room operating staff has sufficient information to evaluate and monitor the course of the event). Additional instrumentation is also needed to indicate to the operating staff whether the integrity of the in-core fuel clad, the RCS pressure boundary, or the reactor containment has degraded beyond the prescribed limits defined as a result of the BVPS-2 safety analyses and other evaluations. The following five classifications of variables have been identified to provide this instrumentation:

1. Operator manual actions, identified in the operating procedures that are associated with DBA events, are preplanned. Those variables that provide information needed by the operator to perform these manual actions are designated Type A. The basis for selecting Type A variables is given in Section 7.5.2.2.1.

2. Those variables needed to assess that BVPS-2 critical safety functions are being accomplished or maintained, as identified in the BVPS-2 safety analyses and other evaluations, are designated Type B.

7.5-1

BVPS-2 UFSAR Rev. 0

3. Variables used to monitor for the gross breach, or the potential for gross breach, of the in-core fuel clad, the RCS pressure boundary, or the reactor containment, are designated Type C. Variables used to monitor the potential breach of containment have an arbitrarily determined extended range.

The extended range is chosen to minimize the probability of instrument saturation even if conditions exceed those predicted by the safety analyses. The response characteristics of Type C information display channels will allow the main control room staff to detect conditions indicative of gross failure of any of the three fission product barriers, or the potential for gross failure of these barriers. Although variables selected to fulfill Type C functions may rapidly approach the values that indicate an actual gross failure, it is the final steady-state value reached that is important. Therefore, a high degree of accuracy is not necessary for Type C information display channels.

4. Those variables needed to assess the operation of individual safety systems, and other systems important to safety, are designated Type D.

5. The variables that are required for use in determining the magnitude of the postulated releases, and continually assessing any such releases of radioactive materials, are designated Type E.

The five classifications of variables are not mutually exclusive, in that a given variable (or instrument) may be included in one or more types. When a variable is included in one or more of the five classifications, the equipment monitoring this variable is specified in accordance with the highest category identified. Three categories of design and qualification criteria have been identified. The differentiation is made in order that a hierarchy of information is recognized in specifying accident monitoring instrumentation. Category 1 instrumentation has the highest performance requirements and should be utilized for information which cannot be lost under any circumstances. Category 2 and Category 3 instruments are of lesser importance in determining the state of BVPS-2 and do not require the same level of operational assurance. The primary differences between category requirements are in qualification, single failure, power supply, and display requirements. Category 1 requires seismic and environmental qualification, the application of the single failure criterion, utilization of emergency power sources, and an immediately accessible display. Category 2 requires seismic and environmental qualification commensurate with the required function but does not require the single failure criterion, emergency power sources, or an immediately accessible display. Category 2 does require a rigorous performance 7.5-2

BVPS-2 UFSAR Rev. 0 verification for a single instrument channel. Category 3, which is high quality commercial grade equipment, does not require seismic 7.5-2a

BVPS-2 UFSAR Rev. 16 or environmental qualification, single failure criterion, emergency power, or an immediately accessible display. Table 7.5-1 summarizes the following information for each variable identified:

1. Instrument range/status,

2. Environmental qualification,

3. Seismic qualification,

4. Display methodology (number of channels and indicator device), and

5. Type/category.

7.5.2.1 Definitions 7.5.2.1.1 Design Basis Accident Events Those events, any one of which could occur during the lifetime of a particular plant, and those events not expected to occur but postulated because their consequences would include the potential for release of significant amounts of radioactive gaseous, liquid, or particulate material to the environment, are DBA events. Excluded are those events (defined as normal and anticipated operational occurrences in 10 CFR 50) expected to occur more frequently than once during the lifetime of a particular plant. The limiting accidents that were used to determine instrument functions are:

1. Loss-of-coolant accident (LOCA),

2. Main steam line break (MSLB),

3. Feedwater line break, and

4. Steam generator tube rupture.

7.5.2.1.2 Safe Shutdown (Hot Standby) The state of BVPS-2 in which the reactor is subcritical such that Keff is less than or equal to 0.99 and the RCS temperature is greater than or equal to 350°F. Additional features are provided to reach and maintain a cold shutdown plant condition. These are discussed in Section 5.4.7. 7.5.2.1.3 Controlled Condition The state of the plant that is achieved when the subsequent action portion of the BVPS-2 emergency operating procedures (EOP) is 7.5-3

BVPS-2 UFSAR Rev. 0 implemented and the critical safety functions are being accomplished or maintained by the main control room operating staff. 7.5.2.1.4 Critical Safety Functions Those safety functions that are essential to prevent a direct and immediate threat to the health and safety of the public. These are the accomplishing or maintaining of:

1. Reactivity control,

2. Reactor coolant system pressure control,

3. Reactor coolant inventory control,

4. Reactor core cooling,

5. Heat sink maintenance, and

6. Reactor containment environment.

7.5.2.1.5 Immediately Accessible Information Information that is visually available to the main control room operating staff immediately (that is, within human response time requirements) once they have made the decision that the information is needed. 7.5.2.1.6 Primary Information Information that is essential for the direct accomplishment of the preplanned manual actions necessary to bring BVPS-2 into a safe condition in the event of a DBA event. It does not include those variables that are associated with contingency actions. 7.5.2.1.7 Contingency Actions Those manual actions that address conditions beyond the DBA event. 7.5.2.1.8 Key Variables Those variables which provide the most direct measure of the information required. 7.5.2.1.9 Backup Information That information, made up of additional variables beyond those classified as key, that provide supplemental and/or confirmatory information to the main control room operating staff. Backup variables do not provide indications as reliable or complete as those provided by primary variables, and are not usually relied upon as the sole source of information. 7.5-4

BVPS-2 UFSAR Rev. 0 7.5.2.1.10 Categories 1, 2, and 3 References to Categories 1, 2, and 3 are as stated in Regulatory Guide 1.97 Category Classifications. 7.5.2.2 Variable Types The accident monitoring variables and information display channels are those required to enable the main control room operating staff to perform the functions defined by Type A, B, C, D, and E classifications as follows. 7.5.2.2.1 Type A Those variables that provide the primary information required to permit the main control room operating staff to:

1. Perform the diagnosis specified in the BVPS-2 EOPs,

2. Take the specified preplanned manually controlled actions, for which no automatic control is provided and that are required for safety-related systems to accomplish their safety function, in order to recover from the DBA event, and

3. Reach and maintain a safe shutdown (hot standby) condition.

The verification of the actuation of safety-related systems has been excluded from the Type A definition. The variables which provide this verification are included in the definition of Type D. Variables in Type A are restricted to preplanned actions for DBA events. Contingency actions and additional variables which might be utilized will be in Types B, C, D, and E. 7.5.2.2.2 Type B Those variables that provide the main control room operating staff with information to assess the process of accomplishing or maintaining critical safety functions, that is, reactivity control, RCS pressure control, RCS inventory control, reactor core cooling, heat sink maintenance, and reactor containment environment. 7.5.2.2.3 Type C Those variables that provide the main control room operating staff the information to monitor:

1. The extent to which variables that indicate the potential for causing a gross breach of a fission product barrier have exceeded the design basis values, and 7.5-5

BVPS-2 UFSAR Rev. 0

2. That the in-core fuel clad, the RCS pressure boundary, or the reactor containment may have been subjected to gross breach.

These variables include those required to initiate the early phases of the emergency plan. Excluded are those associated with monitoring radiological release from BVPS-2, which are included in Type E. Type C variables used to monitor the potential for breach of a fission product barrier have an arbitrarily determined extended range. The extended range was chosen to minimize the probability of instrument saturation even if conditions exceed those predicted by the safety analysis. 7.5.2.2.4 Type D Those variables that provide the main control room operating staff with sufficient information to monitor the performance of:

1. Plant safety systems employed for mitigating the consequences of an accident and subsequent BVPS-2 recovery to attain a safe shutdown condition. These include verification of the automatic actuation of safety-related systems, and

2. Other systems normally employed for attaining a safe shutdown (hot standby) condition.

7.5.2.2.5 Type E Those variables that provide the main control room operating staff with information to: 1 Monitor the habitability of the main control room,

2. Estimate the mamitude of release of radioactive material through identified pathways and continually assess such releases, and

3. Monitor and estimate radiation levels and radioactivity in the environment surrounding BVPS-2.

7.5.2.3 Variable Categories The qualification requirements of the Type A, B, C, D, and E accident monitoring instrumentation are subdivided into three categories. Descriptions of the three categories are given in the following. Table 7.5-2 briefly summarizes the selection criteria for Type A, B, C, D, and E variables in each of the three categories. Table 7.5-3 briefly summarizes the design, qualification, and interface requirements of these three designated categories. 7.5-6

BVPS-2 UFSAR Rev. 0 7.5.2.3.1 Category 1 7.5.2.3.1.1 Selection Criteria for Category 1 The selection criteria for Category 1 variables have been subdivided according to the variable type. For Type A, those key variables used for diagnosis or providing information for necessary operator action have been designated Category 1. For Type B, those key variables which are used for monitoring the process of accomplishing or maintaining critical safety functions have been designated Category 1. For Type C, those key variables which are used for monitoring the potential for breach of a fission product barrier have been designated Category 1. There are no Type D or Type E Category 1 variables. 7.5.2.3.1.2 Qualification Criteria for Category 1 The instrumentation is environmentally and seismically qualified in accordance with Sections 3.11 and 3.10, respectively. Instrumentation shall continue to read within the required accuracy following, but not necessarily during, a seismic event. At least one instrumentation channel is qualified from a sensor up to and including a display. For the balance of the instrumentation channels, qualification applies up to and includes the channel isolation device (Refer to Section 7.5.2.3.4 with regard to extended range instrumentation qualification). 7.5.2.3.1.3 Design Criteria for Category 1

1. No single failure within either the accident monitoring instrumentation, its auxiliary supporting features, or its power sources, concurrent with the failures that are a condition of or result from a specific accident, will prevent the main control room operating staff from being presented the required information. Where failure of one accident monitoring channel results in information ambiguity (for example, the redundant displays disagree), additional information is provided to allow the control room operating staff to analyze the actual conditions in the plant. This may be accomplished by providing additional independent channels of information of the same variable (addition of an identical channel), or by providing independent channels which monitor different variables that bear known relationships to the multiple channels (addition of a diverse channel(s)). Redundant or diverse channels are electrically independent and physically separated from each other, to the extent practicable with two train separation, and from equipment not classified important to safety in accordance with the position stated in Section 1.8 for Regulatory Guide 1.75.

7.5-7

BVPS-2 UFSAR Rev. 0 For situations such as isolation valves in series, the intent is generally to verify the isolation function. In such a situation a single indication on each valve is sufficient to satisfy the single failure criterion if those indications are from different trains (that is, unambiguous indication of isolation). If ambiguity does not result from failure of the channel, then a third redundant or diverse channel is not required.

2. The instrumentation is energized from station emergency power sources and battery-backed where momentary interruption is not tolerable, as discussed in Regulatory Guide 1.32.

3. The out-of-service interval is based on normal Technical Specification requirements for the system it serves where applicable, or where specified by other requirements.

4. Servicing, testing, and calibration programs are specified to maintain the capability of the monitoring instrumentation.

Those instruments, for which the required interval between testing is less than the normal time interval between BVPS-2 shutdowns, are provided with a capability for testing during power operation.

5. Whenever means for removing channels from service are included in the design, the design provides administrative control of the access to such removal means.

6. The design provides administrative control of the access to all set point adjustments, module calibration adjustments, and test points.

7. The monitoring instrumentation design minimizes the development of conditions that would cause meters, annunciators, recorders, alarms, etc., to give anomalous indications that could be potentially confusing to the main control room operating staff.

8. The instrumentation is designed to facilitate the recognition, location, replacement, repair, or adjustment of malfunctioning components or modules.

9. To the extent practicable, monitoring instrumentation inputs are from sensors that directly measure the desired variables.

An indirect measurement is made only when it can be shown by analysis to provide unambiguous information.

10. Periodic checking, testing, calibration, and calibration verification is done in accordance with the applicable portions of Regulatory Guide 1.118.

7.5-8

BVPS-2 UFSAR Rev. 0

11. The range selected for the instrumentation encompasses the expected operating range of the variable being monitored, to 7.5-8a

BVPS-2 UFSAR Rev. 0 the extent that saturation does not negate the required action of the instrument, in accordance with the applicable portions of Regulatory Guide 1.105. 7.5.2.3.1.4 Information Processing and Display Interface Criteria for Category 1 The interface criteria specified here provide requirements to be implemented in the processing and displaying of the information.

1. The main control room operating staff have immediate access to the information from redundant or diverse channels in units of measure familiar to them (that is, for temperature reading, degrees are used, not volts). Where two or more instruments are needed to cover a particular range, overlapping instrument spans are provided.

2. A historical record of at least one instrumentation channel for each process variable is maintained. A recorded pre-event history for these channels is required for a minimum of 1 hour, and continuous recording of these channels is required following an accident until such time as continuous recording of such information is no longer deemed necessary.

This recording is to be available when required and does not need to be immediately accessible. The time period of 1 hour was selected based on a representatively slow transient which is bounded by this time requirement. A 1/2 inch equivalent break area LOCA was selected since the trip occurs at approximately 50 minutes after initiation. Where direct and immediate trend or transient information is essential for operator information or action, the recording is immediately accessible. 7.5.2.3.2 Category 2 7.5.2.3.2.1 Selection Criteria for Category 2 The selection criteria for Category 2 variables are subdivided according to the variable type. For Types A, B, and C, those variables which provide preferred backup information are designated Category 2. For Type D, those key variables used for monitoring the performance of safety systems have been designated Category 2. For Type E, those key parameters to be monitored for use in determining the magnitude of the release of radioactive materials and for continuously assessing such releases have been designated Category 2. 7.5.2.3.2.2 Qualification Criteria for Category 2 Category 2 instrumentation is qualified from the sensor up to and including the isolation device for at least the environment in which it must operate to perform its intended function. Instrumentation 7.5-9

BVPS-2 UFSAR Rev. 0 associated with those safety-related systems that are required to operate following a safe shutdown earthquake (SSE), to mitigate a consequential plant incident, shall be seismically qualified. Environmental qualification will meet, or exceed the requirements of IEEE Standard 323-1971, 1974, and NUREG-0588, Revision 1 (USNRC 1981), which interprets BVPS-2 as being a Category II type plant. Seismic qualification is conducted in accordance with IEEE Standard 344-1971, 1975, if this instrumentation is part of a safety-related system. 7.5.2.3.2.3 Design Criteria for Category 2

1. The instrumentation is energized from a highly reliable on-site power source, not necessarily the emergency power source, which is battery-backed where momentary interruption is not tolerable.

2. The out-of-service interval is based on normal Technical Specification requirements for the system it serves where applicable, or where specified by other requirements.

3. Servicing, testing, and calibration programs are specified to maintain the capability of the monitoring instrumentation.

For those instruments where the required interval between testing is less than the normal time interval between BVPS-2 shutdowns, a capability for testing during power operation is provided.

4. Whenever means for removing channels from service are included in the design, the design facilitates administrative control of the access to such removal means.

5. The design facilitates administrative control of the access to all setpoint adjustments, module calibration adjustments, and test points.

6. The monitoring instrumentation design minimizes the potential for the development of conditions that would cause meters, annunciators, recorders, and alarms, etc., to give anomalous indications that could be potentially confusing to the operator.

7. The instrumentation is designed to facilitate the recognition, location, replacement, repair, or adjustment of malfunctioning components or modules.

8. To the extent practicable, monitoring instrumentation inputs are from sensors that directly measure the desired variables.

An indirect measurement is made only when it can be shown by analysis to provide unambiguous information. 7.5-10

BVPS-2 UFSAR Rev. 15

9. Periodic checking, testing, calibration, and calibration verification is in accordance with applicable portions of Regulatory Guide 1.118.

10. The range selected for the instrumentation encompasses the expected operating range of the variable being monitored, to the extent that saturation does not negate the required action of the instrument, in accordance with the applicable portions of Regulatory Guide 1.105.

7.5.2.3.2.4 Information Processing and Display Interface Criteria for Category 2. The instrumentation signal is, as a minimum, processed for display on demand. Recording requirements are determined on a case-by-case basis. 7.5.2.3.3 Category 3 7.5.2.3.3.1 Selection Criteria for Category 3 The selection criteria for Category 3 variables have been subdivided according to the variable type. For Types A, B, and C, variables which can provide backup information are usually designated Category 3, unless they are primary backup variables, in which case they would be classified as Category 2. For Types D and E, those variables which provide preferred backup information have been designated Category 3. 7.5.2.3.3.2 Qualification Criteria for Category 3 The instrumentation is high quality commercial grade that is not required to provide information when exposed to a post-accident adverse environment. Only normal and abnormal environments are applicable. 7.5.2.3.3.3 Design Criteria for Category 3

1. Servicing, testing, and calibration programs are specified to maintain the capability of the monitoring instrumentation.

For those instruments where the required interval between testing is less than the normal interval between BVPS-2 shutdowns, a capability for testing during power operation is provided.

2. Whenever means for removing channels from service are included in the design, the design facilitates administrative control of the access to such removal means.

3. The design facilitates administrative control of the access to all set point adjustments, module calibration adjustments, and test points.

7.5-11

BVPS-2 UFSAR Rev. 0

4. The monitoring instrumentation design minimizes the potential for the development of conditions that would cause meters, annunciators, recorders, and alarms, etc, to give anomalous indications that could be potentially confusing to the operator.

5. The instrumentation is designed to facilitate the recognition, location, replacement, repair, or adjustment of malfunctioning components or modules.

6. To the extent practicable, monitoring instrumentation inputs are from sensors that directly measure the desired variables. An indirect measurement is made only when it can be shown by analysis to provide unambiguous information.

7.5.2.3.3.4 Information Processing and Display Interface Criteria for Category 3 The instrumentation signal is, as a minimum, processed for display on demand. Recording requirements are determined on a case-by-case basis. 7.5.2.3.4 Extended Range Instrumentation Qualification Criteria The qualification environment for extended range instrumentation is based on the DBA events, except the assumed maximum value of the monitored variable shall be the value equal to the specified maximum range for the variable. The monitored variable is assumed to approach this peak by extrapolating the most severe initial ramp associated with the DBA events. The decay for this variable is considered proportional to the decay for the variable associated with the DBA events. No additional qualification margin needs to be added to the extended range variable. All environmental envelopes, except that pertaining to the variable measured by the information display channel, are those associated with the DBA events. The environmental qualification requirement for extended range equipment does not account for steady-state elevated levels that may occur in other environmental parameters associated with the extended range variable. For example, a sensor measuring containment pressure must be qualified for the measured process variable range (that is, three times design pressure for concrete containments), but the corresponding ambient temperature is not mechanistically linked to that pressure. Rather, the ambient temperature value is the bounding value for DBA events analyzed in Chapter 15. The extended range requirement is to ensure that the equipment will continue to provide information if conditions degrade beyond those postulated in the safety analysis. Since extended variable ranges are non-mechanistically determined, extension of associated parameter levels is not justifiable and is therefore not required. 7.5-12

BVPS-2 UFSAR Rev. 0 7.5.3 Description of Variables 7.5.3.1 Type A Variables Type A variables are defined in Section 7.5.2.2.1. They are the variables which provide primary information required to permit the main control room operating staff to:

1. Perform the diagnosis specified in the BVPS-2 EOPs,

2. Take specified preplanned manually controlled actions for which no automatic control is provided and that are required for safety systems to accomplish their safety function to recover from a DBA event (verification of actuation of safety systems is excluded from Type A and is included as Type D),

and

3. Reach and maintain a safe shutdown (hot standby) condition.

Key Type A variables have been designated Category 1. These are the variables which provide the most direct measure of the information required. The key Type A variables are:

1. Reactor coolant system pressure (wide range),

2. Reactor coolant hot leg temperature (Thot) (wide range),

3. Reactor coolant cold leg temperature (Tcold) (wide range),

4 Steam generator level (wide range),

5. Steam generator level (narrow range),

6. Pressurizer level,

7. Reactor containment pressure,

8. Steamline pressure,

9. Reactor containment water level (wide range),

10. Reactor containment water level (narrow range),

11. Primary plant demineralized water storage tank level,

12. Auxiliary feedwater flow,

13. Reactor containment area radiation level,

14. Core exit temperature, and

15. Secondary system radiation - main steamline radiation.

7.5-13

BVPS-2 UFSAR Rev. 0 Preferred backup Type A variables have been designated Category 2. RCS subcooling is designated as Type A, Category 2. The BVPS-2 recognizes that the degree of subcooling can be obtained from system pressure and temperature using Type A, Category 1 variables and a steam table. However, it is also recognized that the main control room staff will also have access to their subcooling monitor (required by the U.S. Nuclear Regulatory Commission (USNRC) NUREG-0737, Action Item 11.F.2). Therefore, RCS subcooling is considered a backup Type A variable which, in turn, requires Category 2 qualification. No Type A variable has been designated Category 3. A summary of the Type A variables is provided in table 7.5-4. 7.5.3.2 Type B Variables Type B variables are defined in Section 7.5.2.2.2. They are the variables that provide information to the main control room operating staff to assess the process of accomplishing or maintaining critical safety functions, that is:

1. Reactivity control,

2. Reactor coolant system pressure control,

3. Reactor coolant inventory control,

4. Reactor core cooling,

5. Heat sink maintenance, and

6. Reactor containment environment.

Variables which provide the most direct indication (that is, key variables) to assess each of the six critical safety functions have been designated Category 1. Preferred backup variables have been designated Category 2. All other backup variables are Category 3. The Type B variables are listed in Table 7.5-5. 7.5.3.3 Type C Variables Type C variables are defined in Section 7.5.2.2.3. Basically, they are the variables that provide the main control room operating staff with information to monitor the potential for breach or actual gross breach of:

1. In-core fuel clad, 7.5-14

BVPS-2 UFSAR Rev. 0

2. Reactor coolant system boundary, and

3. Containment boundary.

(Variables associated with monitoring of radiological release from BVPS-2 are included in Type E). Those Type C key variables which provide the most direct measure of the potential for breach of one of the three fission product boundaries have been designated Category 1. Backup information indicating potential for breach is designated Category 2. Variables which indicate actual breach have been designated as preferred backup information and are qualified to Category 2. Table 7.5-6 summarizes the selection of Type C variables. 7.5.3.4 Type D Variables Type D variables are defined in Section 7.5.2.2.4. They are those variables that provide sufficient information to the main control room operating staff to monitor the performance of:

1. Plant safety systems employed for mitigating the consequences of an accident and subsequent BVPS-2 recovery to attain a safe shutdown condition, including verification of the automatic actuation of safety systems, and

2. Other systems normally employed for attaining a safe shutdown condition.

Type D key variables are designated Category 2. Preferred backup information is designated Type D, Category 3. The following systems or major components have been identified as requiring Type D information to be monitored:

1. Pressurizer level and pressure control (assess status of RCS following return to normal pressure and level control under certain post-accident conditions),

2. Chemical and volume control system (employed for attaining safe shutdown under certain post-accident conditions),

3. Secondary pressure and level control (employed for restoring/maintaining a secondary heat sink under post-accident conditions),

4. Emergency core cooling system,

5. Auxiliary feedwater system,

6. Containment systems, 7.5-15

BVPS-2 UFSAR Rev. 0

7. Component cooling water system,

8. Service water system,

9. Residual heat removal system,

10. Heating, ventilation, and air-conditioning systems (if required for engineered safety features operation),

11. Electric power to vital safety systems, and

12. Verification of automatic actuation of safety systems.

Table 7.5-7 lists the key Type D variables identified for each system listed above. For the purpose of specifying seimsic qualification for Type D, Category 2 variables, it is assumed that a seismic event and a break in Category 1 piping will not occur concurrently. As a result, the limiting event is unisolated (single failure of a main steamline isolation valve) break in Class 2 main steam piping. Instrumentation associated with the safety systems which are required to mitigate, and the instrumentation necessary to monitor, this event should be seismically qualified. Similarly, the environmental qualification of Type D, Category 2 variables depends on whether the instrumentation is subject to a high energy line break (HELB) when required to provide information. 7.5.3.5 Type E Variables Type E variables are defined in Section 7.5.2.2.5. They are those variables that provide the main control room operating staff with information to:

1. Monitor the habitability of the main control room,

2. Estimate the magnitude of release of radioactive materials through identified pathways, and

3. Monitor and estimate radiation levels and radioactivity in the environment surrounding BVPS-2.

Key Type E variables are qualified to Category 2 requirements. Preferred backup Type E variables are qualified to Category 3 requirements. Table 7.5-8 lists the key Type E variables. 7.5.4 Additional Information A cross-reference of the variable and category for each instrument identified in the BVPS-2 survey is included in Table 7.5-9. 7.5-16

BVPS-2 UFSAR Rev. 13 Table 7.5-1 identifies the instruments utilized at BVPS-2 which address the recommendations of both NUREG-0737 (USNRC 1980) and Regulatory Guide 1.97. The instruments identified meet the intent of the guidance provided in NUREG-0737. 7.5.5 Bypass and Inoperable Status Indication This plant computer-based system is utilized in conjunction with the main annunciator system to provide indication of the bypass or inoperability of each redundant portion of a system that performs a safety-related function. Bypass indication may be applied administratively or automatically. The systems which are covered by Table 7.5-10 are designed in accordance with the guidelines of Regulatory Guide 1.47. Specific inputs are shown on Figures 7.5-1, 7.5-2, 7.5-3, 7.5-4, 7.5-5, 7.5-6, 7.5-7, 7.5-8, 7.5-9, 7.5-10, 7.5-11, 7.5-12, 7.5-13, 7.5-14, 7.5-15, 7.5-16, 7.5-17, 7.5-18, 7.5-19, 7.5-20, 7.5-21, 7.5-22, 7.5-23, 7.5-24, 7.5-25, 7.5-26, 7.5-27, 7.5-28, 7.5-29, 7.5-30, 7.5-31, 7.5-32, 7.5-33 and 7.5-34. Compliance with Regulatory Guide 1.47 for bypassed and inoperable status design philosophy is described below:

1. A bypass indicator is provided for each protection system.

          "Bypass" includes any deliberate action which renders a protection system inoperable.

2. The indicator is at the system level with a separate indicator for each train.

3. The indicator is operated automatically only by actions which meet all these criteria:

a. The action is deliberate. (Component failure may be indicated by component failure indicators but should not operate the system bypass indicator. It is not the intent of the indicator to show operator errors or component failures.)

b. The action is expected to occur more often than once a year. This "more often than once a year" criterion is interpreted liberally. If an accessible, permanently installed electrical control device will bypass a safety system, it is assumed that the device will be used more than once a year. Also, manual valves or nonremotely controlled devices within the containment are not accessible.

c. The action is expected when the protection system must be operable. (Bypass of source range flux trip during normal power operation would not, for example, be indicated on the system bypass indicator. It may be indicated on a channel or component status indicator.)

d. The action renders the system inoperable, not merely potentially inoperable. (If, for example, redundant, parallel, 100-percent valves are provided for the discharge line of a spray pump, the system bypass indicator would not 7.5-17

BVPS-2 UFSAR Rev. 0 be actuated by the closing of only one of those valves. Valve closing may be indicated on a component status indicator.

e. Some deliberate action has taken place in the protection system or a necessary supporting system. (For example, if the cooling water inlet valve for a recirculation spray heat exchanger is deliberately closed, the system bypass indicator for the recirculation spray system would be operated.)

4. The bypass indicators are separate from other plant indicators and grouped in a logical fashion.

5. A capability is provided to operate each bypass indicator manually. This lets the operator provide bypass indication for an event that renders a safety system inoperable but does not automatically operate the system bypass indicator.

6. There is not any capability to defeat an automatic operation of a bypass indicator. (Audible alarms may be silenced.)

7. The bypass indicators are accompanied by audible alarm.

8. The indication system is mechanically and electrically isolated from the safety system to avoid degradation of the safety system. No fault in the indicator system can impair the ability of the safety system to perform its safety-related function. The bypass indicators are not considered safety-related; i.e., they need not be designed to safety system criteria such as IEEE Standard 279-1971.

9. In accordance with IEEE Standard 279-1971, Paragraph 4.20, the operator must be able to determine why a system level bypass is indicated. This information is provided by the plant computer.

10. Service water system inoperative and diesel generator inoperative indicators are provided. These support systems are unique and important enough to warrant bypass indicators.

11. The system design meets the recommendations of ICSB-21 as follows:

a. Each safety system has a Train A (orange) and Train B (purple) bypass indicator. The indicators are grouped together by train on the main control board. Support systems have white bypass indicators and are arranged together with the associated train of bypass indicators.

Safety system indicators are lit whenever any support subsystem is inoperable as described in No. 3 above.

b. Means by which the operator can cancel erroneous bypassed indicators are not provided.

7.5-18

BVPS-2 UFSAR Rev. 16

c. The bypass indication system does not perform functions essential to safety. No operator action is required based solely on the bypass indication.

d. The indication system has no effect on plant safety systems.

e. The bypass indicating and annunciating function can be tested during normal plant operation.

7.5.6 Safety Parameter Display System The BVPS-2 design incorporates a Safety Parameter Display System (SPDS), as required by NUREG-0737, Action Item I.D.2 (USNRC 1980). Liquid Crystal Diode (LCD) displays are installed in the Main Control Room, the Technical Support Center, and in the Emergency Response Facility. The Safety Parameter Display System is included in the BVPS-2 plant computer system. The BVPS-2 plant computer system is configured with redundant central processor units for increased reliability and availability. The SPDS is designed to display the status of the following six critical safety functions (CSFs) to the operators.

1. Sub-criticality Status - for loss-of-subcriticality, loss-of-core shutdown

2. Core Cooling Status - for inadequate core cooling, degraded core cooling, saturated core cooling

3. Heat Sink Status - for loss-of-secondary heat sink, steam generator overpressure, steam generator high level, loss-of-normal steam release capabilities

4. Vessel Integrity Status - for imminent pressurized thermal shock, anticipated pressurized thermal shock

5. Containment Integrity Status - for high containment pressure, containment flooding, high containment radiation level

6. Inventory Status - for high pressurizer level, low pressurizer level, voids in reactor vessel.

Dynamic color-coded status blocks representing the six CSFs are located on every user display. Design of the displays incorporates accepted human factors engineering principles so the displayed information can be readily perceived and comprehended by the SPDS users. The system is designed to ensure that sufficient isolation exists to preclude propagation of system faults and subsequent degradation to safety systems from which the SPDS input signals originate. For a more complete discussion of isolation methods, refer to FSAR Section 8.3. 7.5-19

BVPS-2 UFSAR Rev. 0 The design of the SPDS has been subjected to a verification and validation (V&V) program to confirm that the design is sufficient to provide reasonable assurance that a continuous display of valid and reliable information is available from which the plant safety status can be addressed. 7.5.7 References for Section 7.5 U.S. Nuclear Regulatory Commission (USNRC) 1980. Clarification of TMI Action Plan Requirements. NUREG-0737. USNRC 1981. Interim Staff Position on Environmental Qualification of Safety-Related Electrical Equipment; Resolution of Generic Technical Activity A-24. NUREG-0588, Revision 1. 7.5-20

BVPS-2 UFSAR Tables for Section 7.5

BVPS-2 UFSAR Rev. 15 TABLE 7.5-1 SAFETY RELATED DISPLAY INSTRUMENTATION (SEE NOTES 1,2,3) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance RCS pressure (WR) 0-3,000 psig A1, B1, C1, B2, C2, Yes Yes 3 per plant 2 meters fuel load 1E Yes D2 1 channel on plasma display 1 recorder RCS Thot (WR) 0-700°F A1, B2 Yes Yes 1 per loop 3 meters fuel load 1E Yes 3 recorders RCS Tcold (WR) 0-700°F A1, B2 Yes Yes 1 per loop 3 meters fuel load 1E Yes 3 recorders Steam generator 0-100% of span A1, B1, B2, D2 Yes Yes 1 per steam 3 meters complete 1E Yes level (WR) generator 3 recorders Steam generator level 0-100% of span A1, B1, D2 Yes Yes 3 per steam 9 meters fuel load 1E Yes (NR) generator 3 recorders Pressurizer level 0-100% of span A1, B1, D2 Yes Yes 3 per plant 3 meters complete 1E Yes 3 recorders Containment pressure -5 to 55 psig A1, B1, B2, C2, D2 Yes Yes 4 per plant 4 meters complete 1E Yes 2 recorders Steamline pressure 0 to 1,200 A1, B1, D2 Yes(14) Yes 3 per loop 9 meters complete 1E Yes psig 3 recorders Containment water level 0-225 in A1, B1, B2, C2, D2 Yes Yes 2 per plant 2 meters complete 1E Yes (WR) 1 recorder Containment water level 0-12 in A1, B1, B2, C2, D2 Yes Yes 2 per plant 2 meters fuel load 1E Yes (NR) 1 recorder Refueling water storage 0-730 in D2 Yes Yes 2 per plant 2 meters complete 1E Yes tank level 1 recorder 1 of 11

BVPS-2 UFSAR Rev. 21 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance Primary Plant DWST level 0-330 in A1, D2 Yes Yes 3 per plant 2 meters fuel load 1E Yes 1 channel on plasma display 1 recorder Auxiliary feedwater flow 0-400 gpm A1, B1, D2 Yes Yes 2 per loop 6 meters fuel load 1E Yes 3 recorders Core exit temperature 100-2200°F A1, B1, C1 Yes Yes 51 All channels fuel load 1E Yes on plasma display; 1 channel on meter and recorder Containment area 10°-107 R/Hr A1, B1, B2, E2 Yes(15) Yes 2 per plant 2 meters fuel load 1E Yes radiation level (high range) Secondary system 10-2-103 A1, B2, E2 Yes Yes 1 per loop 1 meter fuel load 1E Yes radiation µCi/CC RCS Subcooling 200°F A2, B2 Yes Yes 2 per plant 2 channels on fuel load 1E Yes subcooling to plasma 35° F super- display; heated 1 channel on meter and recorder Control rod position In/Out B3 No No 1/rod 1 status complete non-1E Yes light/rod Neutron flux Lower range 1 to 106 CPS B1 Yes Yes 2 per plant 2 channels on fuel load 1E Yes plasma display; 1 channel on recorder Upper range 10 200% of B1 Yes Yes 2 per plant 2 channels on fuel load 1E Yes power plasma display; 1 channel on recorder 2 of 11

BVPS-2 UFSAR Rev. 15 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance Reactor vessel level Instrumentation system Full range 0-120% level B2, C2 Yes Yes 2 per plant 2 channels on fuel load 1E No(5) plasma display; 1 channel on recorder Upper range 60-120% level B2, C2 Yes Yes 2 per plant 2 channels on fuel load 1E No(5) plasma display; 1 channel on recorder Dynamic head 0-120% liquid B2, C2 Yes Yes 2 per plant 2 channels on fuel load 1E No(5) plasma display; 1 channel on recorder 2a of 11

BVPS-2 UFSAR Rev. 21 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance Containment hydrogen 0-10% B1, C1 Yes Yes 2 per plant 2 channels fuel load 1E Yes concentration on plasma display 1 channel on recorder Plant vent radiation level 10-7-105 µci/cc C2, E2 Yes Yes 1 per plant 1 meter fuel load 1E Yes Containment isolation Open/Closed C2, D2 Yes(12) Yes(12) 1 per valve 1 pair lights complete 1E(12) Yes valves status per valve Containment pressure 0-180 psia C1, C2 Yes Yes 2 per plant 2 channels on complete 1E Yes (extended range) plasma display 1 channel on recorder Primary coolant activity 1µci/ml to 10 C3 No No N/A Analysis complete non-1E Yes ci/ml Site environmental ** C3, E3 No No N/A Portable complete non-1E Yes radiation level Pressurizer heater power 0-2400 kW D2 No No 1 per plant computer complete non-1E Yes(6) availability PORV status Open/Closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes per valve Charging system flow 0-150 gpm D2 Yes Yes 1 per plant 1 meter complete non-1E Yes Primary safety valve Open/Closed D2 Yes Yes 1 per valve plasma fuel load 1E Yes status display Letdown flow 0-200 gpm D2 Yes Yes 1 per plant 1 meter complete non-1E Yes Volume control tank level 0-100% of span D2 Yes Yes 1 per plant 1 meter complete non-1E Yes CVCS valve status Open/Closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes per valve 3 of 11

BVPS-2 UFSAR Rev. 15 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance Decay heat removal valve Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes status per valve Main steamline isolation Open/closed B2, D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes valve status per valve Main steamline isolation Open/closed B2, D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes valve valve per valve S/G safety valve status Open/closed D2 Yes Yes 1 per valve plasma fuel load 1E Yes display RCP seal injection flow 0-15 gpm D2 Yes Yes 1 per pump 3 meters complete non-1E Yes S/G atmospheric steam Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes dump valve per valve Main feedwater control Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes valve status per valve Main feedwater control Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes bypass valve status per valve Main feedwater isolation Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes valve status per valve Main feedwater flow 0-5 MPPH D2 Yes Yes 2 per S/G 6 meters complete 1E Yes S/G blowdown isolation Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes valves status per valve HHSI flow 0-1,000 gpm D2 Yes Yes 1 per train 2 meters complete 1E Yes 4 of 11

BVPS-2 UFSAR Rev. 15 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance LHSI flow 0-5,000 gpm D2 Yes Yes 1 per train 2 meters complete non-1E Yes ECCS valve status Open/Closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes per valve Auxiliary feedwater valve Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes status per valve Containment spray flow 0-4,000 gpm D2 Yes Yes 1 per pump 4 meters complete 1E Yes Containment spray Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes system per valve valve status CCW header pressure 0-150 psig D2 Yes Yes 1 per header 3 channels on complete 1E Yes plasma display CCW header temperature 0-200°F D2 Yes Yes 1 per header 3 channels on complete 1E Yes plasma display CCW surge tank level 0-70 in D2 Yes Yes 1 per tank 2 meters complete 1E Yes CCW flow 0-8,000 gpm D2 Yes Yes 1 per header 2 meters complete 1E Yes CCW valve status Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes per valve Service water system Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes valve per valve status Service water system 0-150 psig D2 Yes Yes 1 per train 2 meters complete 1E Yes pressure HVAC Open/closed D2 Yes Yes 1 per damper 1 pair lights complete 1E Yes per damper 5 of 11

BVPS-2 UFSAR Rev. 15 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance Ac/dc, vital instrument Bus specific D2 Yes Yes 1 per bus 1 per bus complete 1E Yes voltage RHR heat exchanger 50-400°F D2 Yes Yes 1 per heat 2 meters complete non-1E Yes discharge temperature exchanger RHR flow 0-5,000 gpm D2 Yes Yes 1 per train 2 meters complete 1E Yes RHR valve status Open/closed D2 Yes Yes 1 per valve 1 pair lights complete 1E Yes per valve Reactor trip breaker Close-trip D2 Yes Yes 1 per breaker Computer complete 1E Yes position Turbine stop valve 0-100% D2 No No 1 per valve 4 meters complete non-1E Yes position Turbine throttle valve 0-100% D2 No No 1 per valve 4 meters complete non-1E Yes position Motor driven auxiliary Run-trip D2 Yes Yes 1 per pump 1 pair lights complete 1E Yes feedwater pump status per pump Turbine driven auxiliary Open/closed D2 Yes Yes 1 per steam 1 pair of lights complete 1E Yes feedwater water pump admission valve per valve status Safety injection pump Run-trip D2 Yes Yes 1 per pump 1 pair lights complete 1E Yes status per pump Service water pump Run-trip D2 Yes Yes 1 per pump 1 pair lights complete 1E yes status per pump CCW pump status Run-trip D2 Yes Yes 1 per pump 1 pair lights complete 1E Yes per pump 6 of 11

BVPS-2 UFSAR Rev. 21 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance Control room radiation 10-2-103 mr/hr E2 Yes Yes 2 per plant 2 meters fuel load 1E Yes Service water to 10-4-101 µci/cc E2 Yes Yes 1 per pathway 1 per pathway fuel load 1E Yes recirculation heat exchanger concentration from liquid pathways Plant vent air flow rate 0 to 75,000 E2 Yes Yes 2 2 meters complete 1E Yes SFCM Meteorlogical parameters parameter E3 No No 1 strip chart fuel load non-1E No(7) specific recorder Condenser air ejector radiation Air ejector discharge 10-6-10-1 µci/cc E3 No No one per vent one per vent fuel load non-1E Yes Air ejector delay bed 10-6-10-1 µci/cc E3 No No one per vent one per vent fuel load non-1E Yes exhaust SI accumulator tank level No(8) SI tank pressure No(8) SI accumulator isolation Yes(8) valve status Boric acid charging flow No(9) 7 of 11

BVPS-2 UFSAR Rev. 15 TABLE 7.5-1 (Cont) Qualification Number Indicator Implementation Power Variable Range/Status Type/Category(16) Environmental Seismic of Channels Device Date (13) Supply Conformance RCS soluble boron 50-6000 ppm B3 No No 1 1 per channel fuel load non-1E Yes concentration Analysis of primary Isotopic analysis E3 N/A N/A 1 analysis fuel load non-1E Yes coolant (gamma spectrum) Primary coolant and sump parameter E3 No No 1 1 per channel fuel load non-1E Yes sample specific Containment air sample parameter E3 No No 1 1 per channel fuel load non-1E Yes specific Containment atmosphere No(10) temperature Containment atmosphere No(11) temperature 8 of 11

BVPS-2 UFSAR Rev. 21 NOTES TO TABLE 7.5-1

1. Quality Assurance is in accordance with the BVPS-2 program defined in FSAR Chapter 17.

2. Deleted

3. The BVPS-2 Design Basis only identified the key variables that are used for monitoring the performance of safety systems and other systems normally employed for attaining a safe shutdown condition. In accordance with the definitions in the Design Basis, these variables are designated Type D, Category 2. The preferred backup variables to the Type D variables are not specified in this document. Since these variables are designated Type D, Category 3, the instrumentation is only required to be high quality commercial grade without any post-accident environmental qualification. A decision was made not to specifically identify the potential long list of instrumentation available at BVPS-2 that meets this definition. Indeed, if the list was generated, it would be much more inclusive than the variables identified in Reg. Guide 1.97, Revision 2.

4. Deleted

5. BVPS-2 is installing the Westinghouse differential pressure Reactor Vessel Level Instrumentation System (RVLIS). This is an acceptable system for measuring coolant level in the reactor according to Generic Letter 83-28. BVPS-2 uses Core Exit Temperature and RCS Subcooling to support operation according to the Westinghouse Owners Group Emergency Response Guidelines. These guidelines require that the RVLIS meets Regulatory Guide 1.97 Category 2 criteria only. Operator verification of flows during safety injection operation and stringent termination criteria preclude the need for RVLIS under design basis accidents.

6. Pressurizer Heater Status - Regulatory Guide 1.97, Rev. 2, specified that heater current was the preferred parameter for determining heater status. For BVPS-2 the total watt power consumption is displayed by computer readout to the operator.

This is backed up by qualified heater breaker position.

7. The recommended ranges for this instrumentation are: Wind speed 0 to 67 and -9 to 18°F for estimation of atmospheric stability. The instrumentation to be installed will cover the following ranges: Wind speed 0 to 100 mph and estimation of atmospheric stability T (150-35 ft) -8.0 to +20.0°F; (500-35 ft) -8.0°F to +20.0°F. The wind speed sensors are calibrated to 0 to 90 mph. The wind speed processors and data loggers are scaled 0 to 100 mph. The instrumentation for wind speed meets the guidance of Regulatory Guide 1.23.

The vertical temperature ranges cover the range of lapse rates (change of temperature with height) guidance of Reg. Guide 1.23 required to estimate the atmospheric stability class. 9 of 11

BVPS-2 UFSAR Rev. 14 NOTES TO TABLE 7.5-1

8. The licensing basis used in the BVPS-2 Regulatory Guide 1.97, Revision 2 Design Document was that a safe shutdown condition was a hot standby condition. Parameters necessary to monitor the status of the plant while proceeding to a cold shutdown condition are not included in the Design Document. The accumulator pressure, accumulator isolation valve status, and accumulator nitrogen vent valve status were identified as Category 2 only if the plant has committed to safety grade cold shutdown.

9. T he Westinghouse Owners Group Emergency Response Guidelines do not consider boric acid charging flow as a parameter to be used by operators during or following an accident. Under these conditions borated water is pumped from the large volume RWST into the RCS. BVPS-2 has designated RWST level, HHSI flow, LHSI flow, containment water level, and emergency core cooling system (ECCS) valve status for monitoring the performance of the ECCS since the ECCS does not normally take suction from the boric acid tank. If boration is used following an accident, qualified charging flow indication and RCS sampling are used to demonstrate that the RCS is being adequately borated.

10. The installed instrumentation is designed to Category 3 criteria and the measured temperature is from 0° to 200°F.

The Westinghouse Owners Group Emergency Response Guidelines do not require operator action based on containment temperature indication, but rather use containment pressure indication, therefore containment temperature is considered a Category 3 parameter, and the existing range is adequate for normal operation.

11. The Westinghouse Owners Group Emergency Response Guidelines do not require operator action based on containment sump water temperature indication. At saturated condition, sump water temperature can be inferred form containment pressure.

Containment spray system valve status and containment spray flow indications are used to demonstrate that the Emergency Core Cooling System is operating properly when taking suction from the containment sump.

12. Note that although these valves are classified as Category 2, the associated instrumentation meets the qualification requirements for Category 1 instrumentation as discussed in FSAR Section 7.5.2.3.1, with the exception of 2CHS*FCV160 and 2CHS*HCV142 (See Table 6.2-60). These valves are closed during normal operation and post-accident conditions, and are powered from non-Class 1E sources.

10 of 11

BVPS-2 UFSAR Rev. 15 NOTES TO TABLE 7.5-1

13. Under Implementation Date, complete means that this instrumentation already exists in the current design. All instrumentation will be installed by fuel load unless otherwise noted.

14. The main steam pressure transmitters are environmentally qualified for all events with the exception of the arbitrary 2

1.0 ft MSLB in the main steam valve house imposed by NRC-BTP-ASB 3-1. The resultant environment produced by the 1.0 2 ft break exceeds the qualified temperature of the transmitters instrument cable. Failure of the cable has no adverse effect on RPS or SLI signal generation as the cables perform these functions prior to exceeding their qualified temperature. For the purposes of monitoring heat removal during plant cooldown following this specific event alternative Class 1E-powered instrumentation is available in the form of steam generator level, auxiliary feedwater flow, and RCS temperature. These variables provide sufficient indication that the steam generators have been isolated, that level is being maintained, and that primary system heat removal is in progress.

15. The Hi Range Radiation Monitors are environmentally qualified for all events. However, at maximum postulated containment temperatures, accuracy within the lowest two decades (0-50 R/HR) of this monitor may exceed a factor of 2 (Reg. Guide 1.97 criterion). This is an acceptable condition since radiation levels within this range do not affect operator action and verification of actual radiation levels can be obtained using a qualified, backup radiation monitor located outside containment near the personnel hatch.

16. The Type and Category of the listed variables refer to the minimum required categorization, as described in the BVPS submittal to the NRC regarding the station position on RG 1.97. The actual installed devices may meet the qualification standards of a higher variable category (e.g.,

refer to Note 12). WR = Wide range. NR = narrow range.

* =  Range/Status information for radiation is not final.

• • = Sufficient to monitor anticipated rates (refer to Section 12.5.2.2.3).

11 of 11

BVPS-2 UFSAR Rev. 0 TABLE 7.5-2

SUMMARY

OF SELECTION CRITERIA FOR TYPE A,B,C,D, AND E VARIABLES Type Category 1 Category 2 Category 3 A Key variables that are used for diagnosis or providing Variables which provide preferred backup None. information necessary for operator action. information. B Key variables that are used for monitoring the process of Variables which provide preferred backup Variables which provide backup information. accomplishing or maintaining critical safety functions. information. C Key variables that are used for monitoring the potential Variables which provide preferred backup Variables which provide backup information.. for breach of a fission product barrier. information. D None. Key variables which are used for monitoring the Variables which provide preferred backup information performance of BVPS-2 systems. which are used for monitoring the performance of BVPS-2 systems. E None. Key variables for use in monitoring the habitability of Variables to be monitored which provide preferred the main control room; estimating the magnitude of backup information for use in determining the the release of radioactive material through identified magnitude of the release of radioactive materials and pathways and continually assessing such releases; for continuously assessing such releases. and monitoring and estimating radiation and radioactivity in the environment surrounding BVPS-2. 1 of 1

BVPS-2 UFSAR Rev. 0 TABLE 7.5-3

SUMMARY

OF DESIGN, QUALIFICATION, AND INTERFACE REQUIREMENTS Qualification Category 1 Category 2 Category 3 Environmental Yes As appropriate No (Section 7.5.2.3.2.2) Seismic Yes As appropriate No (Section 7.5.2.3.2.2) Design Single Yes No No failure criterion Power supply Emergency Highly reliable As required diesel on-site (Section generator 7.5.2.3.3.3) Channel-out- Technical Technical As required of-service Specifications Specifications (Section 7.5.2.3.3.3) Testability Yes Yes As required (Section 7.5.2.3.3.3) Interface Minimum Immediately Demand Demand indication accessible Recording Yes As required As required (Section (Section 7.5.2.3.2.4) 7.5.2.3.3.4) 1 of 1

BVPS-2 UFSAR Rev. 0 TABLE 7.5-4

SUMMARY

OF TYPE A VARIABLES Variable Type/ Variable Function Category RCS pressure (WR) Key A1 RCS hot leg (Thot) (WR) Key A1 RCS cold leg (Tcold) (WR) Key A1 Steam generator level (WR) Key A1 Steam generator level (NR) Key A1 Pressurizer level Key A1 Containment pressure Key A1 Steamline pressure Key A1 Containment water level (WR) Key A1 Containment water level (NR) Key A1 Primary plant DWST level Key A1 Auxiliary feedwater flow Key A1 Containment area radiation level (HR) Key A1 Core exit temperature Key A1 Secondary system radiation level Key A1 RCS subcooling Backup (P) A2 NOTES: WR = Wide range. NR = Narrow range. HR = High range. P = Preferred. 1 of 1

BVPS-2 UFSAR Rev. 0 TABLE 7.5-5

SUMMARY

OF TYPE B VARIABLES Function Variable Type/ Monitored Variable Function Category Reactivity Neutron flux Key B1 control Thot (WR) Backup (P) B2 Backup (P) B2 Tcold (WR) Control rod position Backup B3 Reactor RCS pressure(WR) Key B1 coolant system Containment pressure Backup (P) B2 pressure Containment area Backup (P) B2 control radiation level (high range) Secondary system Backup (P) B2 radiation level Reactor Pressurizer level Key B1 coolant Reactor vessel level Backup (P) B2 inventory instrumentation system control Containment water level Backup (P) B2 (NR) Containment water level Backup (P) B2 (WR) Steam generator Backup (P) B2 level (WR) Reactor core Core exit temperature Key B1 cooling Thot (WR) Backup (P) B2 Tcold (WR) Backup (P) B2 RCS pressure (WR) Backup (P) B2 RCS subcooling Backup (P) B2 Reactor vessel level Backup (P) B2 Instrumentation system Heat Sink Steam generator Key B1 maintenance level (NR) Steam generator Key B1 level (WR) Auxiliary feedwater flow Key B1 Core exit temperature Key B1 Steamline pressure Key B1 Main steamline isolation Backup(P) B2 and bypass valve status 1 of 2

BVPS-2 UFSAR Rev. 0 TABLE 7.5-5 (CONTD) Function Variable Type/ Monitored Variable Function Categor y Containment Containment pressure Key B1 environment Containment area Key B1 radiation level (high range) Containment water Key B1 level (NR) Containment water Key B1 level (WR) Containment hydrogen Key B1 concentration NOTES: WR = Wide range. NR = Narrow range. P = Preferred. 2 of 2

BVPS-2 UFSAR Rev. 0 TABLE 7.5-6

SUMMARY

OF TYPE C VARIABLES Function Monitored Variable Type/ Variable Condition Function Category In-core fuel clad Core exit temperature Potential for Key C1 Reactor vessel level breach instrumentation Potential for Backup (P) C2 system breach Primary coolant Actual breach Backup C3 activity RCS boundary RCS pressure(WR) Potential for Key C1 breach RCS pressure (WR) Actual breach Backup (P) C2 Containment pressure Actual breach Backup (P) C2 Containment water Actual breach Backup (P) C2 level (NR) Containment water Actual breach Backup (P) C2 level (WR) Containment Containment pressure Potential for Key C1 boundary (extended range) breach Containment hydrogen Potential for Key C1 concentration breach Plant vent radiation Actual breach Backup (P) C2 level Containment isolation Actual breach Backup (P) C2 valve status Containment pressure Actual breach Backup (P)) C2 (extended range) Site environmental Actual breach Backup C3 radiation level NOTES: WR = Wide range. NR = Narrow range. P = Preferred. 1 of 1

BVPS-2 UFSAR Rev. 0 TABLE 7.5-7

SUMMARY

OF TYPE D VARIABLES Variable Type/ System Variable Function Category Pressurizer PORV status Key D2 level and Safety valve status Key D2 pressure Pressurizer level Key D2 control RCS pressure (WR) Key D2 Pressurizer heater Key D2 power availability Chemical and Charging system flow Key D2 volume control Letdown flow Key D2 system Volume control tank Key D2 level Seal injection flow Key D2 CVCS valve status Key D2 Secondary S/G atmospheric steam Key D2 pressure and dump valve status level control S/G safety valve Key D2 status MSIV and bypass valve Key D2 status S/G blowdown isolation Key D2 valve status Steamline pressure Key D2 Auxiliary feedwater Key D2 flow S/G level (NR) Key D2 S/G level (WR) Key D2 Main feedwater control Key D2 and bypass valve status Main feedwater Key D2 isolation valve status Main feedwater flow Key D2 Decay heat removal Key D2 valve status Emergency core RWST level Key D2 cooling sytstem HHSI and LHSI flow Key D2 Containment water Key D2 level (NR) Containment water Key D2 level (WR) ECCS valve status Key D2 1 of 3

BVPS-2 UFSAR Rev. 0 TABLE 7.5-7 (Cont) Variable Type/ System Variable Function Category Auxiliary feed Auxiliary feedwater flow Key D2 Auxiliary feedwater valve status Key D2 Primary Plant DWST level Key D2 Containment Containment spray flow Key D2 Containment water level Key D2 (WR) and (NR) Containment spray system Key D2 valve status Containment pressure Key D2 Component Header pressure Key D2 cooling water Header temperature Key D2 system Surge tank level Key D2 CCW flow Key D2 Valve status Key D2 Service water Valve status Key D2 system System pressure Key D2 RHR system Heat exchanger discharge Key D2 temperature Flow Key D2 Valve status Key D2 RCS pressure (WR) Key D2 HVAC systems Environment to ESF Key D2 components Electrical power Ac/dc vital instrument Key D2 voltage Verification of Reactor trip breaker Key D2 automatic position actuation of Turbine stop valve Key D2 safety systems position Turbine throttle valve Key D2 position Motor-driven auxiliary Key D2 feedwater pump status Turbine-driven auxiliary Key D2 feedwater pump (steam admission valve status) 2 of 3

BVPS-2 UFSAR Rev. 0 TABLE 7.5-7 (Cont) Variable Type/ System Variable Function Category Safety injection pump Key D2 status Service water pump Key D2 status CCW pump status Key D2 Containment isolation Key D2 valve status NOTES: WR = Wide range. NR = Narrow range. 3 of 3

BVPS-2 UFSAR Rev. 0 TABLE 7.5-8

SUMMARY

OF TYPE E VARIABLES Variable Type/ Variable Function Category Containment area radiation level Key E2 (high range) Plant vent radiation level Key E2 Secondary system - main steamline Key E2 radiation level Control room radiation level Key E2 Site environmental radiation level Backup (P) E3 Service water to recirculation heat Key E2 exchanger - concentration from liquid pathways Plant vent air flow rate Key E2 Air ejector discharge radiation Backup (P) E3 level Air ejector delay bed exhaust Backup (P) E3 radiation level Meteorological parameters Backup (P) E3 NOTE: P = Preferred. 1 of 1

BVPS-2 UFSAR Rev. 0 TABLE 7.5-9 Summary of Variables and Categories Variable Type and Category Type Type Type Type Type A B C D E RCS pressure (WR) 1 1,2 1,2 2 Thot (WR) 1 2 Tcold (WR) 1 2 S/G level (WR) 1 1,2 2 S/G level (NR) 1 1 2 Pressurizer level 1 1 2 Containment pressure 1 1,2 2 2 Steamline pressure 1 1 2 RWST level 2 Containment water level 1 1,2 2 2 (WR and NR) Primary Plant DWST level 1 2 Auxiliary feedwater flow 1 1 2 Containment radiation level 1 1,2 2 (High range) Secondary system - main 1 2 2 steamline radiation Core exit temperature 1 1 1 RCS subcooling 2 2 Neutron flux 1 Reactor vessel level 2 2 instrumentation system Containment isolation valve 2 2 status Control rod position 3 Containment hydrogen 1 1 concentration Containment pressure 1,2 (extended range) Primary coolant activity 3 Plant vent radiation level 2 2 Site environmental radiation 3 3 level PORV valve status 2 Primary safety valve status 2 Pressurizer heater power 2 availability Charging system flow 2 Letdown flow 2 Volume control tank level 2 CVCS valve status 2 1 of 3

BVPS-2 UFSAR Rev. 0 TABLE 7.5-9 (CONTD) Variable Type and Category Type Type Type Type Type A B C D E RCP seal injection flow 2 S/G atmospheric PORV status 2 Main steamline isol valve 2 2 status Main steamline bypass valve 2 2 status S/G safety valve status 2 Main feedwater control valve status 2 Main feedwater control bypass 2 valve status Main feedwater isolation 2 valve status Main feedwater flow 2 S/G blowdown isolation 2 valve status Decay heat removal valve 2 status HHSI flow 2 LHSI flow 2 ECCS valve status 2 Auxiliary feedwater valve 2 status Containment spray flow 2 Containment spray systems 2 valve status CCW header pressure 2 CCW header temperature 2 CCW surge tank level 2 CCW flow 2 CCW valve status 2 Service water system pressure 2 Service water system valve 2 status RHR heat exchanger discharge 2 temperature RHR flow 2 RHR valve status 2 ESF environment 2 Ac/dc vital instrument 2 voltage 2 of 3

BVPS-2 UFSAR Rev. 0 TABLE 7.5-9 (CONTD) Variable Type and Category Type Type Type Type Type A B C D E Reactor trip breaker position 2 Turbine stop valve position 2 Turbine throttle valve 2 position Motor-driven auxiliary 2 feedwater pump status Turbine-driven auxiliary 2 feedwater pump (steam admission valve status) Safety injection pump status 2 Service water pump status 2 CCW pump status 2 Control room radiation level 2 Plant vent air flow rate 2 Meteorological parameters 3 Air ejector discharge 3 radiation level Air ejector delay bed 3 exhaust radiation level concentration from Service water to 2 recirculation heat exchanger - concentration from liquid pathways NOTES: WR = Wide range. NR = Narrow range. 3 of 3

BVPS-2 UFSAR Rev. 0 TABLE 7.5-10 BYPASSED AND INOPERABLE STATUS INDICATION System Residual heat removal Auxiliary feedwater High head safety injection Safety injection accumulators (Train A only) Low head safety injection Quench spray Recirculation spray Containment penetration Service water Primary component cooling Fuel pool cooling Solid state protection Vital instrumentation electrical Main control room ventilation isolation Control building ventilation Safeguards area ventilation Cable vault and rod control area ventilation Supplementary leak collection Auxiliary building ventilation Emergency switchtgear area ventilation Battery room ventilation Emergency diesel generator Emergency diesel generator support 4,160 V emergency electrical 480 V emergency electrical 125 V dc emergency electrical Intake structure ventilation Bypassed inoperable status indication inhibited (indicating light only) 1 of 1

souICE CONDITION CONTROL ACT ION 1>40NITOR RESULTANT OITOI 2FWS~HYV157A(AO) T.0. FOW ISOL V¥. COU. Pll. UNAYAIL/111 OPEl 2FWS ~ HYV 157.1.{ AO) l Y5000D FDW ISOLATION VALVE ~~BY OTHERS NOT FULLY CLOSED T.D. 2FWS HYV 157B( BO) FDW ISOL YY. COlT. PIR. UUIL/BIR OPEl TRAIN A FEEDWATER ISOL SYS 2FWS* HYV 157B( BO) I Y5001D INOPERABLE INPUTS FDW ISOLATION VALVE FIG. 7.5-14 NOT FULLY CLOSED 2FWS ~HYV 157C( CO) T.D. FDW ISOL VY. COlT. PIR. UIAVAI L/ BlR OPE I 2FWS~HYV157C(CO) Y5002D FDW ISOLATION VALVE NOT FULLY CLOSED BISI INHIBITED TRAIN A ESF ACTUATION Y0404D BISI INHIBITED TRAIN B NOTES: I, COMPUTER OUTPUTS TO THE BYPASS INDICATORS ARE TO BE INil IBITED BY THE SSON PROGRAM WIIENEVER CtlofPUTER ADDRESS POINT YOijO~D IS IN THE ALARM STATE (=1). ESF ACTUATION IS COMMON TO TRAIN A AND TRAIN B.

2. PUSHBUTTON~ SHOWN IN THIS SERIES OF DRAWINGS ACT AS FIGURE 7.5-1 BYPASS INDICATORS AND WILL BE BACK-LIT BY MANUAL BYPASSED AND INOPERABLE STATUS ACTIVATION, OR BY OUTPUT FROM THE PCS.

INDICATION- LOGIC 01 AGRAM BEAVER VALLEY POWER STATION- UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION C'*lii:OL ACT I 011 MONITOR RESULTANT **ITOI 2CCP )E-MOV 177-1 { 80) MMS HEADER ISOLATION NOT FULLY CLOSED I Y5222D( 23D) 2CCP*NOY177-1 (BO) SP T.D. TH OL/BKR OPEN 2CCP-)t MDV 177-1 (SO) 2CCPjrMOVI78-I(AO) NilS HEADER !SOL VV NilS HEADER ISOLATION NOT FULLY CLOSED .!!..!!! (  :;> ~y OTH~R~ INOPERABLE FIG. 7. 5-16 Y522110(25D) 2CCP *MDV 178-1 {AD) T .o. TH OL/BKR OPEN SP 2CCP~ MDV 178 -I 2CCP*MOV 175-1 ( BO) NilS HEADER !SOL YV NNS HEADER ISOL.ATIOH INOPERABLE NOT FULLY CLOSED Ftq. 7.5-16 Y5226D(27D) T.o. 2CCP:*MOVI75-1 {BO) TH OL/BKR OPEN SP 2CCP~ MOVI75-I { 80) 2CCP*MOVI76-1 {AO) NilS HEADER !SOL VV NilS HEADER ISOLATION NOT FULLY CLOSED FIG. 7.5-16 Y52280(290) 2CCP~OVI76-I(AO) SP T.o. TH OL/BKR OPEN 2CCP* MDV 176-1 (AD} 2CC P* MOV 118 {ZOl 11115 HEADER !SOL VY NNS !SOL VALVE I MOPERA BL.E NOT fUllY CLOSED FIG. 7.5-16 Y7102D {03D, 04D J 2CCP* MOV 118 { ZOl T. D. TH Ol/ BlR OPEN SP 2CC P* MOY 118 { ZO) NIS !SOL VAlVE IMOP ERA Bl£ NOTES: FIG. 7.5- 16

1. LOGIC FOR TRAIN A INDICATOR SHOWN, LOGIC FOR TRAIN B INDICATOR SIMILAR.

2. ASSOC lATED EQU I PMENT MlRK NUMBERS :

T~IM A T~M~IN~B_______ F I GU RE 7. 5 - 2 2CC P~MOV 177 -I ( 80) 2CCP~ MDV 177-2( BP) 2CCP *MDV 178-1 (AD) 2CCP*:MOV 178-2(AP) BYPASSED AND INOPERABLE STATUS 2CCP i't:MOV 175-1 ( BDJ 2CCP.MOVj 75-2{ BP) INDICATION-LOGIC DIAGRAM 2CCP~OV!76-I(AD 2CCP~MOV176-2{AP) 2CCPf.MOVII8 1ZO ~~&PfMOV119 IZPJ BEAVER VALLEY POWER STATION-UNIT 2 3, SEE MOTE I 011 FIG. 7.5-1, p MOVI 20 lZPI FINAL SAFETY ANALYSIS REPORT

SMCE COMO IT ION COMTR OL ACTI ON MOM IT OR MO*ITOI 2S IS* MOY8~2( -P) COHT ISOLATION VY NOT FULLY CLOSED 7 MOTE I Y52350 2S 1S~ MOY8~2( -P) r.o, TH OL/BKR OPEN BY S&W BY OTHERS 2CHS MOV378 (-0) COHT ISOLATION VV MOT FULLY CLOSED TRAIN A CIA SYSTEM INOPERABLE INPUTS 2CHS x-MOV378 (-0) Y5236D{ 370) FIG. 7.5-14 T,D, TH OL/BKR OPEN 2SWS~MOVI07A{AO) MMS HEADER ISOL VV 2SWS ~MDV I07A {AO) MP RABLE NNS HEADER !SOL VV FIG. 7.5-16 NOT FULLY CLOSED Y5238D(39D) 2SWS:* MDV I07A( AD) T,O, TH OL/BKR OPEN  ; 2SWS~MOVI07C(BO)

                                                         .------------------1              MMS HEADER ISOL VV 2SWS;tMOVI07C{BO)                                                                 INOPERABLE FIG. 7.5-.!5 NNS HEADER !SOL VV NOT FULLY CLOSED Y5211-0D(IliD) 2S'IIS~MOVI07C{BO)

T,o, COMTAIMMEMT ISOLATION PHASE A SYSTEM INOPERABLE INPUTS TH Ol/BKR OPEN MOTES:

2. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A T.LilR.a.AL.lllN.....~B~-- 25 IS*MOV81l2( -P) 2CHS*MOV 378( -0) 2CHS Jt-MOV381 (-P) 2SWS*MOV I07A(AO) 2SWS~MOVI07B(AP) 2SWS'*MOVI07C(BO) 2SWS *MDV I070( BP)

3. SEE MOTE il ON FIG. 7. 5 -!.

FIGURE 7.5-3 BYPASSED AND INOPERABLE STATUS INDICATION- LOG\ C DIAGRAM BEAVER VALLEY POWER STATION -UNIT 2 FINAL SAFETY ANALYSIS REPORT

No. 10080-LSk-27-300 1 I 2 I 3 I 4 I 5 I 6 I 7 I 8 SOURCE CONDITION MONITOR RESULTANT MONITOR A A B B 7 2SWS-MOV15Z* HBOii-CONTAINMEN~ !_SOLA TI~ SP I 33 ""' ""' NOT FULLy CLOSED \ I\ .... f----, c j8\ AND ~----------------------~--~~======~---------~~ I I (t'5032D(33DJ) 49 1\ X T.D. 2SWS-MOV152-HBOV TH OL/BKR UI-'EN

                                                                                                                                                                                                                      ....                                                                                                                        I *. I 8 \

1 c I I I c I I I 7 2SWS-MOV155-l<BO> I 33 CONTAINMENT ISOLATION SP I """ NOT FULLY CLOSED I C I If TRAIN A AND ~-------------------~*-~._~====~-----------~~~ OR CIB SYSTEM 7

                                                                                                                                                                                                                                                                                                                                                                                                                                              .,. 1'-..___,                                                                                                                                                                                                     -
                      -                                                                                                                                                                                                                                                                                                                            I                                                                                                                                                          INOPERABLE INPUTS
                                                                                                                                                                                                                      ...                                                                                                                         I     Y5038DC3CJO) 49 X

T.D. 2SWS-MOV165- 1<80) TH Ol/BKR OPEN .... ""'BY S&W . I 1 BY OTHERS LSK-27-30P lllllli! i I I

                      -------------------------------------------------------------------------------------------------~

D 2 LSK-27-30E INOPERABLE INPUTS NOTES:

                                                                                                                                                                                                                                                                                                                                                                                                                                              -                                                                                                                                                                                                                        D

l. LOGIC FOR TRAIN A BYPASS INDICATOR SHOWN.

LOGIC FOR TRAIN B BYPASS INDICATOR SIMILAR.

2. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 1-- - 2SWS-MOV152-HBOl 2SWS-MOV152-2<BPl .~ [~~~~-=~~~ 2SWS-MOV155-HBOl 2SWS-MOV155-2<BPl

3. SEE NOTE 1 ON LSK-27-30A.

4. All ASTERISKS <*lHAVE BEEN REPLACED BY DASHES.

REFER TO THE ASSET EQUIPMENT LIST CAEU AS THE OFFICIAL LISTING OF ANY ASSET'S QA CATEGORY. UFSAR FIGURE 7.5-4 E O.M. FIGURE 47-23 E FENOC RRSTENERGY NUCLEAR OPERATING COMPANY BEAVER VALLEY POWER STATION UNIT 2 11-1-01 FINAL APP. LOGIC DIAGRAM - BYPASSED AND INOPERABLE STATUS INDICATION SCALE DATE ARCH ..6PP. 1 - - - - - = - - - " - ' = - - - t - - - - - - + - - - - - - l F O R ISSUE NTS DRAWN BY R.W.ROTH £LECT.AF'P. N/A MGR/

                                                                                                                                                                                                                                                                                                                                                                                                                                          ~--~~~~-----+-----~TG~~RO~~"~*~---,.~~~-l-0_0_0_14,--A-r-o=wc~.N~o-.------------,,"~"v~.

DF"G.ICHI< RJK TGZ MECH.~. ENGR.ICHK N/A CIVIL M'P. 12-1-01 ~g-P. 10080-LSK-27-30D 8 5 6 7 I i-------------1_______ 1 _______ 2_______ 1 ______ 3_______ 1 _______ 4_ PRePAReD ON ~ CA£001 I I ll-APR-2005 13:41 K:\u2\l270300d.dgn THe ENP$ ~ SfSTeM ---K------------------------***********-----------------------------*********-------------------*********O*o************------********************************************************------------**************OoOOOOO__________________________________________ OO*OO*O********OO*OOO**********************---------------------------------*****************oOOoOOOO*O*o**********oOOOO********O*************************************-------****OOoo*******************-----------*******************-------------------------*****************--------------------********----------************------------***********0000*****************--------------------------*----.

COHO ITI ON CONTROL ACliON t<<lNITOR RESULTANT MONITOR SOURCE 2CCP *MDV I S0-2(AO) CONTAINMENT ISOLAfiOM NOT FULLY CLOSED 1---~ I 2CCP* MOV 150-2 (AD) I Y504Z 0 (q3 D) TD TH OL/BKR OPEN BY S&W~BY OTHERS 2CC~* MOV I 51-1 ( BO) CONT AI NMENT I SO LA Tl 0 N 1-----Plil NOT FULLY CLOSED TO 2CCP'*MDV 151-I(BO} I Y50~~D (ll50) TH OL/BKR OPEN 2CCP

• MOV 156-2 (A 0)

CONTA I MMENT I SOL AT I OM ~-~ MOT FULLY CLOSED 2CCP* MDV I 56- 2( A0) 1 Y501l60 ( ~70) TO TH OL/BKR OPEN I 2CC1"*MOV I 57-1 ( BO) CONTA 1NMEMT I SOLA Tl OM MOT FULLY CLOSED 1---~ I TO 2CCP *MDV 157-l ( BO) TH OL/BKR OPEN I Y501J.BD ( ll9D) INOPERABLE INPUTS FIG. 7.5-4 _j CONTAINMENT ISOLATION PHASE B SYSTEM INOPERABLE INPUTS r I FIG. 7.5-11 2QSS *MDV I 0 l A{ AO) QUENCH PUMP DISCH. NOTES: 1. ASSOCIATED EQUIPMENT MARK NUMBERS: INOPERABLE TRAIN A i TRAIN B 2RSS -l-MO V!55A( AD) 2CCP~ MOY! 50-?( AO) 2CC P'I': MDV~ 50-l ( AP) FIG. 7. 5- 12 2CCP *MOY!51-! {BO) 2CCP4:MOY!51-2(BP) RECIRC. PUMP SUCT. INOPERABLE 2CC P~NOV! Ss-2 ( A.O) 2CCP J:M()y 1. 56-J (A!'} 2CCP :fd40V !57-I ( BO) 2CCP~MOY! 57 -2{ BP) 2QSS*MOY!O I A( AD) 2QSS~V I_ 0 I B( BP) 2RSS *MOVI55C( CO) FIG. 7.5-13 2RSS ~MDV! ~SA ( AO) ,2RSSJ.,MOY! 558 ( BP) RECIRC. PUMP SUCT. 2RSS j( MDV! SSC( CO} 2RSS4.MOY! 550( DP) INOPERABLE 2RSS *MOV!$6A(AO) 2RSSW::MOY! 568( BP) 2RSS~MOYI56C(CO) 2RSS~MOYI56D(DP} FIG. 7.5-12 2RSS *:MDV 156A{ AD} RECIRC. PUMP DISCH. INOPERABLE FIG. 7.5-13 2RSS *MDV 156C {CO) RECIRC. PUMP DISCH. INOPERABLE Fl GURE 7.5-5 BYPASSED AND INOPERABLE STATUS INDICATION- LOG! C DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTI ON MONITOR RESULTANT MONITOR BY S&W BY OTHERS A5156D(57D) FIG. 7.5-16 TRAIN .A. PRI. COMP. COOL. WTR. SYS. 1-----.-l , PB TRAIN A RESIDUAL HEAT REMOVAL INOPERABLE L---~=----- It . _ _ _ _ __ 2RHS* P21 A (AD) RHS PUMP NOTE I INOPERABLE I I REACTOR COOLANT TEMP, < 350°F ACAVT (ACCUMULATOR MONITORING PROGRAM) TRAIN A RESID, HT, REMOVAL SYs--t-----+3t' L- ---=:::::=:::..;:::;:;::::::;:~::::: ----- - - - - - - - - - - -----. 2RHS~MOV701A (AD) INOPERABLE RHS A INLET ISOL. VV, \.-----------------___:---4t-..:=====----~ TH OL/BKR OPEN 2RHS*MOV702A (AP) RHS A INLET ISOL, VV, TH OL/BKR OPEN 2RHS *MOV702.A( AD) I YSI ij6Q( ~70) RHS A OUTLET ISOL VV, TH OL/BKR OPEN RESIDUAL HEAT REMOVAL SYSTEM INOPERABLE/BYPASS INDICATOR TO YSI ~80( ~90) TO Y515ij0(550) q.. ASSOCIATED EQUIFt.tENT NA"K NUMBERS: NOTES: 1. flREAKER RACKED OUT, CONTROL SWITCH IN "PULL TO LOCKOUT," TRAIN A TRAIN B OR LOSS OF CONTROL POWER, 2, LOGIC FOR TRAIN A BYPASS INDICATOR SHOWN, 2RHS-lfP21 A(AO) 2RHS* P21 B( BO) LOGIC FOR TRAIN B BYPASS INDICATOR SIMILAR, 2RHS.Aii_MOV70 IA(AD) 2RHS'* MOV701 B( SO) {BP) 2RHS*" MOV702A(AP) (AD) ZRHS)Ir<MDV702B(BP) 3, SEE NOTES I AND 2 ON FIG. 7. 5 -I. 2RHS?ir<:MOV720A(AO} 2RHS* MOV720B( BP) FIGURE 7. 5-6 2CCP~MOVII2A(AD) 2CCP~MOVII2B(BP) BYPASSED AND INOPERABLE STATUS INDICATION- LOGIC DIAGRAM BEAVER VALLEY POWER STATION- UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACT ION MO_NITOR RESULTANT MONITOR A51720 (73D) SAFETY SYSTEM TRAIN A INOPERABLE I 2HiE* P22 TURB DRIVEN AUX FEED PP. TRAIN A J INOPERABLE AUX. FEED SYST91 INOPERABLE 2FWE* P23A (AO) AUX FEED PUMP I MOTE I INOPERABLE 2FWE* HCV IOOA (AO) TO AUX, FEED CONTROL TH OL/BKR OPEN 2FWE* HCV I OOA (AO) AUX, FEED CONTROL NOT FULLY OPEN AUXILIARY FEEDWATER SY$TEM INOPERABLE/BYPASS INDICATOR 2FWE* HCV IOOC (AD) TD AUX. FEED CONTROL TH OL/BRK OPEN 2FW~ HCV!OOC {AO) AUX. FEED CONTROL NOT FULLY OPEN 2FW~ HCVIOOE {AO) TD AUX. FEED CONTROL TH OL/BKR OPEN 2FWE~HCVIOOE (AO) AUX, FEED CONTROL NOT FULLY OPEN NOTES: 1. BREAKER RACKED OUT, CONTROL SWITCH IN "PULL TO LOCKOUT,ft OR LOSS OF ~ONTROL POWER. 5. INPUT EXISTS WHENEVER OVERSPEED LATCH BAR ON THE

2. LOGIC FOR TRAIN A INDICATOR SHOWN, LOGIC FOR TRAIN B INDICATOR SIMILAR. TURBINE KAS NOT BEEN RESET. THIS INPUT APPLIES TO THE TRAIN A BYPASS INDICATOR ONLY.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 2FWE*P22 2FWE'* P23B( BP) 2FWE* P23A(AO) 2FWE~HCVIOOB{BP)(BW) 2FWE-* HCV IOOA(AO) (AR) 2FWE~HCVIOOD(BP){BW) FIGURE 7.5-7 2FWE~HCVtOOC{AO)(AR) 2FWE~HCVIOOF(BP){BW) BYPASSED AND INOPERABLE STATUS 2FWE~HCVIOOE(AO)(AR) INDICATION -LOGIC D lA GRAM ll, SEE NOTES I AND 2 ON FIG. 7.5-1, BEAVER VALLEY POWER STAT ION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

RESULTANT MONITOR REV.7 CONDIT IOM CONTROL ACTION MONITOR SOURCE A526~0 (65D) PB TRAIN A HIGH HEAD SAFETY INJECTION I I II SAFETY SYSTEM TRAIN A 1I ~~~~INOPERABLE I ~ II f TRAIN A HIGH HEAD Sl SY~TEM lCHS *Pl1 ~ l ~0) INOPERABLE Y5252 D1530} CH~RGING PUMP NOTE 1 INOPER~B LE 2CHS* MOV 8130A (l 0) Y5258D (59D) HIGH HEAD SAFETY INJECfiON SYSTEM INOPERABLE/BYPASS INDICATOR SUCTiON HEADER !SOL. NOT FULLY OPEN 2CHS:* MOV8130B (ZP) Y5260D (61D) SUCTION HEADER !SOL, NOT FULLY OPEN 2CHS*- P21 C (SO) Y5262D {63D) _j CHARGING PUMP MOTE 5 INOPERABLE (ON BUS 2AE

                                                                    ------1=--

BY S&W BY OTHERS FIG. 7.5-9 INOPERABLE INPUTS NOTES : I

• BREAKER RACKED OUT, CONTROL SWITCH IH "PULL TO LOCKOUT, n OR, LOSS OF CONTROL POWER.

2. LOGIC FOR TRAIN A BYPASS INDICATOR SHOWN, LOGIC FOR TRAIN B BYPASS INDICATOR SIMILAR, 3, SEE NOTES I AND 2 0II FIG. 7.5-1.

       ~. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 2CHS*P21A (AO) 2CHS* P2l B ( BP) 2CHS*P21C (SO), BUS 2AE 2CHS*P21C {SP) BUS 2DF FIGURE 7.5-8 2CHS~OV8130A (ZO) 2CHS* MOV8131 A (ZO) 2CHS~MOV8130B (ZP) BYPASSED AND INOPERABLE STATUS

• 2CHS*.MOV8131 B (ZP)

                                               **                                                                                                        INDICATION -LOGIC Dl AGRAM 2CHS MOV 380~ lAO)           2CH S MOV 380 B lBO I lCHS MOV 383A ( ~p 1         2CHS MOV 383 B l BOI                                                                                             BEAVER VALLEY POWER STATION -UN IT 2 FINAL SAFETY ANALYSIS REPORT

5. BREAKER R~CKEO OUT, CONTROL SWITCH IN' PULL TO LOCK: LOSS OF CONTROL POWER, OR P21 A BREAKER RACKED IN.

CONOITION MONITOR RESULTANT MOH ITOR SOURCE 2CHS. LCV IISB (AD) BY S&W .....J._BY CHA, PMP, RWST SUCTION TeTHERS NOT FULLY OPEN Y52660 (670) I TO 2CHS--fLCVII58 {AO) TH OL/BKR OPEN 2CHS~LCVIISC (-0) a<<J,f'M',VOL, COKT. TK, NOT FULLY CLOSED Y5268D (690) 2CHS~LCVII5C {-o) TO TH OL/BKR OPEN INOPERABLE ~NPUTS FIG. 7.5-8 2S ISlf M0¥867 A (IO) HHSI INJECTION VALVE NOT FULLY OPEN Y52700 {71 D) 2SIS~MOV867A {ZO) TO HHSI INJECTION VALVE TH OL/BKR OPEN HIGH HEAD SAFEJY INJECTION SYSTEM INOPERABLE INPUTS 2SIS~MOV867C {ZO) HHSI INJECTION VALVE NOT FULLY OPEN Y5272D (730} 2SIS~MOV867C (ZO) HHSI INJECTION VALVE TH OL/BKR OPEN 2SIS*MOV8ql {ZP) HHS I IMJECT l ON VALVE TH OL/BKR OPEN Y052qo I SIMILAR 2SIS~OV8ql {ZP) I HHSI INJECTION VALVE INPUT FROM SAFETY INJECTION I ACCUM, C NOT FULLY OPEN  !------+~ACCUMULATORS I SIMILAR INOPERABLE

1. LOGIC FOR TRAIN A INPUTS ~----------------------------_j INPUT FROM ACCUM. B SHOWN, LOGIC FOR TRAIN B I Sl ACCUMULATOR A FROM ACCUMULATOR MONITORING PROGRAM Sl ACCUMULATORS INOP{BYPASS INPUTS SIMILAR, I 1M ALARM r----------

                                                                   ~:.:.:.:.::...:.:.:..:.:.:.:::.::.::..;,.,:.:::...:.:.:~...:.:.:....:...:.....:..:.:..~,;__---------,~-----t?j                                                 INDICATOR (MOTE 2)

2. ONLY OtiE BYPASS INDICATOR {_ -~

EXISTS FOR wSAFETY INJECTIO ACCII4UUTORS,w - - - - - - - - - - - - - - - ____ _! PB I

3. ASSOCIATED EQUIP. MARK NUMBERS: q, SEE MOTES I AND 2 OM fiG.1.5*1. Sl ACCUMULATORS \.-~===--~~ A5QqQD T!U.!N A TRAIN B t---------------------' FIGURE 7.5-9 2CHS1' LCV II SB{AO) 2CHSI:' LCV II SO( BP) BYPASSED AND INOPERABLE STATUS 2CHS,W.LCVIISC{-O) 2CHS ... LCVIISE{-P) 2SIS~MOV867A(ZO} 2SIS~MOVB67B(ZP) INDICATION-LOGIC DIAGRAM 2S IS .. MOV867C( ZO) 2S IS It M0¥8670{ ZP) BEAVER VALLEY POWER STATION- UNIT 2 2S IS.M0¥8~1 l ZP\ FINAL SAFETY ANALYSIS REPORT

SOURCE COMO ITION CONTROL ACTION MONITOR RESULTANT MOM ITOll: ASI300 (310) PB TRAIN A LOW HEAD SAFETY YSI200 {210) INJECTION SAFETY SYSTEM TRAIN A 2SIS*P21J.. (AO) YSI22D (230) ....___.._........._. INOPERABLE NOTE I LOW HEAD SI PUMP I INOPERABLE 2SJS~MOV8809A (AO) Y5124-D ( ZSD) TRAIN A LHSI PUMP SUCTION l--------+3l!LOW HEAD Sl SYStEM MOT FULLY OPEN INOPERABLE 2SIS;EMOV8888A (AO) Y5126D {27D) PlMP DISCH. TO COLD tmS NOT FULLY OPEN LOW HEAD SAFETY IMJECTIPN SYSTEM INOPERABLE{BYPASS INDICATOR 2SI~MOV8890A (AO) Y5128D {290) TD I PUoF MIN Fl.O!rf RECIRC, TH OL BKR OPEN I I I BY S&W +BY OTHERS I* BREAKER RACKED OUT, CONTROL SWITCH IN "PULL TO LOCKOUT~ OR, LOSS OF CONTROL POWER.

2. LOGIC FOR TRAIN A BYPASS INDICATOR SHOWN, LOGIC FOR TRAIN B BYPASS INDICATOR SIMILAR.

3. ASSOCIATED EQUIPMENT NARK NUMBERS:

TRAIN A 2StS* P21A (AO) 2SIS~P21B {SP) 2SIS~MOV8809A (AO) 2SIS~MOY8809B (BP) 2SIS~NOY8888A (AO) 2SIS~MOY8888B {BP) 2S IS* MOY8890A (AO) 2S IS* MOV 88908 {BP)

q. SEE NOTE I AND 2 011 FIG. 7.5 -I.

FIGURE 7.5-10 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 18 SOURCE CONDITION CONTROL ACTION MONITOR RESULTANT MONITOR A!11174DI7!101 20SS-MDYIIIACAOI llUEIICH ....... DISCH. NOT Fu.LY c:ft:N 20SS*MDYIIIACAOI TH 01../IICR c:ft:N 20SS-MDYIIIACAOI DUEIICH ....... DISCH. yy, INDI'£R4IILE FIG.7.1-t Dl.ENCH SPRAY SYSTEM INOPERABLE/BYPASS INDICATOR NOTE I NOTES:

1. BREAKER RACKED OUT, CONTROL SWITCH IN "PULL TO LDCICOUT", DR LOSS OF CONTROL POWER.

2. LOGIC FOR TRAIN A BYPASS INDICATOR SHOWN.

LOGIC FOR TRAIN B BYPASS INDICATOR SIMILAR.

3. SEE NOTES I AND 2 ON LSIC-27*31A.

4. ASSOCIATED EQUIPMENT MARIC NlMERSI TRAIN A TRAIN B 20SS-MOVIIIIIAW>> 20SS*MOV1118(8P) 20SS-MOVIIIACAQ) 20SS*MOV1118CBPt 20SS*P21AlAOJ 20SS*P218CBP)

So DENOTES LOSS OF POWER. CONTROL SWITCH IN "PU..L TO LDCI(OIJT", DR MOTOR Tt£RMAL OVERLOAD.

6. ALL ASTERISICS C*t HAVE BEEN REPLACED BY DASt£S.

REFER TO Tt£ ASSET EQUIPMENT LIST IAEU AS Tt£ OFFICIAL LISTING OF ANY ASSET'S QA CATEGORY. UFSAR FIGURE 7.5-11 BYPASSED AND INOPERABLE STATUS INDICATION - LOGIC DIAGRAM BEAVER VALLEY POWER STATION - UNIT 2 UPDATED FINAL SAFElY ANALYSIS REPORT I __________ ~3.:1!~--2~1! _1~*!4_ _______ ~~~u~~~~,!'~9!~!_1!*~ _______________________________________________________________________________________

• _____________________________________________ ;

SOURCE CONDIT ION CONTROL ACT ION NON ITOR RESULTANT MONITOR A50960(97D) SAFETY SYSTEM 2SWSitMOYi06A(AO) TRAIN A CW TO HON-SFGDS LOADS INOP. NOT FULLY CLOSED YS0800(BID) '-----'-....:....>~ TO 2SWS~MOYi06A(AO) TH OL/BKR OPEN l _ _j 2SWS~ MOY i 03A (AD\ CW TO RECIRC.HT.EXCHS. OT FULLY OPEN 2SWS i;:MOYi 03A {AO) TD TH OL/BKR OPEN 2RSS ~MDV i 56 A{ AO) RECIRC. PUMP DISCH. VV 2RSS~MOVi56A(AO) INOPERABLE DISCH. TO SPRAY HDR. FIG. 7.5-5 NOT FULLY OPEN Y50B~D{B5D) TRAIN A RECIRC. SPRAY SYSTEM 2RSS~OVi56A(AO) TH OL/BKR OPEN INOPERABLE TO BY, S&W <3 [> BY OTHERS SP RECIRCULATION SPRAY SYSTEM INOPERABLE/BYPASS INDICATOR 2RS~ NOV i55A ( AO) SUCTION FRON SUMP NOT FULLY OPEN IY50B6D(B7D) TD 2RSSi;:MOV i 55A ( AO) TH OL/BKR OPEN I 2RSS~MOVi55A(AO) RECIRC. PUMP SUCT. VV. I IHOPERABLE 2SWS~MOViO~A{AO) CW OUTLET FR HT EXCH L SOBBO (B9D) HOT FULLY OPEN 2SWS~MOViOSA(AO) y5090D(91D) CW OUTLET FR HT EXCH HOT FULLY OPEN NOTE: 2RSS* P2 i A{ AO) I. REFER TO FIG. 7.5-13. Y5092D(93D) RECIRC. SPRAY PUMP NOTE I INOPERABLE _ _ _ _j FIG. 7.5-13 FLOW PATH C FIGURE 7.5-12 INOPERABLE INPUTS BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 TRAIN A FINAL SAFETY ANALYSIS REPORT FIG. 7.5-15 SERVICE WATER SYSTEM ltWPERABLE

SOURCE CONDIT! ON CONTROL 4CTION MOM IT OR RESULTANT 2RSS~MOV 156C (CO) BY s&w DISCH. TO SPRAY HOR. NOT FULLY OPEN Y5098D(990)

                                                                                                                                                                  . 2RSS .}MQV 156C( CO) 2RSS.. MDV 156C (CO)                                                                      i RECIRC. PUMP DISCH. VV         II FIG. 7.5-5 TO                    TH OL/BKR OPEN                                                                              INOPERABLE
                                                                                                                                                                  . 2RSS*MOV 155C (CO)

RECIRC. PUMP SUCT. VV. 2RSS'f<MOV 155C( CO) , I!!OPERABLE SUCTION FROM SUMP NOT FULLY OPEN YSIOOO(OID) TO 2RSS *-to~OV 155C( CO) TH OL/BKR OPEN 2RSS. MDV IS~C( CO) Y51020(03D) FLOW PATH C TO MIN. FLOW RECIRC. VV. INOPERABLE INPUTS FIG. 7.5-12 TH OL/BKR OPEN 2SWS~ lo!OV IOllC (CO) RECIRCULATION SPRAY SYSTEM Y5101Hl(05D) CW INLET TO HT. EXCK. NOT FULLY OPEN 0-- 2SWS~MOVI05C(CO) C\11 FROM HEAT EXCK. NOT FULLY OPEN Y51060(07D) 2RSS *P21 C( CO) Y510B0(09D) RECIRC. SPRAY PUMP INOPERABLE NOTE I MOTES:

1. BREAKER RACKED OUT, CONTROL SWITCH IN ~PULL TO LOCKOUT," OR LOSS OF CONTROL POWER. 4. SEE NOTES! AND2 ON FIG. 7. 5-I.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAil! A TRAIN B 2RSS ,..._P21 A(AO) +P21 C(CO} 2RSS*- P21 B(BP), ~P21 D( DP) 2RSS olMOV 155A(AO), *MDV 156A(AO) 2RSS"-: MDV 155B( 8P), f-Mov 1568( BP) 2RSS 4-MOV 155C( CO), ~V 156C( CO) 2RSSfd.f()Vl55D{i>P), ~OVI560(DP) 2RSS t MDV 151lC( CO) 2RSSl- MDV 15~0 (OP) FIGURE 7.5-13 2SWS~MOVIOilA(AO), 2SWS~MOYI05A{AO) 2SWS '1<: MDV IOilS {BP) , 2SWSit(.MOV I05 B( BP) 2SWS'i.MOV IOIK:( CO), 2SWS*:-MOV IOSC( CO) 2sws-. MDV IOilD(DP), 2Sws.-:MOV I05D(DP) BYPASSED AND INOPERABLE STATUS 2SWS~OYI03A(AO) 2SWS~OVI03B{BP) INDICATION- LOGIC D I AGRAM 2SWS.;.MOY I06A{AO) 2SWS I:MOV I068( BP) BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONTROL ACTION MONITOR COtiD IT ION RESULTAMT BY OTHERS A5005D(06D) PB TRAIN A COMTA I ICMEMT PEMETRA- >--~~----f~ TION SYSTEM SAFID SYSTEM

                                                                                                                                                                              ._---------rC,~            IRA IN A J'  ~   INOPERABLE
                                                                                                                                                                                                        ..L TRAINA CNWT PEMETRA SYSTEMS INOPERABLE 1--------------~                  C ,CRT[SP FROM TRAI" A                TRAIN A ONLY 1----------------------.-...et FIG. 7.5-1 FEEOWATER I SOL SYS o INOPERABLE INPUTS FROM FIG.7.5-3       TRAIN A CIA SYSTEM IMOPERABLE INPUTS FROM FIG. 7.5-4      TRAIN A CIB SYSTEM IMOPERABLE INPUTS kONTAINMEMT P8NEIRAT!OM SYSTEM INOPERABLE/ByPAss INDICATOR MOTES:

I SEE MOTES I AND 2 ON- FIG. 7.5- I. o

2. LOGIC FOR TRAIN i SHOWN LOGIC FOR TRAIN B SIMILAR.

FIGURE 7.5-14 BYPASSED AND INOPERABLE STATUS INDICATION- LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION MONITOR 'RESULTANT MONITOR MOTE I 2SWS't< P21 A(AO) YS280D(81D) BY PLANT SERVICE WATER PUMP COMPUTER SYSTEM INOPERABLE 2SWS ;1!;-MOV 102A( AO) SER. WTR.PUMP DISCH. MOT FULLY OPEN Y5282D{83D) 2SWS~MOVI02A(AO) FIG. 7.5-12 TO SER~. WTR. PUMP DISCH. 7.5-16 TH OL/BKR OPEN 7.5-28 2SWS'* P21 C(SO) Y528LlD( BSD) SERVICE WATER PUMP MOTE 5 INOPERABLE TRAIIt A SERVICE WATER SYSTEM INOPERABLE 2SWS -1.: MDV I02C 1(AO) SERV. WTR. PUMP DISCH. MOT FULLY OPEN r--=- __________ Y5286D{87D) _j 2SWS)CMOVI02CI(AO) TO SERV. WTR. PUMP DISCH. FIG. 7.5-3 2SWS*MOVI07A(AO) TH OL/ BKR. OPE II I 17 MMS HEADER ISOL. VV.* 1 ,IM_o_PE_RA_B_~------~ 2SW~MOV562 ( AO) II CHLOR. IMJ. VALVE FIG 7 5 3 2SWS*-MOB107C{BO) MOT FULLY CLOSED . * - NitS HEADER ISOL. vv. SAFETY SYSTEM TRAIN A I" ,l_NO_P_ER_A_BL_E______~ I ltOPERABLE TO 2S'IIM ~ MOVS62 (AD) TH OL/BKR OPEN L------~s:D(93~-l '--......L..~B 2SWMi-MOV565{AP) BY S&W 4--- --1> BY OTHERS CHLOR. INJ. VALVE NOT FULLY CLOSED 2SWM-*"MOV565( AP) TO TH OL/BKR OPEN A52900(910) MOTES: I

• BREAKER RACKED OUT, CONTROL SWITCH IM"PULL TO LOCKOUT\ OR, LOSS OF CONTROL POWER. SERVICE WATER SYSTEM/BYPASS INOPERABLE INDICATOR

2. TRAIN A BYPASS INDICATOR SHOWN, TRAIN B BYPASS INDICATOR SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B Ll. SEE NOTES I AND 2 B( BP) 2SWs*- MDV I07 B( AP) ON FIG. 7. 5-I. FIGURE 7. 5-15 2SWS* P2 i A(AO) 2SWS W::MOV I07A( AD) 2SWS~P21 2SWS*MOVI02A(AO) 2SWSlil:: MDV I07C( 80) 2SWS ~ MOV I02B( BP) 2SWS;tMOVI07D(BP) 5. BREAKER RACKED OUT, BYPASSED AND INOPERABLE STATUS 2SWSJ';: P21C (SO) 2SWS* P21C{SP) CONTROL SWITCH IN INDICATION-LOGIC DIAGRAM 2SWS~MOV I02C I(AD) 2SWS l!:. MDV I02C2{,BP) "PULL TO LOCKft, LOSS OF 2SWM*MDV563{ BP) BEAVER VALLEY POWER STATION-UNIT 2 2SWM'* MDV 562 (AD) CONTROL POWER OR P21A 2SWM~MOV265{AP) 2SWM ...MOV56Ll{ BO) BREAKER RACKED IN. Fl NAL SAFETY ANALYSIS REPORT

SOURCE CONDIT I ON CONTROL ACT ION MONITOR RESULTANT MON! TOR F!G. 7.5-15 TRAIN A SERVICE WATER SYSTEM t I NOPER ABLE

                                                                                                       - ___r---
                                                             ,-----~--~                   --------                          BY s&w 2CCP=I::;P21 A(AD)

PRJ COMP. COOL. PUMP MOTE I INOPERABLE Y5180D(810 2CCPl""P21 C( SO) PR I.. COMP.. COOL. PUMP MOTE 5 IMOPERABLE (ON BUS 2AE) 2CCP~OCVI00-2(AO)(AR Y05220(23D) TO MIK. FLOW RECIRC.VLV. TH OL/BKR OPEN TRAIN A

                                                                                                                                                               '-"--~        PR I . COMP .COOL .WTR .SYS }----1~---------t~

INOPERABLE I 1-----------i 2SWS~MOVI06A(AO) HOR.ISOL.VLV .TO HT. EXCH. Y5181+D(85D) I MOT FULLY OPEN _ _ _j FIG. 7.5-6 2CCP~OVI75-I(BO} NMS HEADER ISOL. VV. INOPERABLE SAFETY* SYSTEM TRAIN A INOP.. FIG. 7.5-2 2CCP~MOVI76-I(AO) '-----'~.B NNS HEADER ISOL. VV. INOPERABLE F!G. 7.5-2 2CCP f MDV I 18 ( ZO) NNS I SOL VALVE INOPERABLE FIG. 7.5-2 2CCP~MOV177-1 (BO) NNS HEADER ISOL VV. INOPERABLE FIG. 7. 5-2 2CCP*MOV 178-1 (AD) I NNS HEADER \SOL VV. L::_ _ _ INOPERABLE NOTES: I. BREAKER RACKED OUT, CONTROL SWITCH IN ~PULL TO LOCKOUT", OR, LOSS OF CONTROL POWER.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN 8 SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS: AS\ 880( 890)

TRAIN A TRAIN B 5.BREAKER RACKED OUT, CONTROL SWITCH IN nPULL TO LOCK", PRIMARY COMPONENT COOLING WATER SYSTEM INOPERABLE/BYPASS INDICATOR 2CCP._ P21 A(AO) 2CCP 1t"p21 8( BP) 2CCP~P21C(SO}-ON BUS 2AE 2CCP~P21C(SP-ON BUS 2DF LOSS OF CONTROL POWER, OR 2CCP* DCV I00-2{ AD) (AR) 2CCP~ DCV I00-1 ( BP) {BW) P21A BREAKER RACKED IN. 2SWS .. MDV I06A (AD) 2SWS W:MOV I068{ BP) FIGURE 7.5-16 2CCP*-MOY 175-1 (BO), 176-1 (AD) 2CC~ MOV 175-2( BP), 176-2{ AP) BYPASSED AND INOPERABLE STATUS ('8), 2CCff~8V 177-1 178-1 {AD) 2CCP.f MOVI77-2(BP), 178-2( AP1 ~+. ~~~PioTE v 11iNo ~~ bN FIG. r. s- 14~ccP MDV 119 ( ZP I. 120 tZP l INDICATION -LOGIC D \A GRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION ~OM ITOR RESULTANT MONITOR BY S&W .,.___ ~BY OTHERS 2CCP*~OVi2BA(AO) CLG WTR TO HT EXCH NOT FULLY OPEN Y52000 OlD) TRAIN A FUEL POOL CLG SYS INOPERABLE 2FNC*P21A (AO) TO FUEL POOL CLG PU~P TH OL / BKR OPEN Y5202D (030) Y5201tD (050 SAFffi TRAIN A SYSTEM TRAIN A

                                                                                                                                                                                                                  '---~I HOP *
                                                                                                    ..1.
                                                                                                                                                                                                                         ..1..

MOTES: FUEL POOL COOLING SYSTEM BYPASS/INOPERABLE INDICATOR I, LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

2. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN 8 2CCP*MOYl28A(AO) 2CCP*MOY128B (BP) 2FIIC* P2l A (AO) 2FNC*P21B (BP)

3. SEE MOTES I AND 2 OM FIG. 7.5-1.

FIGURE 7.5-17 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACT IOM MONITOR RESULTANT MOM I TOR A5216D(17D) Y52IOD(11D) TRAIN A SSPS TROUBLE SOLID STATE :PROTECT- 1--~111------i:::;l; ION SYS. INOPERABLE

                                                                                               +

52/BYA REACTOR TRIP BRKR. BYPASS CLOSED Y00260(27D) SSPS INOPERABLE/BYPASS INDICATOR BY S&W BY DlliERS NOTES: 1. LOGIC FOR TRAIN A BYPASS INDICATOR SHOWN, LOGIC FOR TRAIN B BYPASS INDICATOR SIMILAR.

2. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 52/BYA 52/BYB

3. SEE NOTES 1 AND 2 ON fiC. 7.5-1.

FIGURE 7.5-18 BYPASSED AND INOPERABLE STATUS INDICATION -LOGIC DIAGRAM BEAVER VALLEY POWER STATION -UNIT 2 FINAL SAFETY ANALYSIS REPORT

CONTROL ACTION liON ITOR RESULTANT MONITOR A5302D SAFETY SYSTEM TRll N A I NOP *

                                                                                                                                            .B CRT/sP
 ,____ _ _ _ ____; B A5303D SAFETY SYSTEM SYSTEM TRAIN 8 INOP.

I '--.....~.....,;~ PB TRAIN B I TRAIN B l SYSTEM I VITAL I NST, ElECTR ICAL>-------....,..:-=..::=;...._------------l:~ VITAl IMST, ELECT, SYS, llllPERABL.E

                                                                                                                                             -CRT /sP I

BY S&W ----t----- BY OTHERS VITAL INSTRUMENT ELECTRICAL SYSTEM BYPASS/INOPERABLE INDICATOR Morr: I. SEE MOTES I AKD 2 0M m. 7. 5-I, FIGURE 7.5-19 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 10 (97) SCRJRCE CONDITIOII COIITIOL ACTION RESULTANT MDIII TOR BY SloW BY OTHERS CONT. I ROCI4 NORMAL A/C UIIIT ISOL, DAMP NOTES: 1. REFER TO MOrtS I AND 2 ON fiC. 1.5-1. 2HYC 't<MOD205A( -0) 2. LOGIC FOR TR4IN A SHOWN, 206A(-O) AC BIR OPEN LOGIC FOR T~IN B SIMILAR.

3. ASSOC I ATED EQU I PMEIIT MARK NUMBERS TRAIN A TRAil B 2HYC* MOD205A( -0) , 206A( ..(1) 2HYC:llt MOD2058( -P) , 2068( -P) 2HYC. M00202l( ..0) 2HYC '*'MOD202B( -P) 2HYC)t REF2111A( -0) 2HYClt REF2111B( -P) 2HYC* CH222A*, 2HYC.CH2221 2HYC_. FN2~1A(-O) 2HYC!l-FII21111 B( -P) 2HYC* MOD20 14( -0) 2HVC l-M00201 B( ..P) 2HYC .. M0020if4( -0) 2HYC.-MOD20111( -P) 2HYC:tM00201C( ..0) 2HYCJ: MOD20 I D( -P) 2HVC I ACU20 I A( -0) 2HVC~ACU201B(..P)

COIITROL 10114 VENTI LAT I ON SYSTEM t - - - - - - 1 TRAIN A CONT. ROOM EMERG, FNt 211VC~ fii:NI A(..()) INOPERABU NCC ACB OPEN/CS IN 1---------------------..----~ LOCKOUT POSITION SAFm SYSTEM TRAil A YSSOIH) NOPERABLE CONT., ROOM OUTDOOR (900) "--........,~I AIR INTAKE DAMPER 2HCY~ MOD20 I A( -0) MCC ACB OPEN ASSIOD CQIIT., ROOM EMERQ, (AS!i86D) MAKEUP FAN INTAKE DAMPER 2HYC fM002011A MCC ACB OPEN COIIT. I !lOOM OUT YSSOID AIR EXHAUST DAMPER (920) 1-----1 2HYC !1;: MOD20 IC( ..(1} MCC ACB OPEN COIIT. I ROOM AIR HANDLIIIQ UNIT 2HYC1rACU201A(-O)/MCC ACB OPEII.CS IN LOCK FIGURE 7.5-20 N Will A CONTROL ROOM BYPASSED AND TNOPERABLE STATUS VENTILATION ISOL, INDICATION- LOGIC 01 AG RAM BEAVER VALLEY POWER STATION- UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR BY S&W c:fa BY OTHERS CONT. BLDG, A/C UNIT SUP FAN 2HVC"'-FN266A/ MCC ACB OPEN/CS ~------------+--- ......-------+-?! IN LOCKOUT POSITION CONTROL BLDG, VENTILATION SYSTEM Y5511D TRAIN A (970) INOPERABLE PB TRAIN A CONTROL BLDG, VENT I LA Tl ON

                                                      "--------' ~               I I Y5513D I  (990)

I A5511lD (A5600D) NOTES: I. SEE NOTES 1 AND 2 ON m. 1.5-1.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 2HVC1: FN266A 2HVC~ FN266B 2HVC*. FN265A 2HVC ~FN265B FIGURE 7.5-21 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR SAFEGUARDS AREA BY S&W Df:o BY OTHERS PROCfSS CL.G 21f1RtACU207A

               !-------1         MCC ACB OPEN/

CS IN STOP POS. I I l IY5515D SAFEGUARDS AREA I(Y5601D) VENTILATION SYSTEM I 1-------+31 TRAIN A l INOPERABLE I I I PB TRAIN A I SAFEGUARDS AREA VENTILATION SAFETY SYSTEM TRAIN A INOPERABLE A 5517D (A5603D) NOTES: I. SEE NOTES I AND 2 OM m. 7.5*1,

2. LOGIC FOR TRAIN A SHOWM, LOGIC FOR TRAIN 8 SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TR IN TRAIN 8 2HVR .fACU207A 2HVR,f.ACU207B FIGURE 7.5-22 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOUIC£ COlt DITI Olt CONTROl ACTIOM RESULTAMT MONITOR CABLE VAULT &ROD Y5519D ""'"----' M' COMT AREA VENT CABLE VAULT & ROD (Y5605D) 1 - - - - - - - A I SYS TRAIN A AREA INLET/OUTLET DMPR INOPERABLE 1 - - - - - - - t 2HVRti<<<D26A{ -Q)27A( -Q) t---------------+-----...-------~ AC SUPPlY BKR OPEN PB TRAIN A CABLE VAULT &ROD SAFETY SYSTEM COMT AREA VENT TRAIN A INOPERABLE A5522D(A5608D) MOTES: 1* SEE MOTES 1 AND 2 Olt fiC. 7.5-1.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN 8 SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRA I M A T:..:.:RA:.:..I:..:.:M~B;..__ _ _ _ __ 2SWU~ MDVI ~A{ -o) 2SWS\l MOVl ~8( -P) 2HVR l{.ACU203A( -o) 2HYR* ACU208B( -P) 2HVRt M0026A( -o) 27A( -o) 2HYR* MOD26B( -P)27B( -P) FIGURE 7.5-23 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT ~ON I TOR LEAK COLL 1 FI LTER EXH FAN 2HVS~FN20~A( BY S&W cts BY OTHERS

                                                 -)1-------------+----..-------t=::f                              NOTES:   I. SEE NOTES    I  AND 2 ON FIG. 7.5*1, SWGR DC BKR OPEN/BKR ITHDRAWH /CS IN L. 0,                                                                                2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR,

3. ASSOCIATED EQUIPMENT MARK ~UMBERS:

LEAK COLL 1 FI LTEll Y5523D '-----' Sf TRAIN A TRAIN B EXH FAN VORTEX DAMPER t--------------i---(_Y_56..,.0~-"9D_J_ _ _ _t?t 2HVS '( FN20~A( -0) 2HYS4. FN20~( -P) 2HVS~MOD21 ~A( -0) 2HVSJt;:MOD21 ~B( -P) 2HVS l< MOD21 ~A ( -0) AC CONT. BKR. OPEN 2HVS It- MOD201 B( -P)202B( -P) 2HVS tF. MOD201 A{ -0 )202A{ -0) 2HVS ~ MOD203A( -0) 218A ( -0) 2HVS~MOD203B(-P)218B(-P} 2HVS *-MOD211A( -0)210A( -0) 2HVS ~ MOD211 B( -P) 210B( -P) Y552~D '----~ SP 2HVS lNOD213A( -0) 212A( -0) 2HVS "'MOD213B( -P )212B( -P) (Y5610D) 2HVS *CH2 I 9A( -0) 2HVS*' CH219B( -P) 2HVP ~MOD30A ( -0) 2HVP'.tMOD30B( -P) Y55250 SP (Y56J ID) Y5526D ~ SU PPLEMEMTARY (Y5612D) LEAK COLLECT I ON SYS1 TRAIN A INOPERABLE CRT/SP Y5527D ~ LEAK COLL FLTR EXH. (Y5613D)

     ...,___--'-' ISOL IM'RS 2HV8-':!\MJD212A( ~)

2HVS~J400213A( -0) t------------__,1-------4~---*-+31 AC CONT BKR OPEN SAFETY SYSTEM TRAIN A INOPERABLE LEAK COLL SYSTEM Y5528D if B. HTR 2HVS~ CH219A( -0)

     .,___---t     ~GR BKII WITHDRAWN/

{Y561~) DC BKR OPEN/CS IN L10. LEAK COLLECT I ON Y5529D BA LANC I NG DAMPER (Y56150) 2HVP 'tMOD30A( -0) AC CONT. BKR. OPEN PB TRAIN A SUPPLEMENTARY LEAK COLLECTION A5532D {A5618D) FIGURE 7.5-24 BYPASSED AND INOPERABLE STATIJS INDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 Fl N AL SAFETY ANALYStS REPORT

RESULTANT MONITOR SOURCE CONDITION CONTROL ACTION BY ~ BY S&W --i'f"~..,_- OTHERS Y5533D (Y5619D)

                                                                                                             '-----~~

AUX BLDG EMERG EXHAUST FAN 2HVP~FH26~A(AO) MCC ACB OPEN Y553~D (Y5620D)

                                                                                                             "---_. H AUX BLDG fLT. EIH.                                                                                               AUX BLDG BYPASS ISOL DAMPER                                                                                               VENTILATION SYS 2HVP*Moil 2U (-OJ                                                                                     '------911 TRAIN A AC COIIT. BKR. 0PEN                                                                    Y5535D                   INOPERABLE                                  CRT/SP (Y5621D)
                                                                                                                      ~

Y5536D (Y5622D) u SAFETY SYSTBt TRAIN A IIOPERAILE I I A5537D {A5623D) NOTES: I

• SEE NOTES I AND 2 ON FIG. 1.5 -1.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

IRA IN A TRAI N B 2HVPt NOD22A{ ~) 2~A( ~) 2HVP MOD2 2B( -P) 2~B( -P) 2HYP-.1: M0021A( -o) 2HYP{ FN26~A(AO)

• 2HVP*NOD21 B( -P) 2HYP FN26~B( BP) FIGURE 7.5-25 BYPASSED AND INOPERABLE STATUS INDICATION -LOGIC DIAGRAM BEAVER VALLEY POWER STATION -UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDITION CONTROL ACTION RESULTANT MONITOR BY ~ BY S&W -+lL>J<l!IW=+- OTHERS ENERG SWGR AREA SUP I FAN 2HVZ~FN261A SWGR DC BKR OPEN/CS IN r---------------------------~------------~r---------------~~ LOCKOUT POSITION Y5538D (Y5621W) L--..lSf EMERG SWGR AREA EXH FAN 2HVZ*FN262A SWGR DC BKR OPEN/CS IN LOCKOUT POSITION Y55390 {Y5625D)

                                                                                                                                 '---~Sf                        EMERG SWGR ENERG S,.SR AREA AREA VENT SYS DAMPERS 2HYZ M0021 A, t----------------------------1----------~--------------~

• 22A ,l23A, AC SUP

                                                                                                                                                    ..,___-F;ai TRA IN A Y55LIOD                INOPERABLE                                   CRT/SP BKR OPEN

{Y56260)

                                                                                                                                 ~___~u Y55~1D (Y5627D}

PB TRAIN A ~ EMERG SWGR AREA VENTILATION SAFETY SYSTEM TRAIN A INOPERABLE NOTES: A55~2D {A5628D) '---.L.U ~ I, SEE NOTES I AND 2 ON m. 1. 5*1.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR,

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 2HYZ *FN261 A( -0) 2HVZ fFN261B( -P) 2HVZtFN262A( -o) 2HVZ *FN262B( -P) 2HVU. MOD21 A( -o )22A( -0 )23A( -0) 2HVZ tMOD21 B{ -P) 22B( -P) 23B{ -P) itiGURE 75-26 i

                                                                                                                                                                                     ~YPASSED AND INOPERABLE STATUS I:NDICATION- LOGIC DIAGRAM E!IEAVER VALLEY POWER STATION -UN IT 2 FINAL SAFETY ANALYSIS REPORT

RESUll.liiT 140111 TOI SOUilCE CONDITION COilTROl ACT! ON BY BY S&W DfEJ OTHERS BAITERY RN EXH I FAll 2HVZ~FII216A(AO) MCC ACB OPEII/COIIT t----------------f-----+------~ SW Ill lOCKOUT POS Y55~30 {Y5629D) BAITERY ROOM VENTI UTI OM SYS Y55~~D J...-----1~ TRA I M A {Y5630D) INOPERABLE CRT/SP t---..)~ PB TRAIN A BATTERY ROOM VENT llA Tl ON SAFETY SYSTEM TRAIN A INOPERABLE A55~5D {A5631D) NOTES:

i. SEE NOTES I AND 2 011 m. 7.5-I.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN B TRAIN A 2HVZ FM216A( AO) 2HVZ-.1I,FM216B{BP) FIGURE 7.5-27 BYPASSED AND INOPERABLE STATUS INDICATION-LOGIC DIAGRAM

                                                                                                                                                          .BEAVER VALLEY POWER STAT I ON-UNIT 2
                                                                                                                                                          'FINAL SAFETY ANALYSIS REPORT

SOURCE CONDIT ION CONTROl ACT ION RESULTANJ MONITOR FIG. 7.5-15 TRAIN A SERVICE WATER SYSTEM

""::::INO=P=ER=A=Bl=E=-:::-=:::::...__ _ _r- _

BY-~ BY S&W OTHERS

                               ~KV BUS 2AE SUPPLY ACB 2E7 -'DC CONTROL BKR OPEN                                                                    Y5555D (Y561l2D)
                                                                                                        <---J~

EMERG DIESEL GEM 2-1 ACB 2EIO - DC CONTROL BKR OPEN/ Y5556D CONT SW LOCKED OUT (Y561l3D) L---l~ qKV EMERG BUS 2AE UNDERYOLTAGE CKT TEST SW OPEN /DC Y5557D CONT BKR OPEN ( Y561lllD)

                                                                                                        '---....:I .Sf DG AUTO LOAD                                                                                              DIESEL SEQ CKT /DC CONT                                                                                          GENERATOR 1-----t~ TRAIN A BKR OPEM/CS IN                                                                      Y5558D                                                          CRT /SP LOCKOUT POS                                                                          (vssqso)             INOPERABLE L....--~    Sf DG ELEC PROT RELAY CKT /DC CONTROL BKR OPEN                                                                             Y5559D (Y561l6D)
                                                                                                        '---....:1  u DG START/SHUTDOWN AND AUX CKTS FUSE WITHDRAWN                                                                             Y5560D (Y561l7D)

SAFETY SYSTEM L--~ Sf TRAIN A INOPERABLE A5562D (A56q9D) NOTES: I, SEE NOTES I AND 2 ON FIG. 7.5-1,

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN 8 FIGURE 7.5-28 ACB2E7 ACB2F7 BYPASSED AND INOPERABLE STATUS ACB2EIO ACB2FIO INDICATION -LOGIC DIAGRAM BUS2AE BUS2DF BEAVER VALLEY POWER STATION -UNIT 2 DIESEL GENERATOR 2-1 DIESEL GENERATOR 2-2 FINAL SAFETY ANALYSIS REPORT

REV. 8 COIID Ill OJI RESULTANT MONITOR SOURCE A5673D (A56'1 D) PI TRAIN A Y551J6D Dl ESEL GENERATOR (Y5632D) DIESEl GEJI SUPPlY FAN 2HV~FM270l SUPPORT SYSTEMS R MCC ACB OPEN/CS Y55~7D IN OFF NORM (Y5633D)

                                                                      ~-->

Sl DIESEL GEM BLDG D~PER2HV~Mmn1A, ~---------------------------+----.-------------------~ 22l, 23l 120VAC Y55~D SUPPlY BKR OPEN {Y5631W) DG COOL WTR SUPPLY L.---....)R 2SW~MOVI13l(l0), MCC SUP ACB OP Elt Y55~D (Y5635D)

                                                                      .....__.... Sl DG JACKET WTR                                                                                                     DIESEl GEM WARM pP 2EGS P23A/                                                                                                SUPPORT SYS HTR 2EG~E23A MCC                                                                         J---------~;~            TRAIN A ACB OPEN/CS IJI Off                                                          Y5550D                               IIIOPERABLE (Y5636D)
                                                                      '--~Sl DG START AIR COMPR 2EGA.C21 A, C22A,IOT MCC ACB OPEN OR BOTH 1------------------------+-------------------....at                        NOTES:

Y5551D CS IN OFF IIORM I. SEE JIOTES I AND 2 011 FIG. 7.5-1. (Y5637D)

2. LOGIC FOR TRAIN A SHOWN,

                                                                      ..___.... R                          LOGIC FOR TRAIN B SIMILAR.

3, ASSOCIATED EQUIPMENT MARK NUMBERS: I Y5552D TRAIJI A TRAIN B (Y5638D) 2HV~FJI270A(-D) 2HV~FN270B(-P) 2HVD~MOD21A(-0)22A(-0}23l(-O) 2HVDJtMOD21B(-P)22B(-P)23B(-P)

                                                                      ~-_.R                                2swHtMOV 113l(AO),                      2SIS I MOV 1130 I BPI 2EGS;k P23A        2EGS.E23A            2EGSlltP23B        2EGS:f.E23B 2EGA.1Jt C21 A     2EGA. C22A           2EGd( C21A         2E&A 1'- C22B 2EGD.-P2~A         2EG~E2~A             2EGOJilrP2~        2EGO+E2118 2E~ P23A                                2EGO._ P23B 2EDG-tP21A                              2Eo&*-P211 CRANKCASE YAC PP 2EDG'IIcP21A MCC ACB OPEN/CS Y555140
                                                            +

IN OFF NORM { Y56110D) I '---~ R BY SlW BY OTHERS FIGURE 7.5-29 BYPASSED AND INOPERABLE STATUS INDICATION- LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT

CONDITION CONTROL ACTION RESULTANT MONITOR SOURCE ACB2EIO DIESEL GEN. 2-1 ACB

                                                                                -+

INOPERABLE NOTE ~ BY BY S&W OTHERS

                                                                                                                        ~160V El!tERG Y5557D                       ELEC SYS (Y56~1W)          t-------1~ TRA llf A INOPERABLE
                                                                                      '---~Sf Y5561W (Y56510)

SAFETY SYSTEN TRAIN A INOPERABLE A5565D { A5652D}

                                                                                                                                                                         ~...,,...J._...)§ MOTES:

I, SEE NOTES I AND 2 ON FIG. 7. 5-1,

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR,

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B BUS 2AE BUS 2DF ACB 2EIO ACB 2FIO ~. LOSS OF BREAKER CONTROL POWER, CONTROL SWITCH IN "PULL TO LOCKOUT", OR BREAKER RACKED OUT, fiGURE 7.5-30 9YPASSED AND INOPERABLE STATUS INDICA TJON- LOGIC DIAGRAM

                                                                                                                                                $EAVER VALLEY POWER STATION-UNIT 2
                                                                                                                                                ~INAL SAFETY ANALYSIS REPORT

RESULTANT MONITOR CONDITION CONTROl ACT ION SOURCE IWJY EMEJIG SUB-BY S&W ~ BY OTHERS STA 2-1 FDR ACB/ DC COMTROL BlR OPU Y5573D (Y5660D) 1180Y EMERG SUI- Sl STA 2-8 SUPPLY ACB/ DC CONTROL BlR Y557'1) OPU (Y5661D}

                                                                                              &e IIIOY EMERG SUB-STA                                            &..--~

2-8 UNDERYOLTAGE Cll DC CONT BKR OPEM/TEST SW OPEN OPEUT I NG CMNT AIR RECIRC FAN ACB/ DC CONTROLBO 60

                                              ~----------------~----------~--------Y~S~~~~------------------~

OPal (Y5663D} R ANY CRDM SHROUD FAN ACB/DC II-80Y OORG ELEC J--------911 SYSTEM tRAIN A CONTROL BKR OPEM/ yssno I NOPERA8LE INPUTS CS 11 lOClOUT (Y566~) R EMERG MCC* 2-EO I FOR ACB/DC COMT BlR OPEN Y5578D {Y56650) EMERG MCC.ft. 2-EOS '--~n FOR ACB/DC COMT BKR OPEN Y5579D {Y56660)

                                                                                                ~

EMERG MCC* 2-EOS FOR ACB/OC COIIT BKR OPEII Y5580D (Y5667D) Sf EMERG MCC~ 2-E07 FOR ACB/DC CONT BKR OPEH Y5581D (Y5668D)

                                                                                                 ~

FIGURE 7.5-31 NOTES: I, SEE NOTES OM FIG.7.5-32. ~YPASSED AND INOPERABLE STATUS

                                                                                                                                    ~INDICATION- LOGIC DIAGRAM
                                                                                                                                    'BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONDIT! ON CONTROL ACTION RESULTANT MONITOR BY S&W ora BY OTHERS MOTES: I I lo SEE MOTES I AMOI 2OM fl,. 7.5-1, EMERG MCCM 2-E09 - FOR ACB/DC CONT 2. LOGIC FOR TRAIN A SHOWM, BKR OPEN LOGIC FOR TRAIN B SIMILAR. Y5566D 3. ASSOCIATED EQUIPMENT MARK NliiBERS: (Y5651W) TRAIN A TRAIN 8 EMERG MCC 2-E II FOR ACB/DC CONT Sl MCCI2-E09 MCC# 2-EII MCC~2-EIO MCC*2-EI2 Meet 2-E13 MCC" 2-EI ~ BKR OPEN 2RCp-J" H2A(ZO) 2RCP-* H28{ZP) Y5567D {Y5655D) 2RCfll- H2D{ZO) 2RCP#< H2E{ZP) SUBSTATION 2-8 SUBSTATION 2-9 MCC:t 2-EDI MCC*2-E02 s..e MCC*2-E03 MCC-J- 2-EOIJ EMERG MCC* 2-Et3 FOR ACB/DC CONT MCC:!f 2-E05 MCC.,J_ 2-E06 BKR OPEN MCC:*2-E07 MCC;lt 2-EOS Y5568D {Y5656D) _j s..e LI80V EMERG ELEC LI80V EMERGENCY ELEC SYSTEM SYSTEM TRAIN A t--------1~ TRAIN A m.r.5-31 INOPERABLE INPUTS CRT/SP INOPERABLE PRESSURIZER HTR 2RCP:l H2A(ZO) ACB/ DC CONT BKR OPEN Y5569D { Y5657D) L---Ju PRESSURIZER itTR 2RCP :f- H2D(ZO) ACB/ SAFETY SYSTEM DC COHT BKR OPEN TRAIN A INOPERABLE PB TRAIN'A LI80V EMERGENCY ELECTRICAL l A5572D (A5659D) Fl GURE 7.5-32 BYPASSED AND INOPERABLE STATUS rNDICATION- LOGIC DIAGRAM BEAVER VALLEY POWER STATION -UN IT 2 FINAL SAFETY ANALYSIS REPORT

COIITROL ACTIOII RESULTANT MOliTOR SOURCE COIIDITIOII BY BY S&W OTHERS A5583 DU5670D l SAFETY SYSTEM TRAIN A INOPERABLE I PB TRAIN A 125VDC EMERGENCY ELECTRICAL 125VDC EMERG ELEC SYS

                                                                                                       ~-Bt TRAIN A INOPERABLE an* 2-1 INOPERABLE y55830 NOTE3                                            (Y5670DJ
                                                                                '---~  SP IIOTES:

1, SEE NOTES I AIIO 2 ON FIU.5-I.

2. LOGIC FOR TRAIN A SHOWN, LOGIC FOR TRAIN B SIMILAR.

3. OUTPUT IS PRESEU JHENEVER BREAKER IS TRI PPEO OR RACKED 011 T.

4. ASSOC. EQUIP. IIARI NUMBERS:

TRAil A TRAI I BAH 2-1 BA112-2 FIGURE 7. 5-33 BYPASSED AND INOPERABLE STATUS

                                                                                                                             'NDICATION-LOGIC DIAGRAM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SOURCE CONI> IT ION CONTROL ACTION RESutTANT MONIJ_OR BY BY S&W OTHERS SAFETY SYSTEM A567~0 (A56750) TRAI M A INOPERABLE I I PB TRAIN A INTAKE STRUCTURE VENTILATION § Y55B~O (Y56710) INTAKE STRUCTURE VENT SYS 1--~TRAIN A CRT /SP INOPERABLE INTAKE STRUCTURE SUP FAN 2HVW* FN257A AND CIMCCfl.CB OPEN .,_-----------------+----...----Y~S-::-58-:-:5:-0----t;:;l (Y5672D) MOTES: I

• SEE NOTES IAND 2 OM m. 1.5-1.

2. LOGIC FOR TRAIN A SHOWM, LOGIC FOR TRAIN B SIMILAR.

3. ASSOCIATED EQUIPMENT MARK NUMBERS:

TRAIN A TRAIN B 2HVW* FM257A(-D},CI(-G)

• 2HVW FN257B( -P) ,C2( -G)

FIGURE 7.5-34 BYPASSED AND INOPERABLE STATUS NDICATION- LOGIC Dl AGRAM BEAVER VALLEY POWER STATION-UNIT 2

                                                                                                                                                        *;FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 16 7.6 ALL OTHER SYSTEMS REQUIRED FOR SAFETY 7.6.1 Instrumentation and Control Power Supply System 7.6.1.1 Description The following is a description of the instrumentation and control power supply system:

1. Figure 7.6-1 gives a single line diagram of the instrumentation and control power supply system.

2. There are four inverters and their associated distribution panels. Each inverter is connected independently to one or more distribution panels.

3. The inverters provide a source of 118 V 60 Hz power for the operation of the nuclear steam supply system instrumentation.

This power is derived from the 480 V ac, three-phase, 60 Hz distribution system (preferred power supply), or the station batteries, which assure continued operation of instrumentation systems in the event of a station blackout.

4. Each of the four sets of distribution panels may be connected to a backup source of 120 V ac power. The tie is through a local electrically-operated manual bypass switch, which is mechanically interlocked with the breaker connecting the inverter to the distribution panel such that the distribution panels cannot be connected to both sources simultaneously.

7.6.1.2 Analysis There are two independent 480 V ac power sources, each serving two inverters. Loss of either 480 V ac power source affects only two of the four inverters. There are four independent batteries. Each of the batteries are supplied with independent battery chargers. Since not more than two inverters are connected to the same bus, a loss of a single bus can only affect two of the four inverters. Each inverter is independently connected to its respective vital bus distribution panels so that loss of an inverter cannot affect more than one of the four sets of vital bus distribution panels. 7.6-1

BVPS-2 UFSAR Rev. 10 Each of the four sets of vital bus distribution panels is connected to a backup 120 V ac power source. Each panel can receive power from the 120 V ac backup source under administrative control. The manual bypass switch is interlocked to prevent paralleling of the inverters with the backup source. No single failure in the instrument and control power supply system or its associated power supplies can cause a loss of power to more than one redundant load. The inverters are designed to maintain their outputs within acceptable limits. The loss of the ac or dc inputs is alarmed in the main control room, as is the loss of an inverter output. There are no inverter breaker controls on the control board, as no manual transfers are necessary in the event of loss of the 480 V ac preferred power source. Physical separation and provisions to protect against fire are discussed in Chapter 8. The criteria applicable to the instrumentation and controls power supply system are based on the scope definitions presented in the Institute of Electrical and Electronics Engineers (IEEE) Standard 308-1974. The design is in compliance with IEEE Standard 308-1974 and Regulatory Guide 1.6. Availability of this system is continuously indicated by the operational status of the systems it serves (Figure 7.6-1) and is verified by periodic testing performed on the served systems. The inverters are seismically qualified in accordance with the qualification program described in Section 3.10. 7.6.2 Residual Heat Removal Isolation Valves 7.6.2.1 Description The residual heat removal (RHR) system isolation valves are normally closed and are only opened for RHR after system pressure is reduced to approximately 360 psig and system temperature has been reduced to approximately 350°F. They are the same type of valve and motor operator as those used for accumulator isolation, but they differ in their controls and in their indications in the following respect: The RHR valves are provided with control switches that have red (open) and green (closed) position indicating lights located on the main control board and emergency shutdown panel (ESP). These lights are powered by valve control power and actuated by valve motor operator limit switches. There are two motor-operated valves (MOVs) in series in each of the two RHR pump suction lines from the reactor coolant system (RCS) hot legs, and one MOV in each of the two RHR discharge lines. The two valves nearest the RCS (702A&B) are designated as the inner isolation 7.6-2

BVPS-2 UFSAR Rev. 12 valves, while the two valves nearest the RHR pumps (701A&B) are designated as the outer isolation valves. The valves in the discharge line are designated 720A&B. The interlock functions, provided for the outer isolation valves and discharge valve 720A shown on Figure 7.6-2, are identical (though derived from a diverse transmitter) to those provided for the inner isolation valves and discharge valve 720B shown on Figure 7.6-3. Each valve is interlocked so that it cannot be opened unless the RCS pressure is below approximately 360 psig. This interlock prevents the valve from being opened when the RCS pressure plus the RHR pump pressure would be above the RHR system design pressure. A second pressure interlock is provided to close the valve automatically if the RCS pressure subsequently increases to above approximately 700 psig. The pressure functions shown on Figure 7.6-3 are derived from a pressure transmitter designated PT441, which is supplied from a different vendor than the transmitter designated PT440 from which the pressure functions shown on Figure 7.6-2 are derived. This is the method used to achieve diversity. The autoclosure interlock may be manually defeated during normal RHR operation to prevent inadvertent RHR isolation valve closure. All four MOVs in the RHR suction lines are powered from Class lE power sources. Two of the four MOVs (one in each suction line) are powered from two separate Class lE power sources. This redundancy assures that the suction line to the RHR pump can be isolated when RCS pressure is above the preset value. In order to ensure that an RHR pump is available when required and one of the redundant power sources is not available, provisions are made to transfer power to the other Class lE redundant power source. This will allow opening of the two series valves in one of the RHR pump suction lines. Interlocks are provided to prevent paralleling of the two Class lE power sources. 7.6.2.2 Analysis Based on the scope definitions presented in the IEEE Standards 279-1971 and 308-1974, these criteria do not apply to the RHR isolation valve interlocks. However, in order to meet the U.S. Nuclear Regulatory Commission (USNRC) requirements and because of the possible severity of the consequences of loss of function, the following requirements of IEEE Standard 279-1971 apply to this circuit:

1. For the purpose of applying IEEE Standard 279-1971 to this circuit, the following-definitions will be used:

a. Protection system The two valves in series in each 1ine and al1 components of their interlocking and closure circuits.

7.6-3

BVPS-2 UFSAR Rev. 0

b. Protective action The automatic initiation and maintenance of RHR system isolation from the RCS pressures above the preset value.

2. Paragraph 4.10 of IEEE Standard 279-1971: The preceding pressure interlock signals and logic will be tested on-line to the maximum extent possible without adversely affecting safety. This test will include the analog signal through to the output relay (which provides the final output signal to the valve control circuit) by observing that the armature of the output relay has changed state. (Test does not include provisions available from safeguard test cabinet.) This is done in the best interests of safety since an actual actuation (opening) of the valve could potentially leave only one remaining valve to isolate the low pressure RHR system from the RCS.

3. Paragraph 4.15 of IEEE Standard 279-1971: This requirement does not apply, as the set points are independent of the mode of the operation and are not changed.

Environmental qualification of the valves and wiring is discussed in Section 3.11. 7.6.3 Refueling Interlocks Electrical interlocks (limit switches), as discussed in Section 9.1.3, are provided for minimizing the possibility of damage to the fuel during fuel handling operations. 7.6.4 Accumulator Motor-Operated Valves The design of the interconnecting of these signals to the accumulator isolation valve meets the following criteria established in previous USNRC positions on this matter:

1. Automatic opening of the accumulator valves when, a) the primary coolant system pressure exceeds a preselected value (to be specified in the Technical Specifications), or b) a safety injection (SI) signal has been initiated. Both signals shall be provided to the valves.

2. Utilization of an SI signal to automatically remove (override) any bypass features that are provided to allow an isolation valve to be closed for short periods of time when the RCS is at pressure (in accordance with the provisions of the proposed Technical Specifications). As a result of the confirmatory SI signal, isolation of an accumulator with the reactor at pressure is acceptable.

7.6-4

BVPS-2 UFSAR Rev. 0 The control circuit for these valves is shown on Figure 7.6-4. The valves and control circuits are further discussed in Sections 6.3.2 and 6.3.5. The SI system accumulator discharge isolation MOVs are normally open valves which are controlled from the main control board and the ESP. These valves are interlocked such that:

1. They open automatically on receipt of an SI signal with the main control board switch in either the auto or close position.

2. They open automatically whenever the RCS pressure is above the SI unblock pressure (P-11) specified in the Technical Specifications only when the main control board switch is in the auto position.

3. They cannot be closed as long as an SI signal is present.

4. Power to valves is removed during normal plant operation to prevent inadvertent or spurious closure of the valves.

The three main control board and ESP control switches for these valves provide a spring return to auto from the open position and a maintain position in close. The maintain closed position is required to provide an administratively controlled manual block of the automatic opening of the valve at pressure above the SI unblock pressure (P-11]. The manual block or maintain closed position is required when performing periodic check valve leakage test when reactor is at pressure. The maximum permissible time that an accumulator valve can be closed when the reactor is at pressure is specified in the Technical Specifications. Administrative control is required to ensure that any accumulator valve, which has been closed at pressures above the SI unblock pressure, is returned to the auto position. Verification that the valve automatically returns to its normal full open position would also be required. During Beaver Valley Power Station - Unit 2 (BVPS-2) shutdown, the accumulator valves are in a closed position. To prevent an inadvertent opening of these valves during that period, the accumulator valve breakers should be opened or removed. Administrative control is again required to ensure that these valve breakers are closed during the prestart-up procedures. These normally open MOVs have alarms to indicate a malpositioning (with regard to their emergency core cooling system (ECCS) function during the injection phase). The alarms sound in the main control room. 7.6-5

BVPS-2 UFSAR Rev. 0 An alarm will sound for either accumulator isolation valve under the following conditions when the RCS pressure is above the SI unblocking pressure:

1. Valve stem limit switch indicates valve not open,

2. Valve motor operator limit switch indicates valve not open.

The alarms on this switch will repeat themselves at given intervals. 7.6.5 Switchover from Injection to Recirculation During the initial injection phase following an accident, the refueling water storage tank (RWST) is used to supply borated water to the ECCS pumps. The changeover from the injection to the recirculation mode is initiated automatically. Protection logic is provided to automatically open the low head safety injection (LHSI) recirculation supply isolation valves when the RWST water level reaches a predetermined extreme low level set point, in conjunction with the initiation of the SI engineered safety features actuation signals, and automatic switchover will be as follows:

1. The RWST 2/4 extreme low level coupled with a latched-in SI signal will automatically open valves 8811A/B (Figure 7.6-8, Sheets 1, 2, 3, 4, 5) connecting the recirculation pump discharge to the LHSI pump discharge lines. When valves 8811A/B are full open, the associated LHSI pump will be tripped (Figure 7.6-8, Sheet 3 shows pump tripping).

2. Similarly, the LHSI header cross-connect valves 8887A/B (Figure 7.6-8, Sheet 4) will be automatically closed and valves 8812A/B (Figure 7.6-8, Sheet 5) supplying the suction of the charging/safety injection system will be automatically opened provided 8811A/B are fully open.

In the event that a SI signal is generated, these interlocks provide for the retention of that signal by latching relays. The retention of this signal is required since the emergency procedures would instruct the operator to reset the safeguards actuation signal at a time significantly in advance of the RWST low level setpoint signal generation. The details of achieving cold leg recirculation following SI are given in Section 6.3.2 and Table 6.3-7. Figure 7.6-8, Sheet 2, shows the logic which is used to automatically open the sump valves. 7.6.6 Reactor Coolant System Loop Isolation Valve Interlocks Description The purpose of these interlocks is to ensure that an accidental start-up of an unborated and/or cold, isolated reactor coolant loop results only in a relatively slow reactivity insertion rate. 7.6-6

BVPS-2 UFSAR Rev. 12 The interlocks (refer to Figure 7.2-1, Sheet 16, for interlock logic functions) are required to perform a protective function. Therefore, there are:

1. A limit switch to indicate that a valve is fully open.

2. A limit switch to indicate that a valve is fully closed.

3. Two differential pressure switches in each line which bypasses a cold leg loop isolation valve. This is the line which contains the relief line isolation valve. It should be noted that flow through the relief line isolation valves indicates that: 1) the valves in the line are open, 2) the line is not blocked, and 3) the pump is running.

7.6.7 Interlocks for RCS Pressure Control During Low Temperature Operation The basic function of the RCS pressure control during low temperature operation is discussed in Section 5.2.2. This pressure control includes semi-automatic actuation logic for two (of the three) pressurizer power-operated relief valves (PORVs). The function of this actuation logic is to continuously monitor RCS temperature and pressure conditions, with actuation logic armed by operator action by means of an arm/block main control board switch which is placed in the block position when BVPS-2 is at operating pressure. The monitored system temperature signals are processed to generate the reference pressure limit, which is compared to the actual monitored RCS pressure. This comparison will provide an actuation signal to an actuation device which, if manually armed, will cause the PORV to automatically open, as necessary, to prevent pressure conditions from exceeding allowable limits. Refer to Figure 7.2-1, Sheets 17 and 18, for the diagrams showing the basic elements used to process the generating station variables for this low temperature RCS overpressurization preventive interlocks. Sheets 7.2-1, Sheets 17 and 18 are the functional diagrams for PORV and block valves 7.6-7

BVPS-2 UFSAR Rev. 0 overpressurization preventive interlocks. 7.2-1, Sheets 17 and 18 are the functional diagrams for PORV and block valves interlocks for the pressurizer pressure relief (PPR) system for Trains A and B. The generating station variables required for this interlock are channelized and train-assigned as indicated on Figure 7.2-1, Sheets 17 and 18. The wide range temperature signals are used as input to generate the reference pressure limit program considering BVPS-2's allowable pressure and temperature limits. This reference pressure is then compared to the actual RCS pressure monitored by the wide range pressure channel. The error signals derived from the difference between the reference pressure and the measured pressure will first annunciate a main control board alarm whenever the measured pressure approaches, within a predetermined amount, the reference pressure. On a further increase in measured pressure, the error signal will generate an annunciated actuation signal. Channel and train independence between protection sets, and between protection sets and between Trains A and B, is maintained from sensors to the PORVs. Upon receipt of the actuation signal, the actuation device will automatically cause the PORV to open. Upon sufficient RCS inventory letdown, the operating RCS pressure will decrease, clearing the actuation signal. Removal of this signal from the actuation device causes the PORV to close. 7.6.7.1 Analysis of Interlock The logic function and actuation signals shown on 7.2-1, Sheets 17 and 18 are processed in the elements of the protection system. For the criteria to which this system is designed, refer to Sections 7.2 and 7.3. The primary purpose of these interlocks is automatic transient mitigation. These interlocks do not perform a protective function but rather provide semi-automatic pressure control at low temperatures as a backup to the operator. However, to assure a well-engineered design and improved operability, the low instrumentation and control (I&C) portions of the interlocks for RCS pressure control during low temperature operation will satisfy applicable sections of USNRC Branch Technical Position RSB 5-2 that address I&C. 7.6.7.2 Pressurizer Pressure Relief System The interlocks described in Section 7.6.7, together with pressurizer pressure control shown on Figure 7.2-1, Sheet 11, and the interlocks for the pressurizer block valves A and B, shown on Figure 7.2-1, Sheets 17 and 18, are referred to as the PPR system. The PPR system provides the following: 7.6-8

BVPS-2 UFSAR Rev. 17

1. Capability for RCS overpressure mitigation during cold shutdown, heatup, and cooldown operations to minimize the potential for impairing reactor vessel integrity when operating at or near the vessel ductility limits and the system is manually armed.

2. Capability for RCS depressurization following Condition II, III, and IV events.

3. An interlock that, with the pressurizer PORVs and PORV block valves in auto control, closes the PORV block valves and prevents spurious signals from the PPR control system from inadvertently opening the PORVs when pressurizer pressure is low and the system in not manually armed.

7.6.7.3 Description of PPR System Interlock Interlocks for the PPR system control the opening and closing of the pressurizer PORVs and the PORV block valves. These interlocks provide the following functions:

1. Pressurizer pressure control,

2. RCS pressure control during low temperature operation, and

3. RCS pressure control to achieve and maintain a cold shutdown and to heat up using equipment that is required for safety.

The interlock functions that provide pressurizer pressure control are derived from process parameters as shown on Figure 7.2-1, Sheets 6 and

11. The interlock logic functions as well as process parameter inputs required for low temperature operation are shown on Figure 7.2-1, Sheet 17 and 18. The functions include those needed for the PORV block valves as well as the pressurizer PORVs to meet both interlock logic and manual operation requirements where manual operation is at the main control board.

7.6.7.4 Service Water System Isolation Valves to the Turbine Plant Component Cooling Water Heat Exchangers The service water system isolation valves to the turbine plant component cooling water heat exchangers (2SWS-MOV107A through D) perform the safety function of isolating the safety-related portion of the service water system from the nonsafety portion in the event of a CIA signal. This portion of the circuitry is designed to IEEE Standard 279-1971. Two service water system isolation valves (2SWS-MOV107A and D) also isolate the safety-related portion of the service water system from the nonsafety portion in the event of a service water low pressure signal. This portion of the circuit does not conform entirely to IEEE Standard 279-1971 in that the guidance of its Sections 4.10, 4.17, 4.19, and 4.20 are not met. Since this additional function (low pressure isolation) is not a signal "... that actuate(s) reactor trip ..." or a signal "... that, 7.6-8a

BVPS-2 UFSAR Rev. 12 in the event of a serious reactor accident, actuate (s) engineered safeguards such as containment isolation, conformance with IEEE Standard 279-1971 is not considered to be required. This portion of the circuit does, however, conform with IEEE Standard 279-1971 in areas other than those listed above. 7.6-8b

BVPS-2 UFSAR Rev. 10 REFER TO FIGURE 8.3-3 FIGURE 7.6-1 SINGLE LINE DIAGRAM OF INSlRUMENTATION AND CONlROL POWER SUPPLY SYSTEM BEAVER VALLEY POWER STATION UPDA1ED FINAL SAFETY ANALYSIS REPORT

MCB Closest to RH R Open Auto Close Spring Return To Auto From Both Sides RCS High Pressure* RCS High Pressure **

• Automatic Close Setpoint

 ** Prevent Open Setpoint Open Valve                        Close Valve 8701 A, 8701 B, 8702A, (Suction)  8701 A, 8701 B, 8702A, (Suction)
                                        & 8703A (Discharge)               & 8703A (Discharge)

Notes: Logic for Valves In Each Fluid System Train is Identical. Valves 8701 B and 8702A can be powered from either Train A or Train B. SWEC VALVE NO. G VALVE NO. 2RHS* MOV 781A 8781 A FIGURE 7.6-2 2RHS* MOV 7 18 87 18 2RHS* MOV 702A 8702A LOGIC 01 AGRAM FOR OUTER RHR 2RHS* M§V 7028 87028 2RHS* M V 728A SUCTION ISOLATION VALVE AND 2RHS* M V72 8 ~i8~~ DISCHARGE ISOLATION VALVE BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

MCB Closest to RHR Open Auto Close Spring Return To Auto From Both Sides RCS High Pressure* RCS High Pressure**

• Automatic Close Setpoint
  • Prevent 9pen Setpoint Open Valve Close Valve 8702A, 87028, 8701 B (Suction) 8702A, 87028, 8701 B (Suction)

                                     & 87038 (Discharge)             & 87038 (Discharge)

Notes: Logic for Valves in Each Fluid System Train is Identical. Valves 87018 and 8702A can be powered from either Train A or Train B. SWEC VALVE NO. 0 VALVE NO. 2RHS* MOV 701A 8701A FIGURE 7. 6-3 2RHS* MOV 7018 87018 2RHS* MOV 702A 8702A LOGIC DIAGRAM FOR INNER RHR 2RHS* M8V7028 87028 SUCTION ISOLATION VALVE AND 2RHS* M V 720A 8703A 2RHS* MOV 7208 87038 DISCHARGE ISOLATION VALVE BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

CONTROL BOARD SWITCH MAINTAIN CLOSE, SPRING RETURN FROM OPEN TO AUTO SAFETY INJECTION SYSTEM UNBLOCK PRESSURE OPEN AUTO CLOSE SIGNAL (FROM RCPS)* SAFETY INJECTION ...------SAFETY INJECTION SIGNAL SIGNAL AND

                                                *THIS INTERLOCK INDICATES THE METHOD OF APPLYING AUTOMATIC AND                 OPENING OF THE VALVE, WHENEVER THE RCS PRESSURE EXCEEDS A LIMIT.

THIS SIGNAL AUTOMATICALLY OCCURS AT RCS PRESSURES ABOVE THE Sl CLOSE UNBLOCK PRESSURE USED TO DERIVE P-11. ACCUMULATOR ISOLATION VALVE Fl GURE 7.6-4 FUNCTIONAL BLOCK DIAGRAM OF AC CU MULA TOR ISOLATION VALVE BEAVER VAL LEY POWER STATION-lMIT 2 FINAL SAFETY ANALYSIS REPORT

PRESSURIZER P!IESSURE C~ANNELS CONTROL CONTROL CDMPENSA TE 0 GROUP J GROUP 4 PRESSURIZER LOW PRESSURE 12:31 S~HT 1 OF FIG 7 2-11 0-t+- _....J'A0---+~ PAl A

                                                             ~           ..__ __ /7\  ALQK F~             PRES CONT;'iOL I                ~ STATION                            SYSTEM 1 RAIN B    TRAIN A                     I                 I I                 L -                 PRESSURE 1--------f                                               REFERENCE ISOLATION ISOLATION POWER RELIEF VALVE COLD                                                                               COLO               CONTROL MODE OVERPRESSURE                                                                       OVERPRESSURE          SELECTOR SWITC~

INTERLOCKS INTERLOCKS __j TRAIN ASSIGNED POWER RELIEF POWER REI.IEF POWER RELIEF TRAIN TRAIN VALVE VALVE VALVE 8 A PCV 455C PCV 456 PCV 4S5D NOTE 111 THESE LOGIC FUNCTIONS DEPICT TYPICAL DESIGN. PORV LOGIC FOR SAFETY GRADE FOR FINAL LOGIC FUNCTIONS. INCLUDING INTERFACE COLD SHUTDOWN WITH OTHER SYSTEMS AND COMPONENTS SUCH AS THE BLOCK VALVES. REFER TO FIG. 72-1 SHEETS 17& 18. FIGURE 7.6-7 FUNCTIONAL DIAGRAM FOR PORV INTERLOCKS FOR R C S PRESSURE CONTROL DURING LOW TEMPERATURE OPERATION BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

1---------------------------------------------------------------l I REV. 17 l I 1 LB: RWST WATER EXTREME LOW LEVEL CHANNEL BISTABLES l l l PROTECTION PROTECTION PROTECTION PROTECTION lI SET I SET II SET III SET IV 1 I I I I I I I I I I I I I I 2/4 / ' MCB 2/4 / ' I

                                 ~TB'.----                                                           ~   TB                       I I            SPRING TON RETURN --__,                         ' ., ... I I

I I I I I r--- _I r--- _I I I I I I I I I I I I I I I I II I I I I TRAIN A TRAIN B I AUTO ECCS SWITCHOVER SIGNAL AUTO ECCS SWITCHOVER SIGNAL I I I PROPOSED BY W I s SAFETY INJECTION SIGNAL II TB RACK MOUNTED TEST BUTTON TWO PlACES - OPERATING I EITHER SWITCH ALLOWS PARTIAL TRIP OF SEMI-AUTOMATIC II ECCS SWITCHOVER II FIGURE 7.6-8 (SH. 1 OF 5) II LOGICAL DIAGRAM FOR SWITCHOVER I FROM INJECTION TO RECIRCULATION I AUTO ECCS SIGNAL I I. BEAVER VALLEY POWER STATION - UNIT 2 I I UPDATED FINAL SAFElY ANALYSIS REPORT I lil4-NoV-200S10:27 - - - K:\;;-2\UFSAR\;:;-7060080.d-;;~ -~ PREPAAED ON,#'t.,/ CAEDDI II

    - - - - - - - - - - - - - - - "'- - - = - - -                                                  THE CNSU c~:::..:t.~~ SfST"EM L-----------------------------------------------------~------1

SPRING RETURN TO AUTO OPEN AUTO CLOSE MCB AUTO ECCS - - - - - - - SWITCHOVER SIGNAL (FIG. 7.6-8 SHT. 1) IMPLEMENTATION BY S/W OPEN CLOSE VALVE VALVE 881 1A(B) 8811A(B) FIGURE 7.6-8 (SH. 2 OF 5) LOGIC DIAGRAM FOR SWITCHOVER FROM INJECTION TO RECIRCULATION FOR RECIRCULATION SUPPLY VALVES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SPRING RETURN TO AUTO STOP AUTO START AUTO ECCS SWITCHOVER SIGNAL (FIG. 7.6-8 SHT. 1) SIS-MOV-8811A(B) FULL OPEN STOP LHSI START LHSI PUMP A(B) PUMP A(B) B BLACK SIGNAL IMPLEMENTATION BY S/W FIGURE 7.6-8(SH.3 OF 5) LOGIC DIAGRAM FOR SWITCHOVER FROM INJECTION TO RECIRCULATION FOR LOW HEAD SAFETY INJECTION PUMPS BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SPRING RETURN TO AUTO

                             -.......;~~     ...,___

CLOSE AUTO OPEN MCB AUTO ECCS SWITCHOVER SIGNAL (FIG. 7.6-8 SHT. 1) IMPLEMENTATION BY S/W CLOSE OPEN VALVE VALVE 8887A(B) 8887A(B) FIGURE 7.6 .. 8 (SH. 40F5) LOGIC DIAGRAM FOR SWITCHOVER FROM INJECTION TO RECIRCULATION FOR LHSI HEADER CROSS CONNECT VALVES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SPRING RETURN TO AUTO OPEN AUTO CLOSE MCB AUTO ECCS SWITCHOVER SIGNAL (FIG. 7.6-8 SHT. 1) SIS-MOV-881 1A(B) FULL OPEN IMPLEMENTATION BY S/W OPEN CLOSE VALVE VALVE 8812A(B) 8812A(B) Fl GURE 7. 6-8 (SH. 5 OF 5) LOGIC DIAGRAM FOR SWITCHOVER FROM INJECTION TO RECIRCULATION FOR CHARGING/51 SUPPLY VALVES BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

BVPS-2 UFSAR Rev. 16 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY The general design objectives of the Beaver Valley Power Station - Unit 2 (BVPS-2) control systems are:

1. To establish and maintain power equilibrium between primary and secondary system during steady state unit operation,

2. To constrain operational transients to preclude unit trip and reestablish steady-state unit operation, and

3. To provide the reactor operator with monitor instrumentation that indicates all required input and output control parameters of the systems.

4. To provide the operator the capability of assuming manual control of the system.

7.7.1 Description The BVPS-2 control systems described in this section perform the following functions:

1. Reactor control system

a. Enables the nuclear plant to accept a step load increase or decrease of 10-percent and a ramp increase or decrease of 5-percent/min within the load range of 15 to 100-percent without reactor trip, steam dump, or pressurizer relief actuation, subject to possible xenon limitations.

b. Maintains reactor coolant average temperature Tavg within prescribed limits by creating the bank demand signals for moving groups of rod cluster control assemblies (RCCAS) during normal operational transients. Automatic control rod insertion may be used for temperature (Tavg) control. However, rod withdrawal can only be performed manually due to the deletion of the automatic rod withdrawal capability. Manual control of rod operation may be performed at any time within the range of the defined insertion limits. The Tavg control also supplies a signal to pressurizer water level control and steam dump control.

2. Rod control system

a. Provides for reactor power modulation by manual or automatic control (automatic rod insertion only) of control rod banks in a preselected sequence and for manual operation of individual banks.

b. Systems for monitoring and indicating (1) Provide alarms to alert the operator if the required core reactivity shutdown margin is not available due to excessive control rod insertion.

7.7-1

BVPS-2 UFSAR Rev. 16 (2) Permit display control rod positioning. (3) Provide alarms to alert the operator in the event of control rod deviation exceeding a preset limit.

3. Control system interlocks

a. Prevent further withdrawal of the control banks when signal limits are approached that predict departure from nucleate boiling ratio (DNBR) limit or kw/ft limit.

b. Inhibit automatic turbine load change as required by the nuclear steam supply system.

4. Pressurizer pressure control Maintains or restores the pressurizer pressure to the design pressure (which is well within reactor trip and relief and safety valve actuation set point limits) following normal operational transients that induce pressure changes by control (manual or automatic) of heaters and spray in the pressurizer. Provides steam relief by controlling the pressurizer power-operated relief valves (PORVs).

5. Pressurizer water level control Establishes, maintains, and restores pressurizer water level within specified limits as a function of the average coolant temperature. Changes in water level are caused by coolant density changes induced by the change in Tavg as a function of load. Water level control is produced by charging flow control (manual or automatic), as well as by manual selection of letdown orifices. Maintaining coolant level in the pressurizer within prescribed limits provides for control of the reactor coolant water inventory.

6. Steam generator water level control

a. Establishes and maintains the steam generator water level to within predetermined limits during normal operating transients.

b. Restores the steam generator water level to within predetermined limits at unit trip conditions. Regulates the feedwater flow rate such that under operation transients the heat sink for the reactor coolant system (RCS) does not decrease below a minimum. Steam generator water inventory control is manual or automatic through the use of feedwater control valves.

7.7-2

BVPS-2 UFSAR Rev. 16

7. Steam dump control

a. Permits BVPS-2 to accept a sudden loss of load without incurring reactor trip. Steam is dumped to the condenser as necessary to accommodate excess power generation in the reactor during turbine load reduction transients.

b. Ensures that stored energy and residual heat are removed following a reactor trip to bring BVPS-2 to equilibrium no load conditions without actuation of the steam generator safety valves.

c. Maintains BVPS-2 at no load conditions and permits a manually controlled cooldown of the nuclear plant.

8. Incore instrumentation Provides information on the neutron flux distribution and on the core outlet temperatures at selected core locations.

7.7.1.1 Reactor Control System The reactor control system enables BVPS-2 to follow load changes including the acceptance of step load increases or decreases of 10 percent, and ramp increases or decreases of 5 percent/min within the load range of 15 to 100 percent without reactor trip, steam dump, or pressure relief (subject to possible xenon limitations). The system is also capable of restoring coo1ant average temperature to within the programmed temperature deadband following a change in load. Manual control rod operation may be performed at any time. The reactor control system controls the reactor coolant average temperature by regulation of control rod bank position. The reactor coolant loop average temperatures are determined from hot leg and cold leg measurements in each reactor coolant loop. There is an average coolant temperature (Tavg) computed for each loop, where: Thot ( avg ) + Tcold Tavg = (7.7-1) 2 The error between the programmed reference temperature (based on turbine first stage pressure) and the median of the Tavg measured temperatures (which is processed through a lead-lag compensation unit) from each of the reactor coolant loops constitutes the primary control signal, as shown in general on Figure 7.7-1 and in more detail on the functional diagram, Figure 7.2-1, Sheet 9. The system is capable of restoring coolant average temperature to the programmed value following a change in load. The programmed coolant temperature increases linearly with turbine load from zero power to the full power condition. The median Tavg signal is also supplied to the pressurizer level control, steam dump control, and rod insertion limit monitoring control system. 7.7-3

BVPS-2 UFSAR Rev. 15 The temperature inputs to the control systems are derived using the median signal selector. An additional control input signal is derived from the reactor power versus turbine load mismatch signal. This additional control input signal improves system performance by enhancing response and reducing transient peaks. 7.7.1.2 Rod Control System 7.7.1.2.1 Rod Control System The rod control system receives rod speed and direction signals from the Tavg control system. The rod speed demand signal varies over the corresponding range of 8 to 72 steps/min depending on the magnitude of the input signal. Automatic rod withdrawal capabilities have been disabled for enhanced reactivity management. Manual control is provided to move a control bank in or out at a prescribed fixed speed. Rods are withdrawn (or inserted) in a predetermined programmed sequence by the automatic programming equipment. The manual and automatic controls are further interlocked with the control interlocks (Table 7.7-1). The shutdown banks are always in the fully withdrawn position during normal operation, and are moved to this position at a constant speed by manual control prior to criticality. A reactor trip signal causes them to fall by gravity into the core. There are two shutdown banks. The control banks are the only rods that can be manipulated under automatic control. Each control bank is divided into two groups to obtain smaller incremental reactivity changes per step. All RCCAs in a group are electrically paralleled to move simultaneously. There is individual position indication for each RCCA. Power to rod drive mechanisms is supplied by two motor-generator sets operating from two separate 480 V three-phase buses. Each generator is the synchronous type and is driven by a 200 hp induction motor. The ac power is distributed to the rod control power cabinets through the two series-connected reactor trip breakers. 7.7-4

BVPS-2 UFSAR Rev. 16 The variable speed rod drive programmer affords the ability to insert small amounts of reactivity at low speed to accomplish fine control of reactor coolant average temperature about a small temperature deadband, as well as furnishing control at high speed. A summary of the RCCA sequencing characteristics is given as follows:

1. Two groups within the same bank are stepped such that the relative position of the groups will not differ by more than one step.

2. The control banks are programmed such that withdrawal of the banks is sequenced in the following order; control bank A, control bank B, control bank C, and control bank D. The programmed insertion sequence is the opposite of the withdrawal sequence, that is, the last control bank withdrawn (bank D) will be the first control bank inserted.

3. The control bank withdrawals are programmed such that when the first bank reaches a preset position, the second bank begins to move out simultaneously with the first bank. When the first bank reaches the top of the core, it stops, while the second bank continues to move toward its fully withdrawn position. When the second bank reaches a preset position, the third bank begins to move out, and so on. This withdrawal sequence continues until the unit reaches the desired power level. The control bank insertion sequence is the opposite of the withdrawal sequence.

4. Overlap between successive control banks is adjustable between 0 to 50-percent (0 to 115 steps), with an accuracy of

         +l step.

5. Rod speeds for either the shutdown banks or manual operation of the control banks are capable of being controlled between a minimum of 8 steps/min and a maximum of 72 steps/min (+0 steps/min, -10 steps/min).

7.7.1.2.2 Rod Control System Features Credible rod control equipment malfunctions which could potentially cause inadvertent positive reactivity insertions due to inadvertent rod withdrawal, incorrect overlap, or malpositioning of the rods are as listed:

1. Failures in the manual rod controls:

a. Rod motion control switch (in-hold-out)

b. Bank selector switch

2. Failures in the overlap and bank sequence program control:

7.7-5

BVPS-2 UFSAR Rev. 0

a. Logic cabinet systems

b. Power supply systems 7.7.1.2.2.1 Failures in the Manual Rod Controls The rod motion control switch is a three-position lever switch. The three positions are: in, hold, and out. These positions are effective when the bank selector switch is in manual. Failure of the rod motion control switch (contacts failing shorted or activated relay failures) would have the potential, in the worst case, to produce positive reactivity insertion by rod withdrawal when the bank selector switch is in the manual position or in a position which selects one of the banks.

When the bank selector switch is in the automatic position, the rods would obey the automatic commands and any failures in the rod motion control switch would have no effect on the rod motion regardless of whether the rod motion control switch is in the in, hold, or out position. In the case where the bank selector switch is selecting a bank and a failure occurs in the rod motion switch that would command the bank to move out even when the rod motion control switch was in an in or hold position, the selected bank could inadvertently withdraw. This failure is bounded in the safety analysis (Chapter 15) by the uncontrolled bank withdrawal subcritical and at power transients. A reactivity insertion of up to 75 pcm/sec is assumed in the analysis due to rod movement. This value of reactivity insertion rate is consistent with the withdrawal of two banks. A failure that can cause more than one group of four mechanisms to be moved at one time within a power cabinet is not a credible event, because the circuit arrangement for the moveable and lift coils would cause the current available to the mechanisms to divide equally between coils in the two groups (in a power supply). The drive mechanism is designed such that it will not operate on half-current. A second feature in this scenario would be the multiplexing failure detection circuit included in each power cabinet. This failure detection circuit would stop rod withdrawal (or insertion). The second case considered in the potential for inadvertent reactivity insertion due to possible failures is when the bank selector switch is in the manual position. Such a case could produce a failure in the rod motion control switch, a scenario where the rods could inadvertently withdraw in a programmed sequence. The overlap and bank sequence are programmed when the switch selection is in either automatic or manual. This scenario is also bounded by the reactivity values assumed in the accident analysis (Chapter 15). In this case, the operator can trip the reactor, or the protection system would trip the reactor via power range neutron flux-high or overtemperature T. 7.7-6

BVPS-2 UFSAR Rev. 0 7.7.1.2.2.2 Failure of the Bank Selector Switch A failure of the bank selector switch produces no consequences when the in-hold-out switch is in the hold position. This is due to the following design feature: The bank selector switch is series-wired with the in-hold-out lever switch for manual and individual control rod bank operation. With the in-hold-out lever switch in the hold position, the bank selector switch can be positioned without rod movement. 7.7.1.2.2.3 Failures in the Overlap and Bank Sequence Program Control The rod control system design prevents the movement of the groups out of sequence, as well as limiting the rate of reactivity insertion. The main feature that performs the function of preventing malpositioning produced by groups out of sequence is included in the block supervisory memory buffer and control. This circuitry accepts and stores the externally generated command signals. In the event of an out of sequence input command to the rods while they are in movement, this circuit will inhibit the buffer memory from accepting the command. If a change of signal command appears, this circuit would stop the system after allowing the slave cyclers to finish their current sequencing. Failure of the components related to this system will also produce insertion limit and rod deviation alarms (Sections 7.7.1.3.3 and 7.7.1.3.4, respectively). Failures within the system such as failures of supervisory logic cards, pulser cards, etc, will also cause an urgent alarm.

1. An urgent alarm will be followed by the following actions:

a. Automatic de-energizing of the lift coil and reduced current energizing of the stationary gripper coils and moveable gripper coils,

b. Activation of the alarm light, urgent failure, on the power supply cabinet front panel, and

c. Activation of rod control, urgent failure, annunciator window in the main control room.

2. The urgent alarm is produced in general by:

a. Regulation failure detector,

b. Phase failure detector,

c. Logic error detector,

d. Multiplexing error detector, and 7.7-7

BVPS-2 UFSAR Rev. 16

e. Interlock failure detector.

7.7.1.2.2.4 Logic Cabinet Failures The rod control system is designed to limit the rod speed control signal output to a value that will cause the pulser (logic cabinet) to drive the control rod driving mechanism at 72 steps/min. If a failure should occur in the pulses or the reactor control system, the highest stepping rate possible is 77 steps/min, which corresponds to one step every 780 ms. A commanded stepping rate higher than 77 steps/min would result in go pulses entering a slave cycler while it is sequencing its mechanisms through a 780 ms step. This condition stops the control bank motion automatically and alarms are activated locally and in the main control room. It also causes the affected slave cycler to reject further go pulses until it is reset. The positive reactivity insertion rates for failure modes are bounded by the Chapter 15 analysis assumptions. 7.7.1.2.2.5 Failures Causing Movement of the Rods Out of Sequence No single failure was discovered (Shopsky 1977) that would cause a rapid uncontrolled withdrawal of control bank D (taken as worst case) when operating in the automatic bank overlap control mode with the reactor at near full power output. The analysis revealed that many of the failures postulated were in a safe direction and that rod movement is blocked by the rod urgent alarm. 7.7.1.2.2.6 Power Supply System Failures Analysis of the power cabinet disclosed no single component failures that would cause the uncontrolled withdrawal of a group of rods serviced by the power cabinet. The analysis substantiates that the design of a power cabinet is fail-preferred in regards to a rod withdrawal accident if a component fails. The end results of the failure is either that of blocking rod movement or that of dropping an individual rod, or rods, or a group of rods. No failure with the power cabinet, which could cause erroneous drive mechanism operation, will remain undetected. Sufficient alarm monitoring (including an urgent alarm) is provided in the design of the power cabinet for fault detection of those failures which could cause erroneous operation of a group of mechanisms. As noted in the foregoing, diverse monitoring systems are available for detection of failures that cause the erroneous operation of an individual CRDM. 7.7-8

BVPS-2 UFSAR Rev. 16 7.7.1.2.2.7 Conclusion In summary, no single failure within the rod control system can cause either reactivity insertions or malpositioning of the control rods that would result in core thermal conditions not bounded by the analyses contained in Chapter 15. 7.7.1.3 Plant Control Signals for Monitoring and Indicating 7.7.1.3.1 Monitoring Functions Provided by Nuclear Instrumentation System The power range channels are important because of their use in monitoring power distribution in the core within specified safe limits. They are used to measure power level, axial power imbalance, and radial power imbalance. These channels are capable of recording overpower excursions up to 200-percent of full power. Suitable alarms are derived from these signals, as described in the following discussion. The basic power range signals are:

1. Current from each upper section ionization chamber for each of the four power range detectors,

2. Current from each lower section ionization chamber for each of the four power range detectors, and

3. Total current from each of the four power range detectors (sum of the currents from top upper and lower section ionization chambers for each of the four power range detectors).

Derived from these basic signals are the following:

1. Indicated nuclear power (four signals).

2. Lower radial flux tilt alarm (ratio of the maximum of the four lower ionization chamber currents to the average of the four lower ionization chamber currents).

3. Upper radial flux tilt alarm (ratio of the maximum of the four upper ionization chamber currents to the average of the four upper ionization chamber currents).

4. Average flux deviation alarm (ratio of the maximum channel power (total current for upper and lower sections to the minimum channel power of the four channels).

7.7-9

BVPS-2 UFSAR Rev. 15

5. Axial flux difference indication (I) (upper ionization chamber current minus the lower ionization chamber current for each detector).

6. Axial offset deviation alarms (ratio of the difference between the upper and lower ionization chamber currents for a detector to the sum of the upper and lower ionization chamber currents for that detector). This is done for each detector by the BVPS-2 computer.

Nuclear power and axial unbalance are selectable for recording. 7.7.1.3.2 Rod Position Monitoring of Control Rods Two separate systems are provided to sense and display control rod position as described below:

1. Digital Rod Position Indication System The digital rod position indication system measures the actual position of each control and shutdown rod using a detector which consists of discrete coils mounted concentrically over a hollow tube. The tube fits over the rod travel housing. The coils are located axially along the tube and magnetically sense the position of the rod drive shaft as it approaches the detector coil location. For each detector, the coils are interlaced into two data channels and are connected to the containment electronics (data A and B) by separate multiconductor cables. By employing two separate channels of information, the digital rod position indication system can continue to function (at reduced accuracy) when one channel fails. Multiplexing is used to transmit the digital position signals from the containment electronics to the control board display unit.

There are four banks of control rods and two banks of shutdown rods. Each bank contains eight rods. The rod positions for the control banks of rods are indicated by columns of light-emitting diodes (LEDs) that illuminate in discrete steps at six-step intervals throughout the range of travel of each control rod. Since the shutdown rods are normally either at the bottom or fully withdrawn, the rod positions for the shutdown banks of rods are indicated in discrete steps in six-step intervals, from rod bottom to 18 steps and from 210 steps to 228 steps (actual indication at rod bottom and rod top positions). A single LED for each shutdown rod illuminates when that particular rod is in an intermediate position between the 7.7-10

BVPS-2 UFSAR Rev. 12 two discrete positions discussed above. The accuracy of indication is +4 steps throughout the range of travel for each control rod, and from rod bottom to 18 steps and from 210 steps to 228 steps for each shutdown rod. Included in the system is a rod at bottom signal for each shutdown rod and control rod that operates a local alarm and activates a control room annunciator when the rod is at the bottom position.

2. Demand Position System The demand position system counts pulses generated in the rod drive control system to provide a digital readout of the demanded bank position.

The demand position and digital rod position indication systems are separate systems, but safety criteria were not involved in the separation, which was a result only of operational requirements. Operating procedures require the reactor operator to compare the demand and indicated (actual) readings from the rod position indication system to verify operation of the rod control system. 7.7.1.3.3 Control Bank Rod Insertion Monitoring When the reactor is critical, the normal indication of reactivity status in the core is the position of the control bank in relation to reactor power (as indicated by the RCS loop T) and coolant average temperature. These parameters are used to calculate insertion limits for the control banks. The purpose of the control bank rod insertion monitor is to give warning to the operator of excessive rod insertion. The insertion limit maintains sufficient core reactivity shutdown margin following reactor trip, provides a limit on the maximum inserted rod worth in the unlikely event of a hypothetical rod ejection, and limits rod insertion such that acceptable nuclear peaking factors are maintained. Since the amount of shutdown reactivity required for the design shutdown margin following a reactor trip increase with increasing power, the allowable rod insertion limits must be raised (the rods must be withdrawn further) with increasing power. Two parameters which are proportional to power are used as inputs to the insertion monitor. These are the T between the hot leg and the cold leg, which is a direct function of reactor power, and Tavg, which is programmed as a function of power. 7.7-11

BVPS-2 UFSAR Rev. 12 The rod insertion limit monitor is a feature that alerts the operator to a reduced shutdown reactivity condition. The value for E is chosen such that the low-low alarm would normally be actuated before the insertion limit is reached. The value for D is chosen to allow the operator to follow normal boration procedures. Figure 7.7-2 shows a block diagram representation of the control rod bank insertion monitor. The monitor is shown in more detail on the functional diagram, Figure 7.2-1, Sheet 9. In addition to the rod insertion monitor for the control banks, the BVPS-2 computer, which monitors individual rod positions, provides an alarm that is associated with the rod deviation alarm discussed in Section 7.7.1.3.4. This alarm is provided to warn the operator if any shutdown RCCA leaves the fully withdrawn position. Rod insertion limits are established by:

1. Establishing the allowed rod reactivity insertion at full power consistent with the purposes given previously,

2. Establishing the differential reactivity worth of the control rods when moved in normal sequence,

3. Establishing the change in reactivity with power level by relating power level to rod position, or

4. Linearizing the resultant limit curve. All key nuclear parameters in this procedure are measured as part of the initial and periodic physics testing program.

Any unexpected change in the position of the control bank under automatic control, or a change in coolant temperature under manual control, provides a direct and immediate indication of a change in the reactivity status of the reactor. In addition, samples are taken periodically of coolant boron concentration. Variation in concentration during core life provide an additional check on the reactivity statue of the reactor, including core depletion. 7.7.1.3.4 Rod Deviation Alarms The demanded and measured rod position signals are displayed on the main control board. They are also monitored by the BVPS-2 computer, which provides a visual printout and an audible alarm whenever an individual rod position signal deviates from the other rods in the bank by a preset limit. The alarm can be set with appropriate 7.7-12

BVPS-2 UFSAR Rev. 24 allowance for instrument error and within sufficiently narrow limits to preclude exceeding core design hot channel factors. Figure 7.7-3 is a block diagram of the rod deviation comparator and alarm system. 7.7.1.3.5 Rod Bottom Alarm A rod bottom signal for the control rods bistable in the rod position system is used to operate a control relay, which generates the rod bottom rod drop alarm. 7.7.1.4 Control System Interlocks The listing of the BVPS-2 control system interlocks, along with the description of their derivations and functions, is presented in Table 7.7-1. It is noted that the designation numbers for these interlocks are preceded by C. The development of these logic functions is shown in the functional diagrams, Figure 7.2-1, Sheets 9 to 16. 7.7.1.4.1 Rod Stops Rod stops are provided to prevent abnormal power conditions, which could result from excessive control rod withdrawal initiated by either a control system malfunction or operator violation of administrative procedures. Rod stops are the C-1, C-2, C-3, and C-4 control interlocks identified in Table 7.7-1. The C-3 rod stop, derived from overtemperature T, and the C-4 rod stop, derived from overpower T, are also used for turbine runback, which is discussed in the following section. 7.7.1.4.2 Automatic Turbine Load Runback Automatic turbine load runback is initiated by an approach to an overpower or overtemperature condition. This will prevent high power operation that might lead to an undesirable condition, which, if reached, will be protected by reactor trip. Turbine load reference reduction is initiated by either an overtemperature or overpower T signal. Two out of three coincidence logic is used. A rod stop and turbine runback are initiated when T > Trod stop for both the overtemperature and the overpower condition. 7.7-13

BVPS-2 UFSAR Rev. 0 For either condition in general Trod stop = Tsetpoint -Bp where: Bp = A set point bias ATsetpoint = The overtemperature T reactor trip value and the overpower T reactor trip value for the two conditions. The turbine runback is continued until T is equal to or less than T rod stop. This function serves to maintain an essentially constant margin to trip. 7.7.1.5 Pressurizer Pressure Control The RCS pressure is controlled by using either the heaters (in the water region) or the spray (in the steam region) of the pressurizer plus steam relief for large transients. The electric immersion heaters are located near the bottom of the pressurizer. A portion of the heater group is proportionally controlled to correct small pressure variations. These variations are due to heat losses, including heat losses due to a small continuous spray. The remaining (backup) heaters are turned on when the pressurizer pressure-controlled signal demands approximately 100-percent proportional heater power. The spray nozzles are located on the top of the pressurizer. Spray is initiated when the pressure controller spray demand signal is above a given set point. The spray rate increases proportionally with increasing spray demand signal until it reaches a maximum value. Steam condensed by the spray reduces the pressurizer pressure. A small continuous spray is normally maintained to reduce thermal stresses and thermal shock in the pressurizer spray line and to help maintain uniform water chemistry and temperature in the pressurizer. The pressurizer PORVs limit system pressure for large positive pressure transients. In the event of a large load reduction not exceeding the design plant load rejection capability, the pressurizer PORVs might be actuated for the most adverse conditions, for example, the most negative Doppler coefficient and the minimum incremental rod worth. The relief capacity of the pressurizer PORVs is sized large enough to limit the system pressure to prevent actuation of high pressure reactor trip for the preceding condition. A block diagram of the pressurizer pressure control system on Figure 7.7-4. 7.7-14

BVPS-2 UFSAR Rev. 14 7.7.1.6 Pressurizer Water Level Control The pressurizer operates by maintaining a steam cushion over the reactor coolant. As the density of the reactor coolant adjusts to the various temperatures, the steam water interface moves to absorb the variations with relatively small pressure disturbances. The water inventory in the RCS is maintained by the CVCS. During normal plant operation, the charging flow varies to produce the flow demanded by the pressurizer water level controller. The pressurizer water level is programmed as a function of coolant median average temperature. The pressurizer water level decreases as the load is reduced from full load. This is a result of coolant contraction following programmed coolant temperature reduction from full power to low power. The programmed level is designed to match as nearly as possible the level changes resulting from the coolant temperature changes. A block diagram of the pressurizer water level control system is shown on Figure 7.7-5. 7.7.1.7 Steam Generator Water Level Control Each steam generator is equipped with a three-element feedwater flow controller which maintains a programmed water level. The three-element feedwater controller regulates the feedwater valve by continuously comparing the feedwater flow signal, the water level signal, the programmed level, and the pressure-compensated steam flow signal. Isolated input signals to the feedwater control system are provided from the protection system and processed by a median signal selector as discussed in Section 7.2.2.2.3, Control and Protection System Interaction. Continued delivery of feedwater to the steam generators is required as a sink for the heat stored and generated in the reactor following a reactor trip and turbine trip. An override signal closes the feedwater valves when the average coolant temperature is below a given temperature and the reactor has tripped. Manual override of the feedwater control system is available at all times. When BVPS-2 is operating at very low power (as during start-up), the steam and feedwater flow signals will not be useable for control. Therefore, a secondary automatic control system is provided for operation at low power. This system uses the steam generator water level programmed set point signal in conjunction with the power range neutron flux signal in a bypass valve that is in parallel with the main feedwater regulating valve. Switchover from the bypass feedwater control system (FWCS) (low power) to the main FWCS is initiated by the operator at approximately 15-percent power. A block diagram of the steam generator water level control system is shown on Figure 7.7-6. 7.7-15

BVPS-2 UFSAR Rev. 16 7.7.1.8 Steam Dump Control The steam dump system, as described in Section 10.4.4, is capable of accepting greater than 40 percent of full load steam flow at full load steam pressure, which supports the BVPS-2 50 percent load rejection. The automatic steam dump system is able to accommodate this abnormal load rejection and to reduce the effects of the transient imposed upon the RCS. By passing main steam directly to the condenser and atmosphere, an artificial load is thereby maintained on the primary system. The rod control system can then reduce the reactor temperature to a new equilibrium value without causing overtemperature and/or overpressure conditions. If the difference between the reference Tavg (Tref) based on turbine first stage pressure and the lead/lag compensated median Tavg exceeds a predetermined amount, and the interlock mentioned as follows is satisfied, a demand signal will actuate the steam dump to maintain the RCS temperature within control range until a new equilibrium condition is reached. To prevent actuation of steam dump on small load perturbations, an independent load rejection sensing circuit is provided. This circuit senses the rate of decrease in the turbine load as detected by the turbine first stage pressure. It is provided to unblock the dump valves when the rate of load rejection exceeds a preset value corresponding to a 10-percent step load decrease or a sustained ramp load decrease of 5-percent/min. A block diagram of the steam dump control system is shown on Figure 7.7-7. 7.7.1.8.1 Load Rejection Steam Dump Controller This circuit prevents large increase in reactor coolant temperature following a large, sudden load decrease. The error signal is a difference between the lead/lag compensated median Tavg and the reference Tavg is based on turbine first stage pressure. The Tavg signal is the same as that used in the Rod Control System. The lead/lag compensation for the Tavg signal is to compensate for lags in the BVPS-2 thermal response and in valve positioning. Following a sudden load decrease, Tref is immediately decreased and Tavg tends to increase, thus generating an immediate demand signal for steam dump. Since control rods are available, in this situation steam dump terminates as the error comes within the maneuvering capability of the control rods. 7.7-16

BVPS-2 UFSAR Rev. 16 7.7.1.8.2 Plant Trip Steam Dump Controller Following a reactor trip, the load rejection steam dump controller is defeated and the reactor trip steam dump controller becomes active. Since control rods are not available in this situation, the demand signal is the error signal between the lead/lag compensated median Tavg and the no load reference Tavg. When the error signal exceeds a predetermined set point, the dump valves are tripped open in a prescribed sequence. As the error signal reduces in magnitude indicating that the RCS Tavg is being reduced toward the reference no-load value, the dump valves are modulated by the BVPS-2 trip controller to regulate the rate of removal decay heat and thus gradually establish the equilibrium hot standby condition. Following a reactor trip only, sufficient steam dump capacity is necessary to maintain steam pressure below the steam generator safety valve set point (approximately 40-percent capacity to the condenser), the two groups of valve are opened. The error signal determines whether a group is to be tripped open or modulated open. The valves are modulated when the error is below the trip-open set points. 7.7.1.8.3 Steam Header Pressure Controller Residual heat removal is maintained by the steam generator pressure controller (manually selected), which controls the amount of steam flow to the condensers. This controller operates a portion of the same steam dump valves to the condensers, which are used during the initial transient following turbine reactor trip or load rejection. 7.7.1.9 Incore Instrumentation The incore instrumentation system consists of chromel-alumel thermocouples, at fixed core outlet positions, and moveable miniature neutron detectors, which can be positioned at the center of selected fuel assemblies anywhere along the length of the fuel assembly vertical axis. The basic system for insertion of these detectors is shown on Figure 7.7-8. 7.7.1.9.1 Thermocouples The chromel-alumel thermocouples are inserted into guide tubes that penetrate the reactor vessel head through seal assemblies and terminate at the exit flow end of the fuel assemblies. The thermocouples are provided with two primary seals, a conoseal and swage type seal from conduit to head. The thermocouples are supported in guide tubes in the upper core support assembly. Thermocouple readings are monitored by the computer, with backup readout provided by a precision indicator with manual point selection located in the main control room. Information from the incore instrumentation is available even if the BVPS-2 computer is not in service. 7.7-17

BVPS-2 UFSAR Rev. 0 7.7.1.9.2 Moveable Neutron Flux Detector Drive System Miniature fission chamber detectors can be remotely positioned in retractable guide thimbles to provide flux mapping of the core. The stainless steel detector shell is welded to the leading end of helical wrap drive cable and to stainless steel sheathed coaxial cable. The retractable thimbles, into which the miniature detectors are driven, are pushed into the reactor core through conduits which extend from the bottom of the reactor vessel down through the concrete shield area and then up to a thimble seal table. Their distribution over the core is nearly uniform, with about the same number of thimbles located in each quadrant. The thimbles are closed at the leading ends, are dry inside, and serve as the pressure barrier between the reactor water pressure and the atmosphere. Mechanical seals between the retractable thimbles and the conduits are provided at the seal table. During reactor operation, the retractable thimbles are stationary. They are extracted downward from the core during refueling to avoid interference within the core. A space above the seal table is provided for the retraction operation. The drive system for the insertion of the miniature detectors consists basically of drive assemblies, five path rotary transfer assemblies and ten path transfer assemblies, as shown on Figure 7.7-8. The drive system pushes hollow helical wrap drive cables into the core with the miniature detectors attached to the leading ends of the cables and small diameter sheathed coaxial cables threaded through the hollow centers back to the ends of the drive cables. Each drive assembly consists of a gear motor, which pushes a helical wrap drive cable and a detector through a selective thimble path by means of a special drive box, and includes a storage device that accommodates the total drive cable length. Cap plugs will be provided to plug leaking thimbles. A small leak would probably not prevent access to the seal table and thus a leaking thimble could be isolated. A large leak might require cold shutdown for access to the isolation seal table. 7.7.1.9.3 Control and Readout Description The control and readout system provides means for inserting the miniature neutron detectors into the reactor core and withdrawing the detectors while recording neutron flux versus detector position. The control system is located in the main control room. Limit switches in each transfer device provide feedback of path selection operation. Each gear box drives an encoder for position feedback. One five path operation selector is provided for each drive unit to insert the detector in one of five functional modes of operation. One ten path operation selector is also provided for each drive unit that is then 7.7-18

BVPS-2 UFSAR Rev. 23 used to route a detector into any one of up to ten selectable paths. A common path is provided to permit cross calibration of the detectors. The main control room contains the necessary equipment for control, position indication, and flux recording for each detector. Flux-mapping consists of selecting flux thimbles in given fuel assemblies at various core quadrant locations. The detectors are driven to the top of the core and stopped automatically. A recording (position versus flux level) is initiated with the slow withdrawal of the detectors through the core from top to a point below the bottom. In a similar manner, other core locations are selected and recorded. Each detector provides axial flux distribution data along the center of a fuel assembly. Detector output is then analyzed to obtain a flux map of the core. The number and location of these thimbles have been chosen to permit measurement of local to average peaking factors to an accuracy of +5-percent (95-percent confidence). Measured nuclear peaking factors will be increased by 5-percent to allow for this accuracy. An additional increase to the measured nuclear peaking factor for reduced flux thimble availability is discussed in Sections 3.3.7 and 5.1.6 of the Licensing Requirements Manual. This system is used to verify that the power distribution is within the limits of the Technical Specifications. Operating plant experience has demonstrated the adequacy of the incore instrumentation in meeting the design bases stated. 7.7.1.10 Ultrasonic Feedwater Flow Meter The ultrasonic feedwater flow meter system is used in measuring feedwater flow and calculating thermal power. Nuclear plants are licensed to operate at a specified core thermal power, and the uncertainty of the calculated values of this thermal power determines the probability of exceeding the power levels assumed in the design-basis transient and accident analyses. The ultrasonic feedwater flow meter system provides measurements of feedwater mass flow and temperature yielding a total power uncertainty of r0.6% of reactor thermal power. The system consists of an electronic cabinet located in the Process Controls Area, and a measurement section (spool piece) installed in the 26-inch main feedwater header. Transducers that transmit and receive the pulses are mounted in the measurement section spool piece. Digital ultrasonic feedwater flow meter electronics are controlled by software to measure line integral velocities at precise locations with respect to the pipe centerline. Transit time differences between pulses are used to determine the fluid velocity and temperature. The mass flow rate and feedwater temperature are displayed on the local display panel, and transmitted to the plant process computer for use in the calorimetric measurement. 7.7-19

BVPS-2 UFSAR Rev. 23 An alarm is provided in the control room to alert operators should the system require maintenance. The system software was developed and is maintained using a verification and validation program compliant with IEEE standard 7-4.3.2-1993 and ASME standard NQA-2a-1990. 7.7.2 Analysis The BVPS-2 control systems are designed to assure high reliability in any anticipated operational occurrences. Equipment used in these systems is designed and constructed with a high level of reliability. Proper positioning of the control rods is monitored in the main control room by bank arrangements of the individual position columns for each RCCA. A rod deviation alarm alerts the operator of a deviation of one RCCA from the other rack in that bank position. There are also insertion limit monitors with visual and audible annunciation. A rod bottom alarm signal is provided to the main control room for each full length RCCA. Four excore long ion chambers also detect asymmetrical flux distribution indicative of rod misalignment. Overall reactivity control is achieved by the combination of soluble boron and RCCAs. Long term regulation of core reactivity is accomplished by adjusting the concentration of boric acid in the reactor coolant. Short term reactivity control for power changes is accomplished by the reactor control system which automatically or manually moves RCCAs. This system uses input signals that include neutron flux, coolant temperature, and turbine load. 7.7-19a

BVPS-2 UFSAR Rev. 0 The BVPS-2 control systems will prevent an undesirable condition in the operation of the nuclear plant that, if reached, will be protected by reactor trip. The description and analysis of this protection is covered in Section 7.2. Worst-case failure modes of the BVPS-2 control systems are postulated in the analysis of off-design operational transients and accidents covered in Chapter 15, such as the following:

1. Uncontrolled RCCA withdrawal from a subcritical condition,

2. Uncontrolled RCCA withdrawal at power

3. Misalignment of RCCA

4. Loss of external electrical load and/or turbine trip,

5. Loss of all ac power to the station auxiliaries (station blackout),

6. Excessive heat removal due to feedwater system malfunctions,

7. Excessive load increase incident, and

8. Accidental depressurization of the RCS.

These analyses will show that a reactor trip set point is reached in time to protect the health and safety of the public under these postulated incidents and that the resulting coolant temperatures will produce a DNBR well above the limiting value of 1.30. Thus, there will be no clad damage and no release of fission products to the RCS under the assumption of these postulated worst-case failure modes of the BVPS-2 control system. 7.7.2.1 Separation of Protection and Control Systems In some cases, it is advantageous to employ control signals derived from individual protection channels through isolation amplifiers contained in the protection channel. As such, a failure in the control circuitry does not adversely affect the protection channel. Test results have shown that postulated faults on the isolated output portion of the circuit (nonprotection side of the circuit) will not affect the input (protection) side of the circuit. Where a single random failure can cause a control system action that results in a condition requiring protective action and can also prevent proper action of a protection system channel designed to protect against the condition, the remaining redundant protection channels are capable of providing the protective action even when degraded by a second random failure. This meets the applicable requirements in Paragraph 4.7 of IEEE Standard 279-1971. 7.7-20

BVPS-2 UFSAR Rev. 2B The loop Tavg and T channel required inputs to the steam dump system, the reactor control system, the control rod insertion monitor and the pressurizer level control system are electrically isolated prior to being routed to the control cabinets. A median signal is then calculated for Tavg and T in the control cabinets utilizing a Median Signal Selector (MSS) for input to the appropriate control systems. 7.7-20a

BVPS-2 UFSAR Rev. 0 7.7.2.2 Response Considerations of Reactivity Reactor shutdown with control rods is completely independent of the control functions, since the trip breakers interrupt power to the rod drive mechanisms regardless of existing control signals. The design is such that the system can withstand accidental withdrawal of control groups or unplanned dilution of soluble boron without exceeding acceptable fuel design limits. The design meets the requirements of General Design Criterion (GDC) 25. No single electrical or mechanical failure in the rod control system could cause the accidental withdrawal of a single RCCA from the partially inserted bank at full power operation. The operator could deliberately withdraw a single RCCA in the control bank. This feature is necessary in order to retrieve a rod, should one be accidentally dropped. In the extremely unlikely event of simultaneous electrical failures which could result in single RCCA withdrawal, rod deviation would be displayed on a main control room annunciator, and the individual rod position readouts would indicate the relative positions of the other rods in the bank. Withdrawal of a single RCCA by operator action, whether deliberate or by a combination of errors, would result in activation of the same alarm and the same visual indications. Each bank of control and shutdown rods in the system is divided into two groups (group 1 and group 2) of up to four mechanisms each. The rods comprising a group operate in parallel through multiplexing thyristors. The two groups in a bank move sequentially such that the first group is always within one step of the second group in the bank. The group 1 and group 2 power circuits are installed in different cabinets, as shown on Figure 7.7-9, which also shows that one group is always within one step (5/8 inch) of the other group. A definite sequence of actuation or deactuation of the stationary grippers moveable grippers and lift coils of a mechanism is required to withdraw the RCCA attached to the mechanism. Since the four stationary grippers, moveable grippers, and lift coils associated with the RCCAs of a rod group are driven in parallel, any single failure which could cause rod withdrawal would affect a minimum of one group of RCCAs. Mechanical failures are in the direction of insertion, or immobility. Figure 7.7-10 is provided for a discussion of design features that assure that no single electrical failure could cause the accidental withdrawal of a single RCCA from the partially inserted bank at full power operation. Figure 7.7-10 shows the typical parallel connections on the lift, moveable, and stationary coils for a group of rods. Since single failures in the stationary or moveable circuits will result in dropping or preventing rod(s) motion, the discussion of single failure will be addressed to the lift coil circuits: 1) due to the method of wiring the pulse transformers which fire the lift coil 7.7-21

BVPS-2 UFSAR Rev. 0 multiplex thyristors, three of the four thyristors in a rod group when required to fire if, for example, the gate signal lead failed open at l open at point X . Upon up demand, one rod in group 1 and four rods in group 2 would withhdraw. A second failure at point X2 in the group 2 circuit is required to withdraw an RCCA; 2) timing circuit failures will affect the four mechanisms of a group or the eight mechanisms of the bank and will not cause a single rod withdrawal; and 3) more than two simultaneous component failures are required (other than the open wire failures) to allow withdrawal of a single rod. The identified multiple failure involving the least number of components consists of open circuit failure of the proper 2 out of 16 wires connected to the gate of the lift coil thyristors. The

                                                              -6 probability of open wire (or terminal) failure is 0.016 x 10 /hr by MIL-HDBK-217D. These wire failures would have to be accompanied by failure, or disregard, of the preceding indications. The probability of this occurrence is therefore too low to have any significance.

Concerning the human element, to erroneously withdraw a single RCCA the operator would have to improperly set the bank selector switch, the lift coil disconnect switches, and hold the manual switch in the out position. In addition, the rod position indicators would have to be disregarded or ineffective. Such a series of errors would require a complete lack of understanding and administrative control. A probability number cannot be assigned to a series of errors such as these. The rod position indication system provides direct visual displays of each control rod assembly position. The BVPS-2 computer has alarms for deviation of rods from their banks. In addition, a rod insertion limit monitor provides an audible and visual alarm to warn the operator of an approach to an abnormal condition due to dilution. The low-low insertion limit alarm alerts the operator to follow emergency boration procedures. The facility reactivity control systems are such that acceptable fuel damage limits will not be exceeded even in the event of a single malfunction of either system. An important feature of the control rod system is that insertion is provided by gravity fall of the rods. In all analyses involving reactor trip, the single, highest worth RCCA is postulated to remain stuck in its full out position. One means of detecting a stuck control rod assembly is available from the actual rod position information displayed on the main control board. The control board position readouts, one for each control rod, give the BVPS-2 control room operator the actual position of the rod in steps. The indications are grouped by banks (for example, control bank A, control bank B, etc) to indicate to the operator the deviation of one rod with respect to other rods in a bank. This serves as a means to identify rod deviation. 7.7-22

BVPS-2 UFSAR Rev. 16 The BVPS-2 computer monitors the actual position of all rods. Should a rod be misaligned from the other rods in that bank by more than a predetermined amount, the rod deviation alarm is actuated. Misaligned RCCAs are also detected and alarmed in the main control room via the flux tilt monitoring system, which is independent of the BVPS-2 computer. Isolated signals derived from the nuclear instrumentation system (Lipchak 1974) are compared with one another to determine if a preset amount of deviation of average power level has occurred. Should such a deviation occur, the comparator output will operate a bistable unit to actuate a main control board annunciator. This alarm will alert the operator to a power imbalance caused by a misaligned rod. By use of individual rod position readouts, the operator can determine the deviating control rod and take corrective action. The design of the plant control systems meets the requirements of GDC 23. The CVCS can compensate for all xenon reactivity transients. The CVCS is not used, however, to compensate for the reactivity effects of fuel/water temperature changes accompanying power level changes. The CVCS will maintain the reactor in the cold shutdown state irrespective of the disposition of the control rods. The rod control system can compensate for xenon reactivity transients over the allowed range of rod travel. Xenon transients of larger magnitude must be accommodated by boration or by reactor trip. The rod control system can also compensate for the reactivity effects of fuel/water temperature changes accompanying power changes over the full range from full load to no load at the design maximum load update. 7.7.2.3 Step Load Changes Without Steam Dump The BVPS-2 control system restores equilibrium conditions, without a trip, following a plus or minus 10-percent step change in load demand over the 15 to 100 percent power range with a combination of manual and automatic control. Automatic control allows control rod insertion only. With automatic rod withdrawal disabled, control rod withdrawal can only be performed manually. Steam dump is blocked for load decrease less than or equal to 10-percent. A load demand greater than full power is prohibited by the turbine control load limit devices. The BVPS-2 control system minimizes the reactor coolant average temperature deviation during the transient within a given value and restores average temperature to the programmed set point. Excessive pressurizer pressure variations are prevented by using spray and heaters and pressurizer PORVs in the pressurizer. The reactor control system limits nuclear power overshoot to acceptable values following a 10-percent increase in load to 100-percent. 7.7-23

BVPS-2 UFSAR Rev. 16 7.7.2.4 Loading and Unloading Ramp loading and unloading of 5-percent/min can be accepted over the 15 to 100-percent power range with a combination of manual and automatic control without tripping the plant. Automatic control allows control rod insertion only. With automatic rod withdrawal disabled, control rod withdrawal can only be performed manually. The function of the reactor control system is to maintain the coolant average temperature as a function of turbine generator load. The coolant average temperature increases during loading and causes a continuous insurge to the pressurizer as a result of coolant expansion. The pressurizer spray limits the resulting pressure increase. Conversely, as the coolant average temperature is decreasing during unloading, there is a continuous outsurge from the pressurizer resulting from coolant contraction. The pressurizer heaters limit the resulting system pressure decrease. The pressurizer water level is programmed such that the water level is above the set point for heater cut out during the loading and unloading transients. The primary concern during loading is to limit the overshoot in nuclear power and to provide sufficient margin in the overpower and overtemperature T set points. 7.7.2.5 Load Rejection Furnished by Steam Dump System When a load rejection occurs, if the difference between the required temperature set point of the RCS and the actual average temperature exceeds a predetermined amount, a signal will actuate the steam dump to maintain the RCS temperature within control range until a new equilibrium condition is reached. The reactor power is reduced at a rate consistent with the capability of the rod control system. Reduction of the reactor power is automatic. The steam dump flow reduction is as fast as RCCAs are capable of reducing nuclear power. The rod control system can then reduce the reactor temperature to a new equilibrium value without causing overtemperature and/or overpressure conditions. The steam dump steam flow capacity is greater than 40 percent of full load steam flow at full load steam pressure, which supports the BVPS-2 50 percent load rejection. The steam dump flow reduces proportionally as the average coolant temperature is reduced. The artificial load is therefore removed as the coolant average temperature is restored to its programmed equilibrium value. The dump valves are modulated by the reactor coolant average temperature signal. The required number of steam dump valves can be tripped quickly to stroke full open or modulate, depending upon the magnitude of the temperature error signal resulting from loss of load. 7.7.2.6 Turbine Generator Trip With Reactor Trip Whenever the turbine generator trips at an operating power above the P-9 permissive setpoint, the reactor also trips. The turbine generator is operated with a programmed average temperature as a 7.7-24

BVPS-2 UFSAR Rev. 16 function of load, with the full load average temperature significantly greater than the equivalent saturation pressure of the main steam safety valve set point. The thermal capacity of the RCS is greater than that of the secondary system, and because the full load average temperature is greater than the no load temperature, a heat sink is required to remove heat stored in the reactor coolant to prevent actuation of steam generator safety valves for a trip from full power. This heat sink is provided by the combination of controlled release of steam to the condenser and by makeup of feedwater to the steam generators. The steam dump system is controlled from the reactor coolant average temperature signal, whose set point values are programmed as a function of turbine load. Actuation of the steam dump is rapid to prevent actuation of the steam generator safety valves. With the dump valves open, the average coolant temperature starts to reduce quickly to the no load set point. A direct feedback of temperature acts to proportionally close the valves to minimize the total amount of steam which is bypassed. Following the turbine trip with reactor trip above the P-9 permissive setpoint, the feedwater flow is cut off when the average coolant temperature decreases below a given temperature or when the steam generator water level reaches a given high level. Additional feedwater makeup is then controlled manually to restore and maintain steam generator water level while assuring that the reactor coolant temperature is at the desired value. Residual heat removal is maintained by the steam header pressure controller (manually selected) which controls the amount of steam flow to the condensers. This controller operates a portion of the same steam dump valves to the condensers, which are used during the initial transient following turbine and reactor trip. The pressurizer pressure and level fall rapidly during the transient because of coolant contraction. The pressurizer water level is programmed so that the level following the turbine and reactor trip is above the low level heater cutoff set point. If heaters become uncovered following the trip, the CVCS will provide full charging flow to restore water level in the pressurizer. Heaters are then turned on to restore pressurizer pressure to normal. The steam dump and feedwater control systems are designed to prevent the average coolant temperature from falling below the programmed no load temperature following the trip, to ensure adequate reactivity shutdown margin. 7.7.2.7 Primary Component Cooling Water System The primary component cooling water (PCCW) system, described in Section 9.2.2.1, supplies cooling water to various non-nuclear safety (NNS) class systems during normal plant operation. Under accident 7.7-25

BVPS-2 UFSAR Rev. 12 conditions or loss of power, the NNS class portion of the system is isolated and no cooling is provided. Water level in the surge tank for the neutron shield tank is maintained manually. High and low water levels are alarmed in the main control room. The reactor vessel support shield tank has a temperature element on the downstream side with alarm and indication in the main control room. Temperature is controlled in each of the following pieces of equipment by temperature control valves on the downstream side of each:

1. Boron recovery system

a. Bottoms cooler

b. Distillate cooler

c. Evaporator condenser

2. Radioactive liquid waste system

a. Bottoms cooler

b. Distillate cooler

c. Evaporator condenser

3. Radioactive gaseous waste system

a. Compressor cooler

b. Trim cooler

c. Condenser The compressor coolers are also equipped with local temperature indication.

During the life of BVPS-2, the NNS class portions of the PCCW system are either in continuous or intermittent operation. All components are accessible for periodic visual inspections. Section 7.3 discusses the safety-related portion of the PCCW system. 7.7.2.8 Containment Leakage Monitoring System The containment system leakage monitoring system is not an engineered safety features system. It is an NNS class system. The containment leakage monitoring system is described in Section 6.2.6. 7.7-26

BVPS-2 UFSAR Rev. 22 7.7.2.9 Turbine Control System A discussion of the turbine control system, including the redundant turbine overspeed protection system, is presented in Sections 10.2.2.4 and 10.2.4. 7.7-27

BVPS-2 UFSAR Rev. 0 7.7.2.10 Plant Safety Monitoring System The plant safety monitoring system (PSMS) is used to process and output the inadequate core cooling (ICC) variables in proper format to internal plasma displays, and external indicators, displays, cabinets and other equipment. The PSMS consists of three types of modular components: the remote processing unit (RPU), the display processing unit (DPU), and the plasma display. These components perform the data acquisition and processing, the data base consolidation and comparison, and the data selection and display, respectively. The system is seismically and environmentally qualified, is configured to address single-failure criteria, and qualification details are available in Section 3.10 and 3.11. In addition, the PSMS has the capability for on-line testing without affecting reactor protection and control. 7.7-28

BVPS-2 UFSAR Rev. 16 The plasma display modules are redundant, qualified, graphic/alpha-numeric modules for displaying reactor vessel level core cooling margin (Tsaturation), and the core exit thermocouples on demand. These displays will be used to detect the approach to inadequate core cooling. Sections 3.10 and 3.11 provided details of the seismic and environmental qualification. 7.7.2.13 High-High Steam Generator Water Level Trip System A two out of three high-high steam generator water level signal in any loop is called "the high-high steam generator water level trip" and the signal will cause feedwater isolation and trip the turbine. This trip is modeled in the safety analysis to mitigate the consequences of an Excessive Heat Removal Due to Feedwater System Malfunction events. This trip provides equipment protection since it limits moisture carryover that could damage the turbine blading. When the water level in any steam generator reaches the high-high water level setpoint, the P-14 interlock is activated. Table 7.7-1 lists additional information pertaining to this function. Once activated, a P-14 signal will trip the turbine, trip all main feedwater pumps, close the main feedwater control valves, close the main feedwater control bypass valves, and close all main feedwater isolation valves. This function is displayed on the Functional Diagram for Main Feedwater Control and Isolation shown on Figure 7.3-18. 7.7.3 References for Section 7.7 FENOC Letter to U.S. Nuclear Regulatory Commission, License Amendment Request Nos. 289 and 161 (Attachment C, Items 6 and 8), Letter Number L-01-006, dated January 18, 2001. Lipchak, J.B. and Stokes, R.A. 1974. Nuclear Instrumentation System. WCAP-8255 (for background information only). Shopsky, W.E. 1977. Failure Modes and Effects Analysis of the Solid State Full Length Rod Control System. WCAP-8976. U.S. Department of Defense 1982. Reliability Prediction of Electronic Equipment. MIL-HDBK-217D. USNRC - Safety Evaluation by the Office of Nuclear Reactor Regulation Related to Amendment Nos. 243 and 122 to Facility Operating License Nos. DPR-66 and NPF-73, Page 5, dated September 24, 2001. Westinghouse 1980. Westinghouse Reactor Vessel Level Instrumentation System for Monitoring Inadequate Core Cooling. December 1980. 7.7-29

BVPS-2 UFSAR Tables for Section 7.7

BVPS-2 UFSAR Rev. 16 TABLE 7.7-1 BVPS-2 CONTROL SYSTEM INTERLOCKS Designation Derivation Function C-1 1/2 Neutron flux Blocks control rod (intermediate range) withdrawal above set point C-2 1/4 Neutron flux Blocks control rod (power range) above withdrawal set point C-3 2/3 Overtemperature Blocks control rod T above set point withdrawal Actuates turbine runback via load reference C-4 2/3 Overpower T Blocks control rod above set point withdrawal Actuates turbine runback via load reference C-7 1/1 Time derivative Makes steam dump (absolute value) of valves available for turbine first stage either tripping or pressure (decrease modulation only) above set point (1) P-4 Reactor trip Blocks steam dump breakers open control via load rejection Tavg controller Makes half of the steam dump valves available for either tripping or modulation The following Blocks steam dump condition exists control via reactor when P-4 is not trip Tavg controller active (this function is provided by absence of P-4) 1 of 2

BVPS-2 UFSAR Rev. 25 TABLE 7.7-1 (Cont) Designation Derivation Function C-9 Any condenser pressure Blocks steam dump above set point, or all to condenser circulation water pump breakers open P-14 2/3 steam generator Closes all level above setpoint on feedwater any steam generator isolation valves (presence of signal trip feedwater performs or permits pumps actuates functions shown) turbine trip(2) C-20 2/2 Turbine first stage Enables AMSAC pressure 40% of nominal pressure at 100% power. Delayed off (Ref 4.3.1.7) (1) See Table 7.3-3 for engineered safety features actuation system functions. (2) The motor driven AFW pumps start indirectly as a result of the Main Feedwater Pump trip caused by this signal. 2 of 2

NOTES: REV 15D

1. TEMPERATURES ARE MEASURED AT STEAM GENERATOR'S INLET AND OUTLET

2. PRESSURE IS MEASURED AT THE PRESSURIZER

3. AUTOMATIC ROD WITHDRAWAL IS DISABLED TH AVG T TH AVG T

                                           ~             CO~    LEG                            ~         CO~  LEG AVERAGE TEMPERTURE                    AVERAGE TEMPERTURE                                     AVERAGE TEMPERTURE UNIT LOOP 1                           UNIT LOOP 2                                            UNIT LOOP 3 TAVG = TH +Tc                            TAVG    = TH + Tc                                   TAVG = TH + Tc 2                                             2                                               2
                                    .... MEDIAN SIGNAL ..,
        '-------------lrltJ!IDi                SELECTOR         141t----------.~

TO STEAM DUMP TO PRESSURIZER LEVEL SYSTEM ...,.._f-----11---~~..,. PROGRAMMER NUCLEAR POWER SIGNAL

                                                                                                            .I r -      TURBINE LOAD TURBINE LOAD f t        SIGNAL SIGNAL                        LEAD -LAG                                               POWER MISMATCH COMPENSATION UNIT                                            COMPENSATION
                   +

AVERAGE UNIT TEMPERATURE PROGRAMMER I

                                                                                    ---- MANUAL ROO CONTROL ROD SPEED UNIT ROD DRIVE POWER REDUNDANT TRIP SIGNAL
                                                                                                  +

SEQUENTIAL ROD CONTROL UNIT REACTOR TRIP BREAKER 1 I CAUTOMATIC CONTROL> PERMISSIVE CIRCUITS ...,....,E-------J REACTOR TRIP CROD INTERLOCK) BREAKER 2 I I I CONTROL ROD r-t __ DRIV~ _ _ _ J ACTUATOR ROD POWER CONTROL ROD DRIVE FIGURE 7a7-1 MECHANISM SIMPLIFIED BLOCK DIAGRAM OF REACTOR CONTROL SYSTEM BEAVER VALLEY POWER STATION UNIT N0.2 UPDATED FINAL SAFETY ANALYSIS REPORT

REV 3

                                                                           .....-LOW ALARM
                                                                                  ~LOW-LOW ALARM COMPARATOR 1----'-------.11        A I

(.6.T)MEDIAN ---11"'~

                                                                           ' - COMMON FOR All FOUR CONTROL BANKS z------

DEMAND BANK SI GN AL TYPICAL OF ONE CONTROL BANK NOTE: I

• ANALOG CIRCUITRY IS US.ED FOR THE COMPARATOR NElWOR K.

2. COMPARISON IS DONE FOR ALL CONTROL BANKS FIGURE 7. 7- 2 CONTROL BANK ROD INSERTION MONITOR BEAVER VALLEY POWER STATION -UNIT 2 FINAL SAFETY ANALYSIS REPORT

Alarm A Demand Bank Signal (Rod Control) Individual Rod Position Reading of those Comparator Rods Classified as Members of that Bank Note: 1. Digital of Analog Signals may be Used for the Comparator Computer Inputs.

2. The Comparator Will Energize the Alarm if There Exists a Position Difference Greater Than a Preset Limit Between Any Individual Rod and the Demand Bank Signal.

3. Comparison is Individually Done for All Control Banks.

FIGURE 7. 7-3 ROD DEVIATION COMPARATOR BEAVER VALLEY POWER STATION- UN IT 2 FINAL SAFETY ANALYSIS REPORT

Pressurizer Pressure Signal Reference Pressure (+) (-) PID Controller

                                                                         --.             Remote Remote Manual         Manual Positioning          Controller
                                                                              +

Spray Spray Controller Controller It lr Povver Relief Povver To Backup To Variable Spray Spray Valves No. Relief Heater Heater Valve Valve 1& 3 Valve Control Control A 8 No.2 FIGURE 7.7-4 BLOCK DIAGRAM OF PRESSURIZER PRESSURE CONTROL SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV 3 ME. DIAN Tavg Pressurizer Level Signal Level Programmer (+) (-) Remote Manual Control PI Controller Auto-Manual Control (Control Room) To Backup Heater Control Auto-Manual Control (Remote) Charging Flow Control Valve Position FIGURE 7. 7-5 BLOCK DIAGRAM OF PRESSURIZER LEVEL CONTROL SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

REV. 17 TURBINE FIRST STAGE CHAMBER PRESSURE SIGNAL LEVEL PROGRAMMER *

• CONSTANT 44 PERCENT LEVEL STEAM GENERATOR WATER LEVEL SIGNAL STEAM FLOW FEEDWATER FLOW SIGNAL SIGNAL

(+) (-) PI CONTROLLER REMOTE MANUAL POWER RANGE POSITIONING NEUTRON FLUX MAIN FEEDWATER MAIN FEEDWATER CONTROL VALVE BYPASS VALVE DYNAMICS DYNAMICS MAIN FEEDWATER FEEDWATER BYPASS CONTROL VALVE VALVE POSITION POSITION FIGURE 7.7-6 BLOCK DIAGRAM OF STEAM GENERATOR I WATERLEVELCONTROLSYSTEM I I I BEAVER VALLEY POWER STATION - UNIT 2 UPDATED FINAL SAFETY ANALYSIS REPORT I I I 122-0cT-200808:23--- K:\;;-2\UFSAR\_9-7070060.d-;:,~ - ,

    --------------- --- =---

PREPARED ON~it.? CAEDDI THE CNSU C::...1.,t~ SYST"EII II L-----------------------------------------------------~------1

REV. 17 MEDIAN STEAM DUMP CONTROL IN MANUAL

          <STEAM PRESSURE CONTROL>

REFERENCE TURBINE FIRST STAGE NO-LOAD PRESSURE RATE/LAG LEAD/LAG COMPENSATION COMPENSATION P4 REACTOR TRIP LOAD REJECTION BISTABLE DEFEAT LOAD REJECTION STEAM STEAM DUMP CONTROL: ALLOW HEADER PLANT TRIP STEAM PRESSURE DUMP CONTROL SET PRESSURE PLANT TRIP CONTROLLER PI CONTROLER LOAD REJECTION CONTROL OR PLANT TRIP CONTROL TRIP OPEN STEAM DUMP VALVES MANUAL <STEAM NOTE: PRESSURE AUTO (T AVG CONTROL> CONTROL> FOR BLOCKING,UNBLOCKING SIGNAL TO CONDENSER STEAM DUMP VALVES SEE FIGURE 7.2-1 SHEET 10 MODULATE CONDENSER DUMP VALVES

  '---v-'

AIR SUPPLY TO DUMP VALVES FIGURE 7.7-7 BLOCK DIAGRAM OF STEAM DUMP CONTROL SYSTEM BEAVER VALLEY POWER STATION - UNIT No.2 UPDATED FINAL SAFETY ANALYSIS REPORT

SAFETY SWITCHES LIMIT SWITCHES PATH TRANSFERS INTERCONNECTING TUBING PATH TRANSFERS _ _----..~1 c FLUX THIMBLES FIGURE 7. 7-8 BASIC FLUX ... MAPPING SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

SLAVE POWER CONTROL r+ CYCLER CABINET ~ BANK D 1 BD ~ 1 BD GROUP 1 REACTOR lLIFT COl L CONTROL r-+ PULSER r--. MASTER CYCLER ~ DISCONN ECT SYSTEM rSWITCHE s SLAVE POWER CONTROL

                                                ~     CYCLER             CABINET    --+- BANK D MANUAL                                                 2 BD       ~       2 BD          GROUP 2 SWITCH BANK   ....._... BANK SELECTOR           OVERLAP MULTIPLEX CIRCUITS                                                                  NOTE:  ONLY CABINETS 1 BD AND 2 BD SHOWN. FOR MORE COMPLETE DIAGRAM I*       t                                                              INCLUDING POWER I.               I                           L CABINETS 1 AC, 2 AC, LIFTING} GROUP 1     AND SCD SEE REF. 1 IN SECTION 7.7.3 ll I

t/2_, lOFF I IILIFTING GROUP 2 L.....---J.-.-------- OFF } ll NORMAL SEQUENCING OF GROUPS WITHIN BANK FIGURE 7. 7-9 SIMPLIFIED BLOCK DIAGRAM OF REACTOR CONTROL SYSTEM BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT

CONTROL BANK D GROUP 1 POWER CABINET 1 BD MULTIPLEX THYRISTORS 120 VAC LIFT COIL DISCONNECT SWITCHES 1 STATIONARY MOVABLE LIFT COILS GRIPPER GRIPPER COILS COILS CONTROL BANK D GROUP 2 POWER CABINET 2 80 120 VAC LIFT COIL DISCONNECT SWITCHES z~~--------~2~--------~~~--~~ LIFT COILS FIGURE 7 7- 10 CONTROL BANK D PARTIAL SIMPLIFIED SCHEMATIC DIAGRAM POWER CABINETS 1BD & 2BD BEAVER VALLEY POWER STATION-UNIT 2 FINAL SAFETY ANALYSIS REPORT}}