Letter Forwarding Revision 1 to NRC-generated Proposed Change to Improved Standard Technical Specification NUREG-1431:NRC Traveler Number TSB-020 Requested for Review and Approval by Letter from Wd Beckner to Jd Davis

ML993240275
Person / Time
Site:	Nuclear Energy Institute
Issue date:	11/01/1999
From:	Beckner W Technical Specifications Branch
To:	Jennifer Davis Nuclear Energy Institute
References
NUREG-1431
Download: ML993240275 (37)
v • d • e

Text

November 1, 1999 Mr. James Davis Nuclear Energy Institute 1776 Eye Street, N. W.

Suite 300 Washington, DC 20006-2496

Dear Mr. Davis:

Enclosed is revision 1 to an NRC-generated proposed change to the Improved Standard Technical Specification NUREG-1431: NRC traveler number TSB-020 which was requested for review and approval by letter from W.D. Beckner to J. D. Davis dated May 21, 1999.

The proposed changes made by this revision more clearly document the basis for accepting the inclusion of allowable values rather than trip setpoints as the Limiting Safety System Setting (LSSS) in technical specifications. Insert #3 in the enclosure represents the major addition from the previously proposed revision which is also added to the STS bases for the other plants in addition to the Westinghouse plants bases. We advised attendees at the joint NRC/Technical Specifications Task Force (TSTF) Owners Group meeting held October 13-14, 1999, that we intended to issue this revision. This continues to be a High Priority request.

Please contact me at (301) 415-1161 or e-mail wdbanrc.aov if you have any questions or need further information on these proposed changes.

Sincerely, Original Signed By W. D. Beckner, Chief Technical Specifications Branch Division of Regulatory Improvement Programs Office of Nuclear Reactor Regulation Project No. 689

Enclosure:

As stated cc:

N. Clarkson, BWOG H. Pontious, BWROG T. Weber, CEOG D. Bushbaum, WOG D. Hoffman, EXCEL V. Gilbert, NEI DISTRIBUTION: - Hard Copy FILE CENTER PUBLIC RTSB Reading File DISTRIBUTION: via E-mail RPZimmerman ECMarinos GMTracy SJCbIlins CSSchulten JESilber WDBeckner JACalvo BWSheron DBMatthews JRStrosnider MEMayfield SFNewberry JLMauck CERossi F. Burrows RLDennig HCGarg DOCUMENT NAME: G:\\RTSB\\SCHULTEN\\tsb-020r.wpd *see previous concurrences OFFICE DRIP/RTSB DRIP/RTSB DRIP/RGEB NAME CSSchulten*

RLDennig*

JLBirminqham*

DATE 10/28/99 10/28/99.10/28/99 JRutberg MVFederline JBirmingham RTSB Staff WITS 199900(

C:DRIP/RTSB n WDBeckner WV) 11/ 1 /99 1(

6 (1

014 r

)21 D:DRIP:NRR DBMatthews" 10/Q0l/99 OFFICIAL RECORD COPY

.1 DFo_3 FDR

ý !ý ý 6n P

UNITED STATES 0

NUCLEAR REGULATORY COMMISSION Z

WASHINGTON, D.C. 20555-0001 November 1, 1999 Mr. James Davis Nuclear Energy Institute 1776 Eye Street, N. W.

Suite 300 Washington, DC 20006-2496

Dear Mr. Davis:

Enclosed is revision 1 to an NRC-generated proposed change to the Improved Standard Technical Specification NUREG-1431: NRC traveler number TSB-020 which was requested for review and approval by letter from W.D. Beckner to J. D. Davis dated May 21, 1999.

The proposed changes made by this revision more clearly document the basis for accepting the inclusion of allowable values rather than trip setpoints as the Limiting Safety System Setting (LSSS) in technical specifications. Insert #3 in the enclosure represents the major addition from the previously proposed revision which is also added to the STS bases for the other plants in addition to the Westinghouse plants bases. We advised attendees at the joint NRC/Technical Specifications Task Force (TSTF) Owners Group meeting held October 13-14, 1999, that we intended to issue this revision. This continues to be a High Priority request.

Please contact me at (301) 415-1161 or e-mail wdbanrc.aov if you have any questions or need further information on these proposed changes.

Sincerely, W. D. Beckner, Chief Technical Specifications Branch Division of Regulatory Improvement Programs Office of Nuclear Reactor Regulation Project No. 689

Enclosure:

As stated cc:

N. Clarkson, BWOG H. Pontious, BWROG T. Weber, CEOG D. Bushbaum, WOG D. Hoffman, EXCEL V. Gilbert, NEI

Nuclear Energy Institute cc:

Mr. Ralph Beedle Senior Vice President and Chief Nuclear Officer Nuclear Energy Institute Suite 400 1776 I Street, NW Washington, DC 20006-3708 Mr. Alex Marion, Director Programs Nuclear Energy Institute Suite 400 1776 I Street, NW Washington, DC 20006-3708 Mr. David Modeen, Director Engineering Nuclear Energy Institute Suite 400 1776 I Street, NW Washington, DC 20006-3708 Mr. Anthony Pietrangelo, Director Licensing Nuclear Energy Institute Suite 400 1776 1 Street, NW Washington, DC 20006-3708 Mr. Hank Sepp, Manager Regulatory and Licensing Engineering Westinghouse Electric Corporation P.O. Box 355 Pittsburgh, Pennsylvania 15230 Mr. Jim Davis, Director Operations Nuclear Energy Institute Suite 400 1776 1 Street, NW Washington, DC 20006-3708 Ms. Lynnette Hendricks, Director Plant Support Nuclear Energy Institute Suite 400 1776 1 Street, NW Washington, DC 20006-3708 Mr. Charles B. Brinkman, Director Washington Operations ABB-Combustion Engineering, Inc.

12300 Twinbrook Parkway, Suite 330 Rockville, Maryland 20852 Project No. 689

TSB-020, R.1 Technical Specifications Branch proposed TSTF Westinghouse Standard Technical Specifications Reactor Trip System and Engineered Safety Feature Actuation Instrumentation TSTF Changie Justification Description Table 3.3.1-1, "Reactor Trip System Instrumentation" and Table 3.3.2-1, "Engineered Safety Feature Actuation Instrumentation" are modified to replace the requirement for a "TRIP SETPOINT" with a requirement-for a "NOMINAL TRIP SETPOINT." The Trip Setpoint column changes include deleting setpoint inequality signs. Additionally, a footnote is added to both the Allowable Value and Trip Setpoint columns of the tables which allows: (1) the actual trip setpoint to be set more conservative than the Nominal Trip Setpoint specified in TS in response to plant conditions, and (2) states an "as-found" trip setpoint is operable when its is outside the calibration tolerance band if the as-found value has not exceeded the associated TS Allowable Value and the channel is re-adjusted to within the established calibration tolerances. The Bases discussion are revised to provide conforming discussion to the LCO changes and to more clearly and accurately discuss the relation between the nominal trip setpoint, the allowable value and the plant approved setpoint methodology. Also, the Allowable Value is clarified to be the Limiting Safety System Setting required by 10 CFR 50.36.

Revision 1 The proposed changes made by this revision more clearly document the basis for accepting the inclusion of allowable values rather than trip setpoints as the Limiting Safety System Setting in technical specifications. Attachment #3 represents the major addition from the previously proposed revision which is also added to thr STS bases for the other plants in addition to the Westinghouse plants bases. of 34 pages

TSB - 020, R.1 Technical Specifications Branch proposed TSTF Westinghouse Standard Technical Specifications Reactor Trip System and Engineered Safety Feature Actuation Instrumentation Reactor Trip System (RTS) Instrumentation, LCO 3.3.1 (NUREG-1431)

Insert I (I) A channel is OPERABLE with a trip setpoint value outside its calibration tolerance band provided the trip setpoint "as-found" value does not exceed its associated Allowable Value and provided the trip setpoint "as-left" value is adjusted to a value within the "as-left" calibration tolerance band of the Nominal Trip Setpoint. A trip setpoint may be set more conservative than the Nominal Trip Setpoint as necessary in response to plant conditions.

Engineered Safety Feature Actuation System (ESFAS) Instrumentation, LCO 3.3.2 (NUREG-1431)

Insert 2 (k) A channel is OPERABLE with a trip setpoint value outside its calibration tolerance band provided the trip setpoint "as-found" value does not exceed its associated Allowable Value and provided the trip setpoint "as-left" value is adjusted to a value within the "as-left" calibration tolerance band of the Nominal Trip Setpoint. A trip setpoint may be set more conservative than the Nominal Trip Setpoint as necessary in response to plant conditions.

B 3.3.1 Reactor Trip System (RTS) Instrumentation BASES (NUREG-1431);

B 3.3.1 Reactor Protection System (RPS) Instrumentation BASES (NUREG-1430);

B 3.3.1.1 Reactor Protection System (RPS) Instrumentation BASES(NUREG-1433, NUREG-1434);

B 3.3.1 Reactor Protective System (RPS) Instrumentation BASES (NUREG-1432)

Insert 3 Technical specifications are required by 10CFR50.36 to contain LSSS defined by the regulation as "... settings for automatic protective devices... so chosen that automatic protective action will correct the abnormal situation before a Safety Limit (SL) is exceeded." The Analytic Limit is the limit of the process variable at which a safety action is initiated, as established by the safety analysis, to ensure that a SL is not exceeded. Any automatic protection action that occurs on reaching the Analytic Limit therefore ensures that the SL is not exceeded. However, in practice, the actual settings for automatic protective devices must be chosen to be more conservative than the Analytic Limit to account for instrument loop uncertainties related to the setting at which the automatic protective action would actually occur.

The Trip Setpoint is a predetermined setting for a protective device chosen to ensure automatic actuation prior to the process variable reaching the Analytic Limit and thus ensuring that the SL would not be exceeded. As such, the Trip Setpoint accounts for uncertainties in setting the device (e.g. calibration), uncertainties in how the device might actually perform (e.g.,

repeatability), changes in the point of action of the device over time (e.g., drift during surveillance intervals), and any other factors which may influence its actual performance (e.g harsh accident environments). In this manner, the Trip Setpoint plays an important role in of 34 pages

TSB - 020, R.1 Technical Specifications Branch proposed TSTF Westinghouse Standard Technical Specifications Reactor Trip System and Engineered Safety Feature Actuation Instrumentation ensuring that SLs are not exceeded. As such, the Trip Setpoint meets the definition of an LSSS (Ref. 10) and could be used to meet the requirement that they be contained in the technical specifications.

Technical specifications contain values related to the operability of equipment required for safe operation of the facility. Operable is defined in technical specifications as "... being capable of performing its safety function(s)." For automatic protective devices, the required safety function is to ensure that a SL is not exceeded and therefore the LSSS as defined by 1 OCFR50.36 is the same as the opeirability limit for these devices. However, use of the Trip Setpoint to define operability in technical specifications and its corresponding designation as the LSSS required by IOCFR50.36 would be an overly restrictive requirement if it were applied as an operability limit for the "as found" value of a protective device setting during a surveillance. This would result in technical specification compliance problems, as well as reports and corrective actions required by the rule which are not necessary to ensure safety. For example, an automatic protective device with a setting that has been found to be different from the Trip Setpoint due to some drift of the setting may still be operable since drift is to be expected. This expected drift would have been specifically accounted for in the setpoint methodology for calculating the Trip Setpoint and thus the automatic protective action would still have ensured that the SL would not be exceeded with the "as found" setting of the protective device. Therefore, the device would still be operable since it would have performed its safety function and the only corrective action required would be to reset the device to the Trip Setpoint to account for further drift during the next surveillance interval.

Use of the Trip Setpoint to define "as found" operability and its designation as the LSSS under the expected circumstances described above would result in actions required by both the rule and technical specifications that are clearly not warranted. However, there is also some point beyond which the device would have not been able to perform its function due, for example, to greater than expected drift. This value needs to be specified in the technical specifications in order to define operability of the devices and is designated as the Allowable Value which, as stated above, is the same as the LSSS.

The Allowable Value specified in Table 3.3.1-1 {Table 3.3.1.1-1 for NUREG-1433 and NUREG 1434) serves as the LSSS such that a channel is OPERABLE if the trip setpoint is found not to exceed the Allowable value during the CHANNEL OPERATIONAL TEST (COT) {CHANNEL FUNCTIONAL TEST (CFT) for NUREG-1433 and NUREG-1434). As such, the Allowable Value differs from the Trip Setpoint by an amount primarily equal to the expected instrument loop uncertainties, such as drift, during the surveillance interval. In this manner, the actual setting of the device will still meet the LSSS definition and ensure that a Safety Limit is not exceeded at any given point of time as long as the device has not drifted beyond that expected during the surveillance interval. If the actual setting of the device is found to have exceeded the Allowable Value the device would be considered inoperable from a technical specification perspective.

This requires corrective action including those actions required by 10CFR50.36 when automatic 2 of 34 pages

TSB - 020, R.1 Technical Specifications Branch proposed TSTF Westinghouse Standard Technical Specifications Reactor Trip System and Engineered Safety Feature Actuation Instrumentation protective devices do not function as required. Note that, although the channel is "OPERABLE" under these circumstances, the trip setpoint should be left adjusted to a value within the established trip setpoint calibration tolerance band, in accordance with uncertainty assumptions stated in the referenced setpoint methodology (as-left criteria), and confirmed to be operating within the statistical allowances of the uncertainty terms assigned.

[Note: Alternatively, a TS format incorporating an Allowable Value only column may be proposed by a licensee. In this case the trip setpoint value of Table 3.3.1-1 is located in the TS Bases or in a licensee-controlled document outside the TS. Changes to the trip setpoint value would be controlled by 1 OCFR50.59 or administratively as appropriate, and adjusted per the setpoint methodology and applicable surveillance requirements. At their option, the licensee may include the trip setpoint in Table 3.3.1-1 as shown, or as suggested by the licensees' setpoint methodology or license.]

B 3.3.1 Reactor Trip System (RTS) Instrumentation BASES (NUREG-1431)

Insert 4 is determined by either "as-found" calibration data evaluated during the CHANNEL CALIBRATION or by qualitative assessment of field transmitter or sensor as related to the channel behavior observed during performance of the CHANNEL CHECK.

B 3.3.1 Reactor Trip System (RTS) Instrumentation BASES (NUREG-1431)

Insert 5 which incorporates all of the known uncertainties applicable to each channel. The magnitudes of these uncertainties are factored into the determination of each trip setpoint and corresponding Allowable value. The trip setpoint entered into the bistable is more conservative than that specified by the Allowable Value (LSSS) to account for measurement errors detectable by the COT. The Allowable Value serves as the Technical Specification operability limit for the purpose of the COT. One example of such a change in measurement error is drift during the surveillance interval. If the measured setpoint does not exceed the Allowable Value, the bistable is considered OPERABLE.

The trip setpoint is the value at which the bistable is set and is the expected value to be achieved during calibration. The trip setpoint value ensures the LSSS and the safety analysis limits are met for surveillance interval selected when a channel is adjusted based on stated channel uncertainties. Any bistable is considered to be properly adjusted when the "as left" setpoint value is within the band for CHANNEL CALIBRATION uncertainty allowance (i.e., +/- rack calibration + comparator setting uncertainties). The trip setpoint value of Table 3.3.1-1 is therefore considered a "nominal" value (i.e., expressed as a value without inequalities) for the purposes of COT and CHANNEL CALIBRATION.

3 of 34 pages

TSB - 020, R. 1 Technical Specifications Branch proposed TSTF Westinghouse Standard Technical Specifications Reactor Trip System and Engineered Safety Feature Actuation Instrumentation B 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation BASES (NUREG-1431)

Insert 6 The Allowable Value in conjunction with the trip setpoint and LCO establishes the threshold for ESFAS action to prevent eXceeding acceptable limits such that the consequences of Design Basis Accidents (DBAs) will be acceptable.

The Allowable Value is considered a limiting value such that a channel is OPERABLE if the setpoint is found not to exceed the Allowable Value during the CHANNEL OPERATIONAL TEST (COT). Note that, although a channel is "OPERABLE" under these circumstances, the ESFAS setpoint must be left adjusted to within the established calibration tolerance band of the ESFAS setpoint in accordance with the uncertainty assumptions stated in the referenced setpoint methodology, (as-left criteria) and confirmed to be operating within the statistical allowances of the uncertainty terms assigned.

B 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation BASES (NUREG-1431)

Insert 7 is determined by either "as-found" calibration data evaluated during the CHANNEL CALIBRATION or by qualitative assessment of field transmitter or sensor, as related to the channel behavior observed during performance of the CHANNEL CHECK.

B 3.3.2, Engineered Safety Feature Actuation System (ESFAS) Instrumentation BASES (NUREG-1431)

Insert 8 A detailed description of the methodology used to calculate the Allowable Value and ESFAS setpoints including their explicit uncertainties, is provided in the "RTS/ESFAS Setpoint Methodology Study" (Ref. 6) which incorporates all of the known uncertainties applicable to each channel. The magnitudes of these uncertainties are factored into the determination of each ESFAS setpoint and corresponding Allowable Value. The nominal ESFAS setpoint entered into the bistable is more conservative than that specified by the Allowable Value to account for measurementerrors detectable by the COT. The Allowable Value serves as the Technical Specification operability limit for the purpose of the COT. One example of such a change in measurement error is drift during the surveillance interval. If the measured setpoint does not exceed the Allowable Value, the bistable is considered OPERABLE.

The ESFAS setpoints are the values at which the bistables are set and is the expected value to be achieved during calibration. The ESFAS setpoint value ensures the safety analysis limits are met for the surveillance interval selected when a channel is adjusted based on stated channel uncertainties. Any bistable is considered to be properly adjusted when the "as-left" setpoint 4 of 34 pages

TSB - 020, R.1 Technical Specifications Branch proposed TSTF Westinghouse Standard Technical Specifications Reactor Trip System and Engineered Safety Feature Actuation Instrumentation value is within the band for CHANNEL CALIBRATION uncertainty allowance (i.e. calibration tolerance uncertainties). The ESFAS setpoint value of Table 3.3.1-1 is therefore considered a "nominal value (i.e., expressed as a value without inequalities) for the purposes of the COT and CHANNEL CALIBRATION.

5 of 34 pages

TZ3b- 0.Dj RTS Instrumentation 3.3.1 Table 3.3.1-1 (page 1 of 8)

Reactor Trip Systm Instrumentatlon APPLICABLE ODES OR OTMER SPECIFIED

• NDITJONS CHANMELS WVEILLANCE CONITIONS REQUIREMENTS VALUE AL ALLOWABLE

`

IVTOR,07La0

1.

Manul meactor Trip

2.

Power Rtang Neutron flux

a. uigh

b.

Low 1,2 3(b). 60). 50) a C

a 1.2 1(0),2 SR 3.3.1.14 Sk 3.3.1.14 D

US 3.3.1.1 SR 3.3.1.1 SR 3.3.1.7 Sk 3.3.1.11 sRt 3.3.1.16 SR 3.3.1.1 SR 3.3.1.8 SR 3.3.1.11 St 3.3.1.16 IMA NA NA NA "Sl11.232 rim%93 UTP T

S 027.231 UTP 4tz iRTP

3.

Power Range Neutron Flux Rate

a.

Nigh Positive Rate

b.

Nigh Negative Rate

.4. Intermediate Range Neutron flux' 1,2 1,2 1Ic). 2(d) 4 2

I SR 3.3.1.?

SR 3.3.1.11

[

$R 3.3.1.7 SR 3.3.1.11 SRt 3.3.1.16 F.t SR 3.3.1.1 SR 3.3.1.8 St 3.3.1.11 USt 3.3.1.1 SR 3.3.1.1 SR3.3.1.11 S 06.81 RTP (62103 RTP with time with time constant constant aI 1i sec t*

sec S 16.821 RTP RSIXa with time with tie costant constant S 013% RTP RI2P19 M

S 131I1 RTP as5x RTP (continued)

(a)

Reviewer's Note: Unit specific iaplmentattons my contain only Allowable Value depeding on Setpoint Study methodology used by the unit.

(b)

UIfth Reactor Trip Breakers (RTBs) closed end Rod Control System capable of rod withdrawal.

(c)

Below the P-10 (Power Range Neutron Flux) Interlocks.

(d)

Above the P-6 Clntemediate Range Neutron Flux) interlocks.

(e)

Below the P-6 (Intermediate Range Neutron flux) interlocks.

3.3-15 Rev 1, 04/07/95 of 34 pages C

FUNrCTION C

a.

C WOG STS

-7,15-OZo) IZŽA RTS Instrumentation 3.3.1 Table 3.3.1-1 (page 2 of 8)

Reactor Trip System InstrumentatItn FUNCTION S. Source RInge Neutron Flux APPLICABLE NODE8 O OTHER SPECIFIED CONDITIONS afe) 3(b) 1Cb). 1(b) 3(f), 4 (f), 5(f)

6. Overtexperature AT

?. Overpower AT 1,2 1,2 REUIRED CNANNELS I

I 913 143 142 WAVEILLANCE CONDITIONS REQUIREMENTS 1,j St 3.3.1.1 5t 3.3.1.8 St 3.3.1.11 U 3.3.1.16 Jz SK 3.3.1.1 U 3.3.1.7 Sk 3.3.1.11

• 3.3.1.16 L

t 3.3.1.1 Sk 3.3.1.11 it a 3.3.1.1 St 3.3.1.3 3t 3.3.1.6 N 3.3.1.7

• k 3.3.1.12 S* 3.3.1.16 a

SR 3.3.1.1 S0 3.3.1.7 St 3.3.1.12 82 3.3.1.16 VAU.

u1PO:NT(a)f6D s 11.4 152

• [1.o35 S 11.4 53 ups op VIA Refer to Note I (Page 3.3-21) lefer to Note 2 (Page 3.3-22)

I/A Refer to Note I (Page 3.3-210 Refer to Note 2 (Page 3.3-22)

(contlnusd)

(a)

Revieer's Note: Unit specific isplementatins my contafn onty Allowable Value dqpndig on setpoint Study osthodlow used by the unit.

(b)

With lTis closed and Red Control Systai capable of rd wfthdr&wlt.

(a)

Ioto' the P-6 (Cntermddimto Range Neutron Flux) Interlocks.

(f)

With the ITS, open.

In this aonditfon, source range fuctf On does not provide reactor tri p but does provide (input to the #oron Dilution Protection tystem (LCO 3.3.9). anod Indication.

a WOG STS 3.3-16 Rev 1, 04/07/95

___Enclosure 8 of 34 pages.

C C

ci

78- 0z2c), (z RTS Instrumentation 3.3.1 Tabte 3.3.1-1 (page 3 of 8)

Reactor Trip System Instrumentation RXHCTION APPLICABLE NODES OR OTHER SPECIFIED CONDITIONS S. Pressurizer Pressure

a.

Low

b. Nigh

9. Pressurizer Water Level -N igh

10.

Reactor Coolant Flow-Low

a. sfngle Loop

b.

Two Loops Ift) 1,2 i(c)

Ih) 10I)

URUIRM CHANNELS t4]

3 3 per loop 3 per loop SURVEILLANCE CONDITIONS RIEIJIRENENTS I

SIt 3.3.1.1 SR 3.3.1.7 sR 3.3.1.10 SR 3.3.1.16 SR 3.3.1.1 SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.16 N

SR 3.3.1.1 SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.1 SR 3.3.1.?

St 3.3.1.10 SR 3.3.1.16 N

SR 3.3.1.1 SR 3.3.1.7 sR 3.3.1.10 St 3.3.1.16

VALL, 3ETPOINTM

[ 118166 11003 psll psi$

S M33963 pill psiI S L93.821 et221l 1

.69.2213%

d (continued)

(a)

Revfewerts Note: Unit specific llplpmentations m-y contain only Allowable Value depending en Setpofnt Study methodology used by the unit.

(g)

Above the P-7 (Low Power Reactor Trips Stock) Interlock.

(h)

Above the P-S (Power Range Neutron Flux) interlock.

(M)

Above the P-7 (Low Power Reactor Trips Block) interlock and below the P-3 (Power RNowe Neutron Flux) interlock.

3.3-17 Rev 1, 04/07/95 of 34 pages ci S

C 0'

Sc WOG STS

-,SB-ozo, R.1 RTS Instrumentatio'n 3.3.1 Tabte 3.3.1-I (page 4 of 8) eactor Trip System Instrnmentatfmn APPLICABLE NODES OR OTHER SPECIFIED CONDITIONS REOUIRM CHANNELS CONDITIONS

11.

Reactor coolant "Pump (RCP) Ireaker Pesition

a.

Single Loop

b. Tue Loeps

12.

unkdervoltage UEPS

13.

Underfrequency RCPs

14.

Steam Generator (SO)

Water Level -Low Low

15.

50 water Level - Low Coincident with Steam Flow/

Feemacter Flow Ni siatch lch) 1(I) 1(I) 1,2 1,2 1.2 1 per I1per IWP 94 per 2 per S 2 per SO 0

U 3.3.1a L 01 SR 3.3.1 i U

SR~

sR 3.3.1.9 SM 3.3.1.10 SR 3.3.1.16 N

= 3.3.1.9 SR3.3.1.10 SR 3.3.1.16 I5 SR 3.3.1.1 SR 3.3.1.?

SR 3.3.1.10 St 3.3.1.16 I.

tU 3.3.1.1 S$ 3.3.1.7 SR 3.3.1.10 S 3.3.1.16 a 3.3.1.1 SR 3.3.1.7 SR 3.3.1.10 SR 3.3.1.16 MA MA IA NA I 947602 V (U8302 V 1 957.13z M

57.52 Rz a*

00.421 0 [2.331 "1 130.421 M2.3]1 S 942.-53 full stem flow at RTP fu tow mtT f Low at RTP (continued)

(a)

Neviewerts Note: Unit specific Iafintstftons my contain only Altowabte Value dFpatne en Setpoint Study methodology used by the unit.

(s) Above the P-? (Low Power Reactor Trips Steck) interLock.

(h)

Above the P-8 (Power Range Neutron Flux) interlock.

(f) Above the P-? (Low Power Reactor Trips stock) interlock and below the P-8 (Power Ralne Neutron Flux) Interlock.

WOG STS 3.3-18 a

Rev 1, 04/07/95 0 of 34 pa es C

RJMCTION I

SURVEILLANCE 2E;IUI RENENiTS REGUIRENENTS ALLOE TRIP C

4L

RTS Instrumentation 3.3.1 Table 3.3.1-1 (page 5 of 8)

Reactor Trip Systm Instrumentation APPLICABLE NMES OR OTMER SPEC! FIED CONDITbONS REQUIRED NAMWEM T IIJILLATCE WM21IONS REQUIREMMENS ALLOWAILF 6rrPIOtmwL.f RTS EA nsEtruent I~n

)

16.

Turbine Trip

a.

Low Fluid Oil Pressure

b. Turbine Step Valve Closure

17.

Safety InjectiOn (S1)

Input from Engineered Safety Feature Actuation System CESFAS)

18.

Reactor Trip System Interlocks

a.

Intermediate Range Neutron Flux, P*6

b.

Low Power "Reactor Trips Block, P-7

c. Power Range Neutron Flux, P-8

d.

Power Range Neutron Flux, PF9

e.

Power Rage eutran Flux, P-10

f.

Turbine Impulse Pressure, P-13 1(j) 1,2 tCe)

I 1

1 1.2 I

31 2 traim 2

I per train 4

a SRt 3.3.1.10 SRt 3.3.1.15 p

82 3.3.1.10 4 3.3.1.15 a

Sk 3.3.11 pui it t112 opon KA

ýpsiq

• )

t1A open MA R 3.3.1.11 a t61-112 i[E-10]

SR 3.3.1.13 T

SR 3.3.1.11 SR 3.3.1.13 NA VA St 3.3.1.11 S 150.221

[43S2 RTP SR 3.3.1.13 RuP I

SK 3.3.1.11 S 152.2Z Y

S03% RITP SA 3.3.1.13 ItP S

SRa 3.3.1.11 a M1.821 sU 3.3.1.13 RITP and S [12.221 RtIP T

tSR 3.3.1.13 S V12.23%

SA 3.3.1.10 turbine St 3.3.1.13 power power (continued)

(a)

Reviewer's Note:

Unit specific implmntatfons my cantain only Allowable Value depending on Setpofnt Study ethodology used by the unit.

(e)

low the P-6 (intermediate Range Neutron Flux) interlocks.

(j)

AcethjCP-ower Range Neutron Flux) Interlock.

(-)

WOG STS 3.3-19 Rev 1, 04/07/95 1 of 34 pages 9'

C FUNCTION C

C.

r-S8-O02-61 RZJ RTS Instrumentation 3.3.1 Table 3.3.1-1 (pgeg 6 of 8)

Reactor Trip System Instrumntatlon APPLICAULE NIES ON OTHER PICIFID REQIRED COIxlTIONS CWELS -*ONDITIOhh URVEILANCE RIWIREMENTS VALUE SETPOINT(O)

19.

ector1.2 trains a

a 3.3.1.4 NA MA froakersil 3 (b). 4b). S(b) trains C

Sk 3.3.1.4 VA NA

20.

Reactor Trip 1,2 1 each V

SR 3.3.1.4 NA MA Ireaker per tRT Undervottaige and Shunt Trip 3 0b). 4(b), SOb)

I 'Guh C

A 3.3.1.4 MA VA Ndchan'mu per ITS

21.

Automatic Trip 1,2 2 trains a

SR 3.3.1.5 NA VA Logic 3Sb) 4(b) sCb) 2 trains C

R 3.3.1.5 MA MA Ca)

Reviewer's Note: Unit specific Imptlmntations my contain only Allowabte Value depend on Setpoint Study methodology ued by the unit.

ib)

With MTIs closed and Rod Control System capable of red withdralt.

(k)

Including a& reactor trip bypass breakers that are racked in and closed for bypassing an IT.

WOG STS 3.3-20 Rev 1, 04/07/95 2 of 34 pages C

FUNCTION j

C f.

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 2 of 8)

Engineered Safety Feature Actuation System instrumentation APPLICABLE NEStilt OTNER SPECIFIED

• OIWbS REWIIED CKANNELS MVEUILANCE CoWDITImOt REQOUWRENTS ALLSUALE TRIP A

vALIE 6C)

SE~oCa) (c

1.

Safety Injection (cont inud)

s.

Nigh Stem Flow In Two Stem Lines Coincidont uith Stem Line Pressure -

Low

2.

Contaimnt Spray

a.

Manuat Initiation

b.

Automatic Actuation Logic Wd Actuation Relays

c.

Containment Pressure Kish-3 (Nigh Nigh)

Nigh-3 (Two Loop Plants)

p.

4 1 t2.3(d) 2 per stom line

.102.3(d) 1 per steam line 1.23,34 2 per train, 2 trains 1,2,3,&

2 trains 1.2,3 1.2.3 033 sets of 123 U

5' SR SR SR sa SR SR 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 3.3.2.1 3.32.5 3.3.2.9 3.3.2.10 8

SR 3.3.2.8 C

SR SR SR S

SR SR Sit St St Sk SR St 3.3.2.2 3.3.2.4 3.3.2.6 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 We) if)

I t6353 16733 Pisi psil NA IA 1A IA S V12.313 012.052 poi$l pail S 112.313 E) 112.05]

piol psiI (continued)

(s)

Ieviewer's Note: Unit specific iptementatfons my contain only Allowable Value depending on Setpotnt Study methodology used by the unit.

6c) Time constants used in the lead/too controller are t, i 1503 seconds and t' S CS] seconds.

(d)

Above the P-12 (T, -Low Low) interlock.

te) Less than or equal to a function defined as AP corresponding to [443% full stem flow below 120J2 toad, and AP ihcreasing linearty from 1*3% MIu.

steam flow at k203% toad to f11143% full stem flow at 11003% toad, and AP corresponding to t111]4 full steam flow above 1002 toad.

(f)

Less than or eAtl to a function defined as AP corresponding to U02 full steam flow betwtee 103 and 12021 led and then a AP increasing lineatly from 14031 Stem flow t 1:2031 toad to t11031 full steam flow at 10002 load.

a WOG STS 3.3-33 Rev 1, 04/07/95 3 of 34 pages

( C FWICTIOa

T78- 0

) Q-1 WSFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 3 of 8)

Engineered Safety Feature Actuation System Instruentation APPLICABLE OTHER SPECIFIED CONDITIONS CHANNELS WUVEILLANCE CMITIONS REOUIREMENTS 140MIS3AL.

ALOLWALE TRIP VALUE (Y-)

SETPOIHTC5)CI)

3.

Contairmant Isolation

a.

Phase A isolation (1) anuel initiation (2) Automatic Actuation Logic aid Actuation Relays (3) Safety Injection 1,2,3,4 2

1.2.3,4 2 trains I

SO 3.3.2.8 C

St 3.3.2.2 SR 3.3.2.4 SR 3.3.2.6 Refer to Function I (Safety Injection) for aMt initiation functions and requiremnts.

(1) anualt Initiation (2) Automatic Actuation Logic awd Actuation Relays (3) Contairment Pressure 1,2,3,4 2 per train, 2 trains 1.2.3.4 2 trains a

$A 3.3.2.8 C

IR SR SR 3.3.2.2 3.3.2.4 3.3.2.6 SR SR SR S (12.313 C

(12.05)

Palo

/

psll

4.

Stem Line Isolation

a. Naraul Initiation 2

b.

Automatic Actuation Logic and Actuation Relays 2 trains F

SR 3.3.2.8 S

SR SR SR 3.3.2.2 3.3.2.4 3.3.2.6 (continued)

(a)

Reviewerts Note: Unit specfic It ptlmentations my contain only Allowable Value dependng n Sltpofnt Study methodology used by the unit.

(i)

I whent tll NSIVs are closed and [de-activateld.

wO0MS 3.3-34 Rev 1, 04/07/95 4 of 34 pages FUNCTION

)

MA MA MA

b.

Phase I Isolation IA MA NA MA nigh -3 (High Nigh) 1,2,3 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 NA NA KA

[43 1.1M,20!),

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 4 of 8)

Engineered Safety Feature Actuation Systm Instruminnation fi SURVEILLANCE CONITIONS REGUIRMENMTS ALP oM L.

ALLOI.A1IASM TRIP VALUE 00-STPIMUT(a) ¢'

V')

SETPOINTCa)( IL)

4.

Stem Line Isolation (continued)

c. Containmten Pressure - Niohb

j. 29) 3(i) 042

d.

Stem Line Pressure

01) Low (2) Negative Rate - Nigh

e.

Hig Steam flow in Two Steam Lines Coincident with T.n -Low Low 1.2(l).

3(b)(1) 3(s)(I) 1, 2 i),.

3(1) 1.2(0).

3(d)(i) 3 per stem tlie 3 per stem lfne 2 per stem line Iper

.loop 0

Sk St aR MR 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 S

SR 3.3.2.1 SA 3.3.2.5 SM 3.3.2.9 Si.3.3.2.10 0

SR St SR SR SR SR SU 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 k 16352 16?75(2)

Paig psll S [121.6)(h) 11103(h) psi/sec pai/sec (0)

Cf)

I 9550.636F 1553 *F (continued)

(a)

Revieweres Note:

Unit specific iqlPtmentatios my contain only Allowable Value depending on Setpoint Study methodology used by the unit.

Mb) Above the P-11 (Pressurizer Pressure) interlock.

Cc) Time constants used in the lead/lag controtter are t, a 1303 seconds nd t8 S s.5 seconds.

(d)

Above the P-12 (T..-Low Low) interlock.

(e)

Less than or equal to a function defined as £P corresponding to 144X full stem ftow below 120Z load, £P increasing linearly from t442% full steam flow at 120MI load to [1143% full stem flow at [10012 toad, and AP correspondfng to 11142X full steam flow above 1002 toed.

(f)

Less than or equal to a function defined as AP corresponding to 1403% full team flow between 103X and 1202X toad and than a AP Increasing tliearty from [1032 stem flow at 12032 load to 111032 full stem flow at 110022 load.

(g) Below the P-11 (Pressurizer Pressure) interlock.

(h)

Time constant utilized In the rate/tag controller is S [50] seamcu (i) Except when all HSIVs are closed and Ide-activated.

A11)

(

WOG STS 3.3-35 Rev 1, 04/07/95

-Enclo.sure 15 of 34 pages FUICTION APPLICABLE NODES OR OTHER SPECIFIED cw TyOs REWUIRED CHANMELS 0

St 3.3.2.1 S t6.613 SR 3.3.2.5 Pil ER 3.3.2.9 ER 3.3.2.10 C6-353 poll J

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (pege 5 of 8)

Engineered Safety Feature Actuation Systm Irstruaontatlon SURVEILLANCE CONDITIONS REQUIREMENTS ALLUVWA&L (

MY EPOT VALE TPOINTCS)(K)

4. Stem Line Isolation (contined)

f.

Nigh Stem Flow In Two Stem Lines Coincident with Stem Line Pressure - Low

g.

Nigh Stem Flow 1.2(i).

3(1) 1.2. Ci) 3(i) 1.2(0),

3 "I) 2 per stem Line 1 per stem line 2 per stem line D

S8 SR St St D

Sa SR SR st SR SR SR SR 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 (e)

(f) s COMM t

52(ec) pollg Pail S W25)l of full stem flow at no load stem pressure steel full stem flow at no load stem pressure Coincident with Safety Injection and Coincident with T.,-Low Low

h.

• igh Nigh Stem Flow Coincident with Safety Injection Refer to Function I (Safety functions and requtrments.

1.20I).

3 (d)Ci) 1.2(f).

3"I)

-2W per loop 2 per stem Sine Injection) for all initiation D

SR SR St SR Sit SR 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 aS 550.630F 9553 )*F S 1130)% of full stem flow at full toad stem pressure l2 of 1tit stem flow at full LOad stem pressure Refer to Function 1 (Safety Injection) for all initiation functions nd reqJirments.

(continued)

(a)

Reviewer's Note:

Unit specific iplmentatIons my Contain only Attowable Value depending on Setpoint Study iethodology used by the unit.

Wd) Above the P-12 (T..,-Low Low) interlock.

(1) twhen all NSIVs are closed and [de-actfvateM.

I W

WOG STS 3.3-36 Rev 1, 04/07/95 6 of 34 pages FUINCTION APPLICABLE NODES OR OTNEI SPECIFIED CMONITIONS CHAINELS I

735 8- 02.o aR. I ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 6 of 8)

Engineered Safety Feature Actuation System Instrumentation REQUIRED CHANNELS CONDITIONS SURVEILLANCE REQUIRE[ENTS ALLOI&ASLE VALUE ()

TRIP sLypolorTC0)0"

5.

Turbine Trip nd feedwater Isolation

a.

Automatic Actuation Logic and Actuation

&elays

b.

SC Water Level - Nigh Nigh (P-14)

c.

Safety Injection

6.

Auxi Liary Feedwater

a.

Automatic Actuation Logic and Actuation Relays (Solid State Protection System)

b.

Automatic Actuation Logic and Actuation Relays (Satance of Plnt ESFAS) t 2 trains 1, 2 MJ) g33 (j) 1.20).

1, (J),

91) per So Refer to Function I (Safety functions and requirewnts.

1,2.3 2 trains 1.2.3 2 trains N16 St 3.3.2.2 S

3.3.2.4 Si 3.3.2.6 3 M3 SR SR SR SR 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 S 9"6.23%

M52.43%

Injection) for all initiation S

SR SR SR 3.3.2.!

3.3.2.4 3.3.2.6 6SR 3.3.2.3 C. So Water Level - Lou Low 1,2,3 132 per So S

SR 3.3.2.1 SR 3.3.2.5 SR 3.3.2.9 SRt 3.3.2.10 a W30.4]S 7

132.23%

(continued)

(C)

Reviewer's Note: Unit sW ific fNPq~

tntatioms my contain only Atlowable Value depending on Setpoint Study oethodotogy used by the unit.

(C)

Except when sit MFIVs, MFRVs, land associated bypass valtvs are closed and ode-activatedo for isotated by a ctosed m-,at vatve).

(K)

I WOG STS 3.3-37 Rev 1, 04/07/95 7 of 34 pages b

FNCTION APPLICASLE "WODES OR OTHER SPECIFIED CONDITIONS MA IA MA MA MA MA

7' 8 -ozoUR ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (poae 7 of 8)

Engineered Safety Feature Actuation Systoem IrstrWmmntatin REQUIRED CHANNELS CONDITIONS SURVEILLANCE REQUIREKENTS ALLOWABLE TRIP VALUE (K)

SITPOINTCC)OF)

6.

Auxiliary Feedeater (continued)

d.

Safety Injection

e.

Loss of Offsite Power

f.

Undervottege Reactor Coolant

g.

Trip of alt Main Foeewater Pumps

h.

Auxiliary Feedwater Pump Suction Transfer on Suction Pressure - Low

7.

Automtlc Switchover to Containpont Sump

a.

Automatic Actuation Logic and Actuation Relays

b.

Refueting Voter Storage Tonk CRWST) Level -Low Low Refer to Function I (Safety Injection) for all initiation functions and requiremnts.

1.2.3 13 per bus 1,2

[3) per bus 1,2

[23 per PUNSp 1.2.3 1.2,3.4 2 trains 1,2,3.4 F

SR SR SR I

SR SA SR J

SR SR SR 3.3.2.7 3.3.2.9 3.3.2.10 3.3.2.?

3.3.2.9 3.3.2.10 3.3.2.8 3.3.2.9 3.3.2.10 U

SA 3.3.2.1 SR 3.3.2.?

SR 3.3.2.9 C

SR SR SR I(

SRt SR SR SR 3.3.2.2 3.3.2.4 3.3.2.6 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 a

(29123 V with S 0.8 sec tim delay with S 0.8 sec time delay 1 (693% bus (t7'O)z bus voltage voltage k 1 3 psig

(]t3 pais k (20.53)

(*

3 (pae)0W psea)

NA NA a[153% and k !ad S []3 S

3)

Coincident with Safety Injection Refer to Function 1 (Safety injection) for all initiation functions ind requirimnts.

(continued)

CS)

Rovieweres Note: Unit specific implteentations my contain only Allowable Value depending on Setpoint Study methodology used by the unit.

)

(

Rev 1, 04/07/95 8 of 34 pages FUCTION APPLICABLE NOES OR OTHER SPECIFIED COND IT IONS

1 g

WOG STS 3.3-38

APPLICABLE NMES R

OTHER, SPECIF]ED 1usinM COMD ITIi8s CHUANELS SURVEILLANCE CCWIHTIONS REOUIRENEMTS NoMigAj..

ALLOWUALE TRIP VAUE(.u.) SETPOINT(S~)t)

7.

Automatic Switchover to Containment Sup (cont inued)

C. RWST Level -Lou Low Coincident with Safety Injection Coincident with Containment Sop Level -Nish B.

WSFAS Interlocke

a. Reactor Trip. P-4

b.

Pressurizer Pressure, P-11

c. T,-Low Low, P-12 I

1,.,3,4 4.

S SIt 3.3.2.1 It 3.3.2.5 SR 3.3.2.9 3.3.2.10 I [MS12 Refer to Function 1 CSafety Injection) for all Initiation functions and requirments.

1,2,3,4 1.2.3 1,2,3 K

Sit SR Sit lSt I per train, 2 trains 3

1,2,3

[1 per lowp 3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.10 F

SR 3.3.2.11 L

SR Si SR L

SR SR a

3.3.2.1 3.3.2.5 3.3.2.9 3.3.2.1 3.3.2.5 3.3.2.9 1 0303 in..

above at. [703 ft mA S [1199 Pasi a 050.6FF (a) Reviewer's Note: Unit specific irpltmentatiS lmy contain only Allowable VaLue depending on Setpofnt Study methodology used by the unit.

Th's e

(

WOG STS 3.3-39 Rev 1, 04/07/95 9 of 34 pages FUICTION

[1833 in.

above St. I 3ft NA it**

peig T

B -O2o,.

WSFAS Instrumentation 3.3.2 Tabte 3.3.2-1 (poage 1 of 8)

Engineered Safety Feature Actuation Systen Instrumentation

RTS Instrumentation B 3.3.1 B 3.3 INSTRUMENTATION B 3.3.1 Reactor Trip System (RTS) Instrumentation BASES BACKGROUND The RTS initiates a unit shutdown, based on the values of selected unit parameters, to protect against violating the core fuel design limits and Reactor Coolant System (RCS) pressure boundary during anticipated operational occurrences (AOOs) and to assist the Engineered Safety Features (ESF)

Systems in mitigating accidents.

The protection and monitoring systems have been designed to assure safe operation of the reactor.

This is achieved by specifying limiting safety system settings (LSSS) In terms of parameters directly monitored by the RTS, as well as specifying LCOs on other reactor system parameters and equipment performance.

t*he-L-S-S defined in this specification as the [Trip etpointdj, in conlunction with the LCOs, establish the-%..

7 Vthreshold for protective system action to prevent exceedingi S"

a
cceptable limits during Des:tn Basis Accidents (DBAs).

s During AOOs, which are those events expected to occur one or more times during the unit life, the acceptable limits are:

1.

The Departure from Nucleate Boiling Ratio (DNBR) shall be maintained above the Safety Limit (SL) value to prevent departure from nucleate boiling (DNB),

2.

Fuel centerline melt shall not occur; and

3.

The RCS pressure SL of 2750 psia shall not be exceeded.

Operation within the SLs of Specification 2.0, 'Safety Limits (SLs),

also maintains the above values and assures that offsite dose will be within the 1O.CFR 50 and 10 CFR 100 criteria during AOOs.

Accidents are events that are analyzed even though they are not expected to occur during the unit life. The acceptable limit during accidents Is that offsite dose shall be maintained within an acceptable fraction of 10 CFR 100 limits. Different accident categories are allowed a (continued)

WOG STS B 3.3-1 Rev 1, 04/07/95 0 of 34 pages

-'rS o.2 o R.

RTS Instrumentation B 3.3.1 BASES BACKGROUND different fraction of these limits, based on probability of (continued) occurrence.

Meeting the acceptable dose limit for an accident category is considered having acceptable consequences for that event..

The RTS instrumentation is segmented into four distinct but interconnected modules as Illustrated in Figure [ ], FSAR, Chapter [7] (Ref. 1), and as identified below:

1.

Fteld transmitters or process sensors: provide a measurable electronic signal based upon the physical characteristics of the parameter being measured;

2. Signal Process Control and Protection System, tncluding Analog Protection System, Nuclear Instrumentation System (NIS), field contacts, and protection channel sets: provides signal conditioning, bistable setpoint comparison, process algorithm actuation, compatible electrical signal output to protection system devices, and control board/control room/miscellaneous indications;

3.

Solid State Protection System (SSPS), including input, logic, and output bays: initiates proper unit shutdown and/or ESF actuation in accordance with the defined logic, which is based on the bistable outputs from the signal process control and protection system; and

4.

Reactor trip switchgear, including reactor trip breakers (RTBs) and bypass breakers:

provides the means to Interrupt power to the control rod drive mechanisms (CRDMs) and allows the rod cluster control assemblies (RCCAs), oryrods,w to.fall into the core and shut down the reactor.

The bypass breakers allow testing of the RTBs at power.

Field Transmitters or Sensors To meet the design demands for redundancy and reliability, more than one, and often as many as four, field transmitters or sensors are used to measure unit parameters.

To account for the calibration tolerances and instrument drift, which are.assumed.dto occur between cal brations, statistical allowances are provided in the ripetpoint and Allowable x

(continued)

WOG STS B 3.3-2 Rev 1, 04/07/95 EPPp -rsiu rs,-e 2 o-f.-ý ag ý _

. 7-56-OZoP RTS Instrumentation B 3.3.1 BASES BACKGROUND Field Transmitters or Sensors (continued)

SValues.

The OP RABLT nf @ ach transmitter or canor

[be valate whn its "is found" calibration data are

• compared against its documented acceptance criteria.*

Signal Process Control and Protection System Generally, three or four channels of process control equipment are used for the signal processing of unit parameters measured by the field instruments.

The process control equipment provides signal conditioning, comparable output signals for instruments located oh the main control board, and comparison of measured input signals with setpoints established by safety analyses.

These setpoints are defined in FSAR, Chapter [7] (Ref. 1), Chapter [6]

(Ref. 2), and Chapter [15] (Ref. 3).

If the measured value of a unit parameter exceeds the predetermined setpoint, an output from a bistable is forwarded to the SSPS for decision evaluation.

Channel separation is maintained up to and through the input bays.

However, not all unit parameters

(

require four channels of sensor measurement and signal processing.

Some unit parameters provide input only to the SSPS, whil e others provide input to the SSPS, the main control board, the unit computer, and one or more control systems.

Generally, if a parameter is used only for input to the protection circuits, three channels with a two-out-of-three ogic are sufficient to provide the required reliability and redundancy.

If one channel fails in a direction that would not result in a partial Function trip, the Function is still OPERABLE with a two-out-of-two logic. If one channel fails, such that a partial Function trip occurs, a trip will not occur and the Function is still OPERABLE with a one-out-of-two logic.

Generally, if a parameter is used for input to the SSPS and a control function, four channels with a two-out-of-four logic are sufficient to provide the required reliability and redundancy.

The circuit must be able to withstand both an input failure to the control system, which may then require the protection function actuation, and a single failure in the other channels providing the protection function actuation.

Again, a single failure will neither cause nor (continued)

WOG STS B 3.3-3 Rev 1, 04/07/95 2 of 34 pages

7

• b-02-OW RTS Instrumentation' B 3.3.1 BASES J

BACKGROUND SItnal Process Control and Protection System (continued) prevent the protection function actuation.

These requirements are described in IEEE-279-1971 (Ref. 4).

The actual number of channels required for each unit parameter is specified in Reference 1.

Two logic channels are required to ensure no single random failure of a logic channel will disable the RTS.

The logic channels are designed such that testing required while the reactor is at power may be accomplished without causing trip. Provisions to allow removing logic channels from service during maintenance are unnecessary because of the logic system's designed reliability.

The lrip-betp-nfs are the nominal values at which the bistables are set.

Any bistable is considered to be properly adjusted when the'as left' value Is within thee ndd for CHANNEL CALIBRATION accuracy (i.e., t rackk calibration + comparator setting accuracy).

SThevlripspetpoints used in the bistables are based on the analyti;al limits stated in Reference 1. The selection of X

theseTrtip etpointsis such that adequate protection is provided when all sensor and processing time delays are taken into account.

To allow for calibration tolerances, instrumentation uncertainties, instrument drift, and severe environment errors for those RTS channels that must function n harsh onvironments as defined by 10 CFR 50.49 (Ref. 5),

119-Rne~rip 9e-Ug~nts-a:nd Allowable Values specified in Table 3.3.1-1 in the accompanying LCO are conservative istea~with respect to the analytical imts.

A d,,

U ptIon' of the methodology used to calculate therlp rip x 1S'etpoints, Including their explicit uncertainties, is

" ovided~inthe IRTS/ESFAS.Setpoint Methodology Stud

"(e fThe ac ua nomlnal r*p etpoenf entered into the

• ltabe I'smore conservative than that specified by the

• Allowable Val-ue.to accountlfor changes in random measurement

[er.ror *s detectable by a COT. +One example of such a change in (measurement error is drift during the surveillance interval.

• f th me s rd st ont does not exceed the Allowable Value, the bistable is considered OPERABLE.

(continued)

WOG STS B 3.3-4 Rev 1, 04/07/95 3 of 34 pages

• I >5*- Zý)j R. I RTS Instrumentation B 3.

3.1 BACKGROUND

4T~iD Sto nt epa-.llwabie Vale

(,conti e~d re wrelmne Irg~~dpints

,,wimththhe AIown a eesr hat SLs are not violated during AO0s (and that the consequences

'd of DBAs will be acceptable roviding the unit is operated from within the LCOs at the onset of the AO0 or DBA and the equipment functions as designed).

Vote-that in thE' accompanying LCO 3.3.1, the Trip Setpoints "f Table 3.3.2;4 are the LSSS.,

Each channel of the process control equipment can be tested on line to verify that the signal or setpoint accuraty is within the specified allowance requirements of Reference 2.

Once a designated channel is taken out of service for testng ' a simulated signal is injected in place of the field instrument signal.

The process equipment for the channel in test is then tested, verified, and calibrated.

SRs for the channels are specified in the SRs section.

The Trip Setpoints and Allowable Values listed In '

Table 3.3.1-1 are based on the methodology described in Reference 6, which incorporates all of the known uncertainties applicable'for each channel.

The magnitudes of these uncertainties are factored into the determinatio of each Trip Setpoint.

All field sensors and signal processing equipment for these channels are assumed to SIoperate within the allowances of these uncertatnty j magnitudes.

Solid State Protection System

.The SSPS equipment is used for the decision logic processing of outputs from the signal processing equipment bistables.

To meet the redundancy requirements, two trains of SSPS, each performing the same functions, are provided.

If one train is taken out of service for maintenance or test purposes, the second train will provide reactor trip and/or ESF actuation for the unit. If both tEains are taken out of service or placed in test, a reactor trip will result.

Each train is packaged in its own cabinet for physical and electrical separation to satisfy separation and independence requirements.

The system has been designed to trip in the event of a loss of power, directing the unit to a safe shutdown condition.

(continued)

B 3.3-5 Rev 1, 04/07/95 E-nc-}csdre-e-f pages i

BASES r

WOG STS

ESFAS Instrumentation B 3.3.2 B 3.3 INSTRUMENTATION B 3.3.2 Engineered Safety Feature Actuation System (ESFAS)

Instrumentation BASES BACKGROUND The ESFAS initiates necessary safety systems, based on the values of selected unit parameters, to protect against violating core design limits and the Reactor Coolant System (RCS) pressure'boundary, and to mitigate accidents.

The ESFAS instrumentation is segmented into three distinct but interconnected modules as identified below:

Field transmitters or process sensors and instrumentation:

provide a measurable electronic signal based on the physical characteristics of the parameter being measured; 0

Signal processing equipment including analog protection system, field contacts, and protection Schannel sets: provide signal conditioning, bistable setpoint comparison, process algorithm actuation,

(

compatible electrical signal output to protection system devices, and control'board/control room/

miscellaneous indications; and Solid State Protection System.(SSPS) including input, logic, and output bays: initiates the proper unit shutdown or engineered safety feature (ESF) actuation in accordance with the defined logic and based on the bistable outputs from the signal process control and protection system.

cQi;t ild Transmitters or Sensors To meet the design demands for redundancy and reliability, "more than one, and often as.many as four, field transmitters or sensors are used to measure unit parameters.

In many cases, field transmitters that input to the ESFAS are shared with the Reactor Trip System (RTS).

In some cases, the same channels also provide control system inputs.

To account for calibration tolerances and instrument drift, which are assumed to occur between calibrations, statistical allowances are providedtin the Trip Setpoint and Allowable (continued)

WOG STS B 3.3-61 Rev 1, 04/07/95 Enclos.urq 25 of. 34 pages

Ts 8 - 02o

, p.)

ESFAS Instrumentation B 3.3.2 BASES BACKGROUND Field Transmitters or Sensors (continued) nse Values.

The OPERABILITY of each transmitter or sensor aýtt I eevaluated when its-,as -foundl calibration data are coth rid ag-ainst-itS dgcumbntid acce~taneg. criteIri.

Signal Processing EouIpment Generally, three or four channels of process control equipment are used for the signal processing of unit parametersmeasured by the field instruments.

The process control equipment provides signal conditioning, comparable output signals for instruments located on the main-control board, and comparison of measured input signals with setpointsestablished by safety analyses.

These setpoints are defined in FSAR, Chapter [6] (Ref. 1), Chapter [7]

(Ref. 2), and Chapter [151 (Ref. 3).

If the measured value of a unit parameter exceeds the predetermined setpoint, an output from a bistable is forwarded to the SSPS for decision evaluation.

Channel separation is maintained up to and through the in put bays.

However, not all unit parameters require four channels of sensor measurement and signal processing.

Some unit parameters provide input only to the SSPS, whi e others provide input to the SSPS, the main control board, the unit computer, and one or more control systems.

Generally, if a parameter is used only for input to the protection circuits, three channels with a two-out-of-three logic are sufficient to provide the required reliability and redundancy.

If one channel fails in a direction that would not result in a partial Functlon trip, the Function is still OPERABLE with a two-out-of-two logic.

If one channel fails such that'a partial Function trip occurs, a trip will not occur and the Function is still OPERABLE with a one-out-of two logic.

Generally, if a parameter is used for input to the SSPS and a control function, four channels with a two-out-of-four logic are sufficient to provide the required reliability and redundancy.

The circuit must be able to withstand both an input failure to the control system, which may then require the protection function-actuation, and a single failure in the other channels providing the protection function (continued)

)

WOG STS 8 3.3-62 Rev 1, 04/07/95 Enclosure ?6 of 34 pages

ESFAS Instrumentati n B 3.3.2 BASES BACKGROUND Signal Processina Eguipment (continued) actuation.

Again, a single failure will neither cause nor prevent the protection function actuation.

.These requirements are described in IEEE-279-1971 (Ref. 4).

,The actual number of channels required for. each unit parameter is specified in Reference 2.

The Trip Setpolnts are the nominal values at which the '

bistables are set.

Any btistable is considered to be properly adjusted when the *as left' value is within thel 2 band for CHANNEL CALIBRATION accuracy.

1 The Trip Setpoints used in the bistables are based on the analytical limits stated in Reference 2.

The selection of these Trip Setpoints is such that adequate protection is provided when all sensor and processing time delays are taken into account.

To allow for callbration tolerances, instrumentation uncertainties, instrument drift, and severe environment errors for those*ESFAS channels that must f

t environment as defined by10 CFR 50.49 j(uRtef'..5),

the rl e o1 ts an lAllowable Values specifiqd description ofthe methodology used to calculate the Trip Setpoints, includingtheir explicit uncertainties, is provided In the 'RTS!ESFAS Setpoint.Methodology Study" (Ref. 6),.

The actual nominal Trip Setpoint entered into the bistable is more conservative-than that specified by the Allowable Value to account for changes in random measurement errors detectable by a COT.

One example of such a change in measurement error is drift during the surveillance interval.

If the measured setpoint does not exceed the Allowable Value, the bistable is considered O SetpointsA LD_*

~

with theAllowable"Value ensure that the consequences o Design Basis Accidents (DBAs) will be acceptable, providing the unit is operated from within the LCOs at the onset of the DBA and the equipment functions as designed.

(continued)

B 3.3-63 Rev 1, 04/07/95 7 of 34 pages

(

I WOG STS

rA S

"F,5 6 - CiO,P.J ESFAS Instrumentation B 3.3.2

)

BACKGROUND BASES Solid State Protection System The SSPS equipment is used-for the decision logic processing of outputs from the signal processing equipment bistables.

To meet the redundancy requirements, two trains of SSPS, each performing the same functions, are provided.

If one train is taken out of service for maintenance or test purposes, the second train will provide ESF actuation for the unit.

If both trains are taken out of service or placed in test, a reactor trip will result.

Each train is packaged in its own cabinet for physical and electrical separation to satisfy separation and independence requirements.

The SSPS performs the decision logic for most ESF equipment actuation; generates the electrical output signals that "i

nitiate the required actuation; and provides the status, permissive, and annunciator output signals to the main control room of the unit.

The bistable outputs from the signal processing equipment are sensed by the SSPS equipment and combined into logic matrices that represent combinations indicative of various (continued)

B 3.3-64 Rev 1, 04/07/95 8 of 34 pages BASES

)

2' WOG STS

• "TTrip Setpoont-oaleVle (cniud Each channel can be tested on line to verify that the signal processing equipment and'setpoint accuracy is within the specified allowance requirements of Reference 2. Once a designated channel Is taken out of service for testing, a simulated signal is injected in place of the field instrument signal.

The process equipment for the channel in "test is then tested verified, and calibrated.

SRs for the channels are specified In the SR section.

fThe Trip Setpoints and Allowable Values listed in Table 3.3.2-i are basedOn the methodology described in Rerence 6, whichtincorpor~ates all of the known

• uncertainti-es applicable for each channel.

The magnitudes of these uncertainties are factored into the determination

.of ea ' h ITrip Setpoint.

All field sensors and signal processing equipment for these channels are assumed to operate within'the allowances of these uncertainty magnitudes.

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQUIREMENTS SR-3.32.11 (continued)

Trip Interlock, and the Frequency is once per RTB cycle.

This Frequency is based on operating experience demonstrating that undetected failure of the P-4 interlock sometimes occurs when the RTB is cycled.

The SR is modified by a Note that excludes verification of setpoints during the TADOT.

The Function tested has no associated setpoint.

REFERENCES

1.

FSAR, Chapter [6].

2.

FSAR, Chapter [7].

3.

FSAR, Chapter [15].

4.

IEEE-279-1971.

5.

10 CFR 50.49.

6.

OWESW-Setpoint Methodology Study.

7.

NUREG-1218, April 1988.

8.

WCAP-10271-P-A, Supplement 2, Rev. 1, June 1990.

9.

Technical Requirements Manual, Section 15, "Response Times."

Ps ea

,4.0r467.;,4e 10,"or B 3.3-120 Rev 1, 04/07/95 9 of 34 pages WOG STS I

TS b-( Re,;

RPS Instrumentation B 3.3.1 B 3.3 INSTRUMENTATION B 3.3.1 Reactor Protection System (RPS)

Instrumentation BASES BACKGROUND The.RPS initiates a reactor trip to protect against violating the core fuel design limits and the Reactor Coolant System (RCS) pressure boundary during anticipated operational occurrences (AOOs).

By tripping the reactor, the RPS also assists the Engineered Safety Feature (ESF)

Systems in mitigating accidents.

The protection and monitoring systems have been designed to assure safe operation of the reactor.

This is achieved by specifying limiting safety system settings (LSSS) in terms of parameters directly monitored by the RPS, as well as the LCOs on other reactor system parameters and equipment performance.

• he LSSS, defined in this Specification as the Allowable Walue, in conjunction with the LCOs, establishes the hreshold for protective system action to prevent exceeding

)

Mc-ptAblal.imits during Design Basis Ariidents During AOOs, which are those events expected to occur one or more times during the unit's life, the acceptable limit is:

a.

The departure from nucleate boiling ratio (DNBR) shall be maintained above the Safety Limit (SL) value;

b.

Fuel centerline melt shall not occur; and

c.

The RCS pressure SL of 2750 psia shall not be exceeded.

Maintaining the parameters within the above values ensures that the offsite dose will be within the 10 CFR 20 and 10 CFR 100 criteria during AOOs.

Accidents are events that are analyzed even though they are not expected to occur during the unit's life.

The acceptable limit during accidents is that the offsite dose shall be maintained within 10CFR 100 limits.

Meeting the acceptable dose limit for an accident category is considered having acceptable consequences for that event.

(continued)

BWOG STS B 3.3-1 Rev 1, 04/07/95 0 of 34 pages

RPS Instrumentation B 3.3.1.1 B 3.3 INSTRUMENTATION B 3.3.1.1 Reactor Protection System (RPS) Instrumentation BASES BACKGROUND The RPS initiates a reactor scram when one or more monitored parameters exceed their specified limits, to preserve the integrity of the fuel cladding and the Reactor Coolant System (RCS) and minimize the energy that must be absorbed following a loss of coolant accident (LOCA).

This can be accomplished either automatically or manually.

The protection and monitoring functions of the RPS have been designed to ensure safe operation of the reactor.

This is achieved by specifying limiting safety system settings (LSSS) in terms of parameters directly monitored by the RPS, as well as LCOs on other reactor system parameters and equipment performance.-f he LSSS are defined in this pecitication as the Allowable Values, which, in conjunction

• r3 with the LCOs, establish the threshold for protective system action to prevent exceeding acceptable limits, including Safety Limits SLs durin Design Basis Accidents (DBAs).

The RPS, as shown in the FSAR, Figure [ ] (Ref. 1), includes sensors, relays, bypass circuits, and switches that are necessary to cause initiation of a reactor scram.

Functional diversity is provided by monitoring a wide range of dependent and independent parameters.

The input parameters to the scram logic are from instrumentation that monitors reactor vessel water level, reactor vessel pressure, neutron flux, main steam line isolation valve position, turbine control valve (TCV) fast closure, trip oil pressure, turbine stop valve (TSV) position, drywell pressure, and scram discharge volume (SDV) water level, as well as reactor mode switch in shutdown position and manual scram signals.

There are at least four redundant sensor input signals from each of these parameters (with the exception of the reactor mode switch in shutdown scram signal).

Most channels include electronic equipment (e.g.,

trip units) that compares measured input signals with pre-established setpoints.

When the setpoint is exceeded, the channel output relay actuates, which then outputs an RPS trip signal to the trip logic.

Table B 3.3.1.1-1 summarizes the diversity of sensors capable of initiating scrams during anticipated operating transients typically analyzed.

(continued)

BWR/4 STS B 3.3-1 Rev 1, 04/07/95 1 of 34 pages

RPS Instrumentation B 3.3.1.1 B 3.3 INSTRUMENTATION B 3.3.1.1 Reactor Protection System (RPS) Instrumentation BASES BACKGROUND The RPS initiates a reactor scram when one or more monitored parameters exceed their specified limit, to preserve the integrity of the fuel cladding and the Reactor Coolant System (RCS),

and minimize the energy that must be absorbed following a loss of coolant accident (LOCA).

This can be accomplished either automatically or manually.

The protection and monitoring functions of the RPS have been designed to ensure safe operation of the reactor.

This is achieved by specifyinglimiting safety system settings (LSSS) in terms of parameters directly monitored by the RPS, as well as LCOs on other react syste parameters and e ui ment erformane..The LSSS are defined in this pecification as the Allowable Values, which, in conjunction

-th the LCOs, establish the threshold for protective system ction to prevent exceeding acceptable limits, Including i--cafety Limits (SLs), during Design R Btarsitnt-cc The RPS, as shown in the FSAR, Figure [ ] (Ref.

1), includes sensors, relays, bypass circuits, and switches that are necessary to cause initiation of a reactor scram.

Functional diversity Is provided by monitoring a wide range of dependent and independent parameters.

The input parameters to the scram logic are from Instrumentation that monitors reactor vessel water level; reactor vessel pressure; neutron flux main steam line Isolation valve position;lturbine control valve (TCV) fast closure, trip oil pressure low; turbine stop valve (TSV) trip oil pressure, ow; drywell pressure and scram discharge volume (SDV) water level; as well as reactor mode switch in shutdown position and manual scram signals.

There are at least four redundant sensor input signals from each of these parameters (with the exception of the reactor modeswitch in shutdown scram signal).

Most channels Include electronic equipment (e.g.,

trip units) that compares measured input signals with pre-established setpoints.

When a setpolnt is exceeded, the channel output relay actuates, which then outputs an RPS trip signal to the trip logic.

Table B 3.3.1.1-1 summarizes the diversity of sensors capable of initiating scrams during anticipated operating transients typically analyzed.

(continued)

BWR/6 STS B 3.3-1 Rev 1, 04/07/95 2 of 34 pages

RPS Instrumentation-Operating (Digital)

B 3.3.1 B 3.3 INSTRUMENTATION B 3.3.1 Reactor Protective System (RPS) Instrumentation-Operating (Digital)

BASES BACKGROUND The RPS initiates a reactor.trip to protect against violating the core specified acceptable fuel design limits and breaching the reactor coolant pressure boundary (RCPB) during'anticipated operational occurrences (AOOs).

By tripping the reactor, the RPS also assists the Engineered Safety Features (ESF) systems in mitigating accidents.

The protection and monitoring systems have been designed to ensure safe operation of the reactor.

This is achieved by specifying limiting safety system settings (LSSS) in terms of parameters directly monitored by the RPS, as well as LCOs on other reactor system parameters and equipment performance.

• ~e LSSS, defined in this-Specification as the Allowable Value, in conjunction with the LCOs, establish the threshold -\\

9 I for protective system action to prevent exceeding acceptable 1 Llimits during Design Basis Accidents (DBAs).

During AOOs, which are those events expected to occur one or more times during the plant life, the acceptable limits are:

The departure from nucleate boiling ratio (DNBR) shall be maintained above the Safety Limit (SL) value to prevent departure from nucleate boiling (DNB);

Fuel centerline melting shall not occur; and The Reactor Coolant System (RCS) pressure SL of 2750 psia shall not be exceeded.

Maintaining the parameters within the above values ensures that the offsite-dose will be within the 10 CFR 50 (Ref. 1) and 10 CFR 100 (Ref. 2) criteria during AOOs.

Accidents are events that are analyzed even though they are not expected to occur during the plant life.

The acceptable limit during accidents is that the offsite dose shall be maintained within-an acceptable fraction of 10 CFR 100 (Ref. 2) limits.

Different accident categories allow a different fraction of these limits based on probability of (continued)

CEOG STS B 3.3-1 Rev 1, 04/07/95 3 of 34 pages

z. /

RPS Instrumentation-Operating (Analog)

B 3.3.1 B 3.3 INSTRUMENTATION B 3.3.1 Reactor Protective System (RPS)

Instrumentation-Operating (Analog)

BASES BACKGROUND The RPS initiates a reactor trip to protect against violating the core specified acceptable fuel design limits and breaching the reactor coolant pressure boundary during anticipated operational occurrences (AOOs).

By tripping the reactor, the RPS also assists the Engineered Safety Features systems in mitigating accidents.

The protection and monitoring systems have been designed to ensure safe operation of the reactor.

This is achieved by specifying limiting safety system settings (LSSS) In'terms of parameters directly monitored by'the RPS, as well as LCOs on other reactor system parameters and equipment performance.

EThe LSSS, defined in this Specification as the Allowable Value, in conjunction with the LCOs, establish the threshold for protective systemaction to prevent exceeding acceptable limits duringo esign Basis Accidents.,

)

4 During AOOs, which are those events expected to occur one or more times during the plant life, the acceptable limits are:

The departure from nucleate boiling ratio (DNBR) shall be maintained above the Safety Limit (SL) value to prevent departure from nucleate boiling; Fuel centerline melting shall not occur; and The Reactor Coolant System (RCS) pressure SL of 2750 psia shall not be exceeded.

Maintaining the parameters within the above values ensures that the offsite dose will be within the 10 CFR 50 (Ref. 1) and 10 CFR 100 (Ref. 2) criteria during AOOs.

Accidents are events that are analyzed even though they are not expected to occur during the plant life.

The acceptable limit during accidents is that the offsite dose shall be maintained within an acceptable fraction of 10 CFR 100 (Ref. 2) limits.

Different accident categories allow a different fraction of these limits based on probability of (continued)

CEOG STS B 3.3-1 Rev 1, 04/07/95 4 of 34 pages