ML24003A767
| ML24003A767 | |
| Person / Time | |
|---|---|
| Site: | Hermes File:Kairos Power icon.png |
| Issue date: | 01/03/2024 |
| From: | Kairos Power |
| To: | Office of Nuclear Reactor Regulation |
| Shared Package | |
| ML24003A765 | List: |
| References | |
| KP-NRC-2401-001 | |
| Download: ML24003A767 (1) | |
Text
KP-NRC-2401- 001
Enclosure 1 Changes to Hermes 2 PSAR Chapters 4, 5, 7, and 13 (Non-Proprietary)
PreliminarySafetyAnalysisReport ReactorDescription
Table4.31:ReactorVesselTopHeadPenetrations
NameofPenetration NumberofPenetrations System
PebbleExtractionMachine(PEM) 1 PHSS
PebbleInsertion 2 PHSS
ReactivityShutdownElement 3 RCSS
ReactivityControlElement 4 RCSS
PrimarySaltPump(PSP) 1 PHTS
CoolantFill/DrainLine 2 IMS
InertGasLine 2 IGS
MaterialSurveillanceSystem 1 MSS
NeutronSource 1 RSSReactorStartupSystem
ReserveInstrumentation 3 I&C
ReactorCoolantLevelSensor 4 I&C
ReactorCoolantThermocouple 3 I&C
GraphiteThermocouple 2 I&C
FluidicDiodeInspectionNozzle 4 I&C
KairosPowerHermes2,Units1and2 Revision0437 PreliminarySafetyAnalysisReport HeatTransportSystems
bloweron.Duringnormaloperations,airsurroundingtheHRRisisolatedbetweentheinletandoutletof theHRS.TheairisrecirculatedthroughasubsystemoftheTMSwhichcapturestritiumpermeating throughtheHRRandreturnsairatappropriatetemperaturestoprovidethermalmanagementforthe HRRandlimitheatlosses.FurtherdetailsofthetritiumcapturesubsystemoftheTMSwhichinterfaces withtheHRRareprovidedinSection9.1.3.Duringstartupandnormalshutdownconditions,tritium captureisnotconductedbytheTMSandpermeationlossesthroughtheHRRarereleasedthroughthe HRSasagaseouseffluent.
Thetransitionfrompoweroperationtonormalshutdowncoolinginvolvesaprogrammedrunback(see Section7.2)ofthePSPandactivationactuationoftheheatrejectionblowertominimizethethermal transientexperiencedbythereactorvesselandthePHTS.
TheheatrejectionbloweristrippedconcurrentwiththePSPtopreventforcedairingressduring postulatedHRRtubefailures.
5.1.2 DesignBasis ConsistentwithPDC2,thesafetyrelatedSSCslocatednearthePHTSareprotectedfromtheadverse effectsofpostulatedPHTSfailuresduringadesignbasisearthquake.
ConsistentwithPDC10,thedesignofthereactorcoolantsupportstheassurancethatspecified acceptablesystemradionuclidereleasedesignlimits(SARRDLs)arenotexceededduringanycondition ofnormaloperation,aswellasduringanyunplannedtransients.
ConsistentwithPDC12,thedesignofthereactorcoolant,inpart,ensuresthatpoweroscillations cannotresultinconditionsexceedingspecifiedacceptableSARRDLs.
ConsistentwithPDC16,thedesignofthereactorcoolant,inpart,providesameanstocontrolthe releaseofradioactivematerialstotheenvironmentduringpostulatedeventsaspartofthefunctional containmentdesign.
ConsistentwithPDC33,thedesignofthePHTSincludesantisiphonfeaturestomaintainreactorcoolant inventoryintheeventofbreaksinthesystem.
ConsistentwithPDC60,thedesignofthePHTSsupportsthecontrolofradioactivematerialsduring normalreactoroperation.
ConsistentwithPDC70,thedesignofthePHTSsupportsthepuritycontroloftheprimarycoolantby limitingairingress.
Consistentwith10CFR20.1406,thedesignofthePHTS,totheextentpracticable,minimizes contaminationofthefacilityandtheenvironment,andfacilitateseventualdecommissioning.
5.1.3 SystemEvaluation ThedesignofthenonsafetyrelatedPHTSissuchthatafailureofcomponentsofthePHTSdoesnot affecttheperformanceofsafetyrelatedSSCsduetoadesignbasisearthquake.Inadditiontoprotective barriers,thePHTSpipeconnectionstothereactorvesselnozzleshavesufficientlysmallwallthickness, suchthatifloadedbeyondelasticlimits,inelasticresponseoccursinthePHTSpiping,whichisnon safetyrelated.Thesefeatures,alongwiththeseismicdesigndescribedinSection3.5,demonstrate conformancewiththerequirementsinPDC2.
WhiletheprimarysideofthePHTSisaclosedsystem,thereareconceivablescenariosthatmayresultin thereleaseofradioactiveeffluents.Thefueldesignlocatesthefuelparticlesneartheperipheryofthe fuelpebble,enhancingtheabilityofthefueltotransferheattothecoolant.Thethermalhydraulic analysisofthecore(seeSection4.6)ensuresthatadequatecoolantflowismaintainedtoensurethat
KairosPowerHermes2Unit1and2 54 Revision0
PreliminarySafetyAnalysisReport InstrumentationandControls
7.2 PLANTCONTROLSYSTEM 7.2.1 Description ThePCSisanonsafetyrelatedcontrolsystemwhichcontrolsreactorstartup,changesinpowerlevels, reactorshutdown,heattransport,andpowergenerationsystem.ThePCSimplementsthesefunctions throughaseriesofsubsystemswhichinclude:
Reactorcontrolsystem(RCS)
Reactorcoolantauxiliarycontrolsystem(RCACS)
Primaryheattransportcontrolsystem(PHTCS)
Intermediateheattransportcontrolsystem(IHTCS)
Powergenerationcontrolsystem Auxiliarymonitoredsystems ThePCSisamicroprocessorbaseddistributedcontrolsystemthatindividuallycontrolsplantsystems usingapplicableinputs.ThesubsystemslistedaboveareintegratedintothePCSusingnonsafety relatedsignalwirewayswhichareterminatedatlocalcabinetsandusingredundant,nonsafety,real timedatahighways.
Thecontrolsubsystemscommunicatewitheachothertoensureeachsubsystemhasaccessto parameterssuchasmeasurementsandactuationeventsfromothersubsystems.
ThisallowsthePCStomaintainplantandunitparameterswithinthenormaloperatingenvelope.The RCS,RCACS,PHTCS,andIHTCSareunitspecificsubsystems.Thepowergenerationcontrolsystemis sharedbetweenUnit1andUnit2.Theauxiliarymonitoredsystemsareunitspecific.ThePCSalso providesdatatothecontrolconsoleslocatedinthemaincontrolroom(seeSection7.4).Figure7.11 showstheelementsofthePCS.
Theplantwidesensorinputsareusedtoverifyinterlockandpermissiverulesforthevariousplantstates.
Thesensordataisalsousedtoprovidefeedbackandalarmstotheoperatorsviathecontrolconsoles.
ThePCSispoweredbyACandDCpowersupplieswhicharediscussedinChapter8.
ThePCSusesnonsafetyrelatedsensorinputsaswellassafetyrelatedsensorinputsfromtheplant protectionsystem(SeeSection7.3.3).ThePCSincludestheinputparametersshowninTable7.21.The sensorsaredescribedinSection7.5.Theinstrumentationprovidesinputsignalsusingnonsafetyrelated signalwirewaysthatareterminatedatlocalcabinets.
Controloutputsaregeneratedusingacontroltransferfunctionbasedonthesensorinputsand setpointsprovidedbythecontrolsystem.Thesetpointsareadjustedautomaticallybasedontheplant operatingmode,orinsomecasesbytheoperatorviathemaincontrolroomconsoles.Plantoperators donotdirectlycontrolPCSoutputs.
ThePCSdoesnotprovideanysafetyrelatedfunctionsduringanymodeofoperationorpostulated event.ThePCSiselectricallyandfunctionallyisolatedfromthesafetyrelatedRPS(seeSection7.3)using asafetyrelatedisolationdeviceasshowninFigure7.11.TheRPSisolationdevicesensureelectrical isolationbetweentheelectricalsystemandthenonsafetyrelatedSSCsthatPCSnormallycontrolsthat aredeactivatedbytheRPSwhenareactortripisdemanded.
ThesubsystemsofthePCSaredescribedbelow.
KairosPowerHermes2,Units1and2 76 Revision0 PreliminarySafetyAnalysisReport InstrumentationandControls
7.2.1.1 ReactorControlSystem TheRCScontrolsandmonitorssystemsandcomponentsthatsupportnormaloperation,planned transients,andnormalshutdownofthereactor.TheRCScontrolsthesystemslistedinFigure7.11and supportsthefollowingcapabilities:
Reactivitycontrolandplannedtransients/adjustmentsinpowerlevel Monitoringofcoreneutronics Pebblehandlingandstorage Monitoringandcontroloftemperatureinthereactor TheRCScontrolsreactivityfornormaloperationsandnormalshutdownusingreactorcontrolelements andreactorshutdownelementsinthereactivitycontrolandshutdownsystem(RCSS)(seeSection4.2).
TheRCSiscapableofincrementallychangingthepositionofreactorcontrolelementsandofreleasing thecontrolandshutdownelements.TheRCSisonlycapableofwithdrawingelementsoneatatimeand theRCSincludesalimitontherateatwhichacontrolelementcanbewithdrawn,asalsodiscussedin Section4.2.2.Inthiswaythedesignprecludes,withmargin,thepotentialforpromptcriticalityand rapidreactivityinsertions.TheRCSinputsincludereactoroutlettemperatureandreactorinlet temperaturesensorsandsourceandpowerrangeneutronexcoredetectors.TheRCSalsoprovidesa reactormonitoringfunctiontomonitorplantcomponentsthatareassociatedwithreactorfunctions.
TheRCSusessourceandpowerrangesensorsthatarelocatedoutsidethereactorvesselforreactor control.
TheRCScontrolspebbleinsertionandextraction,invesselpebblehandling,andexvesselpebble handlinginthepebblehandlingandstoragesystem(PHSS)(seeSection9.3).TheRCSiscapableof countinglinearizedpebblesexternaltothevessel,controllingtherateofpebbleinsertionandremoval fromthevessel,andcontrollingpebbledistributionwithinthePHSS.
TheRCScontrolsthereactorthermalmanagementsystem(RTMS)(seeSection9.1.5)tomonitorthe temperatureoftheprimarysystemtomaintainitwithinthenormaloperatingenvelopeandto implementplannedtransients.TheRCScontrolsexternalheatingelementsintheRTMStoprevent overcooling.
TheRCSprovidesthecapabilityforeventmonitoringandactiveactuationofthedecayheatremoval system(DHRS)(SeeSection6.3.1).
7.2.1.2 ReactorCoolantAuxiliaryControlSystem TheRCACScontrolsandmonitorssystemsandcomponentsthatsupportnormaloperationinthecore.
Thesystemsupportsthefollowingcapabilitiesinthecore:
Chemistrycontrolintheprimarysystem Inventorymanagementsystemcontrol Inertgassystemcontrolintheprimaryloops Tritiummanagementsystemmonitoringandcontrol Remotehandlingsystemmonitoringandcontrol TheRCACScontrolsthechemistrycontrolsystem(seeSection9.1.1)tomonitorreactorcoolant chemistry.Themonitoringsystemsprovideinformationtofacilitatemaintainingcoolantpurityand circulatingactivitywithinspecificationsforthesystem.
KairosPowerHermes2,Units1and2 77 Revision0 PreliminarySafetyAnalysisReport InstrumentationandControls
TheRCACSreceivesinputfromtheinventorymanagementsystem(seeSection9.1.4)whichmonitors primarycoolantlevelduringnormaloperations.Thesystemalsoprovidescontrolforchangestoprimary inventoryduringplannedprimaryfillinganddrainingoperations.
TheRCACSalsocontrolstheinertgassystem(seeSection9.1.2).Duringnormaloperation,thesystem providescontrolsignaltomaintaincovergaspressureandflow,monitorsventinggasforimpurities abovespecifiedlimitsinthegasspaceoftheprimarysystem.Duringstartup,thesystemmonitorsand controlsinertgasflowandtemperaturetosupportinitialheatingoftheprimarysystem.
TheRCACSreceivesinputfromthetritiummanagementsystem(seeSection9.1.3)andprovidescontrol signaltoremovetritiumfromthecovergasintheprimarysystem.
TheRCACSreceivesinputfromtheremotemaintenanceandinspectionsystem(SeeSection9.8.1)and providesmonitoringandcontrolstosupportremotemaintenanceactivities.
7.2.1.3 PrimaryHeatTransportControlSystem ThePHTCScontrolsandmonitorssystemsandcomponentsthatsupportnormaloperationofthe primaryheattransportsystem(PHTS).Thesystemsupportsthefollowingcapabilities:
ControloftheflowratethroughthePHTS PHTSthermalmanagement Controloftheheatrejectionsubsystem Primaryloopdraining,filling,andpipingmonitoring,includingPHTSexternalpiping ThepurposeofthePHTCSistocontrolthetransportofprimarycoolantthroughthePHTS,tomaintain theprimarycoolantinaliquidstate,andtomonitortheinventoryofprimarycoolantinthePHTS.The PHTCSmaintainstheparametersinthePHTSwithinthenormaloperatingenvelope.ThePHTCScontrols theprimarysaltpump(PSP)andtheprimaryloopthermalmanagementsubsystem(PLTMS).Thesensors usedbythePHTCSarediscussedinSection7.5.
ThePHTCSprovidescontrolsignalforthePSP(seeChapter5).Thecontrolsystemmanipulatesthe primarycoolantflowratebyvariablefrequencytomaintainPHTSparameterswithinthenormal operatingrange.ThePHTCSdoesnotprovideasafetyfunction;however,asdiscussedinSection7.3,the RPStripsthePSPonareactortrip,asaprotectionfeatureforthereactorsystemrelatedtothepump.
ThePHTCSmaintainstheprimarycoolantinliquidphasethroughoutthePHTStopreventlocalizedover orunderheating.ThecontrolsystemusestemperatureasinputtoprovidecontrolsignaltothePHTS auxiliaryheaters.
ThePHTCSprovidescontrolsandmonitoringofthecomponentsthatsupporttheoperationoftheheat rejectionsubsystem.
7.2.1.4 IntermediateHeatTransferControlSystem TheIHTCScontrolsandmonitorssystemsandcomponentsthatsupportnormaloperationofthe intermediateloopwhichremovesheatfromtheprimaryloop.Thesystemsupportsthefollowing capabilities:
Controloftheflowratethroughtheintermediateloop Intermediateloopheating Intermediateloopdraining,filling,andpipingmonitoring Chemistrycontrolintheintermediateloop MaintainpositivepressuredifferentialbetweenthePHTSandIHTSduringnormaloperations
KairosPowerHermes2,Units1and2 78 Revision0 PreliminarySafetyAnalysisReport InstrumentationandControls
ThepurposeoftheIHTCSistocontrolthetransportofintermediatecoolantthroughtheintermediate loop,tomaintaintheintermediatecoolantinaliquidstate,andtomonitortheinventoryof intermediatecoolantintheintermediateloop.Themonitoringsystemsprovideinformationtofacilitate maintainingintermediatecoolantpuritywithinspecificationsforthesystem.TheIHTCSdoesnot performasafetyfunction.TheIHTCSmaintainstheparametersintheintermediateloopwithinthe normaloperatingenvelope.TheIHTCScontrolstheintermediatesaltpump(ISP),theintermediateloop auxiliaryheatingsystem,theintermediatecoolantinventorysystem,theintermediatecoolantchemistry controlsystem,andtheintermediateinertgassystem.TheIHTCScontrolstheISPbychangingthe intermediatecoolantflowratebyvariablefrequencytomaintainintermediateloopparameterswithin thenormaloperatingrange.TheIHTCScontrolstheintermediateloopauxiliaryheatingsystemto maintaintheintermediatecoolantinliquidphasethroughouttheintermediatelooptopreventlocalized overorunderheating.Thecontrolsystemusestemperatureinformationasinputtoprovidecontrol signaltotheintermediateloopauxiliaryheaters.TheIHTCSmonitorstheintermediatecoolantinventory system,theintermediatecoolantchemistrycontrolsystem,andtheintermediateinertgassystemand providesinformationtofacilitatemaintainingtheintermediatecoolantwithinspecificationsforthe system.TheIHTCSmonitorstheIHXintermediatecoolantinletpressureandreactorcoolantoutlet pressureandcontrolsthespeedoftheISPtomaintainapositivepressuredifferential.
7.2.1.5 PowerGenerationControlSystem Thepowergenerationcontrolsystemcontrolsandmonitorssystemsandcomponentsthatsupport normaloperationoftheturbinegeneratorwhichconvertsheatfromtheintermediateloopinto electricalpower.Thesystemincludesfivesubsystems,asshownonFigure7.11,whichsupportsthe controlandmonitoringoffollowingthefollowingcapabilities:
MonitoringofturbineTurbinegeneratorsystemparametersandinitiationofturbinegenerator trips,andpumprunbacks,positionofturbinecontrol,andbypassvalves ControlofsteamSteamsystemflowratefromeachunitssuperheatertotheturbine,and auxiliarysteamloads ControlofcondensateCondensateandfeedwatersystemflowrateandtemperaturetothe evaporator Controlofthepositionofturbinecontrolandbypassvalves ControloftheremovalRemovalofheatfromtheaircooledcondenser Makeupwatersuppliedtothecondensateandfeedwatersystem;andblowdowntothedrains Thepurposeofthepowergenerationcontrolsystemistocontroltheconversionofthermalenergyinto mechanicalenergy.Thepowergenerationcontrolsystemdoesnotperformasafetyrelatedfunction.
Thepowergenerationcontrolsystemmaintainstheparameterswithintheturbinegenerator,main steam,condensate,andfeedwatersystemswithinthenormaloperatingenvelope.Thepower generationsystemisfurtherdiscussedinSection9.9.
7.2.1.6 AuxiliaryMonitoredSystems Theauxiliarymonitoredsystemscontrolandmonitorauxiliarysystemstosupportnormaloperations.
Theauxiliarycontrolsystemsincludethefollowing:
Compressedairsystem Chilledwatersystem Electricsupply/loads Reactorbuildingheating,ventilation,airconditioning(RBHVAC)
Environmentalmonitoring
KairosPowerHermes2,Units1and2 79 Revision0 PreliminarySafetyAnalysisReport InstrumentationandControls
Thecompressedairsupply,asdiscussedinSection9.8.3,iscontrolledandmonitoredtoprovideand distributecompressedairformaintenanceanduseinvalveoperation.
Thechilledwatersystem,asdiscussedinSection9.7.4,iscontrolledandmonitoredtosupplycooling watertononsafetyrelatedSSCs.
Theelectricalsupply,asdiscussedinChapter8,iscontrolledandmonitoredtosupportthenonsafety relatednormalandbackuppowersupply.
TheRBHAVACiscontrolledandmonitoredtosupplyreactorbuildingHVAC,asdiscussedinSection9.2.
Theenvironmentalmonitoringsystem,asdiscussedinSection11.1.7,monitorsradiationlevelsin unrestrictedareasandradioactivematerialineffluents.
7.2.2 DesignBases ConsistentwithPrincipalDesignCriteria(PDC)13,thePCSisdesignedtomonitorvariablesandsystems overtheiranticipatedrangesfornormaloperation,andovertherangedefinedinpostulatedevents.
7.2.3 SystemEvaluation ThePCSisdesignedtomonitorplantandunitparametersandmaintainsystemswithinnormal operatingrange.ThePCSisalsodesignedtocontrolplannedtransientsassociatedwithanticipated operationaloccurrencesandmaintaintheaffectedreactorinashutdownstate.Thesefunctionsare consistentwithPDC13.ThePCSdoesnotperformasafetyrelatedfunction.Finally,thePCSisdesigned sothatitcannotinterferewiththeRPSsabilitytoperformitssafetyfunctions;seeSection7.3formore informationabouttheisolationoftheRPSfromthePCS.
ThePCSisadigitalsystemthatcontrolsthereactorpoweraboutapointsetbytheoperator.Thecontrol systemuseslinearaveragetemperatureandflowrateintheprimarysystemasvariableinputsto controlpowerlevelsothatitremainswithinthenormaloperatingenvelope.ThePCScontrolselectrical powergenerationaboutapointsetbytheoperatorsusingsteamflowrates,feedwaterflowrates,and feedwatertemperaturesasinputstocontrolthepositionsofturbinecontrolvalves,turbinebypass valves,andfeedwaterregulatingvalvestobalancetheturbineloadfromeachunit.Thesystemdesign meetstheapplicableportionsInternationalElectrotechnicalCommission(IEC)standard61131for industrialcontrollers(Reference1),andtheapplicableportionsofthecybersecuritystandardIEC62443 (Reference2).Table7.22listsotherstandardsappliedtothePCS.ApplicableportionsofIEEE1012 2017(Reference3)areusedforverificationandvalidationofPCScomponents,whichisconsistentwith thenonsafetyrelatedclassificationofthePCS.
ActioninthePCSisdesignedtoaccuratelyandreliablyprovidecontrolsignalforallmodesofnormal operation.ThePCSisalsodesignedtoprovidetimelycontrolsignals,withfurtheranalysisoftimeliness tobeprovidedinanapplicationfortheOperatingLicense.
ThePCSincludesinterlocksandinhibitsthatprohibitorrestrictoperationofthereactor,PHSS,andthe powergenerationsystemunlesscertainoperatingconditionsaremet.Thefollowinginterlocksare includedinthecontrolsystemdesign:
Aninterlockthatprohibitsreactivitycontrolelementwithdrawaluntilthereissufficientneutron countratetoensurethatnuclearinstrumentsarerespondingtoneutrons.
Interlocksarealsoprovidedrelatedtostartuppowerlevelandpebblehandlingasdetailedin Table7.23.
Aninterlockthatpreventstheopeningofaunitsmainsteamisolationvalvefollowingareactor tripuntilthereissufficientsteamproductiontoensurethataturbineimbalancewillnotoccur.
KairosPowerHermes2,Units1and2 710 Revision0 PreliminarySafetyAnalysisReport InstrumentationandControls
ConsistentwithPDC21,theRPSisdesignedwithsufficientredundancyandindependencetoassure thannosinglefailureresultsinlossofitsprotectionfunction.IndividualcomponentsoftheRPSmay beremovedfromservicefortestingwithoutlossofrequiredminimumredundancy.TheRPSis designedtopermitperiodictesting.
ConsistentwithPDC22,theeffectsofnaturalphenomena,andofnormaloperating,maintenance, testing,andpostulatedeventconditions,donotresultinlossoftheprotectionfunctionfortheRPS.
TheRPSisdesignedwithsufficientfunctionalandcomponentdiversitytopreventthelossof functionfortheRPS.
Uponlossofelectricalpowerordetectionofadverseenvironmentalconditions,theRPSfailstoa safestate,consistentwithPDC23.
TheRPSsystemfunctionallyindependentfromthecontrolsystems,consistentwithPDC24.
ConsistentwithPDC25,theRPSisdesignedtoensurethatradionuclidereleasedesignlimitsarenot exceededuponreactortripactuation,includingintheeventofasinglefailureofthereactivity controlsystem.
ConsistentwithPDC28,theRPSsetpointsaredesignedtolimitthepotentialamountandrateof reactivitytoensuresufficientprotectionfrompostulatedeventsinvolvingreactivitytransients.The limitsaresetsuchthatreactivityeventscannotresultindamagetothereactorcoolantboundary greaterthanlimitedlocalyielding,andcannotsufficientlydisturbthecore,itssupportstructures,or otherreactorvesselinternalstoimpairsignificantlythecapabilitytocoolthecore.
TheRPSisdesignedtoberedundantanddiversetoassurethereisahighprobabilityof accomplishingitssafetyrelatedfunctionsinpostulatedevents,consistentwithPDC29.
TheRPSisdesigned,fabricated,erected,constructed,tested,andinspectedtoqualitystandards commensuratewiththesafetyfunctiontobeperformed.
TheRPSisdesignedinaccordancewithIEEEStd6032018(Reference1).
7.3.3 SystemEvaluation TheRPSprovidesautomaticreactortrip(1)ifplantparametersexceedthenormaloperationenvelope (PDC20),(2)intheeventofstationblackout,and(3)manuallyusingsignalfromthemaincontrolroom orremoteonsiteshutdownpanel.TheRPSalsoensuresthattheDHRSisrunningwhenthereactortrips.
TheRPSisconsistentwithNUREG1537,GuidelinesforPreparingandReviewingApplicationsforthe LicensingofNonPowerReactors,bymeetingIEEE6032018.Table7.31providesalistofthe consensusstandardstowhichtheRPSisdesigned.
Chapter13describesthepostulatedeventstowhichtheRPSisdesignedtorespond.TheRPSusesthe samesetofoperatingparametersinthetripandactuationlogicforallmodesofreactoroperation.The setpointsareestablishedtoensurethatthedesignconditionsofthereactorcoolantboundaryarenot exceededduringoperationwithinthedesignbasis.ThisisconsistentwithPDC25becausemaintaining thereactorcoolantboundarywithindesignbasisboundswillensurethatradionuclidereleasedesign limitsarenotexceeded.Thesetpointsareestablishedandcalibratedusingthemethoddescribedin Section7.1.2.
ReactortripsimplementedbytheRPSmeetIEEE6032018,Section4.Theprimaryplanttripsignalis basedoncoretemperaturemeasurement.Inaddition,theplantwillalsohaveatripsignalforhighflux ratebasedoninputfromtheneutrondetectorsensorsandatripofthereactorupondetectionofa breakinthePHSSextractionline.Whenthetemperatureorfluxrateareoutsidethenormaloperating rangeorwhenaPHSSextractionlinebreakisdetected,theprimaryplanttripdeenergizestheRSS reactivityshutdownsystemtripdevice,theDHRSlooptripdevice,andthePCSinhibitortripdevice.
Redundanttripdevicesareprovidedforeachsignalpathway.Notethatthecablingtothetripdevicesis notclassifiedassafetyrelatedbecausethetripdevicesaccomplishtheirsafetyfunctionwithoutreliance
KairosPowerHermes2,Units1and2 718 Revision0
PreliminarySafetyAnalysisReport InstrumentationandControls
duringshutdown,and(2)providesthecapabilityforsubsequentsafeshutdownofthereactor throughtheuseofsuitableprocedures.
7.4.3 SystemEvaluation 7.4.3.1 MainControlRoom TheMCRislocatedinanauxiliarybuildingseparatefromtheReactorBuilding.Therearenooperator actionsperformednorsafetyrelatedSSCslocatedintheMCRthatarecreditedformitigatingthe consequencesofpostulatedeventsdescribedinChapter13.Therefore,theMCRandthebuildingthat housestheMCRaredesignedtolocalbuildingcodestandards.
TheMCRconsolesaredesignedtoallowoperatorstomanipulateplantparameterstocontrolthe reactorwithinanacceptableenvelopeduringnormaloperatingconditions,includingplannedtransients.
However,nooperatoractionsarecreditedinthesafetyanalysisofpostulatedeventsdescribedin Chapter13.AlthoughthecontrolsintheMCRarenotcreditedinthesafetyanalysis,theMCRconsoles aredesignedasfollows:
MCRdisplaysimplementstheguidancefromNUREG1537,Section7.6,withrespecttoeaseof operatorsuse.HumanfactorengineeringprincipleswillbeconsideredintheMCRdesign.Theplant controlsaregroupedandlocatedintheMCRsothatoperatorscaneasilyreachandmanipulatethe controls.Displaysoftheresultsofanoperatorsactionsarereadilyobservable.
Thescreenelementorganizationandappearanceoftheconsolesaredesignedtoallowoperatorsto performactionstooperatethereactorundernormaloperatingconditionsandtomonitoritunder postulatedeventconditions,consistentwithPDC19.
TheMCRconsolesaredigitalinterfacesthatconsiderIEEE74.3.22003(Reference1),asitrelatesto hardwaredesign,andRegulatoryGuide1.152,Revision2CriteriaforUseofComputersinSafety SystemsofNuclearPowerPlants.ThecontrolconsolesintheMCRaredesignedtodisplayplant parametersthatindicateplantstatus.TheMCRconsolesdisplaythefollowinginformation:
o Plantsensordataanddigitallyprocessedparameteroutputsbasedonplantsensordata o IndicationsofPCSandRPSsystemandequipmentstatus o Currentandpastoperatingparameterandsysteminformationforadurationrelevanttoinform processandmaintenancetrending Administrativecontrolsareappliedtotheconsolesinthemaincontrolroomtoprevent unauthorizedaccess.MCRconsolescreensarepasswordprotectedandincludeinterlockssuchas swipecardsandmultioperatorcoordinatedloginstopreventunauthorizedaccessandsystems actuation.
Thetworeactorunitswillbecontrolledindividuallytoachievecriticalityandproducethermal power.However,thesteamsupplyfrombothreactorsisregulatedthroughcommonflowcontrol valvestoensurebalancedsteamsupplytotheturbineaswellaspreventcoolantfeedbackfromone systemtotheother.
TheMCRislocatedatadistancefromtheReactorBuildingssuchthattheradiologicalconsequencesof unfilteredairintheMCRduringpostulatedeventsdoesnotexceed5remTEDEforthedurationofthe event.TheenvironmentalcontrolfeaturesfortheMCRareseparatefromtheenvironmentalcontrol featuresfortheReactorBuildings.Theanalysisofoperatordosedependsonthefinaldesignofthe reactorssafetyrelatedSSCsandtheanalysiswillreflectthemethodsdescribedinChapter13.
Accordingly,adescriptionoftheanalysisofoperatordosewillbeprovidedintheapplicationofthe OperatingLicense.
KairosPowerHermes2,Units1and2 727 Revision0 PreliminarySafetyAnalysisReport AccidentAnalysis
Aturbinemissilecouldbegeneratedduetoapostulatedturbinegeneratorfailure.Duetothefavorable orientationoftheturbinegeneratorwithrespecttothereactorbuilding,SSCsassociatedwith engineeredsafetyfeaturesarenotaffectedbyapotentialturbinemissiletotheextentthattheycould notperformtheirsafetyfunctions.
ForSSCsnotprotectedwithsuchanarea,theamountofmaterialsatriskareassumedtobelimitedto anupperboundlimitsuchthattheamountofradioactivematerialreleasedisboundedbytheamount releasedduringtheMHA.ReleasesfromtheseSSCsareconsideredinSection13.1.6.
Duringtheseismicevent,thepackingfractionofthepebblebedwouldincreaseduetoshakingofthe pebblebed,andthegraphitereflectorblockswouldshift.Thisresultsinanincreaseinreactivity,causing anincreaseinfueltemperature.Theincreaseinreactivityduetoincreaseinpackingfractionofthe pebblebedandmaximumdisplacementofgraphitereflectorblocksduringaseismiceventisbounded bythereactivityinsertioneventwherethecontrolelementisinadvertentlywithdrawn.Insertionof excessreactivityeventsaredescribedinSection13.1.2.
MechanicalaerosolscouldalsobegeneratedduetosplashingofFlibeinthereactorduringaseismic event.Theamountofaerosolsgeneratedduringaseismiceventisboundedbytheamountofaerosols generatedbythesaltspilleventwhereapipebreaks.
Abreakinahighenergysteamlineorsuperheatercouldoccurduetoafailureofthesteamsystem.
PhysicalseparationofthepowergenerationsystemsfromsafetyrelatedSSCsandthedesignofthe safetyrelatedportionofthereactorbuildingensuresthatahighenergybreakwillnotpreventsafety relatedSSCsfromperformingtheirsafetyfunctions.Thepotentialreactivityinsertioncausedbyan increaseinheatremovalduetoasteamlinebreakisconsideredinSection13.1.2.
13.1.10 PreventedEvents Thissectiondescribestheeventspreventedbydesign.Thejustificationforexcludingtheseeventsfrom thedesignbasisisprovidedwithreferencestotherelevantdesigninformation.
13.1.10.1 RecriticalityorReactorReactivityShutdownSystemFailure Inpostulatedeventsthatrequireareactortrip,thereactorreactivityshutdownsystem(thesafety relatedportionoftheRCSS),isreliedupontoshutdownthereactorandmaintainshutdownmargin.
ReactorReactivityshutdownsystem(RSS)failureeventsareexcludedfromthedesignbasis.Eventsthat wouldresultinarecriticalityeventarealsoexcludedfromthedesignbasis.TheRCSSisdesigned (describedinSection4.2.2)withsufficientindependence,diversity,andredundancyfromdetectionand actuationtoelementinsertiontoensurereactorshutdownwhennecessary.Theshutdownmarginis maintainedforallpostulatedeventconditionstoensurethereisnorecriticalityaftertheRCSShas initiatedshutdown,asdescribedinSection4.5.Additionally,thegraphitereflectorblocksaredesigned tomaintainstructuralintegrityandensuremisalignmentsdonotpreventtheinsertionpathofthe shutdownelements,asdiscussedinSection4.3.
13.1.10.2 DegradedHeatRemovalorUncooledEvents Inpostulatedeventswherethenormalheatremovalisnotavailable,naturalcirculationinthereactor vesselandtheheatremovalfunctionoftheDHRSarereliedupontoremoveheatfromthereactorcore.
Degradedheatremovaloruncooledeventsareexcludedfromthedesignbasis.Theinitiationofnatural circulationiscompletelypassive,andthedesignfeatures,includingthestructuralintegrityofthereactor vesselinternals,thatensureacontinuednaturalcirculationflowpatharediscussedinSection4.6.The DHRSisalignedandoperatingwhenthereactorpowerisaboveathresholdpowerandremainsinthis stateasdescribedinSection6.3,precludingtheneedforanactuationtooccurfortheDHRStoremove
KairosPowerHermes2,Units1and2 1313 Revision0