ML22333A817

From kanterella
Jump to navigation Jump to search

Response to Supplemental Information Needed for Acceptance of Digital Instrumentation and Controls License Amendment Requests for the Limerick Generating Station
ML22333A817
Person / Time
Site: Limerick  Constellation icon.png
Issue date: 11/29/2022
From: David Helker
Constellation Energy Generation
To:
Office of Nuclear Reactor Regulation, Document Control Desk
Shared Package
ML22333A815 List:
References
EPID L-2022-LLA-0140
Download: ML22333A817 (1)
v  d  e


Text

200 Exelon Way Kennett Square, PA 19348 www.ConstellationEnergy.com ATTACHMENT 1 TRANSMITTED HEREWITH CONTAINS PROPRIETARY INFORMATION - WITHHOLD UNDER 10 CFR 2.390 10 CFR 50.90 November 29, 2022 U.S. Nuclear Regulatory Commission Washington, DC 20555-0001 ATTN: Document Control Desk Limerick Generating Station, Units 1 and 2 Renewed Facility Operating License Nos. NPF-39 and NPF-85 NRC Docket Nos. 50-352 and 50-353

Subject:

Constellation Energy Generation, LLC Response to Supplemental Information Needed for Acceptance of Digital Instrumentation and Controls License Amendment Requests for the Limerick Generating Station (EPID L-2022-LLA-0140)

References:

1. Constellation Energy Generation, LLC letter to the U.S. Nuclear Regulatory Commission (NRC), License Amendment Request to Revise the Licensing and Design Basis to Incorporate the Replacement of Existing Safety-Related Analog Control Systems with a Single Digital Plant Protection System (PPS), dated September 26, 2022 (ADAMS Accession No. ML22269A569)
2. Constellation Energy Generation, LLC letter to the U.S. Nuclear Regulatory Commission (NRC), Review of Limerick Generating Station Defense in Depth and Diversity Common Cause Failure Coping Analysis, WNA-AR-01074-GLIM-P, Revision 2, July 2022, and the Licensing Technical Report for the Limerick Generating Station Units 1&2 Digital Modernization Project, WCAP-18598-P, Revision 0, July 2022, dated August 12, 2022 (ADAMS Accession No. ML22224A149)
3. U.S Nuclear Regulatory Commission letter to Constellation Energy Generation LLC, Limerick Generating Station, Units 1 and 2 -

Supplemental Information Needed for Acceptance of Digital Instrumentation and Controls License Amendment Requests (EPID L-2022-LLA-0140), dated November 21, 2022 (ADAMS Accession No. ML22320A113)

Per Reference 1, in accordance with 10 CFR 50.90, Constellation Energy Generation, LLC (CEG) requested amendments to Renewed Facility Operating License Nos. NPF-39 and NPF-85 for Limerick Generating Station (LGS), Units 1 and 2, respectively to incorporate a ATTACHMENT 1, HEREWITH CONTAINS PROPRIETARY INFORMATION - WITHHOLD UNDER 10 CFR 2.390. When separated from Attachment 1, this cover letter is decontrolled.

License Amendment Request Limerick Digital Modernization Project Docket Nos. 50-352 and 50-353 November 29, 2022 Page 2 ATTACHMENT 1 TRANSMITTED HEREWITH CONTAINS PROPRIETARY INFORMATION - WITHHOLD UNDER 10 CFR 2.390 planned digital modification control system at LGS (i.e., the LGS Digital Modernization Project). The new single digital control system (i.e., for RPS, NSSSS, ECCS, RCIC, and EOC-RPT) will be renamed the Plant Protection System (PPS).

Per Reference 3 the NRC Staff notified CEG during their acceptance review that supplemental information is needed to complete its acceptance review of the proposed amendment. To support the acceptance review, the NRC staff requests that Constellation provide a technical description of the CIM design for the priority functions being used in the proposed plant protection system. Further, the description should address the conformance of the CIM design to the command prioritization positions described in Digital Interim Staff Guidance 04, Revision 1, Highly-Integrated Control Rooms - Communications Issues (HICRc), specific to the Limerick proposed plant protection system design.

Attachments 1, 2 and 3 provide CEGs response to the requested supplemental information.

In response to Reference 3, CEG is providing the AP1000 Component Interface Module (CIM) Technical Report, WCAP-17179, Revision 6, in support of the LGS Digital Modernization Project (DMP) LAR Licensing Technical Report (LTR) (Reference 2) that cites AP1000 Technical Report document for applicable CIM technical details. CEG is not requesting general approval of this document, but rather for the NRC to use this document in conjunction with the LTR so that all applicable CIM technical information is on the LGS docket.

To assist the NRC in determining which parts of WCAP-17179 apply to the LGS DMP LAR, the following is provided:

1. The LTR, Section 3.2.1, cites WCAP-17179: The CIM Technical Report (Reference
8) describes the functionality of the CIM.

LTR, Section 3.2.5, cites WCAP-17179: The technical description of the CIM can be found in WCAP-17179 (Reference 8).

The applicable sections of WCAP-17179 that apply for the technical description of the CIM are:

a. 2.3.1.1.2 - 2.3.1.1.4 (replace PMS and PLS with PPS and DCS, respectively)
b. 2.3.1.1.5 - 2.3.1.1.7
c. 2.3.1.2 2.3.1.2.1 (replace PMS with PPS)
d. 2.3.1.2.2 (replace Ovation RNC with Ovation Remote Node Interface, RNI)

License Amendment Request Limerick Digital Modernization Project Docket Nos. 50-352 and 50-353 November 29, 2022 Page 3 ATTACHMENT 1 TRANSMITTED HEREWITH CONTAINS PROPRIETARY INFORMATION - WITHHOLD UNDER 10 CFR 2.390

e. 2.3.1.2.3
f. 2.3.1.2.4 (excluding the first paragraph; replace PMS and PLS with PPS and DCS, respectively).
g. 2.3.1.2.5 (replace PMS and PLS with PPS and DCS, respectively)
h. 2.3.1.2.6 - 2.3.1.2.7
i. 2.3.1.2.8 (last paragraph - replace PLS with DCS)
j. 2.3.2 - 2.3.3 (Replace Ovation RNC with Ovation RNI)
k. 2.3.4 (replace PMS with PPS)
l. 2.3.5
m. 2.4.1 (replace PMS, PLS and Ovation RNC with PPS, DCS and Ovation Remote Node Interface, respectively)
n. 2.4.2 (replace PMS, PLS with PPS, DCS and exclude the last paragraph)
o. 2.4.3 (exclude 2.4.4 because the CIM interfaces with the High Amperage Relay Panel (HARP) as described in the LTR)
p. 2.5 (replace PMS, PLS with PPS, DCS, respectively)
i. Exclude the last paragraph in 2.5.1.1.1, because the CIM interfaces with the HARP as described in the LTR.

ii. Exclude CIM - Ground Fault Detection in Section 2.5.1.1.2 because the CIM interfaces with the HARP and not directly to components, as described in the LTR.

2. LTR Section 3.2.21 cites WCAP-17179: The CIM Technical Report (Reference 8) describes the functionality of the CIM. See #1 above for applicable sections in WCAP-17179.
3. LTR Table 3.2.21-1 DI&C-ISG-04 Compliance cites dispositions in WCAP-17179 for DI&C-ISG-04 Section 1 positions. WCAP-17179, Section 3.2.1 would apply.
4. LTR Section 3.5.14.6.2 cites WCAP-17179: There are also built-in diagnostics in the CIM that are listed in Reference 11 and described in the CIM Technical Report, Section 2.5 (Reference 8). See 1.p for applicability of WCAP-17179, Section 2.5.

License Amendment Request Limerick Digital Modernization Project Docket Nos. 50-352 and 50-353 November 29, 2022 Page 4 ATTACHMENT 1 TRANSMITTED HEREWITH CONTAINS PROPRIETARY INFORMATION - WITHHOLD UNDER 10 CFR 2.390

5. LTR Section 6.2.1.1 cites WCAP-17179: The CIM design is documented in the technical report WCAP-17179-P, AP1000 Component Interface Module Technical Report, Reference 8. See #1 for applicable sections of WCAP-17179 that apply.
6. LTR Table 8.2.1.5-1, Summary of Vulnerabilities, Controls, and Overall Effectiveness cites WCAP-17179: CIM Technical Report (Reference 8), Section 2.3.1.2.4. See 1.e for applicability to LGS DMP LAR.
7. LTR Section 3.2.5 cites WCAP-17179: The technical description of the CIM can be found in WCAP-17179 (Reference 8). It also includes the disposition of the ten NRC staff positions on Command Prioritization in DI&C-ISG-04, Section 2. Table 3.2.5-1 dispositions are specific to the LGS PPS design. As stated, the LTR dispositions supersede the dispositions in WCAP-17179. provides WCAP-17179-P, Revision 6, AP1000 Component Interface Module Technical Report. This attachment contains information proprietary to Westinghouse Electric Company (WEC) which is supported by an Affidavit signed by WEC, the owner of the information. provides the non-proprietary WCAP-17179-A-NP, Revision 6, AP1000 Component Interface Module Technical Report. provides the WEC Affidavit in support of Attachments 1 and 2. The Affidavit sets forth the basis on which the information may be withheld from public disclosure by the NRC and addresses, with specificity, the considerations listed in paragraph (b)(4) of Section 2.390 of the Commission's regulations.

CEG has reviewed the information supporting the No Significant Hazards Consideration and the Environmental Consideration that was previously provided to the NRC in Reference 1. The information in this LAR supplement does not impact the conclusion that the proposed license amendments do not involve a significant hazards consideration. The information also does not impact the conclusion that there is no need for an environmental assessment to be prepared in support of the proposed amendments.

There are no regulatory commitments contained in this supplement.

In accordance with 10 CFR 50.91, "Notice for public comment; State consultation,"

paragraph (b), CEG is notifying the Commonwealth of Pennsylvania of this license amendment request supplement by transmitting a copy of this letter to the designated State Official.

If you have any questions regarding this submittal, then please contact Frank Mascitelli at Frank.Mascitelli@constellation.com.

License Amendment Request Limerick Digital Modernization Project Docket Nos. 50-352 and 50-353 November 29, 2022 Page 5 ATTACHMENT 1 TRANSMITTED HEREWITH CONTAINS PROPRIETARY INFORMATION - WITHHOLD UNDER 10 CFR 2.390 I declare under penalty of perjury that the foregoing is true and correct. Executed on this 29th day of November 2022.

Respectfully, David P. Helker Sr. Manager, Licensing Constellation Energy Generation, LLC Attachments: 1. WCAP-17179-P, Revision 6, AP1000 Component Interface Module Technical Report, APP-GW-GLR-143, April 2016

2. WCAP-17179-NP, Revision 6, AP1000 Component Interface Module Technical Report, APP-GW-GLR-144, April 2016
3. CAW-22-057, WEC Affidavit, in support of WCAP-17179-P, Revision 6 cc: USNRC Region I, Regional Administrator w/ attachments USNRC Project Manager, LGS "

USNRC Senior Resident Inspector, LGS "

Director, Bureau of Radiation Protection - Pennsylvania Department of Environmental Protection w/ attachments 2, 3

ATTACHMENT 1 Supplement - License Amendment Request Limerick Generating Station, Units 1 and 2 NRC Docket Nos. 50-352 and 50-353 WCAP-17179-P, Revision 6, AP1000 Component Interface Module Technical Report, APP-GW-GLR-143, April 2016

ATTACHMENT 2 Supplement - License Amendment Request Limerick Generating Station, Units 1 and 2 NRC Docket Nos. 50-352 and 50-353 WCAP-17179-NP, Revision 6, AP1000 Component Interface Module Technical Report, APP-GW-GLR-144, April 2016

Westinghouse Non-Proprietary Class 3 WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6 AP1000 Component Interface Module Technical Report

W2-6.1-100.F02, Rev. 0 DOCUMENT COVER SHEET DOCUMENT NO. REVISION PAGE OPEN ITEMS APP-GW-GLR-144 6 1 of 55 N DOCUMENT STATUS: DES AP1000 SAFETY CLASS: C Westinghouse Acceptance of AP1000 LICENSING REVIEW STATUS: Completed and Attached Design Partner Document by:

PLANT APPLICABILITY: N/A (Print Full Name)

All AP1000 Plants except: Only the following plants:

No Exceptions (Signature/Date)

ALTERNATE DOCUMENT NUMBER: N/A ORIGINATING ORGANIZATION: WNA TITLE: AP1000 Component Interface Module Technical Report DCP/DCA/SUPPLEMENTS/EDCR # INCORPORATED IN THIS DOCUMENT REVISION:

APP-GW-GEE-5133, Rev. 0 ATTACHMENTS:

N/A PARENT DOCUMENT: N/A

© 2016 WESTINGHOUSE ELECTRIC COMPANY LLC, ALL RIGHTS RESERVED - WESTINGHOUSE NON-PROPRIETARY CLASS 3 All Class 3 Documents require the following two approvals in lieu of a Form 36.

LEGAL REVIEW SIGNATURE / DATE (If processing electronic approval select option)

Stephanie Harsche See Form 36 for WCAP-17179-NP for Signature PATENT REVIEW SIGNATURE / DATE Thomas J. Laubham See Form 36 for WCAP-17179-NP for Signature

© 2016 WESTINGHOUSE ELECTRIC COMPANY LLC, ALL RIGHTS RESERVED - WESTINGHOUSE PROPRIETARY CLASS 2 This document is the property of and contains Proprietary Information owned by Westinghouse Electric Company LLC and/or its subcontractors and suppliers. It is transmitted to you in confidence and trust, and you agree to treat this document in strict accordance with the terms and conditions of the agreement under which it was provided to you. Handle this document in accordance with applicable procedures for filing and transmittal. Any unauthorized use of this document is prohibited.

  • NOTE: This selection is only to be used for Westinghouse generated documents.

© 2016 WESTINGHOUSE ELECTRIC COMPANY LLC, ALL RIGHTS RESERVED and/or

© 2016 WESTINGHOUSE AP1000 BUSINESS PARTNER, ALL RIGHTS RESERVED WESTINGHOUSE PROPRIETARY CLASS 2 and/or WESTINGHOUSE BUSINESS PARTNER PROPRIETARY (SEE ATTACHED DOCUMENT)

This document is the property of and contains Proprietary Information owned by Westinghouse Electric Company LLC and/or is the property of and contains Proprietary Information owned by the Westinghouse Business Partner identified in the document attached hereto and/or their affiliates, subcontractors and suppliers. It is transmitted to you in confidence and trust, and you agree to treat this document in strict accordance with the terms and conditions of the agreement under which it was provided to you. Any unauthorized use of this document is prohibited.

SUPPLIER OR THIRD PARTY PROVIDED INFORMATION - File And Protect Using Policies For Westinghouse Proprietary Class 2 Information This document is the property of and contains Proprietary Information owned by a Supplier/Third Party to Westinghouse Electric Company, LLC. Treat this document in strict compliance with applicable procedures and the terms and conditions under which it was provided. Any unauthorized use of this document is prohibited.

ORIGINATOR(S) W2-6.1-100.pdf SIGNATURE / DATE (If processing electronic approval select option)

Stephen G. Bransfield Electronically Approved***

REVIEWER(S) W2-6.1-100.pdf SIGNATURE / DATE Richard M. Paese Electronically Approved***

SIGNATURE / DATE SIGNATURE / DATE VERIFIER(S) W2-6.1-100.pdf SIGNATURE / DATE Verification Method: Independent Review Jeffrey L. Arndt Electronically Approved***

APPLICABILITY REVIEWER W2-6.1-100.pdf SIGNATURE / DATE N/A RESPONSIBLE MANAGER* W2-6.1-100.pdf SIGNATURE / DATE Robert B. Phillips Electronically Approved***

  • Approval of the responsible manager signifies that the document and all required reviews are complete, the appropriate proprietary class has been assigned, electronic file has been provided to the EDMS, and the document is released for use.

This document may contain technical data subject to the export control laws of the United States. In the event that this document does contain such information, the Recipients acceptance of this document constitutes agreement that this information in document form (or any other medium), including any attachments and exhibits hereto, shall not be exported, released or disclosed to foreign persons whether in the United States or abroad by recipient except in compliance with all U.S. export control regulations. Recipient shall include this notice with any reproduced or excerpted portion of this document or any document derived from, based on, incorporating, using or relying on the information contained in this document.

      • Electronically approved records are authenticated in the electronic document management system.

W2-6.1-100.F02, Rev. 0 WGMS/W2-6.1-100.F02.dotx Effective Date: JAN-08-2016

Westinghouse Non-Proprietary Class 3 WCAP-17179-NP APP-GW-GLR-144 Revision 6 AP1000 Component Interface Module Technical Report Stephen G. Bransfield*

Principal Engineer, Standard Hardware Components April 2016 Technical Reviewer: Jeffrey L. Arndt*

Senior Engineer, Standard Hardware Components Licensing Reviewer: Richard M. Paese*

Principal Licensing Engineer, US Licensing & Regulator Support Approver: Robert B. Phillips*

Manager, Standard Hardware Components

  • Electronically approved records are authenticated in the electronic document management system.

Westinghouse Electric Company LLC 1000 Westinghouse Drive Cranberry Township, PA 16066, USA

© 2016 Westinghouse Electric Company LLC All Rights Reserved

ii REVISION HISTORY RECORD OF CHANGES Revision Author Description 0 Thomas W. Tweedle Initial Release 1 Thomas W. Tweedle This update incorporates the following changes:

  • Added additional CIM technical overview information to Section 2.1. This information includes a description of the CIM/SRNC feedback signals, and the differences between the SRNC and Ovation RNC. This section has been updated as part of RAI-SRP7.0-ICE-06.
  • Added additional information for the Z port connections, subsection 2.3.1.1.4. This section has been updated per RAI-SRP7.0-ICE-01.
  • Added additional information on CIM addressing inputs and their functions, subsection 2.3.1.1.5. This section has been updated per RAI-SRP7.0-ICE-08.
  • Updated description of the CIM priority logic, including the block overload description, subsection 2.3.1.2.4.

This section has been updated per RAI-SRP7.0-ICE-04.

  • Updated information on CIM modes of operation, subsection 2.3.1.2.8. This section has been updated per RAI-SRP7.0-ICE-05.
  • Updated information on SRNC modes of operation, subsection 2.3.2.2.6. This section has been updated per RAI-SRP7.0-ICE-05.
  • Updated the definitions page to define additional terms relating to the CIM/SRNC operational modes.

These definitions have been updated per RAI-SRP7.0-ICE-05.

  • Updated the Westinghouse/CS Innovations development process to describe the high quality software development process (Section 2.7) and Figure 2-10. This section and figure have been updated per RAI-SRP7.0-ICE-11.
  • Updated Figure 2-3, CIM Block Diagram, for clarity of isolation points. This figure has been updated per RAI-SRP7.0-ICE-07.
  • Added References 22 and 23 to support updated text in applicable sections.
  • Fixed minor typographical and grammatical errors.

This update is a Class 3 DCP implementation.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

iii REVISION HISTORY (cont.)

RECORD OF CHANGES (cont.)

Revision Author Description 2 Thomas W. Tweedle This update incorporates the following changes:

  • The definition of default state is revised in the definitions section per RAI-SRP7.0-ICE-05.
  • Deleted the CIM development process description, Section 2.7, per RAI-SRP7.0-ICE-11.
  • Added additional information to Section 2.5.3 to describe the failure modes of the HSL/X bus links between PMS and the CIMs. This additional information is per RAI-SRP7.0-ICE-03.
  • Updated CIM block diagram, Figure 2-3, to more clearly define the isolation points. This update is per RAI-SRP7.0-ICE-07.
  • Deleted cyber security information. This information is deleted as a result of RAI-SRP-DAS-11 which states that all cyber security information shall be deleted from various technical reports, including the CIM technical report.

This update is a Class 3 DCP implementation.

3 Stephen G. Bransfield Made following changes per DCP APP-GW-GEE-3892:

Added Black Box Testing to the DEFINITIONS Revised Section 2.9.4, Human Diversity, to align with AP1000 PMS-DAS Diversity White Paper, IC-12-041.

4 Stephen G. Bransfield The bracketing in Section 2.9 modified.

Incorporates E&DCR No. APP-GW-GEF-709.

5 Stephen G. Bransfield Revised revision levels of Reference 13; WCAP-15775 to Rev. 5 and Reference 22; WCAP-17184 to Rev. 6.

Incorporates E&DCR No. APP-GW-GEF-748 WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

iv REVISION HISTORY (cont.)

RECORD OF CHANGES (cont.)

Revision Author Description 6 Stephen G. Bransfield This revision affects the following documents:

Proprietary WCAP-17179-P Revision 6 APP-GW-GLR-143 Revision 6 Non-Proprietary WCAP-17179-NP Revision 6 APP-GW-GLR-144 Revision 6 Incorporated the following changes per DCP APP-GW-GEE-5133:

CAPAL 100014591:

  • Sections 2.1, 8th para; 2.3.1.1.4, 2nd para; and 2.3.1.2.4, 2nd para; revised the incorrect assertion that the Z port is not used in the AP1000 application. Changed to A subset of CIMs receives a Z port input from the PMS in the AP1000 application.
  • Section 2.3.1.2, 1st para. Revised 6105-20004 to 6105-20014, and added associated title and Reference citation.
  • Section 2.3.2.2, Revised 6105-10004 to 6105-10014, and added associated title and Reference citation.

CAPAL 100002233:

  • Section 2.5.1.1.2, 1st section. Revised 1.5 Vdc to 2.5 Vdc.
  • Section 2.5.1.1.2, 3rd section. Revised 1.5 Vdc to 2.5 Vdc.

CAPALs 100023921 and 100038964:

  • Section 2.9.4, 1st para. 2nd sentence. Revised The functionality of the CIM and DAS are different, and this reduces the chances that a common cause fault can be made in both designs. to The functionality of the CIM and DAS are not similar, and this reduces the chances that a common error can be made in both designs.
  • Section 2.9.4, 1st para. 3rd sentence. Revised The FPGA Logic used in the DAS, as compared to the FPGA logic used in the CIM, is humanly diverse with respect to the following lifecycle activities: to The FPGA Logic used in the DAS maintains human diversity with respect to the FPGA logic used in the CIM for the following lifecycle activities:

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

v REVISION HISTORY (cont.)

RECORD OF CHANGES (cont.)

Revision Author Description 6 Stephen G. Bransfield Revised Section 2.3.1.1.4, 2nd para; to add when not utilized by the (cont.) plant to 2nd sentence.

Revised Section 2.3.1.2, 2nd para; to correct location of Logic Figures.

Revised Section 2.5.1.1.1, 4th para; to remove reference to CS Innovations proprietary.

Revised Section 2.5.1.1.1, 6th para; to remove reference to CS Innovations proprietary.

Revised Front Matter: (ACRONYMS and DEFFINITIONS) to indicate Advanced Logic Systems, ALS and AP1000 are registered trademark. Also added seven acronyms and one definition. Minor reference wording for Default State definition.

Revised Front matter (REFERENCES) to update revision levels to

  1. 8, #9, #15, #16, #18 thru #21 and #23. Added: (new) #26 and citation.

Moved content of REFERENCES #13, #14, #15 and #22 to new BIBLIOGRAPHY section and labeled REFERENCES #13, #14,

  1. 15 and #22 Deleted. Added appropriate Bibliog citations.

Entire document - Per current trademark guidelines, all usage of term AP1000 is to be bold.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

vi TABLE OF CONTENTS LIST OF TABLES ..................................................................................................................................... viii LIST OF FIGURES ..................................................................................................................................... ix ACRONYMS AND TRADEMARKS .......................................................................................................... x DEFINITIONS ............................................................................................................................................ xii REFERENCES .......................................................................................................................................... xiv BIBLIOGRAPHY ...................................................................................................................................... xvi 1 INTRODUCTION ........................................................................................................................ 1-1 1.1 PURPOSE ........................................................................................................................ 1-1 1.2 SCOPE ............................................................................................................................. 1-1 2 TECHNICAL DESCRIPTION ..................................................................................................... 2-1 2.1 CIM SYSTEM OVERVIEW ........................................................................................... 2-1 2.2 CIM SYSTEM DESCRIPTION ...................................................................................... 2-2 2.3 HARDWARE DESCRIPTION ........................................................................................ 2-4 2.3.1 Component Interface Module .......................................................................... 2-4 2.3.2 Safety Remote Node Controller .................................................................... 2-12 2.3.3 Transition Panels ........................................................................................... 2-16 2.3.4 Base Plates ..................................................................................................... 2-17 2.3.5 Branch Terminator ......................................................................................... 2-21 2.4 SYSTEM INTERFACES ............................................................................................... 2-21 2.4.1 Communications Interfaces ........................................................................... 2-21 2.4.2 Class 1E/Non-1E Isolation ............................................................................ 2-22 2.4.3 Discrete Interfaces ......................................................................................... 2-22 2.4.4 Actuators Controlled by CIM ........................................................................ 2-22 2.5 SYSTEM DIAGNOSTICS AND FAULT INDICATIONS ........................................... 2-23 2.5.1 Diagnostics .................................................................................................... 2-23 2.5.2 Fault Indications ............................................................................................ 2-26 2.5.3 X Bus Failures ............................................................................................... 2-29 2.6 SYSTEM OPERATION ................................................................................................ 2-29 2.6.1 Time Response .............................................................................................. 2-29 2.6.2 CIM and SRNC Operational Modes .............................................................. 2-29 2.7 EQUIPMENT QUALIFICATION ................................................................................. 2-29 2.8 RELIABILITY............................................................................................................... 2-30 2.8.1 FMEA ............................................................................................................ 2-30 2.8.2 MTBF ............................................................................................................ 2-30 2.9 DIVERSITY .................................................................................................................. 2-30 2.9.1 Design Diversity ............................................................................................ 2-30 2.9.2 Equipment Diversity ...................................................................................... 2-31 2.9.3 Functional Diversity ...................................................................................... 2-31 2.9.4 Human Diversity ........................................................................................... 2-31 2.9.5 Signal Diversity ............................................................................................. 2-31 WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

vii TABLE OF CONTENTS (cont.)

2.9.6 Software Diversity ......................................................................................... 2-32 2.9.7 Diversity Summary ........................................................................................ 2-32 2.10 HUMAN FACTORS AND MAINTENANCE CONSIDERATIONS ........................... 2-32 2.11 OPERATING HISTORY ............................................................................................... 2-33 3 REGULATORY COMPLIANCE ................................................................................................. 3-1 3.1 IEEE 603 .......................................................................................................................... 3-1 3.2 DI&C-ISG-04 .................................................................................................................. 3-1 3.2.1 DI&C-ISG-04, Section 1, Interdivisional Communications ........................ 3-1 3.2.2 DI&C-ISG-04, Section 2, Command Prioritization ..................................... 3-3 WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

viii TABLE OF CONTENTS (cont.)

LIST OF TABLES Table 2-1 CIM LED Designations ................................................................................................... 2-6 Table 2-2 SRNC LED Designations .............................................................................................. 2-12 WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

ix TABLE OF CONTENTS (cont.)

LIST OF FIGURES Figure 2-1 CIM System ..................................................................................................................... 2-3 Figure 2-2 CIM Output Devices ........................................................................................................ 2-5 Figure 2-3 CIM Block Diagram ...................................................................................................... 2-11 Figure 2-4 SRNC Block Diagram ................................................................................................... 2-15 Figure 2-5 Double Width Transition Panel ...................................................................................... 2-16 Figure 2-6 Single Width Transition Panel ....................................................................................... 2-17 Figure 2-7 CIM Base Plate with CIMs Installed ............................................................................. 2-18 Figure 2-8 SRNC Base Plate with SRNCs Installed ....................................................................... 2-20 Figure 2-9 Overlap Testing .............................................................................................................. 2-24 WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

x ACRONYMS AND TRADEMARKS Acronyms used in the document are defined in WNA-PS-00016-GEN, Standard Acronyms and Definitions (Reference 16), or included below to ensure unambiguous understanding of their use within this document.

Acronym Definition ABB Asea Brown Boveri, Inc.

AC160 Advant Controller 160 ALS Advanced Logic System AOV Air Operated Valve CIM Component Interface Module CRC Cyclic Redundancy Check DAS Diverse Actuation System DC Direct Current DC/DC Direct Current to Direct Current DWTP Double Width Transition Panel EIA Electronic Industries Alliance (now disbanded)

EMC Electromagnetic Compatibility ESD Electrostatic Discharge FMEA Failure Mode and Effects Analysis FPGA Field Programmable Gate Array HSL High Speed Link I&C Instrumentation and Control I/O Input/Output ISG Interim Staff Guidance LED Light Emitting Diode MOV Motor Operated Valve MTBF Mean Time Before Failure NRC Nuclear Regulatory Commission PCB Printed Circuit Board PLS Plant Control System PMS Protection and Safety Monitoring System RNC Remote Node Controller RX Receive SOV Solenoid Operated Valve SRNC Safety Remote Node Controller SWTP Single Width Transition Panel TIA Telecommunications Industry Association TWI Two Way Interface TX Transmit Vdc Voltage Direct Current WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

xi ACRONYMS AND TRADEMARKS (cont.)

Advant is a registered trademark of ABB Process Automation Corporation.

Advanced Logic System, ALS, and AP1000 are trademarks or registered trademarks of Westinghouse Electric Company LLC, its affiliates and/or its subsidiaries in the United States of America and may be registered in other countries throughout the world. All rights reserved. Unauthorized use is strictly prohibited. Other names may be trademarks of their respective owners.

Ovation is a registered trademark of Emerson Process Management.

All other product and corporate names used in this document may be trademarks or registered trademarks of other companies, and are used only for explanation and to the owners benefit, without intent to infringe.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

xii DEFINITIONS Term Definition AC160 Asea Brown Boveri (ABB) Advant Controller Series 160. An ABB open control system family product line.

Black Box Testing The testing of a component or system in the target hardware without reference to the internal structure of the component or system.

Testing focuses solely on the outputs generated in response to selected inputs and execution conditions.

CIM System A system of Component Interface Module (CIM) components that work together to provide component control with command prioritization from safety and non-safety systems. The CIM system components consist of the CIM, Safety Remote Node Controller (SRNC), Double Width Transition Panel (DWTP), Single Width Transition Panel (SWTP), and branch terminator.

Default State The state of the CIM output devices and the CIM data passed from the SRNC to the CIM, when the CIM and SRNC are not in operational mode.

The default state of the CIM output devices is described in R004.50, Component Interface Module Hardware Requirements Specification, WNA-DS-01271-GEN, (Reference 8). [

]a,c The default state of the CIM data passed from the SRNC to the CIM is described in R004.2, Safety System Remote Node Controller Requirements Specification WNA-DS-01272-GEN, (Reference 9).

[

]a,c Operational Mode A mode of operation where the power supplied to the Field Programmable Gate Array (FPGA) is within the predetermined acceptable range. In this mode, the CIM and SRNC are fully functional and operational.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

xiii DEFINITIONS (cont.)

Term Definition Ovation A real-time monitoring and control system product of Emerson Process Management.

PM646A The processor module that is used in the AC160 application.

Reset Mode [

]a,c RS422 or RS485 Standard communication interfaces. These former Electronic Industries Alliance (EIA) standards are now maintained by the Telecommunications Industry Association (TIA) and define electrical characteristics of drivers and receivers used in digital communication systems.

RS422 utilizes a single driver circuit and up to 10 receivers in a balanced digital interface circuit point-to-point or multi-drop topology.

RS485 is an improvement over RS422 and allows for up to 32 loads (drivers or receivers) in a balanced digital interface circuit multipoint system.

Two Way Interface (TWI) A standard connector that is used in the CIM system.

Connector WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

xiv REFERENCES

1. IEEE Standard 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations, Institute of Electrical and Electronics Engineers, Inc.
2. Deleted.
3. Interim Staff Guidance, Digital Instrumentation and Controls, DI&C-ISG-04, Task Working Group #4, Highly-Integrated Control Rooms - Communications Issues (HICRc), U.S. Nuclear Regulatory Commission, September 2007.
4. NUREG/CR-6303, Method for Performing Diversity and Defense-in-Depth Analysis of Reactor Protection Systems, Lawrence Livermore Nuclear Laboratory, December 1994.
5. Deleted.
6. 10 CFR 50, Appendix B, Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants, U.S. Nuclear Regulatory Commission, August 2007.
7. Regulatory Guide 1.106, Rev. 1, Thermal Overload Protection for Electric Motors on Motor-Operated Valves, U.S. Nuclear Regulatory Commission, March 1977.
8. WNA-DS-01271-GEN (Proprietary), Rev. 10, Component Interface Module Hardware Requirements Specification, Westinghouse Electric Company LLC.
9. WNA-DS-01272-GEN (Proprietary), Rev. 9, Safety System Remote Node Controller Requirements Specification, Westinghouse Electric Company LLC.
10. Deleted.
11. Deleted.
12. Deleted.
13. Deleted.
14. Deleted
15. Deleted
16. WNA-PS-00016-GEN (Proprietary), Rev. 7, Standard Acronyms and Definitions, Westinghouse Electric Company LLC.
17. Deleted.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

xv REFERENCES (cont.)

18. 6105-10003 (Proprietary), Rev. 4, SRNC Hardware Specification, Westinghouse Electric Company LLC.
19. 6105-20003 (Proprietary), Rev. 4, CIM Hardware Specification, Westinghouse Electric Company LLC.
20. 6105-10004 (Proprietary), Rev. 13, SRNC FPGA Software Requirements Specification, Westinghouse Electric Company LLC.
21. 6105-20004 (Proprietary), Rev. 17, CIM FPGA Software Requirements Specification, Westinghouse Electric Company LLC.
22. Deleted.
23. APP-PMS-J4-102 (Proprietary), Rev. 14, AP1000 Protection and Safety Monitoring System Software Requirements Specification, Westinghouse Electric Company LLC.
24. 6105-10014 (Proprietary), Rev. 5, SRNC FPGA Software Design Description, Westinghouse Electric Company LLC.
25. 6105-20014 (Proprietary), Rev. 5, CIM FPGA Software Design Description, Westinghouse Electric Company LLC.
26. WNA-DS-02331-GEN (Proprietary), Rev. 2, Component Interface Module Logic Specification, Westinghouse Electric Company LLC.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

xvi BIBLIOGRAPHY The following is a list of sources that were considered in preparing this document. Revisions cited were consulted at the time of writing. Revisions to the documents listed below do not require a revision to this document; therefore users should consult the latest approved revision.

1. WCAP-15775 (Non-Proprietary), Rev. 5, AP1000 Instrumentation and Control Defense-In-Depth and Diversity Report, Westinghouse Electric Company LLC.
2. WCAP-17184-P (Proprietary), Rev. 6, AP1000 Diverse Actuation System Planning and Functional Design Summary Technical Report, Westinghouse Electric Company LLC.
3. WCAP-15776, Rev. 0, Safety Criteria for the AP1000 Instrumentation and Control Systems, Westinghouse Electric Company LLC.
4. WCAP-16438-P (Proprietary), Rev. 6, FMEA of AP1000 Protection and Safety Monitoring System, Westinghouse Electric Company LLC.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

1-1 1 INTRODUCTION 1.1 PURPOSE The purpose of this report is to describe the Component Interface Module (CIM) system components.

The intent of this technical report is to obtain U.S. Nuclear Regulatory Commission (NRC) review and approval for use of the CIM system components in the AP1000 nuclear safety-related instrumentation and control (I&C) application, and to identify the bounding conditions under which approval is granted.

The CIM system components are logic based modules that do not use microprocessors or software for operation, but instead utilize architecture based on programmable technology. The logic is implemented using field programmable gate array (FPGA) technology. The CIM system components have been developed as nuclear safety-related (Class 1E) products by CS Innovations, a 10 CFR Part 50, Appendix B supplier (Reference 6) and wholly owned subsidiary of Westinghouse Electric Company.

1.2 SCOPE The scope of this report is limited to the CIM system components. These components include the hardware and their associated external interfaces [ ]a,c described in Section 2.2.

This technical report considers the CIM system applied in the AP1000.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-1 2 TECHNICAL DESCRIPTION 2.1 CIM SYSTEM OVERVIEW The CIM system is designed to interface a field component to the Protection and Safety Monitoring System (PMS) and the Plant Control System (PLS). The CIM priority logic function arbitrates between PMS and PLS demands. The CIM component control logic generates a component demand based on the priority logic outputs and field component feedback signals.

Communication with the PMS is accomplished with the Safety Remote Node Controller (SRNC) assembly. [ ]a,c The SRNC module accepts a high speed link (HSL) connection. [ ]a,c The SRNC communicates with each CIM through a safety bus known as the X bus. The X bus is an independent, bidirectional link between the CIM and the SRNC. The PMS communication link is known as the X port. The SRNC assembly and X bus structure is depicted in Figure 2-1.

The PMS can send an open, close, or stop demand. In addition to the PMS demands received over port X, the PMS can also send three configuration commands to the CIM. These commands are port Y enable, maintenance mode, and output test enable. [

]a,c The CIM feedback and status signals are transmitted to the SRNC via the X bus. The CIM and SRNC status and feedback signals are transmitted to Common Q via the HSL. [

]a,c The CIMs communicate with the PLS through an Ovation Remote Node Controller (RNC).

The Ovation RNC bus is known as the Y bus. The CIM can receive PLS demands from the RNC and transmit status feedback information to the RNC.

The Ovation RNC and the SRNC are physically different modules, designed and built by different companies. The Ovation equipment is a standard Emerson Process Management product. The SRNC (and CIM) have been developed by CS Innovations for the AP1000 application. The SRNC modules do not fit into or connect with the Ovation RNC modules or base plate assembly. The Ovation RNC connection is a fiber optic connection, while the SRNC connection is a DB-25 copper connection. The physical differences between the Ovation RNC and SRNC preclude maintenance errors.

A manual control located on each CIM provides local maintenance and test features for each field component. [ ]a,c A status bit is sent to the PMS and PLS processors when local mode is enabled.

The CIM has two Z port inputs that can be used for connection with a high priority system. A subset of CIMs receives a Z port input from the PMS in the AP1000 application.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-2 2.2 CIM SYSTEM DESCRIPTION The CIM system comprises one to thirty-two CIMs assembled on one to sixteen CIM base plates, two SRNCs assembled on one SRNC base plate, one double width transition panel (DWTP), up to two single width transition panels (SWTP), and one to four branch terminating devices. The CIM system can have one to four branches of CIMs; each branch can have one to eight CIMs. Each CIM controls one component, and each CIM base plate can accommodate one or two CIMs. The SRNC base plate provides for two SRNC modules that comprise the redundant safety system communication.

The DWTP connects two branches of CIMs to the SRNC base plate, redundant 24 volts direct current (Vdc) power supplies and the non-safety Ovation RNC. The DWTP also provides two connectors for interconnection with the SWTP. The SWTP connects one branch of CIMs to the DWTP.

The CIM base plate back plane printed circuit board (PCB) distributes the X and Y buses to each CIM and extends the X and Y buses to the next base plate. The CIM back plane PCB also distributes redundant power supply feeds to each CIM and extends the power supply feeds to the next base plate.

The base plate connects the CIM to the field component through the use of terminal blocks, facilitating rapid maintenance and repair activities without disturbing field wiring.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-3 a,c Figure 2-1. CIM System WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-4 2.3 HARDWARE DESCRIPTION The five standard components of the CIM system are described below.

2.3.1 Component Interface Module

[ ]a,c 2.3.1.1 Module Level Functional Description 2.3.1.1.1 Power Supply The CIM supports a redundant 24 Vdc power supply feed. The redundant power supply feed is

[ ]a,c utilized within the CIM. Transient voltage suppression is provided for over voltage protection. [

]a,c 2.3.1.1.2 Field Input Circuits The CIM supports [ ]a,c digital inputs that can receive field component feedback information.

[

]a,c The status of each field input is available to the PMS and the PLS.

[

]a,c 2.3.1.1.3 Local Control Input Circuits The CIM includes a local control interface located on the front panel of the CIM. [

]a,c The status of the local control [ ]a,c is available to the PMS and the PLS for indication of CIM status.

2.3.1.1.4 Z Port Input Circuits The CIM supports two digital inputs that can receive commands from a high priority system.

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-5

[

]a,c The design of the Z port terminal connections are dissimilar to the connections used for the X and Y ports. The Z port terminal block connections are designed to mitigate a short circuit condition across the terminal connectors. Normal maintenance activities do not utilize the Z port input connections, thus precluding a maintenance error.

2.3.1.1.5 Address Input Circuits

[

]a,c 2.3.1.1.6 Output Circuits The CIM has two outputs to interface with the field device. [

]a,c a,c Figure 2-2. CIM Output Devices 2.3.1.1.7 LED Indicators The CIM has twenty-one light emitting diodes (LEDs) located on the front panel for indication of the module status. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-6 Table 2-1 CIM LED Designations a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-7 2.3.1.2 FPGA Level Functional Description

[

]a,c 2.3.1.2.1 X Bus Communication Functions The X bus communication function provides the communications interface between the CIM and SRNC.

[

]a,c The X bus protocol is described in subsection 2.4.1.2.

[

]a,c 2.3.1.2.2 Y Bus Communication Functions The Y bus communication function provides the communications interface between the CIM and Ovation RNC. The Y bus protocol is described in subsection 2.4.1.3.

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-8

[

]a,c 2.3.1.2.3 Communication Buffers

[

]a,c 2.3.1.2.4 Priority Logic

[

]a,c The priority logic function takes inputs from the X port, Y port, Z port and local control port. [

]a,c The priority logic module has [ ]a,c output signals that interface to the component control logic.

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-9 2.3.1.2.5 Component Control Logic The component control logic interfaces the field component with the [

]a,c priority logic. The component control logic utilizes [ ]a,c feedbacks from the field component. [

]a,c The PLS and the PMS monitor the available feedback from the component and can generate discrepancy detection signals if the component motion does not start or if the component does not reach the commanded state in a predetermined amount of time.

[

]a,c 2.3.1.2.6 LED Control Module The LED control module is used to interface the CIM FPGA with twenty-one LED indicators (subsection 2.3.1.1.7). The LED control module receives status and control information from the field inputs, outputs, internal logic states and test functions to determine the status of each indicator.

2.3.1.2.7 FPGA Test Functions The CIM FPGA contains [ ]a,c test features for the safety system actuation path. These test features are described in subsection 2.5.1.1.1.

2.3.1.2.8 Operational Modes of the CIM The CIM has design features to provide deterministic operation of the CIM. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-10

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-11 a,c Figure 2-3. CIM Block Diagram WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-12 2.3.2 Safety Remote Node Controller

[ ]a,c 2.3.2.1 Module Level Functional Description 2.3.2.1.1 Power Supply The SRNC supports a redundant 24 Vdc power supply feed. The redundant power supply feed is

[ ]a,c utilized within the SRNC. Transient voltage suppression is provided for over voltage protection. [

]a,c 2.3.2.1.2 LED Indicators The SRNC has seven light emitting diodes (LEDs) located on the front panel for indication of the module status. [

]a,c Table 2-2 SRNC LED Designations a,c 2.3.2.2 FPGA Level Functional Description

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-13 2.3.2.2.1 HSL Communication Functions The HSL communication functions interface the SRNC to the PM646A. [

]a,c 2.3.2.2.2 X Bus Communication Functions

[

]a,c 2.3.2.2.3 Communication Buffers

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-14 2.3.2.2.4 LED Control Module The LED control module is used to interface the SRNC FPGA with seven LED indicators (subsection 2.3.2.1.2). The LED control module receives status and diagnostic information to determine the status of each indicator.

2.3.2.2.5 FPGA Test Functions The SRNC FPGA contains [ ]a,c test features for the safety system actuation path. These test features are described in subsection 2.5.1.1.1.

2.3.2.2.6 Operational Modes of the SRNC The SRNC has design features to provide deterministic operation of the SRNC. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-15 a,c Figure 2-4. SRNC Block Diagram WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-16 2.3.3 Transition Panels 2.3.3.1 Double Width Transition Panel The DWTP connects [ ]a,c CIM base plates to the SRNC base plate, Ovation RNC assembly, and redundant 24 Vdc power feeds. [

]a,c a,c Figure 2-5. Double Width Transition Panel 2.3.3.2 Single Width Transition Panel The SWTP connects one CIM base plate branch to the DWTP. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-17 a,c Figure 2-6. Single Width Transition Panel 2.3.4 Base Plates The CIM and SRNC base plates provide a physical mounting location for the CIM and SRNC modules.

[

]a,c 2.3.4.1 CIM Base Plate

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-18 a,c Figure 2-7. CIM Base Plate with CIMs Installed Note: This figure is for illustrative purposes only and may not represent the final configuration or connection as installed into the PMS.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-19 2.3.4.2 SRNC Base Plate

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-20 a,c Figure 2-8. SRNC Base Plate with SRNCs Installed Note: This figure is for illustrative purposes only and may not represent the final configuration or connection as installed into the PMS.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-21 2.3.5 Branch Terminator The branch terminator is installed on the last CIM base in each branch. [

]a,c 2.4 SYSTEM INTERFACES 2.4.1 Communications Interfaces 2.4.1.1 High Speed Link The PM646A processor and SRNC module communicate with the HSL protocol. [

]a,c 2.4.1.2 X Bus The communication protocol that CIMs and the SRNC use to communicate is the X bus protocol.

[

]a,c 2.4.1.3 Y Bus The communication protocol that is used with the PLS is the Ovation I/O bus. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-22 2.4.2 Class 1E/Non-1E Isolation

[

]a,c 2.4.3 Discrete Interfaces The CIM has four sets of discrete interfaces that are used for control and connection with plant components. The field input circuits (subsection 2.3.1.1.2) connect with status feedback indicators that receive component status information. The local control input circuits (subsection 2.3.1.1.3) provide a local interface for the CIM. [ ]a,c The Z port input circuits (subsection 2.3.1.1.4) connect with a high priority system. The CIM outputs (subsection 2.3.1.1.5) interface the CIM open and close commands to the field device.

2.4.4 Actuators Controlled by CIM The CIM interfaces with components of the following types:

  • Motor Control Centers
  • Circuit Breakers

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-23 2.5 SYSTEM DIAGNOSTICS AND FAULT INDICATIONS 2.5.1 Diagnostics 2.5.1.1 Continuous Diagnostics 2.5.1.1.1 Safety Path Testing

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-24 a,c Figure 2-9. Overlap Testing

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-25

[

]a,c 2.5.1.1.2 Additional Continuous Diagnostics The following sections detail additional diagnostics for the CIM and SRNC modules that support safety path testing.

SRNC - Power Supply Monitors The SRNC monitors the 24 Vdc power supply feed [ ]a,c to ensure the supplied voltage is within the operating range of the SRNC. If the voltage is not within range, the SRNC will visually indicate this condition on the front panel status LEDs, as well as transmit this condition to the PMS and the PLS.

[

]a,c CIM - Ground Fault Detection The field feedback inputs are provided with ground fault detection capabilities. A ground fault occurs if there is current flow between the field input channel and earth ground. This condition is transmitted to the PMS and the PLS.

CIM - Power Supply Monitors The CIM monitors the 24 Vdc power supply feed to ensure the supplied voltage is within the operating range of the CIM. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-26

[

]a,c 2.5.1.2 Periodic Diagnostics

[

]a,c 2.5.2 Fault Indications 2.5.2.1 Local Indications Specific fault indications are indicated locally on CIM and SRNC front panel LED display. The fault indications are listed as follows. For an explanation of the front panel indicators, see subsection 2.3.1.1.7 for the CIM and subsection 2.3.2.1.2 for the SRNC.

CIM:

  • [ ]a,c
  • 24V-A LED indicator not lit: The 24V-A power supply feed does not have a voltage applied that is in the operating range of the CIM.
  • 24V-B LED indicator not lit: The 24V-B power supply feed does not have a voltage applied that is in the operating range of the CIM.
  • Flashing Z-Port LED indicator: Ground fault or 48 Vdc wetting power supply failure.
  • Flashing Field Input LED indicator: Ground fault or 48 Vdc wetting power supply failure.
  • X bus indicator not lit: The CIM is not communicating on the X bus.
  • Y bus indicator not lit: The CIM is not communicating on the Y Bus.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-27 SRNC:

  • 24V-A LED indicator not lit: The 24V-A power supply feed does not have a voltage applied that is in the operating range of the CIM.
  • 24V-B LED indicator not lit: The 24V-B power supply feed does not have a voltage applied that is in the operating range of the CIM.
  • X bus indicators: LED indicators are provided for the X bus branches. The indicator is not lit when the SRNC is not communicating on the specific X bus branch.
  • HSL indicator not lit: The SRNC is not communicating across the HSL.

2.5.2.2 Remote Indications Specific fault indications are sent to the PMS and the PLS via each respective communication link.

The following list details the fault indications that are sent:

CIM:

  • [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-28

  • [

]a,c SRNC:

  • [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-29 2.5.3 X Bus Failures

[

]a,c 2.6 SYSTEM OPERATION 2.6.1 Time Response Time response of the CIM system is defined by the requirements listed in References 8 and 9.

2.6.2 CIM and SRNC Operational Modes Operational mode of the CIM and SRNC modules will begin once the transition from reset mode has occurred (subsections 2.3.1.2.8 and 2.3.2.2.6). The operational mode of the CIM and SRNC is not affected during different modes (test, normal operation, etc.) the plant may operate in. The CIM priority and component control logic does not change for any plant operational mode.

2.7 EQUIPMENT QUALIFICATION The CIM system components will undergo two sets of equipment qualification tests. The first set will be completed under the CS Innovations process. [

]a,c The second set of tests will be conducted under the Westinghouse process.

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-30

[

]a,c 2.8 RELIABILITY 2.8.1 FMEA The Failure Mode and Effects Analysis (FMEA) is a qualitative evaluation which identifies failure modes that contribute to a systems unreliability. The FMEA identifies significant single failures and their effects or consequences on the systems ability to perform its functions. [

]a,c 2.8.2 MTBF

[

]a,c 2.9 DIVERSITY WCAP-15775, AP1000 Instrumentation and Control Defense-In-Depth and Diversity Report (Bibliog 1), provides a diversity evaluation for the overall plant design. WCAP-17184, AP1000 Diverse Actuation System Planning and Functional Design Summary Technical Report (Bibliog 2), addresses the diversity that is provided in the I&C system. The following evaluation will focus on the diversity requirements for the CIM and SRNC and support the two aforementioned diversity evaluations.

The CIM and SRNC provide the control of the safety-related components through the PMS.

This actuation path must be diverse from the path that is provided in the Diverse Actuation System (DAS). The Advanced Logic System (ALS) is the core of the DAS. This evaluation will focus on the diversity between the CIM and ALS, and evaluates each of the elements of diversity included in NUREG/CR-6303, Method for Performing Diversity and Defense-in-Depth Analysis of Reactor Protection Systems (Reference 4).

2.9.1 Design Diversity Design diversity is the use of different methods to solve similar problems. Both the DAS and CIM are based on FPGA technology, but different FPGAs are used. [

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-31 The architectures of the DAS and CIM are different. The DAS architecture is based on input, output, and logic boards that are in a card rack. [

]a,c 2.9.2 Equipment Diversity Equipment diversity is the use of different hardware to perform similar safety functions. For the purposes of equipment diversity, different means sufficiently dissimilar as to significantly decrease vulnerability to a common failure. As described previously, the DAS and CIM use different FPGAs in different architectures. There are no common hardware modules used in the CIM and DAS designs, the internal communication is different and the power supply is different.

2.9.3 Functional Diversity Two systems are functionally diverse if they perform different physical functions though they may have overlapping safety effects. [

]a,c The CIM and DAS both actuate plant components, but the actuation paths are different.

2.9.4 Human Diversity The purpose of human diversity is to reduce the chance of common errors in similar designs.

The functionality of the CIM and DAS are not similar, and this reduces the chances that a common error can be made in both designs. The FPGA Logic used in the DAS maintains human diversity with respect to the FPGA logic used in the CIM, for the following lifecycle activities:

  • Design Activities (i.e., different FPGA logic design teams for activities such as the preparation of design specifications and development of the application logic in the hardware descriptive language)
  • Implementation Activities (i.e., different FPGA logic design teams for activities required to physically program the FPGA chip such as simulation, synthesis and place and route tasks)
  • Black Box Test Activities (i.e., different IV&V test teams).

2.9.5 Signal Diversity Signal diversity is the use of different sensed parameters to initiate protective action. [

]a,c The inputs are different, and there are no common signals between the two designs.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-32 2.9.6 Software Diversity Software diversity is the use of different programming or algorithms to perform the same or similar functions. The CIM and SRNC do not contain any software. The functionality of the DAS and CIM are different, and there are no algorithms that are in common between the two designs. [

]a,c 2.9.7 Diversity Summary All of the elements must be evaluated to determine if adequate diversity is provided. By partitioning and assigning design tasks, different designers were used for the CIM and DAS designs. There is no common logic used in the DAS and CIM designs. The designs perform fundamentally different functions, and this provides diversity in signals and functions that are used. There is no common hardware used in the design. This includes the use of different FPGAs. Based on all of the elements of diversity, sufficient diversity between the CIM and DAS is provided.

2.10 HUMAN FACTORS AND MAINTENANCE CONSIDERATIONS The following human factors considerations have been incorporated into the designs of the CIM and SRNC modules. These human factors considerations support maintenance and test features for PMS.

  • [

]a,c

  • Module Replacement The CIM and SRNC base plates have been designed with rigid metal guides to ensure proper module alignment and mating with the backplane. The modules have two thumb screw fasteners to secure the module into the base plate assembly.
  • Module Indicators The CIM and SRNC indicators are straightforward in their design to minimize the chance of misinterpretation. Failures and off-normal conditions are clearly indicated by the behavior of the module indicators.
  • Pre-configured Modules CIM and SRNC FPGA cores are configured prior to shipment and cannot be altered by the customer. This approach improves configuration control of CIM system components and prevents maintenance errors.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

2-33

  • Electrostatic Discharge (ESD)

The CIM and SRNC are qualified for ESD resistance.

  • Local Controls The CIM local controls are designed for their ease of use and indication. [

]a,c

  • Test Points The CIM base plate is designed with test points and field disconnect terminal blocks to aid in maintenance and troubleshooting activities. The field disconnects and test points can be used to test the signal path without disconnecting any field wiring from the base plate.

2.11 OPERATING HISTORY The CIM function has been previously utilized in operating nuclear power plants. The CIM system components are newly designed assemblies and thus have no operating history. The first planned use of the redesigned CIM system assemblies is for the AP1000 application.

WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

3-1 3 REGULATORY COMPLIANCE 3.1 IEEE 603 IEEE 603-1991, IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations (Reference 1), establishes the minimum functional design criteria for the power, instrumentation, and control portions of nuclear power generating station safety systems. The criteria established in IEEE 603 provide a means for promoting safe practices for design and evaluation of safety system performance and reliability. [

]a,c 3.2 DI&C-ISG-04 The NRC Task Working Group #4, Highly Integrated Control Rooms - Communications Issues (Reference 3), has provided interim NRC staff guidance on the review of communications issues.

The interim NRC staff guidance contains three sections: Interdivisional Communications, Command Prioritization, and Multidivisional Control and Display Stations. The third section provides guidance for control displays, which is not applicable to components of the CIM system.

3.2.1 DI&C-ISG-04, Section 1, Interdivisional Communications Section 1 of DI&C-ISG-04 (Reference 3) provides guidance on communications, including transmission of data and information, among components in different electrical safety divisions and communications between a safety division and equipment that is not safety-related. This interim staff guidance (ISG) does not apply to communications within a single division. The ISG provides twenty staff positions in this section. The following statements are the responses to each of the twenty staff positions provided in the ISG.

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

3-2

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

3-3

[

]a,c 3.2.2 DI&C-ISG-04, Section 2, Command Prioritization Section 2 of DI&C-ISG-04 (Reference 3) provides guidance applicable to a prioritization device, which receives device actuation commands from multiple safety and non-safety sources, and sends the command having highest priority on to the actuated device. The ISG provides ten staff positions in this section.

The following statements are the responses to each of the ten staff positions provided in the ISG.

[

]a,c WCAP-17179-NP April 2016 APP-GW-GLR-144 Revision 6

ATTACHMENT 3 Supplement - License Amendment Request Limerick Generating Station, Units 1 and 2 NRC Docket Nos. 50-352 and 50-353 CAW-22-057, WEC Affidavit, in support of WCAP-17179-P, Revision 6

Westinghouse Non-Proprietary Class 3 AFFIDAVIT CAW-22-057 Page 1 of 3 Commonwealth of Pennsylvania:

County of Butler:

(1) I, Zachary Harper, Manager, Licensing Engineering, have been specifically delegated and authorized to apply for withholding and execute this Affidavit on behalf of Westinghouse Electric Company LLC (Westinghouse).

(2) I am requesting the proprietary portions of WCAP-17179-P, Revision 6 be withheld from public disclosure under 10 CFR 2.390.

(3) I have personal knowledge of the criteria and procedures utilized by Westinghouse in designating information as a trade secret, privileged, or as confidential commercial or financial information.

(4) Pursuant to 10 CFR 2.390, the following is furnished for consideration by the Commission in determining whether the information sought to be withheld from public disclosure should be withheld.

(i) The information sought to be withheld from public disclosure is owned and has been held in confidence by Westinghouse and is not customarily disclosed to the public.

(ii) The information sought to be withheld is being transmitted to the Commission in confidence and, to Westinghouses knowledge, is not available in public sources.

(iii) Westinghouse notes that a showing of substantial harm is no longer an applicable criterion for analyzing whether a document should be withheld from public disclosure. Nevertheless, public disclosure of this proprietary information is likely to cause substantial harm to the competitive position of Westinghouse because it would enhance the ability of competitors to provide similar technical evaluation justifications and licensing defense services for commercial power reactors without commensurate expenses. Also, public disclosure of the information would enable others to use the information to meet NRC requirements for licensing documentation without purchasing the right to use the information.

      • This record was final approved on 11/14/2022, 1:26:30 PM. (This statement was added by the PRIME system upon its validation)

Westinghouse Non-Proprietary Class 3 AFFIDAVIT CAW-22-057 Page 2 of 3 (5) Westinghouse has policies in place to identify proprietary information. Under that system, information is held in confidence if it falls in one or more of several types, the release of which might result in the loss of an existing or potential competitive advantage, as follows:

(a) The information reveals the distinguishing aspects of a process (or component, structure, tool, method, etc.) where prevention of its use by any of Westinghouse's competitors without license from Westinghouse constitutes a competitive economic advantage over other companies.

(b) It consists of supporting data, including test data, relative to a process (or component, structure, tool, method, etc.), the application of which data secures a competitive economic advantage (e.g., by optimization or improved marketability).

(c) Its use by a competitor would reduce his expenditure of resources or improve his competitive position in the design, manufacture, shipment, installation, assurance of quality, or licensing a similar product.

(d) It reveals cost or price information, production capacities, budget levels, or commercial strategies of Westinghouse, its customers or suppliers.

(e) It reveals aspects of past, present, or future Westinghouse or customer funded development plans and programs of potential commercial value to Westinghouse.

(f) It contains patentable ideas, for which patent protection may be desirable.

(6) The attached documents are bracketed and marked to indicate the bases for withholding. The justification for withholding is indicated in both versions by means of lower-case letters (a) through (f) located as a superscript immediately following the brackets enclosing each item of information being identified as proprietary or in the margin opposite such information. These lower-case letters refer to the types of information Westinghouse customarily holds in confidence identified in Sections (5)(a) through (f) of this Affidavit.

      • This record was final approved on 11/14/2022, 1:26:30 PM. (This statement was added by the PRIME system upon its validation)

Westinghouse Non-Proprietary Class 3 AFFIDAVIT CAW-22-057 Page 3 of 3 I declare that the averments of fact set forth in this Affidavit are true and correct to the best of my knowledge, information, and belief. I declare under penalty of perjury that the foregoing is true and correct.

Executed on: 11/14/2022 _____________________________

Signed electronically by Zachary Harper

      • This record was final approved on 11/14/2022, 1:26:30 PM. (This statement was added by the PRIME system upon its validation)

CAW-22-057 Revision 0 Non-Proprietary Class 3

    • This page was added to the quality record by the PRIME system upon its validation and shall not be considered in the page numbering of this document.**

Approval Information Manager Approval Harper Zachary S Nov-14-2022 13:26:30 Files approved on Nov-14-2022

      • This record was final approved on 11/14/2022, 1:26:30 PM. (This statement was added by the PRIME system upon its validation)
Retrieved from "https://kanterella.com/w/index.php?title=ML22333A817&oldid=3521587"