ML21102A224
| ML21102A224 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 03/30/2021 |
| From: | Southern Nuclear Operating Co |
| To: | Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML21102A218 | List: |
| References | |
| NL-21-0265 | |
| Download: ML21102A224 (151) | |
Text
RWST LEVEL CHANNEL BISTABLES
- 1) NORMALLY DEENERGIZED
- 2) DEENERGIZED ON LOSS OF POWER
- 3) TRIP SIGNAL PROVIDED WHEN ENERGIZED
- 4) ENERGIZED ON LO-LO SETPOINT PROCESS CONTROL CABINETS I LO-LO Il LO-LO ill LO-LO Ill LO-LO SOLID STATE 2/4 2/4 PROTECTION
~----- CABINETS A B TRIP SIGNAL TO TRIP SIGNAL TO AUTOMATICALLY OPEN AUTOMATICALLY OPEN SUMP ISOLATION VAL VE SUMP ISOLATION VALVE HV8811A HV8811B (CONT. ON SHEET 2) (CONT. ON SHEET 2)
REV 14 10/07 SAFETY INJECTION SYSTEM SOUTHERN COMPANY
<<\ VOGTLE ELECTRIC GENERATING PLANT RECIRCULATION SUMP AND RHR SUCTION ISOLATION VALVES Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.6.5-1 (SHEET 1 OF 2)
SPRING RETURN TO AUTO MANUAL RESET RHR OUTER ISO .
SPRING RETURN VALVE CLOSED OPEN AUTO CLOSE MCB TON RHR INNER ISO.
N VALVE CLOSED r- --,
I TRIP SIGNAL I FROM 2/4 j I RWST LO-LO I I LEVEL SIGNAL I I( CONT. FROM SHEET 1)
I L ___ J INTERLOCK TABLE CLOSE VALVE INTER - HV8811A HV8811B LOCK WITH TB-TEST BUTTON RWST/RHR PUMP HV 8812A HV 8812B SUCTION ISO.
LMT SW NO. 1 LMT SW NO. 1 VALVE OPEN VALVE RHR INNER HV 8701B HV 8702B ISO. VALVE LMT SW NO. 2 LMT SW NO. 1 APPLICABLE VALVE RHR OUTER HV 8701A HV 8702A ISO. VALVE LMT SW NO. 1 LMT SW NP. 2 DESCRIPTION SUMP TO NO. 1 RHR PUMP HV8811A TRAIN A B SUMP TO NO. 2 RHR PUMP HV8811B LIMIT SWITCH NO. 1 IS THE NORMAL POSITION SIGNAL ANO IS USED FOR POSITION SIGNALS BETWEEN VALVES ASSIGNED TO THE SAME TRAIN.
LIMIT SWITCH NO. 2 IS THE STEM MOUNTED POSITION SWITCH ANO IT IS USED FOR POSITION SIGNALS BETWEEN VALVES ASSIGNED TO OPPOSITE TRAINS.
0 ACTUATION SIGNAL LAMP REV 14 10/07 SAFETY INJECTION SYSTEM VOGTLE RECIRCULATION SUMP AND RHR SOUTHERN<<\
COMPANY ELECTRIC GENERATING PLANT SUCTION ISOLATION VALVES Energy to Serve Your World
- UNIT 1 AND UNIT 2 FIGURE 7.6.5-1 (SHEET 2 OF 2)
VEGP-FSAR-7 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY The general design objectives of the plant control systems are:
A. To establish and maintain power equilibrium between the primary and secondary system during steady-state unit operation.
B. To constrain operational transients so as to preclude unit trip and to reestablish steady-state unit operation.
C. To provide the reactor operator with monitoring instrumentation that indicates all required input and output control parameters of the systems and provides the operator with the capability of assuming manual control of the system.
7.
7.1 DESCRIPTION
OF CONTROL SYSTEMS NOT REQUIRED FOR SAFETY The plant control systems described in this section perform the following functions:
A. Reactor Control System
- 1. Enables the nuclear plant to accept a step-load increase or decrease of 10 percent and a ramp increase or decrease of 5 percent/min within the load range of 15 to 100 percent, without reactor trip, steam dump, or pressurizer relief actuation, subject to possible xenon limitations.
- 2. Maintains reactor coolant average temperature (Tavg) within prescribed limits by creating the bank demand signals for moving groups of full-length rod cluster control assemblies during normal operation and operational transients. The Tavg control also supplies a signal to pressurizer water level control and steam dump control.
B. Rod Control System
- 1. Provides for reactor power modulation by manual or automatic control (automatic rod insertion only) of full-length control rod banks in a preselected sequence and for manual operation of individual banks.
- 2. Includes systems for monitoring and indicating which:
Provide alarms to alert the operator if the required core reactivity shutdown margin is not available because of excessive control rod insertion.
Display control rod position.
Provide alarms to alert the operator in the event of control rod deviation exceeding a preset limit.
C. Plant Control System Interlocks
- 1. Prevent further withdrawal of the control banks when signal limits are approached that indicate the approach to a departure from nucleate boiling ratio limit or kW/ft limit.
- 2. Limit automatic turbine load increase to values for which the nuclear steam supply system has been designed.
7.7-1 REV 22 9/19
VEGP-FSAR-7 D. Pressurizer Pressure Control
- 1. Maintains or restores the pressurizer pressure to the design pressure 35 psi (which is within reactor trip and relief and safety valve actuation setpoint limits) following normal operational transients that induce pressure changes by control (manual or automatic) of heaters and spray in the pressurizer.
- 2. Provides steam relief by controlling the power relief valves.
E. Pressurizer Water Level Control Establishes, maintains, and restores pressurizer water level within specified limits as a function of the average coolant temperature. Changes in level are caused by coolant density changes induced by loading, operational, and unloading transients. Level changes are produced by means of charging flow control (manual or automatic), as well as by manual selection of letdown orifices.
Maintaining coolant level in the pressurizer within prescribed limits by actuating the charging and letdown system thus provides control of the reactor coolant water inventory.
F. Steam Generator Water Level Control
- 1. Establishes and maintains the steam generator water level within predetermined limits during normal operating transients.
- 2. Maintains the steam generator water level within predetermined limits and unit trip conditions. It regulates the feedwater flowrate such that under operational transients the water level for the reactor coolant system does not decrease below a minimum value. Steam generator water inventory control is manual or automatic through the use of feedwater regulating valves.
G. Steam Dump Control
- 1. Permits the nuclear plant to accept a sudden loss of load without incurring reactor trip. Steam is dumped to the condenser as necessary to accommodate excess power generation in the reactor during turbine load reduction transients.
- 2. Ensures that stored energy and residual heat are removed following a reactor trip to bring the plant to equilibrium no-load conditions without actuation of the steam generator safety valves.
- 3. Maintains the plant at no-load conditions to permit a manually controlled cooldown of the plant.
H. Incore Instrumentation Provides information on the neutron flux distribution and on the core outlet temperatures at selected core locations.
7.7.1.1 Reactor Control System The reactor control system enables the nuclear plant to follow load changes automatically, including the acceptance of step-load increases or decreases of 10 percent and ramp increases or decreases of 5 percent/min within the load range of 15 to 100 percent without reactor trip, steam dump, or pressure relief (subject to possible xenon limitations). The system is also 7.7-2 REV 22 9/19
VEGP-FSAR-7 capable of restoring coolant average temperature to within the programmed temperature dead band following a change in load. Automatic control rod insertion may be used for temperature control. However, rod withdrawal can only be performed manually. Manual control rod operation may be performed at any time within the range of defined insertion limits.
The reactor control system controls the reactor coolant average temperature by regulating control rod bank position. The reactor coolant loop average temperatures are determined from hot leg and cold leg measurements in each reactor coolant loop. There is an average coolant temperature (Tavg) computed for each loop, where:
Thot Tcold Tavg =
2 The error between the programmed reference temperature (based on turbine impulse chamber pressure) and the highest of the Tavg measured temperatures (which is processed through a lead-lag compensation unit) from each of the reactor coolant loops constitutes the primary control signal as shown in general in figure 7.7.1-1 and in more detail on the functional diagrams shown in drawing 1X6AA02-233. The system is capable of automatically restoring coolant average temperature to the programmed value following a decrease in load. Manual rod control may be needed to restore the coolant average temperature to the programmed value following an increase in load. The programmed coolant temperature increases linearly with turbine load from zero power to the full power condition. The Tavg also supplies a signal to pressurizer level control and steam dump control and to rod insertion limit monitoring.
The temperature channels needed to derive the temperature input signals for the reactor control system are fed from protection channels via isolation amplifiers.
An additional control input signal is derived from the reactor power versus turbine load mismatch signal. This additional control input signal improves system performance by enhancing response and reducing transient peaks.
The core axial power distribution is controlled during load follow maneuvers by changing (a manual operator action) the boron concentration in the reactor coolant system. The control board displays (paragraph 7.7.1.3.1) indicate the need for an adjustment in the axial power distribution. Adding boron to the reactor coolant will reduce Tavg requiring the control rods to be withdrawn manually. This action will reduce power peaks in the bottom of the core. Removing boron from the reactor coolant will automatically move the rods further into the core to control power peaks in the top of the core.
7.7.1.2 Rod Control System The rod control system receives rod speed and direction signals from the Tavg control system.
Control rods may be inserted automatically; however, rod withdrawal can only be performed manually. The rod speed demand signal varies over the corresponding range of 5 to 45 in./min (8 to 72 steps/min), depending on the magnitude of the input signal. Manual control is provided to move control banks in or out at prescribed fixed speeds.
The shutdown banks are always in the fully withdrawn position during normal operation and are moved to this position at a constant speed by manual control prior to criticality. A reactor trip signal causes them to fall by gravity into the core. There are five shutdown banks.
The control banks are the only rods that can be manipulated under automatic control. Each control bank is divided into two groups to obtain smaller incremental reactivity changes per step.
7.7-3 REV 22 9/19
VEGP-FSAR-7 All rod control cluster assemblies in a group are electrically paralleled to move simultaneously.
There is individual position indication for each rod cluster control assembly.
Power to rod drive mechanisms is supplied by two motor generator sets operating from two separate 480-V, 3-phase buses. Each generator is the synchronous type and is driven by a 200-h induction motor. The ac power is distributed to the rod control power cabinets through the two series-connected reactor trip breakers.
The variable speed rod drive programmer affords the ability to insert small amounts of reactivity at low speed to accomplish fine control of reactor coolant average temperature about a small temperature dead band, as well as furnishing control at high speed. A summary of the rod cluster control assembly sequencing characteristics is given below:
A. Two groups within the same bank are stepped such that the relative position of the groups will not differ by more than one step.
B. The control banks are programmed such that withdrawal of the banks is sequenced in the following order: control bank A, control bank B, control bank C, and control bank D. The programmed insertion sequence is the opposite of the withdrawal sequence; i.e., the last control bank withdrawn (D) is the first control bank inserted.
C. The control bank withdrawals are programmed such that when the first bank reaches a preset position, the second bank begins to move out simultaneously with the first bank. This preset position is determined by the maximum allowable overlap between banks (typically 100 to 115 steps). When the second bank reaches a preset position, the third bank begins to move out. The first bank will be fully withdrawn before the third bank starts to move. Therefore, it is possible for only two banks to be withdrawn at any one time. This withdrawal sequence continues until the unit reaches the desired power level. The control bank insertion sequence is the opposite.
D. Overlap between successive control banks is adjustable between 0 to 50 percent (0 and 115 steps), with an accuracy of 1 step.
E. Rod speeds for either the shutdown banks or manual operation of the control banks are capable of being controlled between a minimum of 6 steps/min and a maximum of 72 (+0, -10) steps/min.
7.7.1.3 Plant Control Signals for Monitoring and Indicating 7.7.1.3.1 Monitoring Functions Provided by the Nuclear Instrumentation System The power range channels are important because of their use in monitoring power distribution in the core within specified safe limits. They are used to measure power level, axial flux imbalance, and radial flux imbalance. Suitable alarms are derived from these signals as described below.
Basic power range signals are:
A. Total current from a power range detector (four signals from separate detectors);
these detectors are vertical and have a total active length of 10 ft.
B. Current from the upper half of each power range detector (four signals).
7.7-4 REV 22 9/19
VEGP-FSAR-7 C. Current from the lower half of each power range detector (four signals).
The following (including standard signal processing for calibration) are derived from these basic signals:
A. Indicated nuclear power (four signals).
B. Indicated axial flux imbalance (), derived from upper half flux minus lower half flux (four signals).
Alarm functions derived are as follows:
A. Deviation (maximum minus minimum of four) in indicated nuclear power.
B. Upper radial tilt (maximum to average of four) on upper half currents.
C. Lower radial tilt (maximum to average of four) on lower half currents.
Provision is made to continuously record, on the control board, the eight ion chamber signals; i.e., upper and lower currents for each detector. Nuclear power and axial imbalance are selectable for recording as well. Indicators are provided on the control board for nuclear power and for axial flux imbalance.
The axial flux difference imbalance deviation alarms are derived from the plant process computer which determines the 1-min averages of the excore detector outputs to monitor in the reactor core and alerts the operator where alarm conditions exist. Alarm messages are output immediately when exceeds the RAOC limits above a preset (50 percent) power level.
Additional background information on the nuclear instrumentation system can be found in reference 1.
7.7.1.3.2 Rod Position Monitoring Two separate systems are provided to sense and display control rod position as described below:
A. Digital Rod Position Indication System The digital rod position indication system measures the actual position of each control and shutdown rod using a detector which consists of discrete coils mounted concentrically with the rod drive pressure housing. The coils are located axially along the pressure housing and magnetically sense the entry and presence of the rod drive shaft through its center line. For each detector, the coils are interlaced into two data channels and are connected to the containment electronics (data A and B) by separate multiconductor cables. By employing two separate channels of information, the digital rod position indication system can continue to function (at reduced accuracy) when one channel fails. Multiplexing is used to transmit the digital position signals from the containment electronics to the control board display unit.
The control board display unit contains a column of light-emitting diodes (LEDs) for each rod. At any given time, the one LED illuminated in each column shows the position for that particular rod. Each rod has its position displayed to 4 steps throughout its range of travel.
Included in the system is a rod at bottom signal for each rod that operates a local alarm. Also a control room annunciator is actuated when any shutdown rod or control bank A rod is at bottom.
7.7-5 REV 22 9/19
VEGP-FSAR-7 B. Demand Position System The demand position system counts pulses generated in the rod drive control system to provide a digital readout of the demanded bank position.
The demand position and digital rod position indication systems are separate systems, but safety criteria were not involved in the separation, which was a result only of operational requirements. Operating procedures require the reactor operator to compare the demand and indicated (actual) readings from the rod position indication system to verify operation of the rod control system.
7.7.1.3.3 Control Bank Rod Insertion Monitoring When the reactor is critical, the normal indication of reactivity status in the core is the position of the control bank in relation to reactor power (as indicated by the reactor coolant system loop T) and coolant average temperature. Insertion limits for the control banks are defined as a function of reactor power. Two alarms are provided for each control bank.
A. The low alarm alerts the operator of rod insertion approaching the control bank insertion limits.
B. The low-low alarm alerts the operator of rod insertion at or below the insertion bank limits. If actual control bank position is below the insertion limits, the operator is to initiate action per the Technical Specifications.
The purpose of the control bank rod insertion monitor is to give warning to the operator of excessive rod insertion. The insertion limit maintains sufficient core reactivity shutdown margin following reactor trip, provides a limit on the maximum inserted rod worth in the unlikely event of a hypothetical rod ejection, and limits rod insertion such that acceptable nuclear peaking factors are maintained. Since the amount of shutdown reactivity required for the design shutdown margin following a reactor trip increases with increasing power, the allowable rod insertion limits must be decreased (the rods must be withdrawn further) with increasing power. Two parameters which are proportional to power are used as inputs to the insertion monitor. These are the T between the hot leg and the cold leg, which is a direct function of reactor power, and Tavg, which is programmed as a function of power. The rod insertion monitor uses parameters for each control rod bank as follows:
ZLL + A(T)auct + B(Tavg)auct + C where:
ZLL = maximum permissible insertion limit for affected control bank.
(T)auct = highest T of all loops.
(Tavg)auct = highest Tavg of all loops.
A, B, C = constants chosen to maintain ZLL actual limit based on physics calculations.
The control rod bank demand position (Z) is compared to ZLL as follows:
If Z - ZLL D, a low alarm is actuated.
If Z - ZLL E, a low-low alarm is actuated.
Since the highest values of Tavg and T are chosen by auctioneering, a conservatively high representation of power is used in the insertion limit calculation.
7.7-6 REV 22 9/19
VEGP-FSAR-7 Actuation of the low alarm alerts the operator of rod insertion approaching the control bank insertion limits. Actuation of the low-low alarm alerts the operator of rod insertion to at or below the control bank insertion limits. If actual control bank position is below the insertion limits, the operator is to initiate action per the Technical Specifications. The value of D is chosen such that the low alarm actuates above the low-low alarm. The value of E is chosen such that the low-low alarm actuates at the insertion limit except near the top of rod motion. Figure 7.7.1-2 shows a block diagram representation of the control rod bank insertion monitor. The monitor is shown in more detail on the functional diagrams shown in drawing 1X6AA02-233. In addition to the rod insertion monitor for the control banks, the plant computer, which monitors individual rod positions, provides an alarm that is associated with the rod deviation alarm (discussed in paragraph 7.7.1.3.4) which warns the operator if any shutdown rod cluster control assembly leaves the fully withdrawn position.
Rod insertion limits are established by:
A. Establishing the allowed rod reactivity insertion at full power consistent with the purposes given above.
B. Establishing the differential reactivity worth of the control rods when moved in normal sequence.
C. Establishing the change in reactivity with power level by relating power level to rod position.
D. Linearizing the resultant limit curve. All key nuclear parameters in this procedure are measured as part of the initial and periodic physics testing program.
Any unexpected change in the position of the control bank under automatic control (insertion only), or a change in coolant temperature under manual control, provides a direct and immediate indication of a change in the reactivity status of the reactor. In addition, samples are taken periodically of coolant boron concentration. Variations in concentration during core life provide an additional check on the reactivity status of the reactor, including core depletion.
7.7.1.3.4 Rod Deviation Alarm The position of any control rod is compared to the position of other rods in the bank.
The demanded and measured rod position signals are monitored by the plant computer, which drives an input to the main control board annunciator system whenever an individual rod position signal deviates from the other rods in the bank by a preset limit. The alarm can be set with appropriate allowance for instrument error and within sufficiently narrow limits to preclude exceeding core design hot channel factors.
Figure 7.7.1-3 is a block diagram of the rod deviation comparator and alarm system implemented by the plant computer.
7.7.1.3.5 Rod Bottom Alarm A rod bottom signal for the control and shutdown rods in the digital rod position indication system is used to operate a control relay which generates the "rod bottom rod drop" alarm.
7.7-7 REV 22 9/19
VEGP-FSAR-7 7.7.1.4 Plant Control System Interlocks The listing of the plant control system interlocks and the description of their derivations and functions are presented in table 7.7.1-1. The designation numbers for these interlocks are preceded by "C." The development of these logic functions is shown in the functional diagrams.
(See drawings 1X6AA02-233, 1X6AA02-234, 1X6AA02-235, 1X6AA02-236, 1X6AA02-237, 1X6AA02-238, 1X6AA02-239, and 1X6AA02-240.)
7.7.1.4.1 Rod Stops Rod stops are provided to prevent abnormal power conditions which could result from excessive control rod withdrawal initiated by either a control system malfunction or operator violation of administrative procedures.
Rod stops are the C-1 through C-4 control interlocks identified in table 7.7.1-1. The C-3 rod stop derived from overtemperature T and the C-4 rod stop derived from overpower T are also used for turbine runback, which is discussed below.
7.7.1.4.2 Automatic Turbine Load Runback Automatic turbine load runback is initiated by an approach to an overpower or overtemperature condition. This will prevent high power operation that might lead to an undesirable condition which, if reached, will be protected by reactor trip.
Turbine load reference reduction is initiated by either an overtemperature or overpower T signal. Two-out-of-four coincidence logic is used.
A rod stop and turbine runback are initiated for both the overtemperature and the overpower condition when:
T > Trod stop for either condition in general:
Trod stop = Tsetpoint -Bp where:
Tsetpoint = overtemperature and overpower T reactor trip value.
Bp = a setpoint bias.
The turbine runback is continued until T is equal to or less than Trod stop.
This function serves to maintain an essentially constant margin to trip.
7.7.1.4.3 Turbine Loading Stop An interlock (C-16) is provided to limit turbine loading during a rapid return to power transient when a reduction in reactor coolant temperature is used to increase reactor power (through the negative moderator coefficient). This interlock limits the reduction in coolant temperature so that it does not reach cooldown accident limits and preserves satisfactory steam generator operating conditions. Subsequent automatic turbine loading can begin after the interlock has 7.7-8 REV 22 9/19
VEGP-FSAR-7 been cleared by anincrease in coolant temperature, which is accomplished by reducing the boron concentration in the coolant.
7.7.1.5 Pressurizer Pressure Control The reactor coolant system pressure is controlled by using either the heaters (in the water region) or the spray (in the steam region) of the pressurizer plus steam relief for large transients. The electrical immersion heaters are located near the bottom of the pressurizer. A portion of the heater group is proportionally controlled to correct small pressure variations.
These variations are caused by heat losses, including heat losses resulting from a small continuous spray. The remaining (backup) heaters are turned on when the pressurizer pressure controlled signal demands approximately 100-percent proportional heater power.
The spray nozzles are located on the top of the pressurizer. Spray is initiated when the pressure controller spray demand signal is above a given setpoint. The spray rate increases proportionally with the increasing spray demand signal until it reaches a maximum value. For additional information on the pressurizer heaters and their power supply, see subsection 5.4.10.
Steam condensed by the spray reduces the pressurizer pressure. A small continuous spray is normally maintained to reduce thermal stresses and thermal shock and to help maintain uniform water chemistry and temperature in the pressurizer.
Power relief valves limit system pressure for large positive pressure transients. In the event of a large load reduction, not exceeding the design plant load rejection capability, the pressurizer power-operated relief valves might be actuated for the most adverse conditions; e.g., the most negative Doppler coefficient and the minimum incremental rod worth. The relief capacity of the power-operated relief valves is sized large enough to limit the system pressure to prevent actuation of high-pressure reactor trip for the above condition.
A block diagram of the pressurizer pressure control system is shown on figure 7.7.1-4.
7.7.1.6 Pressurizer Water Level Control The pressurizer operates by maintaining a steam cushion over the reactor coolant. As the density of the reactor coolant varies with temperature, the steam water interface is adjusted to compensate for cooling density variations with relatively small pressure disturbances.
The water inventory in the reactor coolant system is maintained by the chemical and volume control system. During normal plant operation, the charging flow varies to produce the flow demanded by the pressurizer water level controller. The pressurizer water level is programmed as a function of coolant average temperature, with the highest average temperature (auctioneered) being used. The pressurizer water level decreases as the load is reduced from full load. This is a result of coolant contraction following programmed coolant temperature reduction from full power to low power. The programmed level is designed to match as nearly as possible the level changes resulting from the coolant temperature changes.
To control pressurizer water level during startup and shutdown operations, the charging flow is manually regulated from the main control room. Low level in the pressurizer initiates a control-grade process protection signal to close the letdown isolation valves and deenergize the pressurizer heaters. This action is intended to maintain pressurizer level above the heaters.
Failure of the letdown isolation valves to close and terminate letdown has been evaluated and has been found to have no impact on plant safety.
A block diagram of the pressurizer water level control system is shown on figure 7.7.1-5.
7.7-9 REV 22 9/19
VEGP-FSAR-7 7.7.1.7 Steam Generator Water Level Control Each steam generator is equipped with a three-element feedwater flow controller that maintains a programmed water level, which is capable of being controlled as a function of turbine load, but is really a fixed value. The three-element feedwater controller regulates the feedwater valve by continuously comparing the feedwater flow signal, the water level signal, the programmed level, and the pressure compensated steamflow signal.
The feedwater pump speed is varied to maintain sufficient discharge pressure to support feedwater flow demand. The speed controller receives a demand signal, which is a programmed function of the highest feedwater flow demand across all loops. Continued delivery of feedwater to the steam generators is required as a sink for the heat stored and generated in the reactor following a reactor trip and turbine trip. An override signal closes all feedwater valves when the average coolant temperature is below a given temperature and the reactor has tripped. Manual override of the feedwater control system is available at all times.
When the nuclear plant is operating at very low power levels (as during startup), the steam and feedwater flow signals will not be usable for control. Therefore, a secondary automatic control system is provided for operation at low power. This system uses the narrow range steam generator water level and wide range steam generator water level in a feed forward control scheme to position a bypass valve which is parallel to the main feedwater regulating valve.
Transition from the bypass feedwater control system (low power) to parallel use of the main feedwater control valve is performed automatically by the control system at approximately 20-percent power. The feedwater control system automatically closes the bypass valve at approximately 40-percent power.
Block diagrams of the steam generator water level control system and the main feedwater pump speed control system are shown in figures 7.7.1-6 and 7.7.1-7.
7.7.1.8 Steam Dump Control The plant is designed to accept a 50-percent loss of net load without tripping the reactor.
The automatic steam dump system is able to accommodate this abnormal load rejection and to reduce the effects of the transient imposed upon the reactor coolant system. By bypassing main steam directly to the condenser, an artificial load is thereby maintained on the primary system. The rod control system can then reduce the reactor temperature to a new equilibrium value without causing overtemperature and/or overpressure conditions. The steam dump steamflow capacity is 40 percent of full load steamflow at full load steam pressure.
If the difference between the reference Tavg (Tref) based on turbine impulse chamber pressure and the lead-lag compensated auctioneered Tavg exceeds a predetermined amount, and if the interlock mentioned below is satisfied, a demand signal will actuate the steam dump to maintain the reactor coolant system temperature within control range until a new equilibrium condition is reached.
To prevent actuation of steam dump on small load perturbations, an independent load rejection sensing circuit is provided. This circuit senses the rate of decrease in the turbine load as detected by the turbine impulse chamber pressure. It is provided to unblock the dump valves when the rate of load rejection exceeds a preset value corresponding to a 10-percent step-load decrease or a sustained ramp-load decrease of 5 percent/min.
7.7-10 REV 22 9/19
VEGP-FSAR-7 Steam dump solenoid valves and circuits in the turbine building are designed to criteria similar to the reactor trip on turbine trip circuits as described in paragraph 7.2.1.1.2.F. A block diagram of the steam dump control system is shown on figure 7.7.1-8.
7.7.1.8.1 Load Rejection Steam Dump Controller This circuit prevents a large increase in reactor coolant temperature following a large, sudden load decrease. The error signal is a difference between the lead-lag compensated auctioneered Tavg and the reference Tavg is based on turbine impulse chamber pressure.
The Tavg signal is the same as that used in the reactor coolant system. The lead-lag compensation for the Tavg signal is to compensate for lags in the plant thermal response and in valve positioning. Following a sudden load decrease, Tref is immediately decreased and Tavg tends to increase, thus generating an immediate demand signal for steam dump. Since control rods are available in this situation, steam dump terminates as the error comes within the maneuvering capability of the control rods.
7.7.1.8.2 Plant Trip Steam Dump Controller Following a reactor trip, the load rejection steam dump controller is defeated and the plant trip steam dump controller becomes active. Since control rods are not available in this situation, the demand signal is the error signal between the lead-lag compensated auctioneered Tavg and the no-load reference Tavg. When the error signal exceeds a predetermined setpoint, the dump valves are tripped open in a prescribed sequence. As the error signal reduces in magnitude, indicating that the reactor coolant system Tavg is being reduced toward the reference no-load value, the dump valves are modulated by the plant trip controller to regulate the rate of removal of decay heat and thus gradually establish the equilibrium hot shutdown condition.
7.7.1.8.3 Steam Header Pressure Controller Residual heat removal at operating temperature is maintained by the steam generator pressure controller (manually selected), which controls the amount of steamflow to the condensers. This controller operates a portion of the same steam dump valves to the condensers which are used during the initial transient following turbine or reactor trip on load rejection.
7.7.1.9 Incore Instrumentation The incore instrumentation system consists of chromel-alumel thermocouples at fixed core outlet positions and movable miniature neutron detectors which can be positioned at the center of selected fuel assemblies anywhere along the length of the fuel assembly vertical axis. The basic system for insertion of these detectors is shown in figure 7.7.1-9.
7.7.1.9.1 Thermocouples Chromel-alumel thermocouples are threaded into guide tubes that penetrate the reactor vessel head through seal assemblies and terminate at the exit flow end of the fuel assemblies. The thermocouples are provided with two primary seals, a core exit thermocouple nozzle assembly 7.7-11 REV 22 9/19
VEGP-FSAR-7 (CETNA) and a swage-type seal from conduit to head. Thermocouple readings are monitored by the plant safety monitoring system.
7.7.1.9.2 Movable Neutron Flux Detector Drive System Miniature fission chamber detectors can be remotely positioned in retractable guide thimbles to provide flux mapping of the core. The stainless steel detector shell is welded to the leading end of helical wrap drive cable and to stainless steel sheathed coaxial cable. The retractable thimbles, into which the miniature detectors are driven, are pushed into the reactor core through conduits which extend from the bottom of the reactor vessel down through the concrete shield area and then up to a thimble seal table. Their distribution over the core is nearly uniform, with about the same number of thimbles located in each quadrant.
The thimbles are closed at the leading ends, are dry inside, and serve as the pressure barrier between the reactor water pressure and the atmosphere. Mechanical seals between the retractable thimbles and the conduits are provided at the seal table. During reactor operation, the retractable thimbles are stationary. They are extracted downward from the core during refueling to avoid interference within the core. A space above the seal table is provided for the retraction operation.
The drive system for the insertion of the miniature detectors consists basically of drive assemblies, 5-path transfer assemblies, and 10-path transfer assemblies, as shown in figure 7.7.1-9. The drive system pushes hollow helical wrap drive cables into the core with the miniature detectors attached to the leading ends of the cables and small diameter sheathed coaxial cables threaded through the hollow centers back to the ends of the drive cables. Each drive assembly consists of a gear motor which pushes a helical wrap drive cable and a detector through a selective thimble path by means of a special drive box and includes a storage device that accommodates the total drive cable length. Each thimble location can be accessed by at least two detectors controlled from different drive units.
7.7.1.9.3 Control and Readout Description The control and readout system provides means for inserting the miniature neutron detectors into the reactor core and withdrawing the detectors while plotting neutron flux versus detector position. The control system is located in the control room. Limit switches in each transfer device provide feedback of path selection operation. Each gearbox drives a resolver for position feedback. One five-path transfer selector is provided for each drive unit to insert the detector in one of five functional modes of operation. One 10-path transfer is also provided for each drive unit that is then used to route a detector into any one of up to 10 selectable paths. A common path is provided to permit cross-calibration of the detectors.
The control room contains the necessary equipment for control, position indication, and flux recording for each detector.
A flux mapping consists, briefly, of selecting flux thimbles in given fuel assemblies at various core quadrant locations. The detectors are driven to the top of the core and stopped automatically. An x-y plot (position versus flux level) is initiated with the slow withdrawal of the detectors through the core from top to a point below the bottom. In a similar manner other core locations are selected and plotted. Each detector provides axial flux distribution data along the center of a fuel assembly.
Various radial positions of detectors are then compared to obtain a flux map for a region of the core.
7.7-12 REV 22 9/19
VEGP-FSAR-7 The number and location of these thimbles have been chosen to permit measurement of local to average peaking factors (FQ) to an accuracy of 5 percent (95-percent confidence). Measured nuclear peaking factors (FQ) will be increased by 5 percent to allow for this accuracy, when using 44 detector thimbles. When using 29 and < 44 detector thimbles, the measurement uncertainty is 1.05 + [2.0 {3-T / (14.5)}] / 100, where T equals the number of thimbles (reference 45). If the measured power peaking is larger than acceptable, reduced power capability will be indicated.
Operating plant experience has demonstrated the adequacy of the incore instrumentation in meeting the design bases stated.
7.7.1.10 Boron Concentration Measurement System The boron concentration measurement system utilizes a sample measurement unit which contains a neutron source and neutron detector located in a shield tank. Piping within the shield tank is arranged to maintain coolant sample flow between the neutron source and the neutron detector. Neutron absorption by the boron in the coolant sample flow reduces the number of neutrons which contact the detector per unit time. Therefore, the time required to count a fixed number of neutron contacts is variable and dependent upon the concentration of boron solution.
The sample tank subassembly of the BCMS consists of a 100 gallon stainless steel tank with a cover assembly which includes the annular sample chamber, heat exchange coil, source and detector holders, temperature monitoring and control hardware, and all necessary plumbing.
The sample tank is filled with water which provides for coolant sample temperature control and shielding for the neutron source (Am-Be). The sample tank subassembly is designed so that all tank connections are at the top or near the top to preclude the possibility of loss of water shielding due to accidental leakage.
The boron concentration measurement system is designed for use as an advisory system. It is not designed as a safeguards system or component of a safeguards system. The boron concentration measurement system is not part of a control element or control system nor is it designed for this use. No credit is taken for this system in any accident analysis. Therefore, redundancies of measurement components, self-checking subsystems, malfunction annunciations, and diagnostic circuitry are not included in this system. As a general operating aid it provides information as to when additional check analyses are warranted rather than as a basis for fundamental operating decisions.
7.7.1.11 ATWS Mitigation System Actuation Circuitry (AMSAC) Description 7.7.1.11.1 System Description The ATWS (anticipated transient without scram) mitigation system actuation circuitry (AMSAC) provides a backup to the reactor trip system (RTS) and engineered safety features (ESF) actuation system (ESFAS) for initiating turbine trip and auxiliary feedwater flow in the event of an anticipated transient (e.g., in the event of complete loss of main feedwater). The AMSAC is independent of and diverse from the RTS and the ESFAS with the exception of the final actuation devices and is classified as non-Class 1E. It is a highly-reliable, microprocessor-based, single-train system powered by a non-Class 1E source. The AMSAC meets the applicable requirements of Part 50.62 of Title 10 of the Code of Federal Regulations and the 7.7-13 REV 22 9/19
VEGP-FSAR-7 quality assurance requirements of NRC Generic Letter 85-06. No other standards apply to the AMSAC.
The AMSAC continuously monitors main feedwater flow, which is an anticipatory indication of a loss of heat sink, and initiates certain functions when the flow drops below a predetermined setpoint in three of the four main feedwater lines for a delayed amount of time (dependent on turbine load). These initiated functions are the tripping of the turbine, the initiation of auxiliary feedwater, and isolation of the steam generator blowdown and sample lines.
The AMSAC is designed to be highly reliable, resistant to inadvertent actuation, and easily maintained. Reliability is assured through the use of internal redundancy and continual self-testing by the system. Inadvertent actuations are minimized through the use of internal redundancy and majority voting at the output stage of the system. The time delay on the low main feedwater flow and the coincidence logic used also minimize inadvertent actuations.
The AMSAC automatically performs its actuations when above a preselected power level, which is determined using turbine impulse chamber pressure, and remains armed sufficiently long after that pressure drops below the setpoint to ensure that its function will be performed in the event of a turbine trip.
7.7.1.11.2 Equipment Description The AMSAC consists of a single train of equipment located in a seismically qualified cabinet.
The design of the AMSAC is based on the industry standard Intel multibus format, which permits the use of various readily available, widely used microprocessor cards on a common data bus for various functions.
The AMSAC consists of the following:
- 1. System Hardware The system hardware consists of two primary systems: the actuation logic system (ALS) and the test/ maintenance system (T/MS).
A. Actuation Logic System The ALS monitors the analog and digital inputs, performs the functional logic required, provides actuation outputs to trip the turbine and initiate auxiliary feedwater flow, and provides status information to the test/maintenance system. The ALS consists of three groups of input/output (I/O) modules, three actuation logic processors (ALPs), two majority voting modules, and two output relay panels. The I/O modules provide signal conditioning, isolation, and test features for interfacing the ALS and T/MS. Conditioned signals are sent to three identical ALPs for analog-to-digital conversion, setpoint comparison, and coincidence logic performance. Each of the ALPs perform identical logic calculations using the same inputs and derive component actuation demands, which are then sent to the majority voting modules. The majority voting modules perform a two-out-of-three vote on the ALP demand signals. These modules drive the relays providing outputs to the existing turbine trip and auxiliary feedwater initiation circuits. A simplified block diagram of the AMSAC ALS architecture is presented in figure 7.7.1-14.
7.7-14 REV 22 9/19
VEGP-FSAR-7 B. Test/Maintenance System The test/maintenance system provides the AMSAC with automated and manual testing as well as a maintenance mode. Automated testing is the continuously performed self-checking done by the system during normal operation. ALS status is monitored by the T/MS and sent to the plant computer and the main control board. Manual testing of the system can be performed on-line to provide assurance that the ALS system is fully operational. The maintenance mode permits, under administrative control, modification of channel setpoints, channel status and timer values, and initiation of channel calibration.
The T/MS consists of a test/maintenance processor, a digital-to-analog conversion board, a memory board, expansion boards, a self-health board, digital output modules, a test/maintenance panel, and a portable terminal/printer.
- 2. Feedwater Flow Sensing The AMSAC utilizes the feedwater flow signal as measured with the four differential pressure-type flow transmitters, one for each of the main feedwater lines shown in drawing 1X6AA02-231.
- 3. Turbine Impulse Pressure The AMSAC also utilizes the turbine impulse pressure signal as measured with two pressure transmitters located in the steam supply line near the turbine shown in drawing 1X6AA02-240.
- 4. Equipment Actuation The output relay panels provide component actuation signals through isolation relays, which then drive the final actuation circuitry shown in drawings 1X6AA02-239 and 1X6AA02-240 for initiation of auxiliary feedwater and for turbine trip.
7.7.1.11.3 Functional Performance Requirements Analyses have shown that the most limiting ATWS event is a loss of feedwater event without a reactor trip. AMSAC performs the mitigative actuations of automatically initiating auxiliary feedwater, tripping the turbine, and isolating the steam generator blowdown and sampling lines.
These are initiated in order to ensure a secondary heat sink following an anticipated transient (ANS Condition II) without a reactor trip, in order to limit core damage following an anticipated transient without a reactor trip, and to ensure that the energy generated in the core is compatible with the design limits to protect the reactor coolant pressure boundary by maintaining the reactor coolant pressure to within ASME Stress Level C.
7.7.1.11.4 AMSAC Interlocks A single interlock, designated as C-20, is provided to allow for the automatic arming and blocking of the AMSAC (see table 7.7.1-1). The system is blocked at sufficiently low reactor power levels when the actions taken by the AMSAC following an ATWS need not be automatically initiated. Turbine impulse chamber pressure in a two-out-of-two logic scheme is 7.7-15 REV 22 9/19
VEGP-FSAR-7 used for this permissive. Turbine impulse chamber pressure above the setpoint will automatically defeat any block, i.e., will arm the AMSAC. Dropping below this setpoint will automatically block the AMSAC. Removal of the C-20 permissive is automatically delayed for a predetermined time. The operating status of the AMSAC is displayed on the main control board.
7.7.1.11.5 Trip System The feedwater flow and turbine impulse chamber pressure inputs are used by the AMSAC to determine trip demand. Signal conditioning is performed on the transmitter output and used by each of the ALPs to derive a component actuation demand. If three of the four feedwater lines have a low flow at a power level greater than the C-20 permissive, then a trip demand signal is generated. This signal drives output relays for performing the necessary mitigative actions.
7.7.1.11.6 Isolation Devices AMSAC is independent of the reactor trip and engineered safety features actuation systems.
The AMSAC feedwater flow inputs are non-Class 1E signals from the process control cabinets.
No isolation into AMSAC is needed for these inputs. The AMSAC turbine impulse chamber pressure inputs are made downstream of Class 1E isolation devices, which are located within the process protection cabinets. These isolation devices ensure that the existing protection system continues to meet all applicable safety criteria by providing isolation. Buffering of the AMSAC outputs from the safety-related final actuation device circuits is achieved through qualified relays. A credible fault occurring in the nonsafety-related AMSAC will not propagate through and degrade the RTS and ESFAS.
7.7.1.11.7 AMSAC Diversity from the Reactor Protection Systems Equipment diverse from the RTS and ESFAS is used in the AMSAC to prevent common mode failures that might affect the AMSAC and the RTS or ESFAS. The AMSAC is a digital, microprocessor-based system with the exception of the analog feedwater flow and turbine impulse pressure transmitter inputs, whereas the reactor trip system utilizes an analog-based protection system. Also where similar components are utilized for the same function in both AMSAC and the reactor trip system, the components used in AMSAC are provided from a different manufacturer.
Common mode failure of identical components in the analog portion of the RTS that results in the inability to generate a reactor trip signal will not impact the ability of the digital AMSAC to generate the necessary mitigative actuations. Similarly, a postulated common mode failure affecting analog components in ESFAS, affecting its ability to initiate auxiliary feedwater, will not impact the ability of the digital-based AMSAC to automatically initiate auxiliary feedwater.
7.7.1.11.8 Power Supply The AMSAC power supply is a non-Class 1E vital bus, which is independent from the RTS power supplies, and is backed by batteries which are independent from the existing batteries which supply the RTS.
7.7-16 REV 22 9/19
VEGP-FSAR-7 7.7.1.11.9 Environmental Variations AMSAC equipment is not designed as safety-related equipment; therefore, it is not required to be qualified as safety-related equipment. The AMSAC equipment is located in a controlled environment such that variations in the ambient conditions are minimized. No AMSAC equipment is located inside containment. The transmitters (feedwater flow and turbine impulse chamber pressure) that supply the input into AMSAC are located outside containment and the turbine building, respectively, and are qualified for the environment in which they are located.
7.7.1.11.10 Setpoints The AMSAC makes use of two setpoints in the coincidence logic in order to determine whether mitigative functions are required. Feedwater flow in each main feedwater line is sensed to determine a loss of secondary heat sink is imminent. The low-flow setpoint is selected in such a manner that a true lowering of the flow will be detected by the system. The normal small variations in feedwater flow will not result in a spurious AMSAC signal.
The C-20 permissive setpoint is selected in order to be consistent with ATWS investigations showing that the mitigative actions performed by the AMSAC need not be automatically actuated below a certain power level. The maximum allowable value of the C-20 permissive setpoint is defined by these investigations.
To avoid inadvertent AMSAC actuation on the loss of one main feedwater pump, a time delay unit is required on the low main feedwater flow channels to adjust the AMSAC actuation response time. The delay unit is designed such that the delay time is dependent on turbine power. This will ensure the reactor protection system will provide the first trip signals.
To ensure that the AMSAC remains armed sufficiently long to permit its function in the event of a turbine trip, the C-20 permissive is maintained for a preset time delay, after the turbine impulse chamber pressure drops below the setpoint.
The setpoints and the capability for their modification in the AMSAC are under administrative control.
7.7.1.12 REFERENCE
- 1. Lipchak, J. B., "Nuclear Instrumentation System," WCAP-8255, January 1974 (for additional background information only).
7.7.2 ANALYSIS OF CONTROL SYSTEMS NOT REQUIRED FOR SAFETY The plant control systems are designed to ensure high reliability in any anticipated operational occurrences. Equipment used in these systems is designed and constructed with a high level of reliability.
Proper positioning of the control rods is monitored in the control room by bank arrangements of the individual position columns for each rod cluster control assembly (RCCA). A rod deviation alarm alerts the operator of a deviation of one RCCA from the other rods in that bank position.
There are also insertion limit monitors with visual and audible annunciation. A rod bottom alarm signal is provided to the control room for each full-length RCCA. Four excore long ion chambers also detect asymmetrical flux distribution indicative of rod misalignment.
7.7-17 REV 22 9/19
VEGP-FSAR-7 Overall reactivity control is achieved by the combination of soluble boron and RCCAs. Long-term regulation of core reactivity is accomplished by adjusting the concentration of boric acid in the reactor coolant. Short-term reactivity control for power changes is accomplished by the plant control system, which automatically moves RCCAs. This system uses input signals including neutron flux, coolant temperature, and turbine load.
The axial core power distribution is controlled by moving the control rods through changes in reactor coolant system boron concentration. Adding boron causes the rods to move out, thereby reducing the amount of power in the bottom of the core; this allows power to redistribute toward the top of the core. Reducing the boron concentration causes the rods to move into the core, thereby reducing the power in the top of the core; the result redistributes power toward the bottom of the core.
The plant control systems will prevent an undesirable condition in the operation of the plant that, if reached, will be protected by reactor trip. The description and analysis of this protection is covered in section 7.2. Worst-case failure modes of the plant control systems are postulated in the analysis of off-design operational transients and accidents covered in chapter 15, such as the following:
Uncontrolled RCCA bank withdrawal from a subcritical or low power startup condition.
Uncontrolled RCCA bank withdrawal at power.
RCCA misalignment.
Loss of external electrical load and/or turbine trip. Loss of all nonemergency ac power to the station auxiliaries (station blackout).
Feedwater system malfunctions that result in a decrease in feedwater temperature.
Excessive increase in secondary steamflow.
Inadvertent opening of a steam generator relief or safety valve.
These analyses show that a reactor trip setpoint is reached in time to protect the health and safety of the public under those postulated incidents and that the resulting coolant temperatures produce a departure from nucleate boiling ratio well above the limiting value. Thus, there will be no cladding damage and no release of fission products to the reactor coolant system under the assumption of these postulated worst-case failure modes of the plant control system.
7.7.2.1 Separation of Protection and Control System In some cases, it is advantageous to employ control signals derived from individual protection channels through isolation amplifiers contained in the protection channel. As such, a failure in the control circuitry does not adversely affect the protection channel. Test results have shown that a short circuit or the application (credible fault voltage from within the cabinets) of 118-V ac or 140-V dc on the isolated output portion of the circuit (nonprotection side of the circuit) will not affect the input (protection) side of the circuit.
Where a single random failure can cause a control system action that results in a generating station condition requiring protective action and can also prevent proper action of a protection system channel designed to protect against the condition, the remaining redundant protection 7.7-18 REV 22 9/19
VEGP-FSAR-7 channels are capable of providing the protective action even when degraded by a second random failure. This meets the applicable requirements of section 4.7 of Institute of Electrical and Electronic Engineers (IEEE) Standard 279-1971.
The pressurizer pressure channels needed to derive the control signals are electrically isolated from control.
7.7.2.2 Response Considerations of Reactivity Reactor shutdown with control rods is completely independent of the control functions, since the trip breakers interrupt power to the rod drive mechanisms regardless of existing control signals.
The design is such that the system can withstand accidental withdrawal of control groups or unplanned dilution of soluble boron without exceeding acceptable fuel design limits. The design meets the requirements of General Design Criterion 25.
No single electrical or mechanical failure in the rod control system could cause the accidental withdrawal of a single RCCA from the partially inserted bank at full power operation. The operator could deliberately withdraw a single RCCA in the control bank; this feature is necessary in order to retrieve a rod, should one be accidentally dropped. In the extremely unlikely event of simultaneous electrical failures which could result in single RCCA withdrawal, rod deviation would be displayed on the plant annunciator, and the individual rod position readouts would indicate the relative positions of the rods in the bank. Withdrawal of a single RCCA by operator action, whether deliberate or by a combination of errors, would result in activation of the same alarm and the same visual indications.
Each bank of control and shutdown rods in the system is divided into two groups of up to four or five mechanisms each. The rods comprising a group operate in parallel through multiplexing thyristors. The two groups in a bank move sequentially, such that the first group is always within one step of the second group in the bank. The group 1 and group 2 power circuits are installed in different cabinets, as shown in figure 7.7.2-1, which also shows that one group is always within one step (5/8 in.) of the other group. A definite schedule of actuation or deactuation of the stationary gripper, movable gripper, and lift coils of a mechanism is required to withdraw the RCCA attached to the mechanism. Since the four stationary gripper, movable gripper, and lift coils associated with the RCCAs of a rod group are driven in parallel, any single failure which could cause rod withdrawal would affect a minimum of one group of RCCAs. As a result of Generic Letter 93-04, "Rod Control System Failure and Withdrawal of Rod Control Cluster Assemblies, 10 CFR 50.54(f)," a test is performed following each refueling outage which ensures that the proper current order timing for the grippers and lift coils is maintained.
Mechanical failures are in the direction of insertion or immobility.
Figure 7.7.2-2 illustrates the design features that ensure no single electrical failure could cause the accidental withdrawal of a single RCCA from the partially inserted bank at full power operation.
Figure 7.7.2-2 shows the typical parallel connections on the lift, movable, and stationary coils for a group of rods. Since single failures in the stationary or movable circuits will result in dropping or preventing rod (or rods) motion, the discussion of single failure will be addressed to the lift coil circuits:
A. Because of the method of wiring the pulse transformers which fire the lift coil multiplex thyristors, three of the four thyristors in a rod group could remain turned off when required to fire, if for example the gate signal lead failed open at point X1. Upon "up" demand, one rod in group 1 and four rods in group 2 would 7.7-19 REV 22 9/19
VEGP-FSAR-7 withdraw. A second failure at point X2 in the group 2 circuit is required to withdraw one RCCA.
B. Timing circuit failures will affect the four mechanisms of a group or the eight mechanisms of the bank and will not cause a single rod withdrawal.
C. More than two simultaneous component failures are required (other than the open wire failures) to allow withdrawal of a single rod.
The identified multiple failures involving the least number of components consists of open circuit failure of the proper 2 out of 16 wires connected to the gate of the lift coil thyristors. The probability of open wire (or terminal) failure is 0.016 x 10-6 per hour by MIL-HDB217A. These wire failures would have to be accompanied by failure or disregard of the indications mentioned above. The probability of this occurrence is therefore too low to have any significance.
Concerning the human element, to erroneously withdraw a single rod cluster control assembly, the operator would have to improperly set the bank selector switch, the lift coil disconnect switches, and the in-hold-out switch. In addition, the three indications would have to be disregarded or ineffective. Such series of errors would require a complete lack of understanding and administrative control. A probability number cannot be assigned to a series of errors such as these.
The rod position indication system provides direct visual displays of each control rod assembly position. The plant computer alarms for deviation of rods from their banks. In addition, a rod insertion limit monitor provides an audible and visual alarm to warn the operator of an approach to an abnormal condition resulting from dilution. The low-low insertion limit alarm alerts the operator to follow emergency boration procedures. The facility reactivity control systems are such that acceptable fuel damage limits will not be exceeded even in the event of a single malfunction of either system.
An important feature of the control rod system is that insertion is provided by gravity fall of the rods.
In all analyses involving reactor trip, the single highest worth rod cluster control assembly is postulated to remain untripped in its full out position.
One means of detecting a stuck control rod assembly is available from the actual rod position information displayed on the control board. The control board position readouts, one for each rod, give the plant operator the actual position of the rod in steps. The indications are grouped by banks (e.g., control bank A, control bank B, etc.) to indicate to the operator the deviation of one rod with respect to other rods in a bank. This serves as a means to identify rod deviation.
The plant computer monitors the actual position of all rods. Should a rod be misaligned from the other rods in that bank by more than 12 steps, the rod deviation alarm is actuated.
Misaligned RCCAs are also detected and alarmed in the control room via the flux tilt monitoring system, which is independent of the plant computer.
Isolated signals derived from the nuclear instrumentation system are compared with one another to determine whether a preset amount of deviation of average power level has occurred. Should such a deviation occur, the comparator output will operate a bistable unit to actuate a control board annunciator. This alarm will alert the operator to a power imbalance caused by a misaligned rod. By use of individual rod position readouts, the operator can determine the deviating control rod and take corrective action. The design of the plant control systems meets the requirements of General Design Criterion 23.
Refer to section 4.3 for additional information on response considerations resulting from reactivity.
7.7-20 REV 22 9/19
VEGP-FSAR-7 7.7.2.3 Step-Load Changes Without Steam Dump The plant control system is capable of restoring equilibrium conditions, without a trip, following a 10-percent step change in load demand, over the 15- to 100-percent power range. Automatic control allows control rod insertion only. Control rod withdrawal can only be performed manually. Steam dump is blocked for load decrease less than or equal to 10 percent. A load demand greater than full power is prohibited by the turbine control valve position limit.
The plant control system minimizes the reactor coolant average temperature deviation during the transient within a given value and restores average temperature to the programmed setpoint.
Excessive pressurizer pressure variations are prevented by using spray and heaters and power relief valves in the pressurizer.
The control system must limit nuclear power overshoot to acceptable values following a 10- to 100-percent increase in load.
7.7.2.4 Loading and Unloading Ramp loading and unloading of 5 percent/min can be accepted over the 15- to 100-percent power range under manual control for loading and automatic control for unloading without tripping the plant. Control rod insertion may be performed automatically. However, control rod withdrawal can only be performed manually. The function of the control system is to maintain the coolant average temperature as a function of turbine-generator load.
The coolant average temperature increases during loading and causes a continuous insurge to the pressurizer as a result of coolant expansion. The sprays limit the resulting pressure increase. Conversely, as the coolant average temperature is decreasing during unloading, there is a continuous outsurge from the pressurizer resulting from coolant contraction. The pressurizer heaters limit the resulting system pressure decrease. The pressurizer water level is programmed such that the water level is above the setpoint for heater cutout during the loading and unloading transients. The primary concern during loading is to limit the overshoot in nuclear power and to provide sufficient margin in the overtemperature T setpoint.
The automatic load controls are designed to adjust the unit generation to match load requirements within the limits of the unit capability and licensed rating.
During rapid loading transients, a drop in reactor coolant temperature is sometimes used to increase core power. (Refer to paragraph 3.9.N.1.1.1.5.) This mode of operation is applied when the control rods are not inserted deep enough into the core to supply all the reactivity requirements of the rapid load increase. (The boron control system is relatively ineffective for rapid power changes.) The reduction in temperature is initiated by continued turbine loading past the point where the control rods are completely withdrawn from the core. The temperature drop is recovered and nominal conditions restored by a boron dilution operation.
Excessive drops in coolant temperature are prevented by interlock C-16. This interlock circuit monitors the auctioneered low coolant temperature indications and the programmed reference temperature, which is a function of turbine impulse pressure, and stops the turbine loading sequence when the decreased temperature reaches the setpoints.
7.7-21 REV 22 9/19
VEGP-FSAR-7 7.7.2.5 Load Rejection Furnished by Steam Dump System When a load rejection occurs and if the difference between the required temperature setpoint of the reactor coolant system and the actual average temperature exceeds a predetermined amount, a signal will actuate the steam dump to maintain the reactor coolant system temperature within control range until a new equilibrium condition is reached.
The reactor power is reduced at a rate consistent with the capability of the rod control system.
Reduction of the reactor power is automatic. The steam dump flow reduction is as fast as RCCAs are capable of inserting negative reactivity.
The rod control system can then reduce the reactor temperature to a new equilibrium value without causing overtemperature and/or overpressure conditions. The steam dump steamflow capacity is 40 percent of full load steamflow at full load steam pressure.
The steam dump flow decreases proportionally as the control rods act to reduce the average coolant temperature. The artificial load is therefore removed as the coolant average temperature is restored to its programmed equilibrium value.
The dump valves are modulated by the reactor coolant average temperature signal. The required number of steam dump valves can be tripped quickly to stroke full open or modulate, depending upon the magnitude of the temperature error signal resulting from loss of load.
7.7.2.6 Turbine-Generator Trip with Reactor Trip Whenever the turbine-generator unit trips at an operating power level above 40-percent power on Unit 1 and 50-percent power on Unit 2, the reactor also trips. The unit is operated with a programmed average temperature as a function of load, with the full load average temperature significantly greater than the temperature corresponding to saturation pressure at the steam generator safety valve setpoint. The thermal capacity of the reactor coolant system is greater than that of the secondary system, and because the full load average temperature is greater than the no-load temperature, a heat sink is required to remove heat stored in the reactor coolant to prevent actuation of steam generator safety valves for a trip from full power. This heat sink is provided by the combination of controlled release of steam to the condenser and by makeup of feedwater to the steam generators.
The steam dump system is controlled from the reactor coolant average temperature signal, whose setpoint values are programmed as a function of turbine load. Actuation of the steam dump is rapid to prevent actuation of the steam generator safety valves. With the dump valves open, the average coolant temperature starts to reduce quickly to the no-load setpoint. A direct feedback of temperature acts to proportionally close the valves to minimize the total amount of steam which is bypassed.
The feedwater flow is cut off following a reactor trip when the average coolant temperature decreases below a given temperature or when the steam generator water level reaches a given high level.
Additional feedwater makeup is then controlled manually to restore and maintain steam generator water level, while ensuring that the reactor coolant temperature is at the desired value. Residual heat removal is maintained by the steam header pressure controller (manually selected) which controls the amount of steamflow to the condensers. This controller operates a portion of the same steam dump valves to the condensers which are used during the initial transient following turbine and reactor trip.
7.7-22 REV 22 9/19
VEGP-FSAR-7 The pressurizer pressure and water level fall rapidly during the transient because of coolant contraction. The pressurizer water level is programmed so that the level following the turbine and reactor trip is above the heaters. However, if the heaters become uncovered following the trip, the chemical and volume control system will provide full charging flow to restore water level in the pressurizer. Heaters are then turned on to restore pressurizer pressure to normal.
The steam dump and feedwater control systems are designed to prevent the average coolant temperature from falling below the programmed no-load temperature following the trip to ensure adequate reactivity shutdown margin.
7.7.2.7 Core Cooling Monitor A core cooling monitor (T saturation meter) is provided to meet the requirements of item II.F.2 of NUREG-0737 to provide instrumentation for the detection of inadequate core cooling. For information on the system see the "Summary Report, Westinghouse Reactor Vessel Level Instrumentation System for Monitoring Inadequate Core Cooling."(1)
The core cooling monitor utilizes inputs from the existing hot leg resistance temperature detectors, selected incore thermocouples, and the reactor coolant system pressure sensors.
The plant safety monitoring system (PSMS) is employed to calculate the reactor coolant system saturation temperature for the existing system pressure, compares this value to the measured reactor coolant system temperature, and continuously indicates the margin-to-saturation on the PSMS plasma display. Margin-to-saturation is available on the PSMS plasma display based on both auctioneered high hot leg temperature and on auctioneered high incore thermocouples. In addition to the plasma display, alarms are provided to indicate first the development of off-normal conditions and then the approach to loss of normal core cooling.
Details of seismic and environmental qualification can be found in sections 3.10 and 3.11.
Procedures for safety injection and natural circulation require the operator to monitor reactor coolant system temperature for subcooling conditions during the initial phase of the incident and during followup conditions when natural circulation is being verified.
7.7.2.8 Reactor Vessel Level Instrumentation System A reactor vessel level instrumentation system (RVLIS) is provided to meet the requirement of item II.F.2 of NUREG-0737 to provide instrumentation for the detection of inadequate core cooling. For information on the system see the "Summary Report, Westinghouse Reactor Vessel Level Instrumentation System for Monitoring Inadequate Core Cooling."(1)
Reactor vessel level is also utilized to indicate the need to vent noncondensable gases from the reactor vessel head. The RVLIS utilizes two sets of differential pressure cells to measure reactor vessel level.
The narrow range RVLIS instrument provides an indication of reactor vessel water level from the bottom of the reactor vessel to the top of the reactor vessel when one or no reactor coolant pump is operating. The narrow range instrument also measures the reactor core and internals pressure drop and therefore provides an indication of the relative void content or density of the circulating fluid, when only one reactor coolant pump is operating. When more than one reactor coolant pump is operating, the narrow range instrument reading will be off scale.
The wide range RVLIS instrument provides an indication of reactor core, internals, and outlet nozzle pressure drop for any combination of operating reactor coolant pumps. Comparison of the measured pressure drop with the normal, single-phase pressure drop provides an 7.7-23 REV 22 9/19
VEGP-FSAR-7 approximate indication of the relative void content or density of the circulating fluid. The wide range instrument monitors vessel level on a continuous basis.
Details of the seismic and environmental qualification can be found in sections 3.10 and 3.11.
7.7.2.9 Control Systems Failure Analysis An analysis has been performed on VEGP to confirm that the consequences of a random initiating failure in a control system or its supporting systems will not cause plant conditions more severe than those bounded by the chapter 15 analysis (multiple independent failures are excluded). The analysis addressed the consequences of control system failures due to the following:
Loss of any single instrument.
Break of any single instrument line.
Loss of power to a single inverter.
Loss of power to a protection set.
Loss of power to a control group.
7.7.2.10 Anticipated Transient Without Scram (ATWS) Mitigation System Actuation Circuitry (AMSAC) Analysis 7.7.2.10.1 Safety Classification/Safety-Related Interface The AMSAC is not safety-related and therefore need not meet the requirements of IEEE 279-1971. The AMSAC has been implemented such that the reactor trip system (RTS) and the engineered safety features (ESF) actuation system (ESFAS) continue to meet all applicable safety-related criteria. The AMSAC is independent of the RTS and ESFAS. The isolation provided between the RTS and the AMSAC and between the ESFAS and the AMSAC by the isolator modules and the isolation relays ensures that the applicable safety-related criteria are met for the RTS and the ESFAS.
7.7.2.10.2 Redundancy System redundancy has not been provided. Since AMSAC is a backup nonsafety-related system to the redundant RTS, redundancy is not required. To ensure high system reliability, portions of the AMSAC have been implemented as internally redundant, such that a single failure of an input channel or actuation logic processor (ALP) will neither actuate nor prevent actuation of the AMSAC.
7.7-24 REV 22 9/19
VEGP-FSAR-7 7.7.2.10.3 Diversity Diverse equipment has been selected in order that common cause failures affecting both the RTS and the AMSAC or both the ESFAS and the AMSAC will not render these systems inoperable simultaneously. A more detailed discussion of the diversity between the RTS and the AMSAC and between the ESFAS and the AMSAC is presented in paragraph 7.7.1.11.7.
7.7.2.10.4 Electrical Independence The AMSAC is electrically independent of the RTS and ESFAS from the process control cabinets up to the final actuation devices. Isolation devices are provided to isolate the nonsafety AMSAC circuitry from the safety-related actuation circuits of the auxiliary feedwater system as discussed in 7.7.1.11.6.
7.7.2.10.5 Physical Separation from the RTS and ESFAS AMSAC needs to be and is physically separated from the existing protection system hardware.
The AMSAC outputs are provided from separate relay panels within the cabinets. The two trains are separated (in accordance with Regulatory Guide 1.75, Rev. 2) within the AMSAC cabinet by a combination of metal barriers, conduit, and distance.
7.7.2.10.6 Environmental Qualification Equipment related to the AMSAC is qualified to operate under conditions resulting from anticipated operational occurrences for the respective equipment location. The AMSAC equipment, with the exception of the isolation devices located outside containment in a mild environment, is not designated as safety-related equipment and therefore is not required to be qualified as safety related per the requirements of IEEE Standard 279-1971, "IEEE Standard for Criteria for Protection Systems for Nuclear Power Generating Stations."
7.7.2.10.7 Seismic Qualification It is required that only the isolation devices comply with seismic qualification. The AMSAC output isolation device is qualified in accordance with a program that was developed to implement the requirements of IEEE Standard 344-1975, "IEEE Standard for Seismic Qualification of Class 1E Electrical Equipment for Nuclear Power Generating Stations."
7.7.2.10.8 Test, Maintenance, and Surveillance Quality Assurance NRC Generic Letter 85-06, "Quality Assurance Guidance for ATWS Equipment that is not Safety Related," requires quality assurance procedures commensurate with the nonsafety-related classification of the AMSAC. The quality controls for the AMSAC are, at a minimum, consistent with existing plant procedures or practices for nonsafety-related equipment.
Design of the AMSAC followed procedures relating to equipment procurement, document control, and specification of system components, materials, and services. In addition, specifications also define quality assurance practices for inspections, examinations, storage, shipping, and tests as appropriate to a specific item or service.
7.7-25 REV 22 9/19
VEGP-FSAR-7 A computer software verification program and a firmware validation program have been implemented commensurate with the nonsafety-related classification of the AMSAC to ensure that the system design requirements implemented with the use of software have been properly implemented and to ensure compliance with the system functional, performance, and interface requirements.
System testing is completed prior to the installation and operation of the AMSAC, as part of the normal factory acceptance testing and the validation program. Periodic testing is performed both automatically through use of the system automatic self-checking capability, and manually, under administrative control via the AMSAC test/maintenance panel.
7.7.2.10.9 Power Supply Power to the AMSAC is from a battery-backed, non-Class 1E vital bus independent of the power supplies for the RTS and ESFAS. The station battery supplying power to the AMSAC is independent of those used for the RTS and ESFAS. The AMSAC is an energize-to-actuate system capable of performing its mitigative functions with a loss of offsite power.
7.7.2.10.10 Testability at Power The AMSAC is testable at power. This testing is done via the system test/maintenance panel.
The capability of the AMSAC to perform its mitigative actuations is bypassed at a system level while in the test mode. Total system testing is performed as a set of three sequential, partial, and overlapping tests. The first of the tests checks the analog input portions of the AMSAC in order to verify accuracy. Each of the analog input modules is checked separately. The second test checks each of the ALPs to verify that the appropriate coincidence logic is sent to the majority voter. Each ALP is tested separately. The last test exercises the majority voter and the integrity of the associated output relays. The majority voter and associated output relays are tested by exercising all possible input combinations to the majority voter. The integrity of each of the output relays is checked by confirming continuity of the relay coils without operating the relays. The capability to individually operate the output relays, confirm integrity of the associated field wiring, and operate the corresponding isolation relays and final actuation devices at plant shutdown is provided.
7.7.2.10.11 Inadvertent Actuation The AMSAC has been designed such that the frequency of inadvertent actuations is minimized.
This high reliability is ensured through use of three redundant ALPs and a majority voting module. A single failure in any of these modules will not result in a spurious AMSAC actuation.
In addition, a three-out-of-four low feedwater flow coincidence logic and a time delay (dependent on turbine load) have been selected to further minimize the potential for inadvertent actuations.
7.7-26 REV 22 9/19
VEGP-FSAR-7 7.7.2.10.12 AMSAC Bypass 7.7.2.10.12.1 Maintenance Bypasses. The AMSAC is blocked at the system level during maintenance, repair, calibration, or test. While the system is blocked, the bypass condition is continuously indicated in the main control room.
7.7.2.10.12.2 Operating Bypasses. The AMSAC has been designed to allow for operational bypasses with the inclusion of the C-20 permissive. Above the C-20 setpoint, the AMSAC is automatically unblocked (i.e., armed); below the setpoint, the system is automatically blocked.
The operating status of the AMSAC is continuously indicated in the main control room via an annunciator window.
7.7.2.10.12.3 Indication of Bypasses. Whenever the mitigative capabilities of the AMSAC are bypassed or deliberately rendered inoperable, this condition is continuously indicated in the main control room. In addition to the operating bypass, any manual maintenance bypass is indicated via the AMSAC general warning sent to the main control room.
7.7.2.10.12.4 Means for Bypassing. A permanently installed system bypass selector switch is provided to bypass the system. This is a two-position selector switch with "NORMAL" and "BYPASS" positions. At no time is it necessary to use any temporary means, such as installing jumpers or pulling fuses, to bypass the system.
7.7.2.10.13 Completion of Mitigative Actions Once Initiated The AMSAC mitigative actions go to completion as long as the coincidence logic is satisfied and the time delay requirements are met. If the flow in the feedwater lines is reinitiated before the timer expires and increases to above the low-flow setpoint, then the coincidence logic will no longer be satisfied and the actuation signal disappears. If the coincidence logic conditions are maintained for the duration of the time delay, then the mitigative actions go to completion. The auxiliary feedwater initiation signal is latched in at the component actuating devices and the turbine trip is latched at the turbine digital electrohydraulic control system (DEHC). Deliberate operator action is then necessary to terminate auxiliary feedwater flow, clear the turbine trip signal using the DEHC main control board human machine interfaces (HMIs), and proceed with the reopening of the turbine stop valves.
7.7.2.10.14 Manual Initiation Manual initiation of the AMSAC is not provided. The capability to initiate the AMSAC mitigative functions manually, i.e., initiate auxiliary feedwater, trip the turbine, and isolate steam generator blowdown and sampling lines, exists at the main control board independently of AMSAC.
7.7-27 REV 22 9/19
VEGP-FSAR-7 7.7.2.10.15 Information Readout The AMSAC has been designed such that the operating and maintenance staffs have accurate, complete, and timely information pertinent to the status of the AMSAC. A system-level general warning alarm is indicated in the control room. Diagnostic capability exists from the test/maintenance panel to determine the cause of any unanticipated inoperability or deviation.
7.7.2.11 REFERENCE
- 1. Anderson, T. M., (Westinghouse), to Eisenhut, D. G., (NRC), "Summary Report, Westinghouse Reactor Vessel Level Instrumentation System for Monitoring Inadequate Core Cooling," December 23, 1980.
7.7-28 REV 22 9/19
VEGP-FSAR-7 TABLE 7.7.1-1 (SHEET 1 OF 2)
PLANT CONTROL SYSTEM INTERLOCKS Designation Derivation Function C-1 1/2 neutron flux (intermediate Blocks control rod range) above setpoint withdrawal C-2 1/4 neutron flux (power range) Blocks control rod above setpoint withdrawal C-3 2/4 overtemperature T above Blocks control rod setpoint withdrawal Actuates turbine runback via load reference C-4 2/4 overpower T above Blocks control rod setpoint withdrawal Actuates turbine runback via load reference C-5 1/1 turbine impulse chamber Indication only pressure below setpoint REV 17 4/12
VEGP-FSAR-7 TABLE 7.7.1-1 (SHEET 2 OF 2)
Designation Derivation Function C-7 1/1 time derivative (absolute Makes steam dump value) of turbine impulse valves available for chamber pressure (decrease either tripping or only) above setpoint modulation C-9 Any condenser pressure above Blocks steam dump to setpoint or no circulating condenser water pumps running C-11 Not used. Not used.
C-16 Reduce limit in coolant Stops automatic temperature above normal turbine loading until setpoint condition clears C-20(a) Two-of-two turbine Arms AMSAC; below impulse chamber pressure setpoint blocks AMSAC above setpoint (generated in AMSAC; see section 7.7)
P-4 Reactor trip Blocks steam dump control via load Tavg controller Makes steam dump valves available for either tripping or modulation Absence of P-4 Blocks steam dump control via plant trip Tavg controller
- a. Not part of control system (non-Class 1E).
REV 17 4/12
THOT LEG TcoLD LEG THOT LEG TCOLD LEG THOT LEG TCOLD LEG THOT LEG TCOLD LEG A~ERAGE AVEP.AGE AVERAGE AVERAGE TEMPERATURE TEMPERATUP.E iEMP ERA TU RE TEMPERATURE UNIT LOOP I UNIT LOOP 2 UN IT LOOP 3 UN IT LOOP ll TH+Tc =TH+TC =TH+Tc - TH+TC Tavg - - - T av11 T avg T avg - - -
- 2 2 2 2 TURBINE LOAD SIGNAL
(!+---HIGHEST T NUCLEAR POWER SIG~AL TO STEAM ~----------+---~ TO PRESSUR! ZER DUMP SYSTEM TURBINE LO~D SIGN,.AL_ _...___ LEvEL PROGRAMf,IE,.R_ _ _.....,......,
LEAD-LAG POWER MISl-lATCH A'IERAGE COMPENSATION COMPENSATiON TEMPERATURE UH IT UNIT PROGRAMMER ROD SPEED MANUAL RJD UNIT CONTROL ROD ORI YE REDUNDANT SEQUENT I AL ROD POWER I TRIP SIGNAL CONTROL UNIT
( AUi0"4ATI C CONTROL)
REACTOR TRIP BREAKER I PERMISSIVE CIRCUIT
( ROD I HTERLOCK)
REACTOR TRIP BREAKER 2 CONTROL ROD ROD DR I VE ACTUATOR POWEi!
NOTE: TEMPERATURES ARE MEASURED AT STEAM GENERATOR'S INLET AND OUTLET.
CC,NTROL ROD OR I H ME CHAN I SM REV 13 4/06 SIMPLIFIED BLOCK DIAGRAM OF SOUTHER,.a COMPANY
<<\ VOGTLE ELECTRIC GENERATING PLANT REACTOR CONTROL SYSTEM Energy to Serve Your World ,,_ UNIT 1 AND UNIT 2 FIGURE 7.7.1-1
LOW ALARM LOW-LOW ALARM COMPARATOR (6T)
AUCT COMMON FOR ALL FOUR CONTROL BANKS z------
DEMAND BANK SIGNAL TYPICAL OF ONE CONTROL BANK NOTE: I, COMPUTER ALGORITHM IS USED FOR THE COMPARATOR NETWORK
- 2. COMPARISON IS DONE FOR ALL CONTROL BANKS REV 17 4/12 SOUTHERN A COMPANY VOGTLE ELECTRIC GENERATING PLANT CONTROL BANK ROD INSERTION MONITOR UNIT 1 AND UNIT 2 FIGURE 7.7.1-2
ALARM A
INDIVIDUAL ROD POSITION READING OF THOSE RODS CLASSIFIED AS MEMBERS OF THAT BANK COMPARATOR NOTE: I. DIGITAL OR ANALOG SIGNALS t1AY BE USED FOR THE COMPARATOR COMPUTER INPUTS.
- 2. THE COMPARATOR WILL ENERGIZE THE ALARM IF THERE EXISTS A POSITION DIFFERENCE GREATER THAN A PRESET LIMIT BETWEEN ANY INDIVIDUAL ROD AND THE DEMAND BANK SIGNAL.
- 3. COMPARISON IS INDIVIDUALLY DONE FOR ALL CONTROL BAHKS.
REV 13 4/06 ROD DEVIATION COMPARATOR VOGTLE SOUTHERN<<\
COMPANY ELECTRIC GENERATING PLANT Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.1-3
PRESSURIZER PRESSURE SIGNAL REFERENCE PRESSURf
(+) I (-)
PID CONTROLLER REMOTE MAMIJAL POSIT10NING SPRAY CONTROLLER (TVPICAL-SEPARA TE CONTROLLER FOR EACH SPRAY VALVE)
POWER RELIEF POWER TO BACKUP TO VARIABLE VALVE N0.1 RELi EF HEATER HEATER VALVE CONTROL CONTROL N0.2 REV 13 4/06 BLOCK DIAGRAM OF PRESSURIZER SOUTHERt-1 COMPANY
<<\ VOGTLE ELECTRIC GENERATING PLANT PRESSURE CONTROL SYSTEM Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.1-4
AUCTIONEERED T avg PRESSURIZER WATER LEVEL SIGNAL I LEVEL HEUER PROGRAMMER CONTROL CHARGING PIO CONTROLLER FLOW SIGNAL I
PI CONTROLLER REMOTE MANUAL CONTROL 1~
CHARGING FLOW CONTROL VALVE POSITION REV 13 4/06 BLOCK DIAGRAM OF PRESSURIZER SOUTHERN!<<\
VOGTLE LEVEL CONTROL SYSTEM COMPANY ELECTRIC GENERATING PLANT Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.1-5
l oop Steam FfCMI uning ,Ii.lode Filler Para me~ers se e ctlbn Ra~Lag 1L o op Feed..,ater A CM' Filler j
PIO FVI Conllol ler Tem eralu- Flow Demand m Filler F,(,)
Valves & P\J,.ps Power lndica or SetpDint Fille r Pr:og ram
+
SG NR le* e'I Leacw.ag Pl Contrd ler
+
Tuniog1 Parameters FlllE!r ,;;_. 1-- - - - - - - ~
+
SGWR L,vel o LDadSe1 l nt REV 18 9/13 BLOCK DIAGRAM OF STEAM GENERATOR
~ VOGTLE SOUTr,:.i:~
Ena gy,oSm, YmWodd
- ELECTRIC GENERATING PLANT UNIT 1 ANO UNIT 2 WATER LEVEL CONTROL SYSTEM FIGURE 7.7.1-6
Loop 2 Feedwater - Loop 3 Feedwater Flow Flow Auctioneer High
(+) - {+)
(+) ( > (+)
~
-~
Loop 1 Feedwater - - Loop 4 Feedwater Flow Flow Feed Pump Speed Oemand I Program' Romo* Mallwtl Poaitloo 'f I Propofflon*I Controller (Typbll:- eecn Pump Has na Own P.-op Contronel')
- r Malrt FeedwQk,r Pump Speed REV 18 9/13 BLOCK DIAGRAM OF MAIN FEEDWA TER
- 6. VOGTLE SOUTHERN.d. ELECTRIC GENERATING PLANT PUMP SPEED CONTROL SYSTEM COMPANY E * ..., .. s-"'.,w.rld* UNIT 1 AND UNIT 2 FIGURE 7.7.1-7
STEAM DUMP CONTROL IN MANUAL AUCTIONEERED (STEAM PRESSURE CONTROL)
Tavg T avg REFERENCE TURBINE 1,1PULSE.
NO-LOAD l
STAGE PRESSURE Tavg RATE/LAG COMPENSATION LEAD/LAG REAC TOR COMPENSATION TRIP LOAD REJ ECTI OH 81ST4BLE DEFEAT LOAD REJECTION STEAM DUMP COllTROL:
ALLOW PLANT TRIP STEAM DUMP CONTROL Bl STABLES Bl STABLES STEAM HEADE~
PRESSURE SET PLANT TRIP PRESSURE CONTROL LE~
LOAD REJECTION CONTROLLER LOAD REJECTION CONTROL OR PLANT PI CONTROLLER TRIP CONTROL LOAD REJECTION CONTROL OR PLANT TRIP CONTROL TR!P OPEN STEAM DUMP VALVES KOTE: FOR BLOCKING.UN-BLOCKING SIGNAL TO CONDENSER STEAM DUMP AUTO (Tavg VALVES CONTROL) SEE FIGURE 7.2.1-1 MANUAL SHEET 10.
__.. (STEAM PRESSURE AIR SUPPLY TO CONTROL)
DUMP VALVES MODULATE CONDENSER DUMP VALVES REV 13 4/06 BLOCK DIAGRAM OF STEAM DUMP SOUTHERN<<\
VOGTLE CONTROL SYSTEM COMPANY ELECTRIC GENERATING PLANT UNIT 1 AND UNIT 2 Energy to Serve Your World FIGURE 7.7.1-8
SAFETY SWITCHES LIMIT SWITCHE 10-PATH TRANSFERS SEAL TABLE FLU~ THIMBLES REV 13 4/06 BASIC FLUX-MAPPING SYSTEM VOGTLE SOUTHERN<<\
COMPANY ELECTRIC GENERATING PLANT Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.1-9
ANALOG/DIGITAL INPUTS DIGITAL DIGITAL DIGITAL ANALOG ANALOG ANALOG SIGNAL SIGNAL SIGNAL CONDITIONING CONDITIONING CONDITIONING ALP NO . 1 ALP NO. 2 ALP NO . 3 A/D A/D A/D CONVERSION CONVERSION CONVERSION PROM, RAM PROM . RAM PROM , RAM CPU CPU CPU SHARED DIGITAL SHARED DIGITAL SHARED DIGITAL RAM li O RAM 1/0 RAM 1/ 0 BUS MAJOR ITV (2/3) MAJORITY (2/3)
VOTER "A" VOTER " B"
- * * * *
- OUTPUT RELAYS REV 13 4/06 VOGTLE ACTUATION LOGIC SYSTEM ARCHITECTURE SOUTHER~A COMPANY ELECTRIC GENERATING PLANT Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.1-10
SLAVE POWER CONTROL
..... CYCLER I BO CAB I~ET ~ BANK D I BD GROUP I REACTOR l r
MASTER LIFT COIL CONTROL PULSER DISCONNECT SYSTEM CYCLER SWITCHES SLAVE POWER CONfROL CYCLER CASI NET ~ BANK D 2 BO 2 8D GROUP 2 MANUAL SWITCH BANK BANK SELECTOR OVERLAP t,llLTIPlfX CiRCUITS 2*~1------~-
I t 121 I
I. L--- LIFTING }GROUP I l OFF I NOi [: ONLY CABINETS 180 AND 2130 SHOWN . FOR MORE COMPLf TE DIAGRAM IN-CL UDING POWER CABINETS I AC. 2 AC . SCDE. AND l *>-l_ _ _ _ __.I;_-------, I--------: :::TING} GROUP 2 DC HOLD SCD . SEE RU . I IN SEC r ION 7.7 .1.
NORMAL SEQUENCING OF GROUPS WITHIN BANK REV 13 4/06 SIMPLIFIED BLOCK DIAGRAM SOUTHERN COMPANY A VOGTLE ELECTRIC GENERATING PLANT ROD CONTROL SYSTEM Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.2-1
CONTROL BANK D GROUP I MULTIPLEX POWER CABINET THYRISTOR I BO MULTIPLEX THYRISTORS 120V-ec STATIOIIARY t-<<>VABLE LIFT CO!LS GRIPPER GRIPPER COILS COILS CONTROL BANK D GROUP 2 POWER CAB INET 2 BO 120 V-ac LI FT COi L DISCONNECT SWITCHES LI FT CO I LS REV 13 4/06 CONTROL BANK D SOUTHERN COMPANY A VOGTLE ELECTRIC GENERATING PLANT PARTIAL SIMPLIFIED SCHEMATIC DIAGRAM POWER CABINETS 1BD AND 2BD Energy to Serve Your World UNIT 1 AND UNIT 2 FIGURE 7.7.2-2
VEGP-FSAR-8 8.0 ELECTRIC POWER
8.1 INTRODUCTION
8.1.1 UTILITY GRID DESCRIPTION Southern Nuclear Operating Company (SNC) is a member of Southern Company's grid system, whose other members are Alabama Power Company, Georgia Power Company, Gulf Power Company, Mississippi Power Company, Savannah Electric and Power Company, and the Southern Electric Generating Company. The Southern Company is interconnected with Duke Power Company, Florida Peninsula Systems, Middle South Utilities, South Carolina Electric and Gas Company, and the Tennessee Valley Authority. Southern Company's grid system consists of interconnected hydro plants, fossil-fueled plants, and nuclear plants supplying electric energy over a transmission system consisting of various voltages up to 500 kV, as shown on drawing AX6DD402. The figure includes the planned transmission lines for VEGP.
8.1.2 ONSITE POWER SYSTEM DESCRIPTION The plant is supplied with ac power from a 230-kV switchyard. The Unit 1 generator is connected to the 230-kV switchyard and the Unit 2 generator is connected to the 500-kV switchyard via step-up transformers. Two 230- to 500-kV autotransformers are provided for the interconnection of the two switchyards. The 230-kV switchyard supplies power through two 230/13.8/4.16-kV reserve auxiliary transformers per unit (preferred power source) to the engineered safety features (ESF) buses and the balance of plant (BOP) buses. There is also a "swing" 13.8/4.16-kV, 10/12.5 MVA standby auxiliary transformer (SAT) which may be manually connected to supply power to the ESF buses and to a portion of the BOP loads. The "swing" terminology when used to describe the SAT means that the SAT alignment to the onsite electrical distribution system is selected, with the use of administrative controls and key interlocked disconnect switches, to supply power to any one of the safety-related buses. The standby power source for each ESF bus is its associated emergency diesel generator set. The preferred power source of each unit BOP load is from the 25-kV generator buses through two 25/13.8/4.16-kV unit auxiliary transformers per unit.
The Class 1E ac power system is divided into two independent divisions to provide ac power to the two divisions of ESF loads. The onsite power systems are shown in drawings 1X3D-AA-A01A, 2X3D-AA-A01A, AX3D-AA-A01A, and AX3D-AA-A03A.
Four independent 125-V dc systems supply power to the four independent reactor protection channels and both independent Class 1E ac power systems.
8.1.3 SAFETY-RELATED LOADS Safety loads are defined as those systems and devices that require electric power in order to perform their safety functions. The ac safety loads are shown in drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B. Tables 8.3.2-1, 8.3.2-2, 8.3.2-3, and 8.3.2-4 list the loads on the Class 1E 125-V dc batteries. Power supplies for the reactor protection system have sufficient stored energy to remain available through any anticipated 8.1-1 REV 23 3/21
VEGP-FSAR-8 switching transients. The power supplies are shown on drawings 1X3D-AA-G02A, 1X3D-AA-G02C, and 1X3D-AA-G01B.
8.1.4 DESIGN BASES 8.1.4.1 Offsite Power System A. Electrical power from the power grid to the plant site is supplied by two physically independent circuits designed and located to minimize the likelihood of simultaneous failure.
B. Based on the grid analysis, two physically independent reserve auxiliary transformers are provided to supply the onsite electrical distribution system.
There is also a physically independent standby auxiliary transformer to supply power to the onsite electrical distribution system.
C. The loss of one of the nuclear units at VEGP or the most critical unit on the grid will not result in the loss of offsite power to the Class 1E buses.
D. The switchyard is designed with duplicate and redundant systems; i.e., two independent battery systems, two trip coils per breaker, and protective relay schemes.
E. The impact of open phase conditions on the capability of the reserve auxiliary transformers (RAT 1NXRA, RAT 2NXRA, RAT 1NXRB, and RAT 2NXRB) and the swing standby auxiliary transformer (SAT ANXRA) were evaluated. The conditions analyzed consisted of single (i.e., one of three) and double (i.e., two of three) open phase conductors on the high voltage side (230 kV) of the reserve auxiliary and standby (13.8 kV) transformers. The analysis considered open phase conditions with and without ground. Open phase detection systems for the transformers were installed in accordance with the NEI Open Phase Condition Initiative. Upon detection of an open phase condition, the system will provide operator indication of the open phase condition.
A risk-informed assessment utilizing the Vogtle specific electrical design configuration was performed in accordance with the guidance in NEI 19-02, Guidance for Assessing Open Phase Condition Implementation Using Risk Insights. The assessment demonstrated that in the event of an open phase condition, the risk associated with an open phase detection system that is reliant on manual operator action versus the automatic actuation of an open phase isolation system was below the threshold of what is generally considered a small change in CDF (1.0E-6) and LERF (1.0E-7). Based on the results of the risk-informed assessment, Vogtle has opted to utilize the open phase detection system and operator manual actions to address open phase conditions.
8.1.4.2 Onsite Power System A. The onsite power system includes a separate and independent Class 1E electric power system for each unit [General Design Criterion (GDC) 17].
B. The onsite Class 1E ac electric power systems for each unit are divided into two independent load groups referred to as trains, each with its own power supply, 8.1-2 REV 23 3/21
VEGP-FSAR-8 buses, transformers, loads, and associated 125-V dc control power. Each train is independently capable of maintaining one unit in a safe shutdown condition (GDC 17).
C. One independent diesel generator is provided for each Class 1E ac train in each unit.
The diesel generator unit provides power to the appropriate ventilation equipment to maintain an acceptable environment within the diesel generator buildings.
The diesel generator unit is capable of starting, accelerating, being loaded, and carrying the design load described in paragraph 8.3.1.1.3. The unit energizes its cooling equipment within an acceptable time.
A discussion on conformance to Regulatory Guide 1.9 concerning frequency and voltage limits and basis of the continuous rating is contained in section 1.9.
Mechanical and electric systems are designed so that a single failure affects the operation of only a single diesel generator.
Design conditions such as vibration, torsional vibration, and overspeed are considered in accordance with the requirements of Institute of Electrical and Electronics Engineers (IEEE) Standard 387.
Each diesel governor can operate in the droop mode, and the voltage regulator can operate in the paralleled mode during diesel generator testing. If an underfrequency condition occurs while the diesel generator is paralleled with the preferred (offsite) power supply, the diesel generator breaker is tripped and the governor and voltage regulator are automatically restored to the isochronous and nonparalleled modes, respectively.
Each diesel generator is provided with control systems permitting automatic and manual control. The automatic start signal is functional except when the diesel generator is in the maintenance mode. Also, the automatic start signal will not override the rampup time when the governor is in the slow start mode. The details of the affects during the slow start mode are described in paragraph 8.3.1.1.3.k. Provision is made for controlling each diesel generator from the control room or from the diesel generator room. Paragraph 8.3.1.1.3 provides further description of the control systems.
Voltage, current, frequency, var, and watt metering is provided in the control room to permit assessment of the operating condition of each diesel generator.
Surveillance instrumentation is provided in accordance with IEEE 387, as described in subsections 9.5.4 through 9.5.8.
Tests are conducted on each diesel generator unit in accordance with IEEE 387, as listed in paragraph 8.3.1.1.3.
D. No provisions are made for automatic transfer of trains between redundant power sources.
E. No portion (ac or dc) of the onsite standby power systems is shared between units (GDC 5).
F. The Class 1E electric systems are designed to satisfy the single failure criterion (GDC 17).
8.1-3 REV 23 3/21
VEGP-FSAR-8 G. For each of the four protection channels, one independent 125-V dc and at least one 120-V vital ac power source are provided. Batteries are sized for 165 min of operation for LOSP/LOCA and 240 min for SBO without the support of battery chargers.
H. Separate non-Class 1E dc systems are provided for non-Class 1E controls and dc motors.
I. Raceways are not shared by Class 1E and non-Class 1E cables.
J. Special identification criteria are applied for Class 1E equipment, including cabling and raceways. Refer to paragraph 8.3.1.3.
K. Separation criteria are applied which establish requirements for preserving the independence of redundant Class 1E electric systems. Refer to paragraph 8.3.1.4.1.
L. Class 1E equipment is designed with the capability of being tested periodically (GDC 18).
8.1.4.3 Design Criteria, Regulatory Guides, and IEEE Standards Compliance to GDC 17, 18, and 50 is discussed in section 3.1 and paragraphs 8.3.1.2, 8.3.2.2, and 8.3.1.1.12. The design of the offsite power and onsite Class 1E electric systems generally conforms with the regulatory guides and standards listed below as clarified in section 1.9. Refer to table 8.1-1 for acceptance criteria and guidelines and their applicability to chapter 8.
A. General Design Criteria
- 1. GDC 2, Design Bases for Protection Against Natural Phenomena.
- 2. GDC 4, Environmental and Missile Design Bases.
- 3. GDC 5, Sharing of Structures, Systems, and Components.
- 4. GDC 17, Electric Power Systems.
- 5. GDC 18, Inspection and Testing of Electric Power Systems.
- 6. GDC 50, Containment Design Basis.
See section 3.1 for a discussion of conformance with each of the general design criteria.
B. Nuclear Regulatory Commission (NRC) Regulatory Guides See section 1.9 for a discussion of conformance to the regulatory guides listed below.
- 1. Regulatory Guide 1.6, Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems.
- 2. Regulatory Guide 1.9, Selection, Design, and Qualification of Units Used as Standby (Onsite) Electric Power Systems at Nuclear Power Plants.
- 3. Regulatory Guide 1.22, Periodic Testing of Protection System Actuation Functions.
- 4. Regulatory Guide 1.29, Seismic Design Classification.
8.1-4 REV 23 3/21
VEGP-FSAR-8
- 5. Regulatory Guide 1.30, Quality Assurance Requirements for the Installation, Inspection, and Testing of Instrumentation and Electric Equipment.
- 6. Regulatory Guide 1.32, Criteria for Safety- Related Electric Power Systems for Nuclear Power Plants.
- 7. Regulatory Guide 1.40, Qualification Tests of Continuous-Duty Motors Installed Inside the Containment of Water-Cooled Nuclear Power Plants.
- 8. Regulatory Guide 1.41, Preoperational Testing of Redundant Onsite Electrical Power Systems to Verify Proper Load Group Assignments.
- 9. Regulatory Guide 1.47, Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems.
- 10. Regulatory Guide 1.53, Application of the Single-Failure Criterion to Nuclear Power Plant Protection Systems.
- 11. Regulatory Guide 1.62, Manual Initiation of Protective Actions.
- 12. Regulatory Guide 1.63, Electric Penetration Assemblies in Containment Structures for Light-Water-Cooled Nuclear Power Plants.
- 13. Regulatory Guide 1.68, Preoperational and Initial Startup Test Programs for Water-Cooled Power Reactors.
- 14. Regulatory Guide 1.73, Qualification Tests of Electric Valve Operators Installed Inside the Containment of Nuclear Power Plants.
- 15. Regulatory Guide 1.75, Physical Independence of Electric Systems.
- 16. Regulatory Guide 1.81, Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants.
- 17. Regulatory Guide 1.89, Qualification of Class 1E Equipment for Nuclear Power Plants.
- 18. Regulatory Guide 1.93, Availability of Electric Power Sources.
- 19. Regulatory Guide 1.100, Seismic Qualification of Electrical Equipment for Nuclear Power Plants.
- 20. Regulatory Guide 1.106, Thermal Overload Protection for Electric Motors on Motor-Operated Valves.
- 21. Regulatory Guide 1.108, Periodic Testing of Diesel Generators Used as Onsite Electric Power Systems at Nuclear Power Plants.
- 22. Regulatory Guide 1.118, Periodic Testing of Electric Power and Protection Systems.
- 23. Regulatory Guide 1.128, Installation Design and Installation of Large Lead Storage Batteries for Nuclear Power Plants.
- 24. Regulatory Guide 1.129, Maintenance, Testing, and Replacement of Large Lead Storage Batteries for Nuclear Power Plants.
- 25. Regulatory Guide 1.131, Qualification Tests of Electric Cables, Field Splices, and Connections for Light-Water-Cooled Nuclear Power Plants.
C. IEEE Standards 8.1-5 REV 23 3/21
VEGP-FSAR-8 The onsite power system is generally designed in accordance with IEEE Standards 279, 308, 317, 323, 334, 336, 338, 344, 379, 382, 383, 384, 387, 450, and 484.
- 1. IEEE 279-1971, Criteria for Protection Systems for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.22.
- 2. IEEE 308-1974, Criteria for Class 1E Power Systems for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.32.
- 3. IEEE 317-1976, Electrical Penetration Assemblies in Containment Structures for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.63.
- 4. IEEE 323-1974, Qualifying Class 1E Equipment for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.89.
- 5. IEEE 334-1974, Type Tests of Continuous Duty Class IE Motors for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.40.
- 6. IEEE 336-1971, Installation, Inspection, and Testing Requirements for Instrumentation and Electric Equipment During the Construction of Nuclear Power Generating Stations. Refer to Regulatory Guide 1.30.
- 7. IEEE 338-1977, Criteria for the Periodic Testing of Nuclear Power Generating Station Class 1E Power and Protection Systems. For application of this standard to various systems, refer to paragraph 7.1.2.7 and to Regulatory Guide 1.118.
- 8. IEEE 344-1975, Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations. Seismic qualification of Class 1E electric equipment and the extent of compliance with IEEE 344-1975 are discussed in section 3.10. Also refer to Regulatory Guide 1.100.
- 9. IEEE 379-1972, Application of the Single Failure Criterion to Nuclear Power Generating Station Class 1E Systems. Refer to Regulatory Guide 1.53.
- 10. IEEE 382-1972, Type Test of Class 1 Electric Valve Operators for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.73.
- 11. IEEE 383-1974, Type Test of Class 1E Electric Cables, Field Splices, and Connections for Nuclear Power Generating Stations. Refer to Regulatory Guide 1.131.
- 12. IEEE 384-1981, Criteria for Independence of Class 1E Equipment and Circuits. Refer to Regulatory Guide 1.75.
- 13. IEEE 387-1977, Criteria for Diesel-Generator Units Applied as Standby Power Supplies for Nuclear Power Generating Stations. Conformance with the design criteria of IEEE 387-1977 is discussed in paragraph 8.3.1.1.3, which addresses the details of the standby power supply. Also refer to Regulatory Guide 1.9.
- 14. IEEE 450-1995, Maintenance, Testing, and Replacement of Large Lead Storage Batteries for Generating Stations and Substations. Refer to Regulatory Guide 1.129. The safety-related batteries will be tested periodically in accordance with the Technical Specifications and the 8.1-6 REV 23 3/21
VEGP-FSAR-8 version of IEEE 450 as described in the Bases for the Technical Specifications.
- 15. IEEE 484-1975, Installation Design and Installation of Large Lead Storage Batteries for Generating Stations and Substations. Refer to Regulatory Guide 1.128.
- 16. IEEE 628-1987, Standard Criteria for the Design, Installation, and Qualification of Raceway Systems for Class 1E Circuits for Nuclear Power Generating Stations.
- 17. IEEE 485-1983, Recommended Practice for Sizing Large Lead Storage Batteries for Generating Stations and Substations 8.1-7 REV 23 3/21
VEGP-FSAR-8 TABLE 8.1-1 (SHEET 1 OF 3)
ACCEPTANCE CRITERIA AND GUIDELINES FOR ELECTRIC POWER SYSTEMS (a)
Applicability (FSAR Criteria Title Section/Subsection) Remarks 8.2 8.3.1 8.3.2
- 1. GDC Appendix A to10 Code of Federal Regulations (CFR) 50
- a. GDC 2 Design Bases for Protection Against Natural A A Phenomena
- b. GDC 4 Environmental and Missile Design Bases A A
- c. GDC 5 Sharing of Structures, Systems, and A A A Components
- d. GDC 17 Electric Power Systems A A A
- e. GDC 18 Inspection and Testing of Electrical Power A A A Systems
- f. GDC 50 Containment Design Bases A A
- 2. Regulatory Guide (RG)
- a. RG 1.6 Independence Between Redundant Standby G G (Onsite) Power Sources and Between Their Distribution Systems
- b. RG 1.9 Selection, Design, and Qualification of Diesel- G Generator Units Used as Standby (Onsite)
Electric Power Systems at Nuclear Power Plants
- c. RG 1.32 Use of IEEE Standard 308, Criteria for Class G G G 1E Power Systems for Nuclear Power Generating Stations
- d. RG 1.47 Bypassed and Inoperable Status Indication G G G for Nuclear Power Plant Safety Systems REV 14 10/07
VEGP-FSAR-8 TABLE 8.1-1 (SHEET 2 of 3)
(a)
Applicability (FSAR Criteria Title Section/Subsection) Remarks 8.2 8.3.1 8.3.2
- e. RG 1.63 Electric Penetration Assemblies in G G Containment Structures for Light-Water-Cooled Nuclear Power Plants
- f. RG 1.75 Physical Independence of Electric G G Systems
- g. RG 1.81 Shared Emergency and Shutdown Electric G G G Systems for Multi-Unit Nuclear Power Plants
- h. RG 1.106 Thermal Overload Protection for Electric G G Motors on Motor-Operated Valves
- i. RG 1.108 Periodic Testing of Diesel Generators G Used as Onsite Power Systems at Nuclear Power Plants
- j. RG 1.118 Periodic Testing of Electric Power and G G Protection Systems
- k. RG 1.128 Installation Design and Installation of G Large Lead Storage Batteries for Nuclear Power Plant
- l. RG 1.129 Maintenance, Testing, and Replacement G of Large Lead Storage Batteries for Nuclear Power Plants
- 3. Branch Technical Position (BTP)
- a. BTP ICSB 4 Requirements on Motor-Operated Valves G See also FSAR subsection 7.6.4 in the ECCS Accumulator Lines G
- b. BTP ICSB 8 (PSB) Use of Diesel-Generator Sets for Peaking
- c. BTP ICSB 11 (PSB) Stability of Offsite Power Systems G REV 14 10/07
VEGP-FSAR-8 TABLE 8.1-1 (SHEET 3 of 3)
(a)
Applicability (FSAR Criteria Title Section/Subsection) Remarks 8.2 8.3.1 8.3.2
- d. BTP ICSB 18 (PSB) Application of the Single Failure G Criterion to Manually-Controlled Electrically-Operated Valves
- f. BTP PSB-1 Adequacy of Station Electric G Distribution System Voltages
- h. BTP PSB-2 Criteria for Alarms and Indications G Associated with Diesel-Generator Unit Bypassed and Inoperable Status NUREG Reports
- a. NUREG/CR 0660 Enhancement of Onsite Diesel G Generator Reliability
- a. A denotes acceptance criteria. G denotes guidance.
REV 14 10/07
VEGP-FSAR-8 8.2 OFFSITE POWER SYSTEM 8.2.1 SYSTEM DESCRIPTION The Southern Company transmission system supplies the offsite ac energy for operating the safety-related buses as well as startup and shutdown of Units 1 and 2.
Each unit represents about 6 percent of the total installed capacity of the Georgia Power Company system in 1990 and about 3.4 percent of the total installed capacity of the Southern Company system in 1990.
Units 1 and 3 are connected to the 230-kV switchyard and Unit 2 is connected to the 500-kV switchyard through step-up transformers. Two 500/230-kV autotransformers connect each switchyard together. Unit 4 500-kV switchyard is connected to the 500-kV switchyard by overhead tie lines. The Unit 1 and 2 offsite sources are connected via the switchyard to the 230-kV and 500-kV transmission system.
8.2.1.1 Offsite Sources Drawing AX6DD402 shows the Southern Company transmission system plan for 1990.
Construction of the 230-kV and 500-kV lines is summarized in table 8.2.1-1. The transmission lines are not considered to have any unusual features, and the occasional crossings of transmission lines as listed in table 8.2.1-1 are normal design practice for the Georgia Power Company system.
The 230-kV and 500-kV transmission systems are designed to deliver power to the various portions of the Georgia Power Company service area safely, efficiently, and dependably. As a result, the system offers a very dependable power source for the required offsite loads and is the preferred power source for the safety-related loads of the plant.
An additional "swing" preferred offsite power source, the standby auxiliary transformer (SAT), is also available for plant loads in response to emergency conditions or for use during reserve auxiliary transformer (RAT) maintenance. The SAT receives power from the Georgia Power Company Plant Wilson switchyard (see drawing AX3D-AA-A03A). Plant Wilson is a six-unit combustion turbine electric generating facility located approximately 1 mile east of the Vogtle plant site. The SAT is supplied power through a direct buried cable from either the Southern Company 230-kV grid or Plant Wilson's onsite combustion turbine electrical generation, both methods via the Plant Wilson switchyard 13.8-kV power system.
There are five 230-kV lines, one of which is the connection to the Plant Wilson switchyard, and two 230-kV and 500-kV autotransformers that connect the 230-kV and 500-kV switchyards.
These transmission elements at the 230-kV bus comprise the power sources to the 230-kV switchyard. The lines approach the plant site on five rights-of-way, from the north-west and south. System load studies indicate that this arrangement has the capacity and capability to supply the power necessary for the safety loads of one unit while placing the other unit in cold shutdown.
The transmission line structures of both the 230-kV and 500-kV systems are designed to withstand standard light and medium loading conditions as specified in National Institute of Standards and Technology Handbook No. 8 (ANSI, C2.2-1960, National Electric Safety Code).
8.2-1 REV 23 3/21
VEGP-FSAR-8 8.2.1.2 Switchyard The Units 1 and 2 230-kV and 500-kV switchyards are arranged as shown in drawings AX3D-AA-L50A and AX3DL060. The 230-kV breaker-and-a-half arrangement is used to incorporate the redundancy offered by having two energized buses with three breakers to service each pair of connections. The 500-kV breaker-and-a-half bus arrangement allows two breakers to service each terminal connection.
The switchhouse, located in the switchyard, contains two independent 125-V batteries, the primary and secondary relaying for the transmission lines, and the breaker failure relaying. It also contains the 480-V metal-clad switchgear and motor control centers for the substation.
Two trip coils per pole are provided in each 230-kV and 500-kV circuit breaker for independent tripping from the primary and secondary relaying systems. Redundant closing coils are not provided in each circuit breaker. However, the 125-V dc supplies are arranged to ensure that at least one offsite source is available upon the loss of either substation battery. Tables 8.2.1-2 and 8.2.1-3 respectively show the 230-kV and 500-kV circuit breaker control circuits supplied by each battery.
Each of the offsite sources from the 230-kV switchyard can be energized through either or both of the two switchyard circuit breakers. The high voltage switchyard raceway network consists of a system of concrete trenches with concrete lids. Control cables to the four circuit breakers are routed through the trenches in such a way that lengthy trench sections do not include circuits to all four offsite source breakers. Control cables to the plant control room for these breakers are routed outdoors in conduit within a reinforced concrete duct run and within the plant in cable tray. These cables are arranged within these raceways in such a manner that no two breakers from different offsite sources are in a common raceway. Areas in which circuits to all four breakers are common in this duct run are limited to the three pull boxes. Areas in which circuits to all four breakers are routed in a common trench are limited to some areas of the switch house interior and a small area of the trench adjacent to the switch house.
In these areas, the trench is protected by location or adjacent structure (i.e., switch house), and additional separation is not practical. All cable is fire retardant (in accordance with IEEE 383-1974), and no oil containment equipment is located in the vicinity of the cable trench.
Two feeders emerge from the 230-kV substation to supply power to the RATs for both Units 1 and 2. (The arrangement is shown in drawings 1X3D-AA-A01A and 2X3D-AA-A01A.) Offsite source No. 1 supplies Unit 1 RAT 1NXRA and Unit 2 RAT 2NXRB. Offsite source No. 2 supplies Unit 1 reserve auxiliary transformer 1NXRB and Unit 2 RAT 2NXRA. These two offsite sources are separated physically as they leave the 230-kV substation and are arranged so that no one event such as a falling line, tower, or other structure will damage both lines.
The 13.8-kV power circuit to the SAT is above grade only at the Plant Wilson switchyard connection point and in the Vogtle low voltage switchyard at the 13.8-kV switchgear circuit breaker and at the SAT. Between these two points, the power circuit is either direct buried or pulled in conduit through a concrete encased electrical duct run. The 13.8-kV power circuit is therefore physically separated from the other offsite power source lines. No one event, such as a falling line, tower, or other structure will damage the 13.8-kV power circuit and one of the 230-kV power feeders. The 13.8-kV circuit breaker has a single trip coil which, along with the protective relaying, is supplied 125-V-dc power from the turbine building batteries.
The secondary windings of the RATs are connected to the various groups of metal-clad switchgear by Calvert cable busses. The Calvert cable busses from transformers 1NXRB and 2NXRA are carried in underground trenches from the transformers to the turbine building wall.
The other Calvert cable busses are run overhead to the turbine building.
8.2-2 REV 23 3/21
VEGP-FSAR-8 The secondary winding of the SAT is connected to the various groups of metal-clad switchgear by a 4.16-kV switchgear circuit breaker, Husky cable bus, and cable bus disconnect switches.
The 4.16-kV circuit breaker has a single trip coil which, along with the protective relaying, is supplied 125-V-dc power from the turbine building batteries. The Husky cable bus from the SAT switchgear runs overhead to the vicinity of each RAT. At that point, the Husky cable bus is connected to a switch that may be closed to connect the SAT to the Calvert cable bus between the RAT and the Class 1E switchgear. Another switch in the Calvert cable bus between the Class 1E switchgear and the RAT is opened before the SAT cable bus switch is closed. The two cable bus switches allow the Class 1E switchgear to be connected to either a RAT or the SAT. The manual cable bus switches are key interlocked to prevent having both the RAT and the SAT connected to the same Class 1E bus. The switching arrangement is shown on drawings 1X3D-AA-A01A, 2X3D-AA-A01A, and AX3D-AA-A03A.
The Calvert cable busses enter the turbine building and proceed to the non-Class 1E metal-clad switchgear installed in the turbine building. The Calvert cable busses continue through the cable tunnel between the turbine building and the control building to the Class 1E metal-clad switchgear busses located in the control building. As these busses traverse the buildings, adequate spacing and arrangement to the extent practical are provided to minimize the chances that both offsite sources will be eliminated by one occurrence.
8.2.2 ANALYSIS 8.2.2.1 Loss of VEGP Unit 1 or 2 or the Largest Unit A study simulating 1990 peak conditions has been made to determine the effect of the loss of either VEGP Unit 1 or 2 on the Georgia Power Company transmission system and its ability to maintain continuity of service to the loads. This study reveals that the transmission system is adequate to maintain continuity of service to the load areas and the offsite power to the safety-related loads at the plant site.
A study simulating 1990 peak conditions has been made to determine the effect of the loss of both Units 1 and 2 and the ability of the offsite source to supply emergency and safety-related loads at VEGP. It was found that the offsite transmission is adequate. The voltage at the VEGP 230-kV bus is above 100 percent under any normal planning criteria.
The largest unit of the Georgia Power Company system is VEGP Unit 1 or Unit 2 and loss of these units as explained above does not result in the loss of the offsite power to the safety-related buses at the plant site. The loss of the next largest unit (Bowen No. 3 or No. 4) likewise does not result in the loss of offsite power to the safety-related buses at the plant site.
8.2.2.2 VEGP Voltage Operating Range The 230-kV bus voltage will not be less than 230 kV (100 percent) or greater than 242 kV (105 percent) for all system loading conditions and under severe contingencies such as loss of any large generating plant, including VEGP itself (Unit 1 and Unit 2 shutdown and/or loss-of-coolant accident loads), or loss of any single transmission element. (See GPC letters SL-2110 dated March 9, 1987, and GN-1525 dated December 13, 1988, for a detailed description of the effect of switchyard voltages on in-plant loads.)
8.2-3 REV 23 3/21
VEGP-FSAR-8 8.2.2.3 VEGP Transient Stability Based on the offsite power system described in subsection 8.2.1, a transient stability study simulating 1990 summer peak and spring valley loading conditions has been made to determine the transmission line, bus arrangement, and/or special equipment requirements to ensure stable operation of the grid for VEGP Units 1 and 2. These extreme system loading conditions ensure that the stability performances of VEGP are analyzed under all reactive loading conditions or power factor conditions. The following contingencies are simulated for which the grid is required to remain stable:
A. Three-phase fault with breaker failure anywhere in the system.
B. Sudden loss of any large generating plant.
C. Sudden loss of all lines on any common right-of-way.
D. Sudden loss of any large aggregation of load or load center anywhere in the system.
Of these contingencies, it was found that a three-phase fault with breaker failure results in the largest transient swing. For this severe contingency, grid stability is maintained. Specific stability performance issues of VEGP are discussed below.
A. Frequency Decay Rate The maximum frequency decay rate possible from theoretical considerations for the 230-kV and 500-kV systems is 5 Hz/s and 5.4 Hz/s, respectively. These frequency decay rates are the theoretical maximums that occur with the simultaneous tripping of many 500-kV, 230-kV and 115-kV lines such that a large island is formed in which all generation, other than one VEGP unit, is off line.
The probability for such a scenario is immeasurably small. If for the improbable scenario just described, one additional major generating unit is in operation, the expected frequency decay rate is reduced to approximately 2 Hz/s for VEGP.
However, the probability for this system condition is also immeasurably small.
B. Load Dispatch System Automatic load dispatch is not used at the plant; therefore, the load dispatch system will not interfere with safety actions required of the reactor protection system.
In addition to the transient stability study described above, the stability of the grid is also assessed whenever a major electrical element, such as a bulk power transmission line or a 500/230-kV autotransformer in the vicinity of VEGP, is temporarily out of service. The assessment, although not specifically required, is to verify that preferred power will be available in the event another major transmission system element is lost while the offsite power system is in this temporary configuration. This assessment is based upon the guidelines of the Southeastern Electric Reliability Council (SERC) planning criteria to ensure that preferred power will be available. The assessment considers the actual and projected system power requirements, actual transmission elements in service, intercompany transactions, and other information, as applicable. If the grid is found to be potentially unstable, then appropriate actions will be taken in a timely manner.
8.2-4 REV 23 3/21
VEGP-FSAR-8 8.2.2.4 Conformance to Criteria The preferred power sources; i.e., the offsite sources, are not Class 1E and are not manufactured and purchased under a quality assurance program as described in chapter 17.
However, all material is the highest grade of commercial equipment manufactured to the industrial standards listed below. The design is similar to the Class 1E systems and subjected to the same type of reviews, checks, and calculation methods. As a result, the design is considered to meet General Design Criterion 1 of 10 CFR 50, Appendix A.
To comply with General Design Criterion 3, the offsite power systems have spatial separation and/or totally enclosed raceways over their entire length. Fire protection and detection are provided as discussed in subsection 9.5.1.
To comply with General Design Criterion 4, two of the offsite power sources are either direct buried or routed in duct banks and trenches below grade in exterior areas, and the other offsite source is routed overhead in cable trays.
Thus, all features of the offsite (preferred) power supply are designed to provide maximum practical reliability and redundancy in servicing the station safety load groups. Compliance with General Design Criterion 17, Electric Power System, is demonstrated by supplying the switchyard with ac power by two or more physically independent 230-kV circuits. Furthermore, the offsite power sources to the engineered safety features buses are either brought in by two physically independent circuits from the switchyard through the reserve auxiliary transformers (RAT) or another method of providing offsite power to either one of the engineered safety features buses is available with a 13.8-kV underground circuit emanating from the Georgia Power Company Plant Wilson switchyard through the standby auxiliary transformer (SAT) located in the Vogtle low voltage switchyard. Physical separation, the breaker-and-a-half switching configuration, redundant switchyard protection systems, and the transmission system are designed on load flow and stability studies to minimize simultaneous failure of all offsite power sources.
Compliance with General Design Criterion 18 is achieved by designing testability and inspection capability into the system and then implementing a comprehensive testing and surveillance program. The inspection and testing of the 230-kV and 500-kV breakers or disconnects, and the transmission line protective relaying can be done on a routine basis, without removing either the RATs, the SAT, or most transmission lines from service.
8.2.2.5 Standards and Guides In addition to the Nuclear Regulatory Commission General Design Criteria, the industry guides and standards listed below, and references thereto, are used in the design and procurement of the offsite power system.
A. Institute of Electrical and Electronic Engineers (IEEE) Standard 450-1995, IEEE Recommended Practice for Maintenance, Testing, and Replacement of Large Stationary Type Power Plant and Substation Lead Storage Batteries. The safety-related batteries will be tested periodically in accordance with the Technical Specifications and the version of IEEE 450 as described in the Bases for the Technical Specifications.
B. American National Standards Institute (ANSI) C37.010-1972, Application Guide for ac High Voltage Circuit Breakers.
8.2-5 REV 23 3/21
VEGP-FSAR-8 C. ANSI C37.90-1971, IEEE Standard for Relays and Relay Systems Associated with Electric Power Apparatus.
D. ANSI C57.12.00-1973, General Requirements for Distribution, Power, Regulating Transformers, and Shunt Reactors.
E. Insulated Cable Engineers Association (ICEA) S-19-81 (5th Edition), Rubber-Insulated Wire and Cable for the Transmission and Distribution of Electrical Energy, Revision 5, 1976.
F. ICEA S-66-524, Cross-Linked-Thermosetting-Polyethylene-Insulated Wire and Cable for the Transmission and Distribution of Electrical Energy, Revision 5, 1976.
G. ICEA S-68-516, Ethylene-Propylene-Rubber-Insulated Wire and Cable for the Transmission and Distribution of Electrical Energy, Revision 1, 1977.
H. IEEE Standard 383, Standard for Type Test of Class 1E Electric Cables, Field Splices, and Connections for Nuclear Power Generating Stations, February 28, 1974.
I. American Society of Testing Materials (ASTM) B8, Standard Specification for Concentric-Lay-Stranded Copper Conductors, Hard, Medium-Hard, or Soft, 1971.
J. ASTM-B33, Standard Specification for Tinned Annealed Copper Wire for Electrical Purposes, 1971.
K. ASTM-B189, Specification for Lead-Coated and Lead-Alloy-Coated Soft Copper Wire for Electrical Purposes, 1981.
8.2-6 REV 23 3/21
VEGP-FSAR-8 TABLE 8.2.1-1 (SHEET 1 OF 2)
SUMMARY
OF 230- AND 500-kV LINE CONSTRUCTION VEGP - Wilson VEGP -
VEGP - (4) VEGP - (2)(6) VEGP - West VEGP-(7) Combustion VEGP - S. Carolina VEGP - Augusta Goshen Line Name Vogtle Switching Station Warthen McIntosh(5) Thomson Turbine Elec. & Gas Corporate Park(3) (White)
Remote termination Augusta Newsprint Sub. Warthen West McIntosh Thomson Comb. Turb. Bus Savannah River Augusta Goshen Sub.
Sub. Sub Plant Sub. Corporate Park Sub Operating voltage (kV) 230 500 500 500 230 230 230 230 Scheduled completion 1983 2017 2017 2017 1984 1986 1986 1986 Line length (mi) 19.62(4) 153.70(2) 71.2(1) 55.2 1.35 21.6 14(3) 18.9 R/W width(ft) 2.09 mi @ 100 8.25 mi @ 262.5 150 150 150 4.5 mi @ 125 275 275 0.25 mi @ 125 13.00 mi @ 325 17.1 mi @ 100 17.28 mi @ 275 14.55 mi @ 400 117.63 mi @ 150 Line placement on 2.09 mi-centered 0.25 mi- 153.7 mi-75' from Centered Centered Centered Centered 62.5' from edge 137.5' from edge of R/W centered 17.28 mi-62.5 edge of R/W of R/W R/W from edge of R/W Terrain Flat Flat to rolling Flat to rolling Flat to rolling Flat Flat Flat Flat Conductor:
configuration single Bundled Bundled Bundled Single 4.5 mi @ Bundled Bundled 795 kcmil size 1351.5 kcmil 1113 kcmil 1113 kcmil 1113 kcmil 1351.5 Mcmil Bundled 795 kcmil ACSR ACSR type ACSR ACSR ACSR ACSR SSAC 1351.5 kcmil ACSR; 17.1 mi @
Bundled 1272 kcmil ACSR Phase/phase 20 28 28 42 20 4.5 mi @ 20 20 20 clearance (ft) 17.1 mi @ 19 Phase/ground 25 33 33 37 25 4.5 mi @ 25 25 25 clearance at max. 17.1 mi @ 26 oper. condition (ft)
REV 22 9/19
VEGP-FSAR-8 TABLE 8.2.1-1 (SHEET 2 OF 2)
VEGP - (4) Vogtle VEGP - West VEGP - Wilson VEGP - VEGP -(3) Augusta Switching VEGP - (2)(6) McIntosh(5) VEGP - (7) Combustion S. Carolina Corporate VEGP - Goshen Line Name Station Warthen (Thalman) Thomson Turbine Elec. & Gas Park (3) (White)
Unusual oper. none none none none none none none none conditions Major transmission none Waynesboro-Wadley 230-kV Wilson Branch-Goshen none 115 kV Urquhart- VEGP-Augusta VEGP-Augusta line crossing 230-kV; Plant Harllee combustion 230 kV Fairfax (SCE&G) Newsprint 230 kV; Newsprint 230 kV; Branch - Social turbine (MEAG); Goshen-Augusta Goshen-Augusta Circle No. 1 230 kV; Waynesboro Thomson- Newsprint 230 kV Newsprint 230 kV Plant Harllee Branch Warrenton 230
- Social Circle No. 2 kV; 230 kV; Plant Harllee Goshen-Branch - Klondike Waynesboro 115 230 kV; Plant Harllee kV (MEAG);
Branch - Thomson-Goshen 230 kV; Warrenton (White)
Plant Harllee 115 kV; Thomson-Branch - Evans 230 Warrenton (Black) kV 115 kV (1) This length includes 2.6 miles added at the VEGP site area after initial construction.
(2) In 2002, VEGP-Scherer line became the VEGP-Warthen, Warthen - Scherer lines with the addition of the Warthen substation approximately 76.5 miles from VEGP.
(3) The VEGP-Goshen (Black) line became the VEGP-Augusta Corporate Park line with the addition of the Augusta Corporate Park substation approximately 14 miles from VEGP.
(4) In 2014, VEGP-Augusta Newsprint line became the VEGP-Vogtle Switching Station and Vogtle Switching Station-Augusta Newsprint lines with the addition of the Vogtle Switching Station approximately 0.5 mile from VEGP.
(5) In 2017, the West McIntosh line was relocated to the VEGP Unit 4 500-kV switchyard. The Unit 4 switchyard busses were connected to the existing 500-kV switchyard busses by overhead tie lines as part of switchyard upgrades to support the output of Units 3 and 4.
(6) In 2017, the Warthen line was relocated to the Unit 5 500-kV switchyard as part of switchyard upgrades to support the output of Units 3 and 4.
(7) In 2017 the Thomson line was connected in place of the Warthen line as part of switchyard upgrades to support the output of Units 3 and 4.
REV 22 9/19
VEGP-FSAR-8 TABLE 8.2.1-2 THE ASSIGNMENT OF 230-kV CIRCUIT BREAKER SUPPLIES TO SUBSTATION BATTERIES Battery No. 1 Battery No.2 Line Line 230-kV CB Relaying(a) Close Trip No. Relaying(a) Close Trip No.
161760 P X 1 S 2 161860 P X 1 S 2 161960 P 2 S X 1 161750(b) P X 1 S 2 161850(b) P X 1 S 2 161950(b) P 2 S X 1 161710 P X 1 S 2 161810 P X 1 S 2 161910 P 2 S X 1 161730 S X 1 P 2 161830 S 2 P X 1 161930 S 2 P X 1 161720 P X 1 S 2 161820 P X 1 S 2 161920 P 2 S X 1 161740 P X 1 S 2 161840 P X 1 S 2 161940 P 2 S X 1 161770 S X 2 P 1 161990 P 1 S X 2
- a. P denotes primary; S denotes secondary.
- b. Future.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.2.1-3 THE ASSIGNMENT OF 500-kV CIRCUIT BREAKER SUPPLIES TO SUBSTATION BATTERIES Battery No. 1 Battery No. 2 Line Line 500-kV PCB Relaying(a) Close Trip No. Relaying(a) Close Trip No.
161520 P X 1 S 2 161620 P X 1 S 161660 P 2 S X 1 161510 P 1 S X 2 161600 P 1 S X 2 161610 P 1 S X 2 161650 P 1 S X 2
- a. P denotes primary; S denotes secondary.
REV 22 9/19
VEGP-FSAR-8 TABLE 8.2.2-1 46-, 69-, 115-, 230-, AND 500-kV LINE INTERRUPTIONS CAUSED BY LIGHTNING INTERRUPTIONS FOR 100 MILES FOR YEAR 1979 Type of Lines No. of Lightning Outages per and Voltage Miles Outages 100 Miles 500-kV steel towers 766.83 3.0 0.39 230-kV steel H-frame 3,289.03 23.0 0.70 and wood H-frame 115-kV wood H-frame, 5,408.72 305.00 5.64 wood SP, steel SP 69-kV wood H-frame 464.41 68.00 14.64 wood single pole 46-kV wood single pole 4,006.69 848.00 21.16 Duration of Outage 230-kV Lines Month Day Time (h) (min) (s)
Austin Dr.-Klondike 230 kV(a) 07 21 1510 000 00 00 Austin Dr.-Scottdale 230 kV((a) 07 20 1629 000 00 00 Bio-Center 230 kV((a) 06 30 0520 000 00 00 Bonaire-Butler 230 kV(a) 04 09 0138 000 00 00 Boulevard-Peachtree 230 kV(a) 08 26 1646 000 00 00 Bowen-Hammond No. 1 230 kV 04 12 0720 001 15 00 Bowen-Pinson 230 kV(a) 06 30 0442 000 00 00 Branch-Klondike 230 kV(a) 08 10 0004 000 00 00 Bremen-Villa Rica 230 kV 06 02 1413 000 00 15 Dum Jon-Evans 230 kV(a) 07 18 1403 000 00 00 Dum Jon-Evans 230 kV(a) 08 01 1423 000 00 00 E. Dalton-Widows Creek 230 kV(a) 05 13 0755 000 00 00 E. Dalton-Widows Creek 230 kV(a) 07 21 0929 000 00 00 Farley-S. Bainbridge 230 kV(a) 09 01 1936 000 00 00 Gaston AL-Yates 230 kV 08 10 1305 000 00 03 McDonough-Northwest 1 230 kV(a) 04 13 0914 000 00 00 McDonough-Northwest 1 230 kV(a) 04 13 0915 000 00 00 McDonough-Northwest 1 230 kV(a) 09 28 1928 000 00 00 McDonough-Northwest 1 230 kV(a) 09 28 1935 000 00 00 McDonough-Peachtree 230 kV(a) 05 01 0006 000 00 00 McDonough-Peachtree 230 kV(a) 08 31 2000 000 00 00 Nelson-Norcross 230 kV(a) 04 13 0834 000 00 00 Nelson-Norcross 230 kV(a) 08 11 1200 000 00 00
- a. Instantaneous; time was not recorded.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.2.2-2
SUMMARY
OF TRANSMISSION LINE FAILURES - 1979 Type of Failure Number Cause of Failure Number Pole 9 Lightning 1247 Line insulator 66 Trees 61 Switch 31 High winds 6 Cold weather 22 Conductors 33 Others(b) 532 Crossarm 14 Shield wire contact 13 Others(a) 146 Total failures 312 1868 Voltage Structure Number of Failure per Class Miles Failures 100 Miles of Line 500 kV 766.83 6 0.78 230 kV 3,289.03 43 1.31 115 kV 5,408.72 495 9.15 69 kV 464.41 109 23.47 46 kV 4,006.69 1527 38.11 Total 13,935.68 2180 15.64
- a. Other types of failure include conductor shorted together, foreign matter on lines, line switch failures, prearranged outages, and unknown causes.
- b. Other causes of failure include vandals, automobiles, trucks, airplanes, and unknown causes.
REV 14 10/07
VEGP-FSAR-8 8.3 ONSITE POWER SYSTEMS 8.3.1 AC POWER SYSTEMS 8.3.1.1 Description The onsite ac power system includes a Class 1E system and a non-Class 1E system.
8.3.1.1.1 Non-Class 1E System Onsite ac power is supplied from the 230-kV switchyard through reserve auxiliary transformers which feed non-Class 1E and Class 1E buses. Onsite ac power may also be supplied from the SAT, which receives its power from the 13.8-kV system at the Georgia Power Company Plant Wilson switchyard. Non-Class 1E ac power is distributed at 13.8 kV, 4.16 kV, 480 V, 277 V, 240 V, 208 V, and 120 V. Bus arrangements are shown in drawings 1X3D-AA-A01A, 2X3D-AA-A01A, and AX3D-AA-A01A.
The unit auxiliary transformers and the reserve auxiliary transformers each have one secondary winding rated at 13.8 kV and one secondary winding rated at 4.16 kV. Two 13.8-kV busses and three 4.16-kV busses supply power to nonsafety-related loads. Each 13.8-kV bus can be connected to a secondary winding of one of the reserve auxiliary transformers and also to a secondary winding of one of the unit auxiliary transformers.
The SAT has a single secondary 4.16-kV winding. When required for emergencies or RAT maintenance, the secondary winding may be connected to a Class 1E bus. While the SAT is in service some non-Class 1E loads, up to the SAT load limit, may also be supplied. The SAT loading is administratively controlled.
Two of the 4.16-kV busses can be connected to the secondary winding of one of the reserve auxiliary transformers and also to a secondary winding of the unit auxiliary transformer. The third 4.16-kV bus can be connected to the secondary winding of the second reserve auxiliary and unit auxiliary transformers. During starting of a unit, both 13.8-kV busses and the three 4.16-kV busses are supplied power from the reserve auxiliary transformers. Normally, these busses are then transferred to the unit auxiliary transformers during power generation by a manually initiated transfer.
Automatic fast bus transfer of the 13.8-kV busses with an automatic residual voltage transfer as a backup, from the unit auxiliary transformer to the reserve auxiliary transformers, is provided.
For the 4.16-kV bus transfer from the unit auxiliary transformers to the reserve auxiliary transformers, only automatic residual voltage bus transfer is provided.
When the SAT is replacing a RAT, neither the automatic, fast, or residual voltage bus transfer from the affected UAT 13.8-kV bus to the SAT is possible because the SAT does not have a 13.8-kV secondary winding. Therefore, the affected UAT 13.8-kV automatic bus transfer schemes are disabled. Automatic residual voltage transfer of the non-Class 1E 4.16-kV busses are also disabled during this time. The SAT may provide power to some non-Class 1E loads in addition to the connected Class 1E loads, but cannot supply the load of an entire non-Class 1E bus.
Each unit auxiliary transformer has the capacity to supply the connected non-Class 1E load.
8.3-1 REV 23 3/21
VEGP-FSAR-8 8.3.1.1.2 Class 1E System The Class 1E ac power system is the power source used in or associated with shutting down the reactor and preventing or limiting the release of radioactive material following a design basis event. The system is divided into two independent ac power trains, train A and train B, each fed from an independent Class 1E bus with immediate access to offsite power sources. Drawings 1X3D-AA-A01A and 2X3D-AA-A01A show a schematic of the Class 1E ac power system, for Units 1 and 2.
Each train of Unit 1 and 2 is independent, except the following Class 1E loads are common to Unit 1 and 2. They are powered from Class 1E sources associated with Unit 1 only and have no provision for connection to Unit 2 power supplies.
Load Source Fuel Handling Building Post-Accident Unit Heater A-1542-NM-001-H01 1ABA10 A-1542-N7-002-H01 1BBA10 Fuel Handling Building Post-Accident Exhaust Fan A-1542-N7-001-M01 1ABA08 A-1542-N7-002-M01 1BBA08 Fuel Handling Building Radiation Monitor ARX-2532 1AY2A06 ARX-2533 1BY2B06 All safety-related equipment is housed in Seismic Category 1 structures.
The Class 1E ac system distributes power at 4.16 kV, 480 V, and 120 V ac to all safety-related loads. Also, the Class 1E ac system supplies through isolation devices certain selected loads which are not safety related but are important to the plant operation. Drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B indicate the major safety-related and isolated nonsafety-related loads supplied by the Class 1E ac system.
The non-Class 1E ac system supplies preferred (offsite) power to the Class 1E ac system through the reserve auxiliary transformer 4.16-kV windings. Each reserve auxiliary transformer has the capacity to supply all connected non-Class 1E running loads and to start and run the loads of one Class 1E train, or to start and run the loads of both Class 1E trains. During modes 1 through 4, to ensure that one RAT has adequate capacity and capability to start and run both trains of LOCA loads, the following conditions shall be met:
- 1. Grid voltage shall be maintained at or above the minimum expected 100% grid voltage while the busses are interconnected to one RAT;
- 2. No additional non-Class 1E 4.16-kV loads, other than those normally fed from the Class 1E safety busses, shall be manually connected to the one RAT feeding both Class 1E busses; and
- 3. The automatic bus transfer schemes for the non-Class 1E 4.16-kV busses shall be disabled during the interconnection of both trains to one RAT.
The non-Class 1E ac system may also supply preferred offsite power to the Class 1E ac system from the SAT 4.16-kV winding. During modes 1 through 4, the SAT has adequate capacity and 8.3-2 REV 23 3/21
VEGP-FSAR-8 capability to start and run the loads of one Class 1E train. The SAT does not have the capacity or capability to simultaneously start and run both trains of LOCA loads. However, in modes 5 and 6, the SAT has adequate capacity and capability to provide power to the safety-related loads on two Class 1E 4.16-kV electrical busses provided one train of the safety injection (SI) signal from the sequencer is blocked. If only one Class 1E bus is supplied by the SAT, additional non-Class 1E loads may be manually added until the SAT capacity is reached. See paragraph 8.3.1.1.2.D for further discussion.
In addition to the above power distribution, the Class 1E ac system contains standby power sources which provide the power required for safe shutdown in the event of a loss of the preferred power sources. The power, control, and instrumentation cables essential for safe shutdown are routed with adequate separation from their redundant counterparts.
The following describes various features of the Class 1E systems:
A. Power Supply Feeders Each 4.16-kV load group can be supplied by one of two preferred power supply feeders or one diesel generator (standby) supply feeder. The preferred power supply feeders may be connected to either a RAT or the SAT. The SAT shall be connected to only one preferred power supply feeder at a time. Each 4.16-kV bus supplies motor loads and 4.16-kV/480-V load center transformers with their associated 480-V busses.
B. Bus Arrangements The Class 1E ac system is divided into two redundant trains per unit (trains A and B). For each unit, either one of the trains is capable of providing power to safely reach shutdown for that unit. Each ac train consists of a 4.16-kV bus, 480-V load centers, 480-V motor control centers, and lower voltage ac supplies. The dc control power to each train is provided from dc power supplies of the same train.
C. Loads Supplied from Each Bus Refer to drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B for a listing of Class 1E system loads and their respective busses.
D. Manual and Automatic Interconnections Between Busses, Busses and Loads, and Busses and Supplies No provisions exist for automatically connecting one Class 1E train to another redundant Class 1E train or for automatically transferring loads between trains.
Each Class 1E bus is provided with two (normal and alternate) offsite preferred power sources and one onsite standby power source. During normal operation with both offsite sources available, each Class 1E bus is supplied from a separate reserve auxiliary transformer. An additional preferred offsite power source, the SAT, is also available to supply the safety-related loads during an emergency or during RAT maintenance.
A circuit breaker is provided for both the normal and alternate offsite preferred power sources. Transfer to the alternate offsite source would be accomplished under administrative control by performing a manual, hot-bus transfer between the normal and alternate offsite power source. Electrical separation is maintained through the Class 1E circuit breakers on each bus which serve as Regulatory Guide 1.75 separation devices. See paragraph 8.3.1.4.3 and table 8.3.1-4 for further discussion of this subject.
8.3-3 REV 23 3/21
VEGP-FSAR-8 During power operation (modes 1 through 4), and only for purposes of facilitating the transfer of preferred offsite power sources, both Class 1E 4.16-kV busses may be manually connected to the same RAT by administrative control provided:
- 1. Grid voltage is maintained at or above the minimum expected 100% grid voltage while the busses are interconnected to the one RAT;
- 2. No additional nonsafety-related 4.16-kV loads, other than those normally fed from the Class 1E 4.16-kV safety busses, shall be manually connected to the RAT while the busses are interconnected; and
- 3. The automatic bus transfer schemes for the nonsafety-related 4.16-kV busses shall be disabled during the connection of both trains to one RAT.
The 13.8-kV fast and residual voltage bus transfer schemes for the remaining RAT in service need not be disabled. This provides a transfer method and power source for the bus from which two of four reactor coolant pumps are normally fed should a reactor/turbine trip occur during the time the busses are interconnected to one RAT. The SAT should not be utilized as a single source of power for both trains of safety loads during power operation (modes 1 through 4).
During unit shutdown (modes 5 and 6), both Class 1E 4.16-kV busses may be manually connected to the same offsite power source (RAT or SAT) by administrative control provided that the total load on the 4.16-kV non-Class 1E busses powered by the RAT shall not exceed 7500 kVA, or when connected to the SAT, the SAT's 1,735-A secondary winding ampacity rating shall not be exceeded. During modes 5 and 6, the SAT has adequate capacity and capability to provide power to the safety-related loads for two Class 1E 4.16-kV electrical busses provided the safety injection signal from the sequencer for one train is blocked. When one 4.16-kV Class 1E bus is supplied from the SAT, additional non-Class 1E loads may be connected until the SATs load limit is reached.
In all cases, when the 4.16-kV non-Class 1E busses are powered through the backfeed arrangement, then the automatic bus transfer schemes shall be disabled. However, the bus transfer schemes for 13.8-kV busses need not be disabled.
E. Interconnections Between Safety-Related and Nonsafety-Related Busses No interconnections are provided between the safety- and nonsafety-related busses at the same voltage level. The reserve auxiliary transformers supply power through the same 4.16-kV winding to both non-Class 1E and Class 1E busses.
There is one non-Class 1E 480-V switchgear bus powered through a transformer from each safety-related 4.16-kV bus. The 4.16-kV circuit breaker to which this load is connected is Class 1E qualified for the design life of the planta, in accordance with the requirements of Institute of Electrical and Electronic Engineers (IEEE) Standards 323 and 344. This circuit breaker is automatically tripped by the solid state protection system upon the receipt of a safety injection signal, but it can be manually reclosed under administrative control. Isolation is a
The operating licenses for both VEGP units have been renewed and the original licensed operating terms have been extended by 20 years. In accordance with 10 CFR Part 54, appropriate aging management programs and activities have been initiated to manage the detrimental effects of aging to maintain functionality during the period of extended operation (see chapter 19).
8.3-4 REV 23 3/21
VEGP-FSAR-8 therefore provided in accordance with the requirements of Regulatory Guide 1.75.
F. Redundant Bus Separation The Class 1E switchgear, load centers, and motor control centers for the redundant trains are located in separate rooms of the control building, auxiliary building, and diesel generator building in such a way as to ensure physical separation. Refer to paragraphs 8.3.1.4.1 and 8.3.1.1.7 for the criteria governing redundant bus separation.
G. Class 1E Equipment Capacities
- 1. 4.16-kV Switchgear Bus 2000 A continuous Incoming breakers 2000 A continuous, 350 MVA interrupting Feeder breakers 1200 A continuous, 350 MVA interrupting
- 2. 480-V Unit Load Centers Transformers 1000 kVA, 3 phase, 60 Hz, 4160/480 V Bus 1600 A continuous Incoming breakers 1600 A continuous, 50,000 A rms symmetrical interrupting Feeder breakers 800 A continuous, 30,000 A rms symmetrical interrupting
- 3. 480-V Motor Control Centers Horizontal bus 800 A continuous, 25,000 A rms symmetrical Vertical bus 600 A continuous, 25,000 A rms symmetrical Breaker (molded case) 25,000 A rms symmetrical minimum interrupting (singly for thermal-magnetic breakers and in combination with a starter for magnetic only breakers)
H. Automatic Loading and Load Shedding The automatic loading sequence of the Class 1E busses is indicated in drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B.
If preferred power is available to the 4.16-kV Class 1E bus following a loss-of-coolant accident (LOCA), the Class 1E loads will be started in programmed time increments by the load sequencer. The emergency standby diesel generator will be automatically started but not connected to the bus. In the event that preferred power is lost following a LOCA, the load sequencer will function to shed loads and connect the standby power source to the Class 1E bus. The load sequencer will then function to start the required Class 1E loads in programmed time increments.
Should a LOCA occur during sequencing after a loss of preferred power, the sequencer will automatically reset and begin sequencing all required loads.
Should a LOCA occur after sequencing has been completed, the sequencer will 8.3-5 REV 23 3/21
VEGP-FSAR-8 sequence those loads required for LOCA with no load shedding of previously connected loads.
A safety injection signal (SIS) will open the diesel generator breaker if it is paralleled with the offsite power system for testing as described in paragraph 8.3.1.1.3H. The diesel generator breaker will open, but the diesel will remain running as described above.
There are no permissive devices (e.g., lube oil pressure) incorporated into the final actuation control circuitry for large horsepower, safety-related motor-pump combinations.
Refer to paragraph 8.3.1.1.3 for additional information on load shedding and sequencing.
I. Class 1E Equipment Identification Refer to paragraph 8.3.1.3 for details regarding the physical identification of Class 1E equipment.
J. Instrumentation and Control Systems for the Applicable Power Systems with the Assigned Power Supply Identified The dc control supplies for switchgear breaker operation are separate and independent so that Class 1E dc train A normally supplies Class 1E train A switchgear. The battery chargers for dc train A are normally fed from the same train motor control centers. Class 1E dc train B supplies Class 1E train B switchgear. The battery chargers for dc trains C and D are normally fed from trains A and B motor control centers, respectively. For further information on the dc power system, refer to subsection 8.3.2.
Each 4.16-kV switchgear bus and 480-V load center bus is provided with common trouble alarm annunciation in the control room. This alarm summarizes bus undervoltage, overcurrent circuit breaker tripping and other miscellaneous improper switchgear conditions. In addition, the 4.16-kV switchgear is provided with bus negative sequence annunciation in the control room. The voltage of each 4.16-kV bus is monitored by instruments in the control room. Each 480-V motor control center is provided with common trouble annunciation in the control room. This annunciation is initiated by either an overload or a loss of control power at each load fed from the motor control center.
For a listing of the loads associated with these busses, see drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B.
K. Electric Circuit Protection Systems Protective relay schemes or direct-acting trip devices on primary and backup circuit breakers are provided throughout the onsite power system to:
Isolate faulted equipment and/or circuits from unfaulted equipment and/or circuits.
Prevent damage to equipment.
Ensure personnel safety.
Minimize system disturbances.
The short circuit protective system is analyzed to ensure that the various adjustable devices are applied within their ratings and set to be coordinated with 8.3-6 REV 23 3/21
VEGP-FSAR-8 each other to attain selectivity in their operation. The combination of devices and settings applied affords the selectivity necessary to isolate a faulted area quickly with a minimum of disturbance to the rest of the system.
Major types of protection applications that are used consist of the following:
- 1. Overcurrent Relaying Each supply feeder breaker from the unit auxiliary transformers (nonsafety-related) and the reserve auxiliary transformer is provided with three very inverse time phase overcurrent relays with instantaneous trip attachment (one per phase) and two level timers for instantaneous trip for phase-to-phase fault protection. Phase-to-ground fault protection for each supply feeder is provided with one very inverse time residual overcurrent relay without instantaneous unit.
Each 4.16-kV motor circuit breaker has three overcurrent relays, each with one long time and one instantaneous element for overload, locked rotor, and short circuit protection. Each 4.16-kV motor circuit breaker is also equipped with a ground residual current relay with one long time and one instantaneous element.
The current for Class 1E motors is monitored by an ammeter at the Class 1E switchgear.
Each 4.16-kV supply circuit breaker connected to a load center transformer has three overcurrent relays with very inverse time elements with instantaneous attachments. A residual ground overcurrent relay with one time overcurrent element and one instantaneous element provides sensitive ground fault protection.
- 2. Undervoltage Relaying Each 4.16-kV Class 1E bus is equipped with undervoltage relays (located at the sequencer for each Class 1E train) for diesel generator start initiation and undervoltage annunciation. (See paragraph 8.3.1.1.3F for further details.)
Each 480-V Class 1E load center bus is equipped with undervoltage relays for undervoltage annunciation.
- 3. Differential Relaying The main (nonsafety-related), unit auxiliary (nonsafety-related), and reserve auxiliary transformers are equipped with differential relays. These relays provide high speed disconnection to prevent severe damage in the event of transformer internal faults.
Motors rated 4500 hp and above are equipped with differential protection.
The main generator (nonsafety-related) and the standby emergency generator are provided with differential protection.
- 4. 480-V Load Center Overcurrent Relaying 8.3-7 REV 23 3/21
VEGP-FSAR-8 Each 480-V load center circuit breaker is equipped with a solid-state device which has an adjustable phase overcurrent trip. Breakers feeding motors have an instantaneous trip.
- 5. 480-V Motor Control Center Overcurrent Relaying Molded case circuit breakers provide time overcurrent and/or instantaneous short circuit protection for all connected loads. The molded case circuit breakers (MCCB) for motor circuits are equipped with instantaneous trip only.
Motor overload protection is provided by thermal trip units in the motor controller. The MCCB for nonmotor feeder circuits provide thermal overcurrent protection as well as instantaneous short circuit protection, with the exception of the Class 1E battery chargers where thermal magnetic or instantaneous trip only MCCB may be utilized due to high inrush current and to coordinate with the thermal magnetic trip breaker furnished locally at the battery chargers.
During startup and periodic testing, all starters for motor-operated valves are equipped with thermal overload relays wired into the control circuitry. Prior to core loading and during plant operation, the thermal overload relay trip contacts for all of the Class 1E valves (ac and dc) are permanently bypassed with jumpers, in accordance with Regulatory Guide 1.106.
The starters and the feeder circuit breakers located in the motor control center are coordinated with the motor control center incoming supply breakers so that, upon a fault, the protective device nearest the fault trips first.
L. Testing of the ac Systems During Power Operation All Class 1E circuit breakers and motor controllers are testable during reactor operation, except for the electric equipment associated with those Class 1E loads identified in chapter 7. During periodic Class 1E system tests, subsystems of the engineered safety features actuation system, such as safety injection, containment spray, and containment isolation, are actuated, thereby causing appropriate circuit breaker or contactor operation. The 4.16-kV and 480-V switchgear circuit breakers and control circuits can also be tested independently while individual equipment is shut down. These circuit breakers can be placed in the test position and exercised without operation of the associated equipment.
The use of jumpers or other temporary test arrangements which would bypass protective functions is not required to verify system capability to operate except during startup testing or as noted in paragraph 1.9.118.2.
M. Sharing of Systems and Equipment Between Units There is no sharing of Class 1E systems or equipment between units (with the exception of fuel handling building loads discussed in paragraph 8.3.1.1.2) in accordance with the requirements of Regulatory Guide 1.32 and 1.81.
N. Class 1E Equipment Qualification The equipment identified as safety related has been qualified as Class 1E equipment and is designated as Seismic Category 1. It has been shown to be capable of withstanding the environmental conditions to which it will be exposed.
(See sections 3.10 and 3.11 for further details of the equipment qualification.)
8.3-8 REV 23 3/21
VEGP-FSAR-8 8.3.1.1.3 Standby Power Supply The standby power supply for each safety-related load group consists of one diesel generator complete with its accessories and fuel storage and transfer systems. It is capable of supplying essential loads necessary to reliably and safely shut down and isolate the reactor. Each diesel generator is rated at 7000 kW for continuous operation and 7700 kW for a short-term (2-h) period every 24 h. The voltage and frequency recovery characteristics meet or exceed the requirements of Regulatory Guide 1.9. One diesel generator is connected exclusively to a single 4.16-kV safety feature bus of a load group. Each unit has two 4.16-kV Class 1E trains, and the safety-related equipment on both trains is similar. The trains are redundant, and, for each unit, one train is adequate to satisfy minimum engineered safety features demand caused by a LOCA and a simultaneous loss of preferred power supply. The diesel generators are electrically isolated from each other. Physical separation for fire and missile protection is provided between the diesel generators, since they are housed in separate rooms of the Seismic Category 1 diesel generator building. Power and control cables for the diesel generators and associated switchgear are routed to maintain physical separation.
Ratings for diesel generator sets are determined on the basis of nameplate rating, pump pressure and flow conditions, or motor brake horsepower. The nameplate ratings for each load are noted in drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B.
The loading profile for the diesel is shown in table 8.3.1-2. The continuous rating of the diesel generator is based on the maximum total load required at any time. The diesel generator is capable of operation at less than full load for extended periods of time as described in subsection 9.5.5.
The functional aspects of the onsite power system are discussed below:
A. Starting Initiating Circuits The diesel generators are started on the following:
Receipt of a safety injection signal.
Loss of voltage to the respective 4.16-kV Class 1E bus to which each diesel generator is connected.
Manual switch actuation (control room).
Manual switch actuation (diesel generator room).
Emergency manual switch actuation (diesel generator room).
Starting a diesel generator with a safety injection signal, a loss of 4.16-kV Class 1E bus voltage signal, or an emergency manual switch actuation will place that diesel generator in the accident operation mode.
Starting a diesel generator with a manual switch actuation from either the control room or the diesel generator room will place that diesel generator in the nonaccident operation mode.
Refer to the logic diagram provided in drawings 1X4AK01-30 and 1X4AK01-31.
B. Diesel Starting Mechanism and System Refer to subsection 9.5.6.
C. Tripping Devices The following protective functions are provided during operation of the diesel generator:
8.3-9 REV 23 3/21
VEGP-FSAR-8 High jacket coolant temperature.(1)(2)
High temperature lube oil.(1)(2)
Low jacket coolant pressure.(1)(2)
High temperature engine bearing.(1)(2)
Loss of field.(1)
Vibration.(1)(2)
Engine overspeed.
Low turbocharger oil pressure.(1)(2)
High crankcase pressure.(1)(2)
Low lube oil pressure.
Generator underfrequency.(1)(2)
Generator differential.
Generator reverse power.(1)(2)
Generator negative phase sequence.(1)(2)
Generator voltage controlled phase overcurrent.(1)
(1) Diesel engine/generator breaker trips blocked during safety injection initiated operation.
(2) Diesel engine and/or generator breaker trips blocked during emergency manual switch or LOSP initiated operation.
Reverse power, negative phase sequence, and underfrequency protection are permitted to trip only during operation of the diesel generator in parallel with the preferred power supply during manually initiated testing.
Underfrequency protection is provided to safely separate the diesel generators from the preferred source (when previously synchronized to it) without damage to or shutdown of the diesel generators. If the engine does not reach 200 rpm within a predetermined time following a start signal, the fail-to-start relay functions to restart the keep warm systems and alarm locally and in the control room.
The protective devices which function to shut down the diesel and which are also retained during an accident consist of the following:
Engine overspeed.
Generator differential.
Low lube oil pressure.
The low lube oil pressure trip is implemented by three independent measurements. Actuation of this trip is initiated by two-out-of-three coincident logic in accordance with Regulatory Guide 1.9.
Although the diesel generators are vital to the safety of the plant, no automatic bypass is provided for the protective devices which function to shut down the 8.3-10 REV 23 3/21
VEGP-FSAR-8 diesel during an accident, since each train is provided with one diesel generator.
Should one diesel generator be tripped by a protective device, the redundant train will function as a backup. Since the malfunctioning diesel generator is isolated before being seriously damaged, repairs could be performed while the redundant diesel is in operation.
The diesel generator control and monitoring equipment which is not by its nature required to be mounted on the diesel generator skid is located in free-standing control panels for each diesel generator unit to minimize or eliminate mechanical fatigue caused by vibration of the diesel generator during operation.
The diesel generators are monitored from the control room, and each device, when actuated, initiates an annunciator in the control room. These functions are also provided with alarms in the diesel generator room. The alarms, where possible, are set so that they provide a warning of impending trouble prior to tripping of the diesels.
Alarm 46, as shown in table 8.3.1-1, summarizes conditions which cause tripping of the diesel generators, render the diesel generators incapable of responding to an automatic start signal, accepting load, or which will, over time, cause the shutdown of the diesel generators. This alarm is actuated by emergency stop, maintenance lockout, engine overspeed trip, low starting air pressure, generator dc control power failure, the local-remote generator control switch in the local position, generator circuit breaker inoperable, diesel fuel storage tank pumps inoperable, diesel generator building ventilation fan transfer control switch in the local position or the remote control switch in the pull-to-lock position, diesel generator building ventilation fan discharge damper operator power failure, diesel generator failed to start relay, starting air control power failure, or diesel generator barring device engaged. This alarm is located on the system status monitoring panel in the main control room. Capability is provided for a manual initiation of the alarm at the system status monitoring panel to indicate a deliberately induced bypassed condition.
D. Interlocks Circuit breaker electrical interlocks are provided to prevent automatic closing of a diesel generator breaker to an energized or faulted bus.
If the preferred power has been lost, an undervoltage signal will trip the preferred offsite power incoming breakers as indicated in paragraph 8.3.1.1.3F.
Both 4.16-kV Class 1E busses have a circuit breaker installed in the normal and alternate preferred offsite power source cubicles. Either breaker is capable of connecting the bus to an offsite power source. Both Class 1E 4.16-kV busses may be manually connected and paralleled to the same offsite power source as discussed in paragraph 8.3.1.1.2.D. The connection would be accomplished under administrative control by performing a manual, hot-bus transfer between the normal and alternate offsite sources. Although the preferred offsite power sources are momentarily paralleled during a hot-bus transfer, electrical interlocks are provided to prevent the preferred offsite power sources from remaining paralleled.
E. Permissives A single switch in the diesel generator room is provided for each diesel generator to block automatic start signals when the diesel is out for maintenance.
8.3-11 REV 23 3/21
VEGP-FSAR-8 When in the local-manual position, an annunciator is initiated in the control room.
A pushbutton in the control room and a local pushbutton in the diesel generator room are provided to allow manual start capability.
An emergency start is provided in the diesel generator room which bypasses the automatic start signals to allow a manual start of the diesel. During periodic diesel generator tests, subsequent to diesel start and synchronization to the preferred system, a switch in the control room allows parallel operation with the preferred power source.
F. Load Shedding Circuits Upon recognition of a loss of or degraded voltage on a 4.16-kV Class 1E bus, a logic signal is initiated to effect the following on each load group through the safety feature sequencer:
Shed all loads; load center transformers remain connected.
Send signal to start diesel generator.
Trip 4.16-kV preferred power supply breaker.
Two voltage sensing schemes for each Class 1E 4.16-kV bus are employed to initiate the logic signal. One scheme will recognize a loss of voltage, and the other will recognize degraded voltage conditions. Each scheme is provided voltage signals through four potential transformers located on each bus.
Logic is provided to allow load shedding and tripping of the incoming breaker on two-out-of-four undervoltage logic signals. These devices are set to operate with a time delay of 0.8 s at a minimum of 70% of nominal voltage which is below the minimum expected voltage during diesel generator sequencing. The undervoltage sensing device design meets the applicable requirements of IEEE 279.
Additional undervoltage logic circuits are provided for each bus to recognize degraded voltage conditions. These circuits are set to operate at a minimum of 88.5% of nominal voltage with a maximum time delay of 20 s. This setpoint is above the minimum motor starting voltage during normal operation; however, the time delay has been selected to prevent unwanted tripping and undervoltage-induced damage to the safety-related loads. Load shedding and tripping of the incoming breaker is provided by two-out-of-four undervoltage logic.
A two-out-of-four undervoltage logic set at 93.1% of nominal voltage with a time delay of 10 s is also provided to initiate an alarm in the control room to warn the operators of a degraded voltage condition. An SIS subsequent to the initiating of this alarm does not separate the auxiliary power system from the offsite power system. Studies have been performed which indicate that at the degraded voltage trip setpoint indicated above, based on the worst case motor thermal damage curve, the permanently connected Class 1E loads will not be damaged.
These studies also indicate that adequate voltage is provided to allow starting of the loads.
After a diesel generator has been started and reaches rated voltage and frequency, the generator circuit breaker connecting it to the corresponding 4.16-kV bus closes, energizing that bus and the associated load center transformers.
Each diesel generator is designed to accept loads within 9.5 s after receipt of a 8.3-12 REV 23 3/21
VEGP-FSAR-8 start signal, and all automatically sequenced loads are connected to the Class 1E bus within 30.5 s thereafter.
As discussed in subsection 15.0.8, the safety analysis postulates a 12 s diesel start time which includes the initial sequencer loading step. (Refer to drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-02B.) Relays at the diesel generator detect generator-rated voltage and frequency conditions and provide a permissive interlock for the closing of the respective generator circuit breaker. Upon loss of the preferred source of power without a LOCA, the load sequencer system initiates the starting of the diesel generators, trips the 4.16-kV preferred power supply breaker, and sheds all loads. The load sequencer for each diesel then automatically initiates the starting of the safe shutdown loads. When an SIS is present, connection of the diesel generator to the 4.16-kV bus is not made unless the preferred source of power is lost (4.16-kV undervoltage).
Following diesel start and connection to the Class 1E bus, the loads are automatically sequenced onto the bus at programmed 5-s time intervals. The load shed feature is bypassed during sequencing of loads. The load shed signal is automatically or manually reset if the diesel generator breaker opens before all the loads are sequenced onto the bus. A fast responding exciter and voltage regulator ensure voltage recovery of the diesel generator after each load step, in accordance with requirements of Regulatory Guide 1.9. Field flashing is utilized on the diesel generators for fast voltage buildup during the start sequence.
Should a LOCA occur during load sequencing or after sequencing is completed, the SIS will restart the sequencer, which will sequence those loads required for LOCA conditions. No load shedding other than the nonsafety-related loads identified in drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B will occur.
Once load sequencing has been completed, or if the diesel generator breaker opens before all the loads are sequenced onto the bus, the load shed and resequence capability is automatically reinstated for an undervoltage sensed at the 4.16-kV Class 1E bus. Logic has been provided that prevents more than three undervoltage conditions from being recognized within a 2-h period. The first and second undervoltage signal will initiate load shed and resequence of the required loads. The third undervoltage signal will initiate a load shed only.
Reinstatement of sequencing can be accomplished by manually resetting a timer located at the sequencer. This limitation is provided to prevent automatically exceeding the manufacturer's recommendations concerning motor start capability of two successive starts within a 2-h period.
The diesel generator sequencers were designed in compliance with the requirements in IEEE 603 (1991). Programmable digital components and devices within them additionally comply with IEEE Std 7-4.3.2 (1993).
A breaker in each 4.16-kV Class 1E bus supplies power through a nonsafety transformer (1/2NB01X and 1/2NB10X) to loads listed in drawings 1X3D-AA-K02A, 2X3D-AA-K02A, 1X3D-AA-K02B, and 2X3D-AA-K02B. An SI signal automatically trips the breaker previously closed. After it has been tripped, the operators can close it under administrative control to reenergize the selected nonsafety loads, should their operation be desired.
8.3-13 REV 23 3/21
VEGP-FSAR-8 The voltage levels at safety-related busses are optimized for the expected load conditions throughout the anticipated range of voltages by the setting of no-load transformer taps. The tap setpoints are based upon the design voltage ranges available from the reserve auxiliary transformers. The Technical Specifications indicate the voltage setpoint parameters of the diesel generators to be compatible with the transformer tap setpoints. Verification of the proper tap selection will be accomplished by actual measurement in the field.
All time delays associated with sequencer trip conditions and sequence stepping include +/-50 ms tolerance.
G. Loss of a Diesel Generator Should a diesel generator fail due to a mechanical or electrical malfunction or be tripped by one of the trip signals listed in paragraph 8.3.1.1.3C, the sequencer will shed all loads after the diesel generator breaker has opened. The diesel generator breaker will open on any one of the trip signals listed in paragraph 8.3.1.1.3C or following a diesel generator stop signal.
After the required repairs have been completed, the diesel generator can be started remotely from the main control room or locally from the engine control panel in the diesel generator building. Once the diesel has started and has reached rated voltage and frequency, it will be loaded as described in paragraph 8.3.1.1.3F.
H. Testing Because the diesel generators are of the type and size that have been previously used as a standby emergency power source in other nuclear power plants, the following site tests are given during the plant preoperational test program and during the plant operation. The test procedures shall include a final equipment check prior to starting these tests.
- 1. During the plant preoperational test programs only, 35 consecutive start tests for each diesel generator with no failures are to be run to demonstrate the required reliability.
- 2. During the plant operation, a single start test on 31-day test intervals will be performed. The periodic testing of diesel generator units during the plant operation is to:
- a. Demonstrate that the diesel starts and gradually accelerates to at least 440 rpm, and verify that the required voltage and frequency are attained.
- b. Demonstrate maximum expected load-carrying capability for an interval of not less than 1 h. The maximum expected loading for VEGP is based on a loss of offsite power without a LOCA.
This test may be accomplished by synchronizing the generator with the offsite system, by connecting through either a RAT or the SAT, and assuming a load at the maximum practical rate.
- c. Demonstrate that the capability of the diesel generator unit to supply emergency power is not impaired.
8.3-14 REV 23 3/21
VEGP-FSAR-8
- 3. Diesel generator failures will be addressed in accordance with plant procedures that implement the provisions of 10 CFR 50.65, "Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants."
- 4. The Technical Specifications will include requirements such that during the preoperational period tests are run during shutdown (except for tests described by items f, g, h, and k) to verify the following. The test procedures shall include a final equipment check prior to starting these tests. Tests described by items f, g, h, and k may be performed during any mode of plant operation as required. Technical Specification frequencies shall be controlled under the Surveillance Frequency Control Program using NEI 04-10 guidelines.
- a. Demonstrate that on loss of offsite power the emergency busses have been deenergized and that the loads have been shed from the emergency busses in accordance with design requirements.
- b. Demonstrate that on loss of offsite power the diesel generators start on the autostart signal, load shed occurs, the emergency busses are energized along with load center transformers, the autoconnected shutdown loads are energized through the load sequencer, and the system operates for 5 min while the generators are loaded with the shutdown loads.
- c. Demonstrate that on a safety features actuation signal (without loss of offsite power) the diesel generators start on the autostart signal and operate on standby for 5 min.
- d. Demonstrate that on loss of offsite power, in conjunction with a safety features actuation signal, the diesel generators start on the autostart signal, load shed occurs, the emergency busses are energized along with load center transformers, the autoconnected emergency (accident) loads are energized through the load sequencer, and the system operates for 5 min while the generators are loaded with the emergency loads.
- e. Deleted
- f. Demonstrate maximum expected load-carrying capability for 24 h, of which 22 h are at a load equivalent to the maximum expected loading of the diesel generator and 2 h at a load equivalent to or greater than 105%
of the maximum expected loading of the diesel generator.
- g. Demonstrate functional capability at full load temperature conditions by verifying the diesel starts upon receipt of a manual or auto-start signal, and generator voltage and frequency are attained within the required time limits. This test will be performed within 5 min of shutting down the DG after the DG has operated a minimum of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> at full load in accordance with Technical Specifications.
- h. Demonstrate proper operation during diesel generator load shedding, including a test of the loss of the largest single load and of complete loss 8.3-15 REV 23 3/21
VEGP-FSAR-8 of load. Verify that the overspeed limit is not exceeded.
- i. Demonstrate the ability to:
Synchronize the diesel generator unit with the offsite system while the unit is connected to the emergency load.
Transfer the emergency load to the offsite system.
Restore the diesel generator unit to standby status.
- j. Deleted
- k. Demonstrate that the fuel transfer pumps transfer fuel from each fuel storage tank to the day tank of each diesel generator via installed cross-connection lines.
- l. Demonstrate that, with the diesel generator operating in a test mode, connected to its bus, a simulated safety injection signal overrides the test mode by: (1) returning the diesel generator to standby operation, and (2) automatically energizing the emergency loads with offsite power.
- 5. The test procedures will specifically state that the diesel generator unit is to be reset at the conclusion of the test to allow an automatic start when required.
I. Fuel Oil Storage and Transfer Systems The diesel generator fuel oil system is described in subsection 9.5.4.
The diesel generator cooling water system is described in subsection 9.5.5.
J. Diesel Generator Cooling and Heating Systems K. Instrumentation and Control Systems for Standby Power Supply Equipment is provided in the control room for each diesel generator for the following operations:
Manual starting and stopping.
Manual and automatic synchronization.
Manual frequency and voltage setting.
Emergency stop.
Voltage regulator manually actuated droop and reset.
A transfer switch is provided in each diesel room for local remote control selection. The switch is normally in the remote position, whereby the engineered safety features system senses an accident or loss of preferred power and starts the diesel. The transfer switch is placed in the local position to allow manual operation of the diesel locally when it is out for maintenance. Equipment is provided locally at each diesel generator for manual starting in case of a control room evacuation. The local emergency start functions to start the diesel generator, regardless of the position of the transfer switch.
8.3-16 REV 23 3/21
VEGP-FSAR-8 Equipment is provided at each local control panel for the following operations (when the transfer switch is in the local position):
Manual starting.
Manual stopping.
Manual frequency and voltage setting.
Manual exciter field removal and reset.
Voltage regulator manually actuated droop and reset.
The local control operation is annunciated in the control room. The dc power source for the safety-related diesel generator instrumentation and control system is of the same load group as the respective diesel generator.
Each diesel generator local control panel is equipped with the alarms listed in table 8.3.1-1. The alarms are duplicated in the control room.
Electrical instruments are provided in the control room for surveillance of generator voltage, current, frequency, power, and reactive volt amperes and at the diesel generator for surveillance of generator voltage, current, and frequency.
The breaker status of each 4.16-kV breaker of the engineered safety features system is displayed by red and green indicating lamps in the control room. Local indication is provided at the switchgear.
A light is provided on the system status monitor panel to determine the availability of the diesel generator. This light is activated by the conditions identified in paragraph 8.3.1.1.3C.
There will be a time delay initiated to prevent the starting of the diesel generator when the engine is intentionally shut down such as during periodic surveillance testing. This time delay is for approximately 90 seconds. If during the 90-s time delay period a manual start attempt is initiated, the engine will not start because fuel to the engine will be blocked. If the operator depresses the manual start pushbutton during the 90-s time delay period, the starting air valves will open for 5 s and automatically close after the 5 s have elapsed. This built-in 5-s time limit on the opening of the starting air valves is to prevent the depletion of the starting air.
However, if a diesel generator is being manually stopped and an emergency start signal (loss-of-coolant accident or loss of offsite power) is received at the control panel during the 90-s time delay period, the engine control system will automatically bypass the 90-s time delay and will allow fuel oil and starting air to be admitted to the engine. Also, the 5-s time limit will be automatically bypassed; i.e., the starting air valves remain open until the engine starts (starting air pressure above 150 psig), or until the starting air pressure drops to 150 psig. At this pressure, the automatic start attempt will stop because at 150 psig the starting air valves automatically close. At this point, the engine can only be started manually by pushing the manual start button. Pushing the manual start button will cause the starting air valves to open again. There is no built-in time delay between the conclusion of the automatic start sequence and the manual start attempt in a situation as described above. In other words, if the engine fails to start automatically, a manual start can be initiated immediately. The starting air sequence is designed in this manner so that the manual start attempt capability is available if an automatic start attempt fails. The engine can be 8.3-17 REV 23 3/21
VEGP-FSAR-8 manually started in this manner until the starting air pressure drops to 90 psig.
Generally, starting air pressure below 90 psig will not start the engine when an attempt is initiated.
There is an additional time delay associated with a diesel manual or emergency start that is received while the diesel is ramping up in speed from a slow start initiation. The engine ramp time is approximately 25 s and will not be affected by any subsequent start signal. An emergency start signal will deactivate the normal trips, but will not affect engine rate of acceleration.
For the diesel generator to be automatically started or started from the control room, the mode switch on the engine control panel must be in the "Operational" position, and the point of control (local/remote) switch on the generator control panel in the "Remote" position. If either of the switches is not in these positions, an alarm in the control room on the system status monitor panel and diesel annunciator panel will alert the operator that the diesel is disabled.
In order to maintain the emergency start capability of the diesel generator, operating procedures will specify that periodic surveillance testing is to be initiated only from the control room; i.e., control switch is in the "Remote" position. Also, the operator will be made aware of the built-in 90-s time delay and will be instructed not to initiate manual starting of the engine during this period.
To minimize the accumulation of dust in the diesel generator building, the floors and walls are coated with epoxy to prevent concrete abrasive dust from becoming airborne and interfering with operation of electrical equipment. Diesel engine control panels located in the diesel generator building are not dusttight; however, the generator control cabinet enclosures are NEMA 12 dusttight, and ventilated with filtered louvers. The generator control cabinets have openings at the bottom to receive conductors from trenches and conduits. After installation, these openings will be sealed to limit entry of dirt, moisture, and oil vapors.
General house cleaning and maintenance procedures require cleaning of the control panels as required in accordance with the preventative maintenance program. This will prevent accumulation of dust on electrical components and ensure that starting and operation of the diesel generator are not compromised.
Thermostatically controlled space heaters are provided in the generator control cabinets and the engine control cabinets to minimize moisture accumulation inside these cabinets. Combustion air and ventilation provisions associated with the diesel generators are described in subsections 9.5.8 and 9.4.7, respectively.
L. Conformance to Branch Technical Position (BTP) ICSB-8 The emergency diesel generators will not be used for peaking service in accordance with BTP ICSB-8, Use of Diesel-Generator Sets for Peaking.
M. Programs for training, maintenance, and operations will be implemented as discussed in chapter 13.
N. The maintenance/surveillance program, developed by the Cooper-Enterprise Clearinghouse, has been implemented.
8.3-18 REV 23 3/21
VEGP-FSAR-8 8.3.1.1.4 Control Rod Drive Power Supply Electric power to control rod drive mechanisms is supplied by two full-capacity, motor-generator sets. Each motor-generator set is powered from a separate non-Class 1E 480-V load center.
Each generator is of the synchronous type and is driven by a 200-hp induction motor. The ac power is distributed to the rod control power cabinets through two Class 1E series-connected reactor trip breakers.
8.3.1.1.5 Vital Instrument ac Power Supply Four independent Class 1E 120-V vital instrument ac power supplies are provided to supply the four channels of the protection systems and reactor control systems. Each vital instrument ac power supply consists of an inverter and a distribution panel. Trains A and B are provided with two inverters and two distribution panels.
Each distribution panel has two incoming breakers which are interlocked so that only one breaker can be closed at a time. The normally closed breaker is the inverter supply. The normally open breaker is the 120-V ac inverter backup supply from a 480/120-V regulated transformer.
Normally, the inverter is operating to supply the vital ac bus. Each inverter is supplied by a Class 1E 125-V dc system, as described in subsection 8.3.2. If an inverter is inoperable or is to be removed from service, the vital ac bus can be supplied from the 120-V ac inverter backup supply (480/120-V regulated transformer) associated with the same load group by repositioning the distribution panel input breakers. Administrative controls ensure that no more than one vital ac bus is powered from the regulated transformer backup power supply at any one time during routine preventive maintenance on the associated inverter. Refer to drawings 1X3D-AA-G01A, 1X3D-AA-G02A, 1X3D-AA-G02C, 2X3D-AA-G01A, 2X3D-AA-G02A, and 2X3D-AA-G02C for the arrangement of the vital instrument ac power supplies.
8.3.1.1.6 Non-Class 1E Instrument ac Power Supply The nonvital 120-V instrument ac power supply is designed to furnish reliable power to all nonsafety-related plant instruments. A schematic of this system is shown in drawings 1X3D-AA-G01B and 2X3D-AA-G01B.
The control building nonvital instrument ac system for each unit consists of six essential instrument panels and five (four on Unit 2) regulated instrument bus panels. Each panel has normal and alternate incoming breakers interlocked so that only one can be closed at a time.
The normal supply to essential instrument panel NY1N is from its associated inverter. The normal supply to regulated instrument bus panel NYR is from its associated regulated transformer. The alternate supply to the regulated instrument bus panel NYR is from the normal supply to regulated instrument bus NYS. The alternate supply to essential instrument panel NY1N is a feeder breaker in regulated instrument bus panel NYR. Regulated instrument bus panel NYS and essential instrument panel NY2N receive power similarly. Essential instrument panel NY4N normally receives power from its associated inverter. An alternate power supply is provided by a mechanically interlocked incoming circuit breaker which is powered from a regulated transformer. Each regulated transformer is sized to supply 120-V ac power to its associated normal essential instrument panels and regulated instrument panels.
8.3-19 REV 23 3/21
VEGP-FSAR-8 A sixth regulated instrument bus panel (1NYJ) is located in the auxiliary building. (Panel 2NYJ is supplied from a nonregulated source.) Its two incoming breakers (interlocked so that only one is closed at a time) receive power from regulated transformers fed from separate normal 480-V ac motor control centers.
Regulated instrument bus panel NYRS has interlocked main incoming breakers which are powered from two separate regulating transformers. Inverter-powered panel NY3N (NY5N, NY01, and NY6N are supplied from NY3N) panel ANYT2 and panel ANYT3 powers the main plant computer and its peripherals. Panel NY3N also supplies panel NY01, which powers the radiation monitoring computer and its peripherals.
Panel NYC2 provides power for the rod position indication systems. It has interlocked main incoming breakers which are powered from two separate Class 1E regulating/isolation transformers.
Essential instrument panels common to both units have also been provided for the technical support center and the central and secondary alarm stations as shown in drawings AX3D-AA-G02B and AX3D-AA-G02C.
8.3.1.1.7 Electrical Equipment Layout The following are the general features of the electrical equipment layout:
A. Class 1E switchgear, load centers, and motor control centers of redundant load groups are located in separate rooms within Seismic Category 1 buildings.
B. Four Class 1E battery supplies are located in the control building. Each battery is located in a separate room. Battery ventilation considerations are addressed in subsection 9.4.5.
C. The battery charger, inverter, manual transfer switch, and dc busses associated with each of the four subsystems are in separate rooms outside the battery rooms.
D. Two cable spreading rooms are provided, one above and one below the control room. This enhances redundant cable separation.
E. Redundant diesel generators and associated supporting equipment are located in separate rooms in the Seismic Category 1 diesel generator building.
Electrical equipment layout drawings showing the location of electrical equipment are listed in section 1.7.
8.3.1.1.8 Design Criteria for Class 1E Equipment Design criteria for the Class 1E equipment are discussed below:
A. Motor Size For all motors rated above 480 V, the nameplate horsepower is generally equal to or greater than the maximum horsepower required by the driven load under normal running or runout conditions except for the centrifugal charging pumps, residual heat removal pumps, containment spray pumps, and auxiliary feedwater pumps which are all under the scope of the nuclear steam supply system (NSSS) supplier.
8.3-20 REV 23 3/21
VEGP-FSAR-8 The containment spray pump, and residual heat removal pump motors have a service factor of 1.15 and the required brake horsepower is within the capability of the motor service factor rating of 1.15. The centrifugal charging pump (CCP) motor is rated at 600 hp with a service factor of 1.15. An engineering study concluded that the Unit 1, Train A CCP motor is capable of a 715-hp rating with a service factor of 1.0. This bounds all normal and runout/transient operating conditions for the Unit 1, Train A CCP. The auxiliary feedwater pump motor is rated at 900 hp, and the maximum brake horsepower required is 962 hp during various plant transient conditions. An engineering study was performed by Westinghouse that concluded the auxiliary feedwater pump motors are acceptable for the overload condition.
B. Minimum Motor Accelerating Voltage All Class 1E motors fed from the 4.16-kV busses are specified with accelerating capability at 75% of the motor nameplate rating (4000 V). Class 1E motors rated for use on lower voltage busses, which are required to start concurrently with large 4-kV motors, are specified with accelerating capability at 75% of the motor nameplate rating, with the exception of the boric acid transfer pump, which are specified at 80% of the motor nameplate rating.
Calculations have been made indicating that these motors will not be provided power at less than their specified capabilities.
Class 1E motor-operated valve (MOV) torque/thrust capability is based on the available voltage at the MOV's terminals. The MOV voltage analysis includes degraded grid cases with the starting of MOVs simultaneously with other loads as well as individual MOV starts. Some of the available voltages are below the 75 or 80% of the nameplate rating specified accelerating capability. MOV capability and limitations are documented in calculations.
The electrical system is designed so that the motor terminal voltage supplied to each Class 1E motor will permit acceleration of that motor.
C. Motor Starting Torque The motor starting torque is capable of starting and accelerating the connected load to normal speed within sufficient time to perform its safety function for all expected operating conditions, including the design minimum bus voltage stated in paragraph 8.3.1.1.3.
D. Minimum Motor Torque Margin over Pump Torque Through Accelerating Period The minimum torque margin (accelerating torque) is such that the pump motor assembly reaches nominal speed within sufficient time to perform its safety function at design minimum terminal voltage.
E. Motor Insulation Insulation systems are selected on the basis of the particular ambient conditions to which insulation is exposed. For Class 1E motors located within the containment, the insulation system is selected to withstand the postulated accident environment.
F. Temperature Monitoring Devices Provided in Large Horsepower Motors Each motor in excess of 1500 hp is provided with six resistance temperature detectors (RTD) embedded in the motor slots, two per phase. In normal 8.3-21 REV 23 3/21
VEGP-FSAR-8 operation, the RTD at the hottest location (selected by test) monitors the motor temperature and provides a computer alarm in the control room on high temperature. Each 4.16-kV motor bearing (except residual heat removal motor) is provided with one thermocouple which will provide an alarm on bearing high temperature.
G. Interrupting Capacities The interrupting capacities of the protective equipment are determined as follows:
- 1. Switchgear Switchgear interrupting capacities are greater than the maximum short circuit current available at the point of application. The magnitude of the short circuit currents in the medium voltage systems is determined in accordance with American National Standards Institute (ANSI) C37.010-1972. The offsite power system, a single operating diesel generator, and running motor contributions are considered simultaneously in determining the fault level. All motors connected to the bus are considered to be running when the short circuit is postulated.
High voltage power circuit breaker interrupting capacity ratings are selected in accordance with ANSI C37.06-1971.
- 2. Load Centers, Motor Control Centers, and Distribution Panels Load centers, motor control centers, and distribution panel circuit breakers have a symmetrical rated interrupting current as great as the determined total available symmetrical current at the point of assumed fault. Symmetrical short-circuit current is determined in accordance with the procedures of ANSI C37.13-1973 for low voltage circuit breakers other than molded case breakers and of National Electrical Manufacturers Association (NEMA)
Standards Publication AB 1 for molded case circuit breakers.
H. Electric Circuit Protection Refer to paragraph 8.3.1.1.2K for criteria regarding the electric circuit protection.
I. Grounding Requirements Equipment and system grounding has been designed using IEEE 80-1971, Guide for Safety in ac Substation Grounding, and IEEE 142-1972, Recommended Practice for Grounding of Industrial and Commercial Power Systems, as a guide.
J. Safety-Related Cable The 5-kV safety-related power cable insulation and the 600-V power and control cable insulation utilized in balance-of-plant applications are type EPR/HYP with hypalon in the jacket. The balance of plant safety-related instrument and specialty cable insulation consists of moisture, radiation, and ozone-resistant thermosetting compounds. The jackets used on these cables consist of flame retardant, moisture, radiation, and ozone-resistant thermosetting compounds.
8.3-22 REV 23 3/21
VEGP-FSAR-8 Safety-related cables are qualified for the design life of the planta as described in IEEE 323-1974 and 383-1974. The cable supplied under the NSSS scope is qualified in accordance with the methodology outlined in WCAP-8587 for the applicable system or component in which the cable is installed.
8.3.1.1.9 Heat Tracing Systems There are no Class 1E heat tracing systems required to ensure the safe operation of the plant.
The chemical and volume control system, safety injection system, and the waste processing system liquid are provided with temperature monitoring and alarms for annunciation to help ensure the boric acid is maintained at or above 65F. The alarms are powered from non-Class 1E busses which are backed by the onsite emergency diesel generators. The heat traced portions of the auxiliary feedwater, vacuum degasifier systems for RMWST and CST, demineralizer water system, and nuclear service cooling water systems are provided with nonredundant heat tracing systems for freeze protection. The containment hydrogen monitoring system, and the radiation monitoring system, are provided with nonredundant heat tracing systems powered from non-class 1E busses which are backed by the onsite emergency diesel generators, with the exception of the radwaste processing facility. The heat tracing for the radwaste processing facility is supplied from the facility's normal power supply.
8.3.1.1.10 Electrical Equipment Subject to Submergence Due to Containment Flooding Electrical equipment located in the containment building that would be subject to submergence under a LOCA condition includes miscellaneous nonsafety-related and safety-related equipment.
Equipment faults due to submergence would not cause damage to containment building electrical penetrations because the associated power circuits are either disconnected, are protected by redundant overcurrent protective devices, or have fault currents at the penetration below the penetration damage level (see paragraph 8.3.1.1.12).
The nonsafety-related devices are not designed for operation under water; however, there would be no effect on the safety-related power systems, since this equipment is powered from nonsafety-related busses.
The safety-related equipment includes the nuclear instrumentation detectors (source, intermediate, and power range), and extended range excore neutron detectors, reactor vessel level instrumentation system (RVLIS) temperature compensation RTDs, containment reactor cavity sump level transmitter, accumulator isolation valves, one reactor coolant system hot leg wide range pressure transmitter, and the steam generator blowdown flow transmitters. The safety-related excore neutron detectors (source, intermediate, power, and extended range) could be subjected to submergence following a postulated design basis accident. However, the submergence period would allow time for the detectors to perform their intended function of detecting the reactor shutdown and to establish other means of long-term shutdown verification, such as post accident sample analysis. The safety-related reactor cavity sump narrow range level transmitter could also be subjected to submergence following a postulated design basis a
The operating licenses for both VEGP units have been renewed and the original licensed operating terms have been extended by 20 years. In accordance with 10 CFR Part 54, appropriate aging management programs and activities have been initiated to manage the detrimental effects of aging to maintain functionality during the period of extended operation (see chapter 19).
8.3-23 REV 23 3/21
VEGP-FSAR-8 accident. However, the containment wide range level transmitters and narrow range level transmitters on the north and south normal drain sumps would be used to provide diverse and unambiguous indication of containment water level. The hot leg pressure transmitter and the blowdown flow transmitters are not required to be functional, should containment flooding occur.
In addition, accumulator discharge valves HV-8808A, B, C, and D could also be submerged following a LOCA. Refer to paragraph 6.3.2.2.16 for a discussion of the consequences of these valves becoming submerged. The submergence of the RVLIS RTDs has been evaluated, and it was concluded that the RVLIS accuracy requirements are within the allowable limits.
8.3.1.1.11 Motor-Operated Valves with Power Lockout The motor-operated valves that require power lockout to meet BTP ICSB 18 and that have the means to accomplish power lockout are listed and outlined as follows:
A. The following motor-operated valves power lockout and restoration capability is accomplished at the main control board:
HV-8806 Safety injection pump suction from refueling water storage tank HV-8835 Safety injection pump cold leg injection HV-8802A, B Safety injection pump hot leg injection HV-8840 Residual heat removal pump hot leg injection HV-8809A, B Residual heat removal pump cold leg injection HV-8813 Safety injection pump miniflow isolation B. The following motor-operated valve power lockout is accomplished by padlocking the circuit breaker at the motor control center during startup and maintained in the locked open position during reactor power operation:
HV-8808A, B, C, D Accumulator isolation valves In addition, the emergency core cooling system motor-operated valves (item A) are provided with valve position-indicating light boxes to provide a continuous indication of valve position.
The Technical Specifications list these valves and their required positions.
8.3.1.1.12 Containment Building Electrical Penetrations The electrical penetrations, with the exception of fiber optic feedthroughs, are protected from damage resulting from overcurrent conditions through the use of redundant overcurrent protective devices as indicated in paragraph 1.9.63.2.
The use of series Class 1E fuses for backup protection on the 480-V switchgear power circuits is justified by the fact that fuses are passive devices which have proven coordination characteristics and reliability. Similarly, for motor control center power circuits, fuses in series with thermal-magnetic breakers is justified by the fact that fuses are passive devices which have proven coordination characteristics and reliability.
Figure 8.3.1-1 provides the overcurrent protection coordination curves for each type of power or control circuit connected to the electrical penetrations. These curves provide justification that, for those circuits having sufficient power to damage the penetration, the overcurrent protective devices will operate to disconnect power prior to such damage occurring, thus maintaining the 8.3-24 REV 23 3/21
VEGP-FSAR-8 integrity of the containment pressure boundary in accordance with the requirements of General Design Criterion 50.
Spliced connections at the penetrations are accomplished using compression lugs with heat shrinkable tubing termination kits (such as manufactured by Raychem Corporation). The insulating materials used in these kits contain no epoxy. Splice kits qualified for the design life of the planta in accordance with IEEE 323 and 383 are used on safety-related circuits.
8.3.1.1.13 Residual Heat Removal Isolation Valve Power Supply Trains A and B residual heat removal isolation valves are powered from train A and B motor control centers, respectively. The train C and D valves are powered through 125-V dc/480-V ac, three-phase inverters and combination starter units from the train C and D Class 1E dc systems, respectively. The inverters and combination starter units are qualified for the design life of the plantb in accordance with the requirements of IEEE 323 and 344.
8.3.1.2 Analysis For discussion of regulatory guides in regard to Class 1E ac systems, refer to section 1.9 and subsection 8.1.4. Compliance with General Design Criteria 17 and 18 is discussed in section 3.1.
A failure modes and effects analysis for the onsite power supply systems is provided in table 8.3.1-3. The failure analysis of the 120-V vital ac system is included in table 8.3.2-5.
Qualification of electrical equipment is addressed in sections 3.10 and 3.11.
8.3.1.3 Physical Identification of Safety-Related Equipment Each circuit and raceway is given a unique identification number. This number provides a means of distinguishing between circuits and raceways of different voltage level or separation groups. Each raceway is color coded with indelible ink, paint, or adhesive markers (adhesive markers are not used in the containment building) at intervals of 15 ft or less along the length of the raceway and on both sides of floor or wall penetrations. Each cable is color coded at a a
The operating licenses for both VEGP units have been renewed and the original licensed operating terms have been extended by 20 years. In accordance with 10 CFR Part 54, appropriate aging management programs and activities have been initiated to manage the detrimental effects of aging to maintain functionality during the period of extended operation (see chapter 19).
b The operating licenses for both VEGP units have been renewed and the original licensed operating terms have been extended by 20 years. In accordance with 10 CFR Part 54, appropriate aging management programs and activities have been initiated to manage the detrimental effects of aging to maintain functionality during the period of extended operation (see chapter 19).
8.3-25 REV 23 3/21
VEGP-FSAR-8 maximum of 5-ft intervals along the length of the cable, and cable markers showing the cable identification number are applied at each end of the cable.
The following color coding is used for all identification purposes, except at the main control board:
Separation Safety Protection Color Group Train Channel Code A A I Brown B B II Green C C III Blue D D IV Yellow N None None Black For the color coding used on the main control board, see chapter 18.
In addition, raceway separation groups are clearly identified on design drawings for all equipment and raceways.
8.3.1.4 Independence of Redundant Systems 8.3.1.4.1 General The routing of cable and the design of raceways is such that no single credible event is capable of disabling redundant safety-related systems.
8.3.1.4.2 Cable Derating and Cable Tray Fill The ampacity rating of cables is established in accordance with Insulated Cable Engineers Association (ICEA) P-46-426 and P-54-440. Generally, power cables, feeding loads from switchgear, motor control centers, and distribution panels are sized based on 125% of the full load current at a 100% load factor.
Where cumulative effects of actual operation or installation conditions require encroachment into the 25% allowance, engineering analysis is performed to verify adequacy of cable ampacity for the actual operating or installation condition. In addition, cables are derated in accordance with ICEA P-46-426 where cable spacing in open top punched bottom tray is less than one diameter or the ambient temperature is greater than 40°C. The ampacity of maintained spacing 13.8-kV, 4.16-kV, and 480-V load center power cables in tray have been determined in accordance with ICEA Publication No. P-46-426 for punched bottom, open top trays, ICEA Publication No. P-54-440 for solid bottom open top tray, or punched bottom with solid cover trays. Six hundred-V power cables in trays have been sized in accordance with ICEA Publication No. P-54-440. Where covers in excess of 6 ft in length have been installed on random fill trays, engineering analysis has been performed to assess any ampacity derating effects of the cover. Where maintained spacing cables are routed in solid bottom tray fittings with solid covers in excess of 6 ft in length, the cables have been derated in accordance with ICEA P-46-426 for cables in enclosed raceway. Power cables penetrating fire stops have been derated by 10%.
8.3-26 REV 23 3/21
VEGP-FSAR-8 The 13.8- and 4.16-kV power cables generally maintain a minimum spacing of one cable diameter between adjacent cables in a single layer. The 480-V load center power cables have a minimum spacing of 1/4 cable diameter. Where justified by analysis done on a case-by-case basis, minimum spacing of 1/4 diameter for 13.8- and 4.16-kV power cables and less than 1/4-diameter spacing for 480-V load center power cables have been permitted. Motor control center power cables and control and instrumentation cables are random fill. Control and instrument cable tray design fill is 40% of the area of the tray being used; 4-in. deep trays are used in all areas of the plant except where the 40% maximum fill of the 4-in. deep tray would be exceeded, in which case a 6-in. deep tray is used. Low voltage power trays are limited to a fill of 30% of the area of a 3-in. loading depth tray.
When greater than 40% fill for control tray or 30% for power tray is unavoidable, analysis is performed to ensure the cables' ampacities have been properly derated. Cable trays will not be filled above the siderails except at transitions (tees, elbows, cable entrances and exits, etc.).
The cables above the siderails are routed back below the siderails within 12 ft from the transition. Whenever trays are filled above the siderails, the required Regulatory Guide 1.75 separation is measured to the uppermost cable in the tray.
8.3.1.4.3 Cable Routing There are five separation groups for the cable and raceway system: groups A, B, C, D, and N.
Separation group A (4.16 kV, 480 V, 120 V ac, and 125 V dc) contains circuits from safety train A and protection channel I (120 V ac, 125 V dc, and instrumentation). Similarly, separation group B contains circuits from safety train B and protection channel II; group C, train C, and channel III; group D, train D, and channel IV; and group N, normal, nonsafety-related circuits.
Cables of one separation group are run in separate raceways and physically separated from cables of other separation groups. Group N raceways are separated from safety-related groups A, B, C, and D. However, raceways from group N are routed in the same areas as the safety-related groups per the spatial separation requirements of Regulatory Guide 1.75.
In general, the minimum spatial separation requirements are as follows:
A. Within the cable spreading rooms, control room, and shutdown rooms, the minimum vertical separation for open top cable tray is 3 ft, and the minimum horizontal separation is 1 ft. The minimum separation distance between enclosed raceways qualified as barriers is 1 in. The minimum separation distance between non-Class 1E conduit and Class 1E open top cable trays is 1 in.
Testing and analyses have been performed for circuits of voltage levels 480 volts or lower to determine alternate reduced separation distances where these general minimum separation distances have not been met. The testing and analyses have been performed as allowed by Section 6.1.1.3 of IEEE 384-1981 and by Regulatory Guide 1.75. Refer to table 8.3.1-4 for circuits where analysis has been used.
B. Within general plant areas the minimum vertical separation is 5 ft, and the minimum horizontal separation is 3 ft for open top cable tray. The minimum separation distance between enclosed raceways qualified as barriers is 1 in. The minimum separation distance between non-Class 1E conduit and Class 1E open top cable trays is 1 in.
8.3-27 REV 23 3/21
VEGP-FSAR-8 Testing and analyses have been performed for circuits of voltage levels 480 volts or lower to determine alternate reduced separation distances where these general minimum separation distances have not been met. Analyses have also been performed for reduced separation of Class 1E 4160-V cables from non-1E 480 V and lower voltage cables. The testing and analyses have been performed as allowed by Section 6.1.1.3 of IEEE 384-1981 and by Regulatory Guide 1.75.
Refer to table 8.3.1-4 for circuits where analysis has been used.
C. Within panels and control boards,(a) the minimum spatial separation between components or cables of different separation groups (both field-routed and vendor-supplied internal wiring) is 6 in. Where it is not possible to maintain this separation, barriers are installed between components and wiring of different separation groups, or analysis has been performed to determine the minimum separation requirements. Refer to subsection 7.1.2 for separation requirements inside Westinghouse panels and control boards and to table 8.3.1-4 for circuits where analysis has been used.
Where barriers are required, one of the following methods of providing separation is used between any two separation groups within panels and control boards:
- 1. If both groups are redundant Class 1E circuits, separation is provided by routing the circuits in separate metallic conduit or enclosed wire duct, or by wrapping the wires of one or both of the separation groups in silicon dioxide cloth (siltemp 188 CH).
- 2. If one of the separation groups is non-Class 1E, only those circuits are required to be routed in metallic conduit or enclosed metallic wire duct.
Alternatively, the non-Class 1E cables may be wrapped in silicon dioxide cloth (siltemp 188 CH). See table 8.3.1-4 for further details.
- 3. A single barrier is provided with a 1-in. maintained air space between the components or cables of redundant separation groups and the barrier.
- a. The control board or panel is considered to extend to the bottom of the floor penetration fire barrier seal including any floor slots, penetrations, etc.
D. Where spatial separation requirements between raceways of different separation groups are not met, fire barriers are installed as follows:
- 1. Where the minimum vertical separation is not maintained, a barrier is installed which extends at least 6 in. on each side of the tray system or to the wall, if a wall is within 6 in. when the trays are arranged in stacks.
Within the cable spreading area, where the trays cross each other, a barrier extending at least 1 ft on each side of the tray system is installed.
Within the general plant areas, however, the barrier extending at least 1 ft on each side of the top trays and 3 ft on each side of the bottom trays is installed. However, for trays containing circuits 480 V or lower voltage and cables 2/0 AWG or smaller, the barrier needs only extend 1 ft. on each side of the top and bottom trays.
(a)
The control board or panel is considered to extend to the bottom of the floor penetration fire barrier seal including any floor slots, penetrations, etc.
8.3-28 REV 23 3/21
VEGP-FSAR-8
- 2. Where the minimum horizontal separation is not maintained, a barrier is installed which extends from at least 1 ft above (or to the ceiling) to at least 1 ft below (or to the floor) the tray system.
E. Where raceways of different separation groups are brought to a single enclosure, separation is accomplished by the use of conduit routed in opposite directions from the enclosure, using the enclosure as a barrier, or by wrapping the cabling of one of the separation groups in silicon dioxide cloth (siltemp 188 CH). Refer to table 8.3.1-4 for details of the use of silicon dioxide cloth as a barrier.
Non-Class 1E circuits are electrically isolated from Class 1E circuits, and Class 1E circuits from different separation groups are electrically isolated with the use of isolation devices, shielding and wiring techniques, physical separation (in accordance with Regulatory Guide 1.75 for circuits in raceways), or an appropriate combination thereof.
When isolation devices are used to isolate Class 1E circuits from non-Class 1E circuits, the circuits within or from the Class 1E equipment or devices to the isolation device(s) are identified as Class 1E and are treated as such. Beyond the isolation device(s) these circuits are identified as non-Class 1E and are separated from Class 1E circuits in accordance with the separation criteria described above.
Certain applications use Class 1E circuit breakers, fuses, or other devices for isolation. Specific cases are described below:
- 1. The cables feeding the non-Class 1E pressurizer heaters use two non-Class 1E circuit breakers in series as protection for each Class 1E containment penetration. Cables from the nonsafety load centers (two of which are connected to the emergency busses) follow separate routes to the splice box under the pressurizer. The two circuit breakers in series for each circuit are qualified to seismic requirements and are coordinated with the load center supply and feeder breakers. Where the Class 1E distribution systems electrify certain pressurizer heaters, the Class 1E to non-Class 1E isolation is provided by the Class 1E 4.16-kV switchgear by a 4.16-kV qualified isolation device (as noted in paragraph 8.3.1.4.3.E.2.).
- 2. Class 1E 4.16-kV Circuit Breaker Trips on Safety Injection Actuation Signal.
The Class 1E 4.16-kV circuit breakers are tripped on receipt of an accident signal which will isolate the downstream non-Class 1E circuits and loads from their respective Class 1E power sources under accident conditions and therefore pose no threat to the Class 1E sources. The Class 1E 4.16-kV circuit breakers are therefore acceptable for use as isolation devices.
- 3. Circuit Breakers - Redundant, Molded Case Class 1E Two molded case circuit breakers are used in series (120-V-ac distribution panel branch breaker and the distribution panel main breaker) to provide isolation between Class 1E 480-V busses and non-Class 1E motor space heaters mounted in Class 1E motors.
The two breakers are coordinated such that protection is provided to the circuit in the event of failure of the primary protection device (branch circuit breaker).
8.3-29 REV 23 3/21
VEGP-FSAR-8
- 4. Class 1E 13.8-kV Circuit Breaker and Current Transformers The RCP motor Class 1E current transformers installed in the RCP motor non-Class 1E circuit, are not to provide isolation, but together with the Class 1E protective relaying, are used to ensure the tripping of the Class 1E circuit breaker when an abnormal overcurrent condition occurs. In any event, the assured tripping of Class 1E circuit breaker will prevent the current transformers and the protective relays from being damaged.
- 5. Class 1E Battery Charger Battery chargers are used as isolation devices between separation groups as shown in drawing 2X3D-AA-G01A.
A fault on the primary side of the battery charger (fault on 480-V-ac bus) will not affect the secondary side of the battery charger (125-V-dc side) because the fault current on the primary side of the battery charger will be cleared by the battery charger feeder breaker, which is upstream of the battery charger.
Postulated failures on the secondary side of a battery charger will not result in unacceptable effects on the primary side.
- 6. Fuses Fuses are used in control circuits to provide isolation as follows:
- a. Between Class 1E voltage transformer secondary circuits and non-Class 1E plant fault recorder and between Class 1E voltage transformer secondary circuits and non-Class 1E diesel generator auto synchronizer.
- b. Between the two Class 1E contacts in series (synchronizing switch contact and diesel generator break auxiliary contact) and non-Class 1E diesel generator auto synchronizer. The series contacts are used to give permissive signal to the auto synchronizer.
- c. Between Class 1E control power circuit in the electric hydrogen recombiner control panel and the non-Class 1E temperature controller (used for indication only).
- d. Between Class 1E control power circuits in the nuclear instrumentation system and non-Class 1E circuits used for high flux at shutdown, indication, and annunciation.
- 7. Isolation Relays Auxiliary relays are used in control circuits to provide isolation as follows:
- a. The majority of the auxiliary relays used as isolating relays are barrier-mounted. The barrier effectively isolates the coil and the contact wiring.
- b. Auxiliary relays are used for interfacing diesel generator Class 1E circuit with the nonsafety-related diesel generator autosynchronizer for paralleling the diesel generator with offsite power during testing.
8.3-30 REV 23 3/21
VEGP-FSAR-8
- c. Relays are used for interfacing the safety features sequencer with nonsafety-related 480-V load centers to shed the nonsafety-related load centers from 4.16-kV emergency bus on a safety feature actuation signal.
- 8. Optical Isolator Optical isolators are furnished in the isolation device panels and diesel engine control panel.
- a. Optical isolators in the isolation device panels are the Reliance Electric Company IsoMate digital isolation system. Barrier panels built into the panels provide front-to-rear separation between Class 1E and non-Class 1E wiring compartments. A 5-in. air gap formed by the barriers separates the two compartments.
- b. Optical isolators in the diesel engine control panel are used solely to isolate the Class 1E diesel generator circuitry from a non-Class 1E annunciator mounted in the same panel.
The non-Class 1E wiring emanating from isolation devices and extending beyond the equipment panels is separated from high energy power cables by routing these cables through control level trays as described in paragraph 8.3.1.4.3.G.
- 9. Transformer Modulation Isolator Validyne Engineering Corporation transformer-modulated isolators are used to provide Class 1E to non-Class 1E isolation for low energy analog instrumentation signals. The analog input signals are modulated, transformed, and demodulated to provide the required isolation. This isolator is used for interfacing Class 1E circuit with nonsafety-related auxiliary feedwater turbine-driven pump speed indicator.
- 10. Ferro Resonant Transformers IEEE Standard 449-1990 covers the ferro resonant transformer voltage regulator of the type that is used as an isolation device. The overload characteristic with unsaturated series inductance, Figure 10 of this standard, describes the performance of the Solidstate Controls, Inc., regulating transformers, which are used at VEGP. This output voltage vs. output current characteristic indicates the constant output over the regulating range to full-rated current and then an overload current with reduced output voltage which proceeds to a limiting short-circuit current. Tests performed by Solidstate Controls, Inc., on a single unit of each transformer model verify this characteristic.
These transformers limit the input current for an output fault to a range within the limits set forth in IEEE 449 (1990). These transformers also meet the requirement for current limiting isolation devices as specified in Regulatory Guide 1.75 (IEEE 384, 1981).
8.3-31 REV 23 3/21
VEGP-FSAR-8 For additional information on isolation device application, see responses to NRC questions of April 30, 1984.
- 11. Current Transducer Isolator Scientific Columbus Company current transducers are used to provide Class 1E to non-Class 1E isolation for low energy analog instrumentation signals.
This isolator is used to interface Class 1E control circuits with the non-Class 1E plant computer system.
These isolators were qualified by Scientific Columbus to Reference Standard Number 1. The isolators were qualified by Brown-Boveri Electric, Inc. to Reference Standard Numbers 2 and 3. The isolators were evaluated by Georgia Power Company against the requirements of Reference Standard Number 4. In addition, these isolators passed a dielectric breakdown test rated at 1500 volts.
Reference Standards
- 2. IEEE 323, 1974 "Guide for Qualification Class 1E Electrical Equipment for Nuclear Power Generating Stations."
- 3. IEEE 344, 1975 "Guide for Seismic Qualification of Class 1E Electrical Equipment For Nuclear Power Generating Stations."
- 4. IEEE 384, 1981 "Standard Criteria for Independence of Class 1E Equipment and Circuits."
F. Power and control cables are installed in conduit or ventilated bottom trays (punched or ladder type). Solid tray covers are used in all outdoor locations and indoors where trays run in areas where falling debris is a problem.
Instrumentation cables are routed in conduit or solid bottom cable tray with solid tray covers. Communications (voice, data, video) cables not used for the control or monitoring of plant equipment may be routed without the use of conduits or trays and is qualified to IEEE 383-1974 flame test or better.
G. Separate trays are provided for each voltage service level: 13.8 kV, 4.16 kV, 480 V, 120-V ac and 125-V dc, control, and instrument. Vertically stacked trays are arranged from top to bottom as follows:
13.8 kV.
480-V power from load centers.
480-V low voltage power and 120-V ac or 125-V dc with loads of 10 A or more.
Control.
Instrument.
In general a minimum of 10-in. vertical spacing is maintained between trays of different service levels within the same stack.
8.3-32 REV 23 3/21
VEGP-FSAR-8 With the exception of lighting panel feeders, which are routed in trays, lighting circuits are routed in conduit or utilize aluminum sheath (ALS) cable. Lighting circuits inside containment utilize conduit or copper sheath (CUS) cable.
Raceways from safety-related groups A and C are located in the lower cable spreading room.
Raceways from safety-related groups B and D are located in the upper cable spreading room.
Group N raceway is routed into both upper and lower cable spreading rooms.
All raceways installed in Seismic Category 1 structures have seismically designed supports.
Trays and rigid conduit are not attached rigidly to Seismic Category 1 equipment.
Raceways running between Seismic Category 1 structures are designed in the following manner to prevent damage to the raceway or associated cabling during seismic events. Conduits running between structures are either connected with a minimum of 2 ft of flexible conduit or are provided with expansion/deflection fittings. Cable trays running between structures are supported independently in each Category 1 structure with no rigid mechanical connection of the tray at the interface. Those cables which require maintained spacing are not tied down to the tray for a distance of 5 ft on either side of the interface.
A high energy line break analysis and missile impact study is performed for all rooms or compartments containing large rotating machinery or high energy piping. Where hazards to safety-related raceways are identified, a predetermined minimum separation is maintained between the break and/or missile source and any safety-related raceway, or a reinforced concrete barrier designed to withstand the effects of each hazard is placed to prevent damage to raceway of redundant systems. The hazards analysis is further described in appendix 3F.
8.3.1.4.4 Hazard Protection Where redundant safety-related raceway systems traverse each other, separation in accordance with Regulatory Guide 1.75 as a minimum is maintained. In areas where external hazards such as high energy pipe breaks, missiles and flooding exist, separation and/or barriers shall be as described below.
Where redundant circuits, devices, or equipment (different separation groups) are exposed to the same external hazard(s), predetermined spatial separation shall be provided. Where the spatial separation cannot be met, qualified barriers are installed. For details on fire protection, see subsection 9.5.1.
8.3.1.4.5 Control of Compliance with Separation Criteria During Design and Installation Compliance with design criteria to ensure the independence of redundant systems is a supervisory responsibility during both the design and installation phases. The responsibility is discharged by:
A. Identifying applicable criteria.
B. Issuing working procedures and construction specifications to implement these criteria.
C. Modifying procedures to keep them current and workable.
D. Checking manufacturing drawings, procedures, and specifications to ensure compliance with criteria and procedures.
8.3-33 REV 23 3/21
VEGP-FSAR-8 E. Controlling installation and procurement to ensure compliance with approved and issued drawings and specifications.
F. Separation and hazard reviews conducted by a multidiscipline physical design review team.
8.3.1.4.6 Cable Splices - See paragraph 1.9.75.2.
8.3.1.5 Standard Review Plan Evaluation The diesel generator controls and monitoring instruments are not mounted on a vibration-free floor area, and vibration isolators have not been provided on the associated control cabinets.
The mounting requirement for the diesel generator control panels specified by the vendor is that the panels are to be floor mounted with anchor bolts without using vibration isolators. Also, the seismic qualification testing performed on the control panels by the vendor was conducted by bolting the panels to the shake table to simulate actual field mounting condition. The control panels are qualified in accordance with IEEE 323-1974 which addresses vibration aginga.
The diesel generator buildings for Units 1 and 2 are similar in design. The concrete foundation for each building is 114 ft x 94 ft x 9 ft thick. The diesel generator, control panels, and associated equipment are mounted on the building foundation, and the anticipated vibration is not considered detrimental to the operation of the controls and monitoring instruments.
8.3.2 DC POWER SYSTEMS 8.3.2.1 Description The dc systems provide a reliable source of continuous power for control, instrumentation, and dc motors. There are four 125-V-dc safety features systems per unit, four 125-V dc nonsafety systems per unit, and seven 125-V-dc nonsafety systems common to both units.
8.3.2.1.1 The 125-V dc Safety Features Systems There are four safety features 125-V-dc systems (identified A, B, C, and D) per unit. Each system has a 59-cell lead-calcium battery, switchgear (electrically operated drawout circuit breakers), two redundant battery chargers, one manual transfer switch, two inverters, and 125-V-dc distribution panels (molded case circuit breakers). Systems A, B, and C each have a 125-V-dc motor control center for motor-operated valves. An individual cell equalizer (ICE) may be connected across each battery cell. This device provides an alternate path for the electric charge current as a function of the individual battery cell voltage. Within the operation range of the ICE device, the energy input and storage capability of the individual cells are better matched. The operating range of the ICE device is within the normal voltage and float current a
The operating licenses for both VEGP units have been renewed and the original licensed operating terms have been extended by 20 years. In accordance with 10 CFR Part 54, appropriate aging management programs and activities have been initiated to manage the detrimental effects of aging to maintain functionality during the period of extended operation (see chapter 19).
8.3-34 REV 23 3/21
VEGP-FSAR-8 operation of the batteries. There is no capability to connect the dc systems between themselves, between Unit 1 and Unit 2 systems, or between the safety features systems and the nonsafety features systems.
The 125-V-dc systems A, B, C, and D supply dc power to channels 1, 2, 3, and 4, respectively, and are designated as Class 1E equipment in accordance with the applicable sections of Institute of Electrical and Electronic Engineers (IEEE) Standard 308. They are designed so that no single failure in any 125-V-dc system will result in conditions that will prevent the safe shutdown of the reactor plant. The plant design and circuit layout from these dc systems provide physical separation of equipment, cabling, and instrumentation essential to plant safety.
Each system is located in an area separated physically from other systems. All the components of the 125-V-dc Class 1E systems are housed in Category 1 structures.
Each 125-V-dc battery is separately housed in a ventilated room apart from its chargers and distribution equipment. Batteries are sized in accordance with IEEE 485 to have sufficient capacity to supply the required loads for a LOCA/LOSP duration of 2 3/4 h and a station blackout (SBO) duration of 4 h. For LOSP/LOCA, they are sized at a minimum temperature of 70°F; their initial capacity was increased by 10% for load growth and 25% for aging. For SBO, 10% design growth was not considered for battery size verification, as other conservatism was applied to the SBO analysis. The required final (end of duty cycle and end of life) battery cell voltages for each load group have been analyzed to demonstrate that adequate voltage is provided to the loads. Batteries are sized to ensure that all battery voltages at the last minute of the 2 3/4-hour LOCA/LOSP discharge cycle or at the last minute of the 4-hour SBO duty profile at a battery room minimum temperature of 70°F are:
Train A 109.7 V/battery Train B 109.7 V/battery Train C 108.3 V/battery Train D 106.2 V/battery Battery sizes (based on 77°F and 1.80V/cell final voltage) are:
Unit 1 A and B: 1719 Ah at 2.75-h rate; 2365 A for 1 min.
Unit 2 A and B: 1629 Ah at 2.75-h rate; 2241 A for 1 min.
C: 880 Ah at 2.75-h rate; 915 A for 1 min.
D: 564 Ah at 2.75-h rate; 775 A for 1 min.
Each 125-V-dc battery is provided with two battery chargers, each of which is sized to supply the continuous (long term) demand on its associated dc system while providing sufficient power to replace 110% of the equivalent ampere-hours removed from the battery during a design basis battery discharge cycle (as indicated by the load requirements in tables 8.3.2-1 through 8.3.2-4 and 8.3.2-6 through 8.3.2-9) within a 12-h period after charger input power is restored. A battery fully charged condition is defined as the condition where there is sufficient charge to allow a complete battery discharge cycle upon loss of charger power. The batteries are normally float charged at 2.20- to 2.25-V/cell. The sizing of each battery charger meets the requirements of IEEE 308 and Regulatory Guide 1.32. Load sharing circuitry is provided to ensure that the dc load is properly shared between the two chargers, if it is desired to operate with both battery chargers online. The battery chargers are each provided with an equalizing timer and a manual bypass toggle switch permitting periodic equalizing charges at 2.33 to 2.38 8.3-35 REV 23 3/21
VEGP-FSAR-8 V/cell or 137.5 to 140 V/battery. Equalizing battery charges are performed as required after a deep discharge or as needed based upon cell voltage and/or specific gravity readings. Each charger is provided with automatic current-limiting control which can be adjusted over the range of 100 to 115% of rated current. The battery chargers are specified to maintain an output voltage regulation of 1% from no load to full load output over the entire input voltage range expected on the 480-V-ac system. The output is filtered to limit the ripple voltage to a maximum of 3% rms with the battery disconnected.
If a dc overvoltage condition is sensed by a battery charger, the battery charger input circuit breaker is automatically tripped and a battery charger trouble alarm is annunciated in the main control room. All equipment connected to the dc power system has been specified to operate continuously at 140 V-dc which exists during the period that the batteries are being equalized.
All equipment is also specified to operate at 100 V-dc with the exception of the vital ac buses inverter systems, the reactor trip switchgear, the turbine driven auxiliary feedwater pump controls, inverters for the residual heat removal (RHR) isolation valves which are capable of operation at 105-V-dc minimum. The dc feeder cables are sized to maintain a minimum of 105 V-dc at the vital ac bus inverter inputs and the turbine-driven auxiliary feedwater pump control panel over the entire battery load profile. The reactor trip switchgear is required to operate only in the first minute of the battery discharge load profile when the battery voltage is such that the voltage provided to the switchgear will not be lower than 105 V-dc. In certain instances where equipment is capable of operation at a voltage less than 100 V-dc, dc feeder cables are sized on that basis.
Testing of the overvoltage protective functions is addressed as a part of the qualification of the safety-related battery chargers and will be periodically verified in the course of equipment testing during plant operation.
The bus and feeder arrangement of each switchgear, including the description of loads being supplied, is indicated in drawing 1/2X3D-AA-G01A. The main bus bar ratings are shown on the single-line diagrams listed in this figure. The switchgear is of metal clad construction and is equipped with two-pole drawout type locally controlled air circuit breakers. The continuous current ratings and trip ratings are given on the single-line diagrams. The specific loads connected to the various systems can be identified by reference to the single-line diagrams indicated in drawing 1/2X3D-AA-G01A.
The dc distribution panels connected to each dc switchgear bus supply safety-related loads as indicated on the single-line diagrams. The breakers are of molded case construction. The main bus and breaker ratings are given on the single-line diagrams referenced in drawing 1/2X3D-AA-G01A.
Systems A and C receive power from train A 480-V-ac engineered safety features (ESF) buses, and systems B and D receive power from train B 480-V-ac ESF buses. System A is described here; systems B, C, and D are identical with the exception that system D does not include a motor control center. The equipment numbering used is identical for all four systems, with the first letter indicating the system.
Drawing 1X3D-AA-G01A shows the overall 125-V-dc safety features systems to be provided for Unit 1. The Unit 2 systems are essentially identical. Battery 1AD1B feeds into dc switchgear designated 1AD1. Normal and backup battery chargers designated 1AD1CA and 1AD1CB are normally fed from ESF motor control centers 1ABA and 1ABE. If normal AC power is lost and will not be available in a suitable timeframe following a Beyond Design Basis External Event, one of the battery chargers will be fed by a 480-V FLEX diesel generator. The 125-V-dc system A is formed at the switchgear 1AD1, and power is fed to motor control center 1AD1M, inverters 1AD1I1 and 1AD1I11, and dc distribution panels 1AD11 and 1AD12. Note that systems C and D have only one dc distribution panel per system.
8.3-36 REV 23 3/21
VEGP-FSAR-8 Each 125-V-dc motor control center supplies power to safety features motor-operated valves.
The 125-V-dc distribution panels supply power for safety features control, switching, and field flashing for the emergency diesel generators. See tables 8.3.2-1 through 8.3.2-4 for load lists.
System C provides all power required for successful operation of the turbine-driven auxiliary feedwater pump, with the exception of the steam generator-to-auxiliary feedwater turbine motor-operated valves (redundant valves) which are provided power from the system A and B dc motor control centers. The specific associated loads can be identified by reference to the single-line diagrams as shown in drawing 1/2X3D-AA-G01A for the system A, B, and C dc distribution equipment.
8.3.2.1.2 The Unitized 125-V-dc Nonsafety Features Systems Each of the four utilized 125-V-dc nonsafety features systems for each unit include 59-cell lead-calcium battery, two redundant battery chargers, and are similar in design to the safety features systems, except for the number of distribution panels and inverters on each system and the absence of motor control centers. Drawing 1X3D-AA-G01B shows the 125-V-dc nonsafety features systems. The Unit 2 systems are essentially identical. Batteries are sized in accordance with IEEE 485 to have sufficient capacity to supply the required loads for 2 h with the exception of switchyard batteries, which have sufficient capacity to supply the required loads for 4 h. They are sized at a minimum temperature of 70°F. All other sizing criteria are the same as for the 125-V-dc safety features systems. The only interface with safety features systems is that one battery charger in each system receives power from non-ESF 480-V-ac buses, which in turn are powered from ESF ac buses. However, these buses are shed on a safety injection signal. The battery charger design is similar to that of the safety features battery chargers. Each pair of battery chargers is capable of load sharing but is normally operated with one charger inservice and the other charger aligned for standby. The same criteria as outlined in paragraph 8.3.2.1.1 apply to the nonsafety vital ac buses inverter systems. The plant annunciator, auxiliary relay rack 1, rod control motor generator set controller, and boron recycle waste gas processing panel are also specified to operate over a 105- to 140-V-dc input range.
Battery sizes (based on 77°F and 1.80V/cell final voltage) are:
1176 Ah at 2-h rate; 1400 A for 1 min.
1386 Ah at 2-h rate; 2116 A for 1 min.
1330 Ah at 2-h rate; 1548 A for 1 min (two batteries of this size).
The 125-V-dc nonsafety features systems supply dc power to nonsafety motors, control, switching, and instrumentation as shown on the single-line diagrams identified in drawing 1/2X3D-AA-G01B.
8.3.2.1.3 Common 125-V-dc Nonsafety Features Systems There are seven common 125-V-dc nonsafety systems: the river intake structure, the service building, the switchyard (two systems), the technical support center, and the security system (two systems). With the exception of the switchyard, each system has a 59-cell lead-calcium battery, distribution equipment, and two redundant battery chargers. These systems receive 480-V-ac power from normal busses. The technical support center system will receive 480-V-ac power from a 480-V-ac FLEX diesel generator following a Beyond Design Basis External Event.
8.3-37 REV 23 3/21
VEGP-FSAR-8 The battery charger design is similar to that of the safety features battery chargers. Each pair of battery chargers is capable of load sharing but is normally operated with one charger inservice and the other charger aligned for standby.
The switchyard system has two batteries (each having 59 cells), six distribution panels, and three battery chargers. A further description is provided in paragraph 8.2.1.2. Each switchyard battery has a normal battery charger with a backup charger shared between both batteries.
Battery charger load sharing is not provided for the switchyard battery chargers. Note that Unit 1 will supply power to all three battery chargers.
These batteries are sized as discussed in paragraph 8.3.2.1.2, with the exception of the technical support center battery and the river intake structure battery which have been sized to supply required loads at a minimum temperature of 65°F and 25°F, respectively. Georgia Power Company is responsible for maintaining the switchyard battery and battery charger sizing calculation.
Battery sizes (based on 77F and 1.80 V/cell final voltage) are:
River intake structure - 46 Ah at 2-h rate; 96 A for 1 min.
Service building - 416 Ah at 2-h rate; 654 A for 1 min.
Technical support center - 1176 Ah at 2-h rate; 1400 A for 1 min.
Security central alarm station - 1426 Ah at 2-h rate; 1643 A for 1 min.
Security secondary alarm station - 784 Ah at 2-h rate; 915 A for 1 min.
The 125-V-dc common nonsafety features systems supply dc power for control, switching, vital security and technical support center loads, and the plant telephone/page communication system as shown in the single-line diagrams identified in drawings AX3D-AA-G02A, AX3D-AA-G02B, and AX3D-AA-G02C.
8.3.2.1.4 Ventilation Battery rooms are ventilated to remove the hydrogen gases that may be produced during charging of the batteries. The ventilation system for the ESF batteries is safety related. See subsection 9.4.5 for a further discussion of the associated ventilation systems.
8.3.2.1.5 Maintenance and Testing All components of the 125-V-dc systems will undergo periodic maintenance tests to determine the condition of each individual subsystem. Batteries are checked for liquid level, float current, and cell voltage and are visually inspected following the manufacturer's recommended guidelines for procedures. An initial composite test of onsite ac and dc power systems will be performed as a prerequisite to initial fuel loading. This test will establish that the capacity of each battery is sufficient to satisfy a real-time safety load demand profile under the conditions of a loss-of-coolant accident (LOCA) and simultaneous loss of offsite power. Thereafter, periodic capacity tests will be conducted in accordance with the Technical Specifications and the version of IEEE 450 as described in the Bases for the Technical Specifications, Regulatory Guide 1.129, and the manufacturer's schedule recommended for cyclic test discharge/equalizing charge rates. These tests will ensure that the battery has the capacity to continue to meet 8.3-38 REV 23 3/21
VEGP-FSAR-8 safety load demands. Battery chargers are periodically checked by visual inspection and performance tests.
Testing for safety-related batteries will be done in accordance with Technical Specifications.
Testing for nonsafety-related batteries is in accordance with plant procedures as governed by 10 CFR 50 Appendix B. Testing includes the following:
A. The battery float current, electrolyte temperature and level, and voltage of the pilot cell of each battery will be measured and logged.
B. Battery service test: The voltage of each cell will be measured at the lowest battery terminal voltage during the discharge and logged.
C. Performance discharge test: The voltage of each cell will be measured at the end of the discharge while the load is still applied and logged.
8.3.2.2 Analysis The regulatory guides regarding dc power systems are discussed in section 1.9 and subsection 8.1.4. Compliance with the general design criteria is discussed in section 3.1.
Table 8.3.2-5 is the failure modes and effects analysis.
The 125-V-dc systems A and C form the train A safety features dc system. Their normal and backup chargers normally receive power from two Class 1E train A motor control centers.
Following a Beyond Design Basis External Event, one of the battery chargers per dc train will be powered by a 480-V FLEX diesel generator. The 125-V-dc systems B and D form the train B safety features dc system. Their normal and backup chargers normally receive power from two Class 1E train B motor control centers. Following a Beyond Design Basis External Event, one of the battery chargers per dc train will be powered by a 480-V FLEX diesel generator. The train C and D battery chargers are qualified as isolation devices in accordance with IEEE 384 and Regulatory Guide 1.75. The train A safety features dc system supplies power to train A loads, and the train B safety features dc system supplies power to train B loads. Each individual system (A, B, C, and D) supplies power to a separate instrument channel (1, 2, 3, or 4). In this way, separation between the independent systems is maintained, and the power provided to the chargers can be from either offsite or onsite sources (General Design Criterion 17). The dc system is so arranged that the probability of an internal system failure resulting in loss of dc power is extremely low. Important system components are either self-alarming locally and/or in the control room upon failure or capable of being tested during service to detect faults. Each battery set is located in its own ventilated room. All abnormal conditions of important system parameters are annunciated in the main control room. The safety features battery circuit breakers have dedicated annunciation in the main control room which alarm on a circuit breaker open condition. There is no cross-connection between the independent 125-V-dc systems.
The design of the 125-V-dc safety features systems provided for VEGP is based on the criteria described in IEEE 308 and 450. The safety-related batteries will be tested periodically in accordance with the Technical Specifications and the version of IEEE 450 as described in the Bases for the Technical Specifications. Each battery consists of 59 lead-calcium storage cells, designed for the specific service in which they are to be used. Ample capacity is available to serve the loads connected to the system for the duration of the time that alternating current is not available at the station site. Each division of Class 1E equipment is provided with a separate 125-V-dc system to avoid a single failure involving more than one system. Batteries are located in well-ventilated rooms which limit hydrogen concentration to less than 2% by volume. A hydrogen survey was performed during preoperational checkout to verify that the 8.3-39 REV 23 3/21
VEGP-FSAR-8 ventilation system limits hydrogen concentration to this level in accordance with Regulatory Guide 1.128. For battery replacements, hydrogen evolution for the new battery will be calculated and compared to the battery being replaced, at which time an engineering evaluation will be performed to determine if a hydrogen survey is necessary in accordance with subsection 1.9.128. Additionally, a new survey may be required if the battery room configuration or battery room ventilation system is modified in a manner that reduces air flow or creates a new dead air space in the battery room. Adequate aisle space and space above cells are provided.
Eyewash facilities are provided in all battery rooms. They are designed to preclude spilling of water from these facilities on the battery installation.
Seismic Category 1 battery racks provide for the mounting of battery cells in a two-step configuration.
The same criteria as that indicated in paragraph 8.3.1.1.12 applies to dc circuits that are connected to containment penetrations. See figure 8.3.1-1 for the overcurrent protection coordination curve for the dc feeders (General Design Criterion 50).
Fire detection sensors and alarms are provided as described in subsection 9.5.1.
Before installation, cells are stored in a clean, level, dry, and cool location. Extremely low ambient temperatures and localized sources of heat are avoided. During installation, any cell with electrolyte level 1/2 in. or more below the top of the plates is replaced.
Each battery charger has enough capacity for the steady-state operation of connected loads required during normal operation while maintaining its battery in a fully charged condition.
Each battery charger and battery charger supply has sufficient capacity to restore a battery from the design basis discharged state to a fully charged state while supplying the normal steady-state loads. The battery chargers normal supply is from an engineered safety features system motor control center within its division. Following a Beyond Design Basis External Event, one battery charger per train will be powered by a 480-V FLEX diesel generator. Battery chargers are provided with disconnecting means and feedback protection. The chargers are specified to limit dc current feedback during loss of ac input power to 0.200 A under any condition. An individual cell equalizer (ICE) may be connected across each battery cell. This device provides an alternate path for the electric charge current as a function of the individual battery cell voltage. The operating range of the ICE device is within the normal voltage and float current operation of the batteries and has no effect on the operation or capability of the battery chargers to restore a battery from the design basis discharged state to a fully charged state. Periodic tests will be performed to ensure the readiness of the system to deliver the required power (General Design Criterion 18). A qualified ground detector system provides indication of any grounds which may occur in the system.
Battery current and system voltage indications are provided in the main control room for each dc system.
The following common annunciator windows are provided in the main control room for safety-related dc systems:
A. Switchgear trouble.
B. Battery charger trouble.
C. Inverter trouble.
D. 125-V-dc panel trouble.
E. 125-V-dc motor control center trouble.
F. Battery circuit breaker open alarm (dedicated alarm).
8.3-40 REV 23 3/21
VEGP-FSAR-8 Quality assurance requirements are described in chapter 17.
8.3.3 FIRE PROTECTION FOR CABLE SYSTEMS Refer to paragraph 8.3.1.4.4, subsection 9.5.1, and appendix 9A.
8.3-41 REV 23 3/21
VEGP-FSAR-8 TABLE 8.3.1-1 (SHEET 1 OF 3)
DIESEL GENERATOR ANNUNCIATOR POINTS
- 1. Low temperature lube oil - in
- 2. Low temperature lube oil - out
- 3. High temperature lube oil - in
- 4. High temperature lube oil - out
- 5. Trip - high temperature lube oil
- 6. Low level lube oil
- 7. Trip - high temperature engine bearing
- 8. Trip - high crankcase pressure
- 9. Trip - vibration
- 10. Trip - overspeed
- 11. Low temperature jacket water - in
- 12. Low temperature jacket water - out
- 13. High temperature jacket water - in
- 14. High temperature jacket water - out
- 15. Trip - high temperature jacket water
- 16. Low pressure jacket water
- 17. Trip - low pressure jacket water
- 18. Low level jacket water
- 19. Deleted
- 20. Generator trouble
- 21. High generator bearing temperature
- 22. High generator control panel temperature
- 23. Deleted
- 24. Generator fault
- 25. Trip - generator differential
- 26. Maintenance lock out REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-1 (SHEET 2 OF 3)
- 27. Low pressure lube oil
- 28. Trip - low pressure lube oil
- 29. Low pressure turbo oil - right
- 30. Low pressure turbo oil - left
- 31. Trip - low pressure turbo oil
- 32. High P fuel oil filter
- 33. Low pressure fuel oil
- 34. High level diesel fuel oil storage tank
- 35. Low level diesel fuel oil storage tank
- 36. High/low level diesel fuel oil day tank
- 37. Low pressure control air
- 38. Low pressure starting air
- 39. High pressure starting air
- 40. Failed to start
- 41. Switch not in auto
- 42. Barring device engaged
- 43. Panel intrusion
- 44. High engine control panel temperature
- 45. Emergency start
- 46. Diesel generator bypassed(a)
- 47. High P lube oil filter
- 48. Low oil pressure sensor malfunction
- 49. Low voltage
- 50. Engine control in local
- 51. Diesel generator emergency trip not reset
- 52. Generator underfrequency
- 53. Diesel generator circuit breaker inoperable
- 54. Loss of generator dc control power
- 55. Loss of starting air dc control power REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-1 (SHEET 3 OF 3)
- 56. High level fuel injection burst protection tank
- 57. Diesel generator engine panel annunciator power failure (b)
- 58. Engine control panel power A failure
- 59. Engine control panel power B failure
- a. This alarm is displayed on the system status monitoring panel in the control room only.
- b. This alarm is displayed on the control room annunciator only.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-2 DIESEL GENERATOR LOADING PROFILE FOR LOCA AND LOSS OF OFFSITE POWER (b)
Inrush Running (Cumulative)
Step kW kVAr kVA kW kVAr kVA (a) (a) (a) 0 2384 23881 24000 0 0 0 0.5 2471 4912 5499 1041 597 1200 5.5 1795 3509 3995 1399 747 1586 10.5 2021 2802 3455 1767 921 1993 15.5 2745 3683 4593 2278 1108 2533 20.5 4414 9255 10254 3527 1672 3903 25.5 5922 10257 11844 4675 2261 5193 30.5 5275 3889 6553 4900 2571 5334 (c) 36.0(RESET) 6791 8093 10564 5716 3062 6485 For Loss of Offsite Power (No LOCA)
(a) (a) (a) 0 3178 31842 32000 0 0 0 0.5 2292 4828 5344 993 571 1146 5.5 0 0 0 993 571 1146 10.5 2558 2271 3421 2212 1074 2459 15.5 3376 4563 5676 2837 1306 3123 20.5 4923 9457 10662 4085 1870 4493 25.5 6453 10448 12280 5233 2458 5781 30.5 5938 4475 7435 5440 2613 6035 (c) (d) 31.5(RESET) 7284 8147 10929 6444 3102 7152 (a)
The 4160/480V SWGR transformer inrush contribution during energization. This transformer inrush is present for approximately six cycles.
(b)
Running load includes; running load of previous steps plus the equivalent running load of the loads which are started during that step.
(c)
Loads added after RESET step are connected manually and randomly up to the diesel generator capacity.
(d) EDG surveillance testing per Technical Specification 3.8.1 is performed at a load 6500 kW, though the actual maximum load is < 6500 kW.
REV 16 10/10
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 1 OF 12)
ONSITE POWER SYSTEM FAILURE MODES AND EFFECTS ANALYSIS Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 1. 1AA02, control Receive and A Grounded, Switchgear trouble None; loss of train During a LOSP when building 4160-V distribute bus fault alarm in control A; train B available the bus is fed from 1E switchgear, electric power room the diesel generator, train A via breakers a single ground fault will not cause a trip of train A (c)
- 2. Breaker 05, Open on loss of A Fail to open Failure to open None; loss of train This breaker preferred power to preferred power alarm in control A; train B available electrically interlocked item 1, 1E and remain open room from item 5 with item 3 and switchgear, train item 77 breakers A, normally closed Inadvertent None None; loss of train closure A; train B available (c)
- 3. Breaker 19, Close on loss of A Fail to close Alarm in control None; loss of train This breaker diesel generator offsite power room; safety A; train B available electrically interlocked 1A power to item and remain equipment failed with item 2 and 1, 1E switchgear, closed to start from item 77 breakers train A, open item 5 sequencer Inadvertent Switchgear trouble None; loss of train opening alarm in control A; train B available room
- 4. Diesel generator Provide onsite A Fail to start Diesel generator None; loss of train Diesel generator 1A, train A ac power upon failed to start A; train B available started by item 5 loss of preferred alarm in control sequencer upon power room loss of preferred power or receipt of a safety injection signal Fail to run Various specific None; loss of train alarms provided A; train B available in control room and at local diesel generator control panels REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 2 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks (d)
- 5. Sequencer, train A Shed all loads from A Fail to operate Sequencer trouble None; loss of train A; train A Class 1E alarm, audio and visual, train B available power system upon in control room loss of preferred power and reconnect all required safe shutdown loads to diesel generator, item 4, via item 1 switchgear in a programmed manner (c)
- 6. Breaker 10, item 1, 1E Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 4160-V switchgear, to protect circuit opening alarm in control room train A; train B available item 7, 1AB15X transformer, train A, normally closed
- 7. 1AB15X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; partial loss of item 1, 4160-V 480 V alarm in control room train A; train B available switchgear, to item 9, 480-V switchgear, train A (c)
- 8. Breaker 01, item 7 Open on load A Fail to open None None Slightly heavier load on transformer to item 9, shedding and initial sequencer step 480-V switchgear, reclose on train A, normally closed sequencer program Fail to reclose Alarm in control room; None; partial loss of safety equipment failed train A; train B available to start from item 5 sequencer
- 9. 1AB15, 1E, 480-V Receive and distribute A Grounded, Switchgear trouble Partial loss of train A; System can operate with switchgear, auxiliary electric power bus fault alarm in control room train B available a single grounded phase building, train A via breakers
- 10. Breaker 10,(c) item 9, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available item 11 MCC, train A, normally closed
- 11. 1ABD, 1E MCC, auxiliary Receive and distribute A Grounded, Item 9 switchgear Partial loss of train A; Ground would be building, train A electric power bus fault trouble alarm train B available sensed and alarmed in via breakers control room from item 9 switchgear (see item 1 method of failure detection); system can REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 3 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks operate with a single grounded phase (c)
- 12. Breaker 9, item 9, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available item 13 MCC, train A, normally closed
- 13. 1ABB, 1E MCC, auxiliary Receive and distribute A Grounded, Same as 11 Same as 11 Ground would be building, train A electric power bus fault sensed and alarmed in via breakers control room from item 9 switchgear (see item 1 method of failure detection); system can operate with a single grounded phase (c)
- 14. Breaker 21, item 1, 1E Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 4160-V switchgear, to protect circuit opening alarm in control room train A; train B available item 15, 1AB05X transformer, train A, normally closed
- 15. 1AB05X transformer, Reduce 4160 V to Fail to operate Switchgear trouble None; partial loss of item 1, 4160-V 480 V alarm in control room train A; train B available switchgear, to item 17 480-V switchgear, train A (c)
- 16. Breaker 01, item 15 Open on load A Fail to open None None Slightly heavier load on transformer to item 17, shedding and initial sequencer step 480-V switchgear, reclose on train A, normally closed sequencer program Fail to reclose Alarm in control room; None; partial loss of safety equipment failed train A; train B available to start from item 5 sequencer
- 17. 1AB05, 1E 480-V Receive and distribute A Grounded, Switchgear trouble Same as 9 System can operate with switchgear, control electric power bus fault alarm in control room a single grounded phase building, train A via breakers
- 18. Breaker 14,(c) item 17, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available item 19 MCC, train A, normally closed
- 19. 1ABF, 1E MCC, diesel Receive and distribute A Grounded, Item 17 switchgear Same as 9 Ground would be REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 4 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks generator building, electric power bus fault trouble alarm sensed and alarmed in train A via breakers control room from item 17 switchgear; system can operate with a single grounded phase (c)
- 20. Breaker 5, item 17, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available item 21 MCC, train A, normally closed
- 21. 1ABC, 1E MCC, control Receive and distribute A Grounded, Same as 19 Same as 9 Ground would be building, train A electric power bus fault sensed and alarmed via breakers from item 17 switchgear; system can operate with a single grounded phase (c)
- 22. Breaker 2, item 17, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available item 23 MCC, train A, normally closed
- 23. 1ABA, 1E MCC, control Receive and distribute A Grounded, Same as 19 Same as 9 Ground would be building, train A electric power bus fault sensed and alarmed via breakers from item 17 switchgear; system can operate with a single grounded phase (c)
- 24. Breaker 20, item 1, 1E Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 4160-V switchgear, to protect circuit opening alarm in control room train A; train B available item 25, 1AB04 transformer, normally closed
- 25. 1AB04X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; partial loss of item 1, 4160-V 480 V alarm in control room train A; train B available switchgear, to item 27, 480-V switchgear, train A (c)
- 26. Breaker 01, item 25 Open on load Fail to open None None Slightly heavier load on transformer to item 27, shedding and initial sequencer step 480-V switchgear, reclose on train A, normally closed sequencer program Fail to reclose Alarm in control room; None; partial loss of safety equipment failed train A; train B available to start from item 5 sequencer REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 5 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 27. 1AB04, 1E 480-V Receive and distribute Grounded, Switchgear trouble Same as 9 System can operate with switchgear, control electric power bus fault alarm in control room a single grounded phase building, train A via breakers (c)
- 28. Breaker 02, item 27, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available item 29 MCC, train A, normally closed
- 29. 1ABE, 1E MCC, control Receive and distribute A Grounded, Item 27 switchgear Same as 9 Ground would be building, train A electric power bus fault trouble alarm sensed and alarmed in via breakers control room from item 27 switchgear; system can operate with a single grounded phase (c)
- 30. Breaker 22, item 1, 1E Provide continuity and A Inadvertent Switchgear trouble None; loss of train A The sequencer does not 4160-V switchgear, to protect circuit opening alarm in control room oriented non-1E power; automatically reclose item 31, 1NB01X non-1E train B oriented non-1E this breaker under safety transformer, normally power available injection conditions; it closed can be closed manually under administrative control
- 31. 1NB01X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; loss of train A item 1, 1E 4160-V 480 V alarm in control room oriented non-1E power; switchgear, to item 33, train B oriented non-1E 480-V switchgear, train A power available oriented
- 32. Breaker 01,(c) item 31 Open on load A Fail to open None None Slightly heavier load on transformer to item 33, shedding and initial sequencer step 480-V switchgear, train A reclose on oriented, normally closed sequencer program Fail to reclose Alarm in control room; None; partial loss of The sequencer does not safety equipment failed train A; train B available, automatically reclose to start from item 5 but power is train A and B this breaker under safety sequencer oriented non-1E injection conditions; it can be closed manually under administrative control
- 33. 1NB01, non-1E 480-V Receive and distribute A Grounded, Switchgear trouble Same as 30 System can operate with switchgear, control electric power bus fault alarm in control room a single grounded phase building, train A oriented via breakers REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 6 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks (c)
- 34. Breaker 02, item 33, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of train A 480-V switchgear, to protect circuit opening alarm in control room oriented power; train B item 35 MCC, train A oriented power available oriented, normally closed
- 35. 1NBS, non-1E MCC, Receive and distribute A Grounded, Item 33 switchgear Same as 30 Ground would be control building, train A electric power bus fault trouble alarm sensed and alarmed in oriented via breakers control room from item 33 switchgear; system can operate with a single grounded phase
- 36. Breaker 08,(c) item 33, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train A; train B available, item 37 MCC, train A but power is train A and B oriented, normally closed oriented non-1E
- 37. 1NBI, non-1E MCC, Receive and distribute A Grounded, Same as 35 Same as 30 Ground would be diesel generator building, electric power bus fault sensed and alarmed in train A oriented via breakers control room from item 33 switchgear; system can operate with a single grounded phase
- 38. 1BA03, control building, Receive and distribute A Grounded, Switchgear trouble None; loss of train B; During a LOSP when 4160-V 1E switchgear, electric power bus fault alarm in control room train A available the bus is fed from the train B via breakers diesel generator, a single ground fault will not cause a trip of train B
- 39. Breaker 19,(c) diesel Close on loss of A Fail to close Alarm in control room; None; loss of train B; This breaker electrically generator 1B power to offsite power and safety equipment failed train A available interlocked with item 40 item 38, 1E switchgear, remain closed to start from item 42 and item 78 breakers train B, normally open sequencer Inadvertent Switchgear trouble None; loss of train B; opening alarm in control room train A available (c)
- 40. Breaker 01, preferred Open on loss of A Fail to open Failure to open alarm in None; loss of train B; This breaker electrically power to item 38, 1E preferred power and control room from train A available interlocked with item 39 switchgear, train B, remain open item 42 sequencer and item 78 breakers normally closed Inadvertent None None; loss of train B; closure train A available REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 7 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 41. Diesel generator 1B, Provide onsite ac A Fail to start Diesel generator failed None; loss of train B; Diesel generator started train B power upon loss of to start alarm in control train A available by item 42 sequencer preferred power room upon loss of preferred power or receipt of a safety injection signal Fail to run Various specific alarms None; loss of train B; provided in control room train A available and at local diesel generator control panels
- 42. Sequencer, train B Shed all loads from A Fail to operate(d) Switchgear trouble None; loss of train B; train B Class 1E alarm, audio and visual, train A available power system upon in control room loss of preferred power and reconnect all required safe shutdown loads to diesel generator, item 4, via item 1 switchgear in a programmed manner (c)
- 43. Breaker 09, item 38, 1E Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 4160-V switchgear, to protect circuit opening alarm in control room train B; train A available item 44, 1BB16X transformer, train B, normally closed
- 44. 1BB16X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; partial loss of item 38, 4160-V 480 V alarm in control room train B; train A available switchgear, to item 46, 480-V switchgear, train B (c)
- 45. Breaker 01, item 44 Open on load A Fail to open None None Slightly heavier load on transformer to item 46, shedding and initial sequencer step 480-V switchgear, reclose on train B, normally closed sequencer program Fail to reclose Alarm in control room; None; partial loss of safety equipment failed train B; train A available to start from item 42 sequencer
- 46. 1BB16, 1E 480-V Receive and distribute A Grounded, Switchgear trouble Same as 38 System can operate with switchgear, auxiliary electrical power bus fault alarm in control room a single grounded phase building, train B via breakers REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 8 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks (c)
- 47. Breaker 10, item 46, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available item 48 MCC, train B, normally closed
- 48. 1BBD, 1E MCC, auxiliary Receive and distribute A Grounded, Item 46 switchgear Same as 47 None; would be sensed building, train B electric power bus fault trouble alarm and alarmed in control via breakers room from item 46 switchgear (c)
- 49. Breaker 9, item 46, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available item 50 MCC, train B, normally closed
- 50. 1BBB, 1E MCC, auxiliary Receive and distribute A Grounded Same as 48 Same as 47 None; would be sensed building, train B electric power and alarmed in control via breakers room from item 46 switchgear (c)
- 51. Breaker 04, item 38, 1E Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 4160-V switchgear, to protect circuit opening alarm in control room train B; train A available item 52, IBB07X transformer, train B, normally closed
- 52. 1BB07X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; partial loss of item 38, 4160-V 480 V alarm in control room train B; train A available switchgear, to item 54, 480-V switchgear, train B (c)
- 53. Breaker 01, item 52 Open on load A Fail to open None None Slightly heavier load on transformer to item 54, shedding and initial sequencer step 480-V switchgear, reclose on train B, normally closed sequencer program Fail to reclose Alarm in control room; None; partial loss of safety equipment failed train B; train A available to start from item 42 sequencer
- 54. 1BB07, 1E 480-V Receive and distribute A Grounded, Switchgear trouble Same as 47 System can operate with switchgear, control electric power bus fault alarm in control room a single grounded phase building, train B via breakers REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 9 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks (c)
- 55. Breaker 14, item 54, Provide continuity A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to and protect circuit opening alarm in control room train B; train A available item 56 MCC, train B, normally closed
- 56. 1BBF, 1E MCC, diesel Receive and distribute A Grounded, Item 54 switchgear Same as 47 Ground would be generator building, electric power bus fault trouble alarm sensed and alarmed in train B via breakers control room from item 54 switchgear (c)
- 57. Breaker 5, item 54, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available item 58 MCC, train B, normally closed
- 58. 1BBC, 1E MCC, control Receive and distribute A Grounded, Same as 56 Same as 47 Ground would be building, train B electric power bus fault sensed and alarmed in via breakers control room from item 54 switchgear (c)
- 59. Breaker 2, item 54, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available item 60 MCC, train B, normally closed
- 60. 1BBA, 1E MCC, control Receive and distribute A Grounded, Same as 56 Same as 47 Ground would be building, train B electric power bus fault sensed and alarmed in via breakers control room from item 54 switchgear (c)
- 61. Breaker 06, item 38, 1E Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 4160-V switchgear, to protect circuit opening alarm in control room train B; train A available item 62, 1BB06X transformer, normally closed
- 62. 1BB06X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; partial loss of item 38, 4160-V 480 V alarm in control room train B; train A available switchgear, to item 64, 480-V switchgear, train B (c)
- 63. Breaker 01, item 62 Open on load A Fail to open None None Slightly heavier load on transformer to item 64, shedding and initial sequencer step 480-V switchgear, reclose on train B, normally closed sequencer program REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 10 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks Fail to reclose Alarm in control room; None; partial loss of safety equipment failed train B; train A available to start from item 42 sequencer
- 64. 1BB06, 1E 480-V Receive and distribute A Grounded, Switchgear trouble Same as 47 System can operate with switchgear, control electric power bus fault alarm in control room a single grounded phase building, train B via breakers (c)
- 65. Breaker 02, item 64, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available item 66 MCC, train B, normally closed
- 66. 1BBE, 1E MCC, control Receive and distribute A Grounded, Item 64 switchgear Same as 47 Ground would be building, train B electric power bus fault trouble alarm sensed and alarmed in via breakers control room from item 64 switchgear (c)
- 67. Breaker 18, item 38, Provide continuity and A Inadvertent Switchgear trouble None; loss of train B oriented The sequencer does not 1E 4160-V switchgear, protect circuit opening alarm in control room non-1E power; train A oriente automatically recluse to item 68, 1NB10X non- non-1E power available this breaker under SI 1E transformer, normally conditions; it can be closed closed manually under administrative control
- 68. 1NB10X transformer, Reduce 4160 V to A Fail to operate Switchgear trouble None; partial loss of train B item 38, 1E 4160-V 480 V alarm in control room oriented non-IE power; switchgear, to item 70, Train A oriented non-IE 480-V switchgear, power available train B oriented (c)
- 69. Breaker 01, item 68 Open on load A Fail to open None None Slightly heavier load on transformer to item 70, shedding and initial sequencer step 480-V switchgear, reclose on train B oriented, sequencer program normally closed Fail to reclose Alarm in control room; None; loss of train B; The sequencer does not safety equipment failed train A available, but power automatically reclose to start from item 42 is train A and B oriented this breaker under safety sequencer non-1E injection conditions; it can be closed manually under administrative control REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 11 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 70. 1NB10, non-1E 480-V Receive and distribute A Grounded, Switchgear trouble Loss of train B oriented System can operate with switchgear, control electric power bus fault alarm in control room non-1E power; train A a single grounded phase building, train B oriented via breakers oriented non-1E power available (c)
- 71. Breaker 02, item 70, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available, item 72 MCC, train B but power is train A and B oriented, normally oriented non-1E closed
- 72. 1NBR, non-1E MCC, Receive and distribute A Grounded, Item 70 switchgear Same as 70 Ground would be control building, train B electric power bus fault trouble trouble alarm sensed and alarmed oriented via breakers alarm from item 70 switchgear
- 73. Breaker 12,(c) item 70, Provide continuity and A Inadvertent Switchgear trouble None; partial loss of 480-V switchgear, to protect circuit opening alarm in control room train B; train A available, item 74 MCC, train B but power is train A and B oriented, normally closed oriented non-1E
- 74. 1NBO, non-1E MCC, Receive and distribute A Grounded, Same as 72 Same as 70 Ground would be diesel generator building, electric power bus fault sensed and alarmed train B oriented via breakers from item 70 switchgear.
System can operate with a single grounded phase line; train B
- 75. Preferred power from Provide preferred A Loss of power Switchgear trouble None; momentary loss of offsite power supply power to train A alarm in control room power until item 4 diesel via reserve auxiliary safety-related buses generator comes on transformer 1NXRA available (train A), 1NXRB (train B), or standby auxiliary transformer ANXRA to item 1 switchgear via item 2 or item 77 breaker (non-1E power)
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-3 (SHEET 12 OF 12)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 76. Preferred power from Provide preferred A Loss of power Switchgear trouble None; momentary loss of offsite power supply power to train B alarm in control room power until item 41 diesel via auxiliary transformer safety-related buses generator comes on line; 1NXRB (train B), 1NXRA train A available (train A), or standby auxiliary transformer ANXRA to item 38 switchgear via item 40 or item 78 breaker (non-1E power)
- 77. Breaker 01,(c) alternate When closed, opens A Failure to open Failure to open alarm in None; loss of train A; This breaker electrically preferred power to on loss of preferred control room from train B available interlocked with item 2 item 1, 1E switchgear, power and remains item 5, sequencer and 3 breakers train A, normally open open Inadvertent Switchgear trouble None; loss of train A; closure alarm in control room train B available (c)
- 78. Breaker 05, alternate When closed, opens A Failure to open Failure to open alarm in None; loss of train B; This breaker electrically preferred power to on loss of preferred control room from train A available interlocked with item 39 item 38, 1E switchgear, power and remains item 5, sequencer and 40 breakers train B, normally open open Inadvertent Switchgear trouble None; loss of train B; closure alarm in control room train A available
- a. Plant operating mode A represents a loss of offsite power and/or safety injection; offsite power is the preferred power source. The only postulated failures of interconnecting power cable are a short circuit and/or a ground on the 4-kV system cabling, which would result in inadvertent opening of the associated circuit breaker. All power is reestablished to Class 1E buses following loss of preferred power automatically and requires no operator action.
- b. Unit 1 shown; Unit 2 essentially identical.
- c. It is to be understood that the failure of any one circuit breaker to open when required to under fault conditions will result in the loss or partial loss of the associated train with the redundant train still available.
- d. A Diversity and Defense-in-Depth Analysis addressed software common-mode failure effects.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-4 (SHEET 1 OF 6)
CIRCUITS ANALYZED FOR SEPARATION REQUIREMENTS A.(a) 1. 7300 Process Control System
- 2. Nuclear Instrumentation System
- 3. Solid State Protection System B. An analysis was performed for selected Unit 1 cables larger than 8 AWG and terminating in multitrain panels. The analysis determined which cables could not ignite under fault conditions (i.e. where there is insufficient available energy or where the backup protection was fast enough to open the faulted circuit before the cables could ignite). Those cables which could not ignite under fault conditions were exempted from separation verification.
C. VEGP generally complies with the separation requirements of IEEE 384-1981. A series of tests and analyses has been performed for circuits of 480-V or lower voltage to establish alternate reduced minimum separation distances where separation distances specified in IEEE 384 are not met. Analyses have also been performed to justify separation of Class 1E 4160-V cables from non-1E 480 V and lower cables. These tests and analyses have been performed as allowed by Sections 6.1.1.3 and 6.6.2 of IEEE 384-1981 and Regulatory Guide 1.75. The test results are documented in Wyle Laboratories Test Report No. 48141-02 and Wyle Laboratories Test Report No. 17959-02, which have been submitted for review by the NRC under separate cover.
Based on the Wyle Laboratories test results,(b) the following minimum separation distances were established:
The separation distances are applied between raceways and cables of any separation group for both vertical (above and below) and horizontal (side by side) physical configurations or as noted.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-4 (SHEET 2 OF 6)
Minimum Spatial Configuration/Service Level Separation Distance
- 1. Between trays carrying cables of 480 V or lower voltage 12 in.
of sizes 2/0 AWG or smaller.
- 2. Cables in tray with cover on the bottom from non-class 3/4 in.
1E cables in tray or free air (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller and located below or along side Class-1E tray).
- 3. Cables in tray or free air running either vertically, or 1 in.
horizontally (side-by-side) from horizontal non-Class 1E cable in tray (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
3a. Cables in tray or free air running either vertically, or 1-3/4 in.
horizontally (side-by-side) from horizontal non-Class 1E cable in free-air (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
- 4. Tray (a) or free-air cables to a non-Class 1E rigid steel Contact conduit carrying cables of 480 V or lower voltage and sizes 2/0 AWG or smaller.
4a. Tray or free-air cables to a non-Class 1E rigid steel 3/4 in.
conduit carrying cables of 480 V or lower voltage and sizes 3/0 AWG through 500MCM.
- 5. Tray or free-air cables to a rigid steel conduit (the free- 1/2 in.
air cables, cables in the tray, and in the conduit are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
5a. Cables in tray to a rigid steel conduit routed below or Contact beside the tray (the cables in the tray, and in the conduit are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
- 6. Tray or free-air cables to a non-Class 1E flexible conduit 1 in.
(the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
6a. Tray or free-air cables to a non-Class 1E stripped Contact flexible conduit (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-4 (SHEET 3 OF 6)
Minimum Spatial Configuration/Service Level Separation Distance
- 7. Tray or free-air cables to a flexible conduit (the free-air 1 in.
cables, cables in the tray and in the conduit are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
- 8. Tray or free-air cables to a non-Class 1E aluminum 1 in.
sheathed cable of size 8 AWG or smaller or non-Class 1E electrical metallic tubing (EMT) carrying cables of sizes 8 AWG or smaller. (Limited to lighting, communications, and fire detection cables)
- 9. Tray or free-air cables to a non-Class 1E metal-clad 3/4 in.
cable (type MC) of size 8 AWG or smaller.
- 10. Tray or free-air cables to a non-Class 1E steel-armored 3/4 in.
480-V cable (500 MCM or smaller).
10a. Tray or free-air cables (480V or lower voltage and size 3/4 in.
2/0 AWG or smaller) to steel-armored 480-V cable (500 MCM or smaller).
- 11. Cables in flexible conduit to cables in flexible conduit 1 in.
(the cables are limited to 480 V or lower voltage and size 500 MCM or smaller).
11a. Cables in stripped flexible conduit to non- Class 1E Contact cables in stripped flexible conduit (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
11b. Cables in stripped flexible conduit to cables in stripped Contact flexible conduit (the cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
- 12. Cables in flexible conduit to non-Class 1E cables in Contact rigid steel conduit (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
- 13. Between two rigid steel conduits (the cables in the Contact conduits are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
13a. Cables in rigid steel conduit to non-Class 1E cables in Contact rigid steel conduit (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller).
- 14. Between perpendicular rigid steel conduits carrying 1/8 in.
cables of 480 V or lower voltage and sizes 3/0 AWG REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-4 (SHEET 4 OF 6)
Minimum Spatial Configuration/Service Level Separation Distance through 500 MCM.
- 15. Cables in rigid steel conduit crossing non-Class 1E Contact cables in tray or free air (the non-Class 1E cables are limited to 480 V or lower voltage and size 2/0 AWG or smaller). The angle of crossing shall be 30 or greater.
- 16. Free-air cables to free-air cables, where one of the 6 in.
groups is wrapped in three layers (200 percent overlap) of silicon dioxide cloth (Siltemp 188 CH). Service voltage is limited to 480 V or lower voltage and sizes of 500 MCM or smaller.
16a. From non-Class 1E free air cables 480 V or lower 6 in.
voltage and size of 500 MCM or smaller, wrapped with three layers (200 percent overlap) of silicon dioxide cloth (Siltemp 188 CH) to Class 1E free-air cables.
- 17. Free-air cables 480 V or lower voltage and size of 500 1 in.
MCM or smaller, to free air control or instrumentation cables (8 AWG or smaller). The control or instrumentation cables are wrapped in two layers (100 percent overlap) of silicon dioxide cloth (Siltemp 188 CH).
- 18. Between free air instrumentation or control cables of 125 1 in.
V-dc or 120 V-ac or lower, sizes number 8 AWG or smaller.
- 19. Between free air instrumentation or control cables (125 Contact V-dc or 120 V-ac or lower sizes number 8 AWG or smaller) with either group of cables wrapped in two layers (100 percent overlap) of silicon dioxide cloth (Siltemp 188 CH).
- 20. Free-air, class 1E cable(s) to free-air non-class 1E 1 in.
cables with the class 1E cables wrapped in two layers (100 percent overlap) of silicon dioxide cloth. The non-class 1E cables are limited to 480 V or lower voltage of sizes 500 MCM or smaller.
- 21. Within panels and control boards:
- a. Between instrumentation or control cables of 125 1 in.
V-dc or 120 V-ac of sizes number 8 AWG or smaller.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-4 (SHEET 5 OF 6)
Minimum Spatial Configuration/Service Level Separation Distance
- b. Between instrumentation or control cables with Contact either group of cables wrapped in two layers (100 percent overlap) of silicon dioxide cloth (Siltemp 188 CH). The cables are limited to 120 V-ac, 125 V-dc, or lower voltage of sizes number 8 AWG or smaller.
- c. Separation distances shown for general plant areas in items 4, 5, 6, 10, 13, and 14 have been applied to separation requirements within panels.
- d. Separation distances for cable installed in rigid steel or flexible conduit inside panels are the same as those tested in items 11, 11a, 11b, 12, 13, 13a, and 14.
Where:
Tray - Ventilated (punched bottom) tray or tray fittings, solid bottom tray, or tray fittings Conduit - Hot dipped galvanized rigid steel conduit Flexible Conduit - Flexible steel conduit, sealtite, type UA Steel-Armored -Cable EPR insulation/hypalon jacket with galvanized steel armor. Used for 480-V switchgear loads in tray only.
Aluminum Sheathed - A factory assembly of insulated conductors enclosed in a smooth Cable (ALS) continuous aluminum sheath. Used for lighting system application.
Metal-Clad Cable - A factory assembly of one or more conductors each individually (MC) insulated, covered with an overall insulating jacket, and all enclosed in a metallic sheath of interlocking galvanized steel. Used in non-1E circuit only.
Electrical - Metallic Thinwall, steel conduit which conforms to ANSI standard C80.3-1977.
Tubing (EMT) This material provides a barrier equal to, or better than, the aluminum sheathing on ALS because it is manufactured from steel which has higher strength and a higher melting temperature than aluminum.
Free-air cables may consist of steel armored or nonarmored cables, ALS, or type MC cables of any size or voltage level unless otherwise limited in the specific configuration description.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.1-4 (SHEET 6 OF 6)
D. Non-class 1E fire detection Protectowire has been used in safety related cable tray within containment to detect cable tray fires. This wiring is installed in a zig-zig fashion along the length of the tray in close proximity to the cables. It consists of two conductors individually encased in heat sensitive material. The encased conductors are twisted together to impose a spring pressure between them. When heated to the critical for operating temperature the heat sensitive material yields to the pressure on it, permitting the conductors to move into contact with each other. A supervisory current of 2.5 mA at a maximum of 26.4 V dc normally flows through the Protectowire. During an alarm condition this current rises to a maximum of 20 mA. Therefore, Protectowire is considered a low energy circuit, which is designed to short during an alarm condition, and cannot cause degradation of any Class 1E cables in the vicinity. A separate Protectowire panel is provided for each train thereby providing electrically independent monitoring of the cable tray temperatures in each train. Based on the discussion above, no separation is required between the non-class 1E fire protection Protectowires and any class 1E cables.
- a. The analyses/tests performed for the above equipment are further described in paragraph 7.1.2.2.1.
- b. The test configuration of target cables above the fault cable represents the worst case, since heat/flame has tendency to flare vertically upwards.
- c. For the purpose of testing, the cables in the punched bottom tray are considered the same as cables in free air since the cables in the tray are directly exposed to the heat generated by the faulted cable in the areas of the tray that have been punched.
REV 14 10/07
VEGP-FSAR-8 TABLE 8.3.2-1 125-V-dc BATTERY A LOAD REQUIREMENTS (LOCA/LOSP)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-1 min 1-165 min Random Load Total load includes inverters, MOV(a), dc 1 590 255 202 distribution panels,(a,c) dc switchgear, 2 590 257 150 MCC indication and relaying.
- a. The field flash current has not been added to the first period or random load and the MOV current has not been added to the random load since the peak load occurring during the period has been considered. The peak load is due to the breakers closing, which does not occur coincidentally with the field flash or MOV currents.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panels include the following loads: Class 1E ac switchgear circuit breaker operation, safety features status indication relays and lights, diesel generator field flashing, diesel generator control, reactor trip switchgear, solenoid valves, and Class 1E control cabinet circuit indicators.
REV 23 3/21
VEGP-FSAR-8 TABLE 8.3.2-2 125-V-dc BATTERY B LOAD REQUIREMENTS (LOCA/LOSP)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-1 min 1-165 min Random Load Total load includes inverters, 1 590 257 162 MOV(a), dc distribution panels,(a,c) 2 590 255 130 dc switchgear, MCC indication and relaying.
- a. The field flash current has not been added to the first period or random load and the MOV current has not been added to the random load since the peak load occurring during the period has been considered. The peak load is due to the breakers closing, which does not occur coincidentally with the field flash or MOV currents.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panels include the following loads: Class 1E ac switchgear circuit breaker operation, safety features status indication relays and lights, diesel generator field flashing, diesel generator control, reactor trip switchgear, solenoid valves, and Class 1E control cabinet circuit indicators.
REV 23 3/21
VEGP-FSAR-8 TABLE 8.3.2-3 125-V-dc BATTERY C LOAD REQUIREMENTS (LOCA/LOSP)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-1 min 1-165 min Random Load Total load includes inverters, MOV(a), dc 1 224 92 82.3 distribution panels,(c) dc switchgear, MCC 2 217 84 82.3 indication and relaying.
- a. The RHR isolation valve is not required to operate when ac power is not available to the RHR system.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panel includes the following loads: turbine-driven auxiliary feedwater pump control panel, safety features status indication relays and lights, miscellaneous control, and dc switchgear space heaters.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-4 125-V-dc BATTERY D LOAD REQUIREMENTS (LOCA/LOSP)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-165 min Total load includes inverters, MOV(a), 1 77 dc distribution panels,(c) dc switchgear, 2 70 MCC indication and relaying.
- a. The RHR isolation valve is not required to operate when ac power is not available to the RHR system.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panel includes the following loads: miscellaneous control and train D switchgear space heaters.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 1 OF 10)
CLASS 1E 125-V dc AND 120-V VITAL ac SYSTEM FAILURE MODES AND EFFECTS ANALYSIS Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function ode Mode(s) Detection Function Capability General Remarks
- 1. Redundant Provide dc A, B No output Annunciator in None; item 2 charger For single failure battery charger; power when ac main control room; available; battery analysis; since train A 1AD1CA, power available one battery can provide 2 3/4 h these components train B 1BD1CA and maintain charger trouble without charger; are redundant train C 1CD1CA, battery in a alarm for input train B available to item 2, failure train D 1DD1CA charged undervoltage, of items 1 and 2 condition; either output overvoltage, components would item 1 and/or and loss of require two single item 2 in output failures; thus, service at this would not be any time considered.
C No input Annunciator in None; battery This component main control room; available for 4 h cannot function one battery during blackout charger trouble alarm for input undervoltage, output overvoltage, and loss of output
- 2. Redundant Provide dc A, B No output Annunciator in None; item 2 charger For single failure battery charger; power when ac main control available; battery analysis; since train A 1AD1CB, power available room; one battery can provide 2 3/4 h these components train B 1BD1CB, and maintain charger trouble without charger; are redundant to train C 1CD1CB, battery in a alarm for input train B available item 1, failure of train D 1DD1CB charged undervoltage, out- items 1 and 2 condition, either put overvoltage, components would item 1 and/or and loss of require two single item 2 in output failures; thus service at any this would not be time considered C No input Annunciator in None; battery This component motor control available for cannot function room; one battery 4h during blackout charger trouble alarm for input undervoltage, output overvoltage, and loss of output REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 2 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 3. Battery; train A Backup to battery A, B No output One switchgear None; battery 1AD1B, train B charger trouble alarm in chargers (items 1 1BD1B, train C during load main control room and 2) available; 1CD1B, train D cycling (in for bus train B available 1DD1B rush current) undervoltage, and provide dc ground detection, power for and improper 2 3/4 h without breaker position battery charger output for LOCA/ C No output Control room None; train B LOSP conditions, voltmeter, available and 4 h for SBO annunciator conditions. isolation device panel trouble alarm, loss of related control room equipment indicating lights.
- 4. 125-V dc switch- Distribute A, B, Grounded, One switchgear None; train B Power still available with gear; train A power via C bus fault trouble alarm in available a single ground.
1AD1, train B breakers to main control room 1BD1, train C loads from for bus Power not available with 1CD1, train D chargers and undervoltage, bus fault.
1DD1 battery ground detection, and improper breaker position; for bus fault, no switchgear alarm. Annunciator isolation device panel trouble alarm for bus fault.
(b)
- 5. Breaker Provide circuit A, B Inadvertent One switchgear None; item 2 charger train A 1AD106, continuity and opening trouble alarm in available; battery train B 1BD107, protection main control room can provide 2 3/4 h train C 1CD106, between item 1 for bus without charger; train D 1DD106 battery charger undervoltage, train B available and item 4 ground detection, switchgear and improper breaker position C Inadvertent One switchgear None; battery This component opening trouble alarm in available for cannot function main control room 4h during blackout for bus undervoltage, ground detection, and improper breaker position REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 3 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks (b)
- 6. Breaker Provide circuit A, B Inadvertent One switchgear None; item 1 charger train A 1AD107, continuity and opening trouble alarm in available; battery train B 1BD106, protection main control room can provide 2 3/4 h train C 1CD107, between item 2 for bus without charger; train D 1DD107 battery charger undervoltage, train B available and item 4 ground detection, switchgear and improper breaker position C Inadvertent One switchgear None; battery This component opening trouble alarm in available for cannot function main control room 4h during blackout for bus undervoltage, ground detection, and improper breaker position (b)
- 7. Breaker Provide circuit A, B Inadvertent One switchgear None; battery (normally closed); continuity and opening trouble alarm in chargers (items 1 train A 1AD101, protection main control room and 2) available; train B 1BD101, between battery for bus train B available train C 1CD101, and item 4 under voltage, train D 1DD101 switchgear ground detection, and improper breaker position; plus breaker open alarm in main control room C Inadvertent Control room None; train B opening voltmeter, available annunciator isolation device panel trouble alarm, loss of related control room equipment indicating lights.
(b)
- 8. Breaker Provide circuit A, B, Inadvertent Annunciator None; train B (normally closed); continuity and C opening isolation device available train A 1AD109, protection panel trouble train B 1BD109 between item 4 alarm.
switchgear and 125-V dc panel 1 (A, B) D12 REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 4 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks (b)
- 9. Breaker Provide circuit A, B Inadvertent One switchgear None; train B (normally closed); continuity and opening trouble alarm in available train A 1AD105, protection main control room train B 1BD105, between item 4 for bus train C 1CD104, switchgear and under voltage, train D 1DD104 125-V dc panel ground detection, 1 (A,B, C, D) and improper D11 breaker position; plus one panel trouble alarm per panel in main control room for bus undervoltage, ground detection, and branch breaker overload. For 1CD104 and 1DD104, failure detection is control room annunciator isolation device panel trouble alarm.
C Inadvertent One switchgear Single failure on For 1CD104 opening trouble alarm in auxiliary feedwater breaker auxiliary main control room turbine-driven pump feedwater for bus control panel function only; undervoltage, functions; blackout for other function ground detection, does not require train D available and improper single failure criteria breaker position; plus one panel trouble alarm per panel in main control room for bus under voltage, ground detection, and branch breaker overload. For 1CD104 and 1DD104, failure detection is control room annunciator isolation device panel trouble alarm.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 5 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 10. BreakerLhM Provide circuit A, B, Inadvertent One switchgear None; system safety (normally closed); continuity and C opening trouble alarm in function can be met train A 1AD110, protection main control room with loss of one and 1AD104 between item 4 for bus undervoltage, channel train B 1BD110, switchgear and ground detection, and 1BD104 inverter 1AD1I1, and improper train C 1CD109 1BD1I2, 1CD1I3, breaker position; and 1CD108, 1CD1I5, 1DD1I4, plus inverter trouble train D 1DD109 1DD1I6, 1AD1I11, alarm in main and 1DD108 1BD1I12 control room.
- 11. BreakerLhM Provide circuit A, B Inadvertent One switchgear None; train B For breaker 1AD111 (normally closed); continuity and opening trouble alarm in available and 1BD111 train A 1AD111, protection main control room train B 1BD111, between item 4 for bus undervoltage, train C 1CD111 and 125-V dc ground detection, MCC 1 (A, B, C) and improper D1M breaker position; plus one MCC trouble alarm in main control room for bus undervoltage C Inadvertent One switchgear Single failure on For breaker 1CD111 opening trouble alarm in auxiliary feedwater main control room turbine-driven pump for bus motor-operated undervoltage, valves and ground detection, associated controls; and improper blackout does not breaker position; require single plus one MCC failure criteria trouble alarm in main control room None; train B For breakers for bus undervoltage available 1AD111 and 1BD111.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 6 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 12. Inverter; train Convert 125-V A, B,C, No output, Common None; system safety No high ac output for A 1AD1I1, 1AD1I11 dc to 120-V high output annunciator in main function can be met Westinghouse inverters, no train B 1BD1I2, ac and pro- voltage, high control room for with loss of one high dc voltage for Elgar 1BD1I12 train C vide voltage output - Low dc voltage channel inverters, inverter failure for 1CD1I3, train D to vital frequency - High dc voltage solid-state controls inverters 1DD1I4 instrument - Low ac output only.
panels 1AY1A, voltage 1BY1B, 1CY1A, - High ac output 1DY1B, 1AY2A, voltage 1BY2B - Inverter trouble.
(c)
- 13. Regulated trans- Backup to inverter A, B No output None None; train B For single failure former; (item 12) when available analysis: since train A 1ABB40RX it is isolated these components and 1ABC09RX for maintenance are redundant to train B 1BBB40RX or malfunction item 1, failure of and 1BBA07RX (requires local item 1 and 2 train C 1ABA07RX manual switching components would train D 1BBC09RX at item 14 panel) require two single failures; thus this should not be considered; however, these components are redundant to item 12 C No input None None; train B This component available cannot function during blackout
- 14. 120-V ac vital Distribute A, B, Ground and Panel trouble None; system safety Power still instrument panel; power via C bus fault alarm in main function can be met available with a train A 1AY1A, breakers to control room with loss of one single ground.
1AY2A, train B loads for ground channel 1BY1B, 1BY2B, detection and bus train C 1CY1A, undervoltage train D 1DY1B REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 7 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 15. Interlock(b) Provide local A, B, Inadvertent Panel trouble None; momentary breaker one manual switching transfer alarm in main loss of power to per train between inverter control room item 14 panels; (located at (item 12) and for ground train B available item 14 panel) regulated transformer detection and bus (item 13) and undervoltage preclude both being connected A, B Inadvertent Panel trouble None; train B together; also opening alarm in main available provide incoming control room overload protection for ground detection and bus undervoltage C Inadvertent Panel trouble None; panels are opening alarm in main normally fed from control room inverters which for ground are backed by detection and bus batteries that are undervoltage available for 4 h
- 16. 125-V dc panel; Distribute A, B, Ground, One panel trouble None; train B Power still train A 1AD12, power via C bus fault alarm per panel available available with a train B 1BD12 breakers to in main control single ground loads room for branch breaker overload. Power not available Bus fault will with bus fault.
provide an annunciator isolation device panel trouble alarm. Ground detection provided by control room alarm for the panel supply switchgear.
- 17. 125-V dc panel; Distribute A, B, Ground, One panel trouble Same as 16 Power still train A 1AD11 power via C bus fault alarm per panel available with a train B 1BD11 breakers to in main control single ground loads room for bus undervoltage and branch breaker overload. Ground detection provided by control room alarm for the panel supply switchgear.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 8 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 18. 125-V dc MCC; Distribute A, B, Ground, MCC trouble None; train B Power still train A 1AD1M, power via C bus fault alarm in main available available with a train B 1BD1M breakers to control room single ground loads for bus undervoltage, and branch breaker overload.
Ground will provide a control room alarm for the MCC supply switchgear.
- 19. 125-V dc panel; Distribute A, B, Ground, One panel trouble None; train D Power still train C 1CD11, power via C bus fault alarm per panel available available with a train D 1DD11 breakers to in main control single ground loads room for branch breaker overload. Power not available Bus fault will for bus fault.
provide control room annunciator isolation device panel trouble alarm. Ground detection provided by control room alarm for the panel supply switchgear.
C Ground, One panel trouble Single failure; For 1CD104 bus fault alarm per panel in single failure on breaker auxiliary main control room auxiliary feedwater feedwater function for branch breaker turbine-driven pump only; for other overload. Bus space heater and function train D fault will provide control panel available control room functions; blackout annunciator isolation does not require device panel single failure trouble alarm. criteria Ground detection provided by control room alarm for the panel supply switchgear.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 9 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 20. 125-V dc MCC; Distribute A, B Ground, MCC trouble alarm None; ac drive train C 1CD1M power via bus fault in main control auxiliary feedwater breakers to room for bus available loads undervoltage, and branch breaker overload. Ground will provide a control room alarm for the MCC supply switchgear.
C Ground, MCC trouble alarm Single failure; bus fault in main control single failure on room for bus auxiliary feedwater undervoltage, turbine-driven pump and branch breaker motor-operated overload. Ground valves and associated will provide a controls; blackout control room alarm does not require for the MCC supply single failure criteria switchgear
- 21. Inverter; Convert 125-V A, B, No output One inverter None; trains A and train C 1CD1I5, dc to 480 V, C trouble alarm per B and train C or D train D 1DD1I6 3 to provide inverter in main available power to operate control room residual heat removal isolation valves
- 22. Motor starter; Controller for A, B, Inadvertent One starter None; trains A and train C 1CD1I5N, residual heat C opening of trouble alarm per B and train C or D train D 1DD1I6N removal isolation input breaker starter in main available valves control room for loss of voltage and motor overload Motor overload One starter None; trains A and trouble alarm per B and train C or D starter in main available control room for loss of voltage and motor overload No operation No change in None; trains A and status of B and train C or D indicating lights in available main control room REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-5 (SHEET 10 OF 10)
Plant Method of Failure Effect Item Description Safety Operating Failure Failure on System Safety No. of Component Function Mode Mode(s) Detection Function Capability General Remarks
- 23. Individual Cell Equalizer None A, B, C Open A. Cell voltage None; the battery cell A short in the reading will be effectively ICE device will B. Measure ICE returned to its fail to an open current. original configuration state.
- a. Plant operating modes are represented as follows:
A - normal (offsite power available).
B - loss of offsite power.
C - blackout (loss of all ac systems, except 120-V ac vital system).
System success criteria are as follows:
125-V dc system - one of two (train A or B and train C or D) channels required. 120-V ac vital system - three of four channels required.
- b. It is to be understood that the failure of any one circuit breaker to open when required to under fault conditions will result in the loss of the associated train with redundant train still available.
- c. Unit 2 transformer numbers are suffixed by RX in lieu of X.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-6 125-V-dc BATTERY A LOAD REQUIREMENTS (SBO)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-1 min 1-240 min Random Load Total load includes inverters, MOV(a), dc 1 441 255 62 distribution panels,(a,c) dc switchgear, 2 431 257 70 MCC indication and relaying.
- a. The field flash current has not been added to the first period or random load and the MOV current has not been added to the random load since the peak load occurring during the period has been considered. The peak load is due to the breakers closing, which does not occur coincidentally with the field flash or MOV currents.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panels include the following loads: Class 1E ac switchgear circuit breaker operation, safety features status indication relays and lights, diesel generator field flashing, diesel generator control, reactor trip switchgear, solenoid valves, and Class 1E control cabinet circuit indicators.
REV 23 3/21
VEGP-FSAR-8 TABLE 8.3.2-7 125-V-dc BATTERY B LOAD REQUIREMENTS (SBO)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-1 min 1-240 min Random Load Total load includes inverters, MOV(a), dc 1 444 257 82 distribution panels,(a,c) dc switchgear, 2 429 255 50 MCC indication and relaying.
- a. The field flash current has not been added to the first period or random load and the MOV current has not been added to the random load since the peak load occurring during the period has been considered. The peak load is due to the breakers closing, which does not occur coincidentally with the field flash or MOV currents.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panels include the following loads: Class 1E ac switchgear circuit breaker operation, safety features status indication relays and lights, diesel generator field flashing, diesel generator control, reactor trip switchgear, solenoid valves, and Class 1E control cabinet circuit indicators.
REV 23 3/21
VEGP-FSAR-8 TABLE 8.3.2-8 125-V-dc BATTERY C LOAD REQUIREMENTS (SBO)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-1 min 1-240 min Random Load (a)
Total load includes inverters, MOV , dc 1 224 92 82.3 distribution panels,(c) dc switchgear, MCC 2 217 84 82.3 indication and relaying.
- a. The RHR isolation valve is not required to operate when ac power is not available to the RHR system.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panel includes the following loads: turbine-driven auxiliary feedwater pump control panel, safety features status indication relays and lights, miscellaneous control, and dc switchgear space heaters.
REV 13 4/06
VEGP-FSAR-8 TABLE 8.3.2-9 125-V-dc BATTERY D LOAD REQUIREMENTS (SBO)
Current Required per Time Interval after ac Power Loss (A)
Load Description Unit(b) 0-240 min Total load includes inverters, MOV(a), dc 1 77 distribution panels,(c) dc switchgear, 2 70 MCC indication and relaying.
- a. The RHR isolation valve is not required to operate when ac power is not available to the RHR system.
- b. Differences between switchgear and control load design configurations cause amperages to vary between Units 1 and 2.
- c. The dc distribution panel includes the following loads: miscellaneous control and train D switchgear space heaters.
REV 13 4/06
EPA CONDUCTOR AMPACITY ATt"41 YR IS 36.7 AMPS C RR ENT IN AMPERES X IU
,.,g ...g 0 0 00000 7 8 910 20 30 40 50 60 708(9~ ~ c, C C > C > ~
u,, Q) r-cic>a-1 * ,.._ M ... ,.,, , * * - *~ - ...... ,---..--:- ~~go N88 ~. - * - * .. - ;-.;:::; --?'
800 800 700 ~ 700 600 .flO MCC 600 SOD r ., J. J~
)~J;~s,.
500 400 ' H r '1 T'l~ Hf'H 400 l)i~':.'=~
Sr.=li.or/Trip lOo A 300 - J_
--+-
'1 dr:-- --~: .
lCC So. SC-)jOl}.77 300 l
\ 1i1 r ,.... Hrn UA 1AC) 200
. T'CCt-lo. SC-U ll-71 I 11*:i I
' tUtMOTOL
- -,~
I;,
--i f1*lc*-fflllllli-T
., 1)'p<(JOO TC'Ct-Jo. X)'4-l.t l60 IHI AWGCO...-AX i~o l,OAI> 80 70 60 CUR.VE IS Ant.lCABLE FOR fJ(Y C'OMBDfATION Of T11aMAL MAc;t,.'IT1COA MACift'<"'ETIC ONL Y 50 81'£AJ<D.S Of ll<E SlZ>S USll'D BE.LOW 40 15-lOA ntERMAI . MAQd"TIC CIRCUrT 8Rf.AXD.S A-.e BOU'NOED BY nos CURVE JO l *UA MA<;HETIC ONl. Y CIRCUIT 8REAXfilt.$ Wl1l'I SETI"JNG <17$.A AA£80UNDU> BY TH JS CUR\1£ 20
( I 1, A SETTINO PL01T£()).
Cl~.HAMMEJlTI'PEOOOffiATIOMsER.1£S THEAAtAI.. OVERLOAD ltEU Y Wffll rot. CotLS SMAJJ..D fflA N HIO,O AA.£80\Jt.OF,J>R\' T'Hl i C\.'RYE. io
,- Cl TI.ER-HAMMER TYft >u6 tfU::E>OM SEJUES 8 fflERMAL OVERLOAD R.£LA YS MAY BE US:EO. 1 r.AAX'IMll..t HEATD SIZE f5 H1Q ll8 MAXIMl.'M 6 SETT1NGOF 17 AMPS ISSIIOWN.
5 TOI. ,iorll$ED Ol'CUSS IE ...oTOI< OPO.ATID VALVE$
il Ii 3
~ TT I , 11. :1 I IT: 2 2 * ' ti 1: ' , :)
j I i! :I i ! I I :I I **
, ::1 1111 Iii,
'. i : :Ii A_go 0 .80 0 . 70
'* 0 .60 TT *-r'- 0 .50
.ll!. 0 .40
~J;-,
- 0. 30 0 .20 II
- r **-
UB 1 -.1--~
- 0. 08
- - +-_ _,::~:.;
- '1 '
- _ _ . *- . ......;-.1.- ....,.. . L-
- ~
E~ 0. 07
- 0. 05 l--r---i-* N +-+++<+.-le#- - . t--t--r-+- 1-. 11t-;-!~
- 0. 05 t 4t I l--j -+J-.; - '-i- -' *~
t+*-'-
0 .04 N," II I I : j
-+j~
, 0 . 03
- 0. 02 i;
0.01 3 4 5 6 7 8 910 20 30 40 50 60708CB(@
0 0 g g ggg~
N ('I') <It U"J f,/;;),....(0(.1)
CURRENT IN AMPERES X 10 REV 22 9/19 PENETRATION OVERCURRENT VOGTLE SOUTHERNA ELECTRIC GENERATING PLANT PROTECTION COORDINATION CURVES COMPANY UNIT 1 AND UNIT 2 FIGURE 8.3.1-1 (SHEET 1 OF 35)
EPA CONDUCTOR AMPACITY AT 1-41 YR IS 46.0 AMPS
~\ - - - EPA CONDUCTOR AMPACITY AT t=-41 YR IS 51 .9 AMPS CURRENT IN AMPERES X 10
\
u, u>r,,.mcn 0 00001 34567 80 20 30 40 so601mmfe ~ ~ ~ ~ i ~!~
1 18 ---
800 .._
- _,...... ~.::::r 700 *-- 1 ...:._. ----::...:.::i:= -1 1 "°'MOC 600 ***'--- ... j) fOATMBIUO::ll WESITNCHOUSE 500 H-++H,t4+
- +-
- -* - i Typt HA3
- oo - -*- - '+ I I)&~.=:
StnN"/rrip4tl,ll A TCCNo..SC..J,o,J..77 - *oo 300 :w. l-_ --~ * - 300 l
Lil . !!'--* *-'-'-..;- I-+ Tn,cHF'BzjAlAC'J Tr.f' ~SC'-Hll-71 200 t - *-'-- - h ~lDuTOl CIIUtl-~
~ 200 j I 1 - - i,.... 1_ _:_ _ i,...: T,-peCllJO TC(' Ng ,0,-.14Hi,4
! I 110 .-.WG CC)N.U
!11 j1 Qtl t ll .-.wG C()N..U:
11 UWl
- 60
~o 80 70 C 70 60 Ct.JaVl ~APPUCA.SU R)I.A'ilVC0M81N-A"Tk)ti:
60 50 OF TIIEllMA.l MAGNETIC Ok MAGNETIC' ONLY R so
- -t
,,~ *o l'-\\--l---l\-l-+---++-+--H-++I-H-l!+H-11-- '- ~ BllEAKE~ Of' THE SIZES US TEO BELOW
- o l
" \ i_,_,_....,..,_,_,._____,__..__,____,,__,__,-j U-WA THERMAL MAGNnK:CIII.CUIT BR£.u.EAS f- 30 30 1-1-1-l-l+H+l-1--- i - -
- AR£ BQU),101D BY THl~C'UllVE J-l.M M/1.(iNETtC 20 H-+t+H-l+H- t-*
I\
'\ I i ONLY CIRCUIT Bl.EAKfJlS Willi SETTINCi o!: l'!ilOA ARE BOUNDED BY Tit\S cm.VErl90A SEmNG PLOl'TEO).
r 20
\ I i a.."ll.U.*HAMMEJl TYPE coo errA,Tl()t,i S!.IIES
\ \ TtiERMAI. OVtRI.OA0 R.ELAV WITI-i TOl. (Oil.$
,a i SMM.LlR Tit/JII H1044 Mf BOlh!DED o*y ll(IS CUR\"E.
8 ('IJTUR, HA MM'U TVtE .i06 FREE.c<>M SEkJES 7 Tlt £RMAL o,;01.0AD H.1,A YS MAY BE USf.D 6 MAxlMl!M Hf.ATE!! SQ.J: IS HlOIJB. MAXIMUM SITTING OF l.l AMPS IS. SHOwfrri (FOR 110 5 AWGCONAXONI.Y)
- ml- I-TOLNOT USEOON CLASS IE MOTORO,ElATU>
VAlVI$,
3 l
**T
~ I
,, ] 1
,* I 0,90 0.80
- 0. 70 1
us 1
- 0. 70 0 . 60 0.60
-' 0. 50 o.so *~ ,IR o.*o H-1+1-t-tffic1-*=i_---:-* '-* _ ._
' *++ 1 I N
N r~
W. '-
, .-: \ --- *-,- M~
"'"-'*1---<-+_,__._, _,_.,-~.,_,..,_-+*-r-t**,
=i=!-- ; I*
i,
- 1,
- If
- o.*o 0.30 l ) I A**i,_ ~~ ~ I l: ,,: , 0 .30 I
0.20 I 0. 20 5AVII) ..
11 I,
~~ \.
1 1 ! AWG Ic'oN~ :
"i I I
- ~~ ~
1,: I I I I~ V, ~: I I! I 'i' I I I ! I UB 0 . 08 0 . 07 0 . 06 o.os 0 .04 H-l-l--1-l-H I-II--- q: 4 0 .04 H-l-H-l-H -l+l---+--1---jf-+-+, I -l-14+1+U-4>--- -l-l '- ,._
1 11 .11:1* 0.03 0 . 03 l-+,,-t-t-l~~ --1---+ - , v. *11:,.
- H-l+ H-tt++l--- -+--l ----l-f- j..-/-+--l+t-!+-l-!H-lf--- +---1\.c+-+-1-+,
- ! ~,.__ 0.02 0.02 II 1
I 1
i i 1 111 I
i i iI ; . . *,, 0 . 01 0 . 01 3 4 S 6 7 8 910 20 30 *o so 6010,mie 11\ ~ ~~I!:~
CURRENT IN AMPERES X 10 REV 22 9/19 PENETRATION OVERCURRENT SOUTHERN COMPANY A VOGTLE ELECTRIC GENERATING PLANT PROTECTION COORDINATION CURVES UNIT 1 AND UNIT 2 FIGURE 8.3.1-1 (SHEET 2 OF 35)
EPA CONDUCTOR AMPACITY AT 1:41 YR IS 73.4 AMPS 1 0 f80 800 In <<> ,..,.coo, 0 00001
~
2 3 4 5
,,.\ -*
20 30 EPA CONDUCTOR AMPACITY AT 1=-11 YR IS 103.8 AMPS CURRENT IN AMPERES X IO 40 50 60 llJIIBte
'. ....--*~
0
~
0 0
0 0
~ ~g~~
-~
0000
~*-- ,,_
~
'.::rr,i(~lil(;:we In U) ,..,.a:,
--- **-* --.-. J88° R 800
.. ~.:r-1:: ::t:::1:1: -: -:-_ : *mtMOC )00 I,,. . . . . .
700 ~ 1
. - - ~-
r~=
600 **- '--i- 1---i _ ,_ ,. H 600 soo - -'-1 .'
t -- ~ - ) ~~ICAJSE
\-* ~t ~
- e,......... 500
- I ... -.: -:i:= ;-. - . . - - - ,_ -i-
~ S,.lu,od l ~llilllA JCC H. *. *.)J.fl\.-71 400 400 ! II i I I\
300 ~ ,,
tt \I*
- - f*-!,.
.... *- + ..
1+ *- h- '1.
\ - - . I I
I
-- - - L- .
...-'. µ
--t I
T,-pcHJti.l(M.1AC, fCC J,,o SC-m)-1' 1111),QJ(ll.
300 I i I \\ : I i I i I I Ciam-lt-
+-
200 TyprCXIO ~ 200
',, i \\L I i ! TCCJ,,:e. C.HX ldOl
... (IR '6 AV.'(i j'
~
~ f'Di,~Tic>>r II '
I I' i l ~ I!:- I
~ .,
1 ~o 98 80 70 60 I( * ~
-- - - t'UI VF.1~ Affl. lCAAU! rOI A>-'Y COMEVNAnot:
llr TirF.R.1,1.AI. MAC'.tll~()tl MA r'lNl!'flCOWl ,Y
~ O I lltt. Sl.(.LSUS l\.1.11:1,t.l..OW ll 80
~ 10 60 so [I~ ' .. I 1)-'JIM. nDMALNMlNF.OCCltCUlTRlll!AJ:US AM,90U)lOtJ)U'l'l"HICVlV£.
50 40 l 40
).>QAMAC:JrilET'IC'a.,llY ctRCUff"BllAI.D.S Wl'nl 30 ,. *- ; ~ < l ? M A.R.tROUt,.'DO)ftYT)QS(UltY[ 1 30
' 'I 20 - i VISll:I
' ' 1 (l111A ~ A .OTITT)J cun.tll-NJ,Or,EJl TYP£ooo enAT1c.M sauu i 1 20 I
I i I I \ TIIIJIMAL O VW.OAO REL.A Y \l,TJH TQl. COU.S nos i9 SMA1JJ:,Jl TttA.li tl l04& ARE. BOUhUl>SY II ' CUII V,:
10 9
I I
! I r-. ~ TYPE .'OS ltDMAL OYQiON,)Rl:1..A Y5 MAY BE USED
~ICl:A1'1]l$llE t$ 1DOIW, M.\XJMUM FUf.DON $.F.:aJn 10 8
8
~ 7 M:' f ltM.tN~AMt'Sl:tSH()',¥tf_
7 r 6 --- .,__I-- - 6 s
""j. _ --~ ..
roL ~ usEDOW CLASS 1t MOT(llt OPD.Aff.D
~
5
-- - --* - ' MAXfAIA.TC\MAOlt lS I J000>, fOll '6 A\lrO 4 I
' '\ ' '\ Pf)IEBA TlOJrrl MAX rAUl T aJRJtDfl IS 11~ '
3 I
I V,
f\"111 ... 1+,\lt.'Gfl'J'NF..lt.Al'l()N 3 I
I *--T I
I I I
I I
~~ ~
~i, ~ \.
\
\ I ' I I
. ii I !I I
~II ) Bl K~ : I ,- _j
~~ -~
\
r-. \ II -,
~
oJo 0 . 80
- o. 70 f- - **
~ ,,.~ *- ,- -- -- -- -
A_9g 0.8 0 . 70 z
0 . 60 0.50 I I
~ :,.r.r,r,
-~- '
, 0 .60 0 . 50 !
0 .40 -,_ .J.
+ -1'-'-t ~~~~
I
' 0 . 40 0 . 30 -- "
u,
,1_ I'
' i i
i I "j'
~
Q~ w~
~ ..
~ I
"-'..,.. *r ll 0 .30
~
I*
I I ' I I :t,: I ,; 0 . 20
! ' I ~~ rma 0.20
' II .l I I I I ! I I I I ! j i ! I I I i ~~r,~ ' I I I :! i Ii ua I I i I
'I\ ..
- '. I :i 11 8:Jg 0 . 08
- -_-;t_: *:-*...;-- . - 0 .08 0 . 07 0 .07
~i:;P,~
- 0. 06 I i I'
- .+
V,:v,~ W,1/2 ,,,
~
'i '
1: 11 0 .06
- 0. 05
- 0. 05 I
V, V- V./././/
7-*- : 0 . 04 0 . 04 0.03 I
I I I I
I I
I I:::: ~rma ' ---- l I l I'
,i i
0 . 03
' I 11/.~V,~Y.
V, I - ~~ ! IW~!1/4 I ; ! I!
0 . 02 0 . 02
_.. ! ;i l I
I ~~~ -'f:1'~
n~ ! I I
~~~ ~
I
! II, j
I t
II. i i I
i
,1
- I II 0 .01 3 4 5678910 20 30 40 50 607<81B~
CURRENT IN AMPERES X 10 REV 22 9/19 PENETRATION OVERCURRENT VOGTLE SOUTHERN~
ELECTRIC GENERATING PLANT PROTECTION COORDINATION CURVES COMPANY UNIT 1 AND UNIT 2 FIGURE 8.3.1-1 (SHEET 3 OF 35)
EPA CONDUCTOR AMPACITY AT,,.., YR IS 146.8 AMPS CURRENT IN AMPERES X IIXI 1n ~ ,....crxn ci 00001 2 3 4 5 6 7 89 10 20 30 40 50 60 70811l~
0 i:: ...
0 0
0
~
00000 ooooc;;;r:ic 1n m "men-- ~ ..."" ~ ~~~~
lj~w *- . ... , - - rr r-r- -~--- ---*-*- -- ----
--- U8° 80 0
., ~ ~
800 70 0 60 0
-r*
- f 1-t
~ :I
~ I
- - '---1-t-*
~-----.:..-== ~
-+-~1 .. 700 600
- L ~ .** -
""M{"(:
--H * -
I)V:r,,.si"........
- 500 50 0 .* ; -- -- ?.4J~ls£ I I 400
.. -r 400 1: \ I
-,uu, ,. .' I I
~
r=*
r--.. s.om.,JTRI' llS 0 A 30 0 ~
~ ~ *- - ._ __ ~ IV.
~
rec SC"..)SII -77 300 l ! 11,
'I . , I' i; '
I '
I J ~,T ! I 'I i i T)' pdlrB IOOA (ACI 200 10 0 TCC Nt1 SC-n!l- 17
\ I ! !
- 1\I I I I ' HIOS-9TOL !
' ' I
- *- *-* . .. -;- +**
I
- i_ C1111lrr ,H
- mat'f' 1
I
! II \ \ I I '
I I
.II '
I I ,
. l Typi::CJOO TCCNo C)SXIOU l
11 !--***- ' '
LO..D 12 AWG~TION l"ONOC"CTOR 18° 80 80 70 70 60 50 I '
CURVE IS APPUCAIILE FOR AtlY COMROUt.TION Of TirERMAL MAOHETlC OR MA0)t,.' £TIC ONL 't BRE.AJ(EJlS Of ~SIZESt.lSTEI>B8.0W IS* I ?i.\ TJtEllMAL MAG'NFTIC CIRCIJIT ORE.AKERS 60 50 41) 40 Nt£..8(A.N)fl)Elrno~cvaVE.
11 ' ' " II : 30 30 l-\OOA MAGNETIC OHL YC1 RC1.'IT8REAKER!li WlTII I I
' S£rm<<j: OM !J-'. RIF~'\
TIIF.RMAI, OYf.Rl ,OAO RF).AY~ MAY 'A[ 1r.v:;o 8 MAXIMUM HEA"ID Sil.I. 1$ Hl024, ~ l 8 7
7 SETTlNO Of' 110 ~ 1:SSIIOWN 6
6 TOI. "°T USED ON CLASS l E MOTOR. Clf'EJtA TID 5 VAi. VI'S. 5 4 U'l//.
I
, MAX FA.ULT WRREm IS.) lJJlA.
4 3
- v'"//_/,
11//,,0 ~
A
,, i
! ~~ ~K _,_,_ **---*~,_
1
~~ ~ I
- -- - ***it - .
I i
Ii' I A_go I I I
~~
~ I 11 I
~ I I I j o.lo 0 _8 0 ~ 0.80 O. JO z
0.1 0
,_ 0.60 "'
m 0 . 60 0 . 50 0 .40 V/,
1/2r,,; 1/2
- Cl .
I '
I
- 0. 50 0.40 I
0 .30 ,, ~ "- NI\: I
~WL0 ,,,,,_ I I
! : I
- 0. 30 I v -~ ~ I I\ ! I ;
- I
- 0. 20
- 0. 20 I
?,~ ~ I I ! \ I 1,1 I i
-1 I
' Wffi I ' i\ i !I i .. ! I! I 'i j' 1 1!
8:Ai I
8:63 0 .08 .. - ;.:..-4 . -* 0. 08 0 .07 0 . 07
- 0. 06 0 .06 0 .05
-** - 0.05 v,z 0 . 04 0 .04 0 .03
- Wh,- ,'l V7/h*, - 0 .03
- 0. 02
.W//2
~ -
(//.
I I I ,I i
i Ii I I i' 0 .02 I
I v ~P
~"'~~
- ""'"' = I I
I I 1\
!I 7
I l:
ii lij
!11 : 0. 01 0 . 01 0
~ <D,...COO'>
4 5678910 20 30 40 50 60 lCIUll~ 0 0 0000 1 N CU RRENT IN AMPERES X 100 REV 22 9/19 PENETRATION OVERCURRENT VOGTLE SOUTHERN.A_ PROTECTION COORDINATION CURVES COMPANY ELECTRIC GENERATING PLANT UNIT 1 AND UNIT 2 FIGURE 8.3.1-1 (SHEET 4 OF 35)