ML22240A050

From kanterella
Jump to navigation Jump to search
Changes Related to AP1000 Gts Subsection 3.3.15, ESFAS Actuation Logic Operating
ML22240A050
Person / Time
Issue date: 06/29/2015
From:
NRC/NRR/DSS/STSB
To:
Craig Harbuck NRR/DSS 301-415-3140
Shared Package
ML22240A001 List: ... further results
References
Download: ML22240A050 (52)


Text

GTST AP1000-O68-3.3.15, Rev. 1 Advanced Passive 1000 (AP1000)

Generic Technical Specification Traveler (GTST)

Title:

Changes Related to LCO 3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating I. Technical Specifications Task Force (TSTF) Travelers, Approved Since Revision 2 of STS NUREG-1431, and Used to Develop this GTST TSTF Number and

Title:

TSTF-411-A, Rev 1, Surveillance Test Interval Extensions for Components of the Reactor Protection System (WCAP-15376-P)

TSTF-418-A, Rev 2, RPS and ESFAS Test Times and Completion Times (WCAP-14333)

TSTF-519-T, Rev 0, Increase Standardization in Condition and Required Action Notes STS NUREGs Affected:

TSTF-411-A, Rev 1: NUREG 1431 TSTF-418-A, Rev 2: NUREG 1431 TSTF-519-T, Rev 0: NUREG 1430 and 1431 NRC Approval Date:

TSTF-411-A, Rev 1: 30-Aug-02 TSTF-418-A, Rev 2: 02-Apr-03 TSTF-519-T, Rev 0: 16-Oct-09 (TSTF Review)

TSTF Classification:

TSTF-411-A, Rev 1: Technical Change TSTF-418-A, Rev 2: Technical Change TSTF-519-T, Rev 0: NUREG Only Change Date report generated:

Monday, June 29, 2015 Page 1

GTST AP1000-O68-3.3.15, Rev. 1 II. Reference Combined License (RCOL) Standard Departures (Std. Dep.), RCOL COL Items, and RCOL Plant-Specific Technical Specifications (PTS) Changes Used to Develop this GTST RCOL Std. Dep. Number and

Title:

There are no Vogtle Electric Generating Plant Units 3 and 4 (Vogtle or VEGP) departures applicable to GTS 3.3.2.

RCOL COL Item Number and

Title:

There are no Vogtle COL items applicable to GTS 3.3.2.

RCOL PTS Change Number and

Title:

The VEGP License Amendment Request (LAR) proposed the following changes to the initial version of the PTS (referred to as the current TS by the VEGP LAR). These changes include Administrative Changes (A), Detail Removed Changes (D), Less Restrictive Changes (L), and More Restrictive Changes (M). These changes are discussed in Sections VI and VII of this GTST.

VEGP LAR DOC A028: Reformat of GTS 3.3.2 into Nine Parts; 3.3.8 through 3.3.16; note that this maps GTS 3.3.2 requirements into interim A028-modified TS (MTS) Subsection 3.3.15, to which the other changes are applied.

VEGP LAR DOC A035: Actuation signal coincidence logic VEGP LAR DOC M02: Provision for Two or More Inoperable Divisions or Channels VEGP LAR DOC L01: TS Definition for Actuation Device Test is Deleted VEGP LAR DOC L10: Delete PTS 3.3.2 Function 18, ESFAS Interlocks except reactor trip, P-4 VEGP LAR DOC D03: Battery Backed Design Detail Removed Date report generated:

Monday, June 29, 2015 Page 2

GTST AP1000-O68-3.3.15, Rev. 1 III. Comments on Relations Among TSTFs, RCOL Std. Dep., RCOL COL Items, and RCOL PTS Changes This section discusses the considered changes that are: (1) applicable to operating reactor designs, but not to the AP1000 design; (2) already incorporated in the GTS; or (3) superseded by another change.

TSTF-411-A, Rev.1 provides justification to (1) increase the required action completion time and the bypass test time allowance for the reactor trip breakers and (2) increase the surveillance test intervals for the reactor trip breakers, master relays, logic cabinets, and analog channels based on analysis provided in WCAP-15376-P, Rev. 0, Risk-Informed Assessment of the RTS and ESFAS Surveillance Test Intervals and Reactor Trip Breaker Test and Completion Times.

WCAP-15376-P, Rev. 0 did not specifically consider the AP1000 design. The AP1000 GTS completion times and surveillance frequencies for instrumentation functions and reactor trip breakers were justified by APP-GW-GSC-020 (WCAP-16787), which is listed as Reference 6 in the GTS Subsection 3.3.2 Bases. Therefore, TSTF-411-A is not applicable to the AP1000 STS, and is not discussed further in this GTST.

TSTF-418-A adjusts the WOG STS (NUREG-1431) required action completion times for the conventional Westinghouse Plant Protection System instrumentation design for which the WOG STS instrumentation requirements are applicable. The changes in TSTF-418 are based on the analysis in WCAP-14333-P, which did not consider the AP1000 protection and safety monitoring system (PMS) instrumentation design. The AP1000 GTS required action completion times (and surveillance frequencies) for the PMS were justified by APP-GW-GSC-020 (WCAP-16787),

which is listed as Reference 6 in the GTS Subsection 3.3.2 Bases. APP-GW-GSC-020 does not reference WCAP-14333-P, but notes, the AP1000 protection and safety monitoring system (PMS) redundancy is as good as or better than that of the conventional Westinghouse Plant Protection System. Although the PMS equipment reliability is considered to be equivalent to or better than that of the conventional Westinghouse Plant Protection System, a common basis for comparison to the digital portion of the PMS is not readily available.

TSTF-519-T has already been incorporated into the AP1000 GTS regarding the Writer's Guide for Improved Standard Technical Specifications (Reference 4) placement of Notes in TS Actions tables.

Date report generated:

Monday, June 29, 2015 Page 3

GTST AP1000-O68-3.3.15, Rev. 1 IV. Additional Changes Proposed as Part of this GTST (modifications proposed by NRC staff and/or clear editorial changes or deviations identified by preparer of GTST)

Regarding DOC A035, which removes from Table 3.3.2-1 of PTS 3.3.2 all explicit references to coincidence logic between two or more actuation signals, this GTST explicitly recognizes that all such coincidence logic, as well as all actuation logic for the AP1000 ESFAS Functions, will be addressed within the scope of STS 3.3.15 and STS 3.3.16. In addition, for several actuated ESF systems, which have no associated system LCO specified, LCO 3.3.15 and LCO 3.3.16 include surveillance requirements for the testing the actuated components upon receipt of an actual or simulated actuation signal.

Define first use of PMS in the Bases and subsequently use the acronym PMS. Revise the first sentence of the second paragraph in the Surveillance Requirements section of the Bases under the heading SR 3.3.15.1 for the ACTUATION LOGIC TEST, as follows:

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST.

Revise the first sentence of fifth paragraph in the same subsection as follows:

To the extent possible, Protection and Safety Monitoring System PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. (NRC Staff Comment)

APOG Recommended Changes to Improve the LCO and Bases In LCO 3.3.15, part a, ESF has not been previously defined. Change ESF to Engineered Safety Features (ESF) in the LCO statement.

In the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.15 under the heading ESF Coincidence Logic, the second paragraph, uses the term ESF. ESF -

Engineered Safety Features - has not been previously defined. Change ESF to Engineered Safety Features (ESF)

Throughout the Bases, references to Sections and Chapters of the FSAR do not include the FSAR clarifier. Since these Section and Chapter references are to an external document, it is appropriate to include the FSAR modifier. (DOC A003)

Date report generated:

Monday, June 29, 2015 Page 4

GTST AP1000-O68-3.3.15, Rev. 1 V. Applicability Affected Generic Technical Specifications and Bases:

Section 3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Operating Changes to the Generic Technical Specifications and Bases:

GTS 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, is reformatted by DOC A028 into multiple Specifications including interim A028-modified TS (MTS) 3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Operating. As a result of the reformatting, GTS 3.3.2 Functions 25.a and 26.a for MODES 1, 2, 3, and 4 are relocated to AP1000 MTS 3.3.15 as part of the LCO statement. A complete function tracking list (GTS to MTS to STS) appears in GTST for STS Subsection 3.3.8,Section V. The MTS format is depicted in Section XI of this GTST as the reference case in the markup of the GTS instrumentation requirements for the operating ESFAS actuation logic.

MTS 3.3.15 LCO Title GTS 3.3.2 Function Engineered Safety Feature 25. ESF Coincidence Logic Actuation System (ESFAS) a. Coincidence Logic Actuation Logic - Operating

26. ESF Actuation
a. ESF Actuation Subsystem ESF actuation function titles are not included in the ESFAS instrumentation function titles in STS 3.3.8 Table 3.3.8-1. The Bases for STS 3.3.8 describe each ESFAS instrumentation function, the associated supported ESF actuation function(s) and the ESF coincidence and actuation logic required by STS 3.3.15 and STS 3.3.16 (ESFAS Actuation Logic - Shutdown).

The ESF actuation functions and associated actuation and coincidence logic specified by GTS 3.3.2 that are required by LCOs 3.3.15 and 3.3.16 are the following (in the order given in GTS Table 3.3.2-1). Regardless of the applicable Modes or other specified conditions in the Applicability for ESFAS functions in GTS Table 3.3.2-1, all divisions of ESF coincidence and actuation logic for each STS ESFAS automatic and manual instrumentation function, which has an applicability within Modes 1, 2, 3, and 4, are required to be Operable by STS LCO 3.3.15; and within Modes 5, 6, and during movement of irradiated fuel assemblies, are required to be Operable by STS LCO 3.3.16.

The listed coincidences among multiple instrument and logic actuation signals in GTS Table 3.3.2-1, which are removed by DOC A028, are deleted in MTS Table 3.3.8-1, but are included below for STS 3.3.15 and 3.3.16, since they are details of the ESF Coincidence Logic that are implicitly required by STS LCO 3.3.15.a and LCO 3.3.16.a. (DOC A035) The GTS Table 3.3.2-1 functions that are omitted from STS Table 3.3.8-1 are marked below with an asterisk (*).

STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation (Modes) [STS Modes] Function No.]

3.3.15 1. Safeguards Actuation - a. Manual Initiation (1234) [1234] [3.3.9.1]

3.3.16 1. Safeguards Actuation - a. Manual Initiation (5) [5] [3.3.9.1]

Date report generated:

Monday, June 29, 2015 Page 5

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation (Modes) [STS Modes] Function No.]

3.3.15 1. Safeguards Actuation -

b. Containment Pressure - High 2 (1234) [1234] [3.3.8.2]

3.3.15 1. Safeguards Actuation -

c. Pressurizer Pressure - Low (123(a)) [123(c)] [3.3.8.5]

3.3.15 1. Safeguards Actuation -

d. Steam Line Pressure - Low (123(a)) [1234(c)] [3.3.8.24]

3.3.15 1. Safeguards Actuation -

e. RCS Tcold - Low (123(a)) [123(c)] [3.3.8.11]

GTS Table 3.3.2-1 Footnote (a); STS Table 3.3.8-1 Footnote (c):

(a) Above P-11 (Pressurizer Pressure) interlock, when RCS boron concentration is below that necessary to meet the SDM requirements at an RCS temperature of 200 deg F.

3.3.15 2. CMT Actuation - a. Manual initiation (1,2,3,4(b)) [1234(a)] [3.3.9.2]

3.3.15 3.3.16 2. CMT Actuation - a. Manual initiation (4(c)5(d)) [4(b)5(c)] [3.3.9.2]

3.3.15 2. CMT Actuation -

b. Pressurizer Water Level - Low 2 (1234(b)) [1234(b)] [3.3.8.7]

3.3.15 3.3.16 2. CMT Actuation -

b. Pressurizer Water Level - Low 2 (4(c)5(d)) [4(d)5(e)(f)] [3.3.8.7]
  • 3.3.15 *3.3.16 2. CMT Actuation -
c. Safeguards Actuation (12345(d)) [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde)

  • 3.3.15 *3.3.16 2. CMT Actuation -
d. ADS Stages 1, 2, & 3 Actuation (12345(d)) [3.3.15/16]

(References GTS 3.3.2 Function 9.ab)

GTS Table 3.3.2-1 Footnotes (b), (c), (d), (l);

STS Table 3.3.8-1 Footnotes (b), (d), (e), (f);

STS Table 3.3.9-1 Footnotes (a), (b), (c);

(b) With the RCS not being cooled by the RNS.

(c) With the RCS being cooled by the RNS.

(d) With the RCS pressure boundary intact.

(l) With pressurizer level 20%. STS Table 3.3.8-1 Footnote (f) With RCS not being cooled by the RNS and with pressurizer level 20%. (DOC A036) 3.3.15 3. Containment Isolation - a. Manual Initiation (1234) [1234] [3.3.9.3]

3. Containment Isolation - a. Manual Initiation (5(e)) DOC L18 deleted
3. Containment Isolation - a. Manual Initiation (6(e)) DOC L18 deleted
  • 3.3.15 *3.3.16 3. Containment Isolation - b. Manual Initiation of Passive Containment Cooling (12345(e)(f)6(e)(f)) [1234/56] [3.3.15/16]

(References GTS 3.3.2 Function 12.a)

  • 3.3.15 *3.3.16 3. Containment Isolation - c. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde)

(Note: The listing of applicable Modes for functions listed in GTS Table 3.3.2-1 and the corresponding AP1000 STS Section 3.3 functions, which is provided above, is omitted in the remainder of this list. Such information may be found by consulting the AP1000 GTS and STS, other GTSTs for Section 3.3, and in the VEGP SER (Ref. 3).)

Date report generated:

Monday, June 29, 2015 Page 6

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 4. Steam Line Isolation - a. Manual Initiation [3.3.9.4]

3.3.15 4. Steam Line Isolation - b. Containment Pressure - High 2 [3.3.8.2]

3.3.15 4. Steam Line Isolation - c.(1) Steam Line Pressure - Low [3.3.8.24]

3.3.15 4. Steam Line Isolation - c.(2) Steam Line Pressure -

Negative Rate - High [3.3.8.25]

3.3.15 4. Steam Line Isolation - d. RCS Tcold - Low [3.3.8.11]

a. Manual [Initiation of] Main Feedwater Isolation [3.3.15]

(References GTS 3.3.2 Function 6.a) 3.3.15 5. Turbine Trip -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]
c. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 6. Main Feedwater Control Valve Isolation -

a. Manual Initiation [3.3.9.5]

3.3.15 6. Main Feedwater Control Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 6. Main Feedwater Control Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]
  • 3.3.15 *3.3.16 6. Main Feedwater Control Valve Isolation -
c. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde) 3.3.15 6. Main Feedwater Control Valve Isolation -

d. Reactor Coolant Average Temperature (Tavg) - Low 1 [3.3.8.12]
  • 3.3.15 6. Main Feedwater Control Valve Isolation -
d. coincident with [3.3.15]
  • 3.3.15 6. Main Feedwater Control Valve Isolation -
d. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 7. Main Feedwater Pump Trip and Valve Isolation -

a. Manual Initiation (References GTS 3.3.2 Function 6.a) [3.3.9.5]

3.3.15 7. Main Feedwater Pump Trip and Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 7. Main Feedwater Pump Trip and Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]
  • 3.3.15 *3.3.16 7. Main Feedwater Pump Trip and Valve Isolation -
c. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde) 3.3.15 7. Main Feedwater Control Valve Isolation -

d. Reactor Coolant Average Temperature (Tavg) - Low 2 [3.3.8.13]
  • 3.3.15 7. Main Feedwater Control Valve Isolation -
d. coincident with [3.3.15]
  • 3.3.15 7. Main Feedwater Control Valve Isolation -
d. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 8. Startup Feedwater Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 8. Startup Feedwater Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 8. Startup Feedwater Isolation -

b. RCS Tcold - Low [3.3.8.11]

Date report generated:

Monday, June 29, 2015 Page 7

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 8. Startup Feedwater Isolation -

c. Manual Initiation (6.a) [3.3.9.5]

3.3.15 8. Startup Feedwater Isolation -

d. SG Narrow Range Water Level High [3.3.8.22]
d. coincident with [3.3.15]
d. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 9. ADS Stages 1, 2, & 3 Actuation -

a. Manual Initiation [3.3.9.6]

3.3.16 9. ADS Stages 1, 2, & 3 Actuation -

a. Manual Initiation [3.3.9.6]
9. ADS Stages 1, 2, & 3 Actuation -
a. Manual Initiation (deleted) deleted 3.3.15 9. ADS Stages 1, 2, & 3 Actuation -
b. CMT Level - Low 1 [3.3.8.15]

3.3.16 9. ADS Stages 1, 2, & 3 Actuation -

b. CMT Level - Low 1 [3.3.8.15]
  • 3.3.15 9. ADS Stages 1, 2, & 3 Actuation -
b. coincident with [3.3.15]
  • 3.3.16 9. ADS Stages 1, 2, & 3 Actuation -
b. coincident with [3.3.16]
  • 3.3.15 9. ADS Stages 1, 2, & 3 Actuation -
b. CMT Actuation (References GTS 3.3.2 Functions 2.abcd) [3.3.15]
  • 3.3.16 9. ADS Stages 1, 2, & 3 Actuation -
b. CMT Actuation (References GTS 3.3.2 Functions 2.abcd) [3.3.16]

3.3.15 10. ADS Stage 4 Actuation - a. Manual Initiation [3.3.9.7]

3.3.16 10. ADS Stage 4 Actuation - a. Manual Initiation [3.3.9.7]

3.3.16 10. ADS Stage 4 Actuation - a. Manual Initiation [3.3.9.7]

  • 3.3.15 *3.3.16 10. ADS Stage 4 Actuation - a. coincident with [3.3.15/16]

3.3.15 10. ADS Stage 4 Actuation -

a. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.16 10. ADS Stage 4 Actuation -

a. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.16 10. ADS Stage 4 Actuation -

a. RCS Wide Range Pressure - Low [3.3.8.14]
  • 3.3.15 10. ADS Stage 4 Actuation - a. or coincident with [3.3.15]
  • 3.3.15 10. ADS Stage 4 Actuation -
a. ADS Stages 1, 2, & 3 Actuation [3.3.15]

(References GTS 3.3.2 Function 9.ab) 3.3.15 10. ADS Stage 4 Actuation -

b. CMT Level - Low 2 [3.3.8.15]

3.3.16 10. ADS Stage 4 Actuation -

b. CMT Level - Low 2 [3.3.8.15]
  • 3.3.15 10. ADS Stage 4 Actuation -
b. Coincident with [3.3.15]

3.3.15 10. ADS Stage 4 Actuation -

b. RCS Wide Range Pressure - Low [3.3.8.14]

Date report generated:

Monday, June 29, 2015 Page 8

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.16 10. ADS Stage 4 Actuation -

b. RCS Wide Range Pressure - Low [3.3.8.14]
  • 3.3.15 *3.3.16 10. ADS Stage 4 Actuation -
b. and Coincident with [3.3.15/16]
  • 3.3.15 *3.3.16 10. ADS Stage 4 Actuation -
b. ADS Stages 1, 2, & 3 Actuation [3.3.15/16]

3.3.15 3.3.16 10. ADS Stage 4 Actuation -

c. Coincident RCS Loop 1 and 2 Hot Leg Level - Low 2 [3.3.10.1]

3.3.16 10. ADS Stage 4 Actuation -

c. Coincident RCS Loop 1 and 2 Hot Leg Level - Low 2 [3.3.10.1]
a. ADS Stages 1, 2, & 3 Actuation [3.3.15/16]

(References GTS 3.3.2 Function 9.ab) 3.3.15 11. Reactor Coolant Pump Trip -

b. RCP Bearing Water Temperature - High [3.3.8.19]
c. Manual CMT Actuation [3.3.15/16]

(References GTS 3.3.2 Function 2.a) 3.3.15 11. Reactor Coolant Pump Trip -

d. Pressurizer Water Level - Low 2 [3.3.8.7]

3.3.15 3.3.16 11. Reactor Coolant Pump Trip -

d. Pressurizer Water Level - Low 2 [3.3.8.7]
e. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde) 3.3.15 12. Passive Containment Cooling Actuation - a. Manual Initiation [3.3.9.8]

3.3.16 12. Passive Containment Cooling Actuation - a. Manual Initiation [3.3.9.8]

3.3.16 12. Passive Containment Cooling Actuation - a. Manual Initiation [3.3.9.8]

3.3.15 12. Passive Containment Cooling Actuation -

b. Containment Pressure - High 2 [3.3.8.14]

3.3.15 13. PRHR HX Actuation - a. Manual Initiation [3.3.9.9]

3.3.16 13. PRHR HX Actuation - a. Manual Initiation [3.3.9.9]

3.3.15 13. PRHR HX Actuation -

b. SG Narrow Range Water Level - Low [3.3.8.20]
  • 3.3.15 13. PRHR HX Actuation - b. ... Coincident with ... [3.3.15]

3.3.15 13. PRHR HX Actuation - b. ... Startup Feedwater Flow - Low [3.3.11]

3.3.15 13. PRHR HX Actuation - c. SG Wide Range Water Level - Low [3.3.8.21]

  • 3.3.15 *3.3.16 13. PRHR HX Actuation -
d. ADS Stages 1, 2, & 3 Actuation [3.3.15/16]

(References GTS 3.3.2 Function 9.ab)

  • 3.3.15 *3.3.16 13. PRHR HX Actuation -
e. CMT Actuation (References GTS 3.3.2 Function 2.ab) [3.3.15/16]

3.3.15 13. PRHR HX Actuation - f. Pressurizer Water Level - High 3 [3.3.8.10]

  • 3.3.15 14. SG Blowdown Isolation -
a. PRHR HX Actuation [3.3.15]

(References GTS 3.3.2 Function 13.abcdef) 3.3.15 14. SG Blowdown Isolation -

b. SG Narrow Range Water Level - Low [3.3.8.20]

Date report generated:

Monday, June 29, 2015 Page 9

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 15. Boron Dilution Block -

a. Source Range Neutron Flux Doubling [3.3.8.17]

3.3.16 15. Boron Dilution Block -

a. Source Range Neutron Flux Doubling [3.3.8.17]
  • 3.3.15 15. Boron Dilution Block -
b. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 16. CVS Makeup Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 16. CVS Makeup Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 16. CVS Makeup Isolation -

b. Pressurizer Water Level - High 1 [3.3.8.8]
  • 3.3.15 16. CVS Makeup Isolation - b. ... Coincident with ... [3.3.15]
  • 3.3.15 16. CVS Makeup Isolation - b. ... Safeguards Actuation [3.3.15]

(References GTS 3.3.2 Function 1abcde) 3.3.15 16. CVS Makeup Isolation -

c. Pressurizer Water Level - High 2 [3.3.8.9]

3.3.15 16. CVS Makeup Isolation -

d. Containment Radioactivity - High 2 [3.3.8.4]

3.3.15 16. CVS Makeup Isolation - e. Manual Initiation [3.3.9.10]

  • 3.3.15 16. CVS Makeup Isolation -
f. Source Range Neutron Flux Doubling [3.3.15]

(References GTS 3.3.2 Function 15.a)

  • 3.3.16 16. CVS Makeup Isolation -
f. Source Range Neutron Flux Doubling [3.3.16]

(References GTS 3.3.2 Function 15.a) 3.3.15 16. CVS Makeup Isolation -

g. SG Narrow Range Water Level - High [3.3.8.22]
  • 3.3.15 16. CVS Makeup Isolation - g. ... Coincident with ... [3.3.15]
  • 3.3.15 16. CVS Makeup Isolation - g. ... Reactor Trip (P-4) [3.3.12]

(References GTS 3.3.2 Function 18.b) 3.3.15 17. RNS Isolation - a. Containment Radioactivity - High 2 [3.3.8.4]

  • 3.3.15 *3.3.16 17. RNS Isolation - b. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1abcdef) 3.3.15 17. RNS Isolation - c. Manual Initiation [3.3.9.11]

18. ESFAS Interlocks - a. Reactor Trip Breaker Open, P-3 (Supports STS 3.3.8 Functions 1, 5, 11, and 24) 3.3.15 18. ESFAS Interlocks - b. Reactor Trip, P-4 [3.3.12]

(Supports STS 3.3.8 Functions 12, 13 and 22) 3.3.15 3.3.16 18. ESFAS Interlocks - c. Intermediate Range Neutron Flux, P-6 (Supports STS 3.3.8 Function 17) 3.3.15 18. ESFAS Interlocks - d. Pressurizer Pressure, P-11 (Supports STS 3.3.8 Functions 2, 4, 5, 11, 13, 24, and 25) 3.3.15 18. ESFAS Interlocks - e. Pressurizer Level, P-12 (Supports STS 3.3.8 Functions 3, 6, and 7) 3.3.15 3.3.16 18. ESFAS Interlocks - e. Pressurizer Level, P-12 (Supports STS 3.3.8 Function 7 (also Mode 5))

3.3.15 18. ESFAS Interlocks - f. RCS Pressure, P-19 (Supports STS 3.3.8 Functions 9 and 10)

Date report generated:

Monday, June 29, 2015 Page 10

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 19. Containment Air Filtration System Isolation -

a. Containment Radioactivity - High 1 [3.3.8.3]
  • 3.3.15 *3.3.16 19. Containment Air Filtration System Isolation -
b. Containment Isolation [3.3.15/16]

(References GTS 3.3.2 Function 3.abc) 3.3.15 20. Main Control Room Isolation and Air Supply Initiation -

a. Control Room Air Supply Radiation - High 2 [3.3.13]

3.3.16 20. Main Control Room Isolation and Air Supply Initiation -

a. Control Room Air Supply Radiation - High 2 [3.3.13]

3.3.15 21. Auxiliary Spray and Purification Line Isolation -

a. Pressurizer Water Level - Low 1 [3.3.8.6]
  • 3.3.15 21. Auxiliary Spray and Purification Line Isolation -
a. Pressurizer Water Level - Low 1 (STS SR 3.3.15.6) 3.3.15 21. Auxiliary Spray and Purification Line Isolation -
b. Manual Initiation [3.3.9.10]

(3.3.9 Function 10. CVS Makeup Isolation - Manual initiation)

  • 3.3.15 21. Auxiliary Spray and Purification Line Isolation -
b. Manual Initiation (STS SR 3.3.15.6) [3.3.15.b]

3.3.15 22. IRWST Injection Line Valve Actuation - a. Manual Initiation [3.3.9.12]

3.3.15 3.3.16 22. IRWST Injection Line Valve Actuation - a. Manual Initiation [3.3.9.12]

3.3.16 22. IRWST Injection Line Valve Actuation - a. Manual Initiation [3.3.9.12]

  • 3.3.15 *3.3.16 22. IRWST Injection Line Valve Actuation -
b. ADS Stage 4 Actuation [3.3.15/16]

3.3.15 23. IRWST Containment Recirculation Valve Actuation -

a. Manual Initiation [3.3.9.13]

3.3.15 3.3.16 23. IRWST Containment Recirculation Valve Actuation -

a. Manual Initiation [3.3.9.13]

3.3.16 23. IRWST Containment Recirculation Valve Actuation -

a. Manual Initiation [3.3.9.13]
  • 3.3.15 *3.3.16 23. IRWST Containment Recirculation Valve Actuation -
b. ADS Stage 4 Actuation [3.3.15/16]
  • 3.3.15 *3.3.16 23. IRWST Containment Recirculation Valve Actuation -
b. Coincident with [3.3.15/16]

3.3.15 23. IRWST Containment Recirculation Valve Actuation -

b. IRWST Level - Low 3 [3.3.8.18]

3.3.15 3.3.16 23. IRWST Containment Recirculation Valve Actuation -

b. IRWST Level - Low 3 [3.3.8.18]

3.3.16 23. IRWST Containment Recirculation Valve Actuation -

b. IRWST Level - Low 3 [3.3.8.18]

3.3.16 24. Refueling Cavity Isolation - a. Spent Fuel Pool Level - Low [3.3.14]

  • 3.3.15 25. ESF Coincidence Logic - a. Coincidence Logic [3.3.15.a]
  • 3.3.16 25. ESF Coincidence Logic - a. Coincidence Logic [3.3.16.a]
  • 3.3.15 26. ESF Actuation - a. ESF Actuation Subsystem [3.3.15.b]
  • 3.3.16 26. ESF Actuation - a. ESF Actuation Subsystem [3.3.16.b]
  • 3.3.15 27. Pressurizer Heater Trip - a. CMT Actuation [3.3.15]
  • 3.3.15 27. Pressurizer Heater Trip - a. CMT Actuation [3.3.15]

3.3.15 27. Pressurizer Heater Trip - b. Pressurizer Water Level, High 3 [3.3.8.10]

Date report generated:

Monday, June 29, 2015 Page 11

GTST AP1000-O68-3.3.15, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 3.3.16 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.10.2]

  • 3.3.15 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.15.b]

(STS SR 3.3.15.4) 3.3.16 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.10.2]

  • 3.3.16 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.16.b]

(STS SR 3.3.16.3) 3.3.15 29. SG Power Operated Relief Valve and Block Valve Actuation -

a. Manual Initiation [3.3.9.14]

3.3.15 29. SG Power Operated Relief Valve and Block Valve Actuation -

b. Steam Line Pressure - Low [3.3.8.24]

3.3.15 30. Component Cooling Water System Containment Isolation Valve Closure - a. RCP Bearing Water Temperature - High [3.3.8.19]

3.3.15 3.3.16 31. Containment Vacuum Relief Valve Actuation -

a. Containment Pressure - Low 2 [3.3.8.1]

3.3.15 3.3.16 31. Containment Vacuum Relief Valve Actuation -

b. Manual Initiation [3.3.9.15]

References 2, 3, and 6 provide details showing the correspondence of GTS 3.3.2 Functions and STS 3.3.8 through 3.3.16 Functions.

The description of the required channels for GTS Table 3.3.2-1, Functions 25 and 26 includes battery backed descriptive detail for each division. This design detail is not necessary in the STS to protect the health and safety of the public, so the phrase battery backed is deleted from the MTS 3.3.15 LCO statement. (DOC D03)

GTS 3.3.2 Conditions D and O are reordered and relabeled as AP1000 MTS 3.3.15 Conditions A and B. (DOC A028)

MTS 3.3.15 Condition B is revised by adding a second condition statement for the condition one or more Functions within two or more divisions inoperable. Otherwise, LCO 3.0.3 would apply when the LCO is not met and the associated Actions are not met or an associated Action is not provided. (DOC M02)

GTS SR 3.3.2.2 is retained and renumbered as MTS SR 3.3.15.1. GTS SR 3.3.2.7, SR 3.3.2.8, and SR 3.3.2.9 are retained and renumbered as MTS SR 3.3.15.2, SR 3.3.15.3, and SR 3.3.15.4, respectively. (DOC A028)

MTS SR 3.3.15.2, SR 3.3.15.3, and SR 3.3.15.4 are deleted. Failure of an Actuation Device Test results in inappropriate Actions relative to the actuated equipment inoperability. These SRs are relocated to equivalent SRs in the individual equipment specifications, or in STS Specifications 3.3.15 and 3.3.16, if no specification exists for the required actuated equipment.

(DOC L01) These specifications provide appropriate action requirements for the affected inoperable actuated equipment.

STS SR 3.3.15.2, SR 3.3.15.3, SR 3.3.15.4, SR 3.3.15.5, and SR 3.3.15.6 are added to test the actuation signal for pressurizer heater circuit breakers, reactor coolant pump breakers, CVS letdown isolation valves, main feedwater and startup feedwater pump breakers, and auxiliary spray and purification line isolation valves. These SRs are more specific to the individual devices. (DOC L01)

Date report generated:

Monday, June 29, 2015 Page 12

GTST AP1000-O68-3.3.15, Rev. 1 Clarification is added to the Bases discussion of Channel Calibration requirements in STS SR 3.3.15.1 regarding Functions with interlocks. (DOC L10)

The following tables are provided as an aid to tracking the various changes to GTS 3.3.2 Conditions, Required Actions, Functions, Applicability Footnotes, and Surveillance Requirements that result in interim A028-modified TS (MTS) 3.3.15 and as further changed, STS 3.3.15.

Changes to Conditions GTS 3.3.2 MTS 3.3.15 STS 3.3.15 Other STS Subsections Additional Condition Condition Condition Addressing the Listed Condition DOC Changes A 3.3.8, 3.3.9, 3.3.10 ---

B 3.3.8 ---

C 3.3.10 ---

D A A 3.3.12 ---

E 3.3.9 ---

F 3.3.13 ---

G 3.3.9, 3.3.13, 3.3.16 ---

H 3.3.11, 3.3.14 ---

I 3.3.8 ---

J 3.3.8 ---

K 3.3.13 ---

L 3.3.8 ---

M 3.3.8 ---

N 3.3.8, 3.3.9, 3.3.11 ---

O B B 3.3.8, 3.3.9, 3.3.12, 3.3.13 M02 P 3.3.8, 3.3.14 ---

Q 3.3.8, 3.3.9 ---

R 3.3.8, 3.3.9 ---

S 3.3.8, 3.3.9 ---

T 3.3.8 ---

U 3.3.9 ---

V 3.3.8 ---

W 3.3.16 ---

X 3.3.8, 3.3.9 ---

Y 3.3.8, 3.3.9, 3.3.10 ---

Z 3.3.8 ---

AA 3.3.10 ---

BB 3.3.10 ---

CC 3.3.8, 3.3.9 ---

Changes to Functions (a complete function list appears in GTST AP1000-O61-3.3.8)


Function [Modes(footnote)] ----------- STS 3.3.15 Other STS Subsections Additional GTS 3.3.2 MTS 3.3.15 STS 3.3.15 Conditions and Additional Changes DOC Changes 25.a [1,2,3,4] LCO 3.3.15 LCO 3.3.15 A, B --- D03 26.a [1,2,3,4] LCO 3.3.15 LCO 3.3.15 A, B --- D03 Changes to Applicability Footnotes None Changes to Surveillance Requirements GTS 3.3.2 MTS 3.3.15 STS 3.3.15 STS Subsections Also Example Surveillance No.

SR SR SR Addressing the Listed SR Surveillance Description 3.3.2.1 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.1 CHANNEL CHECK 3.3.2.2 3.3.15.1 3.3.15.1 3.3.16 3.3.15.1 ACTUATION LOGIC TEST 3.3.2.3 3.3.9, 3.3.12 3.3.9.1 TRIP ACTUATING DEVICE OPERATIONAL TEST 3.3.2.4 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.3 CHANNEL CALIBRATION Date report generated:

Monday, June 29, 2015 Page 13

GTST AP1000-O68-3.3.15, Rev. 1 GTS 3.3.2 MTS 3.3.15 STS 3.3.15 STS Subsections Also Example Surveillance No.

SR SR SR Addressing the Listed SR Surveillance Description 3.3.2.5 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.2 CHANNEL OPERATIONAL TEST 3.3.2.6 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.4 ESF RESPONSE TIME 3.3.2.7 3.3.15.2 Deleted 3.3.8, 3.1.9, 3.5.2, 3.5.4, 3.5.6, 3.6.10, 3.7.7 ACTUATION DEVICE TEST*

3.3.2.8 3.3.15.3 Deleted 3.3.8, 3.4.11, 3.4.13 Squib Valve ACTUATION DEVICE TEST*

3.3.2.9 3.3.15.4 3.3.15.2 3.3.16 Pressurizer Heater ACTUATION DEVICE TEST*

--- --- 3.3.15.3 --- Reactor Coolant Pump Breaker ACTUATION DEVICE TEST*

--- --- 3.3.15.4 --- CVS Letdown Isolation Valves ACTUATION DEVICE TEST*

--- --- 3.3.15.5 --- Main Feedwater and Startup Feedwater Pump Breakers ACTUATION DEVICE TEST*

--- --- 3.3.15.6 --- Auxiliary Spray and Purification Line Isolation Valves ACTUATION DEVICE TEST*

  • Typically, the associated STS system specification or STS 3.3.15 or 3.3.16 will include a SR for the actuation device, as follows: Verify [tested required component] actuates to the [required position or state] on an actual or simulated actuation signal. Such SRs overlap with the Actuation Logic Test for complete testing of the actuation device. (DOC L01)

In LCO 3.3.15, part a, ESF is revised to Engineered Safety Features (ESF) in the LCO statement, because ESF has not been previously defined. (APOG Comment)

The discussion in the ASA, LCO, and Applicability section of the Bases under the heading ESF Coincidence Logic, is revised for clarity and consistency. (APOG Comment)

The discussion in the Surveillance Requirements section of the Bases under the heading SR 3.3.15.1, is revised for clarity and consistency. (NRC Staff Comment)

The acronym FSAR is added to modify Section and Chapter in references to the FSAR throughout the Bases. (DOC A003) (APOG Comment)

Date report generated:

Monday, June 29, 2015 Page 14

GTST AP1000-O68-3.3.15, Rev. 1 VI. Traveler Information Description of TSTF changes:

Not Applicable Rationale for TSTF changes:

Not Applicable Description of changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes:

The Vogtle Electric Generating Plant Units 3 and 4 (VEGP) technical specifications upgrade (TSU) License Amendment Request (VEGP TSU LAR) (Reference 2) proposed changes to the initial version of the VEGP PTS (referred to as the current TS by the VEGP TSU LAR). As detailed in VEGP TSU LAR Enclosure 1, administrative change number 28 (DOC A028) reformats PTS 3.3.2 into multiple Specifications as follows:

  • 3.3.8, Engineered Safety Feature Actuation System (ESFAS) Instrumentation,
  • 3.3.9, Engineered Safety Feature Actuation System (ESFAS) Manual Initiation,
  • 3.3.11, Engineered Safety Feature Actuation System (ESFAS) Startup Feedwater Flow Instrumentation,
  • 3.3.13, Engineered Safety Feature Actuation System (ESFAS) Control Room Air Supply Radiation Instrumentation,
  • 3.3.14, Engineered Safety Feature Actuation System (ESFAS) Spent Fuel Pool Level Instrumentation,
  • 3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Operating, and

  • 3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Shutdown.

Since PTS 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, is identical to GTS 3.3.2, it is appropriate for this GTST to consider the proposed changes to PTS 3.3.2 as changes to GTS 3.3.2 for incorporation in AP1000 STS 3.3.15. DOC A028 is extensive, but retains the intention of PTS 3.3.2 while improving operational use of the TS. The numerous Functions, Conditions and extensive bases discussion associated with PTS 3.3.2 are repackaged into nine smaller parts. Therefore, the changes implemented by DOC A028 are presented in the attached Subsection 3.3.15 markup, in Section XI of this GTST, as the clean starting point and are identified as interim A028-modified TS (MTS) 3.3.15. The specific details of the reformatting for MTS 3.3.15 can be found in VEGP TSU LAR (Reference 2), in (markup) and Enclosure 4 (clean). The NRC staff safety evaluation regarding DOC A028 can be found in Reference 3, VEGP LAR SER. The VEGP TSU LAR was modified in response to NRC staff RAIs in Reference 5 and the Southern Nuclear Operating Company RAI Response in Reference 6.

Date report generated:

Monday, June 29, 2015 Page 15

GTST AP1000-O68-3.3.15, Rev. 1 DOC M02 addresses the fact that MTS 3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating, does not specify Actions for the condition of one or more Functions within two or more divisions inoperable. This results in entry into LCO 3.0.3.

DOC L01 deletes MTS SR 3.3.15.2 (Perform ACTUATION DEVICE TEST) and MTS SR 3.3.15.3 (Perform ACTUATION DEVICE TEST for squib valves) from MTS TS 3.3.15. The equivalent requirement (using phrasing generally consistent with NUREG-1431) is included in individual Specifications for the actuated devices with the same 24 month Frequency as the deleted SRs. MTS SR 3.3.15.4 is rewritten to focus on the pressurizer heater circuit breaker response to an actuation signal and is renumbered as MTS SR 3.3.15.2. Similar SRs are added to STS 3.3.15 and 3.3.16, as follows: SR 3.3.15.3 and SR 3.3.16.2 (Verify reactor coolant pump breakers trip open on an actual or simulated actuation signal.); SR 3.3.15.4 and SR 3.3.16.3 (Verify CVS letdown isolation valves actuate to the isolation position on an actual or simulated actuation signal.); SR 3.3.15.5 (Verify main feedwater and startup feedwater pump breakers trip open on an actual or simulated actuation signal.); SR 3.3.15.6 (Verify auxiliary spray and purification line isolation valves actuate to the isolation position on an actual or simulated actuation signal); and SR 3.3.16.4 (Verify Spent Fuel Pool Cooling System containment isolation valves actuate to the isolation position on an actual or simulated actuation signal).

DOC L10 provides a discussion of interlocks implicitly required to support the Function's OPERABILITY in the Bases discussion of STS SR 3.3.15.1.

DOC D03 revises the GTS Table 3.3.2-1, Function 25 and 26 descriptions of Required Channels to delete battery backed from the STS 3.3.15 LCO statement.

A more detailed description of the changes by each of the above DOCs can be found in Reference 2, VEGP TSU LAR in Enclosure 1; the NRC staff safety evaluation can be found in Reference 3, VEGP LAR SER. The VEGP TSU LAR was modified in response to NRC staff RAIs (Reference 5) by Southern Nuclear Operating Companys RAI Response in Reference 6.

Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes:

The reformatting per DOC A028, except where addressed in other DOCs, addresses inconsistencies in formatting and approach between PTS 3.3.1 and PTS 3.3.2, respectively.

Simplification and clarification are proposed for each Specification. In breaking down each PTS Specification into specific subsets of the Protection and Safety Monitoring System (PMS) function, improved human factored operator usability results.

These improvements also reflect the general approach currently in use in the Improved Standard Technical Specifications (STS) for Babcock and Wilcox Plants, NUREG-1430, Rev. 4.

That is to separate the functions for [sensor] instrumentation, Manual Actuation, Trip/Actuation Logic, and Trip Actuation Devices (e.g., Reactor Trip Breakers (RTBs)) into separate Specification subsections. Furthermore, the Actions for some ESFAS Functions generally involve a more complex presentation than needed for other Functions, such that simple common Actions are not reasonable. Such Functions are also provided with separate Specification subsections.

When TS instrument function tables are utilized to reference Actions, the generally preferred format of the Actions for an instrumentation Specification in NUREG-1430 is to provide the initial Actions that would be common to all of the specified functions (typically for bypassing and/or tripping one or two inoperable channels), then the default Action would direct consulting the function table for follow-on Actions applicable to the specific affected function. These follow-up Actions generally reflect the actions to exit the Applicability for that function.

Date report generated:

Monday, June 29, 2015 Page 16

GTST AP1000-O68-3.3.15, Rev. 1 This format also allows splitting the default Actions from the initial preferred actions. This general approach is the standard format for other Specifications and for Instrumentation Specifications for other vendors Improved STS.

DOC M02 directly provides for the default Actions of LCO 3.0.3 without allowing for the additional hour that LCO 3.0.3 permits prior to initiating shutdown. This provides clarity for the operator and is more restrictive than LCO 3.0.3.

DOC L01 deletes MTS SR 3.3.15.2 and SR 3.3.15.3, and the related ACTUATION DEVICE TEST, because these SRs are inconsistent with the intent of applying Actions specific to the equipment inoperability. MTS SR 3.3.15.4 currently requires Perform ACTUATION DEVICE TEST for pressurizer heater circuit breakers. Since the actuated equipment of pressurizer heater circuit breakers do not have a separate Specification for their operability and testing, it is appropriate to retain a Surveillance for the actuated device. Therefore, this SR is relocated to the MTS for ESFAS actuation logic under operating conditions.

DOC L10 notes that Interlock Operability is adequately addressed by each related Functions requirement to be Operable and the requirement for actuation logic operability. Interlock functions do not directly trip the reactor or initiate an ESFAS function, and as such are removed from the actuation instrumentation listing in TS.

DOC D03 removes design detail that is not necessary in the TS to protect the health and safety of the public.

Description of additional changes proposed by NRC staff/preparer of GTST:

In LCO 3.3.15, part a, ESF is revised to Engineered Safety Features (ESF) in the LCO statement. (APOG Comment)

The acronym ESF in the ASA, LCO, and Applicability section of the Bases under the heading ESF Coincidence Logic, is revised to Engineered Safety Features (ESF). (APOG Comment)

The first sentence of the second paragraph in the Surveillance Requirements section of the Bases under the heading SR 3.3.15.1 for the ACTUATION LOGIC TEST is revised to state:

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST.

The first sentence of fifth paragraph in the same subsection is revised to state:

To the extent possible, Protection and Safety Monitoring System PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. (NRC Staff Comment)

The acronym FSAR is added to modify Section and Chapter in references to the FSAR throughout the Bases. (DOC A003) (APOG Comment)

Date report generated:

Monday, June 29, 2015 Page 17

GTST AP1000-O68-3.3.15, Rev. 1 Rationale for additional changes proposed by NRC staff/preparer of GTST:

ESF is defined when first used in LCO 3.3.15, part a for clarity. ESF has not been previously defined. This is a non-technical change.

The non-technical change to the ASA, LCO, and Applicability section of the Bases under the heading ESF Coincidence Logic provides clarity and consistency.

The non-technical changes to the Surveillance Requirements section of the Bases under the heading SR 3.3.15.1 for the ACTUATION LOGIC TEST provide clarity and consistency.

Since Bases references to FSAR Sections and Chapters are to an external document, it is appropriate to include the FSAR modifier.

Date report generated:

Monday, June 29, 2015 Page 18

GTST AP1000-O68-3.3.15, Rev. 1 VII. GTST Safety Evaluation Technical Analysis:

AP1000 GTS LCO 3.0.3 is only applicable in MODES 1, 2, 3, and 4, and states:

When an LCO is not met and the associated ACTIONS are not met, an associated ACTION is not provided, or if directed by the associated ACTIONS, the unit shall be placed in a MODE or other specified condition in which the LCO is not applicable. Action shall be initiated within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> to place the unit, as applicable,

a. MODE 3 within 7 hours8.101852e-5 days <br />0.00194 hours <br />1.157407e-5 weeks <br />2.6635e-6 months <br />; and
b. MODE 4 within 13 hours1.50463e-4 days <br />0.00361 hours <br />2.149471e-5 weeks <br />4.9465e-6 months <br />; and
c. MODE 5 within 37 hours4.282407e-4 days <br />0.0103 hours <br />6.117725e-5 weeks <br />1.40785e-5 months <br />.

GTS 3.3.1 and 3.3.2 Functions with applicability statements that include MODE 1, 2, 3, or 4, generally have no Actions specified for addressing a loss of function condition, such as when all required channels are inoperable. Upon discovery of such a condition, LCO 3.0.3 would apply.

The intent of LCO 3.0.3 (as stated in the TS Bases) is to impose time limits for placing the unit in a safe MODE or other specified condition when operation cannot be maintained within the limits for safe operation as defined by the LCO and its ACTIONS.

The Actions for inoperable RTS and ESFAS instrumentation provide restoration time and/or compensatory action allowances (e.g., place the inoperable channel in trip); but only for inoperability of some of the channels (e.g., 1 or 2 out of 4 required channels, typically). If these restoration and/or compensatory actions cannot be met in the required time, default actions are provided, which are designed to place the unit in a safe MODE or other specified condition -

typically, actions that result in exiting the Applicability for that Function.

The shutdown actions of LCO 3.0.3 are typical of default actions throughout the TS that direct plant shutdown to exit the Applicability, with the exception that LCO 3.0.3 includes an additional 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> before the shutdown is required to be initiated.

The revisions described in DOC M02 address multiple-channel inoperability. The revisions will immediately impose the default Actions for that Function - without allowance for the 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> delay that is provided in LCO 3.0.3. Furthermore, the Function-specific default actions (currently, or proposed to be, specified for some Functions) impose requirements intended to establish safe operation that are not necessarily required by LCO 3.0.3. Since each Function-specific default action is specifically considering that Functions safety-basis, such default actions necessarily result in more appropriate actions than the general default actions of LCO 3.0.3. Specifically, the Actions for each new Condition associated with DOC M02 for RTS and ESFAS Functions applicable in MODES1, 2, 3, or 4, are compared to LCO 3.0.3, and in each case, the new Actions are equivalent to or more restrictive than the actions of LCO 3.0.3.

STS 3.3.15, Condition B specifies actions that require placing the unit in MODE 3 in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and MODE 5 in 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />, which is more restrictive than LCO 3.0.3.

GTS 3.3.1 and 3.3.2 actions do not specify conditions that explicitly address multiple inoperable channels (that is, more than two inoperable channels or divisions, in most cases), and therefore default to LCO 3.0.3. In each instance, the proposed actions to address these conditions are more restrictive than the LCO 3.0.3 actions because completion times for reaching lower operational modes are shorter by 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. In addition, Function-specific actions, where specified, Date report generated:

Monday, June 29, 2015 Page 19

GTST AP1000-O68-3.3.15, Rev. 1 are more appropriate for the affected Function than the unit-shutdown actions of LCO 3.0.3 alone. Therefore, the changes specified by DOC M02 do not introduce any adverse impact on public health and safety.

DOC L01 deletes MTS SR 3.3.15.2 (Perform ACTUATION DEVICE TEST) and SR 3.3.15.3 (Perform ACTUATION DEVICE TEST for squib valves) from MTS TS 3.3.15. The equivalent requirement (using phrasing generally consistent with NUREG-1431) is included in individual Specifications for the actuated devices with the same 24-month Frequency as the deleted SRs.

MTS SR 3.3.15.4 becomes STS SR 3.3.15.2. In accordance with the defined term, an actuation device test is a test of the actuated equipment. And as discussed in the TS Bases, performance of an actuation device test demonstrates that the actuated device responds to a simulated actuation signal. As such, Surveillances associated with the testing of the actuated equipment should be addressed in the actuated equipment Specifications, where failures of the surveillance would lead to entering the Actions for the inoperable actuated equipment.

Currently, the only Surveillances that utilize this defined term are in GTS 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation; as SRs 3.3.2.7, 3.3.2.8, and 3.3.2.9. GTS SRs 3.3.2.7 and 3.3.2.8 provide the actuation device test for Engineered Safety Features (ESF) that are actuated by GTS Table 3.3.2-1, Function 26. As such, failures of SRs 3.3.2.7 and 3.3.2.8 (i.e., failures in the actuated equipment) would inappropriately result in applying the Actions of LCO 3.3.2 for Function 26. This is inconsistent with the intent of applying Actions specific to the equipment inoperability. Therefore MTS SRs 3.3.2.7 and 3.3.2.8 are deleted from STS 3.3.15. In conjunction with this deletion, each Specification for ESF actuated equipment is provided with Surveillance(s) that appropriately address the testing of the actuated devices consistent with these SRs and the definition being removed. In certain actuated device Specifications, there is currently an appropriate actuated device test and no new SR is added.

Where an actuated device test is not specified in the existing PTS actuated equipment Specification, a new MTS SR is added as listed below.

SR 3.1.9.3 Verify each CVS demineralized water isolation valve actuates to the isolation position on an actual or simulated actuation signal (24 months).

SR 3.3.15.3 Verify reactor coolant pump breakers trip open on an actual or simulated actuation signal (24 months).

SR 3.3.15.4 Verify CVS letdown isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: Only required to be met in MODE 4 with the RCS being cooled by the RNS or below the P-12 (Pressurizer Level) interlock (24 months).

SR 3.3.15.5 Verify main feedwater and startup feedwater pump breakers trip open on an actual or simulated actuation signal (24 months).

SR 3.3.15.6 Verify auxiliary spray and purification line isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: Only required to be met in MODES 1 and 2 (24 months).

SR 3.3.16.2 Verify reactor coolant pump breakers trip open on an actual or simulated actuation signal - Note: Only required to be met in MODE 5 (24 months).

SR 3.3.16.3 Verify CVS letdown isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: (1) Not required to be met in MODE 5 above the P-12 (Pressurizer Level) interlock and (2) Not required to be met in MODE 6 above the P-12 (Pressurizer Level) interlock and water level > 23 feet above the top of the reactor vessel flange (24 months).

SR 3.3.16.4 Verify Spent Fuel Pool Cooling System containment isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: Only required to be met in MODE 6 (24 months).

SR 3.4.11.4 Verify each stage 1, 2, and 3 ADS valve actuates to the open position on an actual or simulated actuation signal (24 months).

Date report generated:

Monday, June 29, 2015 Page 20

GTST AP1000-O68-3.3.15, Rev. 1 SR 3.4.11.5 Verify continuity of the circuit from the Protection Logic Cabinets to each stage 4 ADS valve - Note: Squib actuation may be excluded (24 months).

SR 3.5.2.7 Verify each CMT outlet isolation valve actuates to the open position on an actual or simulated actuation signal (24 months).

SR 3.5.4.8 Verify both PRHR HX air operated outlet isolation valves actuate to the open position and both IRWST gutter isolation valves actuate to the isolation position on an actual or simulated actuation signal (24 months).

SR 3.5.6.9 Verify continuity of the circuit from the Protection Logic Cabinets to each IRWST injection and containment recirculation squib valve on an actual or simulated actuation signal - Note: Squib actuation may be excluded (24 months).

SR 3.6.9.3 Verify each vacuum relief valve actuates to relieve vacuum on an actual or simulated signal (24 months).

SR 3.7.7.2 Verify each startup feedwater isolation and control valve actuates to the isolation position on an actual or simulated actuation signal (24 months).

In addition, two PTS SRs are revised to include a reference to one of the new SRs.

SR 3.4.13.2 SR is revised to include a reference to SR 3.4.11.5.

SR 3.5.8.4 SR is revised to include a reference to SR 3.5.6.9.

GTS SR 3.3.2.9 is revised to eliminate the term ACTUATION DEVICE TEST and moved to MTS LCO 3.3.15 as SR 3.3.15.2.

SR 3.3.15.2 Verify pressurizer heater circuit breakers trip open on an actual or simulated actuation signal - Note: Only required to be met in MODE 4 above the P-19 (RCS Pressure) interlock with the RCS not being cooled by RNS (24 months).

The effect of moving the requirement for the actuated device test from GTS 3.3.2 to the individual equipment Specifications is for less restrictive actions when the device is inoperable.

As an SR associated with GTS 3.3.2, Table 3.3.2-1, Function 26 for Modes 1, 2, 3, and 4, would impose a 6 hour6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> restoration (GTS 3.3.2 Action D) prior to a required plant shutdown (GTS 3.3.2 Action O). Each of the individual equipment Specifications with SRs added to address actuation device testing has a 72-hour or 7-day restoration allowance. These specifications include:

MTS 3.1.9 CVS Demineralized Water Isolation Valves and Makeup Line Isolation Valves MTS 3.4.11 Automatic Depressurization System (ADS) - Operating MTS 3.5.2 Core Makeup Tanks (CMTs) - Operating MTS 3.5.4 Passive Residual Heat Removal Heat Exchanger (PRHR HX) - Operating MTS 3.5.6 In-containment Refueling Water Storage Tank (IRWST) - Operating MTS 3.6.9 Vacuum Relief Valves MTS 3.7.7 Startup Feedwater Isolation and Control Valves This is followed in some cases by additional flexibility to isolate associated flow paths in lieu of plant shutdown. These less restrictive actions are approved in the GTS as appropriate for the inoperable devices. The more restrictive actions specified by GTS 3.3.2 are therefore deemed too restrictive. The change maintains the same level of safety provided by the separate GTS Actions for inoperability of the specific actuated devices.

GTS SR 3.3.2.9 requires Perform ACTUATION DEVICE TEST for pressurizer heater circuit breakers. Since the actuated equipment of pressurizer heater circuit breakers do not have a separate Specification for their operability and testing, it is appropriate to retain a Surveillance for the actuated device. However, GTS SR 3.3.2.9 is editorially revised (as STS SR 3.3.15.2-see description of changes associated with DOC A028) to require Verify pressurizer heater circuit breakers trip open on an actual or simulated actuation signal. This phrasing is consistent Date report generated:

Monday, June 29, 2015 Page 21

GTST AP1000-O68-3.3.15, Rev. 1 with similar Surveillances in NUREG-1431 for actuated devices, and is consistent with the editorial presentation preference presented for similar actuated device testing. The presentation in STS 3.3.15 results in conservative actions in the event of an inoperable pressurizer heater circuit breaker; for example the inability to trip on an actuation signal, which is a 6-hour to restore provision by STS 3.3.15, Action A followed by a required plant shutdown in STS 3.3.15, Action B. This is less restrictive than the LCO 3.0.3 entry that would be required in the GTS 3.3.2 presentation. Failing GTS SR 3.3.2.9 would result in Division A and Division C actuation subsystem being inoperable; for example two channels of GTS Function 26.a being inoperable. GTS 3.3.2 Actions D and G do not provide for more than one inoperable division, which results in the LCO 3.0.3 entry.

Similar to the pressurizer heater circuit breaker actuated device discussed above, there are a few other actuated devices that are required by the GTS 3.3.2 and its Actuation Device Tests, which do not have a separate Specification for operability of the actuated device. As such, in eliminating the Actuation Device Test definition and existing PTS SRs, SRs are added to the ESFAS Actuation Logic Specifications STS 3.3.15 and STS 3.3.16. The effect is a simple reformatting of the existing PTS Actuation Device Test SR to a more device-specific SR.

Consistent with the Applicability for the instrument functions that actuate the devices; each new Surveillance Requirement includes one or more Notes stating when the Surveillance is required to be met. No technical change results.

This less restrictive change results in closer alignment with NUREG Standard TS presentation of actuated device testing, and associated required actions for inoperability of actuated devices.

While certain actions for inoperability of actuated devices are made less restrictive by eliminating entry into ESFAS Actuation and Instrumentation inoperability actions, no action is made less restrictive than currently approved for any device inoperability. As such there is no adverse impact to public health and safety.

DOC L10 provides a discussion of interlocks implicitly required to support the Function's OPERABILITY in the Bases discussion of STS SR 3.3.15.2. Reactor Trip System interlocks are provided to ensure reactor trips are in the correct configuration for the current plant status. They back up operator actions to ensure protection system Functions are not blocked during plant conditions under which the safety analysis assumes the Functions are Operable. Additionally, several interlocks are included as part of the ESFAS. These interlocks permit the operator to block some signals, automatically enable other signals, prevent some actions from occurring, and cause other actions to occur. The interlock Functions backup manual actions to ensure Functions that can be bypassed are in operation under the conditions assumed in the safety analyses.

The interlocks, as explicit separate RTS and ESFAS Functions, except for GTS Table 3.3.2-1, Function 18.b, Reactor Trip, P-4, are omitted from the AP1000 STS and the associated GTS 3.3.1 and 3.3.2 Actions are deleted. The reactor trip interlock, P-4, is addressed in STS 3.3.12, Engineered Safety Feature Actuation System (ESFAS) Reactor Trip Initiation.

Interlock Operability is adequately addressed by each related Functions requirement to be Operable and the requirement for actuation logic operability.

For these related RTS and ESFAS instrumentation and actuation functions to be Operable, the associated RTS and ESFAS interlock functions would have to be in the required state as a support feature for Operability. These RTS and ESFAS interlock functions do not directly trip the reactor or (except for P-4) actuate ESF systems, and as such are removed from the actuation instrumentation listing in TS. The role of the interlocks, and their support for the operability of RTS trip and ESFAS actuation functions, are described in the TS Bases, as well as in Final Safety Analysis Report (FSAR) Chapter 7, Instrumentation and Controls.

Date report generated:

Monday, June 29, 2015 Page 22

GTST AP1000-O68-3.3.15, Rev. 1 Furthermore, each RTS trip and ESFAS actuation function is required to be Operable during the stated TS Applicability. The Applicability for certain trip or actuation functions is based on transitioning above or below an interlock threshold or setpoint; while other functions are not directly supported by an interlock. For functions supported by an interlock, while operating within the TS required Applicability for that function, its associated supporting interlock is not required to automatically change state. The interlock status must be established in conjunction with assuring the supported functions Operability prior to entering the required Applicability. In addition, LCO 3.0.4 requires the unit operators to ensure RTS trip function and ESFAS function Operability prior to entering their Applicability. These TS requirements remain in effect and impose the necessary Operability requirements related to the removed interlock functions. As such, interlocks are adequately addressed by each related functions requirement to be Operable and the requirement for actuation logic Operability.

An instrument function with interlocks implicitly required to support the function's Operability, is also addressed by the COT and Channel Calibration surveillance requirements. Actuation logic with interlocks implicitly required to support Operability of the logic is also addressed by the Actuation Logic Test surveillance requirement. The applicable COT, Channel Calibration, and Actuation Logic Test Bases will be enhanced by including the following discussion supporting this change (the reader should replace CHANNEL CALIBRATION with COT or ACTUATION LOGIC TEST as appropriate):

Interlocks implicitly required to support the Function's OPERABILITY are also addressed by this CHANNEL CALIBRATION. This portion of the CHANNEL CALIBRATION ensures the associated Function is not bypassed when required to be enabled. This can be accomplished by ensuring the interlocks are calibrated properly in accordance with the SP.

If the interlock is not automatically functioning as designed, the condition is entered into the Corrective Action Program and appropriate OPERABILITY evaluations performed for the affected Function. The affected Functions OPERABILITY can be met if the interlock is manually enforced to properly enable the affected Function. When an interlock is not supporting the associated Functions OPERABILITY at the existing plant conditions, the affected Function's channels must be declared inoperable and appropriate ACTIONS taken.

DOC D03 revises the GTS Table 3.3.2-1, Function 25 and 26 descriptions of Required Channels to delete battery backed from the MTS 3.3.15 LCO statement. As described in the Writer's Guide for Plant-Specific Improved Technical Specifications (Reference 4), the LCO is intended to describe, as simply as possible, the lowest functional capability or performance levels of equipment required for the safe operation of the facility. It is acceptable to generically refer to the system, subsystem, component, or parameter that is the subject of the LCO and provide the specific scope or boundaries in the Bases. The proposed change to the LCO simplifies the LCO statement by removing the design detail battery backed and is consistent with the intent of the current PTS language that defines what a Required Channel entails.

The remaining changes, including those made by DOC A028, are editorial, clarifying, grammatical, or otherwise considered administrative. These changes do not affect the technical content, but improve the readability, implementation, and understanding of the requirements, and are therefore acceptable.

Having found that this GTSTs proposed changes to the GTS and Bases are acceptable, the NRC staff concludes that AP1000 STS Subsection 3.3.15 is an acceptable model Specification for the AP1000 standard reactor design.

Date report generated:

Monday, June 29, 2015 Page 23

GTST AP1000-O68-3.3.15, Rev. 1 References to Previous NRC Safety Evaluation Reports (SERs):

None Date report generated:

Monday, June 29, 2015 Page 24

GTST AP1000-O68-3.3.15, Rev. 1 VIII. Review Information Evaluator Comments:

None Randy Belles Oak Ridge National Laboratory 865-574-0388 bellesrj@ornl.gov Review Information:

Availability for public review and comment on Revision 0 of this traveler approved by NRC staff on 5/29/2014.

APOG Comments (Ref. 8) and Resolutions:

1. (Internal # 3) Throughout the Bases, references to Sections and Chapters of the FSAR do not include the FSAR clarifier. Since these Section and Chapter references are to an external document, it is appropriate (DOC A003) to include the FSAR modifier. This is resolved by adding the FSAR modifier as appropriate.
2. (Internal # 6) The GTST sections often repeat VEGP LAR DOCs, which reference existing and current requirements. The inclusion in the GTST of references to existing and current, are not always valid in the context of the GTS. Each occurrence of existing and current should be revised to be clear and specific to GTS, MTS, or VEGP COL TS (or other), as appropriate. Noted ambiguities are corrected in the GTST body.
3. (Internal # 7)Section VII, GTST Safety Evaluation, inconsistently completes the subsection References to Previous NRC Safety Evaluation Reports (SERs) by citing the associated SE for VEGP 3&4 COL Amendment 13. It is not clear whether there is a substantive intended difference when omitting the SE citation. This is resolved by removing the SE citation in Section VII of the GTST and ensuring that appropriate references to the consistent citation of this reference in Section X of the GTST are made.
4. (Internal # 116 and 165) In GTST for Subsection 3.3.8,Section VI, under the heading Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes, the first paragraph mentions DOC A024. This DOC is for changes to RTS Instrumentation and does not affect Subsection 3.3.8. Note that it is not mentioned anywhere else in this Subsection. This is also stated in Subsections 3.3.9 through 3.3.16. Change DOCs A024 and A028 to DOC A028 in GTST 3.3.8 through GTST 3.3.16. This is resolved by making the recommended change. Note that comment # 116 is actually directed at removing DOC A028 in Subsections 3.3.1 through 3.3.7, but the opposite is true for DOC A024 in Subsections 3.3.8 through 3.3.16 as stated above.
5. (Internal # 178) In the Surveillance Requirements section of the Bases for STS Subsection 3.3.8 under the heading SR 3.3.8.2, the next to last paragraph, last line uses the phrase integrated protection cabinets. The Bases for SR 3.3.8.3, first paragraph uses the term IPC, which is the acronym for integrated protection cabinets. The SR 3.3.8.2 Bases should be changed from integrated protection cabinets to integrated protection Date report generated:

Monday, June 29, 2015 Page 25

GTST AP1000-O68-3.3.15, Rev. 1 cabinets (IPCs). This change also applies to Section 3.3.10 (SR 3.3.10.2), Section 3.3.11 (SR 3.3.11.2), Section 3.3.13 (SR 3.3.13.2), and Section 3.3.14 (SR 3.3.14.2). Add the acronym (IPCs) after the words integrated protection cabinets in SR 3.3.8.2 (and other SRs identified above). This is resolved by making the recommended change with additional edits for added clarity. Use PMS everywhere following its initial definition.

6. (Internal # 198) In GTST for Subsection 3.3.15,Section V, under the heading Changes to the Generic Technical Specifications and Bases, the fourth paragraph below the Coincidence Table discusses DOC M02 and states that Condition B is revised by adding a second condition that states one or more Functions with two or more divisions inoperable.

The revised condition actually states one or more Functions within two or more divisions inoperable. Change the word with to within. This is resolved by making the recommended change.

7. (Internal # 199) In GTST for Subsection 3.3.15,Section VI, under the heading Description of changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes, the third paragraph description states that MTS 3.3.15 does not specify Actions for inoperability of one or more Functions with two or more divisions. The actual change relates to one or more Functions within two or more divisions. Change the word with to within. This is resolved by making the recommended change with additional edits for added clarity.

DOC M02 addresses the fact that MTS 3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating, does not specify Actions for inoperability the condition of one or more Functions with within two or more divisions inoperable. ...

8. (Internal # 200) In GTST for Subsection 3.3.15,Section VI, under the heading Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes, the last paragraph description states DOC D03 provides design detail that is not necessary in the TS to protect the health and safety of the public. DOC D03 does not provides design details; it removes design detail. Revise the last paragraph to replace provides with removes. This is resolved by making the recommended change.
9. (Internal # 201) In LCO 3.3.15, part a, ESF has not been previously defined. Change ESF to Engineered Safety Features (ESF) in the LCO statement. This is resolved by making the recommended change.
10. (Internal # 202) In the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.15 under the heading ESF Coincidence Logic, the second paragraph, uses the term ESF. ESF - Engineered Safety Features - has not been previously defined.

Change ESF to Engineered Safety Features (ESF) This is resolved by making the recommended change with additional edits for added clarity. Define first use of PMS in the Bases and use PMS after that (consistent with resolution of comment # 119). Revise the first sentence of the second paragraph under the heading SR 3.3.15.1 for the ACTUATION LOGIC TEST, as follows:

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST.

Revise the first sentence of fifth paragraph in the same subsection as follows:

Date report generated:

Monday, June 29, 2015 Page 26

GTST AP1000-O68-3.3.15, Rev. 1 To the extent possible, Protection and Safety Monitoring System PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features.

NRC Final Approval Date: 6/29/15 NRC

Contact:

C. Craig Harbuck United States Nuclear Regulatory Commission 301-415-3140 Craig.Harbuck@nrc.gov Date report generated:

Monday, June 29, 2015 Page 27

GTST AP1000-O68-3.3.15, Rev. 1 IX. Evaluator Comments for Consideration in Finalizing Technical Specifications and Bases None Date report generated:

Monday, June 29, 2015 Page 28

GTST AP1000-O68-3.3.15, Rev. 1 X. References Used in GTST

1. AP1000 DCD, Revision 19, Section 16, Technical Specifications, June 2011 (ML11171A500).
2. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Technical Specifications Upgrade License Amendment Request, February 24, 2011 (ML12065A057).
3. NRC Safety Evaluation (SE) for Amendment No. 13 to Combined License (COL) No.

NPF-91 for Vogtle Electric Generating Plant (VEGP) Unit 3, and Amendment No. 13 to COL No. NPF-92 for VEGP Unit 4, September 9, 2013, ADAMS Package Accession No. ML13238A337, which contains:

ML13238A355 Cover Letter - Issuance of License Amendment No. 13 for Vogtle Units 3 and 4 (LAR 12-002).

ML13238A359 Enclosure 1 - Amendment No. 13 to COL No. NPF-91 ML13239A256 Enclosure 2 - Amendment No. 13 to COL No. NPF-92 ML13239A284 Enclosure 3 - Revised plant-specific TS pages (Attachment to Amendment No. 13)

ML13239A287 Enclosure 4 - Safety Evaluation (SE), and Attachment 1 - Acronyms ML13239A288 SE Attachment 2 - Table A - Administrative Changes ML13239A319 SE Attachment 3 - Table M - More Restrictive Changes ML13239A333 SE Attachment 4 - Table R - Relocated Specifications ML13239A331 SE Attachment 5 - Table D - Detail Removed Changes ML13239A316 SE Attachment 6 - Table L - Less Restrictive Changes The following documents were subsequently issued to correct an administrative error in Enclosure 3:

ML13277A616 Letter - Correction To The Attachment (Replacement Pages) - Vogtle Electric Generating Plant Units 3 and 4-Issuance of Amendment Re:

Technical Specifications Upgrade (LAR 12-002) (TAC No. RP9402)

ML13277A637 Enclosure 3 - Revised plant-specific TS pages (Attachment to Amendment No. 13) (corrected)

4. TSTF-GG-05-01, Writer's Guide for Plant-Specific Improved Technical Specifications, June 2005.
5. RAI Letter No. 01 Related to License Amendment Request (LAR)12-002 for the Vogtle Electric Generating Plant Units 3 and 4 Combined Licenses, September 7, 2012 (ML12251A355).
6. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Response to Request for Additional Information Letter No. 01 Related to License Amendment Request LAR-12-002, ND-12-2015, October 04, 2012 (ML12286A363 and ML12286A360)
7. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Supplemental Information Related to License Amendment Request LAR-12-002, ND 2356, December 07, 2012 (ML12346A053)

Date report generated:

Monday, June 29, 2015 Page 29

GTST AP1000-O68-3.3.15, Rev. 1

8. APOG-2014-008, APOG (AP1000 Utilities) Comments on AP1000 Standardized Technical Specifications (STS) Generic Technical Specification Travelers (GTSTs), Docket ID NRC-2014-0147, September 22, 2014 (ML14265A493).

Date report generated:

Monday, June 29, 2015 Page 30

GTST AP1000-O68-3.3.15, Rev. 1 XI. MARKUP of the Applicable GTS Subsection for Preparation of the STS NUREG The entire section of the Specifications and the Bases associated with this GTST is presented next.

Changes to the Specifications and Bases are denoted as follows: Deleted portions are marked in strikethrough red font, and inserted portions in bold blue font.

Date report generated:

Monday, June 29, 2015 Page 31

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating 3.3.15 3.3 INSTRUMENTATION 3.3.15 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating LCO 3.3.15 Four divisions with one battery backed subsystem for each of the following Functions shall be OPERABLE:

a. Engineered Safety Features (ESF) Coincidence Logic; and
b. ESF Actuation.

APPLICABILITY: MODES 1, 2, 3, and 4.

ACTIONS


NOTE-----------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Restore division to 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> within one division OPERABLE status.

inoperable.

B. Required Action and B.1 Be in MODE 3. 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> associated Completion Time of Condition A not AND met.

B.2 Be in MODE 5. 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> OR One or more Functions within two or more divisions inoperable.

AP1000 STS 3.3.15-1 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 32

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating 3.3.15 SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.3.15.1 Perform ACTUATION LOGIC TEST. 92 days on a STAGGERED TEST BASIS SR 3.3.15.2 --------------------------------NOTE--------------------------------

This surveillance shall include verification that the time constants are adjusted to the prescribed values.

Perform ACTUATION DEVICE TEST. 24 months SR 3.3.15.3 Perform ACTUATION DEVICE TEST for squib valves. 24 months SR 3.3.15.24 --------------------------------NOTE--------------------------------

Only required to be met in MODE 4 above the P-19 (RCS Pressure) interlock with the RCS not being cooled by RNS.

Verify Perform ACTUATION DEVICE TEST for 24 months pressurizer heater circuit breakers trip open on an actual or simulated actuation signal.

SR 3.3.15.3 Verify reactor coolant pump breakers trip open on 24 months an actual or simulated actuation signal.

SR 3.3.15.4 --------------------------------NOTE--------------------------------

Only required to be met in MODE 4 with the RCS being cooled by the RNS or below the P-12 (Pressurizer Level) interlock.

Verify CVS letdown isolation valves actuate to the 24 months isolation position on an actual or simulated actuation signal.

AP1000 STS 3.3.15-2 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 33

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating 3.3.15 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.3.15.5 Verify main feedwater and startup feedwater pump 24 months breakers trip open on an actual or simulated actuation signal.

SR 3.3.15.6 --------------------------------NOTE--------------------------------

Only required to be met in MODES 1 and 2.

Verify auxiliary spray and purification line 24 months isolation valves actuate to the isolation position on an actual or simulated actuation signal.

AP1000 STS 3.3.15-3 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 34

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 B 3.3 INSTRUMENTATION B 3.3.15 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating BASES BACKGROUND A description of the ESFAS Instrumentation is provided in the Bases for LCO 3.3.8, Engineered Safety Feature Actuation System (ESFAS)

Instrumentation.

APPLICABLE The required divisions channels of ESFAS actuation logic SAFETY instrumentation provide plant protection in the event of any of the ANALYSES, LCO, analyzed accidents. ESFAS protective functions include:

and APPLICABILITY ESF Coincidence Logic A description of the Engineered Safety Features (ESF) Coincidence Logic is provided in the Bases for LCO 3.3.8.

ESF Actuation A description of the ESF Actuation Subsystem is provided in the Bases for LCO 3.3.8.

The following are descriptions of the ESFAS actuation logic individual instrument Functions required by this LCO:

a. ESF Coincidence Logic This LCO requires four divisions of ESF coincidence logic, each set with one battery backed logic group OPERABLE to support automatic actuation. If one division of battery backed coincidence logic is OPERABLE in all four divisions, an additional single failure will not prevent ESF actuations because three divisions will still be available to provide redundant actuation for all ESF Functions. This Function is required to be OPERABLE in MODES 1, 2, 3, and 4.

The ESF Coincidence Logic requirements for MODES 5 and 6 are discussed in LCO 3.3.16, ESFAS Actuation Logic - Shutdown.

AP1000 STS B 3.3.15-1 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 35

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

b. ESF Actuation This LCO requires that for each division of ESF actuation, one battery backed logic group be OPERABLE to support both automatic and manual actuation. If one battery backed logic group is OPERABLE for the ESF actuation subsystem in all four divisions, a single failure will not prevent ESF actuations because ESF actuation subsystems in the other three divisions are still available to provide redundant actuation for ESF Functions. The remaining cabinets in the division with a failed ESF actuation cabinet are still OPERABLE and will provide their ESF Functions. This Function is required to be OPERABLE in MODES 1, 2, 3, and 4. The ESF Actuation Subsystem requirements for MODES 5 and 6 are discussed in LCO 3.3.16.

ESFAS Actuation Logic - Operating satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

ACTIONS A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this specification may be entered independently for each Function (i.e., ESF Coincidence Logic and ESF Actuation). The Completion Time(s) of the inoperable equipment of a Function will be tracked separately for each Function starting from the time the Condition was entered for that Function.

A.1 Condition A addresses the situation where one or more ESFAS actuation logic Functions within one division are inoperable. The ESF Coincidence Logic and ESF Actuation subsystem divisions are inoperable when both of their associated battery backed subsystems are inoperable.

With one ESFAS actuation logic division inoperable, the inoperable division must be restored to OPERABLE status within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. With one division inoperable, the three remaining OPERABLE divisions are capable of mitigating all DBAs, but without a single failure.

The 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> allowed to restore the inoperable division is reasonable based on the capability of the remaining OPERABLE divisions to mitigate all DBAs and the low probability of an event occurring during this interval.

AP1000 STS B 3.3.15-2 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 36

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES ACTIONS (continued)

B.1 and B.2 If the Required Action and associated Completion Time of Condition A is not met, or one or more ESFAS actuation logic Functions within two or more divisions are inoperable, the plant must be placed in a condition where the Function is no longer applicable. This is accomplished by placing the plant in MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner without challenging plant systems.

SURVEILLANCE SR 3.3.15.1 REQUIREMENTS SR 3.3.15.1 is the performance of an ACTUATION LOGIC TEST. This test, in conjunction with the individual device functional tests throughout the Technical Specifications demonstrate that actuated devices respond to an actual or simulated actuation signal. The ESF coincidence logic and ESF actuation subsystems within a division are tested every 92 days on a STAGGERED TEST BASIS.

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST. The test subsystem is designed to allow for complete functional testing by using a combination of system self-checking features, functional testing features, and other testing features.

Successful functional testing consists of verifying that the capability of the system to perform the safety function has not failed or degraded.

For hardware functions this would involve verifying that the hardware components and connections have not failed or degraded. Generally this verification includes a comparison of the outputs from two or more redundant subsystems or channels.

Since software does not degrade, software functional testing involves verifying that the software code has not changed and that the software code is executing.

AP1000 STS B 3.3.15-3 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 37

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

To the extent possible, PMS Protection and Safety Monitoring System functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. The ACTUATION LOGIC TEST shall include a review of the operation of the test subsystem to verify the completeness and adequacy of the results.

If the ACTUATION LOGIC TEST cannot be completed using the built-in test subsystem, either because of failures in the test subsystem or failures in redundant channel hardware used for functional testing, the ACTUATION LOGIC TEST can be performed using portable test equipment.

Interlocks implicitly required to support the Function's OPERABILITY are also addressed by this ACTUATION LOGIC TEST.

This portion of the ACTUATION LOGIC TEST ensures the associated Function is not bypassed when required to be enabled.

This can be accomplished by ensuring the interlocks are calibrated properly in accordance with the SP. If the interlock is not automatically functioning as designed, the condition is entered into the Corrective Action Program and appropriate OPERABILITY evaluations performed for the affected Function. The affected Functions OPERABILITY can be met if the interlock is manually enforced to properly enable the affected Function. When an interlock is not supporting the associated Functions OPERABILITY at the existing plant conditions, the affected Function's channels must be declared inoperable and appropriate ACTIONS taken.

The Frequency of every 92 days on a STAGGERED TEST BASIS provides a complete test of all four divisions once per year. This frequency is adequate based on the inherent high reliability of the solid state devices which comprise this equipment; the additional reliability provided by the redundant subsystems; and the use of continuous diagnostic test features, such as deadman timers, memory checks, numeric coprocessor checks, cross-check of redundant subsystems, and tests of timers, counters, and crystal time basis, which will report a failure within these cabinets to the operator.

AP1000 STS B 3.3.15-4 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 38

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.15.2 SR 3.3.15.2 is the performance of an ACTUATION DEVICE TEST. This test, in conjunction with the ACTUATION LOGIC TEST, demonstrates that the actuated device responds to a simulated actuation signal. This Surveillance Requirement is applicable to the equipment which is actuated by the Protection Logic Cabinets except squib valves. The OPERABILITY of the actuated equipment is checked by exercising the equipment on an individual basis.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This Surveillance Requirement is modified by a Note that states that actuated equipment, that is included in the Inservice Test (IST) Program, is exempt from this surveillance. The IST Program provides for exercising of the safety related valves on a more frequent basis. The results from the IST Program can therefore be used to verify OPERABILITY of the final actuated equipment.

SR 3.3.15.3 SR 3.3.15.3 is the performance of an ACTUATION DEVICE TEST, similar to that performed in SR 3.3.15.2, except this Surveillance Requirement is specifically applicable to squib valves. This test, in conjunction with the ACTUATION LOGIC TEST, demonstrates that the actuated device responds to a simulated actuation signal. The OPERABILITY of the squib valves is checked by performing a continuity check of the circuit from the Protection Logic Cabinets to the squib valve.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any additional risks associated with inadvertent operation of the squib valves.

AP1000 STS B 3.3.15-5 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 39

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.15.24 SR 3.3.15.24 demonstrates that the pressurizer heater circuit breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function. The OPERABILITY of these breakers is checked by opening these breakers using the Plant Control System. is the performance of an ACTUATION DEVICE TEST. This test, in conjunction with the ACTUATION LOGIC TEST, demonstrates that the actuated device responds to a simulated actuation signal. This Surveillance Requirement is applicable to the circuit breakers which de-energize the power to the pressurizer heaters upon a pressurizer heater trip. The OPERABILITY of these breakers is checked by opening these breakers using the Plant Control System.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation. This Frequency is adequate based on the use of multiple circuit breakers to prevent the failure of any single circuit breaker from disabling the function and that all circuit breakers are tested.

This Surveillance Requirement is modified by a Note that states that the SR is only required to be met in MODE 4 above the P-19 (RCS Pressure) interlock with the RCS not being cooled by the Normal Residual Heat Removal System (RNS).

SR 3.3.15.3 SR 3.3.15.3 demonstrates that the RCP breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

AP1000 STS B 3.3.15-6 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 40

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.15.4 SR 3.3.15.4 demonstrates that the CVS letdown isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This Surveillance Requirement is modified by a Note that states that the SR is only required to be met in MODE 4 with the RCS being cooled by the Normal Residual Heat Removal System (RNS) or below the P-12 (Pressurizer Level) interlock.

SR 3.3.15.5 SR 3.3.15.5 demonstrates that the main feedwater and startup feedwater pump breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

SR 3.3.15.6 SR 3.3.15.6 demonstrates that the auxiliary spray and purification line isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

AP1000 STS B 3.3.15-7 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 41

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

This Surveillance Requirement is modified by a Note that states that the SR is only required to be met in MODES 1 and 2.

REFERENCES 1. FSAR Chapter 15.0, Accident Analysis.

AP1000 STS B 3.3.15-8 Amendment 0Rev. 0 Revision 19 Date report generated:

Monday, June 29, 2015 Page 42

GTST AP1000-O68-3.3.15, Rev. 1 XII. Applicable STS Subsection After Incorporation of this GTSTs Modifications The entire subsection of the Specifications and the Bases associated with this GTST, following incorporation of the modifications, is presented next.

Date report generated:

Monday, June 29, 2015 Page 43

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating 3.3.15 3.3 INSTRUMENTATION 3.3.15 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating LCO 3.3.15 Four divisions with one subsystem for each of the following Functions shall be OPERABLE:

a. Engineered Safety Features (ESF) Coincidence Logic; and
b. ESF Actuation.

APPLICABILITY: MODES 1, 2, 3, and 4.

ACTIONS


NOTE-----------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Restore division to 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> within one division OPERABLE status.

inoperable.

B. Required Action and B.1 Be in MODE 3. 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> associated Completion Time of Condition A not AND met.

B.2 Be in MODE 5. 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> OR One or more Functions within two or more divisions inoperable.

AP1000 STS 3.3.15-1 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 44

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating 3.3.15 SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.3.15.1 Perform ACTUATION LOGIC TEST. 92 days on a STAGGERED TEST BASIS SR 3.3.15.2 --------------------------------NOTE--------------------------------

Only required to be met in MODE 4 above the P-19 (RCS Pressure) interlock with the RCS not being cooled by RNS.

Verify pressurizer heater circuit breakers trip open on 24 months an actual or simulated actuation signal.

SR 3.3.15.3 Verify reactor coolant pump breakers trip open on an 24 months actual or simulated actuation signal.

SR 3.3.15.4 --------------------------------NOTE--------------------------------

Only required to be met in MODE 4 with the RCS being cooled by the RNS or below the P-12 (Pressurizer Level) interlock.

Verify CVS letdown isolation valves actuate to the 24 months isolation position on an actual or simulated actuation signal.

SR 3.3.15.5 Verify main feedwater and startup feedwater pump 24 months breakers trip open on an actual or simulated actuation signal.

AP1000 STS 3.3.15-2 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 45

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating 3.3.15 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.3.15.6 --------------------------------NOTE--------------------------------

Only required to be met in MODES 1 and 2.

Verify auxiliary spray and purification line isolation 24 months valves actuate to the isolation position on an actual or simulated actuation signal.

AP1000 STS 3.3.15-3 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 46

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 B 3.3 INSTRUMENTATION B 3.3.15 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Operating BASES BACKGROUND A description of the ESFAS Instrumentation is provided in the Bases for LCO 3.3.8, Engineered Safety Feature Actuation System (ESFAS)

Instrumentation.

APPLICABLE The required divisions of ESFAS actuation logic provide plant protection SAFETY in the event of any of the analyzed accidents. ESFAS protective functions ANALYSES, LCO, include:

and APPLICABILITY ESF Coincidence Logic A description of the Engineered Safety Features (ESF) Coincidence Logic is provided in the Bases for LCO 3.3.8.

ESF Actuation A description of the ESF Actuation Subsystem is provided in the Bases for LCO 3.3.8.

The following are descriptions of the ESFAS actuation logic Functions required by this LCO:

a. ESF Coincidence Logic This LCO requires four divisions of ESF coincidence logic, each set with one battery backed logic group OPERABLE to support automatic actuation. If one division of battery backed coincidence logic is OPERABLE in all four divisions, an additional single failure will not prevent ESF actuations because three divisions will still be available to provide redundant actuation for all ESF Functions. This Function is required to be OPERABLE in MODES 1, 2, 3, and 4.

The ESF Coincidence Logic requirements for MODES 5 and 6 are discussed in LCO 3.3.16, ESFAS Actuation Logic - Shutdown.

AP1000 STS B 3.3.15-1 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 47

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

b. ESF Actuation This LCO requires that for each division of ESF actuation, one battery backed logic group be OPERABLE to support both automatic and manual actuation. If one battery backed logic group is OPERABLE for the ESF actuation subsystem in all four divisions, a single failure will not prevent ESF actuations because ESF actuation subsystems in the other three divisions are still available to provide redundant actuation for ESF Functions. The remaining cabinets in the division with a failed ESF actuation cabinet are still OPERABLE and will provide their ESF Functions. This Function is required to be OPERABLE in MODES 1, 2, 3, and 4. The ESF Actuation Subsystem requirements for MODES 5 and 6 are discussed in LCO 3.3.16.

ESFAS Actuation Logic - Operating satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

ACTIONS A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this specification may be entered independently for each Function (i.e., ESF Coincidence Logic and ESF Actuation). The Completion Time(s) of the inoperable equipment of a Function will be tracked separately for each Function starting from the time the Condition was entered for that Function.

A.1 Condition A addresses the situation where one or more ESFAS actuation logic Functions within one division are inoperable. The ESF Coincidence Logic and ESF Actuation subsystem divisions are inoperable when both of their associated battery backed subsystems are inoperable.

With one ESFAS actuation logic division inoperable, the inoperable division must be restored to OPERABLE status within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. With one division inoperable, the three remaining OPERABLE divisions are capable of mitigating all DBAs, but without a single failure.

The 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> allowed to restore the inoperable division is reasonable based on the capability of the remaining OPERABLE divisions to mitigate all DBAs and the low probability of an event occurring during this interval.

AP1000 STS B 3.3.15-2 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 48

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES ACTIONS (continued)

B.1 and B.2 If the Required Action and associated Completion Time of Condition A is not met, or one or more ESFAS actuation logic Functions within two or more divisions are inoperable, the plant must be placed in a condition where the Function is no longer applicable. This is accomplished by placing the plant in MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner without challenging plant systems.

SURVEILLANCE SR 3.3.15.1 REQUIREMENTS SR 3.3.15.1 is the performance of an ACTUATION LOGIC TEST. This test, in conjunction with the individual device functional tests throughout the Technical Specifications demonstrate that actuated devices respond to an actual or simulated actuation signal. The ESF coincidence logic and ESF actuation subsystems within a division are tested every 92 days on a STAGGERED TEST BASIS.

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST. The test subsystem is designed to allow for complete functional testing by using a combination of system self-checking features, functional testing features, and other testing features.

Successful functional testing consists of verifying that the capability of the system to perform the safety function has not failed or degraded.

For hardware functions this would involve verifying that the hardware components and connections have not failed or degraded. Generally this verification includes a comparison of the outputs from two or more redundant subsystems or channels.

Since software does not degrade, software functional testing involves verifying that the software code has not changed and that the software code is executing.

To the extent possible, PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. The ACTUATION LOGIC TEST shall include a review of AP1000 STS B 3.3.15-3 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 49

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued) the operation of the test subsystem to verify the completeness and adequacy of the results.

If the ACTUATION LOGIC TEST cannot be completed using the built-in test subsystem, either because of failures in the test subsystem or failures in redundant channel hardware used for functional testing, the ACTUATION LOGIC TEST can be performed using portable test equipment.

Interlocks implicitly required to support the Function's OPERABILITY are also addressed by this ACTUATION LOGIC TEST. This portion of the ACTUATION LOGIC TEST ensures the associated Function is not bypassed when required to be enabled. This can be accomplished by ensuring the interlocks are calibrated properly in accordance with the SP.

If the interlock is not automatically functioning as designed, the condition is entered into the Corrective Action Program and appropriate OPERABILITY evaluations performed for the affected Function. The affected Functions OPERABILITY can be met if the interlock is manually enforced to properly enable the affected Function. When an interlock is not supporting the associated Functions OPERABILITY at the existing plant conditions, the affected Function's channels must be declared inoperable and appropriate ACTIONS taken.

The Frequency of every 92 days on a STAGGERED TEST BASIS provides a complete test of all four divisions once per year. This frequency is adequate based on the inherent high reliability of the solid state devices which comprise this equipment; the additional reliability provided by the redundant subsystems; and the use of continuous diagnostic test features, such as deadman timers, memory checks, numeric coprocessor checks, cross-check of redundant subsystems, and tests of timers, counters, and crystal time basis, which will report a failure within these cabinets to the operator.

SR 3.3.15.2 SR 3.3.15.2 demonstrates that the pressurizer heater circuit breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function. The OPERABILITY of these breakers is checked by opening these breakers using the Plant Control System.

AP1000 STS B 3.3.15-4 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 50

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation. This Frequency is adequate based on the use of multiple circuit breakers to prevent the failure of any single circuit breaker from disabling the function and that all circuit breakers are tested.

This Surveillance Requirement is modified by a Note that states that the SR is only required to be met in MODE 4 above the P-19 (RCS Pressure) interlock with the RCS not being cooled by the Normal Residual Heat Removal System (RNS).

SR 3.3.15.3 SR 3.3.15.3 demonstrates that the RCP breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

SR 3.3.15.4 SR 3.3.15.4 demonstrates that the CVS letdown isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This Surveillance Requirement is modified by a Note that states that the SR is only required to be met in MODE 4 with the RCS being cooled by the Normal Residual Heat Removal System (RNS) or below the P-12 (Pressurizer Level) interlock.

AP1000 STS B 3.3.15-5 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 51

GTST AP1000-O68-3.3.15, Rev. 1 ESFAS Actuation Logic - Operating B 3.3.15 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.15.5 SR 3.3.15.5 demonstrates that the main feedwater and startup feedwater pump breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

SR 3.3.15.6 SR 3.3.15.6 demonstrates that the auxiliary spray and purification line isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This Surveillance Requirement is modified by a Note that states that the SR is only required to be met in MODES 1 and 2.

REFERENCES 1. FSAR Chapter 15.0, Accident Analysis.

AP1000 STS B 3.3.15-6 Rev. 0 Date report generated:

Monday, June 29, 2015 Page 52