ML21286A364
Text
BFN-17 7.0 CONTROL AND INSTRUMENTATION 7.1
SUMMARY
DESCRIPTION The control and instrumentation section presents the details of the more complex control and instrumentation systems in the plant. Some of these systems are safety systems; others are power generation systems.
7.1.1 Safety Systems The safety systems described in the control and instrumentation section are given below.
- a. Nuclear safety systems and engineered safeguards (required for accidents and abnormal operational transients):
Reactor Protection System, Primary Containment Isolation System, Core Standby Cooling Systems Control and Instrumentation, Neutron Monitoring System (specific portions), and Reactor Vessel Instrumentation (specific portions), and Anticipated Transients Without SCRAM.
- b. Process safety systems (required for planned operation):
Neutron Monitoring System (specific portions),
Refueling Interlocks, Reactor Vessel Instrumentation (specific portions), and Process Radiation Monitors (except Main Steam Line Radiation Monitoring System).
7.1-1
BFN-16 7.1.2 Power Generation Systems The power generation systems described in the section are as follows.
Reactor Manual Control System, Recirculation Flow Control System, Feedwater System Control and Instrumentation, Pressure Regulator and Turbine-Generator Controls, Area Radiation Monitors, Main Steam Line Radiation Monitors, Site Environs Radiation Monitors, Health Physics and Laboratory Analysis Radiation Monitors, and Process Computer System.
7.1.3 Safety Functions The major functions of the safety systems are summarized as follows.
- 1. Reactor Protection System The Reactor Protection System initiates an automatic reactor shutdown (scram) if monitored system variables exceed preestablished limits. This action limits fuel damage and system pressure and thus restricts the release of radioactive material.
- 2. Primary Containment Isolation System This system initiates closure of various automatic isolation valves in response to off-limit system variables. The action provided limits the loss of coolant from the reactor vessel and contains radioactive materials either inside the reactor vessel or inside the primary containment. The system responds to various indications of pipe breaks or radioactive material release.
- 3. Core Standby Cooling Systems Control and Instrumentation This subsection describes the equipment required for the initiation and control of the High Pressure Coolant Injection System, Automatic Depressurization System, Core Spray System, and the Low Pressure Coolant Injection System.
7.1-2
BFN-17
- 4. Neutron Monitoring System The Neutron Monitoring System uses in-core neutron detectors to monitor core neutron flux. The safety function of the Neutron Monitoring System is to provide a signal to shut down the reactor when an overpower condition is detected. High average neutron flux is used as the overpower indicator. In addition, the Neutron Monitoring System provides the required power level indication during planned operation.
- 5. Main Steam Line Radiation Monitoring System Deleted
- 6. Refueling Interlocks The refueling interlocks serve as a backup to procedural core reactivity control during refueling operation.
- 7. Reactor Vessel Instrumentation The safety function of the reactor vessel instrumentation is to provide input to the reactor protection system and the core standby cooling systems. This instrumentation also provides information for the operator to take manual actions in addition to the above mentioned automatic system actions during abnormal and accident conditions. In addition, during planned operations the reactor vessel instrumentation monitors and transmits information concerning key reactor vessel parameters to ensure that sufficient control of these parameters is possible.
- 8. Process Radiation Monitors (except Main Steam Line Radiation Monitoring System)
A number of radiation monitoring systems are provided on process liquid and gas lines to provide sufficient control of radioactive material release from the site.
- 9. (Deleted) 7.1-3
BFN-17
- 10. Anticipated Transients Without SCRAM The design objective of the Anticipated Transients Without SCRAM (ATWS) is to provide an alternate means of bringing the reactor from full power operation (MODE 1) to a cold shutdown (MODE 4) condition independent of the normal means of shutdown. The ATWS design is intended to mitigate any abnormal operational transients, as defined in FSAR Section 1.4. The systems and equipment required by 10 CFR 50.62 for ATWS do not have to meet all of the stringent requirements normally applied to safety-related equipment.
However, this equipment is part of the broader class of structures, systems and components important to safety.
7.1.4 Plant Operational Control The major systems used to control the plant during planned operations are the following:
- 1. Reactor Manual Control System This system allows the operator to manipulate control rods and determine their positions. Various interlocks are provided in the control circuitry to avoid unnecessary protection system action resulting from operator error.
- 2. Recirculation Flow Control System This system controls the speed of the two reactor recirculation pumps by varying the electrical frequency of the power supply for the pumps. By varying the coolant flow rate through the core, power level may be changed. The system is arranged to allow for manual control (operator action).
- 3. Feedwater System Control and Instrumentation This system regulates the feedwater system flow rate so that proper reactor vessel water level is maintained. The feedwater system controller uses reactor vessel water level, main steam flow, and feedwater flow signals to regulate feedwater flow. The system is arranged to permit single-element (level only), three-element (level, steam flow, feed flow), or manual operation.
- 4. Pressure Regulator and Turbine-Generator Controls The pressure regulator and turbine-generator controls work together to allow proper generator and reactor response to load demand changes. The pressure regulator acts to maintain nuclear system pressure essentially constant, so that pressure-induced core reactivity changes are controlled. To 7.1-4
BFN-17 maintain constant pressure, the pressure regulator adjusts the turbine control valves or turbine bypass valves. The turbine-generator controls act to maintain turbine speed constant, so that electrical frequency is maintained.
The turbine-generator speed-load controls respond to load or speed changes.
The turbine-generator speed-load controls can initiate rapid closure of the turbine control valves (coincident with fast opening of the bypass valves) to prevent excessive turbine overspeed in case of loss of generator electrical load.
- 5. Process Computer System (RWM)
The process computer is provided to supplement procedural requirements for the control of rod worth during control rod manipulations during reactor startup and shutdown.
7.1.5 Definitions The complexity of the control and instrumentation systems requires the use of certain terminology for clarification in the description of the protection systems. See additional definitions in Subsection 1.2, "Definitions."
- 1. Channel--A channel is an arrangement of one or more sensors and associated components used to evaluate plant variables and to produce discrete outputs used in logic. A channel terminates and loses its identity where individual channel outputs are combined in logic. See Figure 7.1-1.
- 2. Sensor--A sensor is that part of a channel used to detect variations in the measured power plant variable. See Figure 7.1-1.
- 3. Logic--Logic is an arrangement of relays, contacts, and other components that produces a decision output. See Figure 7.1-1.
- 4. Trip System--A trip system means an arrangement of instrument channel trip signals and auxiliary equipment required to initiate action to accomplish a protective trip function. A trip system may require one or more instrument channel trip signals related to one or more plant parameters in order to initiate trip system action. Initiation of protective action may require the tripping of a single trip system or the coincident tripping of two trip systems. See Figure 7.1-1.
- 5. Actuation Device--An actuation device is an electrical or electromechanical module controlled by an electrical decision output used to produce mechanical operation of one or more activated devices to accomplish the necessary action. See Figure 7.1-1.
7.1-5
BFN-28
- 6. Activated Device--An activated device is a mechanical module in a system used to accomplish an action. An activated device is controlled by an actuation device. See Figure 7.1-1.
- 7. Trip--A trip is the change of state of a bistable device which represents the change from a normal condition. A trip signal, which results from a trip, is generated in the channels of a trip system and produces subsequent trips and trip signals throughout the system as directed by the logic.
- 8. Setpoint--A setpoint is that value of the monitored plant variable which causes a channel trip.
- 9. Component--A component includes those items from which the system is assembled (e.g., resistors, capacitors, wires, connectors, transistors, switches, springs, pumps, valves, piping, heat exchangers, vessels, etc.).
- 10. Module--A module is any assembly of interconnected components which constitutes an identifiable device, instrument, or piece of equipment.
- 11. Incident Detection Circuitry--Incident detection circuitry includes those trip systems which are used to sense the occurrence of an incident. Such circuitry is described and evaluated separately where the incident detection circuitry is common to several systems.
- 12. Channel calibration, channel check, channel functional test, and logic system functional definitions are provided in Technical Specification Section 1.1.
7.1.6 Environmental Qualification of Electrical Equipment The electrical equipment, within the scope of 10CFR50.49, at BFN was originally qualified to the acceptance criteria specified in either 1) Category I of NUREG-0588 (Institute of Electrical Engineers (IEEE) 323-1974) or 2) Category II of NUREG-0588 or the Division of Operating Reactor (DOR) guidelines of NRC Inspection and Enforcement (IE) Bulletin 79-01B (IEEE 323-1971). Replacement components are qualified in accordance with 10CFR50.49.
NRC IE Bulletin 79-01B Environmental Qualification of Class 1E Equipment, was issued January 14, 1980. Subsequent supplements were issued February 29, 1980, September 30, 1980, and October 24, 1980. This bulletin requires the licensee to perform a detailed review of the environmental qualification of Class 1E electrical equipment to ensure that the equipment will function under postulated accident conditions.
7.1-6
BFN-28 TVA evaluated the electrical qualification of the safety-related electrical components in harsh environments during accident conditions and responded to the NRC on October 31, 1980.
The NRC issued a Safety Evaluation, dated June 3, 1981, for the Environmental Qualification of Safety-Related Electrical Equipment, noting several deficiencies.
TVA responded in a letter dated September 29, 1981, to address these deficiencies.
The NRC Safety Evaluation, dated January 11, 1983, requested additional information from TVA. The TVA response, dated January 29, 1985, provided resolution to the NRC questions/deficiencies. In a letter dated August 8, 1985, the NRC concluded that BFN was in compliance with 10CFR50.49, and that proposed resolution to deficiencies noted was acceptable.
In July 1985, a TVA Environmental Qualification (EQ) program audit revealed significant deficiencies in the BFN EQ program. On August 6, 1985, the NRC issued Generic Letter 85-15 related to the deadlines for 10CFR50.49 compliance. Based on these developments, TVA subsequently voluntarily maintained BFN Units 1, 2, and 3, in shutdown conditions with the intent to correct deficiencies and establish and implement an EQ program that would assure compliance with 10CFR50.49.
Following shutdown, extensive rework of the BFN EQ program took place. The Environmental Qualification Project (EQP) was established to verify, with auditable records, that all plant equipment covered under 10CFR50.49 was qualified for its application and met its specified performance requirements when subjected to the conditions predicted to be present when it must perform its safety function; up to the end of its qualified life. Supplemental procedures were written, approved, and implemented. The purpose of Environmental Qualification Documentation Packages (EQDPs) is to document, in one place, everything needed about how a given piece of equipment was qualified, and what is necessary to maintain qualification for the life of the plant. In May of 1988, the NRC performed an inspection of BFNs partially completed EQ program. On October 21, 1988, the NRC issued a Safety Evaluation that concluded the BFN EQ program complied with the requirements of 10CFR50.49.
TVA letter dated October 24, 1988, committed to implement the EQ Program prior to the restart of each unit. The NRC Safety Evaluation for the BFN EQ Program was issued on January 23, 1991.
During the license renewal process for Units 1, 2, and 3, TVA was required to demonstrate that the equipment and components in the scope of the EQ program meet the requirements of 10CFR54.21(c)(1). Section 4.4 of the License Renewal Amendment addressed this requirement. In the Safety Evaluation dated April 2006, the NRC concluded that these components will be adequately managed for the period of extended operation.
7.1-7
BFN-28 The effects of Extended Power Uprate (EPU) on the environmental conditions for the qualification of electrical equipment have been evaluated. The evaluation indicates that the electrical equipment will continue to meet the relevant requirements of 10 CFR 50.49 following implementation of EPU.
TVA has a program in place to environmentally qualify safety-related electrical equipment (including cable) that is within the scope of 10CFR50.49 to ensure that the equipment will perform its safety-related function under environmental conditions associated with all normal, abnormal, and plant accident conditions.
The method of assuring that electrical components of safety-related equipment are qualified for their potential normal operational and worst-case accident environments is described in this section.
7.1.6.1 Equipment Identification and Environmental Conditions 7.1.6.1.1 Identification of Safety Systems Systems that are required to function to mitigate a loss-of-coolant accident (LOCA) or high-energy line break (HELB) are listed in Table 7.1-1; systems required to support these systems are also identified.
7.1.6.1.2 Identification of Equipment in Harsh Environments For the safety systems listed in Table 7.1-1, safety-related equipment within the harsh environment of the Design Basis Events (DBEs) was identified. This was based on a review of electrical instrument tabulations, mechanical piping drawings, mechanical heating and ventilation drawings, conduit and grounding drawings, Technical Specifications, the UFSAR, and Emergency Operating Instructions.
7.1.6.1.3 Environmental Conditions 7.1.6.1.3.1 Mild Environments Mild environments are those areas where: (1) the environmental conditions related to temperature, pressure, or relative humidity resulting from the direct effects of a DBE are no more severe than those which would occur during an abnormal plant operational condition; (2) the temperature will not exceed 130°F due to the indirect effects of a DBE (e.g., increased heat loads from electrical equipment); (3) the accident radiation dose is less than or equal to 1.0 x 104 rads; and (4) the total accident plus 60 year total integrated dose (TID) is less than or equal to 5.0 x 104 rads.
7.1-8
BFN-28 For equipment located in a harsh zone, that is required to function or not fail for mitigation of a specific DBA, if (for the specific DBA) the accident environment in the area in which the device is located would at no time be significantly more severe than the environment for normal operation, including anticipated operational occurrences, then the environment may be considered to be essentially mild for classification purposes. Essentially mild calculations are performed for the associated area to document that the accident environmental conditions do not impose significant environmental stresses over and above normal operating conditions (including anticipated operational transients) on the device in the associated area.
7.1.6.1.3.2 Harsh Environments Harsh area environmental conditions are defined as those conditions that exceed those of mild spaces. Environmental conditions have been established for all harsh environment areas resulting from a design basis event. Temperature, pressure, humidity, radiation, and submergence were the parameters considered.
7.1.6.2 Electrical Equipment within the Scope of 10CFR50.49 A systems analysis was conducted to identify for each UFSAR design basis accident, the equipment which must operate or stay as-is to ensure completion of safety related functions as defined in 10CFR50.49. These devices became the Master Components Electrical List (MCEL). This list includes devices in both harsh and mild environmental zones.
The BFN Component Master List (CML) was derived from the MCEL. The CML is a compilation, for areas designated as harsh on the environmental data drawings, of all safety-related equipment, any required nonsafety-related equipment, and any equipment added to comply with commitments to NUREG-0737 and/or NUREG-0578 and post-accident monitoring equipment (10CFR50.49b(3)). All MCEL supporting/ancillary equipment was then identified. All components were field verified. The 10CFR50.49 list is a compilation of data for electrical equipment which has been determined to be within the scope of 10CFR50.49 via the process beginning with the CML database through the evaluations performed in preparing a qualification EQDP (or EQ binder). Auditable documentation that supports environmental qualification for the equipment type is compiled and placed in the EQ binder or is referenced therein. The 10CFR50.49 list will be maintained for the life of the plant as a permanent record. This includes revisions resulting from changes occurring in the plant design and configuration which impact the equipment within the scope of 10CFR50.49. The 10CFR50.49 list for Units 1, 2, and 3 is maintained as part of the plant Master Equipment List (MEL) data. Post-accident Monitoring (PAM) equipment instrumentation (all Category 1 and 2 equipment, with the exception of Emergency Equipment Cooling Water flow) is qualified to the requirements of 10CFR50.49.
7.1-9
BFN-28 7.1.6.3 Qualification Tests and Analysis Qualification tests and analyses for safety-related electrical equipment were conducted in accordance with the requirements of 10CFR50.49, IE Bulletin 79-01B, and the guidelines of NUREG-0588.
7.1.6.4 Qualification Test Results Qualification test results are included or referenced in the EQ binder for safety-related electrical equipment in the 10CFR50.49 program.
7.1.6.5 References
- 1. NRC IE Bulletin 79-01B, Environmental Qualification of Class IE Equipment, dated January 14, 1980.
- 2. NRC Division of Operating Reactors, Guidelines for Evaluating Environmental Qualification of Class IE Electrical Equipment in Operating Reactors, dated November 13, 1979.
- 4. NRC Safety Evaluation for Environmental Qualification of Safety-Related Electrical Equipment, dated June 3, 1981.
- 5. NUREG-0588, Interim Staff Position on Environmental Qualification of Safety-Related Electrical Equipment," Revision 1, dated July 1981.
- 6. BFN Letter to NRC, Response to NRC Safety Evaluation deficiencies, dated September 29, 1981.
- 7. NRC Safety Evaluation for Environmental Qualification of Safety-Related Electrical Equipment, dated January 11, 1983.
- 8. TVA Letter to NRC, Summary Status of TVAs Compliance with 10CFR50.49, dated January 29, 1985.
- 9. NRC Safety Evaluation for Environmental Qualification of Electric Equipment Important to Safety, dated August 8, 1985.
- 10. NRC Safety Evaluation for the Browns Ferry Nuclear Performance Plan, dated October 21, 1988.
- 11. NUREG-1843, Safety Evaluation Report Related to the License Renewal of the Browns Ferry Nuclear Plant, Units 1, 2, and 3, dated April 2006.
- 12. NRC Code of Federal Regulations, 10CFR50.49.
- 13. NRC Safety Evaluation Report on Tennessee Valley Authority: Browns Ferry Nuclear Performance Plan - Browns Ferry Unit 2 Restart, April 1989.
- 14. NRC Letter to TVA, Browns Ferry Nuclear Plant, Units 1, 2, and 3 - Issuance of Amendments Regarding Extended Power Uprate (CAC Nos. MF6741, MF6742, and MF6743), dated August 14, 2017.
7.1-10