ML15099A065: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
Line 1: Line 1:
{{Adams
#REDIRECT [[DCL-11-104, Attachment 1: List of Regulatory Commitments]]
| number = ML15099A065
| issue date = 10/26/2011
| title = Attachment 6: Rev. 4 to Diablo Canyon Power Plant Units 1 & 2, Process Protection System (PPS) Replacement Conceptual Design Document.
| author name =
| author affiliation = Altran Solutions Corp, Pacific Gas & Electric Co
| addressee name =
| addressee affiliation = NRC/NRR
| docket = 05000275, 05000323
| license number =
| contact person =
| case reference number = DCL-11-104
| package number = ML113070457
| document type = Report, Technical
| page count = 60
}}
 
=Text=
{{#Wiki_filter:Enclosure Attachment 6 PG&E Letter DCL-1 1-104 Diablo Canyon Power Plant Units I & 2 Process Protection System Replacement Conceptual Design Document (CDD), Revision 4 (LAR Reference
: 27)
Pacific Gas & Electric Company Diablo Canyon Power Plant 70ý .1 Units I & 2 Process Protection System (PPS) Replacement Conceptual Design Document Rev 4 Prepared Sig. 1 z -Print Last Name Hefl r'%Revewe Sin A §Date User IDPrint Last Name Lint User ID Coord Sig/Org.Print Last Name Coord SiglOrg.Print Last Name Date_________
____, ___ User ID/J.---Qo-CO-Ute w 6"R-F, A-User ID-0 1 /goc/II JWH3 RAL4?-/ d Cc- 0 1'-Coord SgOrg __ -" __Print Last Name ___ _____Date User ID Date User ID Aproval Sig.Print Last Name -aLTRar SOLUTION ý REVISION HISTORY Revision Affected Reason for Revision Number Item 1 All Initial Issue Figure 2-3 Updated 2.3 Updated Replacement Scope description Figure 2-6 Revised per Westinghouse comment 2.2.1 Updated 2.2.2 Deleted -Information not conceptual.
2.2.3 Updated items 1-5; added new item 10 2.2.4 Added discussion of alternative Thot averaging schemes.Figure 2-8 Added new figure; renumbered remaining figures in section Figure 2-9 Updated 2.2.4.2 Updated Section Title 2.3.1 2.3.2 Updated Rack assignments and physical modifications 2.3.2.2 Added description of Feedwater Flow signals and Steam Flow/Feedwater Flow Mismatch alarm functions and field wiring to be deleted from PPS.2.3.3 Added new section to describe external interfaces; renumbered remaining sections.2 2.3.4 Deleted non conceptual information; updated sections; ALS data link isolation is through performed by fiber optic media converters.
2.3.11 Figure 2-9 Revised per Westinghouse comment Figure 2-14 Added new Figure 2-14 (Diversity Architecture), Figure 2-15 (OOS Switches), through updated and renumbered remaining figures Figure 2-20 Table 2-1 Added new table 2.4 Revised entire section Added references; updated titles Deleted Westinghouse/CSI Proprietary references 4.1 Added new section for Tricon Configuration Items; renumbered remaining sections 4.2 Added new section for ALS Configuration Items; renumbered remaining sections Entire Document Clarified safety-related and non-safety-related classifications Entire Document Changed MVDU to Maintenance Workstation Clarified Electrical Class 1E (IEEE 308) vs. Instrument Class IA, IB, II per DCM T-19 and T-24. Clarified Protection Set numbering 2.2.3.4 Initial values for m, b constants 2.3.3.2 Clarified PS description to conform to FRS and IRS 2.3.3.4, 2.3.3.6 Corrected typo 2.3.3.7, 2.3.3.9 Change Tricon energize to trip outputs to 24 VDC for SDO Clarified Tricon Communication Module (TCM); clarified NRC approval of Net Optics 4port aggregator tap 2.3.5 Revised testing features description per current concept 2.3.6 Clarified that qualified isolators are provided by PG&E 3 Table 2-1 New table clarifies failed RTD detection concept DCPP D3 Topical Report has received USNRC Safety Evaluation Report; Table clarified per SER Deleted DTTA alarms from ALS; Tricon function only Figure 2-9 Updated ALS communications links per Topical Report Figure 2-10 Added new figure to illustrate trip output loopback Figure 2-13, Figure 2-14, Figure 2-16 thrbugh Updated Figures per current OOS concept; added new Figure 2-21 Figure 2-21 3.1.30, 3.1.36 Updated references 3.2.3, 3.2.4 4 Updated scope REVISION HISTORY, continued Revision Affected Reason for Revision Number Item I 2.1 Misc. editorial chanqes 4 2.2 Updated scope description Figure 2-1 Figure 2-2 Updated figures Figure 2-3 Figure 2-4 Added New Figure Table 2-1 Deleted table -more detail than needed in CDD 2.3.2.3 Updated description 2.3.2.4 Added port aggregator communication test 2.3.3.2 Deleted power supply voltage Figure 2-9 Updated figure 2.3.4 0 Misc editorial changes 0 Updated per ALS Topical Report 2.3.5 Updated per FRS and Function Block Diagrams 2.3.5.2 Updated per ALS discussions 2.4.1 Deleted non-conceptual information.
Figure 2-11 Figure 2-12 Added figures per ALS discussions Figure 2-12 Figure 2-13 Updated Figure Figure 2-14 Updated figure; added explanation 3.1 IEEE STD 603 is 1991 Added IEEE 7-4.3.2 2003 Global (Not marked) Changed Maintenance Video Display unit (MVDU) to Maintenance Workstation (MWS)Global (Not marked)Deleted proprietary information designations Process Protection System Replacement Rev 4 Conceptual Design Document Page i of ii CONTENTS 1 INTRODUCTION
...................................................................................................................................
I 1 .1 B A C K G R O U N D ...................................................................................................................................
1 1 .2 D E F IN IT IO N S .....................................................................................................................................
1 2 PROCESS PROTECTION SYSTEM REPLACEMENT CONCEPT ......................................................
3 2 .1 E x IST IN G S Y S TE M .............................................................................................................................
3 REPLACEMENT SCOPE ..........................................................................................................................
5 2 .2 ..............................................................................................................................................................
5 2.3 REPLACEMENT SYSTEM DESIGN .................................................................................................
12 2.4 DIVERSITY AND DEFENSE-IN-DEPTH (D3) ....................................................................................
24 3 REFERENCES
....................................................................................................................................
34 3.1 INDUSTRY STANDARDS AND REGULATORY GUIDANCE ....................................................................
34 3.2 PG&E DOCUMENTS
........................................................................................................................
36 3.3 PRIMARY (DESIGN BASIS) DRAWING REFERENCES
.......................................................................
36 4 PPS RACKS AND CHANNELS ..........................................................................................................
40 4.1 TRICON HARDWARE CONFIGURATION ITEMS ................................................................................
40 4.2 ALS CONFIGURATION ITEMS ........................................................................................................
41 4.3 PG&E CONFIGURATION ITEMS ....................................................................................................
41 4.4 PROTECTION SET I FUNCTIONS AND INSTRUMENT CLASSES ..............................................................
42 4.5 PROTECTION SET II FUNCTIONS AND INSTRUMENT CLASSES .............................................................
45 4.6 PROTECTION SET III FUNCTIONS AND INSTRUMENT CLASSES .......................................................
48 4.7 PROTECTION SET IV FUNCTIONS AND INSTRUMENT CLASSES .......................................................
51 TABLES Table 2-1 RTD Input Conditions vs. Current Output Behavior ..........................................................
10 Table 2-2 Primary Protection System Functions Performed by ALS Sub-System
............................
26 Table 4-1 Protection Set I Analog Output Functions
.............................................................................
42 Table 4-2 Protection Set I Discrete Output Functions
......................................................................
43 Table 4-3 Protection Set II Analog Output Functions
......................................................................
45 Table 4-4 Protection Set II Discrete Output Functions
...................................................................
46 Table 4-5 Protection Set III Analog Output Functions
......................................................................
48 Table 4-6 Protection Set III Discrete Output Functions
....................................................................
49 Table 4-7 Protection Set IV Analog Output Functions
......................................................................
51 Table 4-8 Protection Set IV Discrete Output Functions
....................................................................
52 Process Protection System Replacement Rev 4 Conceptual Design Document Page ii of ii FIGURES Figure 1-1 Westinghouse PWR Protection Scheme ...........................................................................
1 Figure 2-1 Existing DCPP Reactor Protection System Concept with Eagle 21 PPS ..........................
3 Figure 2-2 Simplified Existing PPS Archittecture with Eagle 21 ...............................................................
4 Figure 2-3 PPS Replacement Design Concept ...................................................................................
5 Figure 2-4 Simplified PPS Replacement Architecture
........................................................................
6 Figure 2-5 Tricon Triple Modular Redundant Architecture
................................................................
7 Figure 2-6 G eneric A LS A rchitecture
..................................................................................................
7 Figure 2-7 Typical PPS Safety Functions
...........................................................................................
8 Figure 2-8 PPS Equipment Rack Assignment Concept ...................................................................
12 Figure 2-9 PPS Replacement Architecture Concept ........................................................................
16 Figure 2-10 Triconex Trip Loopback Concept (Typical for Deenergize to Trip Outputs) ..................
19 Figure 2-11 ALS-A and ALS-B Deenergize to Trip OR Configuration Concept ...............................
20 Figure 2-12 ALS-A and ALS-B Energize to Trip OR Configuration Concept ..................................
21 Figure 2-13 Eagle 21 Replacement PPS Class II Communications Architecture
...........................
23 Figure 2-14 ALS Built In Diversity Architecture
...............................................................................
25 Figure 2-15 O ut of S ervice Sw itches ......................................................................................................
27 Figure 2-16 Typical PPS Replacement Loop Pseudo Function Block Diagram -Loop in Service ...... 28 Figure 2-17 Loop Out of Service -No Request from MWS ............................................................
29 Figure 2-18 Analog Output in Test from MWS .................................................................................
30 Figure 2-19 Discrete Output Test in Trip from MWS ........................................................................
31 Figure 2-20 Discrete Output Test in Bypass from MWS .................................................................
32 Figure 2-21 Parameter Update from MWS ....................................................................................
33 Process Protection System Replacement Conceptual Design Document Rev 4 Page 1 of 54 1 Introduction
 
==1.1 BACKGROUND==
 
This document describes the concept for replacement of the Eagle 21 Process Protection System (E21 PPS) equipment for Diablo Canyon Power Plant Units 1 and 2. The project will replace the Westinghouse Eagle 21 protection sets currently housed in Protection Racks 1 -16 in the Cable Spreading Room.The scope of the replacement concept is illustrated by the shaded area in Figure 1-1: Figure 1-1 Westinghouse PWR Protection Scheme PWR Protection Concept e ffl1.2 DEFINITIONS The following definitions apply for this document: TERM DEFINITION An arrangement of components, modules, and software as Channel required to generate a single protective action signal when required by a generating station condition.
A channel loses its identity where single action signals are combined.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 2 of 54 TERM DEFINITION Any assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment.
A module can be disconnected, removed as a unit, and replaced Module with a spare. It has definable performance characteristics that permit it to be tested as a unit. A module can be a card or other subassembly of a larger device, provided it meets the requirements of this definition.
Items from which the system is assembled (such as resistors, Components capacitors, wires, connectors, transistors, tubes, switches, and springs).A protection set is a physical grouping of process channels with the same Class I electrical channel designation (I, II, III, or IV).Each of the four redundant protection sets is provided with Protection Set separate and independent power feeds and process instrumentation transmitters.
Thus, each of the four redundant protection sets is physically and electrically independent of the other sets.A protective function is the sensing of one or more variables Protective Function associated with a particular generating station condition, signal processing, and the initiation and completion of the protective action at values established in the design bases.Tests made on one or more units to verify adequacy of design of that type of unit.Requirement imposed on the Protection System design to ensure that required protective actions will occur to protect Diversity and Defense-In-against Anticipated Operational Occurrences and Design Basis Depth (D&D-in-D or D3) Accidents (as described in the FSARU) concurrent with a common cause failure (usually assumed to be software) that disables one or more echelons of defense.Design Class I electrical systems, components and equipment Electrical Class 1E perform safety-related functions.
Instrument Class IA and IB Category 1 devices below are considered to serve Class 1 E[3.2.3] functions.
All other instrument classes are considered to serve non-Class 1E functions.
Instrument Class IA instruments and controls are those that Instrument Class IA initiate and maintain safe shutdown of the reactor, mitigate the[3.2.4] consequences of an accident, or prevent exceeding 10 CFR 100 off-site dose limits.Instrument Class IB instruments and controls are those that are Instrument Class IB required for post-accident monitoring of Category I and 2[3.2.4] variables in accordance with Regulatory Guide 1.97, Revision 3[3.1.21].Instrument Class II components are Design Class II devices Instrument Class II with non-safety-related functions.
However, certain Class II[3.2.4] components are subjected to some graded quality assurance requirements.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 3 of 54 2 Process Protection System Replacement Concept 2.1 EXISTING SYSTEM The Process Protection System (PPS) monitors plant parameters, compares them against setpoints and provides signals to the Solid State Protection System (SSPS) if the setpoints are exceeded.The SSPS evaluates the signals and performs Reactor Trip System (RTS) and Engineered Safety Feature Actuation (ESFAS) functions to mitigate the event that is in progress.There are four separate PPS rack sets. Separation of redundant process channels begins at the process sensors and is maintained in the field wiring, containment penetrations, and process protection racks to the two redundant trains in the SSPS logic racks. Redundant process channels are separated by locating the electronics in different PPS rack sets.A process channel is defined as an arrangement of components, modules and software as required to generate a single protective action signal when required by a generating station condition.
[FSAR Section 7.1]The original Westinghouse/Hagen 7100 analog protection sets were replaced in 1R6 and 2R6 with the existing Westinghouse Eagle 21 PPS. A conceptual depiction of the Eagle 21 PPS is provided in Figure 2-1.The functional relationship of Eagle 21 with the other components of the overall Reactor Protection System (RPS) is illustrated in Figure 2-2.Figure 2-1 Existing DCPP Reactor Protection System Concept with Eagle 21 PPS Typ of 2 Trains Solid State Protection System NIS (SSPS)Typ of 4 Eagle 21 Process Protection System (PPS) Dependent isoed Class I r-.PW-,, OrU=A t outputs to control systems osowtt class It outputs to AMSAC Process Protection System Replacement Conceptual Design Document Rev 4 Page 4 of 54 Figure 2-2 Simplified Existing PPS Archittecture with Eagle 21 ENO* 21 VVM"-OW V4**"-W 40 A*Ano 94%0 skosi ow.W ýAIMAC *A*A~hM AMAC -r AdLAIi.-TLAbi Teo T"MA,. Td O.,.A EBYA Process Protection System Replacement Rev 4 Conceptual Design Document Page 5 of 54 2.2 REPLACEMENT SCOPE The proposed replacement PPS concept shown in Figure 2-3 implements the Diversity and Defense-in-Depth strategy described in Section 2.4 and the PPS Replacement Diversity and Defense in Depth Topical Report [3.2.1]. The project will replace the Westinghouse Eagle 21 protection sets currently housed in Protection Racks 1 -16 shown in the shaded portion of Figure 2-4.Replacement PPS protective functions will be implemented in four (4) redundant protection sets, each using a software-based Triconex Tricon processor
[Figure 2-5] to mitigate events where existing safety analysis [3.1.18] has determined that diverse and independent automatic mitigating functions are available to mitigate the effects of postulated Common Cause Failure (CCF)concurrent with FSAR Chapter 15 events. For the events where existing analyses credit manual mitigative action, automatic protective functions will be performed in a diverse safety-related Westinghouse CS Innovations, LLC Advanced Logic System (ALS) [Figure 2-6].Figure 2-3 PPS Replacement Design Concept Typ of2 MS Solid State Protection System Note: S (SSPS) NIS, SSPS and AMSAC are exu systern s y not affected tyy-X fthe Replacement PPS project it oputattTio I Isolated Independent
,_ _ _ Class 11 PAM Boo unenteton Class I Temperate ESF $WW e Nwnmw PW. 71% TC_ _wd
* Wd e Range Th T"* PZR Va, Space Process Protection System Replacement Conceptual Design Document Rev 4 Page 6 of 54 Figure 2-4 Simplified PPS Replacement Architecture Pn~flPMl Be 11 Pý ot trI S- S-R..de Trip B-ekeý RTB UV cop Bypn~B-k B YA UV coo Process Protection System Replacement Conceptual Design Document Rev 4 Page 7 of 54 Figure 2-5 Tricon Triple Modular Redundant Architecture Input Termination Figure 2-6 Generic ALS Architecture POWER SUPPLY BOARD Process Protection System Replacement Conceptual Design Document Rev 4 Page 8 of 54 2.2.1. Replacement PPS Functions Typical replacement PPS Functions are illustrated in the following figure. Input and output details are provided in Section 4. The functions performed by the replacement PPS are identical to those of the existing Eagle 21 PPS.Figure 2-7 Typical PPS Safety Functions Protection System Analog Inputs Turbine Impulse Pressure--
Pressurizer Level-__Pressurizer Vapor Space Temp (from ALS)--NI Flux--RCS Narrow Range Temperatures (from ALS)--RCS Wide Range Temperatures (from ALS)-.RCS Wide Range Pressure~-NR Steam Generator Level -Steamline Pressure-Pressurizer Pressure -Pressurizer Pressure Typical Protection Set-p.-p.-p.-p.-p.-p.-p.-p.-p.-p.Tricon_ Overpower Delta T RT -p.--Overtemperature Delta T RT----Steam Generator Level High-High P14 ESF-N-o-Steamline Pressure-Low ESF --Steamline Pressure Rate-High ESF-NO PZR Level-High RT -I.-Steam Generator Level Low-Low RT-------___ Low Turbine Power P13-_ Cold Leg Temp-Low (LTOPS) -N-WR RCS Pressure-High (LTOPS)-----WR RCS Pressure-Low (RHR Interlock))--.--PZR Pressure-High (PORV)-pN-
_ PZR Pressure-High RT-.- -PZR Pressure-Low RT----PZR Pressure Low-Low ESF --PZR Pressure-Low P11 ESF Block----RCS Flow-Low RT -go-Containment Pressure-High ESF----Containment Pressure High-High ESF-p- --Pressurizer Vapor Space Temp--------.-RCS Narrow Range Temperatures -Do-RCS Wide Range Temperatures---
-Bistable Outputs to Existing SSPS Bistable Outputs to Auxiliary Safeguards Bistable Outputs to Existing SSPS 4-20 mA Temperature Outputs to Tricon*RCS Flo v--Containment Pressur ALS-Pressurizer Vapor Space Temp--RCS Narrow Range Temperatures---.RCS Wide Range Temperatures-2.2.2. Deleted Process Protection System Replacement Rev 4 Conceptual Design Document Page 9 of 54 2.2.3. Enhancements
: 1. In the existing Eagle 21 PPS, the operator must take manual action to mitigate certain FSARU Chapter 15 events should the event occur with a concurrent Common Cause Failure (CCF). In the replacement PPS, these events will be mitigated automatically.
Refer to Section 2.4 for details.2. The replacement PPS provides a Supervised Digital Output (SDO) that enables the PPS to monitor the external circuit for continuity.
If the external circuit is broken, the PPS will generate an alarm.3. The ALS subsystem in the replacement PPS provides built-in diversity by utilizing diverse"A" and "B" logic groups, such that a command output from either logic group will initiate the safety function.
Additional details are provided in the ALS Topical Report [3.1.30].4. All PPS analog inputs will be provided with a mx+b function to enable on-line rescaling.
Initial values will be m=1.0, b=0.0, unless specified otherwise.
: 5. Analog outputs from the replacement PPS to critical control systems (Main Turbine Control System, Pressurizer Pressure Control, Pressurizer Level Control, and Digital Feedwater Control System) will be isolated at the front end of the replacement PPS[Figure 2-3 and Figure 2-9] to improve diversity as discussed in the D3 Topical Report[3.2.1]. The DFWCS application must be modified to provide the Steam Flow pressure compensation
[2.3.3.3].
: 6. Analog outputs from the replacement PPS to Reg. Guide 1.97 Post Accident Monitoring recorders and indicators will be independent from the replacement PPS as determined to be necessary by the D3 evaluation.
Independence will be implemented either (1) by dedicated qualified isolation devices; or (2) by obtaining the signal directly off the transmitter loop as discussed in the next item.7. Figure 2-3 and Figure 2-9 illustrate the concept in which certain Post Accident Monitoring (PAM) functions obtain their signals directly from the input loop. No isolation is necessary because the input loop is the correct classification.
The signals to which this concept. is applicable are listed in Section 4.8. In the existing system, the Thot and Tcold signals are processed in separate racks for the DTTA trip functions and the Steam Generator Low-Low Level Trip Time Delay (TTD)functions.
In the replacement system, the calculation will be performed only once to be utilized for both functions.
: 9. The DCPP RCS contains three thermo-wells in each hot leg that are radially spaced 1200 apart. Each thermowell contains two redundant narrow range RTD's. The RTD signals are processed by the PPS to determine a group average hot leg bulk temperature value (Thot) for the loop. In the existing Eagle 21 PPS, one of the elements in each hot leg thermowell is an installed spare. A wiring change is required if the spare RTD is to be used. In the replacement PPS, all six (6) hot leg RTD's in a loop will be permanently wired into the PPS.The Eagle 21 methodology uses streaming factors to normalize the three loop Thot input values to the loop average Thot. The streaming factors are updated manually on a quarterly basis. Following normalization, the Eagle 21PPS calculates the Thot group Process Protection System Replacement Rev 4 Conceptual Design Document Page 10 of 54 value based on the available number of good input values. Invalid input signals 1 are removed automatically from the group average. If more than one input signal is invalid, the loop average Thot is considered inoperable.
The sensor validation scheme for Thot RTD sensors will be updated to use both RTD's in each thermowell to take advantage of the accuracy improvement obtained from using additional sensors and to make the Thot determination more fault-tolerant.
Streaming is a manifestation of physical hot-leg stratification, and not an electrical phenomenon; therefore, the streaming factors will continue to be calculated per thermowell and applied to both "A" and "B" RTD signals in the well. Thus, three streaming factors per RCS loop will be calculated similarly to the Eagle 21 streaming factors.The "A" and "B" RTD's in each thermowell are processed by the "A" and "B" ALS groups to provide diverse input processing.
The ALS transmits processed 4-20 mA "A" and "B" temperature information to the protection set Tricons. The Tricons calculate the average ThotA of the three "A" RTD's in a loop using methodology similar to that used by Eagle 21 that automatically identifies and rejects invalid values or values that deviate excessively from ThotA. The average ThotB of the three "B" RTD's in the loop will be calculated similarly.
The loop average Thot Is the average of valid ThotA and ThotB.The streaming factors will be updated semi-automatically, with manual action required to confirm that the constants to be updated are correct. Reduction of maintenance effort and potential for human error during update are minimized by the semi-automatic process.This methodology is more accurate than the existing scheme because it uses more RTD's to calculate the average. It is also more fault tolerant than the existing scheme, which allows one failed RTD ina loop. In the proposed scheme, all "B" ("A") RTD's could fail *(which would cause the ThotB (ThotA) to be automatically removed from the average)in addition to one failed "A" ("B") RTD. The loop Thot would then be based on two valid"A" ("B") RTD signals, equivalent to the existing Eagle 21 scheme.10. Open RTD Detection The ALS will provide down-scale open RTD protection.
If the ALS detects an open or failed RTD, it will output an analog signal which is less than the Tricon signal failure threshold.
If the actual temperature is below the low scale value the ALS shall output the low scale value (4 mA). If the actual temperature is above the high scale value the ALS shall output the high scale value (20 mA).This allows the Tricon to provide an alarm on RTD failure and ensures that the Tricon does not indicate RTD failure when the temperature is below low scale but still functioning correctly, a condition that exists during plant shutdown.
In the latter case, the actual temperature will be available from the ALS via the Gateway computer.
This feature allows RTD cross-calibration to be performed during startup using data obtained directly from the PPC, without the need to lift leads and connect external instrumentation.
Invalid signals are those (1) that have been disabled; or (2) for which the signal processing electronics has detected a failure; or (3) deviate excessively from the average or from each other.
Process Protection System Replacement Rev 4 Conceptual Design Document Page 11 of 54 11. Feedwater Flow Signals The Feedwater Flow signals and the Steam Flow/Feedwater Flow Mismatch alarms will be removed from the PPS. The flow signals are non-safety-related and will be input to the Digital Feedwater System (DFWCS), which will then generate the Steam Flow/Feedwater Flow Mismatch alarms.2.2.4. Discussed but Omitted from PPS Replacement Scope 1. Calculate the average of all six (6) (two per well) Thot RTD's as inputs, eliminating the Eagle 21 streaming factors. This option reduces the maintenance effort required to track and maintain the streaming factors and the potential for human error when updating the streaming constants manually.
However, this arrangement does not automatically remove a deviating input signal from the group average Thot and is thus less fault-tolerant than the existing system.2. Another averaging arrangement was proposed that would input all six values to a single averaging/validation algorithm using streaming factors to normalize the input values to the average Thot. Invalid or deviating values would be rejected automatically.
After discussion, this arrangement was not pursued further because the complexity of the algorithm and the effort required to validate it do not appear to be justified by the additional degree of fault tolerance to be gained over the proposed configuration.
Process Protection System Replacement Rev 4 Conceptual Design Document Page 12 of 54 2.3 REPLACEMENT SYSTEM DESIGN 2.3.1. PPS Rack assignments and electrical location codes are listed below: Protection Set I (Racks 1-5): RNP1A, RNP1B, RNP1C, RNP1D, RNP1E Protection Set II (Racks 6-10): RNP2A, RNP2B, RNP2C, RNP2D, RNP2E Protection Set III (Racks 11-13)RNP3A, RNP3B, RNP3C Protection Set IV (Racks 14-16)RNP4A, RNP4B, RNP4C Physical equipment will be assigned to specific PPS racks during detailed design.The existing Eagle 21 HMI units are located in Racks 5 (RNP1E), 9 (RNP2D), 12 (RNP3B)and 14 (RNP4A). These racks are expected to house the replacement PPS Maintenance Workstation and communications equipment:
Figure 2-8 PPS Equipment Rack Assignment Concept Protection Set 1 Protection Set 2 Rack 1 2 3 4 5 Rack 6 7 8 9 10 class I class I class II Tricon ALS-A MWS Term Term Area Area Class I Class I Class 11 PRXM ALS-B RRXM class Iclass I Class 11 Tricon ALS-A MWS Term Term Area Area classI classi IClass 1 PRXM ALS-B RRXM Protection Set 3 Protection Set 4 Rack 11 12 13 Rock 14 15 16 Class I CIassi Class I class11 ChmsI Classt I Tncon MWS ALS-A MVS Tricon ALS-A Chm I ClassII Caoh I Class U ClasI Class1 PRM RRXU ALS-8 RRXM PRXM ALS-Note: Equipment distribution subject to change per detailed design Process Protection System Replacement Rev 4 Conceptual Design Document Page 13 of 54 2.3.2. Physical Modifications
: 1. Protection Racks 1-16" Remove all equipment* Rework structure of existing cabinets to support new Tricon and ALS chasses and field termination panels and to satisfy the seismic requirements
* Install new protection set electronics and I/O power supplies" Install isolators for signals that require independence from the replacement PPS (See Section 2.2.3)* Install network switches, media converters, Net Optics port aggregator network taps, hubs, gateway computers and maintenance terminals/system printers* Install Maintenance Workstation (MWS) in each Protection Set* Remove Main Annunciator System ac/dc converters from PPS alarm outputs.2. PPS Field Wiring 0 Remove Feedwater Flow signals from PPS. These signals are non-safety-related and will be input to the Digital Feedwater System (DFWCS) to provide the Steam Flow/Feedwater Flow Mismatch alarms.* Remove Steam Flow/Feedwater Flow Mismatch alarms from PPS. These alarms will be generated in the non-safety-related DFWCS.* Bistable wiring to SSPS Train A and Train B Input cabinets 1-4 will not be changed.0 120 Vac power wiring to Racks 1-16 will not be changed* Install other 120 Vac power wiring as needed* Install Ethernet Cable from port aggregator media converter to Gateway computer network hub 3. Operator Interface* PPS uses existing hardwired devices located on the Main Control Room Vertical Boards and Control Console.0 The PPS will share a Maintenance Workstation (MWS) on CC4 that will be installed by the Process Control System (PCS) replacement project for system health displays.4. Special Tests" During SAT, verify that information flowing between NetOptics port aggregator network tap Ports A and B are copied to Port 1 and that no communications are permitted to take place from Port 1 to either Port A or Port B.* During PMT, measure as-found and as-left Total Harmonic Distortion (THD) on power supply at the PPS 120 Vac power supply input terminals before and after installation of equipment powered from the vital busses. Refer to USNRC Reg.Guide 1.180 for guidance [3.1.26].
Process Protection System Replacement Rev 4 Conceptual Design Document Page 14 of 54 2.3.3. External System Interfaces
: 1. Power Supply* Each PPS Protection Set will be powered from a separate 120 VAC vital bus via a Class 1 E uninterruptible power supply.* Each PPS Protection.
Set will be provided with a 120 VAC control grade (non-vital) utility power source.2. I/O Power Supplies" Each PPS Protection Set will be provided with adjustable redundant loop power supplies capable of powering all 4-20 mA instrument input loops associated with that Protection Set. Operating voltage will be selected to power instrument loops without exceeding voltage limitations of instrument loop sensors (transmitters) being utilized for the higher loop resistances resulting from addition of isolators and input signal taps." Analog 4-20 mA output loops will be powered by redundant 24 Vdc power supplies.* All Discrete inputs and outputs will be powered by redundant 24 Vdc power supplies separate from those used for analog output loops.* Failure of any power supply will be alarmed 3. Digital Feedwater Control System (DFWCS)* The existing PPS provides a pressure-compensated Steam Flow signal to the DFWCS. The replacement PPS will provide an isolated, uncompensated steam flow signal to the DFWCS directly from the PPS transmitter input loop. The DFWCS application must be modified to provide Steam Flow pressure compensation.
: 4. Main Annunciator System Interface* The Main Annunciator provides non-vital 125 VDC for interrogation of alarm output contacts.* Existing PPS outputs to the MAS will be modified to dry contacts.
The existing ac/dc converters on the PPS outputs to the MAS will be deleted.* Additional outputs to the MAS will be provided as described in the FRS and IRS 5. Operator Interface* The existing operator interface using control panel mounted switches and indicators will be maintained.
: 6. Maintenance Interface Each safety division is provided with a dedicated non-safety-related Maintenance Workstation (MWS) for this purpose. Details regarding safety-related/non-safety-related communications are provided in Section 2.3.4.7. Solid State Protection System Interface As determined by the detailed design change process, certain 120 Vac SSPS input relays (including, but not limited to Turbine Impulse Pressure Interlock P13 and input relays fed from the ALS) may be replaced with 24 VDC devices.
Process Protection System Replacement Rev 4 Conceptual Design Document Page 15 of 54 8. Nuclear Instrumentation System Interface Existing interfaces with the Nuclear Instrumentation System are unaffected by this change.9. Auxiliary Safeguards Cabinets (RNASA/RNASB)
Interface Existing interfaces with the Auxiliary Safeguards Cabinets are unaffected by this change except that it may be necessary to replace 120 VAC energize to trip relays with 24 VDC devices for Triconex outputs because Triconex does not provide a 120 VAC supervised digital output (SDO) module.10. Auxiliary Relay Cabinets (RNARA/RNARB)
Interface Existing interfaces with the Auxiliary Relay Cabinets are unaffected by this change.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 16 of 54 Figure 2-9 PPS Replacement Architecture Concept P.* A-kd.4 Mor-* C.*d 6o-d R.odM & W.0-o* SJG L"~.T.W h kW. P-Bf SIL.W.* T.biW. MV~pi P -1..* Wd. fr.Q. P-ALS TRCON ;Nola t: SOPS is w"ira *quipmwnt No* 2- OlaifqM. isoiatiosi dioc. Is b toed~ Intunnmnt clu m. as shown on lineumst Sch am~No rSewal. Clame 10 PAM ftmonsf obtain thak signals **oty from the Ciess t iVu loop. No isolabon to noose* because 11h vyst lowp Vis ftc~ cleawksibtaon DOWISM mar Prgikda in the IRS.Note 4: The hardwira4 TAB Enabl switchr prwevt the A4S Spin. Vnit lAito) ton (perlonnd in the PPS roplaosamnt MM~d) from cornminicating w* the ALS expelpt when S. awiklv is I, tivatecl.
Process Protection System Replacement Rev 4 Conceptual Design Document Page 17 of 54 2.3.4. PPS Data Communications USNRC DI&C ISG 4 [3.1.16] defines interdivisional communications as communications among different safety divisions or between a safety division and a non-safety entity such as the MWS. Bidirectional communications among safety divisions and between safety and non-safety equipment is acceptable provided certain restrictions are enforced to ensure that there will be no adverse impact on safety systems.Figure 2-13 illustrates a communications architecture that meets the intent of USNRC DI&C ISG 4 Staff Position 1, Interdivisional Communications.
When used with the typical function block logic in Figure 2-16, the proposed architecture ensures that communications between a safety division and non-safety equipment that resides within the division adhere to the guidance described in the ISG 4 Staff Position.
No data is communicated between redundant safety divisions.
The non-safety-related Maintenance Workstation (MWS) within a redundant safety division communicates only with the safety-related controllers within that division.The Tricon is isolated from the Gateway computer by the qualified safety-related Triconex Communications Module (TCM). Fiber optic cable electrically isolates the Tricons from external non-safety-related devices. An additional data isolation device such as a NetOptics network port aggregator tap permits two-way communications between the Maintenance Workstation belonging to a specific protection set and the Tricon in that protection set, and ensures only one-way communication to the Gateway computer.
Additional details are provided in the Triconex Topical Report [3.1.33].The NetOptics port aggregator device shown in Figure 2-13 isolates the Gateway computer from the Tricon controllers.
The NRC approved the device previously for a similar application in the Oconee RPS [3.1.34].
The device acts as a "data diode" or one-way tap that copies all traffic between its bidirectional ports to the read-only output port and prevents the flow of information from the output port back to either input ports. The Gateway computer is a server that reads the information so copied, reformats it, and makes it available to the PPC.The TxB1 ALS communication channel to the Gateway computer is serial, one-way and isolated by the CLB. It broadcasts data to the non-safety-related Gateway computer, which is common to all four protection sets, and does not receive any data, handshaking, or instructions from the Gateway computer.
The TxB2 communication channel that transmits data to the non-safety-related Maintenance Workstation is also serial, one-way with no handshaking, and isolated at the CLB. A third serial communications channel enables Test ALS Bus (TAB) functions between Auxiliary Service Unit (ASU) maintenance software in the Maintenance Workstation and the ALS controller.
This communication path is normally one-way, with two-way communications permitted only when a hardwired switch is activated to complete the communications circuit between the Maintenance Workstation and the ALS-A or ALS-B chassis. Additional details are provided in the ALS Topical Report [3.1.30].2.3.5. Bypass and Test Features The Process Protection System will permit any channel to be maintained in a bypassed condition, and when required, tested during power operation without initiating a protective action at the system level. This is accomplished without lifting electrical leads or installing temporary jumpers. The PPS will permit periodic testing during reactor power operation without initiating a protective action from the channel under test.
Process Protection System Replacement Rev 4 Conceptual Design Document Page 18 of 54 External trip switches are provided on PPS trip and actuation outputs per the detailed design.The switches may be used for SSPS input relay testing or to trip or actuate the channel manually if needed. Activation of the external trip switches is indicated in the control room through the SSPS partial trip indicators.
: 1. Tricon Features On-line testing is controlled by safety processor logic enabled via an external safety-related hardwired Out of Service (OOS) switch. When the switch is activated, the safety-related function processor allows the associated instrument channel to be taken out of service while maintaining the remainder of the safety division operable.
Features to limit inadvertent modification include, but are not limited to: " Approved procedures are required to perform testing operations.
* Operation of the hardware switch alone will not place the channel out of service. At least two specific actions are also required at the Maintenance Workstation to perform the maintenance functions.
In order to perform any test operation from the maintenance workstation, the user must:-Activate the OOS switch for the specific loop to be tested-Log in as a maintenance user on the maintenance workstation
-Open the maintenance screen for the specific loop being tested-On the maintenance screen, request the action to be taken-On the maintenance screen, confirm the requested action (Loop is placed OOS only after the requested action is confirmed)
* Feedback is provided to the user on the maintenance workstation that the hardware OOS switch for the loop to be tested has been activated." Continuous indication is provided in the control room that a loop is OOS.* If the safety-related hardware out of service switch is not activated, non-safety-related actions or failures can not adversely affect the safety-related function." An instrument loop is not permitted to be bypassed if external trip switch is in the trip position.
The user may test in trip in this condition following request and confirmation as described above..The block diagrams in Figure 2-15 through Figure 2-20 illustrate implementation of the Triconex test and bypass features described above.The above methodology may be used to update parameters such as tuning constants that require periodic adjustment.
Refer to Figure 2-21 for an example of the proposed parameter update logic.* The parameter values to be updated are limited by the software application to pre-determined ranges.* The Maintenance Workstation software application will request operator confirmation that the parameter update process is complete prior to saving the new tuning constant.Tricon trip setpoints may be changed following this procedure but with a different login priority Figure 2-10 illustrates a DO loopback feature implemented in the Triconex portion of the PPS replacement, which enables the PPS to determine if the external trip switch is open, or if the DO channel is producing an erroneous output.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 19 of 54* A PPS trouble alarm is generated if the comparator output is true (commanding an energized output) and the de-energize to trip DO loopback is sensed as de-energized unless the instrument loop is OOS.* A PPS failure alarm is generated if the de-energize to trip DO loopback is sensed as energized and the comparator output is false (commanding a de-energized output), whether or not the instrument loop is OOS.Figure 2-10 Triconex Trip Loopback Concept (Typical for Deenergize to Trip Outputs)Alarm Signals to MAS.,, 1. Trip Switch Open (Output deenergized with energize I~. command)* 2. Bistable Fault (Output energized with deenergize command)PPS Set Trip Output Looipback Li (Tricon Only)SSPS Input Relay Darc -KO 1- RESET~0 0- TRIP ManuaI 0 TRIP Switch 2. ALS Features ALS bypass and test functions are accomplished through ALS Service Unit (ASU) software implemented in the MWS. The Test ALS Bus (TAB) Enable switch shown in Figure 2-13 must be activated to allow two-way communications on the TAB between the ALS chassis and the MWS.External bypass switches are provided for the ALS-A and ALS-B partial trip outputs to enable one ALS diversity group to be bypassed for maintenance or testing without initiating a false trip or actuation, yet allowing the other ALS diversity group to initiate the trip or actuation if it is required while the other diversity group is bypassed.The partial trip outputs from the ALS-A and ALS-B chassis are logically OR'd to drive the SSPS input relays. An external Line Sense Module (LSM) is used by the ALS logic to perform continuous error check for detecting the following conditions:
* Failure to Trip on Demand* Trip without Demand" Failure to Bypass* Illegal Bypass Configuration of the LSM for use in an Energize to Trip (ETT) or Deenergize to Trip (DTT)circuit is done through field wiring terminations on the LSM and does not require any Process Protection System Replacement Rev 4 Conceptual Design Document Page 20 of 54 modification of any electrical properties of the LSM itself. Thus, a single LSM can be used in an ETT or DTT circuit without the need to electrically configure the module for the trip circuit type before use. This allows a single part number to be used to provide spares for both ETT and DTT circuit configurations.
Figure 2-11 illustrates a DTT Configuration concept using LSM, and Figure 2-12 provides an overview of how the LSM is used in an ETT circuit configuration.
The manual bypass switches allow one ALS diversity Group (ALS-A or ALS-B) to be bypassed and removed from service without tripping the channel. The manual trip switch is used to trip the channel in the unlikely event that both ALS diversity groups are inoperable.
Figure 2-11 ALS-A and ALS-B Deenergize to Trip OR Configuration Concept De-energize-To-Trip Configuration Process Protection System Replacement Conceptual Design Document Rev 4 Page 21 of 54 Figure 2-12 ALS-A and ALS-B Energize to Trip OR Configuration Concept NOTES: 1. Nornmally Open, Open to Alarm 2 rNormally Open0 Clowe to Actuate SSPS RELAYS Note: Manual Trip switch as required by detailed design 2.3.6. System Classification The Plant Protection System is classified as safety-related Instrument Class IA, PG&E Design Class I, Diablo Canyon Quality Class Q per DCM S-38A [3.2.2] and DCM T-24 [3.2.4].The PPS provides outputs to non-safety-related control systems and indication instruments through qualified isolators to be provided by PG&E. Class IA instruments are analogous to electrical devices designated as Electrical Class 1E per IEEE-308-1971.
2.3.7. Software Integrity Level (SIL)The replacement PPS application software is assigned Software Integrity Level (SIL) 4 [IEEE 1012-1998 Reference 3.1.4] because it is directly associated with nuclear-safety-related Reactor Trip and Engineered Safety Features functions.
2.3.8. Application Software Development and Configuration Management PPS application software will be developed by the subsystem suppliers, Invensys/Triconex and Westinghouse/CSI under their approved QA programs.
Software configuration management during development will be performed according to their approved procedures.
Details are provided in the respective Topical Reports [3.1.30] and [3.1.31].2.3.9. Seismic and Environmental Qualification The Triconex Tricon Programmable Logic Controller (PLC) will be qualified per the Topical Report [3.1.31] issued in September 2009 that was updated for the Version 10 Tricon as well as addressing current regulatory issues. The Topical Report is currently under NRC review.
Process Protection System Replacement Rev 4 Conceptual Design Document Page 22 of 54 The Westinghouse/CSI Advanced Logic System (ALS) will be qualified per the Topical Report[3.1.30], which describes generic qualification of the ALS for safety-related applications in nuclear power plants. The ALS Topical Report is currently under NRC review.PG&E will design the installation to ensure that the response spectra to which the equipment is subjected do not exceed seismic qualification levels.2.3.10. Electromagnetic Compatibility The Tricon and Westinghouse/CSI portions of the replacement PPS will be qualified for the electromagnetic environment (Emissions and susceptibility, including grounding methods) as described in the respective Topical Reports.2.3.11. Secure Development Environment PPS application software will be developed by the subsystem suppliers, Invensys/Triconex and Westinghouse/CSI under their approved QA programs.
Maintenance of a secure development environment is described in the respective Topical Reports.Safety division software is protected from alteration while the safety division is in operation as discussed in the Triconex and ALS Topical Reports.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 23 of 54 Figure 2-13 Eagle 21 Replacement PPS Class II Communications Architecture To Control Roorm HMI (CC4)4 To PDN/PPC 4 RS-422 Cu from ALS-----. ./ Prot Set I ALS A"....... / Prot Set 11 ALS"A"...... ./ Prot Set III ALSWA.... --- Prot Set IV ALS -A-...... ./ Prot Set I ALS B'....... ./ Prot Set II ALS-B-......./ Prot Set III ALS "-8...... Prot Set IV ALS W From Prot Set IV Port Tap 10OBaseT i Prot Set Class 1l RS-422 Cu to Gateway Computer (Typ for ALS A and ALS 'Bj Triplicated RS-485 IO Bus (Copper)Class I ALS Legend Prot Set 1 Remote RXM Triptroted I Optical Fiber a aJa L d1II Class I Class et Multi-Mode Optical Fiber............
RS-422/RS-485 Serial or 10OBaseT Copper 4-20 mA Analog Copper Process Protection System Replacement Rev 4 Conceptual Design Document Page 24 of 54 2.4 DIVERSITY AND DEFENSE-IN-DEPTH (D3)2.4.1. Diversity
& Defense-in-Depth Strategy The PPS Replacement Diversity and Defense in Depth Topical Report (TR) [3.2.1]reevaluated DCPP FSAR Chapter 15 events where the Eagle 21 SER took credit for the Eagle 21 PPS for both primary and backup protection.
The D3 Topical Report identified sufficient available automatic means to prevent software CCF from adversely affecting the mitigation of all concurrent FSAR Chapter 15 accidents or events were identified, with three exceptions.
These events required manual action by the operator to mitigate the event[3.1.18].
The exceptions are: 1. Loss of forced reactor coolant flow in a single loop above P-8 as indicated by two out of three (2oo3) reactor coolant flow channels indicating low;2. RCS depressurization, including Steam Generator Tube Rupture (SGTR), Steam Line Break (SLB) and Loss of Coolant Accident (LOCA) indicated by low Pressurizer pressure;and 3. Large Break LOCA and SLB indicated by high containment pressure.The USNRC position regarding D3 is documented in BTP HICB-19 [3.1.12].
Digital I&C (DI&C) Interim Staff Guidance (ISG) document DI&C-ISG-02
[3.1.151 discusses acceptable methods for implementing diversity and defense-in-depth in digital I&C system designs involving the reactor protection system. Staff Position 1 in ISG-02 states that the use of automation for protective actions is considered to provide a high-level of licensing certainty, compared to reliance on manual operator actions.For each event that the Eagle 21 SER credited manual operator actions for accident mitigation in the presence of a concurrent CCF, Table 2-1 identifies the PPS functions that will be performed automatically by the ALS subsystem.
The built-in diversity of the ALS subsystem ensures that the replacement PPS will perform these functions automatically in the presence of a postulated CCF without an adverse impact on the operator's ability to diagnose the event or perform previously credited manual actuation activities.
Each protection set in the proposed PPS provides two complete and diverse execution paths"A" and "B" comprised of the Core Logic Boards (CLB), input boards and output boards shown in Figure 2-14. The paths are developed by independent design teams and verified and validated by independent V&V teams.The "A" and "B" execution path outputs are combined in hardwired logic as shown in Figure 2-14 to ensure that the protective action is taken if directed by either path. A single failed path cannot prevent a protective action. Either CLB will identify itself as failed and sets its outputs to a fail-safe state before halting operation if it detects a mismatch between the outputs of its diverse logic cores. Refer to the ALS Topical Report [3.1.30] for additional information.
NRC approved the above approach in the SER for the Diablo Canyon D3 Topical report,[3.1.36].
The SER identifies some additional areas that PG&E should address in its related license amendment request to support the digital upgrade of the DCPP PPS.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 25 of 54 Figure 2-14 ALS Built In Diversity Architecture De-energize to Trip Configuration ALS Chassis A" Energize to Trip Configuration Byps Switch Note: Manual Trip switch as required by detailed design The figures above illustrate how the partial trip outputs from the ALS-A and ALS-B chassis are logically OR'd to drive the SSPS input relays. Section 2.3.5 provides information regarding the external Line Sense Module (LSM) used in the ALS subsystem to simplify field wiring, perform continuous error checks, and to facilitate maintenance and testing functions.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 26 of 54 Table 2-1 Primary Protection System Functions Performed by ALS Sub-System DCPP Event Low PZR High PZR SI/RT High Cont. Cont. Cont. Cont. RCS FSARU Pressure Pressure Pressure SI Isolation Isolation Spray Low Section SI RT (Note 1) A B Flow RT 15.2.5 Loss of Forced RCS Flow X 15.2.13 RCS Depressurization X 15.3.1 SBLOCA/15.4.1 LBLOCA x x 15.4.2.1 Steam Line Break X X X X 15.4.2.2 Main Feed Pipe Rupture _ ___15.4.3 SG Tube Rupture X X Notel: Automatic Reactor Trip occurs on safety injection due to low pressurizer pressure or higqh containment pressure 2.4.2. Elimination of Potential Protection/Control Interaction The proposed replacement PPS utilizes separate qualified isolation devices that are independent from the PPS for post-accident monitoring and inputs to the non-safety-related control systems to prevent a common cause failure in the software-based replacement PPS from causing a control system excursion that requires mitigation from the failed protection system. Refer to Figure 2-3 and Figure 2-9. These measures improve defense-in-depth and minimize likelihood that failure in one system could affect other systems.The four loop Tavg signals are exceptions to the prohibition against digital processing of signals in the replacement PPS prior to their being used in a control system. The Thot and Tcold RTD signals are processed by the ALS because Triconex does not supply a qualified RTD input board. The ALS provides self-diagnostic functions as well as more stable and accurate signal processing than is available with stand-alone signal converter modules.Isolated analog Thot and Tcold signals are transmitted from the ALS to the Tricon by 4-20 mAdc analog signals. The Tricon uses these signals internally for the DTTA trip functions and also distributes them through qualified isolation devices to the reactor control system.In accordance with 10 CFR 50.62 [3.1.19], inputs to the AMSAC are independent of any digital signal processing prior to their being used by the AMSAC. When the AMSAC is replaced, the replacement system will be diverse from the proposed replacement PPS in accordance with the requirements of 10OCFR50.62
[3.1.19].
Process Protection System Replacement Conceptual Design Document Rev 4 Page 27 of 54 Figure 2-15 Out of Service Switches Note: The switches shown are for the prototype Process Control System. The switches in the production systems will be provided with protective covers to prevent inadvertent operation.
Process Protection System Replacement Conceptual Design Document Rev 4 Page 28 of 54 Figure 2-16 Typical PPS Replacement Loop Pseudo Function Block Diagram -Loop in Service (Not applicable to ALS subsystem) 1 -RESET 0 -TRIP t TRIP' sp Input Relay-4 00S -out Of Serice QoQt -Out Of Rmtge Note 1: Input I Wicks Output when Input 0 is selected (bunipless transfer to test mode).
Process Protection System Replacement Conceptual Design Document Rev 4 Page 29 of 54 Figure 2-17 Loop Out of Service -No Request from MWS (Not applicable to ALS subsystem)
OQS 0M 01 w,6Wi QQR-Qw*0Rwwp Note 1: Input I "&cs Output when Input 0 is selected (bunpless transfer to test mode)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 30 of 54 Figure 2-18 Analog Output in Test from MWS (Not applicable to ALS subsystem)
QOO -Ou Of SerVic 00R- ow 01Rin Note 1: Input I tracks Output when Input 0 is selected (butrnpess transfer to test mode).
Process Protection System Replacement Conceptual Design Document Rev 4 Page 31 of 54 Figure 2-19 Discrete Output Test in Trip from MWS (Not applicable to ALS subsystem) 7-wv 00's QQS-0 Wf 6Wi Note 1: Input I traft Output when Input 0 Is selected (bunptess transfer to test mode).
Process Protection System Replacement Conceptual Design Document Rev 4 Page 32 of 54 Figure 2-20 Discrete Output Test in Bypass from MWS (Not applicable to ALS subsystem) 006 -01f SWVioe OMI -Oul Of Range Note 1: Input I tracks Output when Input 0 is selected (burnpless transfer to test mode).
Process Protection System Replacement Conceptual Design Document Rev 4 Page 33 of 54 Figure 2-21 Parameter Update from MWS (Not applicable to ALS subsystem) 7-006 0e$ -Outofsevinc OQRt-OiOfRehg Note 1: Input I tacks Output when Input 0 is selected (bumpless transfer to test mode).
Process Protection System Replacement Conceptual Design Document Rev 4 Page 34 of 54 3 References 3.1 INDUSTRY STANDARDS AND REGULATORY GUIDANCE 3.1.1. 10 CFR 50 Appendix B 3.1.2. IEEE STD 279-1971 3.1.3. IEEE STD 603-1991 3.1.4. IEEE STD 1012-1998 3.1.5. IEEE STD 1050-1996 3.1.6. IEEE STD 7-4.3.2-2003 3.1.7. NUREG 0800 3.1.8.3.1.9.3.1.10.3.1.11.3.1.12.NUREG 0800, HICB-1 1 NUREG 0800, HICB-14 NUREG 0800, HICB-17, NUREG 0800, HICB-18, NUREG 0800, HICB-19, 3.1.13. NUREG 0800, HICB-21, 3.1.14. NUREG/CR-6303 3.1.15. NRC DI&C ISG-02 3.1.16. NRC DI&C ISG-04 3.1.17. WCAP 7306 3.1.18. USNRC Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants Criteria for Protection Systems for Nuclear Power Generating Stations IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations Standard for Software Verification and Validation Guide for Instrumentation and Control Equipment Grounding in Generating Stations Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations Appendix 7.1-C, "Guidance for Evaluation of Conformance to IEEE Std. 603" Isolation Devices Software Reviews Self-Test and Surveillance Test Provisions Programmable Logic Controllers"Guidance for Evaluation of Defense-in-Depth and Diversity in Digital Computer-Based Instrumentation and Control Systems" Real-Time Performance Method for Performing Diversity and Defense-in-Depth Analyses of Reactor Protection Systems United States Nuclear Regulatory Commission (USNRC) Digital Instrumentation and Controls Task Working Group #2, "Diversity and Defense-in-Depth Issues Interim Staff Guidance," (2008).United States Nuclear Regulatory Commission (USNRC) Digital Instrumentation and Controls Task Working Group #4, "Highly Integrated Control Rooms Digital Communications Systems (HICRc), Rev 1, March 2009 Westinghouse Electric Corporation, "Reactor Protection System Diversity in Westinghouse Pressurized Reactors," (1969) Non-Proprietary Class 3 Safety Evaluation Report Eagle 21 Reactor Protection System Modification With Bypass Manifold Elimination, PG&E, Diablo Canyon Power Plant, (October 7, 1993)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 35 of 54 3.1.19. 10 CFR 50.62 3.1.20. USNRC 3.1.21. USNRC, Regulatory Guide 1.97, Rev. 3 3.1.22. EPRI, TR-107330 3.1.23. EPRI, TR-1000799 3.1.24. EPRI, TR-1003114 3.1.25. USNRC, RG 1.152 3.1.26. USNRC, RG 1.180, Rev 1 3.1.27. USNRC, RG 1.168 3.1.28. USNRC, RG 1.169 3.1.29. USNRC, RG 1.171 3.1.30. CS Innovations 3.1.31. Triconex Corporation Requirements for Reduction of Risk from Anticipated Transients without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power Plants Safety Evaluation Report for Wolf Creek Nuclear Operating Company (WCNOC) Main Steam and Feedwater Isolation System (MSFIS), Accession Number ML090610317 Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and Following an Accident Generic Requirements Specification for Qualifying a Commercially Available PLC for Safety-Related Applications in Nuclear Power Plants, February 1998 Generic Qualification of the Triconex Corporation Tricon Triple Modular Redundant Programmable Logic Control System for Safety-Related Application s in Nuclear Power Plants, November 2000 Safety Evaluation Report, issued by Nuclear Regulatory Commission to Triconex on the Triconex Platform, December 12, 2001 Criteria for Digital Computers in Safety Systems of Nuclear Power Plants Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems Verification, Validation, Reviews and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Configuration Management Plans for Digital Computer Software Used in Safety Systems of Nuclear Power Plants Software Unit Testing for Digital Computer Software Used in Safety Systems of Nuclear Power Plants 6002-00301, CS Innovations ALS Topical Report and Supporting Documents Submittal, July 29, 2010 (ADAMS Accession No. ML102160471)
Topical Reports 7286-545, "Qualification Summary Report" and 7286-546, "Amendment 1 to Qualification Summary Report," Revision 1 published as EPRI TR-1 000799, "Generic Qualification of the Triconex Corporation TRICON Triple Modular Redundant Programmable Logic Controller System for Safety-Related Applications in Nuclear Power Plants," November 2000 Process Protection System Replacement Conceptual Design Document Rev 4 Page 36 of 54 3.1.32. USNRC 3.1.33. Invensys/Triconex 3.1.34. USNRC 3.1.35. 10 CFR 100 3.1.36. USNRC Letter from Stuart A. Richards (NRC) to Troy Martel (Triconex Corporation), "Review of Triconex Corporation Topical Reports 7286-545, "Qualification Summary Report" and 7286-546, "Amendment 1 to Qualification Summary Report," Revision 1" December 11, 2001 published as EPRI TR-1003114 ADAMS Accession Number ML013470433"Nuclear Safety-Related Qualification of the Tricon TMR Programmable Logic Controller (PLC) -Update to Qualification Summary Report Submittal and"Application for withholding Proprietary Information from Public Disclosure," September, 2009 Oconee, Units 1, 2 & 3, Issuance of Amendment Nos. 366, 368, and 367, Reactor Protective System and Engineered Safeguard Protection System Digital Upgrade.Reactor Site Criteria Diablo Canyon Power Plant, Unit Nos. 1 and 2 -Safety Evaluation for Topical Report, "Process Protection System Replacement Diversity
&Defense-In-Depth Assessment" (TAC Nos. ME4094 And ME4095), dated April 19, 2011 (ADAMS Accession No. ML1 10480845)3.2 PG&E DOCUMENTS 3.2.1. PG&E Topical Report 3.2.2. PG&E DCM S-38A 3.2.3. PG&E DCM T-19 3.2.4. PG&E DCM T-24 Process Protection System Replacement Diversity
&Defense-in-Depth Assessment, Rev 1, August, 2010 Plant Protection System Design Criteria for Electrical Separation and Isolation Design Criteria for DCPP Instrumentation and Controls 3.3 PRIMARY (DESIGN BASIS) DRAWING REFERENCES Protection Set I Instr. No.FT-414 FT-424 FT-434 FT-444 FT-510 FT-512 Description Reactor Coolant Flow Loop 1 Reactor Coolant Flow Loop 2 Reactor Coolant Flow Loop 3 Reactor Coolant Flow Loop 4 Loop 1 Feedflow Loop 1 Steamflow Existing Unit 1 Instr. Schematic 102032-17A 102032-17D 102032-17G 102032-17J 102036-3D 102036-3S Existing Unit 2 Instr. Schematic 108032-17A 108032-17D 108032-17G 108032-17J 108036-3D 108036-3S Process Protection System Replacement Conceptual Design Document Rev 4 Page 37 of 54 Protection Set I Instr. No.FT-520 FT-522 FT-530 FT-532 FT-540 FT-542 LT-459 LT-529 LT-539 NE-41A NE-41B PT-455 PT-505 PT-514 PT-524 PT-534 PT-544 PT-937 TE-410A TE-41 OB TE-410C TE-411A TE-411 B, TE-411C TE-412A TE-412C TE-413A TE-413B TE-423A TE-423B Description Loop 2 Feedflow Loop 2 Steamflow Loop 3 Feedflow Loop 3 Steamflow Loop4 Feedflow Loop 4 Steamflow PZR Level S/G 2 Level S/G 3 Level DTTA Loop 1 Upper (Neutron)
Flux DTTA Loop 1 Lower (Neutron)
Flux Loop 1 PZR Pressure Turbine Impulse Pressure Loop 1 Steamline Pressure Loop 2 Steamline Pressure Loop 3 Steamline Pressure Loop 4 Steamline Pressure Containment Pressure DTTA Loop 1 Thot-lA DTTA Loop 1 Tcold-1 DTTA Loop 1 Thot-1 B DTTA Loop 1 Thot-2A DTTA Loop 1 Tcold-2 DTTA Loop 1 Thot-2B DTTA Loop 1 Thot-3A DTTA Loop 1 Thot-3B WR Temperature Loop 1 Hot Leg WR Temperature Loop 1 Cold Leg WR Temperature Loop 2 Hot Leg WR Temperature Loop 2 Cold Leg Existing Unit 1 Instr. Schematic 102036-3E 102036-3T 102036-3F 102036-3U 102036-3G 102036-3V 102036-7C 102036-4P 102036-4Q 102036-29G 102036-29G 102036-7 102036-4U 102036-3S 102036-3T 102036-3U 102036-3V 102034-12B 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102035-6D 102035-6D (1)102035-6E 102035-6E Existing Unit 2 Instr. Schematic 108036-3E 108036-3T 108036-3F 108036-3U 108036-3G 108036-3V 108036-7C 108036-4P 108036-4Q 108036-29G 108036-29G 108036-7 108036-4U 108036-3S 108036-3T 108036-3U 108036-3V 108034-12B 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108035-6D 108035-6D 108035-6E 108035-6E Notes: (1)per T-MOD 50229619 Protection Set II Instr. No.FT-415 FT-425 FT-435 FT-445 FT-511 FT-513 Description Reactor Coolant Flow Loop 1 Reactor Coolant Flow Loop 2 Reactor Coolant Flow Loop 3 Reactor Coolant Flow Loop 4 Loop 1 Feedflow Loop 1 Steamflow Existing Unit I Instr. Schematic 102032-17B 102032-17E 102032-17H 102032-17K 102036-3H 102036-3W Existing Unit 2 Instr. Schematic 108032-17B 108032-17E 108032-17H 108032-17K 108036-31H 108036-3W Process Protection System Replacement Conceptual Design Document Rev 4 Page 38 of 54 Protection Set II Instr. No.FT-521 FT-523 FT-531 FT-533 FT-541 FT-543 LT-460 LT-519 LT-549 NE-42A NE-42B PT-456 PT-506 PT-515 PT-525 PT-535 PT-545 PT-936 TE-420A TE-420B TE-420C TE-421A TE-421B TE-421C TE-422A TE-422C TE-433A TE-433B TE-443A TE-443B Description Loop 2 Feedflow Loop 2 Steamflow Loop 3 Feedflow Loop 3 Steamflow Loop4 Feedflow Loop 4 Steamflow PZR Level S/G 1 Level S/G 4 Level DTTA Loop 2 Upper (Neutron)
Flux DTTA Loop 2 Lower (Neutron)
Flux Loop 2 PZR Pressure Turbine Impulse Pressure Loop 1 Steamline Pressure Loop 2 Steamline Pressure Loop 3 Steamline Pressure Loop 4 Steamline Pressure Containment Pressure DTTA Loop 2 Thot-lA DTTA Loop 2 Tcold-1 DTTA Loop 2 Thot-1 B DTTA Loop 2 Thot-2A DTTA Loop 2 Tcold-2 DTTA Loop 2 Thot-2B DTTA Loop 2 Thot-3A DTTA Loop 2 Thot-3B WR Temperature Loop 3 Hot Leg WR Temperature Loop 3 Cold Leg WR Temperature Loop 4 Hot Leg WR Temperature Loop 4 Cold Leg et III Description Reactor Coolant Flow Loop 1 Reactor Coolant Flow Loop 2 Reactor Coolant Flow Loop 3 Reactor Coolant Flow Loop 4 PZR Level S/G 1 Level S/G 2 Level S/G 3 Level S/G 4 Level DTTA Loop 3 Upper (Neutron)
Flux DTTA Loop 3 Lower (Neutron)
Flux Existing Unit 1 Instr. Schematic 102036-31 102036-3X 102036-3J 102036-3Y 102036-3K 102036-3Z 102036-7G 102036-40 102036-4R 102036-291 102036-291 102036-7H 102036-4V 102036-3W 102036-3X 102036-3Y 102036-3Z 102034-12C 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102035-6F 102035-6F 102035-6G 102035-6G Existing Unit I Instr. Schematic 102032-17C 102032-17F 102032-171 102032-17L 102036-7J 102036-4 102036-4A 102036-4B 102036-4C 102036-29K 102036-29K Existing Unit 2 Instr. Schematic 108036-31 108036-3X 108036-3J 108036-3Y 108036-3K 108036-3Z 108036-7G 108036-40 108036-4R 108036-291 108036-291 108036-7H 108036-4V 108036-3W 108036-3X 108036-3Y 108036-3Z 108034-12C 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108035-6F 108035-6F 108035-6G 108035-6G Existing Unit 2 Instr. Schematic 108032-17C 108032-17F 108032-171 108032-17L 108036-7J 108036-4 108036-4A 108036-4B 108036-4C 108036-29K 108036-29K Protection Si Instr. No.FT-416 FT-426 FT-436 FT-446 LT-461 LT-518 LT-528 LT-538 LT-548 NE-43A NE-43B Process Protection System Replacement Conceptual Design Document Rev 4 Page 39 of 54 Protection Set III Instr. No.PT-403 PT-403A PT-457 PT-526 PT-536 PT-935 TE-430A TE-430B TE-430C TE-431A TE-431B TE-431C TE-432A TE-432C Protection Si Instr No.LT-517 LT-527 LT-537 LT-547 NE-44A NE-44B PT-405 PT-405A PT-474 PT-516 PT-546 PT-934 TE-440A TE-440B TE-440C TE-441A TE-441 B TE-441C TE-442A TE-442C TE-454 Description Wide Range Pressure Loop 4 Wide Range Pressure Loop 4 Loop 3 PZR Pressure Loop 2 Steamline Pressure Loop 3 Steamline Pressure Containment Pressure DTTA Loop 3 Thot-lA DTTA Loop 3 Tcold-1 DTTA Loop 3 Thot-1 B DTTA Loop 3 Thot-2A DTTA Loop 3 Tcold-2 DTTA Loop 3 Thot-2B DTTA Loop 3 Thot-3A DTTA Loop 3 Thot-3B et IV Description S/G 1 Level S/G 2 Level S/G 3 Level S/G 4 Level DTTA Loop 4 Upper (Neutron)
Flux DTTA Loop 4 Lower (Neutron)
Flux Wide Range Pressure Loop 3 Wide Range Pressure Loop 4 Loop 4 PZR Pressure Loop 1 Steamline Pressure Loop 4 Steamline Pressure Containment Pressure DTTA Loop 4 Thot-lA DTTA Loop 4 Tcold-1 DTTA Loop 4 Thot-1 B DTTA Loop 4 Thot-2A DTTA Loop 4 Tcold-2 DTTA Loop 4 Thot-2B DTTA Loop 4 Thot-3A DTTA Loop 4 Thot-3B Pressurizer Vapor Temperature Existing Unit 1 Instr. Schematic 102034-7A 102034-7C 102036-71 102036-5F 102036-5G 102034-12D 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T Existing Unit 1 Instr Schematic 102036-41 102036-4J 102036-4K 102036-4L 102036-29M 102036-29M 102034-7B 102034-7D 102036-7B 102036-5E 102036-5H 102034-12E 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102035-7B Existing Unit 2 Instr. Schematic 108034-7A 108034-7C 108036-71 108036-5F 108036-5G 108034-12D 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T Existing Unit 2 Instr Schematic 108036-41 108036-4J 108036-4K 108036-4L 108036-29M 108036-29M 108034-7B 108034-7D 108036-7B 108036-5E 108036-5H 108034-12E 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108035-7B Process Protection System Replacement Rev 4 Conceptual Design Document Page 40 of 54 4 PPS Racks and Channels 4.1 TRICON HARDWARE CONFIGURATION ITEMS 4.1.1. Safety-Related Triconex Configuration Items 1. Main Chassis 2. Deleted 3. RXM Chassis 4. MRXM, Primary Module 5. Main Processor Module 6. Power Supply Module (120 VDC/1 15 VAC)7. Communications Module (TCM-FO)8. Discrete Input Module 115VAC/DC 9. Discrete Input Module 24 VAC/DC 10. Discrete Output Module 115 VAC, Unsupervised
: 11. Deleted 12. Analog Input Module, Isolated 13. Analog Input Module, Differential
: 14. Analog Output Module 15. Deleted 16. Supervised Discrete Output Module, 24 VDC (Energize to trip outputs only)17. External Termination Panels (ETP) and interconnection cables for above I/O Modules 18. AC power line filters 4.1.2. Non-Safety-Related Triconex Configuration Items 1. RXM Chassis 2. MRXM Remote Module 3. Power Supply Module (1 20VDC/1 15 VAC)4. Deleted 5. Discrete Output Module 115 VAC, Unsupervised
: 6. Deleted 7. Analog Output Module 8. Relay Output Module 9. Discrete Input Module 115VAC/DC 10. Discrete Input Module 24 VAC/DC 11. External Termination Panels (ETP) for above I/O Modules 12. Media converter (TCM output to port aggregator tap)13. AC power line filters Process Protection System Replacement Rev 4 Conceptual Design Document Page 41 of 54 4.2 ALS CONFIGURATION ITEMS 4.2.1. Safety-Related ALS Configuration Items (Typical for Logic Path A & B)1. ALS CLB -Core Logic Board 2. ALS IPB -Input Board 3. ALS OPB -Output Board 4. ALS Rack and Cables 4.2.2. Non-Safety-Related ALS Configuration Items 1. ASU Software 4.3 PG&E CONFIGURATION ITEMS 1. Maintenance Video Display Unit and Software (Except ASU software provided by ALS)2. Net Optics Port Aggregator Network Taps 3. 0OS Toggle Switches 4. Manual Trip Toggle Switches 5. Bypass Toggle Switches 9 6. Media Converters (except Tricon TCM output to port aggregator tap by IOM)7. Nominal 24 Vdc adjustable power supply for Tricon DI and DO loops 8. Nominal 24 Vdc adjustable power supply for Tricon AO loops 9. Nominal 40 Vdc adjustable power supply for Tricon Al loops 10. Nominal 24 Vdc adjustable 24-45 Vdc I/O power supply for ALS Al loops (except Pressurizer pressure, which is shared with the Tricon and powered by the Tricon loop PS). The ALS loops may use a combination of power supplies such as Items 8 and/or 9 as determined by the detailed design.11. 48 Vdc ALS logic power supplies Process Protection System Replacement Conceptual Design Document Rev 4 Page 42 of 54 4.4 PROTECTION SET I FUNCTIONS AND INSTRUMENT CLASSES Table 4-1 Protection Set I Analog Output Functions PROTECTION SET I ANALOG OUTPUT FUNCTIONS INST.INST. NO. CLASS PROCESSOR DESCRIPTION LT-459 Input IB,A,1 Note (1) PZR Level to LI-459A (VB2), LI-459B (HSP)PT-514 Input IB,A,1 Note (1) LP 1 Steamline Press to PI-514A (VB3), PI-514B (HSP), ERFDS (/B4)PT-524 Input IB,A,1 Note (1) LP 2 Steamline Press to PI-524A (VB3), PI-524B (HSP), ERFDS (VB4)PT-534 Input IB,A,1 Note (1) LP 3 Steamline Press to PI-534A (VB3), PI-534B (HSP), ERFDS (VI/4)PT-544 Input IB,A,1 Note (1) LP 4 Steamline Press to PI-544A (VB3), PI-544B (HSP), ERFDS (VB4)PT-937 Input IB,A,1 Note (1) Containment Pressure to PI-937 0VB10 TE-410A IA ALS-A DTTA Loop 1 Thot-lA (to PS I Tricon)TE-410B IA ALS-A DTTA Loop 1 Tcold-1 (to PS I Tricon)TE-411A IA ALS-A DTTA Loop 1 Thot-2A (to PS I Tricon)TE-412A IA ALS-A DTTA Loop 1 Thot-3A (to PS I Tricon)TE-413A IB,A,1 ALS-A Loop 1 Hot Leg Temp (to PS I Tricon)TE-413B IB,A,1 ALS-A Loop 1 Cold Leg Temp (to PS I Tricon)FM-414B II ALS-A Reactor Coolant Flow Loop 1 to FI-414 (VB2)FM-424B II ALS-A Reactor Coolant Flow Loop 2 to FI-424 (VB2)TE-410C IA ALS-B DTTA Loop 1 Thot-1B (to PSI Tricon)TE-41 1 B IA ALS-B DTTA Loop 1 Tcold-2 (to PS I Tricon)TE-41 1 C IA ALS-B DTTA Loop I Thot-2B (to PS I Tricon)TE-412C IA ALS-B DTTA Loop 1 Thot-3B (to PS I Tricon)TE-423A IB,A,1 ALS-B Loop 2 Hot Leg Temp (to PS I Tricon)TE-423B IA ALS-B Loop 2 Cold Leg Temp (to PS I Tricon)FM-434B II ALS-B Reactor Coolant Flow Loop 3 to FI-434 (VB2)FM-444B II ALS-B Reactor Coolant Flow Loop 4 to FI-444 (VB2)FM-512 1 II Isolator Out Loop 1 Steamflow to DFWCS FM-512 2 lB, D, 2 Isolator Out Loop 1 Steamflow to FI-512 (VB3) & ERFDS (VB1)FM-522 1 II Isolator Out Loop 2 Steamflow to DFWCS FM-522 2 IB, D, 2 Isolator Out Loop 2 Steamflow to FI-522 (VB3) & ERFDS (VB1)FM-532 1 II Isolator Out Loop 3 Steamflow to DFWCS FM-532 2 1B, D, 2 Isolator Out Loop 3 Steamflow to FI-532 (VB3) & ERFDS (VB4)FM-542 1 II Isolator Out Loop 4 Steamflow to DFWCS FM-542 2 1B, D, 2 Isolator Out Loop 4 Steamflow to FI-542 (VB3) & ERFDS (VB4)LM-459 1 II Isolator Out PZR Level to PZR Level Control (Control Set 1, Control Set 2)LM-529 1 II Isolator Out S/G 2 Level to LI-529 (VB3), DFWCS, AFW LM-539 1 II Isolator Out S/G 3 Level to LI-539 (VB3), DFWCS, AFW LM-539 2 II Isolator Out S/G 3 Level to AMSAC PM-455 1 II Isolator Out PZR Pressure to PZR Pressure Control Set 1, PI-455A (\VB2), PI-455B (HSP)PM-505 1 II Isolator Out Turbine Impulse Pressure to AMSAC PM-514 1 II Isolator Out Loop 1 Steamline Pressure to DFWCS Process Protection System Replacement Conceptual Design Document Rev 4 Page 43 of 54 PROTECTION SET I ANALOG OUTPUT FUNCTIONS INST.INST. NO. CLASS PROCESSOR DESCRIPTION PM-524 1 II Isolator Out Loop 2 Steamline Pressure to DFWCS PM-534 1 II Isolator Out Loop 3 Steamline Pressure to DFWCS PM-544 1 II Isolator Out Loop 4 Steamline Pressure to DFWCS TM-413A IB,A,1 Tricon Loop 1 Hot Leg Temp to TR-413 (VB2) & RVLIS (PAM4)TM-413B IB,A,1 Tricon Loop 1 Cold Leg Temp to TR-413 (VB2)TM-423A IB,A,1 Tricon Loop 2 Hot Leg Temp to TR-423 (VB2) & RVLIS (PAM4)TM-423B IB,A,1 Tricon Loop 2 Cold Leg Temp to TR-423 (VB2)FM-512D IA Tricon Loop 1 Steamflow to FM-512 2 (Isolator)
FM-522D IA Tricon Loop 2 Steamflow to FM-522 2 (Isolator)
FM-532D IA Tricon Loop 3 Steamflow to FM-532 2 (Isolator)
FM-542D IA Tricon Loop 4 Steamflow to FM-542 2 (Isolator)
PM-505A I Tricon Turbine Impulse Pressure to PI-505 (VB3)TM-41 1 E II Tricon Delta-T to TI-41 1A (VB2) & TM-41 1 Q/R (R31)TM-411F II Tricon Overpower Setpoint to T/411A (CC1) & TI-411B (VB2)TM-411G II Tricon Overtemperature Setpoint to T/411A (CC1) & TI-411C (VB2)TM-412F II Tricon Tavg to TI-412 (VB2) & TM-412G/R, TC-412A-H/R (R31)Deleted Deleted Deleted Deleted Note: (1) From analog sensor input loop, isolation not required [Section 2.3.3]Table 4-2 Protection Set I Discrete Output Functions PROTECTION SET I DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-414 A IA ALS-A Loop 1 Low Flow Rx Trip (SSPS)FC-424 A IA ALS-A Loop 2 Low Flow Rx Trip (SSPS)FC-434 A IA ALS-A Loop 3 Low Flow Rx Trip (SSPS)FC-444 A IA ALS-A Loop 4 Low Flow Rx Trip (SSPS)PC-455A A IA ALS-A PZR Pressure High Rx Trip (SSPS)PC-455B A IA ALS-A Unblock SI, Pl1 (SSPS)PC-455C A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-455D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-455E A IA ALS-A PZR Pressure High -PORV (RNASA)PC-937B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS1A DIV-A II ALS-A PS I Trouble Alarm (MAS)UY-PS1B DIV-A II ALS-A PS I Channel in Bypass Alarm (MAS)UY-PS1C DIV-A II ALS-A PS I Failure Alarm (MAS)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 44 of 54 PROTECTION SET I DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION YC-937 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)FC-414 B IA ALS-B Loop 1 Low Flow Rx Trip (SSPS)FC-424 B IA ALS-B Loop 2 Low Flow Rx Trip (SSPS)FC-434 B IA ALS-B Loop 3 Low Flow Rx Trip (SSPS)FC-444 B IA ALS-B Loop 4 Low Flow Rx Trip (SSPS)PC-455A B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-455B B IA ALS-B Unblock SI, P11 (SSPS)PC-455C B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-455D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-455E B IA ALS-B PZR Pressure High -PORV (RNASA)PC-937B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS1A DIV-B II ALS-B PS I Trouble Alarm (MAS)UY-PS1B DIV-B II ALS-B PS I Channel in Bypass Alarm (MAS)UY-PS1C DIV-B II ALS-B PSI Failure Alarm (MAS)YC-937 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-459A IA Tricon PZR Level High Rx Trip (SSPS)LC-529A IA Tricon S/G 2 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-529B IA Tricon S/G 2 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-539A IA Tricon S/G 3 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-539B IA Tricon S/G 3 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-505A IA Tricon Turbine Impulse Pressure High to P13 (SSPS)PC-514A IA Tricon Loop 1 Low Steamline Press SI & Steamline Isolation (SSPS)PC-514C IA Tricon Loop 1 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-524A IA Tricon Loop 2 Low Steamline Press SI & Steamline Isolation (SSPS)PC-524C IA Tricon Loop 2 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-534A IA Tricon Loop 3 Low Steamline Press SI & Steamline Isolation (SSPS)PC-534C IA Tricon Loop 3 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-544A IA Tricon Loop 4 Low Steamline Press SI & Steamline Isolation (SSPS)PC-544C IA Tricon Loop 4 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-41 1 C IA Tricon OTDT Rx Trip (SSPS)TC-41 1G IA Tricon OPDT Rx Trip (SSPS)TC-412D IA Tricon Tavg Low-Low P12 (SSPS)TC-412G IA Tricon Tavg Low Feedwater Isolation (SSPS)TC-423A IA Tricon Loop 2 Cold Leg Temp. Low -LTOPS (RNASA)Deleted Deleted Deleted Deleted LY-529H II Tricon PS I S/G Low-Low Level TTD Timer Actuated Alarm (MAS)Deleted PC-505C II Tricon Turbine Low Power Interlock C5 (RNARA)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 45 of 54 PROTECTION SET I DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TC-41 1 D II Tricon OTDT Interlock C3 (RNARA)TC-411 H II Tricon OPDT Interlock C4 (RNARA)TY-411 TRICON II Tricon PS I DTTA RTD Failure Alarm (MAS)UY-PSIA TRICON II Tricon PS I Trouble Alarm (MAS)UY-PSI B TRICON II Tricon PS I Channel in Bypass Alarm (MAS)UY-PSIC TRICON II Tricon PSI Failure Alarm (MAS)4.5 PROTECTION SET II FUNCTIONS AND INSTRUMENT CLASSES Table 4-3 Protection Set II Analog Output Functions PROTECTION SET II ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION LT-460 Input IB,A,1 Note (1) PZR Level to LI-460A (VB2), LI-460B (HSP)PT-515 Input IB,A,1 Note (1) Loop 1 Steamline Pressure to PI-515 (VB3), ERFDS (VB4)PT-525 Input IB,A,1 Note (1) Loop 2 Steamline Pressure to PI-525 (VB3), ERFDS (VB1)PT-535 Input IB,A,1 Note (1) Loop 3 Steamline Pressure to PI-535 (VB3), ERFDS (VB1)PT-545 Input IB,A,1 Note (1) Loop 4 Steamline Pressure to PI-545 (VB3), ERFDS (VB1)PT-936 Input IB,A,1 Note (1) Containment Pressure to PI-936 (VB1), ERFDS (VB1)TE-420A IA ALS-A DTTA Loop 2 Thot-lA (to PS II Tricon)TE-420B IA ALS-A DTTA Loop 2 Tcold-1 (to PS II Tricon)TE-421A IA ALS-A DTTA Loop 2 Thot-2A (to PS II Tricon)TE-422A IA ALS-A DTTA Loop 2 Thot-3A (to PS II Tricon)TE-433A IB,A,1 ALS-A Loop 3 Hot Leg Temp (to PS II Tricon)TE-433B IA ALS-A Loop 3 Cold Leg Temp (to PS II Tricon)FM-415B II ALS-A Reactor Coolant Flow Loop 1 to FI-415 (VB2)FM-425B II ALS-A Reactor Coolant Flow Loop 2 to FI-425 (VB2)TE-420C IA ALS-B DTTA Loop 2 Thot-1B (to PS II Tricon)TE-421B IA ALS-B DTTA Loop 2 Tcold-2 (to PS II Tricon)TE-421C IA ALS-B DTTA Loop 2 Thot-2B (to PS II Tricon)TE-422C IA ALS-B DTTA Loop 2 Thot-3B (to PS II Tricon)TE-443A IB,A,1 ALS-B Loop 4 Hot Leg Temp (to PS II Tricon)TE-443B IB,A,1 ALS-B Loop 4 Cold Leg Temp (to PS II Tricon)FM-435B II ALS-B Reactor Coolant Flow Loop 3 to FI-435 (VB2)FM-445B II ALS-B Reactor Coolant Flow Loop 4 to FI-445 (VB2)FM-513 1 II Isolator Out Loop 1 Steamflow to DFWCS FM-513 2 lB, D, 2 Isolator Out Loop 1 Steamflow to FI-513 (VB3) & ERFDS (VB1)FM-523 1 II Isolator Out Loop 2 Steamflow to DFWCS FM-523 2 IB, D, 2 Isolator Out Loop 2 Steamflow to FI-523 (VB3) & ERFDS (VB1)FM-533 1 II Isolator Out Loop 3 Steamflow to DFWCS FM-533 2 lB, D, 2 Isolator Out Loop 3 Steamflow to FI-533 (VB3) & ERFDS (VB4)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 46 of 54 PROTECTION SET II ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FM-543 1 II Isolator Out Loop 4 Steamflow to DFWCS FM-543 2 IB, D, 2 Isolator Out Loop 4 Steamflow to FI-543 (VB3) & ERFDS (VB4)LM-460 1 II Isolator Out PZR Level to PZR Level Control (Control Set 1, Control Set 2)LM-519 1 II Isolator Out S/G 1 Level to LI-519 (VB3), DFWCS, AFW LM-549 1 II Isolator Out S/G 4 Level to LI-549 (VB3), DFWCS, AFW LM-549 2 II Isolator Out S/G 4 Level to AMSAC PM-456 1 II Isolator Out PZR Pressure to PI-456 (VB2), PZR Pressure Control (Control Set 1)PM-506 1 II Isolator Out Turbine Impulse Pressure to AMSAC PM-515 1 II Isolator Out Loop 1 Steamline Pressure to DFWCS PM-525 1 II Isolator Out Loop 2 Steamline Pressure to DFWCS PM-535 1 II Isolator Out Loop 3 Steamline Pressure to DFWCS PM-545 1 II Isolator Out Loop 4 Steamline Pressure to DFWCS TM-433A IB,A,1 Tricon Loop 3 Hot Leg Temp to TR-433 (VB2) & RVLIS (PAM3)TM-433B IB,A,1 Tricon Loop 3 Cold Leg Temp to TR-433 (VB2)TM-443A IB,A,1 Tricon Loop 4 Hot Leg Temp to TR-443 (VB2) & RVLIS (PAM3)TM-443B IB,A,1 Tricon Loop 4 Cold Leg Temp to TR-443 (VB2)FM-513D IA Tricon Loop 1 Steamflow to FI-513 2 (Isolator)
FM-523D IA Tricon Loop 2 Steamflow to FI-523 2 (Isolator)
FM-533D IA Tricon Loop 3 Steamflow to FI-533 2 (Isolator)
FM-543D IA Tricon Loop 4 Steamflow to FI-543_2 (Isolator)
PM-506A II Tricon Turbine Impulse Pressure to PI-506 (VB3)TM-421E II Tricon Delta-T to TI-421A (VB2) & TM-41 1Q2/R (R31)TM-421 F II Tricon Overpower Setpoint to T/41 1A (CC1) & TI-421 B (VB2)TM-421G II Tricon Overtemperature Setpoint to T/41 1A (CC1) & TI-421C (VB2)TM-422F II Tricon Tavg to TI-422 (VB2) & TM-422G/R, TC-422A-HIR (R31)Deleted Deleted Deleted Deleted Note: (1) From analog sensor input loop, isolation not required [Section 2.3.3]Table 4-4 Protection Set II Discrete Output Functions PROTECTION SET II DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-415 A IA ALS-A Loop 1 Low Flow Rx Trip (SSPS)FC-425 A IA ALS-A Loop 2 Low Flow Rx Trip (SSPS)FC-435 A IA ALS-A Loop 3 Low Flow Rx Trip (SSPS)FC-445 A IA ALS-A Loop 4 Low Flow Rx Trip (SSPS)PC-456A A IA ALS-A PZR Pressure High Rx Trip (SSPS)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 47 of 54 PROTECTION SET II DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION PC-456B A IA ALS-A Unblock SI, P11 (SSPS)PC-456C A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-456D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-456E A IA ALS-A PZR Pressure High -PORV (RNASA)PC-936A A IA ALS-A Containment Press High SI, Ph A Isolation (SSPS)PC-936B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS2A DIV-A II ALS-A PS II Trouble Alarm (MAS)UY-PS2B DIV-A II ALS-A PS II Channel in Bypass Alarm (MAS)UY-PS2C DIV-A II ALS-A PS II Failure Alarm (MAS)YC-936 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)FC-415 B IA ALS-B Loop 1 Low Flow Rx Trip (SSPS)FC-425 B IA ALS-B Loop 2 Low Flow Rx Trip (SSPS)FC-435 B IA ALS-B Loop 3 Low Flow Rx Trip (SSPS)FC-445 B IA ALS-B Loop 4 Low Flow Rx Trip (SSPS)PC-456A B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-456B B IA ALS-B Unblock SI, P11 (SSPS)PC-456C B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-456D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-456E B IA ALS-B PZR Pressure High -PORV (RNASA)PC-936A B IA ALS-B Containment Press High SI, Ph A Isolation (SSPS)PC-936B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS2A DIV-B II ALS-B PS II Trouble Alarm (MAS)UY-PS2B DIV-B II ALS-B PS II Channel in Bypass Alarm (MAS)UY-PS2C DIV-B II ALS-B PS II Failure Alarm (MAS)YC-936 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-460A IA Tricon PZR Level High Rx Trip (SSPS)LC-519A IA Tricon S/G 1 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-519B IA Tricon S/G 1 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-549A IA Tricon S/G 4 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-549B IA Tricon S/G 4 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-506A IA Tricon Turbine Impulse Pressure High to P13 (SSPS)PC-515A IA Tricon Loop 1 Low Steamline Press SI & Steamline Isolation (SSPS)PC-515C IA Tricon Loop 1 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-525A IA Tricon Loop 2 Low Steamline Press SI & Steamline Isolation (SSPS)PC-525C IA Tricon Loop 2 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-535A IA Tricon Loop 3 Low Steamline Press SI & Steamline Isolation (SSPS)PC-535C IA Tricon Loop 3 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-545A IA Tricon Loop 4 Low Steamline Press SI & Steamline Isolation (SSPS)PC-545C IA Tricon Loop 4 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-421C IA Tricon OTDT Rx Trip (SSPS)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 48 of 54 PROTECTION SET II DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TC-421G IA Tricon OPDT Rx Trip (SSPS)TC-422D IA Tricon Tavg Low-Low P12 (SSPS)TC-422G IA Tricon Tavg Low Feedwater Isolation (SSPS)TC-433A IA Tricon Loop 3 Cold Leg Temp. Low -LTOPS (RNASA)Deleted Deleted Deleted Deleted LY-519H 11 Tricon PS II S/G Low-Low Level TTD Timer Actuated Alarm (MAS)Deleted TC-421D II Tricon OTDT Interlock C3 (RNARA)TC-421H II Tricon OPDT Interlock C4 (RNARA)TY-421 TRICON II Tricon PS2 DTTA RTD Failure Alarm (MAS)UY-PS2A TRICON II Tricon PS2 Trouble Alarm (MAS)UY-PS2B TRICON II Tricon PS2 Channel in Bypass Alarm (MAS)UY-PS2C TRICON II Tricon PS2 Failure Alarm (MAS)4.6 PROTECTION SET III FUNCTIONS AND INSTRUMENT CLASSES Table 4-5 Protection Set III Analog Output Functions PROTECTION SET III ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION LT-461 Input IB,A,1 Note (1) PZR Level to LI-461 (VB2)LT-518 Input IB,A,1 Note (1) S/G 1 Level to LI-518 (VB3) & ERFDS (VB1)LT-528 Input IB,A,1 Note (1) S/G 2 Level to LI-528 (VB3) & ERFDS (VB1)LT-538 Input IB,A,1 Note (1) S/G 3 Level to LI-538 (VB3) & ERFDS (VB1)LT-548 Input IB,A,1 Note (1) S/G 4 Level to LI-548 (VB3) & ERFDS (VB1)PT-403 Input IB,A,1 Note (1) Loop 4 WR Press to PR-403 (VB2), RVLIS (PAM 4)PT-526 Input IB,A,1 Note (1) Loop 2 Steamline Pressure to PI-526 (VB3)PT-536 Input IB,A,1 Note (1) Loop 3 Steamline Pressure to PI-536 (VB3)PT-935 Input IB,A,1 Note (1) Containment Pressure to PI-935 (VB1) & ERFDS (VB1)TE-430A IA ALS-A DTTA Loop 3 Thot-lA (to PS III Tricon)TE-430B IA ALS-A DTTA Loop 3 Tcold-1 (to PS III Tricon)TE-431A IA ALS-A DTTA Loop 3 Thot-2A (to PS III Tricon)TE-432A IA ALS-A DTTA Loop 3 Thot-3A (to PS III Tricon)FM-416B II ALS-A Reactor Coolant Flow Loop 1 to FI-416 (VB2)FM-426B II ALS-A Reactor Coolant Flow Loop 2 to FI-426 (VB2)TE-430C IA ALS-B DTTA Loop 3 Thot-lB (to PS Ill Tricon)TE-431B IA ALS-B DTTA Loop 3 Tcold-2 (to PS Ill Tricon)TE-431 C IA ALS-B DTTA Loop 3 Thot-2B (to PS III Tricon)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 49 of 54 PROTECTION SET III ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TE-432C IA ALS-B DTTA Loop 3 Thot-3B (to PS III Tricon)FM-436B II ALS-B Reactor Coolant Flow Loop 3 to FI-436 (VB2)FM-446B II ALS-B Reactor Coolant Flow Loop 4 to FI-446 (VB2)LM-461 1 II Isolator Out PZR Level to PZR Level Control (Control Set 1, Control Set 2)LM-518 1 II Isolator Out S/G 1 Level to DFWCS, AFW LM-528 1 II Isolator Out S/G 2 Level to DFWCS, AFW LM-528 2 II Isolator Out S/G 2 Level to AM SAC LM-538 1 II Isolator Out S/G 3 Level to DFWCS, AFW LM-548 1 II Isolator Out S/G 4 Level to DFWCS, AFW PM-403A 1 II Isolator Out Loop 4 WR Press to PI-403A (VB2), ERFDS (VB4)PM-457 1 II Isolator Out PZR Pressure to PZR Pressure Control (Control Set 1), PI-457 (VB2)PM-526 1 II Isolator Out Loop 2 Steamline Pressure to DFWCS PM-536 1 II Isolator Out Loop 3 Steamline Pressure to DFWCS TM-431 E II Tricon Delta-T to TI-431A (VB2) & TM-41 1Q3/R (R31)TM-431F II Tricon Overpower Setpoint to T/411A (CC1) & TI-431B (VB2)TM-431G II Tricon Overtemperature Setpoint to T/411A (CC1) & TI-431C (VB2)TM-432F II Tricon Tavg to TI-432 (VB2) & TM-432G/R, TC-432A-H/R (R31)Note: 1) From analog sensor input loop, isolation not required [Section 2.3.3 Table 4-6 Protection Set III Discrete Output Functions PROTECTION SET III DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-416 A IA ALS-A Loop 1 Low Flow Rx Trip (SSPS)FC-426 A IA ALS-A Loop 2 Low Flow Rx Trip (SSPS)FC-436 A IA ALS-A Loop 3 Low Flow Rx Trip (SSPS)FC-446 A IA ALS-A Loop 4 Low Flow Rx Trip (SSPS)PC-457A A IA ALS-A PZR Pressure High Rx Trip (SSPS)PC-457B A IA ALS-A Unblock SI, P1l (SSPS)PC-457C A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-457D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-457E A IA ALS-A PZR Pressure High -PORV (RNASA)PC-935A A IA ALS-A Containment Press High SI, Ph A Isolation (SSPS)PC-935B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS3A DIV-A II ALS-A PS III Trouble Alarm (MAS)UY-PS3B DIV-A II ALS-A PS III Channel in Bypass Alarm (MAS)UY-PS3C DIV-A II ALS-A PS IlI Failure Alarm (MAS)YC-935 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)FC-416-B IA ALS-B Loop 1 Low Flow Rx Trip (SSPS)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 50 of 54 PPOTFC.TI1N
'~FT III flI~CRFTF 01 JTPI IT F[JNCTI0NS~
INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-426 B IA ALS-B Loop 2 Low Flow Rx Trip (SSPS)FC-436 B IA ALS-B Loop 3 Low Flow Rx Trip (SSPS)FC-446 B IA ALS-B Loop 4 Low Flow Rx Trip (SSPS)PC-457A B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-457B B IA ALS-B Unblock SI, P1I (SSPS)PC-457C B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-457D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-457E B IA ALS-B PZR Pressure High -PORV (RNASA)PC-935A B IA ALS-B Containment Press High SI, Ph A Isolation (SSPS)PC-935B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS3A DIV-B II ALS-B PS III Trouble Alarm (MAS)UY-PS3B DIV-B II ALS-B PS III Channel in Bypass Alarm (MAS)UY-PS3C DIV-B II ALS-B PS III Failure Alarm (MAS)YC-935 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-461A IA Tricon PZR Level High Rx Trip (SSPS)LC-518A IA Tricon S/G 1 High-High Level Turbine Trip, FW Isoiation P14 (SSPS)LC-518B IA Tricon S/G 1 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-528A IA Tricon S/G 2 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-528B IA Tricon S/G 2 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-538A IA Tricon S/G 3 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-538B IA Tricon S/G 3 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-548A IA Tricon S/G 4 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-548B IA Tricon S/G 4 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-403A IA Tricon Loop 4 WR Pressure Low to RHR V-8702 Open Ckt (RNSIA)PC-403B IA Tricon Loop 4 WR Pressure High to RHR Not Isolated Alarm Ckt (RNSIA)PC-403D IA Tricon Loop 4 WR Pressure High to LTOPS (RNASA)PC-526A IA Tricon Loop 2 Low Steamline Press SI & Steamline Isolation (SSPS)PC-526C IA Tricon Loop 2 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-536A IA Tricon Loop 3 Low Steamline Press SI & Steamline Isolation (SSPS)PC-536C IA Tricon Loop 3 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-431C IA Tricon OTDT Rx Trip (SSPS)TC-431G IA Tricon OPDT Rx Trip (SSPS)TC-432D IA Tricon Tavg Low-Low P12 (SSPS)TC-432G IA Tricon Tavg Low Feedwater Isolation (SSPS)LY-518H II Tricon PS III S/G Low-Low Level TTD Timer Actuated Alarm (MAS)Deleted Deleted Deleted PC-526B II Tricon Loop 2 Steamline Pressure Low Alarm (MAS)PC-536B II Tricon Loop 3 Steamline Pressure Low Alarm (MAS)TC-431 D II Tricon OTDT Interlock C3 (RNARA)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 51 of 54 PROTECTION SET III DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TC-431 H II Tricon OPDT Interlock C4 (RNARA)TY-431 TRICON II Tricon PS III DTTA RTD Failure Alarm (MAS)UY-PS3A TRICON II Tricon PS III Trouble Alarm (MAS)UY-PS3B TRICON II Tricon PS III Channel in Bypass Alarm (MAS)UY-PS3C TRICON II Tricon PS III Failure Alarm (MAS)4.7 PROTECTION SET IV FUNCTIONS AND INSTRUMENT CLASSES Table 4-7 Protection Set IV Analog Output Functions PROTECTION SET IV ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION LT-517 Input IB,A,1 Note (1) S/G 1 Level to LI-517 (VB3), ERFDS (VB4)LT-527 Input IB,A,1 Note (1) S/G 2 Level to LI-527 (VB3), ERFDS (VB4)LT-537 Input IB,A,1 Note (1) S/G 3 Level to LI-537 (VB3), ERFDS (VB4)LT-547 Input IB,A,1 Note (1) S/G 4 Level to LI-547 (VB3), ERFDS (VB4)PT-405 Input IB,A,1 Note (1) Loop 3 WR Press to PI-405 (VB2), ERFDS (VB4), RVLIS (PAM 3)PT-516 Input IB,A,1 Note (1) Loop 1 Steamline Pressure to PI-516 (VB3)PT-546 Input IBA,1 Note (1) Loop 4 Steamline Pressure to PI-546 (VB3)PT-934 Input IB,A,1 Note (1) Containment Pressure to PI-934 (VB1)TE-440A IA ALS-A DTTA Loop 4 Thot-lA (PS IV Tricon)TE-440B IA ALS-A DTTA Loop 4 Tcold-1 (PS IV Tricon)TE-441A IA ALS-A DTTA Loop 4 Thot-2A (PS IV Tricon)TE-442A IA ALS-A DTTA Loop 4 Thot-3A (PS IV Tricon)TE-454 IA ALS-A PZR Vapor Temperature (PS IV Tricon)TE-440C IA ALS-B DTTA Loop 4 Thot-1 B (PS IV Tricon)TE-441 B IA ALS-B DTTA Loop 4 Tcold-2 (PS IV Tricon)TE-441C IA ALS-B DTTA Loop 4 Thot-2B (PS IV Tricon)TE-442C IA ALS-B DTTA Loop 4 Thot-3B (PS IV Tricon)LM-517 1 II Isolator Out S/G 1 Level to DFWCS, AFW LM-517 2 II Isolator Out S/G 1 Level to AMSAC LM-527 1 II Isolator Out S/G 2 Level to DFWCS, AFW LM-537 1 II Isolator Out S/G 3 Level to DFWCS, AFW LM-547 1 II Isolator Out S/G 4 Level to DFWCS, AFW PM-405A 1 II Isolator Out Loop 4 WR Press to PI-405A (VB2), ERFDS (VB4)PM-474 1 II Isolator Out PZR Pressure to PI-474 (VB2), PZR Pressure Control (Control Set 1)PM-516 1 II Isolator Out Loop 1 Steamline Pressure to DFWCS PM-546 1 II Isolator Out Loop 4 Steamline Pressure to DFWCS TM-441E II Tricon Delta-T to TI-441A (VB2) & TM-41 1Q4/R (R31)TM-441 F II Tricon Overpower Setpoint to T/41 1A (CC1) & TI-441 B (VB2)TM-441G II Tricon Overtemperature Setpoint to T/41 1A (CC1) & TI-441C (VB2)TM-442F II Tricon Tavg to TI-442 (VB2) & TM-442G/R, TC-442A-H/R (R31)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 52 of 54 PROTECTION SET IV ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TM-454A 11,D,3 Tricon PZR Vapor Ternp to TI-454 (VB2) & TC-454/R (Control Set 2)Note: (1) From analog sensor input loop, isolation not required [Section 2.3.3]Table 4-8 Protection Set IV Discrete Output Functions PROTECTION SET IV DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION PC-474A A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-474B A IA ALS-A PZR Pressure High -PORV (RNASA)PC-474C A IA ALS-A PZR Pressure High Rx Trip (SSPS)PC-474D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-934A A IA ALS-A Containment Press High SI, Ph A Isolation (SSPS)PC-934B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS4A DIV-A II ALS-A PS IV Trouble Alarm (MAS)UY-PS4B DIV-A II ALS-A PS IV Channel in Bypass Alarm (MAS)UY-PS4C DIV-A II ALS-A PS IV Failure Alarm (MAS)YC-934 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)PC-474A B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-474B B IA ALS-B PZR Pressure High -PORV (RNASA)PC-474C B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-474D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-934A B IA ALS-B Containment Press High SI, Ph A Isolation (SSPS)PC-934B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)Deleted UY-PS4A DIV-B II ALS-B PS IV Trouble Alarm (MAS)UY-PS4B DIV-B II ALS-B PS IV Channel in Bypass Alarm (MAS)UY-PS4C DIV-B II ALS-B PS IV Failure Alarm (MAS)YC-934 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-517A IA Tricon S/G 1 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-517B IA Tricon S/G 1 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-527A IA Tricon S/G 2 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-527B IA Tricon S/G 2 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-537A IA Tricon S/G 3 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-537B IA Tricon S/G 3 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-547A IA Tricon S/G 4 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-547B IA Tricon S/G 4 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-405A IA Tricon Loop 4 WR Pressure Low to RHR V-8701 Open Ckt (SSPS)PC-405B IA Tricon Loop 4 WR Pressure High to RHR Not Isolated Alarm Ckt (RNSIB)PC-405D IA Tricon Loop 4 WR Pressure High to LTOPS (RNASA)PC-516A IA Tricon Loop 1 Low Steamline Press SI & Steamline Isolation (SSPS)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 53 of 54 PROTECTION SET IV DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION PC-516C IA Tricon Loop I Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-546A IA Tricon Loop 4 Low Steamline Press SI & Steamline Isolation (SSPS)PC-546C IA Tricon Loop 4 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-441C IA Tricon OTDT Rx Trip (SSPS)TC-441G IA Tricon OPDT Rx Trip (SSPS)TC-442D IA Tricon Tavg Low-Low P12 (SSPS)TC-442G IA Tricon Tavg Low Feedwater Isolation (SSPS)Deleted LY-517H Tricon PS4 S/G Low-Low Level TTD Timer Actuated Alarm (MAS)Deleted Deleted Deleted PC-516B II Tricon Loop 1 Steamline Pressure Low Alarm (MAS)PC-546B II Tricon Loop 4 Steamline Pressure Low Alarm (MAS)TC-441 D II Tricon OTDT Interlock C3 (RNARA)TC-441 H II Tricon OPDT Interlock C4 (RNARA)TY-441 TRICON II Tricon PS4 DTTA RTD Failure Alarm (MAS)UY-PS4A TRICON II Tricon PS IV Trouble Alarm (MAS)UY-PS4B TRICON II Tricon PS IV Channel in Bypass Alarm (MAS)UY-PS4C TRICON II Tricon PS IV Failure Alarm (MAS)
Process Protection System Replacement Conceptual Design Document Rev 4 Page 54 of 54 This page left blank by intent}}

Revision as of 15:14, 7 May 2019

Redirect to:

Retrieved from "https://kanterella.com/w/index.php?title=ML15099A065&oldid=1595854"