Text

Changes Related to AP1000 Gts Subsection 3.3.16, ESFAS Actuation Logic Shutdown
	ML22240A051
Person / Time
Issue date:	05/12/2015
From:	; NRC/NRR/DSS/STSB
To:	;
	Craig Harbuck NRR/DSS 301-415-3140
Shared Package
ML22240A001	List: ML22240A003; ML22240A005; ML22240A006; ML22240A007; ML22240A008; ML22240A010; ML22240A011; ML22240A012; ML22240A013; ML22240A014; ML22240A015; ML22240A016; ML22240A017; ML22240A018; ML22240A019; ML22240A020; ML22240A021; ML22240A022; ML22240A023; ML22240A024; ML22240A026; ML22240A027; ML22240A028; ML22240A030; ML22240A031; ML22240A033; ML22240A035; ML22240A036; ML22240A037; ML22240A038; ML22240A040; ML22240A041; ML22240A042; ML22240A043; ML22240A044; ML22240A045; ML22240A046; ML22240A047; ML22240A049; ML22240A050; ML22240A051; ML22240A052; ML22240A053; ML22240A054; ML22240A056; ML22240A057; ML22240A058; ML22240A059; ML22240A060; ML22240A061; ... further results
References
	Download: ML22240A051 (55)
	v • d • e

GTST AP1000-O69-3.3.16, Rev. 1 Advanced Passive 1000 (AP1000)

Generic Technical Specification Traveler (GTST)

Title:

Changes Related to LCO 3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown I. Technical Specifications Task Force (TSTF) Travelers, Approved Since Revision 2 of STS NUREG-1431, and Used to Develop this GTST TSTF Number and

Title:

TSTF-411-A, Rev 1, Surveillance Test Interval Extensions for Components of the Reactor Protection System (WCAP-15376-P)

TSTF-418-A, Rev 2, RPS and ESFAS Test Times and Completion Times (WCAP-14333)

TSTF-519-T, Rev 0, Increase Standardization in Condition and Required Action Notes STS NUREGs Affected:

TSTF-411-A, Rev 1: NUREG 1431 TSTF-418-A, Rev 2: NUREG 1431 TSTF-519-T, Rev 0: NUREG 1430 and 1431 NRC Approval Date:

TSTF-411-A, Rev 1: 30-Aug-02 TSTF-418-A, Rev 2: 02-Apr-03 TSTF-519-T, Rev 0: 16-Oct-09 (TSTF Review)

TSTF Classification:

TSTF-411-A, Rev 1: Technical Change TSTF-418-A, Rev 2: Technical Change TSTF-519-T, Rev 0: NUREG Only Change Date report generated:

Tuesday, May 12, 2015 Page 1

GTST AP1000-O69-3.3.16, Rev. 1 II. Reference Combined License (RCOL) Standard Departures (Std. Dep.), RCOL COL Items, and RCOL Plant-Specific Technical Specifications (PTS) Changes Used to Develop this GTST RCOL Std. Dep. Number and

Title:

There are no Vogtle Electric Generating Plant Units 3 and 4 (Vogtle or VEGP) departures applicable to GTS 3.3.2.

RCOL COL Item Number and

Title:

There are no Vogtle COL items applicable to GTS 3.3.2.

RCOL PTS Change Number and

Title:

The VEGP License Amendment Request (LAR) proposed the following changes to the initial version of the PTS (referred to as the current TS by the VEGP LAR). These changes include Administrative Changes (A), Detail Removed Changes (D), Less Restrictive Changes (L), and More Restrictive Changes (M). These changes are discussed in Sections VI and VII of this GTST.

VEGP LAR DOC A028: Reformat of GTS 3.3.2 into Nine Parts; 3.3.8 through 3.3.16; note that this maps GTS 3.3.2 requirements into interim A028-modified TS (MTS) Subsection 3.3.16, to which the other changes are applied.

VEGP LAR DOC A030: Removal of Redundant Mode Condition in Required Action Statement VEGP LAR DOC A031: Revision of Various MTS 3.3.16 Required Action statements VEGP LAR DOC A034: Removal of Redundant Mode Condition and Level in Required Action Statement VEGP LAR DOC A035: Actuation signal coincidence logic VEGP LAR DOC M02: Provision for Two or More Inoperable Divisions or Channels VEGP LAR DOC L01: TS Definition for Actuation Device Test is Deleted VEGP LAR DOC L10: Delete PTS 3.3.2 Function 18, Interlocks except reactor trip, P-4 VEGP LAR DOC D03: Battery Backed Design Detail Removed Date report generated:

Tuesday, May 12, 2015 Page 2

GTST AP1000-O69-3.3.16, Rev. 1 III. Comments on Relations Among TSTFs, RCOL Std. Dep., RCOL COL Items, and RCOL PTS Changes This section discusses the considered changes that are: (1) applicable to operating reactor designs, but not to the AP1000 design; (2) already incorporated in the GTS; or (3) superseded by another change.

TSTF-411-A, Rev.1 provides justification to (1) increase the required action completion time and the bypass test time allowance for the reactor trip breakers and (2) increase the surveillance test intervals for the reactor trip breakers, master relays, logic cabinets, and analog channels based on analysis provided in WCAP-15376-P, Rev. 0, Risk-Informed Assessment of the RTS and ESFAS Surveillance Test Intervals and Reactor Trip Breaker Test and Completion Times.

WCAP-15376-P, Rev. 0 did not specifically consider the AP1000 design. The AP1000 GTS completion times and surveillance frequencies for instrumentation functions and reactor trip breakers were justified by APP-GW-GSC-020 (WCAP-16787), which is listed as Reference 6 in the GTS Subsection 3.3.2 Bases. Therefore, TSTF-411-A is not applicable to the AP1000 STS, and is not discussed further in this GTST.

TSTF-418-A adjusts the WOG STS (NUREG-1431) required action completion times for the conventional Westinghouse Plant Protection System instrumentation design for which the WOG STS instrumentation requirements are applicable. The changes in TSTF-418 are based on the analysis in WCAP-14333-P, which did not consider the AP1000 protection and safety monitoring system (PMS) instrumentation design. The AP1000 GTS required action completion times (and surveillance frequencies) for the PMS were justified by APP-GW-GSC-020 (WCAP-16787),

which is listed as Reference 6 in the GTS Subsection 3.3.2 Bases. APP-GW-GSC-020 does not reference WCAP-14333-P, but notes, the AP1000 protection and safety monitoring system (PMS) redundancy is as good as or better than that of the conventional Westinghouse Plant Protection System. Although the PMS equipment reliability is considered to be equivalent to or better than that of the conventional Westinghouse Plant Protection System, a common basis for comparison to the digital portion of the PMS is not readily available.

TSTF-519-T has already been incorporated into the AP1000 GTS regarding the Writer's Guide for Improved Standard Technical Specifications (Reference 4) placement of Notes in TS Actions tables.

Date report generated:

Tuesday, May 12, 2015 Page 3

GTST AP1000-O69-3.3.16, Rev. 1 IV. Additional Changes Proposed as Part of this GTST (modifications proposed by NRC staff and/or clear editorial changes or deviations identified by preparer of GTST)

Regarding VEGP LAR DOC A035, which removes from Table 3.3.2-1 of PTS 3.3.2 all explicit references to coincidence logic between two or more actuation signals, this GTST explicitly recognizes that all such coincidence logic, as well as all actuation logic for the AP1000 ESFAS Functions, will be addressed within the scope of STS 3.3.15 and STS 3.3.16. In addition, for several actuated ESF systems, which have no associated system LCO specified, LCO 3.3.15 and LCO 3.3.16 include surveillance requirements for the testing the actuated components upon receipt of an actual or simulated actuation signal.

Define first use of PMS in the Bases and subsequently use the acronym PMS. Revise the first sentence of the second paragraph in the Surveillance Requirements section of the Bases under the heading SR 3.3.16.1 for the ACTUATION LOGIC TEST, as follows:

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST.

Revise the first sentence of fifth paragraph in the same subsection as follows:

To the extent possible, Protection and Safety Monitoring System PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. (NRC Staff Comment)

APOG Recommended Changes to Improve the LCO and Bases In LCO 3.3.16, part a, ESF has not been previously defined. Change ESF to Engineered Safety Features (ESF) in the LCO statement.

In the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.16 under the heading ESF Coincidence Logic, the second paragraph, uses the term ESF. ESF -

Engineered Safety Features - has not been previously defined. Change ESF to Engineered Safety Features (ESF)

Throughout the Bases, references to Sections and Chapters of the FSAR do not include the FSAR clarifier. Since these Section and Chapter references are to an external document, it is appropriate to include the FSAR modifier. (DOC A003)

Date report generated:

Tuesday, May 12, 2015 Page 4

GTST AP1000-O69-3.3.16, Rev. 1 V. Applicability Affected Generic Technical Specifications and Bases:

Section 3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Shutdown Changes to the Generic Technical Specifications and Bases:

GTS 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, is reformatted by VEGP LAR DOC A028 into multiple Specifications including interim A028-modified TS (MTS) 3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown. As a result of the reformatting, GTS 3.3.2 Functions 25.a and 26.a for MODES 5 and 6 are relocated to AP1000 MTS 3.3.16 as part of the LCO statement. A complete function tracking list (GTS to MTS to STS) appears in GTST 3.3.8,Section V. The MTS format is depicted in Section XI of this GTST as the reference case in the markup of the GTS instrumentation requirements for the shutdown ESFAS actuation logic.

MTS 3.3.16 LCO Title GTS 3.3.2 Function Engineered Safety Feature 25. ESF Coincidence Logic Actuation System (ESFAS) a. Coincidence Logic Actuation Logic - Shutdown

26. ESF Actuation

a. ESF Actuation Subsystem ESF actuation function titles are not included in the ESFAS instrumentation function titles in STS 3.3.8 Table 3.3.8-1. The Bases for STS 3.3.8 describe each ESFAS instrumentation function, the associated supported ESF actuation function(s) and the ESF coincidence and actuation logic required by STS 3.3.15 (ESFAS Actuation Logic - Operating) and STS 3.3.16.

The ESF actuation functions and associated actuation and coincidence logic specified by GTS 3.3.2 that are required by LCOs 3.3.15 and 3.3.16 are the following (in the order given in GTS Table 3.3.2-1). Regardless of the applicable Modes or other specified conditions in the Applicability for ESFAS functions in GTS Table 3.3.2-1, all divisions of ESF coincidence and actuation logic for each STS ESFAS automatic and manual instrumentation function, which has an applicability within Modes 1, 2, 3, and 4, are required to be Operable by STS LCO 3.3.15; and within Modes 5, 6, and during movement of irradiated fuel assemblies, are required to be Operable by STS LCO 3.3.16.

The listed coincidences among multiple instrument and logic actuation signals in GTS Table 3.3.2-1, which are removed by DOC A028, are deleted in MTS Table 3.3.8-1, but are included below for STS 3.3.15 and 3.3.16, since they are details of the ESF Coincidence Logic that are implicitly required by STS LCO 3.3.15.a and LCO 3.3.16.a. (DOC A035) The GTS Table 3.3.2-1 functions that are omitted from STS Table 3.3.8-1 are marked below with an asterisk (*).

Date report generated:

Tuesday, May 12, 2015 Page 5

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation (Modes) [STS Modes] Function No.]

3.3.15 1. Safeguards Actuation - a. Manual Initiation (1234) [1234] [3.3.9.1]

3.3.16 1. Safeguards Actuation - a. Manual Initiation (5) [5] [3.3.9.1]

3.3.15 1. Safeguards Actuation -

b. Containment Pressure - High 2 (1234) [1234] [3.3.8.2]

3.3.15 1. Safeguards Actuation -

c. Pressurizer Pressure - Low (123(a)) [123(c)] [3.3.8.5]

3.3.15 1. Safeguards Actuation -

d. Steam Line Pressure - Low (123(a)) [1234(c)] [3.3.8.24]

3.3.15 1. Safeguards Actuation -e. RCS Tcold - Low (123(a)) [123(c)] [3.3.8.11]

GTS Table 3.3.2-1 Footnote (a); STS Table 3.3.8-1 Footnote (c):

(a) Above P-11 (Pressurizer Pressure) interlock, when RCS boron concentration is below that necessary to meet the SDM requirements at an RCS temperature of 200 deg F.

3.3.15 2. CMT Actuation - a. Manual initiation (1,2,3,4(b)) [1234(a)] [3.3.9.2]

3.3.15 3.3.16 2. CMT Actuation - a. Manual initiation (4(c)5(d)) [4(b)5(c)] [3.3.9.2]

3.3.15 2. CMT Actuation -

b. Pressurizer Water Level - Low 2 (1234(b)) [1234(b)] [3.3.8.7]

3.3.15 3.3.16 2. CMT Actuation -

b. Pressurizer Water Level - Low 2 (4(c)5(d)) [4(d)5(e)(f)] [3.3.8.7]

3.3.15 *3.3.16 2. CMT Actuation -

c. Safeguards Actuation (12345(d)) [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde)

3.3.15 *3.3.16 2. CMT Actuation -

d. ADS Stages 1, 2, & 3 Actuation (12345(d)) [3.3.15/16]

(References GTS 3.3.2 Function 9.ab)

GTS Table 3.3.2-1 Footnotes (b), (c), (d), (l);

STS Table 3.3.8-1 Footnotes (b), (d), (e), (f);

STS Table 3.3.9-1 Footnotes (a), (b), (c);

(b) With the RCS not being cooled by the RNS.

(c) With the RCS being cooled by the RNS.

(d) With the RCS pressure boundary intact.

(l) With pressurizer level 20%. STS Table 3.3.8-1 Footnote (f) With RCS not being cooled by the RNS and with pressurizer level 20%. (DOC A036) 3.3.15 3. Containment Isolation - a. Manual Initiation (1234) [1234] [3.3.9.3]

3. Containment Isolation - a. Manual Initiation (5(e)) DOC L18 deleted

3. Containment Isolation - a. Manual Initiation (6(e)) DOC L18 deleted

3.3.15 *3.3.16 3. Containment Isolation - b. Manual Initiation of Passive Containment Cooling (12345(e)(f)6(e)(f)) [1234/56] [3.3.15/16]

(References GTS 3.3.2 Function 12.a)

3.3.15 *3.3.16 3. Containment Isolation - c. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde)

(Note: The listing of applicable Modes for functions listed in GTS Table 3.3.2-1 and the corresponding AP1000 STS Section 3.3 functions, which is provided above, is omitted in the remainder of this list. Such information may be found by consulting the AP1000 GTS and STS, other GTSTs for Section 3.3, and in the VEGP SER (Ref. 3).)

Date report generated:

Tuesday, May 12, 2015 Page 6

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 4. Steam Line Isolation - a. Manual Initiation [3.3.9.4]

3.3.15 4. Steam Line Isolation - b. Containment Pressure - High 2 [3.3.8.2]

3.3.15 4. Steam Line Isolation - c.(1) Steam Line Pressure - Low [3.3.8.24]

3.3.15 4. Steam Line Isolation - c.(2) Steam Line Pressure -

Negative Rate - High [3.3.8.25]

3.3.15 4. Steam Line Isolation - d. RCS Tcold - Low [3.3.8.11]

3.3.15 5. Turbine Trip -

a. Manual [Initiation of] Main Feedwater Isolation [3.3.15]

(References GTS 3.3.2 Function 6.a) 3.3.15 5. Turbine Trip -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 5. Turbine trip -

c. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 6. Main Feedwater Control Valve Isolation -

a. Manual Initiation [3.3.9.5]

3.3.15 6. Main Feedwater Control Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 6. Main Feedwater Control Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 *3.3.16 6. Main Feedwater Control Valve Isolation -

c. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde) 3.3.15 6. Main Feedwater Control Valve Isolation -

d. Reactor Coolant Average Temperature (Tavg) - Low 1 [3.3.8.12]

3.3.15 6. Main Feedwater Control Valve Isolation -

d. coincident with [3.3.15]

3.3.15 6. Main Feedwater Control Valve Isolation -

d. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 7. Main Feedwater Pump Trip and Valve Isolation -

a. Manual Initiation (References GTS 3.3.2 Function 6.a) [3.3.9.5]

3.3.15 7. Main Feedwater Pump Trip and Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 7. Main Feedwater Pump Trip and Valve Isolation -

b. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 *3.3.16 7. Main Feedwater Pump Trip and Valve Isolation -

c. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde) 3.3.15 7. Main Feedwater Control Valve Isolation -

d. Reactor Coolant Average Temperature (Tavg) - Low 2 [3.3.8.13]

3.3.15 7. Main Feedwater Control Valve Isolation -

d. coincident with [3.3.15]

3.3.15 7. Main Feedwater Control Valve Isolation -

d. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

Date report generated:

Tuesday, May 12, 2015 Page 7

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 8. Startup Feedwater Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 8. Startup Feedwater Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 8. Startup Feedwater Isolation -

b. RCS Tcold - Low [3.3.8.11]

3.3.15 8. Startup Feedwater Isolation -

c. Manual Initiation (6.a) [3.3.9.5]

3.3.15 8. Startup Feedwater Isolation -

d. SG Narrow Range Water Level High [3.3.8.22]

3.3.15 8. Startup Feedwater Isolation -

d. coincident with [3.3.15]

3.3.15 8. Startup Feedwater Isolation -

d. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 9. ADS Stages 1, 2, & 3 Actuation -

a. Manual Initiation [3.3.9.6]

3.3.16 9. ADS Stages 1, 2, & 3 Actuation -

a. Manual Initiation [3.3.9.6]

9. ADS Stages 1, 2, & 3 Actuation -

a. Manual Initiation (deleted) deleted 3.3.15 9. ADS Stages 1, 2, & 3 Actuation -

b. CMT Level - Low 1 [3.3.8.15]

3.3.16 9. ADS Stages 1, 2, & 3 Actuation -

b. CMT Level - Low 1 [3.3.8.15]

3.3.15 9. ADS Stages 1, 2, & 3 Actuation -

b. coincident with [3.3.15]

3.3.16 9. ADS Stages 1, 2, & 3 Actuation -

b. coincident with [3.3.16]

3.3.15 9. ADS Stages 1, 2, & 3 Actuation -

b. CMT Actuation (References GTS 3.3.2 Functions 2.abcd) [3.3.15]

3.3.16 9. ADS Stages 1, 2, & 3 Actuation -

b. CMT Actuation (References GTS 3.3.2 Functions 2.abcd) [3.3.16]

3.3.15 10. ADS Stage 4 Actuation - a. Manual Initiation [3.3.9.7]

3.3.16 10. ADS Stage 4 Actuation - a. Manual Initiation [3.3.9.7]

3.3.15 *3.3.16 10. ADS Stage 4 Actuation - a. coincident with [3.3.15/16]

3.3.15 10. ADS Stage 4 Actuation -

a. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.16 10. ADS Stage 4 Actuation -

a. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.16 10. ADS Stage 4 Actuation -

a. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.15 10. ADS Stage 4 Actuation - a. or coincident with [3.3.15]

3.3.15 10. ADS Stage 4 Actuation -

a. ADS Stages 1, 2, & 3 Actuation [3.3.15]

(References GTS 3.3.2 Function 9.ab) 3.3.15 10. ADS Stage 4 Actuation -

b. CMT Level - Low 2 [3.3.8.15]

3.3.16 10. ADS Stage 4 Actuation -

b. CMT Level - Low 2 [3.3.8.15]

Date report generated:

Tuesday, May 12, 2015 Page 8

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 10. ADS Stage 4 Actuation -

b. Coincident with [3.3.15]

3.3.15 10. ADS Stage 4 Actuation -

b. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.16 10. ADS Stage 4 Actuation -

b. RCS Wide Range Pressure - Low [3.3.8.14]

3.3.15 *3.3.16 10. ADS Stage 4 Actuation -

b. and Coincident with [3.3.15/16]

3.3.15 *3.3.16 10. ADS Stage 4 Actuation -

b. ADS Stages 1, 2, & 3 Actuation [3.3.15/16]

3.3.15 3.3.16 10. ADS Stage 4 Actuation -

c. Coincident RCS Loop 1 and 2 Hot Leg Level - Low 2 [3.3.10.1]

3.3.16 10. ADS Stage 4 Actuation -

c. Coincident RCS Loop 1 and 2 Hot Leg Level - Low 2 [3.3.10.1]

3.3.15 *3.3.16 11. Reactor Coolant Pump Trip -

a. ADS Stages 1, 2, & 3 Actuation [3.3.15/16]

(References GTS 3.3.2 Function 9.ab) 3.3.15 11. Reactor Coolant Pump Trip -

b. RCP Bearing Water Temperature - High [3.3.8.19]

3.3.15 *3.3.16 11. Reactor Coolant Pump Trip -

c. Manual CMT Actuation [3.3.15/16]

(References GTS 3.3.2 Function 2.a) 3.3.15 11. Reactor Coolant Pump Trip -

d. Pressurizer Water Level - Low 2 [3.3.8.7]

3.3.15 3.3.16 11. Reactor Coolant Pump Trip -

d. Pressurizer Water Level - Low 2 [3.3.8.7]

3.3.15 *3.3.16 11. Reactor Coolant Pump Trip -

e. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1.abcde) 3.3.15 12. Passive Containment Cooling Actuation - a. Manual Initiation [3.3.9.8]

3.3.16 12. Passive Containment Cooling Actuation - a. Manual Initiation [3.3.9.8]

3.3.15 12. Passive Containment Cooling Actuation -

b. Containment Pressure - High 2 [3.3.8.14]

3.3.15 13. PRHR HX Actuation - a. Manual Initiation [3.3.9.9]

3.3.16 13. PRHR HX Actuation - a. Manual Initiation [3.3.9.9]

3.3.15 13. PRHR HX Actuation -

b. SG Narrow Range Water Level - Low [3.3.8.20]

3.3.15 13. PRHR HX Actuation - b. ... Coincident with ... [3.3.15]

3.3.15 13. PRHR HX Actuation - b. ... Startup Feedwater Flow - Low [3.3.11]

3.3.15 13. PRHR HX Actuation - c. SG Wide Range Water Level - Low [3.3.8.21]

3.3.15 *3.3.16 13. PRHR HX Actuation -

d. ADS Stages 1, 2, & 3 Actuation [3.3.15/16]

(References GTS 3.3.2 Function 9.ab)

3.3.15 *3.3.16 13. PRHR HX Actuation -

e. CMT Actuation (References GTS 3.3.2 Function 2.ab) [3.3.15/16]

3.3.15 13. PRHR HX Actuation - f. Pressurizer Water Level - High 3 [3.3.8.10]

3.3.15 14. SG Blowdown Isolation -

a. PRHR HX Actuation [3.3.15]

(References GTS 3.3.2 Function 13.abcdef)

Date report generated:

Tuesday, May 12, 2015 Page 9

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 14. SG Blowdown Isolation -

b. SG Narrow Range Water Level - Low [3.3.8.20]

3.3.15 15. Boron Dilution Block -

a. Source Range Neutron Flux Doubling [3.3.8.17]

3.3.16 15. Boron Dilution Block -

a. Source Range Neutron Flux Doubling [3.3.8.17]

3.3.15 15. Boron Dilution Block -

b. Reactor Trip (References GTS 3.3.2 Function 18.b) [3.3.12]

3.3.15 16. CVS Makeup Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 16. CVS Makeup Isolation -

a. SG Narrow Range Water Level - High 2 [3.3.8.23]

3.3.15 16. CVS Makeup Isolation -

b. Pressurizer Water Level - High 1 [3.3.8.8]

3.3.15 16. CVS Makeup Isolation - b. ... Coincident with ... [3.3.15]

3.3.15 16. CVS Makeup Isolation - b. ... Safeguards Actuation [3.3.15]

(References GTS 3.3.2 Function 1abcde) 3.3.15 16. CVS Makeup Isolation -

c. Pressurizer Water Level - High 2 [3.3.8.9]

3.3.15 16. CVS Makeup Isolation -

d. Containment Radioactivity - High 2 [3.3.8.4]

3.3.15 16. CVS Makeup Isolation - e. Manual Initiation [3.3.9.10]

3.3.15 16. CVS Makeup Isolation -

f. Source Range Neutron Flux Doubling [3.3.15]

(References GTS 3.3.2 Function 15.a)

3.3.16 16. CVS Makeup Isolation -

f. Source Range Neutron Flux Doubling [3.3.16]

(References GTS 3.3.2 Function 15.a) 3.3.15 16. CVS Makeup Isolation -

g. SG Narrow Range Water Level - High [3.3.8.22]

3.3.15 16. CVS Makeup Isolation - g. ... Coincident with ... [3.3.15]

3.3.15 16. CVS Makeup Isolation - g. ... Reactor Trip (P-4) [3.3.12]

(References GTS 3.3.2 Function 18.b) 3.3.15 17. RNS Isolation - a. Containment Radioactivity - High 2 [3.3.8.4]

3.3.15 *3.3.16 17. RNS Isolation - b. Safeguards Actuation [3.3.15/16]

(References GTS 3.3.2 Function 1abcdef) 3.3.15 17. RNS Isolation - c. Manual Initiation [3.3.9.11]

18. ESFAS Interlocks - a. Reactor Trip Breaker Open, P-3 (Supports STS 3.3.8 Functions 1, 5, 11, and 24) 3.3.15 18. ESFAS Interlocks - b. Reactor Trip, P-4 [3.3.12]

(Supports STS 3.3.8 Functions 12, 13 and 22) 3.3.15 3.3.16 18. ESFAS Interlocks - c. Intermediate Range Neutron Flux, P-6 (Supports STS 3.3.8 Function 17) 3.3.15 18. ESFAS Interlocks - d. Pressurizer Pressure, P-11 (Supports STS 3.3.8 Functions 2, 4, 5, 11, 13, 24, and 25) 3.3.15 18. ESFAS Interlocks - e. Pressurizer Level, P-12 (Supports STS 3.3.8 Functions 3, 6, and 7) 3.3.15 3.3.16 18. ESFAS Interlocks - e. Pressurizer Level, P-12 (Supports STS 3.3.8 Function 7 (also Mode 5))

Date report generated:

Tuesday, May 12, 2015 Page 10

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 18. ESFAS Interlocks - f. RCS Pressure, P-19 (Supports STS 3.3.8 Functions 9 and 10) 3.3.15 19. Containment Air Filtration System Isolation -

a. Containment Radioactivity - High 1 [3.3.8.3]

3.3.15 *3.3.16 19. Containment Air Filtration System Isolation -

b. Containment Isolation [3.3.15/16]

(References GTS 3.3.2 Function 3.abc) 3.3.15 20. Main Control Room Isolation and Air Supply Initiation -

a. Control Room Air Supply Radiation - High 2 [3.3.13]

3.3.16 20. Main Control Room Isolation and Air Supply Initiation -

a. Control Room Air Supply Radiation - High 2 [3.3.13]

3.3.15 21. Auxiliary Spray and Purification Line Isolation -

a. Pressurizer Water Level - Low 1 [3.3.8.6]

3.3.15 21. Auxiliary Spray and Purification Line Isolation -

a. Pressurizer Water Level - Low 1 (STS SR 3.3.15.6) 3.3.15 21. Auxiliary Spray and Purification Line Isolation -

b. Manual Initiation [3.3.9.10]

(3.3.9 Function 10. CVS Makeup Isolation - Manual initiation)

3.3.15 21. Auxiliary Spray and Purification Line Isolation -

b. Manual Initiation (STS SR 3.3.15.6) [3.3.15.b]

3.3.15 22. IRWST Injection Line Valve Actuation - a. Manual Initiation [3.3.9.12]

3.3.15 3.3.16 22. IRWST Injection Line Valve Actuation - a. Manual Initiation [3.3.9.12]

3.3.16 22. IRWST Injection Line Valve Actuation - a. Manual Initiation [3.3.9.12]

3.3.15 *3.3.16 22. IRWST Injection Line Valve Actuation -

b. ADS Stage 4 Actuation [3.3.15/16]

3.3.15 23. IRWST Containment Recirculation Valve Actuation -

a. Manual Initiation [3.3.9.13]

3.3.15 3.3.16 23. IRWST Containment Recirculation Valve Actuation -

a. Manual Initiation [3.3.9.13]

3.3.16 23. IRWST Containment Recirculation Valve Actuation -

a. Manual Initiation [3.3.9.13]

3.3.15 *3.3.16 23. IRWST Containment Recirculation Valve Actuation -

b. ADS Stage 4 Actuation [3.3.15/16]

3.3.15 *3.3.16 23. IRWST Containment Recirculation Valve Actuation -

b. Coincident with [3.3.15/16]

3.3.15 23. IRWST Containment Recirculation Valve Actuation -

b. IRWST Level - Low 3 [3.3.8.18]

3.3.15 3.3.16 23. IRWST Containment Recirculation Valve Actuation -

b. IRWST Level - Low 3 [3.3.8.18]

3.3.16 23. IRWST Containment Recirculation Valve Actuation -

b. IRWST Level - Low 3 [3.3.8.18]

3.3.16 24. Refueling Cavity Isolation - a. Spent Fuel Pool Level - Low [3.3.14]

3.3.15 25. ESF Coincidence Logic - a. Coincidence Logic [3.3.15.a]

3.3.16 25. ESF Coincidence Logic - a. Coincidence Logic [3.3.16.a]

3.3.15 26. ESF Actuation - a. ESF Actuation Subsystem [3.3.15.b]

3.3.16 26. ESF Actuation - a. ESF Actuation Subsystem [3.3.16.b]

3.3.15 27. Pressurizer Heater Trip - a. CMT Actuation [3.3.15]

3.3.15 27. Pressurizer Heater Trip - a. CMT Actuation [3.3.15]

3.3.15 27. Pressurizer Heater Trip - b. Pressurizer Water Level, High 3 [3.3.8.10]

Date report generated:

Tuesday, May 12, 2015 Page 11

GTST AP1000-O69-3.3.16, Rev. 1 STS LCO GTS 3.3.2 ESFAS Functions, ESF Governing ESF Coincidence and Actuation Logic, Automatic STS [ LCO.

Actuation Logic and Manual Instrumentation Function No.]

3.3.15 3.3.16 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.10.2]

3.3.15 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.15.b]

(STS SR 3.3.15.4) 3.3.16 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.10.2]

3.3.16 28. CVS Letdown Isolation - a. Hot Leg Level - Low 1 [3.3.16.b]

(STS SR 3.3.16.3) 3.3.15 29. SG Power Operated Relief Valve and Block Valve Actuation -

a. Manual Initiation [3.3.9.14]

3.3.15 29. SG Power Operated Relief Valve and Block Valve Actuation -

b. Steam Line Pressure - Low [3.3.8.24]

3.3.15 30. Component Cooling Water System Containment Isolation Valve Closure - a. RCP Bearing Water Temperature - High [3.3.8.19]

3.3.15 3.3.16 31. Containment Vacuum Relief Valve Actuation -

a. Containment Pressure - Low 2 [3.3.8.1]

3.3.15 3.3.16 31. Containment Vacuum Relief Valve Actuation -

b. Manual Initiation [3.3.9.15]

References 2, 3, and 6 provide details showing the correspondence of GTS 3.3.2 Functions and STS 3.3.8 through 3.3.16 Functions.

The description of the required channels for GTS Table 3.3.2-1, Functions 25 and 26 includes battery backed descriptive detail for each division. This design detail is not necessary in the STS to protect the health and safety of the public, so the phrase battery backed is deleted from the MTS 3.3.15 LCO statement. (DOC D03)

GTS 3.3.2 Conditions G and W are reordered and relabeled as AP1000 MTS 3.3.16 Conditions A, B, C and D. (DOC A028)

MTS 3.3.16 Conditions B, C, and D are revised by adding a second condition statement for each condition one or more Functions within two or more divisions inoperable. Otherwise, LCO 3.0.3 would apply when the LCO is not met and the associated Actions are not met or an associated Action is not provided. (DOC M02)

MTS 3.3.16 Action B.2 lead in phrase: If in MODE 5 with the RCS open and < 20% pressurizer level... is deleted. New LCO Mode applicability and revised Condition statement make this lead in phrase unnecessary. (DOC A034)

MTS 3.3.16 Action B.2 phrase is revised from initiate action to be in MODE 5 with RCS open and 20% pressurizer level, to Initiate action to open RCS pressure boundary and establish 20% pressurizer level. New LCO Mode applicability and revised Condition statement make this phrase unnecessary. This change is made for clarity and consistency. (DOC A031)

MTS 3.3.16 Action B.3 lead in phrase is revised from If in MODE 5, isolate... to Initiate action to isolate... New LCO Mode applicability and revised Condition statement make the original lead in phrase unnecessary. This change is made for clarity and consistency. (DOC A030)

MTS 3.3.16 Action C.2 lead in phrase is revised from If in MODE 6, initiate action to be MODE 6 with the water level 23 feet above the top of the reactor vessel flange, to Initiate Date report generated:

Tuesday, May 12, 2015 Page 12

GTST AP1000-O69-3.3.16, Rev. 1 action to establish water level 23 feet above the top of the reactor vessel flange. New LCO Mode applicability and revised Condition statement make the original lead in phrase unnecessary. This change is made for clarity and consistency. (DOC A031)

GTS SR 3.3.2.2 is retained and renumbered as MTS SR 3.3.16.1. GTS SR 3.3.2.7, SR 3.3.2.8, and SR 3.3.2.9 are retained and renumbered as MTS SR 3.3.16.2, SR 3.3.16.3, and SR 3.3.16.4, respectively. (DOC A028)

MTS SR 3.3.16.2, SR 3.3.16.3, and SR 3.3.16.4 are deleted. Failure of an Actuation Device Test results in inappropriate Actions relative to the actuated equipment inoperability. These SR requirements are relocated to equivalent SRs in the individual equipment specifications, or in STS Specifications 3.3.15 and 3.3.16, if no specification exists for the required actuated equipment. (DOC L01) These specifications provide appropriate action requirements for the affected inoperable actuated equipment.

STS SR 3.3.16.2, SR 3.3.16.3, and SR 3.3.16.4 are added to test the actuation signal for reactor coolant pump breakers, CVS letdown isolation valves, and spent fuel pool cooling system containment isolation valves. These SRs are more specific to the individual devices.

(DOC L01)

Clarification is added to the Bases discussion of Channel Calibration requirements in STS SR 3.3.16.1 regarding Functions with interlocks. (DOC L10)

The following tables are provided as an aid to tracking the various changes to GTS 3.3.2 Conditions, Required Actions, Functions, Applicability Footnotes, and Surveillance Requirements that result in interim A028-modified TS (MTS) 3.3.16 and as further changed, STS 3.3.16.

Changes to Conditions GTS 3.3.2 MTS 3.3.16 STS 3.3.16 Other STS Subsections Additional Condition Condition Condition Addressing the Listed Condition DOC Changes A 3.3.8, 3.3.9, 3.3.10 ---

B 3.3.8 ---

C 3.3.10 ---

D 3.3.12, 3.3.15 ---

E 3.3.9 ---

F 3.3.13 ---

G A A 3.3.9, 3.3.13 ---

H 3.3.11, 3.3.14 ---

I 3.3.8 ---

J 3.3.8 ---

K 3.3.13 ---

L 3.3.8 ---

M 3.3.8 ---

N 3.3.8, 3.3.9, 3.3.11 ---

O 3.3.8, 3.3.9, 3.3.12, 3.3.13, 3.3.15 M02 P 3.3.8, 3.3.14 ---

Q 3.3.8, 3.3.9 ---

R 3.3.8, 3.3.9 ---

S 3.3.8, 3.3.9 ---

T 3.3.8 ---

U 3.3.9 ---

V 3.3.8 ---

W B B GTS Condition W split into 3 Conditions A030 A031 A034 M02 W C C --- A031 M02 W D D --- M02 X 3.3.8, 3.3.9 ---

Y 3.3.8, 3.3.9, 3.3.10 ---

Z 3.3.8 ---

AA 3.3.10 ---

BB 3.3.10 ---

CC 3.3.8, 3.3.9 ---

Date report generated:

Tuesday, May 12, 2015 Page 13

GTST AP1000-O69-3.3.16, Rev. 1 Changes to Functions (a complete function list appears in GTST AP1000-O61-3.3.8)

Function [Modes(footnote)] ----------- STS 3.3.16 Other STS Subsections Additional GTS 3.3.2 MTS 3.3.16 STS 3.3.16 Conditions and Additional Changes DOC Changes 25.a [5,6] LCO 3.3.16 LCO 3.3.16 A, B, C, D --- D03 26.a [5,6] LCO 3.3.16 LCO 3.3.16 A, B, C, D --- D03 Changes to Applicability Footnotes None Changes to Surveillance Requirements GTS 3.3.2 MTS 3.3.16 STS 3.3.16 STS Subsections Also Example Surveillance No.

SR SR SR Addressing the Listed SR Surveillance Description 3.3.2.1 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.1 CHANNEL CHECK 3.3.2.2 3.3.16.1 3.3.16.1 3.3.15 3.3.15.1 ACTUATION LOGIC TEST 3.3.2.3 3.3.9, 3.3.12 3.3.9.1 TRIP ACTUATING DEVICE OPERATIONAL TEST 3.3.2.4 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.3 CHANNEL CALIBRATION 3.3.2.5 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.2 CHANNEL OPERATIONAL TEST 3.3.2.6 3.3.8, 3.3.10, 3.3.11, 3.3.13, 3.3.14 3.3.8.4 ESF RESPONSE TIME 3.3.2.7 3.3.16.2 Deleted 3.3.8, 3.1.9, 3.5.2, 3.5.4, 3.5.6, 3.6.10, 3.7.7 ACTUATION DEVICE TEST*

3.3.2.8 3.3.16.3 Deleted 3.3.8, 3.4.11, 3.4.13 Squib Valve ACTUATION DEVICE TEST*

3.3.2.9 3.3.16.4 Deleted 3.3.15 Pressurizer Heater ACTUATION DEVICE TEST*

--- --- 3.3.16.2 --- Reactor Coolant Pump Breaker ACTUATION DEVICE TEST*

--- --- 3.3.16.3 --- CVS Letdown Isolation Valves ACTUATION DEVICE TEST*

--- --- 3.3.16.4 --- Spent Fuel Pool Cooling System Containment Isolation Valves ACTUATION DEVICE TEST*

Typically, the associated STS system specification or STS 3.3.15 or 3.3.16 will include a SR for the actuation device, as follows: Verify [tested required component] actuates to the [required position or state] on an actual or simulated actuation signal. Such SRs overlap with the Actuation Logic Test for complete testing of the actuation device. (DOC L01)

In LCO 3.3.16, part a, ESF is revised to Engineered Safety Features (ESF) in the LCO statement, because ESF has not been previously defined. (APOG Comment)

The discussion in the ASA, LCO, and Applicability section of the Bases under the heading ESF Coincidence Logic, is revised for clarity and consistency. (APOG Comment)

The discussion in the Surveillance Requirements section of the Bases under the heading SR 3.3.16.1, is revised for clarity and consistency. (NRC Staff Comment)

Date report generated:

Tuesday, May 12, 2015 Page 14

GTST AP1000-O69-3.3.16, Rev. 1 The acronym FSAR is added to modify Section and Chapter in references to the FSAR throughout the Bases. (DOC A003) (APOG Comment)

Date report generated:

Tuesday, May 12, 2015 Page 15

GTST AP1000-O69-3.3.16, Rev. 1 VI. Traveler Information Description of TSTF changes:

Not Applicable Rationale for TSTF changes:

Not Applicable Description of changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes:

The Vogtle Electric Generating Plant Units 3 and 4 (VEGP) technical specifications upgrade (TSU) License Amendment Request (VEGP TSU LAR) (Reference 2) proposed changes to the initial version of the VEGP PTS (referred to as the current TS by the VEGP TSU LAR). As detailed in VEGP TSU LAR Enclosure 1, administrative change number 28 (DOC A028) reformats PTS 3.3.2 into multiple Specifications as follows:

3.3.8, Engineered Safety Feature Actuation System (ESFAS) Instrumentation,

3.3.9, Engineered Safety Feature Actuation System (ESFAS) Manual Initiation,

3.3.10, Engineered Safety Feature Actuation System (ESFAS) Reactor Coolant System (RCS) Hot Leg Level Instrumentation,

3.3.11, Engineered Safety Feature Actuation System (ESFAS) Startup Feedwater Flow Instrumentation,

3.3.12, Engineered Safety Feature Actuation System (ESFAS) Reactor Trip Initiation,

3.3.13, Engineered Safety Feature Actuation System (ESFAS) Control Room Air Supply Radiation Instrumentation,

3.3.14, Engineered Safety Feature Actuation System (ESFAS) Spent Fuel Pool Level Instrumentation,

3.3.15, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Operating, and

3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic -

Shutdown.

Since PTS 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, is identical to GTS 3.3.2, it is appropriate for this GTST to consider the proposed changes to PTS 3.3.2 as changes to GTS 3.3.2 for incorporation in AP1000 STS 3.3.16. VEGP LAR DOC A028 is extensive, but retains the intention of PTS 3.3.2 while improving operational use of the TS. The numerous Functions, Conditions and extensive bases discussion associated with PTS 3.3.2 are repackaged into nine smaller parts. Therefore, the changes implemented by DOC A028 are presented in the attached Subsection 3.3.16 markup, in Section XI of this GTST, as the clean starting point and are identified as interim A028-modified TS (MTS) 3.3.16. The specific details of the reformatting for MTS 3.3.16 can be found in VEGP TSU LAR (Reference 2), in Enclosure 2 (markup) and Enclosure 4 (clean). The NRC staff safety evaluation regarding DOC A028 can be found in Reference 3, VEGP LAR SER. The VEGP TSU LAR was modified in response to NRC staff RAIs in Reference 5 and the Southern Nuclear Operating Company RAI Response in Reference 6.

Date report generated:

Tuesday, May 12, 2015 Page 16

GTST AP1000-O69-3.3.16, Rev. 1 VEGP LAR DOC A030 revises MTS 3.3.16 Action B.3 phrase from If in MODE 5, isolate... to Initiate action to isolate...

VEGP LAR DOC A031 revises MTS 3.3.16 Required Action B.2 from initiate action to be in MODE 5 with the RCS pressure boundary open and 20% pressurizer level, to ...initiate action to open pressure boundary and establish 20% pressurizer level. VEGP LAR DOC A031 also revises proposed MTS 3.3.16 Required Action C.2 from If in MODE 6, initiate action to be in MODE 6 with the water level 23 feet above the top of the reactor vessel flange, to Initiate action to establish water level 23 feet above the top of the reactor vessel flange.

VEGP LAR DOC A034 deletes MTS 3.3.16 Action B.2 lead in: If in MODE 5 with the RCS open and < 20% pressurizer level...

VEGP LAR DOC M02 addresses the fact that MTS 3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown, does not specify Actions for the condition of one or more Functions within two or more divisions inoperable. This results in entry into LCO 3.0.3.

VEGP LAR DOC L01 deletes MTS SR 3.3.16.2 (Perform ACTUATION DEVICE TEST) and MTS SR 3.3.16.3 (Perform ACTUATION DEVICE TEST for squib valves) from MTS TS 3.3.16.

The equivalent requirement (using phrasing generally consistent with NUREG-1431) is included in individual Specifications for the actuated devices with the same 24 month Frequency as the deleted SRs. Similar SRs are added to STS 3.3.15 and 3.3.16, as follows: SR 3.3.15.3 and SR 3.3.16.2 (Verify reactor coolant pump breakers trip open on an actual or simulated actuation signal.); SR 3.3.15.4 and SR 3.3.16.3 (Verify CVS letdown isolation valves actuate to the isolation position on an actual or simulated actuation signal.); SR 3.3.15.5 (Verify main feedwater and startup feedwater pump breakers trip open on an actual or simulated actuation signal.); SR 3.3.15.6 (Verify auxiliary spray and purification line isolation valves actuate to the isolation position on an actual or simulated actuation signal); and SR 3.3.16.4 (Verify Spent Fuel Pool Cooling System containment isolation valves actuate to the isolation position on an actual or simulated actuation signal).

VEGP LAR DOC L10 provides a discussion of interlocks implicitly required to support the Function's OPERABILITY in the Bases discussion of STS SR 3.3.16.1.

VEGP LAR DOC D03 revises the Function 25 and 26 descriptions of Required Channels to delete battery backed from the MTS 3.3.16 LCO statement.

A more detailed description of the changes by each of the above DOCs can be found in Reference 2, VEGP TSU LAR in Enclosure 1; the NRC staff safety evaluation can be found in Reference 3, VEGP LAR SER. The VEGP TSU LAR was modified in response to NRC staff RAIs (Reference 5) by Southern Nuclear Operating Companys RAI Response in Reference 6.

Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes:

The reformatting per VEGP LAR DOCs A028, except where addressed in other DOCs, addresses inconsistencies in formatting and approach between PTS 3.3.1 and PTS 3.3.2, respectively. Simplification and clarification are proposed for each Specification. In breaking down each PTS Specification into specific subsets of the Protection and Safety Monitoring System (PMS) function, improved human factored operator usability results.

These improvements also reflect the general approach currently in use in the Improved Standard Technical Specifications (STS) for Babcock and Wilcox Plants, NUREG-1430, Rev. 4.

Date report generated:

Tuesday, May 12, 2015 Page 17

GTST AP1000-O69-3.3.16, Rev. 1 That is to separate the functions for [sensor] instrumentation, Manual Actuation, Trip/Actuation Logic, and Trip Actuation Devices (e.g., Reactor Trip Breakers (RTBs)) into separate Specification subsections. Furthermore, the Actions for some ESFAS Functions generally involve a more complex presentation than needed for other Functions, such that simple common Actions are not reasonable. Such Functions are also provided with separate Specification subsections.

When TS instrument function tables are utilized to reference Actions, the generally preferred format of the Actions for an instrumentation Specification in NUREG-1430 is to provide the initial Actions that would be common to all of the specified functions (typically for bypassing and/or tripping one or two inoperable channels), then the default Action would direct consulting the function table for follow-on Actions applicable to the specific affected function. These follow-up Actions generally reflect the actions to exit the Applicability for that function.

This format also allows splitting the default Actions from the initial preferred actions. This general approach is the standard format for other Specifications and for Instrumentation Specifications for other vendors Improved STS.

VEGP LAR DOC A030, DOC A031, and DOC A034 revise specific MODE statements in the Required Actions because new MTS LCO Mode applicability and revised Condition statement make specific MODE statements unnecessary. These changes are made for clarity and consistency.

VEGP LAR DOC M02 directly provides for the default Actions of LCO 3.0.3 without allowing for the additional hour that LCO 3.0.3 permits prior to initiating shutdown. This provides clarity for the operator and is more restrictive than LCO 3.0.3.

VEGP LAR DOC L01 deletes proposed MTS SR 3.3.16.2 and SR 3.3.16.3, and the related ACTUATION DEVICE TEST, because these SRs are inconsistent with the intent of applying Actions specific to the equipment inoperability. Proposed MTS SR 3.3.15.4 requires the performance of an ACTUATION DEVICE TEST for pressurizer heater circuit breakers. Testing of additional equipment to that do not have a separate Specification for their operability and testing are added. This testing includes reactor coolant pump breakers, CVS letdown isolation valves, and main feedwater and startup feedwater pump breakers.

VEGP LAR DOC L10 notes that Interlock Operability is adequately addressed by each related Functions requirement to be Operable and the requirement for actuation logic operability.

Interlock functions do not directly trip the reactor or initiate an ESFAS function, and as such are removed from the actuation instrumentation listing in TS.

VEGP LAR DOC D03 provides design detail that is not necessary in the TS to protect the health and safety of the public.

Description of additional changes proposed by NRC staff/preparer of GTST:

In LCO 3.3.16, part a, ESF is revised to Engineered Safety Features (ESF) in the LCO statement. (APOG Comment)

The acronym ESF in the ASA, LCO, and Applicability section of the Bases under the heading ESF Coincidence Logic, is revised to Engineered Safety Features (ESF). (APOG Comment)

The first sentence of the second paragraph in the Surveillance Requirements section of the Bases under the heading SR 3.3.16.1 for the ACTUATION LOGIC TEST is revised to state:

Date report generated:

Tuesday, May 12, 2015 Page 18

GTST AP1000-O69-3.3.16, Rev. 1 A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST.

The first sentence of fifth paragraph in the same subsection is revised to state:

To the extent possible, Protection and Safety Monitoring System PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. (NRC Staff Comment)

The acronym FSAR is added to modify Section and Chapter in references to the FSAR throughout the Bases. (DOC A003) (APOG Comment)

Rationale for additional changes proposed by NRC staff/preparer of GTST:

ESF is defined when first used in LCO 3.3.16, part a for clarity. ESF has not been previously defined. This is a non-technical change.

The non-technical change to the ASA, LCO, and Applicability section of the Bases under the headings ESF Coincidence Logic provides clarity and consistency.

The non-technical changes to the Surveillance Requirements section of the Bases under the headings SR 3.3.16.1 for the ACTUATION LOGIC TEST provide clarity and consistency.

Since Bases references to FSAR Sections and Chapters are to an external document, it is appropriate to include the FSAR modifier.

Date report generated:

Tuesday, May 12, 2015 Page 19

GTST AP1000-O69-3.3.16, Rev. 1 VII. GTST Safety Evaluation Technical Analysis:

AP1000 GTS LCO 3.0.3 is only applicable in MODES 1, 2, 3, and 4, and states:

When an LCO is not met and the associated ACTIONS are not met, an associated ACTION is not provided, or if directed by the associated ACTIONS, the unit shall be placed in a MODE or other specified condition in which the LCO is not applicable. Action shall be initiated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months to place the unit, as applicable,

a. MODE 3 within 7 hours8.101852e-5 days 0.00194 hours 1.157407e-5 weeks 2.6635e-6 months ; and

b. MODE 4 within 13 hours1.50463e-4 days 0.00361 hours 2.149471e-5 weeks 4.9465e-6 months ; and

c. MODE 5 within 37 hours4.282407e-4 days 0.0103 hours 6.117725e-5 weeks 1.40785e-5 months .

GTS 3.3.1 and 3.3.2 Functions with applicability statements that include MODE 1, 2, 3, or 4, generally have no Actions specified for addressing a loss of function condition, such as when all required channels are inoperable. Upon discovery of such a condition, LCO 3.0.3 would apply.

The intent of LCO 3.0.3 (as stated in the TS Bases) is to impose time limits for placing the unit in a safe MODE or other specified condition when operation cannot be maintained within the limits for safe operation as defined by the LCO and its ACTIONS.

The Actions for inoperable RTS and ESFAS instrumentation provide restoration time and/or compensatory action allowances (e.g., place the inoperable channel in trip); but only for inoperability of some of the channels (e.g., 1 or 2 out of 4 required channels, typically). If these restoration and/or compensatory actions cannot be met in the required time, default actions are provided, which are designed to place the unit in a safe MODE or other specified condition -

typically, actions that result in exiting the Applicability for that Function.

The shutdown actions of LCO 3.0.3 are typical of default actions throughout the TS that direct plant shutdown to exit the Applicability, with the exception that LCO 3.0.3 includes an additional 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months before the shutdown is required to be initiated.

The revisions described in VEGP LAR DOC M02 address multiple-channel inoperability. The revisions will immediately impose the default Actions for that Function - without allowance for the 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months delay that is provided in LCO 3.0.3. Furthermore, the Function-specific default actions (currently, or proposed to be, specified for some Functions) impose requirements intended to establish safe operation that are not necessarily required by LCO 3.0.3. Since each Function-specific default action is specifically considering that Functions safety-basis, such default actions necessarily result in more appropriate actions than the general default actions of LCO 3.0.3. Specifically, the Actions for each new Condition associated with VEGP LAR DOC M02 for RTS and ESFAS Functions applicable in MODES1, 2, 3, or 4, are compared to LCO 3.0.3, and in each case, the new Actions are equivalent to or more restrictive than the actions of LCO 3.0.3.

STS 3.3.16 is only applicable in MODEs 5 and 6, and is, therefore, not related to LCO 3.0.3.

However, Conditions B, C, and D provide actions in the event that one or more Functions in two or more divisions may be inoperable. This is consistent with other LCOs in this section.

GTS 3.3.1 and 3.3.2 actions do not specify conditions that explicitly address multiple inoperable channels (that is, more than two inoperable channels or divisions, in most cases), and therefore default to LCO 3.0.3. In each instance, the proposed actions to address these conditions are Date report generated:

Tuesday, May 12, 2015 Page 20

GTST AP1000-O69-3.3.16, Rev. 1 more restrictive than the LCO 3.0.3 actions because completion times for reaching lower operational modes are shorter by 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . In addition, Function-specific actions, where specified, are more appropriate for the affected Function than the unit-shutdown actions of LCO 3.0.3 alone. Therefore, the changes specified by VEGP LAR DOC M02 do not introduce any adverse impact on public health and safety.

VEGP LAR DOC L01 deletes proposed MTS SR 3.3.16.2 (Perform ACTUATION DEVICE TEST) and SR 3.3.16.3 (Perform ACTUATION DEVICE TEST for squib valves) from MTS TS 3.3.16. The equivalent requirement (using phrasing generally consistent with NUREG-1431) is included in individual Specifications for the actuated devices with the same 24 month Frequency as the deleted SRs. In accordance with the defined term, an actuation device test is a test of the actuated equipment. And as discussed in the TS Bases, performance of an actuation device test demonstrates that the actuated device responds to a simulated actuation signal. As such, Surveillances associated with the testing of the actuated equipment should be addressed in the actuated equipment Specifications, where failures of the surveillance would lead to entering the Actions for the inoperable actuated equipment.

Currently, the only Surveillances that utilize this defined term are in GTS 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation; as SRs 3.3.2.7, 3.3.2.8, and 3.3.2.9. GTS SRs 3.3.2.7 and 3.3.2.8 provide the actuation device test for Engineered Safety Features (ESF) that are actuated by GTS Table 3.3.2-1, Function 26. As such, failures of SRs 3.3.2.7 and 3.3.2.8 (i.e., failures in the actuated equipment) would inappropriately result in applying the Actions of LCO 3.3.2 for Function 26. This is inconsistent with the intent of applying Actions specific to the equipment inoperability. Therefore GTS SRs 3.3.2.7 and 3.3.2.8 are deleted from STS 3.3.15. In conjunction with this deletion, each Specification for ESF actuated equipment is provided with Surveillance(s) that appropriately address the testing of the actuated devices consistent with these SRs and the definition being removed. In certain actuated device Specifications, there is currently an appropriate actuated device test and no new SR is added.

Where an actuated device test is not specified in the existing PTS actuated equipment Specification, a new MTS SR is added as listed below.

SR 3.1.9.3 Verify each CVS demineralized water isolation valve actuates to the isolation position on an actual or simulated actuation signal (24 months).

SR 3.3.15.3 Verify reactor coolant pump breakers trip open on an actual or simulated actuation signal (24 months).

SR 3.3.15.4 Verify CVS letdown isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: Only required to be met in MODE 4 with the RCS being cooled by the RNS or below the P-12 (Pressurizer Level) interlock (24 months).

SR 3.3.15.5 Verify main feedwater and startup feedwater pump breakers trip open on an actual or simulated actuation signal (24 months).

SR 3.3.15.6 Verify auxiliary spray and purification line isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: Only required to be met in MODES 1 and 2 (24 months).

SR 3.3.16.2 Verify reactor coolant pump breakers trip open on an actual or simulated actuation signal - Note: Only required to be met in MODE 5 (24 months).

SR 3.3.16.3 Verify CVS letdown isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: (1) Not required to be met in MODE 5 above the P-12 (Pressurizer Level) interlock and (2) Not required to be met in MODE 6 above the P-12 (Pressurizer Level) interlock and water level > 23 feet above the top of the reactor vessel flange (24 months).

SR 3.3.16.4 Verify Spent Fuel Pool Cooling System containment isolation valves actuate to the isolation position on an actual or simulated actuation signal - Note: Only required to be met in MODE 6 (24 months).

Date report generated:

Tuesday, May 12, 2015 Page 21

GTST AP1000-O69-3.3.16, Rev. 1 SR 3.4.11.4 Verify each stage 1, 2, and 3 ADS valve actuates to the open position on an actual or simulated actuation signal (24 months).

SR 3.4.11.5 Verify continuity of the circuit from the Protection Logic Cabinets to each stage 4 ADS valve - Note: Squib actuation may be excluded (24 months).

SR 3.5.2.7 Verify each CMT outlet isolation valve actuates to the open position on an actual or simulated actuation signal (24 months).

SR 3.5.4.8 Verify both PRHR HX air operated outlet isolation valves actuate to the open position and both IRWST gutter isolation valves actuate to the isolation position on an actual or simulated actuation signal (24 months).

SR 3.5.6.9 Verify continuity of the circuit from the Protection Logic Cabinets to each IRWST injection and containment recirculation squib valve on an actual or simulated actuation signal - Note: Squib actuation may be excluded (24 months).

SR 3.6.9.3 Verify each vacuum relief valve actuates to relieve vacuum on an actual or simulated signal (24 months).

SR 3.7.7.2 Verify each startup feedwater isolation and control valve actuates to the isolation position on an actual or simulated actuation signal (24 months).

In addition, two PTS SRs are revised to include a reference to one of the new SRs.

SR 3.4.13.2 SR is revised to include a reference to SR 3.4.11.5.

SR 3.5.8.4 SR is revised to include a reference to SR 3.5.6.9.

GTS SR 3.3.2.9 is revised to eliminate the term ACTUATION DEVICE TEST and moved to MTS LCO 3.3.15 as SR 3.3.15.2.

SR 3.3.15.2 Verify pressurizer heater circuit breakers trip open on an actual or simulated actuation signal - Note: Only required to be met in MODE 4 above the P-19 (RCS Pressure) interlock with the RCS not being cooled by RNS (24 months).

The effect of moving the requirement for the actuated device test from GTS 3.3.2 to the individual equipment Specifications is for less restrictive actions when the device is inoperable.

As an SR associated with GTS 3.3.2, Table 3.3.2-1, Function 26 for Modes 5 and 6 and during movement of irradiated fuel would impose a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months restoration (GTS 3.3.2 Action G) prior to verifying the Mode-dependent water inventory and suspending positive reactivity additions (GTS 3.3.2 Action W). Each of the individual equipment Specifications with SRs added to address actuation device testing has a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months or 7 day restoration allowance. This is followed in some cases by additional flexibility to isolate associated flow paths. The change maintains the same level of safety provided by separate GTS Actions for inoperability of the specific actuated devices.

Since the actuated equipment of reactor coolant pump breakers, CVS letdown isolation valves, and spent fuel pool cooling system containment isolation valves do not have a separate Specification for their operability and testing, it is appropriate to create a Surveillance for the actuated devices. These tests require that the actuated devices respond to an actual or simulated actuation signal. This phrasing is consistent with similar Surveillances in NUREG-1431 for actuated devices, and is consistent with the editorial presentation preference presented for similar actuated device testing. Consistent with the Applicability for the instrument functions that actuate the devices; each new Surveillance Requirement includes one or more Notes stating when the Surveillance is required to be met. No technical change results.

This less restrictive change results in closer alignment with NUREG Standard TS presentation of actuated device testing, and associated required actions for inoperability of actuated devices.

While certain actions for inoperability of actuated devices are made less restrictive by eliminating entry into ESFAS Actuation and Instrumentation inoperability actions, no action is Date report generated:

Tuesday, May 12, 2015 Page 22

GTST AP1000-O69-3.3.16, Rev. 1 made less restrictive than currently approved for any device inoperability. As such there is no adverse impact to public health and safety.

VEGP LAR DOC L10 provides a discussion of interlocks implicitly required to support the Function's OPERABILITY in the Bases discussion of proposed MTS SR 3.3.16.1. Reactor Trip System interlocks are provided to ensure reactor trips are in the correct configuration for the current plant status. They back up operator actions to ensure protection system Functions are not blocked during plant conditions under which the safety analysis assumes the Functions are Operable. Additionally, several interlocks are included as part of the ESFAS. These interlocks permit the operator to block some signals, automatically enable other signals, prevent some actions from occurring, and cause other actions to occur. The interlock Functions backup manual actions to ensure Functions that can be bypassed are in operation under the conditions assumed in the safety analyses.

The interlocks, as explicit separate RTS and ESFAS Functions, except for GTS Table 3.3.2-1, Function 18.b, Reactor Trip, P-4, are omitted from the AP1000 STS and the associated GTS 3.3.1 and 3.3.2 Actions are deleted. The reactor trip interlock, P-4, is addressed in STS 3.3.12, Engineered Safety Feature Actuation System (ESFAS) Reactor Trip Initiation.

Interlock Operability is adequately addressed by each related Functions requirement to be Operable and the requirement for actuation logic operability.

For these related RTS and ESFAS instrumentation and actuation functions to be Operable, the associated RTS and ESFAS interlock functions would have to be in the required state as a support feature for Operability. These RTS and ESFAS interlock functions do not directly trip the reactor or (except for P-4) actuate ESF systems, and as such are removed from the actuation instrumentation listing in TS. The role of the interlocks, and their support for the operability of RTS trip and ESFAS actuation functions, are described in the TS Bases, as well as in Final Safety Analysis Report (FSAR) Chapter 7, Instrumentation and Controls.

Furthermore, each RTS trip and ESFAS actuation function is required to be Operable during the stated TS Applicability. The Applicability for certain trip or actuation functions is based on transitioning above or below an interlock threshold or setpoint; while other functions are not directly supported by an interlock. For functions supported by an interlock, while operating within the TS required Applicability for that function, its associated supporting interlock is not required to automatically change state. The interlock status must be established in conjunction with assuring the supported functions Operability prior to entering the required Applicability. In addition, LCO 3.0.4 requires the unit operators to ensure RTS trip function and ESFAS function Operability prior to entering their Applicability. These TS requirements remain in effect and impose the necessary Operability requirements related to the removed interlock functions. As such, interlocks are adequately addressed by each related functions requirement to be Operable and the requirement for actuation logic Operability.

An instrument function with interlocks implicitly required to support the function's Operability, is also addressed by the COT and Channel Calibration surveillance requirements. Actuation logic with interlocks implicitly required to support Operability of the logic is also addressed by the Actuation Logic Test surveillance requirement. The applicable COT, Channel Calibration, and Actuation Logic Test Bases will be enhanced by including the following discussion supporting this change (the reader should replace CHANNEL CALIBRATION with COT or ACTUATION LOGIC TEST as appropriate):

Interlocks implicitly required to support the Function's OPERABILITY are also addressed by this CHANNEL CALIBRATION. This portion of the CHANNEL CALIBRATION ensures the associated Function is not bypassed when required to be enabled. This can be accomplished by ensuring the interlocks are calibrated properly in accordance with the SP.

Date report generated:

Tuesday, May 12, 2015 Page 23

GTST AP1000-O69-3.3.16, Rev. 1 If the interlock is not automatically functioning as designed, the condition is entered into the Corrective Action Program and appropriate OPERABILITY evaluations performed for the affected Function. The affected Functions OPERABILITY can be met if the interlock is manually enforced to properly enable the affected Function. When an interlock is not supporting the associated Functions OPERABILITY at the existing plant conditions, the affected Function's channels must be declared inoperable and appropriate ACTIONS taken.

VEGP LAR DOC D03 revises the GTS Table 3.3.2-1, Function 25 and 26 descriptions of Required Channels to delete battery backed from the MTS 3.3.15 LCO statement. As described in the Writer's Guide for Plant-Specific Improved Technical Specifications (Reference 4), the LCO is intended to describe, as simply as possible, the lowest functional capability or performance levels of equipment required for the safe operation of the facility. It is acceptable to generically refer to the system, subsystem, component, or parameter that is the subject of the LCO and provide the specific scope or boundaries in the Bases. The proposed change to the LCO simplifies the LCO statement by removing the design detail battery backed and is consistent with the intent of the current language that defines what a Required Channel entails.

The remaining changes, including VEGP LAR DOC A028, are editorial, clarifying, grammatical, or otherwise considered administrative. These changes do not affect the technical content, but improve the readability, implementation, and understanding of the requirements, and are therefore acceptable.

Having found that this GTSTs proposed changes to the GTS and Bases are acceptable, the NRC staff concludes that AP1000 STS Subsection 3.3.16 is an acceptable model Specification for the AP1000 standard reactor design.

References to Previous NRC Safety Evaluation Reports (SERs):

None Date report generated:

Tuesday, May 12, 2015 Page 24

GTST AP1000-O69-3.3.16, Rev. 1 VIII. Review Information Evaluator Comments:

None Randy Belles Oak Ridge National Laboratory 865-574-0388 bellesrj@ornl.gov Review Information:

Availability for public review and comment on Revision 0 of this traveler approved by NRC staff on 5/29/2014.

APOG Comments (Ref. 8) and Resolutions:

1. (Internal # 3) Throughout the Bases, references to Sections and Chapters of the FSAR do not include the FSAR clarifier. Since these Section and Chapter references are to an external document, it is appropriate (DOC A003) to include the FSAR modifier. This is resolved by adding the FSAR modifier as appropriate.

2. (Internal # 6) The GTST sections often repeat VEGP LAR DOCs, which reference existing and current requirements. The inclusion in the GTST of references to existing and current, are not always valid in the context of the GTS. Each occurrence of existing and current should be revised to be clear and specific to GTS, MTS, or VEGP COL TS (or other), as appropriate. Noted ambiguities are corrected in the GTST body.

3. (Internal # 7)Section VII, GTST Safety Evaluation, inconsistently completes the subsection References to Previous NRC Safety Evaluation Reports (SERs) by citing the associated SE for VEGP 3&4 COL Amendment 13. It is not clear whether there is a substantive intended difference when omitting the SE citation. This is resolved by removing the SE citation in Section VII of the GTST and ensuring that appropriate references to the consistent citation of this reference in Section X of the GTST are made.

4. (Internal # 116 and 165) In GTST for Subsection 3.3.8,Section VI, under the heading Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes, the first paragraph mentions DOC A024. This DOC is for changes to RTS Instrumentation and does not affect Subsection 3.3.8. Note that it is not mentioned anywhere else in this Subsection. This is also stated in Subsections 3.3.9 through 3.3.16. Change DOCs A024 and A028 to DOC A028 in GTST 3.3.8 through GTST 3.3.16. This is resolved by making the recommended change. Note that comment # 116 is actually directed at removing DOC A028 in Subsections 3.3.1 through 3.3.7, but the opposite is true for DOC A024 in Subsections 3.3.8 through 3.3.16 as stated above.

5. (Internal # 178) In the Surveillance Requirements section of the Bases for STS Subsection 3.3.8 under the heading SR 3.3.8.2, the next to last paragraph, last line uses the phrase integrated protection cabinets. The Bases for SR 3.3.8.3, first paragraph uses the term IPC, which is the acronym for integrated protection cabinets. The SR 3.3.8.2 Bases should be changed from integrated protection cabinets to integrated protection Date report generated:

Tuesday, May 12, 2015 Page 25

GTST AP1000-O69-3.3.16, Rev. 1 cabinets (IPCs). This change also applies to Section 3.3.10 (SR 3.3.10.2), Section 3.3.11 (SR 3.3.11.2), Section 3.3.13 (SR 3.3.13.2), and Section 3.3.14 (SR 3.3.14.2). Add the acronym (IPCs) after the words integrated protection cabinets in SR 3.3.8.2 (and other SRs identified above). This is resolved by making the recommended change with additional edits for added clarity. Use PMS everywhere following its initial definition.

6. (Internal # 203) In GTST for Subsection 3.3.16,Section V, under the heading Changes to the Generic Technical Specifications and Bases, the fourth paragraph below the Coincidence Table discusses DOC M02 and states that Conditions B, C, and D are revised by adding a second condition that states one or more Functions with two or more divisions inoperable. The revised conditions actually state one or more Functions within two or more divisions inoperable. Change the word with to within. This is resolved by making the recommended change.

7. (Internal # 204) In GTST for Subsection 3.3.16,Section VI, under the heading Description of changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes, the sixth paragraph description states that MTS 3.3.16 does not specify Actions for inoperability of one or more Functions with two or more divisions. The actual change relates to one or more Functions within two or more divisions. Change the word with to within. This is resolved by making the recommended change with additional edits for added clarity.

VEGP LAR DOC M02 addresses the fact that MTS 3.3.16, Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown, does not specify Actions for inoperability the condition of one or more Functions with within two or more divisions inoperable. ...

8. (Internal # 205) In GTST for Subsection 3.3.16,Section VII, under the heading Technical Analysis, the sixth paragraph regarding STS 3.3.7 appears to be an editorial error. It is in the middle of the justification for MTS 3.3.16. STS 3.3.7 is the RTS Actuation Logic -

Shutdown Specification. This paragraph does not seem to apply to this specific change.

Delete the paragraph. This is resolved by making the recommended change.

9. (Internal # 206) In LCO 3.3.16, part a, ESF has not been previously defined. Change ESF to Engineered Safety Features (ESF) in the LCO statement. This is resolved by making the recommended change.

10. (Internal # 207) In the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.16 under the heading ESF Coincidence Logic, the second paragraph, uses the term ESF. ESF - Engineered Safety Features - has not been previously defined.

Change ESF to Engineered Safety Features (ESF) This is resolved by making the recommended change with additional edits for added clarity. Define first use of PMS in the Bases and use PMS after that (consistent with resolution of comment # 119). Revise the first sentence of the second paragraph under the heading SR 3.3.16.1 for the ACTUATION LOGIC TEST, as follows:

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST.

Revise the first sentence of fifth paragraph in the same subsection as follows:

To the extent possible, Protection and Safety Monitoring System PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features.

Date report generated:

Tuesday, May 12, 2015 Page 26

GTST AP1000-O69-3.3.16, Rev. 1 NRC Final Approval Date: 5/12/15 NRC

Contact:

C. Craig Harbuck United States Nuclear Regulatory Commission 301-415-3140 Craig.Harbuck@nrc.gov Date report generated:

Tuesday, May 12, 2015 Page 27

GTST AP1000-O69-3.3.16, Rev. 1 IX. Evaluator Comments for Consideration in Finalizing Technical Specifications and Bases None Date report generated:

Tuesday, May 12, 2015 Page 28

GTST AP1000-O69-3.3.16, Rev. 1 X. References Used in GTST

1. AP1000 DCD, Revision 19, Section 16, Technical Specifications, June 2011 (ML11171A500).

2. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Technical Specifications Upgrade License Amendment Request, February 24, 2011 (ML12065A057).

3. NRC Safety Evaluation (SE) for Amendment No. 13 to Combined License (COL) No.

NPF-91 for Vogtle Electric Generating Plant (VEGP) Unit 3, and Amendment No. 13 to COL No. NPF-92 for VEGP Unit 4, September 9, 2013, ADAMS Package Accession No. ML13238A337, which contains:

ML13238A355 Cover Letter - Issuance of License Amendment No. 13 for Vogtle Units 3 and 4 (LAR 12-002).

ML13238A359 Enclosure 1 - Amendment No. 13 to COL No. NPF-91 ML13239A256 Enclosure 2 - Amendment No. 13 to COL No. NPF-92 ML13239A284 Enclosure 3 - Revised plant-specific TS pages (Attachment to Amendment No. 13)

ML13239A287 Enclosure 4 - Safety Evaluation (SE), and Attachment 1 - Acronyms ML13239A288 SE Attachment 2 - Table A - Administrative Changes ML13239A319 SE Attachment 3 - Table M - More Restrictive Changes ML13239A333 SE Attachment 4 - Table R - Relocated Specifications ML13239A331 SE Attachment 5 - Table D - Detail Removed Changes ML13239A316 SE Attachment 6 - Table L - Less Restrictive Changes The following documents were subsequently issued to correct an administrative error in Enclosure 3:

ML13277A616 Letter - Correction To The Attachment (Replacement Pages) - Vogtle Electric Generating Plant Units 3 and 4-Issuance of Amendment Re:

Technical Specifications Upgrade (LAR 12-002) (TAC No. RP9402)

ML13277A637 Enclosure 3 - Revised plant-specific TS pages (Attachment to Amendment No. 13) (corrected)

4. TSTF-GG-05-01, Writer's Guide for Plant-Specific Improved Technical Specifications, June 2005.

5. RAI Letter No. 01 Related to License Amendment Request (LAR)12-002 for the Vogtle Electric Generating Plant Units 3 and 4 Combined Licenses, September 7, 2012 (ML12251A355).

6. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Response to Request for Additional Information Letter No. 01 Related to License Amendment Request LAR-12-002, ND-12-2015, October 04, 2012 (ML12286A363 and ML12286A360)

7. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Supplemental Information Related to License Amendment Request LAR-12-002, ND 2356, December 07, 2012 (ML12346A053)

Date report generated:

Tuesday, May 12, 2015 Page 29

GTST AP1000-O69-3.3.16, Rev. 1

8. APOG-2014-008, APOG (AP1000 Utilities) Comments on AP1000 Standardized Technical Specifications (STS) Generic Technical Specification Travelers (GTSTs), Docket ID NRC-2014-0147, September 22, 2014 (ML14265A493).

Date report generated:

Tuesday, May 12, 2015 Page 30

GTST AP1000-O69-3.3.16, Rev. 1 XI. MARKUP of the Applicable GTS Subsection for Preparation of the STS NUREG The entire section of the Specifications and the Bases associated with this GTST is presented next.

Changes to the Specifications and Bases are denoted as follows: Deleted portions are marked in strikethrough red font, and inserted portions in bold blue font.

Date report generated:

Tuesday, May 12, 2015 Page 31

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 3.3 INSTRUMENTATION 3.3.16 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown LCO 3.3.16 Four divisions with one battery backed subsystem for each of the following Functions shall be OPERABLE:

a. Engineered Safety Features (ESF) Coincidence Logic; and

b. ESF Actuation.

NOTE-------------------------------------------

Only the divisions necessary to support Main Control Room Isolation and Air Supply Initiation are required to be OPERABLE during movement of irradiated fuel assemblies when not in MODE 1, 2, 3, 4, 5, or 6.

APPLICABILITY: MODES 5 and 6, During movement of irradiated fuel assemblies.

ACTIONS

NOTE----------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Restore required division to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months within one required OPERABLE status.

division inoperable.

AP1000 STS 3.3.16-1 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 32

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME B. Required Action and B.1 Suspend positive reactivity Immediately associated Completion additions.

Time of Condition A not met in MODE 5. AND OR B.2 With the RCS open and < Immediately 20% pressurizer level, One or more Functions Iinitiate action to be MODE within two or more 5 with the RCS pressure divisions inoperable in boundary open RCS MODE 5. pressure boundary and establish 20%

pressurizer level.

AND B.3 If in MODE 5, Initiate Immediately action to isolate the flow path from the demineralized water storage tank to the RCS by use of at least one closed and de-activated automatic valve or closed manual valve.

C. Required Action and C.1 Suspend positive reactivity Immediately associated Completion additions.

Time of Condition A not met in MODE 6. AND OR C.2 If in MODE 6, Iinitiate action Immediately to establish be in MODE 6 One or more Functions with the water level 23 within two or more feet above the top of the divisions inoperable in reactor vessel flange.

MODE 6.

AP1000 STS 3.3.16-2 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 33

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME D. Required Action and D.1 Suspend movement of Immediately associated Completion irradiated fuel assemblies.

Time of Condition A not met in MODE 6 during movement of irradiated fuel assemblies.

OR One or more Functions within two or more required divisions inoperable during movement of irradiated fuel assemblies.

SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.3.16.1 Perform ACTUATION LOGIC TEST. 92 days on a STAGGERED TEST BASIS SR 3.3.16.2 -------------------------------NOTE------------------------------

This surveillance shall include verification that the time constants are adjusted to the prescribed values.

Perform ACTUATION DEVICE TEST. 24 months SR 3.3.16.3 Perform ACTUATION DEVICE TEST for squib valves. 24 months AP1000 STS 3.3.16-3 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 34

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.3.16.4 Perform ACTUATION DEVICE TEST for pressurizer 24 months heater circuit breakers.

SR 3.3.16.2 -------------------------------NOTE------------------------------

Only required to be met in MODE 5.

Verify reactor coolant pump breakers trip open on 24 months an actual or simulated actuation signal.

SR 3.3.16.3 ------------------------------NOTES-----------------------------

1. Not required to be met in MODE 5 above the P-12 (Pressurizer Level) interlock.

2. Not required to be met in MODE 6 above the P-12 (Pressurizer Level) interlock and water level 23 feet above the top of the reactor vessel flange.

Verify CVCS letdown isolation valves actuate to 24 months the isolation position on an actual or simulated actuation signal.

SR 3.3.16.4 -------------------------------NOTE------------------------------

Only required to be met in MODE 6.

Verify Spent Fuel Pool Cooling System 24 months containment isolation valves actuate to the isolation position on an actual or simulated actuation signal.

AP1000 STS 3.3.16-4 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 35

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 B 3.3 INSTRUMENTATION B 3.3.16 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown BASES BACKGROUND A description of the ESFAS Instrumentation is provided in the Bases for LCO 3.3.8, Engineered Safety Feature Actuation System (ESFAS)

Instrumentation.

APPLICABLE The required divisions channels of ESFAS actuation logic SAFETY instrumentation provide plant protection in the event of any of the ANALYSES, LCO, analyzed accidents. ESFAS protective functions include:

and APPLICABILITY ESF Coincidence Logic A description of the Engineered Safety Features (ESF) Coincidence Logic is provided in the Bases for LCO 3.3.8.

ESF Actuation A description of the ESF Actuation Subsystem is provided in the Bases for LCO 3.3.8.

The following are descriptions of the ESFAS actuation logic individual instrument Functions required by this LCO:

a. ESF Coincidence Logic This LCO requires four divisions of ESF coincidence logic, each set with one battery backed logic group OPERABLE to support automatic actuation. If one division of battery backed coincidence logic is OPERABLE in all four divisions, an additional single failure will not prevent ESF actuations because three divisions will still be available to provide redundant actuation for all ESF Functions.

This Function is required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel because of the potential for a fission product release following a fuel handling accident, or other DBA. The LCO is modified by a Note stating that only the divisions necessary to support Main Control Room Isolation and Air Supply Initiation are required to be OPERABLE during movement of irradiated fuel assemblies when not in MODE 1, 2, 3, 4, 5, or 6. This supports TS 3.3.13, Engineered Safety Feature Actuation System AP1000 STS B 3.3.16-1 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 36

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

(ESFAS) Control Room Air Supply Radiation Instrumentation, actuation of Main Control Room Emergency Habitability System (VES). The ESF Coincidence Logic requirements for MODES 1, 2, 3, and 4 are discussed in LCO 3.3.15, ESFAS Actuation Logic -

Operating.

b. ESF Actuation This LCO requires that for each division of ESF actuation, one battery backed logic group be OPERABLE to support both automatic and manual actuation. If one battery backed logic group is OPERABLE for the ESF actuation subsystem in all four divisions, a single failure will not prevent ESF actuations because ESF actuation subsystems in the other three divisions are still available to provide redundant actuation for ESF Functions. The remaining cabinets in the division with a failed ESF actuation cabinet are still OPERABLE and will provide their ESF Functions.

This Function is required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel because of the potential for a fission product release following a fuel handling accident, or other DBA. The LCO is modified by a Note stating that only the divisions necessary to support Main Control Room Isolation and Air Supply Initiation are required to be OPERABLE during movement of irradiated fuel assemblies when not in MODE 1, 2, 3, 4, 5, or 6. This supports TS 3.3.13, Engineered Safety Feature Actuation System (ESFAS) Control Room Air Supply Radiation Instrumentation, actuation of Main Control Room Emergency Habitability System (VES). The ESF Coincidence Logic requirements for MODES 1, 2, 3, and 4 are discussed in LCO 3.3.15.

ESFAS Actuation Logic - Shutdown satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

AP1000 STS B 3.3.16-2 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 37

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES ACTIONS A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this specification may be entered independently for each Function (i.e., ESF Coincidence Logic and ESF Actuation). The Completion Time(s) of the inoperable equipment of a Function will be tracked separately for each Function starting from the time the Condition was entered for that Function.

A.1 Condition A addresses the situation where one or more ESFAS actuation logic Functions within one division are inoperable. The ESF Coincidence Logic and ESF Actuation subsystem divisions are inoperable when both of their associated battery backed subsystems are inoperable.

With one ESFAS actuation logic division inoperable, the initiation capability is reduced below that required to meet the single failure criterion. Therefore, the required division must be returned to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The specified Completion Time is reasonable considering the remaining divisions are capable of performing the associated safety function.

B.1, B.2, and B.3 If the Required Action and associated Completion Time of Condition A is not met in MODE 5, or one or more ESFAS actuation logic Functions within two divisions are inoperable, the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. This is accomplished by immediately suspending positive reactivity additions and initiating action to open the RCS pressure boundary and establish 20% pressurizer level (Required Actions B.1 and B.2).

Action must also be immediately initiated to isolate the flow path from the demineralized water storage tank to the RCS by use of at least one closed and de-activated automatic valve or closed manual valve (Required Action B.3). These requirements minimize the consequences of the loss of decay heat removal by maximizing RCS inventory and maintaining RCS temperature as low as practical. Additionally, the potential for a criticality event is minimized by isolation of the demineralized water storage tank and by suspension of positive reactivity additions.

AP1000 STS B 3.3.16-3 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 38

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES ACTIONS (continued)

C.1 and C.2 If the Required Action and associated Completion Time of Condition A is not met in MODE 6, or one or more ESFAS actuation logic Functions within two or more divisions are inoperable, the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. This is accomplished by immediately initiating action to establish reactor cavity water level 23 feet above the top of the reactor vessel flange and suspending positive reactivity additions. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions in an orderly manner without challenging plant systems.

Required Action C.2 minimizes the consequences of a loss of decay heat removal event by optimizing conditions for RCS cooling in MODE 6 using IRWST injection. Additionally, the potential for a criticality event is minimized by suspension of positive reactivity additions.

D.1 If the Required Action and associated Completion Time of Condition A is not met during movement of irradiated fuel assemblies, or one or more ESFAS actuation logic Functions within two or more divisions are inoperable, the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. Required Action D.1 requires immediately suspending movement of irradiated fuel assemblies.

This required action suspends activities with potential for releasing radioactivity that might enter the Main Control Room. This action does not preclude the movement of fuel to a safe position.

SURVEILLANCE SR 3.3.16.1 REQUIREMENTS SR 3.3.16.1 is the performance of an ACTUATION LOGIC TEST. This test, in conjunction with the individual device functional tests throughout the Technical Specifications demonstrate that actuated devices respond to an actual or simulated actuation signal. The ESF coincidence logic and ESF actuation subsystems within a division are tested every 92 days on a STAGGERED TEST BASIS.

AP1000 STS B 3.3.16-4 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 39

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued)

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST. The test subsystem is designed to allow for complete functional testing by using a combination of system self-checking features, functional testing features, and other testing features.

Successful functional testing consists of verifying that the capability of the system to perform the safety function has not failed or degraded.

For hardware functions this would involve verifying that the hardware components and connections have not failed or degraded. Generally this verification includes a comparison of the outputs from two or more redundant subsystems or channels.

Since software does not degrade, software functional testing involves verifying that the software code has not changed and that the software code is executing.

To the extent possible, PMS Protection and Safety Monitoring System functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. The ACTUATION LOGIC TEST shall include a review of the operation of the test subsystem to verify the completeness and adequacy of the results.

If the ACTUATION LOGIC TEST cannot be completed using the built-in test subsystem, either because of failures in the test subsystem or failures in redundant channel hardware used for functional testing, the ACTUATION LOGIC TEST can be performed using portable test equipment.

Interlocks implicitly required to support the Function's OPERABILITY are also addressed by this ACTUATION LOGIC TEST.

This portion of the ACTUATION LOGIC TEST ensures the associated Function is not bypassed when required to be enabled.

This can be accomplished by ensuring the interlocks are calibrated properly in accordance with the SP. If the interlock is not automatically functioning as designed, the condition is entered into the Corrective Action Program and appropriate OPERABILITY evaluations performed for the affected Function. The affected Functions OPERABILITY can be met if the interlock is manually enforced to properly enable the affected Function. When an interlock is not supporting the associated Functions OPERABILITY AP1000 STS B 3.3.16-5 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 40

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued) at the existing plant conditions, the affected Function's channels must be declared inoperable and appropriate ACTIONS taken.

The Frequency of every 92 days on a STAGGERED TEST BASIS provides a complete test of all four divisions once per year. This frequency is adequate based on the inherent high reliability of the solid state devices which comprise this equipment; the additional reliability provided by the redundant subsystems; and the use of continuous diagnostic test features, such as deadman timers, memory checks, numeric coprocessor checks, cross-check of redundant subsystems, and tests of timers, counters, and crystal time basis, which will report a failure within these cabinets to the operator.

SR 3.3.16.2 SR 3.3.16.2 is the performance of an ACTUATION DEVICE TEST. This test, in conjunction with the ACTUATION LOGIC TEST, demonstrates that the actuated device responds to a simulated actuation signal. This Surveillance Requirement is applicable to the equipment which is actuated by the Protection Logic Cabinets except squib valves. The OPERABILITY of the actuated equipment is checked by exercising the equipment on an individual basis.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This Surveillance Requirement is modified by a Note that states that actuated equipment, that is included in the Inservice Test (IST) Program, is exempt from this surveillance. The IST Program provides for exercising of the safety related valves on a more frequent basis. The results from the IST Program can therefore be used to verify OPERABILITY of the final actuated equipment.

SR 3.3.16.3 SR 3.3.16.3 is the performance of an ACTUATION DEVICE TEST, similar to that performed in SR 3.3.16.2, except this Surveillance Requirement is specifically applicable to squib valves. This test, in conjunction with the ACTUATION LOGIC TEST, demonstrates that the actuated device responds to a simulated actuation signal. The AP1000 STS B 3.3.16-6 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 41

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued)

OPERABILITY of the squib valves is checked by performing a continuity check of the circuit from the Protection Logic Cabinets to the squib valve.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any additional risks associated with inadvertent operation of the squib valves.

SR 3.3.16.4 SR 3.3.16.4 is the performance of an ACTUATION DEVICE TEST. This test, in conjunction with the ACTUATION LOGIC TEST, demonstrates that the actuated device responds to a simulated actuation signal. This Surveillance Requirement is applicable to the circuit breakers which de-energize the power to the pressurizer heaters upon a pressurizer heater trip. The OPERABILITY of these breakers is checked by opening these breakers using the Plant Control System.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation. This Frequency is adequate based on the use of multiple circuit breakers to prevent the failure of any single circuit breaker from disabling the function and that all circuit breakers are tested.

SR 3.3.16.2 SR 3.3.16.2 demonstrates that the RCP breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

The SR is modified by a Note stating that the SR is only required to be met in MODE 5.

AP1000 STS B 3.3.16-7 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 42

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.16.3 SR 3.3.16.3 demonstrates that the CVS letdown isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This SR is modified by a Note that states that the SR is not required to be met in MODE 5 above the P-12 (Pressurizer Level) interlock. A second Note states that the SR is not required to be met in MODE 6 above the P-12 (Pressurizer Level) interlock with water level 23 feet above the top of the reactor vessel flange SR 3.3.16.4 SR 3.3.16.4 demonstrates that the Spent Fuel Pool Cooling containment isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

The SR is modified by a Note stating that the SR is only required to be met in MODE 6.

REFERENCES 1. FSAR Chapter 15.0, Accident Analysis.

AP1000 STS B 3.3.16-8 Amendment 0Rev. 0 Revision 19 Date report generated:

Tuesday, May 12, 2015 Page 43

GTST AP1000-O69-3.3.16, Rev. 1 XII. Applicable STS Subsection After Incorporation of this GTSTs Modifications The entire subsection of the Specifications and the Bases associated with this GTST, following incorporation of the modifications, is presented next.

Date report generated:

Tuesday, May 12, 2015 Page 44

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 3.3 INSTRUMENTATION 3.3.16 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown LCO 3.3.16 Four divisions with one subsystem for each of the following Functions shall be OPERABLE:

a. Engineered Safety Features (ESF) Coincidence Logic; and

b. ESF Actuation.

NOTE-------------------------------------------

Only the divisions necessary to support Main Control Room Isolation and Air Supply Initiation are required to be OPERABLE during movement of irradiated fuel assemblies when not in MODE 1, 2, 3, 4, 5, or 6.

APPLICABILITY: MODES 5 and 6, During movement of irradiated fuel assemblies.

ACTIONS

NOTE----------------------------------------------------------

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A. One or more Functions A.1 Restore required division to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months within one required OPERABLE status.

division inoperable.

AP1000 STS 3.3.16-1 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 45

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME B. Required Action and B.1 Suspend positive reactivity Immediately associated Completion additions.

Time of Condition A not met in MODE 5. AND OR B.2 Initiate action to open RCS Immediately pressure boundary and One or more Functions establish 20% pressurizer within two or more level.

divisions inoperable in MODE 5. AND B.3 Initiate action to isolate the Immediately flow path from the demineralized water storage tank to the RCS by use of at least one closed and de-activated automatic valve or closed manual valve.

C. Required Action and C.1 Suspend positive reactivity Immediately associated Completion additions.

Time of Condition A not met in MODE 6. AND OR C.2 Initiate action to establish Immediately water level 23 feet above One or more Functions the top of the reactor vessel within two or more flange.

divisions inoperable in MODE 6.

AP1000 STS 3.3.16-2 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 46

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME D. Required Action and D.1 Suspend movement of Immediately associated Completion irradiated fuel assemblies.

Time of Condition A not met during movement of irradiated fuel assemblies.

OR One or more Functions within two or more required divisions inoperable during movement of irradiated fuel assemblies.

SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.3.16.1 Perform ACTUATION LOGIC TEST. 92 days on a STAGGERED TEST BASIS SR 3.3.16.2 -------------------------------NOTE------------------------------

Only required to be met in MODE 5.

Verify reactor coolant pump breakers trip open on an 24 months actual or simulated actuation signal.

AP1000 STS 3.3.16-3 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 47

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown 3.3.16 SURVEILLANCE REQUIREMENTS (continued)

SURVEILLANCE FREQUENCY SR 3.3.16.3 ------------------------------NOTES-----------------------------

1. Not required to be met in MODE 5 above the P-12 (Pressurizer Level) interlock.

2. Not required to be met in MODE 6 above the P-12 (Pressurizer Level) interlock and water level 23 feet above the top of the reactor vessel flange.

Verify CVCS letdown isolation valves actuate to the 24 months isolation position on an actual or simulated actuation signal.

SR 3.3.16.4 -------------------------------NOTE------------------------------

Only required to be met in MODE 6.

Verify Spent Fuel Pool Cooling System containment 24 months isolation valves actuate to the isolation position on an actual or simulated actuation signal.

AP1000 STS 3.3.16-4 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 48

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 B 3.3 INSTRUMENTATION B 3.3.16 Engineered Safety Feature Actuation System (ESFAS) Actuation Logic - Shutdown BASES BACKGROUND A description of the ESFAS Instrumentation is provided in the Bases for LCO 3.3.8, Engineered Safety Feature Actuation System (ESFAS)

Instrumentation.

APPLICABLE The required divisions of ESFAS actuation logic provide plant protection SAFETY in the event of any of the analyzed accidents. ESFAS protective functions ANALYSES, LCO, include:

and APPLICABILITY ESF Coincidence Logic A description of the Engineered Safety Features (ESF) Coincidence Logic is provided in the Bases for LCO 3.3.8.

ESF Actuation A description of the ESF Actuation Subsystem is provided in the Bases for LCO 3.3.8.

The following are descriptions of the ESFAS actuation logic Functions required by this LCO:

a. ESF Coincidence Logic This LCO requires four divisions of ESF coincidence logic, each set with one battery backed logic group OPERABLE to support automatic actuation. If one division of battery backed coincidence logic is OPERABLE in all four divisions, an additional single failure will not prevent ESF actuations because three divisions will still be available to provide redundant actuation for all ESF Functions.

This Function is required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel because of the potential for a fission product release following a fuel handling accident, or other DBA. The LCO is modified by a Note stating that only the divisions necessary to support Main Control Room Isolation and Air Supply Initiation are required to be OPERABLE during movement of irradiated fuel assemblies when not in MODE 1, 2, 3, 4, 5, or 6. This supports TS 3.3.13, Engineered Safety Feature Actuation System AP1000 STS B 3.3.16-1 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 49

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

(ESFAS) Control Room Air Supply Radiation Instrumentation, actuation of Main Control Room Emergency Habitability System (VES). The ESF Coincidence Logic requirements for MODES 1, 2, 3, and 4 are discussed in LCO 3.3.15, ESFAS Actuation Logic -

Operating.

b. ESF Actuation This LCO requires that for each division of ESF actuation, one battery backed logic group be OPERABLE to support both automatic and manual actuation. If one battery backed logic group is OPERABLE for the ESF actuation subsystem in all four divisions, a single failure will not prevent ESF actuations because ESF actuation subsystems in the other three divisions are still available to provide redundant actuation for ESF Functions. The remaining cabinets in the division with a failed ESF actuation cabinet are still OPERABLE and will provide their ESF Functions.

This Function is required to be OPERABLE in MODES 5 and 6, and during movement of irradiated fuel because of the potential for a fission product release following a fuel handling accident, or other DBA. The LCO is modified by a Note stating that only the divisions necessary to support Main Control Room Isolation and Air Supply Initiation are required to be OPERABLE during movement of irradiated fuel assemblies when not in MODE 1, 2, 3, 4, 5, or 6. This supports TS 3.3.13, Engineered Safety Feature Actuation System (ESFAS) Control Room Air Supply Radiation Instrumentation, actuation of Main Control Room Emergency Habitability System (VES). The ESF Coincidence Logic requirements for MODES 1, 2, 3, and 4 are discussed in LCO 3.3.15.

ESFAS Actuation Logic - Shutdown satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

AP1000 STS B 3.3.16-2 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 50

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES ACTIONS A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this specification may be entered independently for each Function (i.e., ESF Coincidence Logic and ESF Actuation). The Completion Time(s) of the inoperable equipment of a Function will be tracked separately for each Function starting from the time the Condition was entered for that Function.

A.1 Condition A addresses the situation where one or more ESFAS actuation logic Functions within one division are inoperable. The ESF Coincidence Logic and ESF Actuation subsystem divisions are inoperable when both of their associated battery backed subsystems are inoperable.

With one ESFAS actuation logic division inoperable, the initiation capability is reduced below that required to meet the single failure criterion. Therefore, the required division must be returned to OPERABLE status within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The specified Completion Time is reasonable considering the remaining divisions are capable of performing the associated safety function.

B.1, B.2, and B.3 If the Required Action and associated Completion Time of Condition A is not met in MODE 5, or one or more ESFAS actuation logic Functions within two divisions are inoperable, the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. This is accomplished by immediately suspending positive reactivity additions and initiating action to open the RCS pressure boundary and establish 20% pressurizer level (Required Actions B.1 and B.2).

Action must also be immediately initiated to isolate the flow path from the demineralized water storage tank to the RCS by use of at least one closed and de-activated automatic valve or closed manual valve (Required Action B.3). These requirements minimize the consequences of the loss of decay heat removal by maximizing RCS inventory and maintaining RCS temperature as low as practical. Additionally, the potential for a criticality event is minimized by isolation of the demineralized water storage tank and by suspension of positive reactivity additions.

AP1000 STS B 3.3.16-3 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 51

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES ACTIONS (continued)

C.1 and C.2 If the Required Action and associated Completion Time of Condition A is not met in MODE 6, or one or more ESFAS actuation logic Functions within two or more divisions are inoperable, the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. This is accomplished by immediately initiating action to establish reactor cavity water level 23 feet above the top of the reactor vessel flange and suspending positive reactivity additions. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions in an orderly manner without challenging plant systems.

Required Action C.2 minimizes the consequences of a loss of decay heat removal event by optimizing conditions for RCS cooling in MODE 6 using IRWST injection. Additionally, the potential for a criticality event is minimized by suspension of positive reactivity additions.

D.1 If the Required Action and associated Completion Time of Condition A is not met during movement of irradiated fuel assemblies, or one or more ESFAS actuation logic Functions within two or more divisions are inoperable, the plant must be placed in a condition in which the likelihood and consequences of an event are minimized. Required Action D.1 requires immediately suspending movement of irradiated fuel assemblies.

This required action suspends activities with potential for releasing radioactivity that might enter the Main Control Room. This action does not preclude the movement of fuel to a safe position.

SURVEILLANCE SR 3.3.16.1 REQUIREMENTS SR 3.3.16.1 is the performance of an ACTUATION LOGIC TEST. This test, in conjunction with the individual device functional tests throughout the Technical Specifications demonstrate that actuated devices respond to an actual or simulated actuation signal. The ESF coincidence logic and ESF actuation subsystems within a division are tested every 92 days on a STAGGERED TEST BASIS.

AP1000 STS B 3.3.16-4 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 52

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued)

A test subsystem is provided with the Protection and Safety Monitoring System (PMS) to aid the plant staff in performing the ACTUATION LOGIC TEST. The test subsystem is designed to allow for complete functional testing by using a combination of system self-checking features, functional testing features, and other testing features.

Successful functional testing consists of verifying that the capability of the system to perform the safety function has not failed or degraded.

For hardware functions this would involve verifying that the hardware components and connections have not failed or degraded. Generally this verification includes a comparison of the outputs from two or more redundant subsystems or channels.

Since software does not degrade, software functional testing involves verifying that the software code has not changed and that the software code is executing.

To the extent possible, PMS functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. The ACTUATION LOGIC TEST shall include a review of the operation of the test subsystem to verify the completeness and adequacy of the results.

If the ACTUATION LOGIC TEST cannot be completed using the built-in test subsystem, either because of failures in the test subsystem or failures in redundant channel hardware used for functional testing, the ACTUATION LOGIC TEST can be performed using portable test equipment.

Interlocks implicitly required to support the Function's OPERABILITY are also addressed by this ACTUATION LOGIC TEST. This portion of the ACTUATION LOGIC TEST ensures the associated Function is not bypassed when required to be enabled. This can be accomplished by ensuring the interlocks are calibrated properly in accordance with the SP.

If the interlock is not automatically functioning as designed, the condition is entered into the Corrective Action Program and appropriate OPERABILITY evaluations performed for the affected Function. The affected Functions OPERABILITY can be met if the interlock is manually enforced to properly enable the affected Function. When an interlock is not supporting the associated Functions OPERABILITY at the existing plant conditions, the affected Function's channels must be declared inoperable and appropriate ACTIONS taken.

AP1000 STS B 3.3.16-5 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 53

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued)

The Frequency of every 92 days on a STAGGERED TEST BASIS provides a complete test of all four divisions once per year. This frequency is adequate based on the inherent high reliability of the solid state devices which comprise this equipment; the additional reliability provided by the redundant subsystems; and the use of continuous diagnostic test features, such as deadman timers, memory checks, numeric coprocessor checks, cross-check of redundant subsystems, and tests of timers, counters, and crystal time basis, which will report a failure within these cabinets to the operator.

SR 3.3.16.2 SR 3.3.16.2 demonstrates that the RCP breakers trip open in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

The SR is modified by a Note stating that the SR is only required to be met in MODE 5.

SR 3.3.16.3 SR 3.3.16.3 demonstrates that the CVS letdown isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

This SR is modified by a Note that states that the SR is not required to be met in MODE 5 above the P-12 (Pressurizer Level) interlock. A second Note states that the SR is not required to be met in MODE 6 above the P-12 (Pressurizer Level) interlock with water level 23 feet above the top of the reactor vessel flange AP1000 STS B 3.3.16-6 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 54

GTST AP1000-O69-3.3.16, Rev. 1 ESFAS Actuation Logic - Shutdown B 3.3.16 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.16.4 SR 3.3.16.4 demonstrates that the Spent Fuel Pool Cooling containment isolation valves actuate to the isolation position in response to an actual or simulated actuation signal. The ACTUATION LOGIC TEST overlaps this Surveillance to provide complete testing of the assumed safety function.

The Frequency of 24 months is based on the need to perform this surveillance during periods in which the plant is shutdown for refueling to prevent any upsets of plant operation.

The SR is modified by a Note stating that the SR is only required to be met in MODE 6.

REFERENCES 1. FSAR Chapter 15.0, Accident Analysis.

AP1000 STS B 3.3.16-7 Rev. 0 Date report generated:

Tuesday, May 12, 2015 Page 55

ML22240A051

Contents

Text

Title:

Title:

Title:

Title:

Title:

Contact:

Navigation menu

ML22240A051

Text

Title:

Title:

Title:

Title:

Title:

Contact:

Navigation menu

Search