ML25071A102
| ML25071A102 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 03/18/2025 |
| From: | John Lamb NRC/NRR/DORL/LPL2-1 |
| To: | |
| References | |
| EPID L-2025-LLA-0035 | |
| Download: ML25071A102 (1) | |
Text
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application C.2.2 Licensee Prerequisites for the Alternate Review Process (ARP)
- 1. Refer to separate discussion in Slides
- 2. (a) NRC-approved topical reports WCAP-16097-P-A, Common Quali"ed Platform Topical Report, and WCAP-16096-P-A, Software Program Manual for Common QTM Systems as cited in the VEGP 3&4 UFSAR Ch 7 provides performing detailed software design, implementation, and testing for modi"cations as requested in the LAR.
(b) Westinghouse is performing the modi"cation in accordance with NRC-approved 10 CFR 50 Appendix B program Quality Management System-A, Revision 8.1, ML20118C994. SNC will conduct vendor oversight of this process in accordance with Item 1.
- 3. Regulatory commitments - no additional regulatory commitments are proposed.
D Review Areas for the License Amendment Process D.1 through D.8 are Applicable to the Alternate Review Process per ISG-06 Enclosure B - see table entries below.
D.1.1 Plant System Description Refer to LAR Section 2.1 and VEGP UFSAR Chapter 7.
D.2.1 Existing System Architecture The existing PMS architecture and D.2.2 New System architecture are the same. Refer to LAR Section 2.1 and VEGP UFSAR Chapter 7.
D.2.2 New System Architecture.
The PMS architecture is unchanged as a result of this modi"cation. There are no impacts to VEGP UFSAR Section 7.1.2 or WCAP-16675-P for PMS system architecture.
D.2.3.1 Information To Be Provided The LAR should describe the existing functions (i.e.,
design functions and service/test functions) performed by the portion(s) of the system being replaced. The LAR should also describe new functions.
Refer to LAR Section 2.1 for existing functions. Refer to LAR Section 2.4 for the changes associated with this modi"cation. There are no new system functions or changes to service/test functions associated with this LAR.
The existing service/test function system requirements conform with the IEEE Std 603 design basis for VEGP 3&4 PMS described in the UFSAR 7.3.2.2.
Conformance with the standards is unchanged. Compliance with IEEE 7-4.3.2 is demonstrated with APP-PMS-J4-003, AP1000 Protection and Safety Monitoring System Subsystem Requirements Speci"cation which remains unchanged as a result of this LAR.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.3.1 1.a Identi"cation of the safety functions, including the trip/actuation functions credited for each anticipated operational occurrence and postulated accident See LAR Section 2.1 for System Design and Operation for those safety functions related to the LAR. All other safety functions unchanged from descriptions in the VEGP UFSAR.
D.2.3.1 1.b All monitored variables used to control each protective action See LAR Section 2.1.
D.2.3.1 1.c Minimum number and location of sensors and equipment relied upon for protective purposes The Tcold - High Function relies on four existing channels per loop. The existing PMS equipment is used to implement this change. See LAR Section 2.1 RCS Cold Leg Temperature.
D.2.3.1 1.d Functionalityif there are TS setpoint changes, include input/output ranges and setpoints (for trip functions, the documentation de"nes the margins between setpoints and allowable values (including all applicable uncertainties))
The setpoint for the new Tcold - High will be developed, implemented, and documented in accordance with the requirements of TS 5.5.14, Setpoint Program as discussed in LAR Section 3.
D.2.3.1 1.e Performance, including accuracy and response times (where appropriate, performance requirements are de"ned for different initial plant conditions and design-basis events)
The accuracy and response times of the Tcold input is unchanged as the modi"ed logic utilizes the same existing Tcold inputs. The Safety Analyses that assume PRHR HX actuation on Low-2 SG narrow range water level coincident with Low-2 startup feedwater "ow, as modi"ed to include a new Tcold - High coincident signal, continues to meet the performance, accuracy and response times assumed in the safety analysis.
See LAR Section 3. for the discussion on the overall time response assumed in the safety analysis.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.3.1 1.f Appropriate signal "ltering, signal validation, and interlocks to minimize the potential of spurious actions The Tcold - High function is provided by the same input as the existing Tcold -
Low 2 and is input as an additional coincidence logic for PRHR actuation. The chance of spurious actuation is reduced because additional coincidence logic is relied on for PRHR HX actuation.
D.2.3.1 1.g The safety classi"cation of each safety function and whether there are independence constraints from other functions based on safety classi"cations The existing PRHR HX safety related actuation has been designed with appropriate independence from other functions and from non-safety functions. The addition of a new coincident signal does not impact the existing design basis in this regard. Redundancy and independence remain met as documented in the Failure Modes and Effects Analysis (FMEA)
WCAP-16438-P Section 6. There are no changes to the FMEA as a result of this LAR.
D.2.3.1 1.h The range of transient and steady-state conditions throughout which the safety-related systems should perform, including conditions (e.g.,
environmental, plant process) with the potential to degrade the functions of safety-related system performance The transients and accident conditions for which the PRHR HX is required to mitigate remains unchanged as a result of this modi"cation and continues to meet the required range of transient and steady-state conditions throughout which PRHR is required to perform. The hardware and signal inputs to PMS for the Tcold - High already exist for the Tcold - Low 2 and is designed to withstand a harsh environment. See Section 3 of the LAR for a review of applicable transients and accidents the PRHR HX actuation logic impacts.
There are no changes as a result of this LAR.
D.2.3.3 System Requirements Documentation This section applies as identi"ed described in subsections below.
D.2.3.3.1 Information To Be Provided The System Requirements Speci"cation (SyRS) provided should address the overall architecture of the I&C systems, including but not limited to the following:
See subsections below:
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.3.3.1 1a De"ne system requirements for the I&C functions in the modi"cations scope and the modi"cations effects on associated systems and equipment within the plants safety analysis The logic assignments made for this change are based on the existing architectural and functionality requirements for each of the applicable subsystems (BPL and LCL) as described in Sections 3.3 and 3.4 of APP-PMS-J4-020, AP1000 System Design Speci"cation for the Protection and Safety Monitoring System. This document contains system design speci"cations referred to as PMS subsystem design speci"cation (SSyDS), which remain unchanged.
The SSyDS de"ned in APP-PMS-J4-020 and the various J3-300 series (J3) drawing markups supporting the LAR modi"cation comprise the system requirements for the change. The J3 drawings are decomposed from the higher level UFSAR Figure 7.2-1 (i.e., J1 series functional drawing) markups submitted as part of the LAR and available for audit.
There are no new requirements for the SSyDS as a result of this design change related to safety control of PRHR and the addition of Tcold - High logic.
D.2.3.3.1 1b De"ne the plant layout for the modi"cation scope There are no plant layout changes as a result of this modi"cation. PMS layout as described in VEGP UFSAR Chapter 7 and WCAP-16675-P remains unchanged.
D.2.3.3.1 1c De"ne the operational context for the modi"cation scope and changes resulting from the modi"cation The PRHR HX actuates automatically when required for mitigating a design basis accident.
The modi"cation adds channel bistable trip status and Tcold - High actuation logic status to the existing safety display screens in the main control room in order to re"ect the modi"ed PRHR actuation logic as re"ected in UFSAR Figure 7.2-1 (as described in the LAR) and various J3-300 series drawings.
Existing PMS system requirements impose this update. See response to D.2.3.3.1 3d.
D.2.3.3.1 1d Structure the overall I&C architecture and assigning I&C functions to the modi"cation Scope The structure of the PMS architecture is unchanged as a result of the modi"cation requested by this LAR. PMS architecture as described in VEGP UFSAR Chapter 7 and WCAP-16675-P remains unchanged.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.3.3.1 1e Identifying the design criteria for the modi"cation scope, including ensuring that features providing defense-in-depth in the existing system are not compromised and minimizing the potential for common-cause failure (CCF)
The design criteria for current PRHR HX actuation logic is described in LAR Section 2.4.
This activity minimizes unnecessary PRHR HX actuation by changing the PRHR HX actuation logic. There are no changes to any of the features providing defense-in-depth in the existing defense-in-depth coping analysis.
There is no change to the DAS architecture or software. Therefore, the existing Defense-in-Depth strategy for AP1000 is unchanged and the CCF coping analysis documented in VEGP 3&4 UFSAR subsection 7.7.1.11 is unchanged as a result of the LAR.
D.2.3.3.1 1f Describe how the modi"cation "ts within the overall architecture of the plants I&C systems and any changes to the architecture This is a software modi"cation and there are no impacts to the overall PMS architecture in relation to performing the ESF actuation function. PMS architecture described within APP-PMS-J4-020 Section 2.2 and Figure 2.2-1 remains unchanged. Interface architecture as described in VEGP UFSAR Chapter 7 and WCAP-16674-P and WCAP-16675-P remains unchanged.
D.2.3.3.1 1g De"ne system interfaces and the reasons for the interfaces (see Section D.2.5.1 of this ISG)
The PMS interfaces are unchanged as a result of this LAR. PMS interface architecture and communications as described in VEGP UFSAR Chapter 7 and WCAP-16674-P and WCAP-16675-P remains unchanged.
D.2.3.3.1 2a Functionalityif there are TS setpoint changes, include input/output ranges and setpoints (for trip functions, the documentation de"nes the margins between setpoints and allowable values (including all applicable uncertainties))
The setpoint for the new Tcold - High function will be developed, implemented, and documented in accordance with the requirements of TS 5.5.14, Setpoint Program, as described in Section 3 of the LAR.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.3.3.1 2b Performance, including accuracy and response times; where appropriate, performance requirements are de"ned for different initial plant conditions and design basis events See response to D.2.3.1 1.e. Accuracy and time response requirements are the same for PMS across the operating modes. Both accuracy and time response remain unchanged.
D.2.3.3.1 2c Appropriate signal "ltering, signal validation, and interlocks to minimize the potential for spurious actions See response to D.2.3.1 1f.
D.2.3.3.1 3a Intended location and the physical constraints relevant to the installation of the system in the plant.
There are no physical locations or physical constraints that apply to this LAR.
Only software installation is required.
D.2.3.3.1 3b Physical and functional interfaces of the system with the supporting systems and equipment PMS physical and functional interfaces are unchanged as a result of this LAR as documented in WCAP-16674-P, AP1000 I&C Data Communication and Manual Control of Safety Systems and Components.
D.2.3.3.1 3c Physical and functional interfaces of the system with other systems and equipment with which it exchanges information No PMS physical or functional interfaces are unchanged with regard to information exchange as a result of this LAR as documented in WCAP-16674-P.
D.2.3.3.1 3d Interfaces with the operator or maintenance technician Updates to the maintenance and test panels which are located in the PMS divisional rooms, include maintenance and test features (e.g. test injections and setpoint calibration/modi"cation screens) and diagnostic indications which do not feed safety control logic. These updates to existing displays are driven by existing requirements in Section 3.9 of APP-PMS-J4-020. The PMS communications and interfaces remain unchanged in WCAP-16674-P.
D.2.3.3.1 4a-d The SyRS should specify environmental conditions applicable to the system There are no changes to the PMS equipment or environmental conditions.
Equipment quali"cation is unaffected by this LAR. There are no changes to SSyDS as described in APP-PMS-J4-020.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application The SyRS should establish the requirements for any service/test functions available in the systems NRC-approved platform In addition to the UFSAR Figure 7.2-1 and J3 drawing requirements, there exist written requirements/SSyDS in APP-PMS-J4-020 Sections 3.8 and 3.9 that are unchanged as a result of this modi"cation, which describe the maintenance and test features associated with the newly added logic. These maintenance and test features are implemented based upon standard requirements and are not unique to this modi"cation.
The use of the service/test functions from the Common Q Platform topical report are documented in WCAP-16775-P, AP1000 Protection and Safety Monitoring System Architecture Technical Report. This document is not impacted by this LAR.
D.2.4 Functional allocation There are no impacts. See response for D.2.3.3.1 1a.
D.2.5.1 1a Input and output interfaces with other plant equipment (e.g.
mechanical components) and plant sensor or actuators, whether hardwired or using some form of data communication, including provisions for isolation The existing input and output interfaces with plant equipment remain unchanged as a result of this LAR. The PMS communications and interfaces remain unchanged in WCAP-16674-P and WCAP-16675-P.
D.2.5.1 1b Interfaces with control room displays, indicators, controls, and alarm systems, including the systems role and interfaces with post-accident monitoring and any reference by emergency plan implementing procedures, including provisions for isolation (including credited manual operator actions)
The modi"cation contains updates to add bistable trip and Tcold - High status to the safety display screens in the main control room in order to re"ect the new logic which was added within UFSAR Figure 7.2-1 and the J3-300 series drawings for the Tcold - High input to PRHR actuation logic. The system requirements for this already exist in the APP-PMS-J4-020 and the modi"ed J3 drawings. PMS operations as described in UFSAR Chapter 7, WCAP-16675-P remain unchanged.
Additionally, this activity does not impact any accident monitoring variables or information displays required for post-accident monitoring described in UFSAR Section 7.5.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.5.1 1c Human-system interfaces for the licensees maintenance and engineering workstations used for test and maintenance, whether considered internal or external to the new plant system, including provisions for isolation There are no changes to any human-system interface requirements. See section D.2.3.3.1 3d above.
D.2.5.1 2a Support and auxiliary systems, normal power sources, emergency power sources, and heating, ventilation, and air conditioning (HVAC),
including the impact of single failure in a supporting system, the diverse means of annunciating such failures, and the means of repair and restoration; this includes the HVAC and the diverse means of annunciation of HVAC failure, along with a coping procedure The existing auxiliary systems, normal power sources, emergency power sources, and HVAC remain unchanged as a result of this LAR.
D.2.5.1 2b If a NRC-approved topical report is referenced, the communication features from this topical report that are proposed for the replacement system The communication features described in NRC-approved topical reports WCAP-16097-P-A, Common Quali"ed Platform Topical Report, and WCAP-16096-P-A, Software Program Manual for Common QTM Systems as cited in the VEGP 3&4 UFSAR Ch 7 are unchanged as a result of the LAR. Common Q communication features as applied to AP1000 PMS are described in WCAP-16674-P as referenced in the VEGP 3&4 UFSAR Chapter 7. The document remains unchanged as a result of this LAR.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.2.5.1 2c and d How identi"ed hazards are controlled in communication features The logic changes in the PMS for this LAR do not introduce any new hazards that are not already identi"ed in the VEGP 3&4 UFSAR. The PMS FMEA WCAP-16438-P and software hazard analysis report APP-PMS-GER-003, AP1000 Software Hazard Analysis Report of Protection and Safety Monitoring System remain unchanged as a result of this LAR.
D.2.5.1 2e How malfunctions are detected by the self-test and self-diagnostics for each interface or logical group of interfaces There are no new types of malfunctions introduced to the PMS software. The standard requirements regarding data quality, default conditions, and software failure apply to this modi"cation just as they do for other PMS software logic.
APP-PMS-J4-020 discusses quality and default conditions related to setpoints and ESF logic within Sections 3.4.1 and 3.4.4.1. Section 3.8 and 3.9 discuss self-diagnostics and testing related to the software and how the failures/faults are displayed. Additional discussion is available in Section 3.10.2.1 for the safety displays speci"cally. Section 4.5.1.2.2 discusses how applicable failures/faults are transmitted to DDS for alarming. These requirements do not need to change and are still applicable for the modi"cation described in this LAR.
D.2.5.1 2f Features that affect the SOE Secure development and operational environments for the protection and safety monitoring system are used during design and operation as described in Section 2 of APP-GW-J0R-012, AP1000 Protection and Safety Monitoring System Computer Security Plan, per UFSAR subsection 7.1.1.
D.2.5.1 2g If multidivisional controls and displays are applied, how the controls and displays are applied in accordance with DI&C-ISG-04 The non-safety multidivisional displays for controlling safety components are unaffected by this LAR. Note: multidivisional displays only apply to the non-safety Ovation system.
D.2.6 Fundamental Design Principles in the New Architecture The fundamental design principles remain unchanged because the PMS architecture is unchanged (i.e., there is no replacement system architecture) as a result of the LAR. There are no impacts to the PMS architecture as described in WCAP-16675-P.
D.3 Hardware Equipment Quali"cation The equipment used is not changed as a result of this LAR and therefore the quali"cation is unaffected. See D.2.3.3.1 4a-d for more information.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.4 Digital Instrumentation and Control System Design Processes The same DI&C design process described in the VEGP 3&4 UFSAR subsection 7.1.2.14.1 and UFSAR Figure 7.1-2 is used to implement this modi"cation See WCAP-16096-P-A Revision 4 and WCAP-15927 Revision 8 as referenced in this LAR. Factory Acceptance Testing and Independent Veri"cation and Validation of the PMS software is performed to verify the design requirements have been implemented correctly per the existing process laid in WCAP-16096-P and UFSAR Figure 7.1-2 The software installation process is unchanged as a result of this LAR.
D.5 Applying a Referenced Topical Report Safety Evaluation The application of the NRC-approved Common Q Topical Reports (WCAP-16096-P-A and WCAP-16097-P-A) to PMS, referenced in the VEGP 3&4 UFSAR, and the associated NRC Safety Evaluation Plant Speci"c Action Items were demonstrated satis"ed during completion of ITAAC 2.5.02.12
[Index Number 551] as documented in NRC Integrated Inspection Reports 05200025/2019002, 05200026/2019002 [ML19220B678], are not affected by this LAR.
SNC will provide oversight of the performance of the modi"cation activities, in accordance with the VEGP 3&4 QA program and Vendor Oversight Plan per section C.2.2.
D.6 Compliance/Conformance Matrix for IEEE Standards 603-1991 and 7-4.3.2-2003 Conformance to these standards as described in the VEGP 3&4 UFSAR are unaffected by this LAR. The same design requirements apply for implementation of the LAR. The existing service/test function system requirements conform with the IEEE Std 603 design basis for VEGP 3&4 PMS described in the UFSAR 7.3.2.2. Compliance with IEEE 7-4.3.2 is demonstrated with APP-PMS-J4-003 which remains unchanged as a result of this LAR.
D.7 Technical Speci"cations Technical Speci"cations changes and related instrumentation setpoints are addressed in the LAR.
ISG-06 Enclosure B Identi"ed Alternate Review Process Applicable Sections ISG-06 Section Criteria Summary VEGP 3&4 Application D.8 Secure Development and Operational Environment The secure development and operation environments described in the VEGP 3&4 UFSAR are unaffected by this LAR. The same secure and operational environments will be used for implementation and operation of the modi"cation.
Secure development and operational environments for the protection and safety monitoring system are used during design as described in Section 2 of APP-GW-J0R-012 per UFSAR subsection 7.1.1.