993754-1813(NP), Revision 0, Validation Test Plan (Vtp).

ML11318A028
Person / Time
Site:	Diablo Canyon
Issue date:	10/13/2011
From:	Nguyen L Invensys Operations Management, Invensys/Triconex
To:	Office of New Reactors
References
3500897372 993754-1813(NP), Rev 0
Download: ML11318A028 (38)
v • d • e

Text

i n v e. n s".Y s* inv'e.n s'.w s" Operations Management Triconex f Project: PG&E PROCESS PROTECTION SYSTEM REPLACEMENT Purchase Order No.: 3500897372 Project Sales Order: 993754 PACIFIC GAS & ELECTRIC COMPANY NUCLEAR SAFETY-RELATED PROCESS PROTECTION SYSTEM REPLACEMENT DIABLO CANYON POWER PLANT VALIDATION TEST PLAN (VTP)

Document No. 993754-1-813 (-NP)

Revision 0 October 13, 2011 Non -Proprietary copy per I OCFR2.390

- Areas of Invensys Operations Management proprietary information, marked as [P], have been redacted based on 10CFR2.390(a)(4).

Name Signature Title Author: Loc Nguyen Nuclear IV&V Engineer Reviewers: Son Phan Nuclear IV&V Engineer Approvals: Kevin Vu-e jTfl V Nuclear IV&V Manager

_.'rTe1e' owv

i n v . nl S .\ ne ye .tv'

s. "

Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 2of38 Date: 10/13/2011 Document Change History Revision Date Change Author 0 10/13/11 Initial Issue L. Nguyen

n V* 2. n s-.ý=j s- i n \/e. n s-.tj s-Operations Management Triconex Document: 993754-1-813 Title: D PP PPS Validation Test Plan Revision: 0 Page: 3 of 38 7 Date: 10/13/2011 Table of Contents L ist of T ables ............................................................................................................ 5 L ist of F igu res ........................................................................................................... 6

1. P u rpose and Scope .............................................................................................. 7 I. I. Purpose ............................................................................. 7 1.2. Scope .............................................................................. 7 1.3. Test Plan Overview .......................................................

............................................... 8 1.3. 1. Pre-Factory Acceptance Test (pre-FAT) .................................................... 8 1.3.2. Hardware Validation Test (HVT) ........................................................ 8 1.3.3. Factory Acceptance Test (FAT) ......................................................... 9 1.4. V 10 Tricon portion of the PPS .............................................................. 10 1.4.1. Hardware ....................................................................... 11 1.4.2. Software ........................................................................ 11 1.4.3. Software that is not subject to Validation ................................................... 11 1.4.4. System Communication .............................................................. II 1.4.5. System interfaces .................................................................. 12

2. R eferences ........................................................................................................... 13

2. 1. Industry Documents ..................................................................... 13 2.2. NRC Documents ....................................................................... 13 2.3. Pacific Gas & Electric Documents ............................................................ 1.3 2.4. Invensys Operations M anagement Documents .................................................... 13

3. Definitions and Acronyms ................................................................................ 14

3. 1. Definitions ........................................................................... 14 3.2. Acronym s ........................................................................... 15

4. T est O verview .................................................................................................... 17

4. 1. Organization ......................................................................... 17

4. 1.1. Test Plan Preparation ................................................................ 17 4.1.2. Staffi ng and Training Needs ........................................................... 17 4.2. Schedule ............................................................................ 18 4.3. Resources ........................................................................... 19 4.4. Responsibilities ....................................................................... 20 4.5. Tools, Techniques, and M ethodologies ......................................................... 20 4.5.1. Tools .......................................................................... 20 4.5.2. Techniques and M ethodologies ......................................................... 21

5. T est Requirem ents ............................................................................................ 22

5. 1. General ............................................................................. 22

i n V e. n s-.t:o s-n v'e. n s-Operations Management Triconex Document: 993754-1-813 Title: D PP PPS Validation Test Plan Revision: 0 Page: 4 of 38 1 Date.T 10/13/2011 5.1.1. H ardw are ....................................................................... 23 5.1.2. Softw are ........................................................................ 23 5.1.3. Pre- Factory Acceptance Test (Pre-FAT) ................................................... 26 5.1.4. H ardw are V alidation Test (HVT) ........................................................ 26 5.1.5. Factory Acceptance Test (FAT) ......................................................... 27 5.2. Risks and Contingencies .................................................................. 29 5.3. Environm ental N eeds .................................................................... 29 5.4. Approvals ........................................................................... 30 5.4. 1. Validation Test Plan A pprovals ......................................................... 30 5.4.2. Validation Test Docum ent Approvals ..................................................... 30

6. Test Im plem entation ......................................................................................... 31

6. 1. Test Tasks ........................................................................... 31 6.2. Test Approach ........................................................................ 32 6.2.1. Docum ent Review ................................................................. 32 6.2.2. Hardware Validation and Inspection (HVT) ................................................. 32 6.2.3. Pow er-U p Inspection and Tests (HV T) ..................................................... 33 6.2.4. Hardware Calibration Checks and Testing using M &TE (HV T) ..................................... 33 6.2.5. Version Verification Checks (HVT) ....................................................... 33 6.2.6. Device Com m unication (FAT) .......................................................... 33 6.2.7. Validation Testing (HVT and FA T) ...................................................... 33 6.3. Design Features N OT Tested ............................................................... 33

7. A cceptance C riteria ........................................................................................... 35

7. 1. General ............................................................................. 35 7.2. Response times ........................................................................ 35 7.3. Accuracy ........................................................................... 35 7.4. Anom aly Reporting and Resolution ........................................................... 35 7.5. D eviation Policy (Suspension & resum ption) ..................................................... 35

8. Test Implementation and Documentation ...................................................... 37 8.1. Test Sum m ary Reports ................................................................... 37 8.2. Anom aly Reports ....................................................................... 38 8.3. Required control procedures ............................................................... 38

i nVe. n s2.f s' in v'e. n s-. s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 5 of 38 Date: 10/13/2011 List of Tables Table 1. V alidation Test Schedule ............................................................................................ 18

in v'e. n s'.y s" i n v e. n s.t s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 6 of 38 Date: 10/13/2011 List of Figures Figure 1: Tricon Protection Set and its Class II Communication ........................................... 10

in V'e.n s- iinfVe. ns'.ý s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 7 of 38 Date: 10/13/2011

1. Purpose and Scope 1.1. Purpose The purpose of this Validation Test Plan (VTP) is to prescribe the scope, approach, and resources of the testing activities that are required to be performed for the V10 Tricon portion of the Diablo Canyon Power Plant (DCPP) Process Protection System (PPS) to support the following:

" To detail the activities required to prepare for and conduct the system integration tests.

" To identify the tasks for responsible teams to perform and the schedule to be followed in performing the tasks.

• To define the sources of the information used to prepare the plan.

" To define the test tools and environment needed to conduct the system test.

1.2. Scope The DCPP PPS system is classified as nuclear safety related (Class 1E), and all project nuclear safety related activities shall comply with the applicable requirements of Invensys Operations Management Nuclear Quality Assurance Manual (IOM-Q2) [Ref 2.4.1] and any additional quality requirements specified in the Project Management Plan (PMP) [Ref 2.4.5], Project Quality Plan (PQP)[Ref 2.4.6], Software Quality Assurance Plan (SQAP) [Ref 2.4.7], and Software Verification and Validation Plan (SVVP) [Ref 2.4.8].

This VTP will address safety concerns during the development of Protection Set software test specifications, procedures and test cases, Pre- Factory Acceptance Test (Pre-FAT) and Factory Acceptance Test (FAT). It will also ensure that software-contributed hazards will be tracked and mitigated adequately throughout the development lifecycle (via the Project Traceability Matrix (PTM) and Hazard Tracking List). This plan will ensure the performance of assessments of the software safety mitigation effort and their effectiveness (in each phase summary report and final report).

This VTP is prepared in accordance with Test Control, PPM 6.0 [Ref 2.4.4], Application Program Development PPM 7.0 [Ref 2.4.4], and follows the guidelines described in IEEE 1012-1998 "IEEE Standard for Software Verification and Validation" [Ref 2.1.1 ].

The PPS is composed of four separate Protection Sets (1, II, III, and IV), each comprising the V10 Tricon, the Westinghouse Advanced Logic System (ALS) platform, and the Maintenance Workstation (MWS). The ALS and MWS are not within scope of supply of this project.

However, the ALS will convert certain sensor inputs to a signal type compatible with the V 10 Tricon hardware. Specifically, the ALS will process resistance temperature detector (RTD) inputs and convert them to 4-20 milliamp signals. This conversion is necessary to satisfy Diablo Canyon Power Plant loop accuracy requirements. See the Functional Requirements Specification (FRS) [Ref 2.3.2] for additional information. These ALS inputs to the VIO Tricon will be simulated during the Factory Acceptance Test (FAT).

in v'e. n s'.! s" in , e. n s-Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 8 of 38 Date: 10/13/2011 From here on, the VIO Tricon portion of the Protection Set will be referred to as V1O Tricon Protection Set.

1.3. Test Plan Overview This VTP covers a full system test for the VIO Tricon Protection Sets. This includes application functions, system interfaces, and system performance (e.g., response time). This VTP addresses only the TriStation Application Project (TSAP) VIO Tricon Protection Set application code developed using TriStation 1131 (TS 1131). This VTP does not include V&V of the TSI 131 programming tool, which will be used to develop the TSAP software. Hardware and software procured by vendors other than Invensys Operations Management will be verified and validated by the originating organization under separate programs.

Testing is performed to ensure satisfactory hardware, software and integration system performance in accordance with Pacific Gas & Electric specifications. Equipment calibration shall be performed before testing activity and traceable to National Institute of Standards and Technology (NIST). Measures will be taken to establish that tools, gages, instruments, and other measuring and testing devices used in activities affecting quality are properly controlled, calibrated, and adjusted at specified periods to maintain accuracy within acceptable limits. Tests performed as part of system integration include:

" Pre-Factory Acceptance Test (pre-FAT)

" Hardware Validation Test (HVT)

" Factory Acceptance Test (FAT) 1.3.1. Pre-Factory Acceptance Test (pre-FAT)

The purpose of the Pre-Factory Acceptance Test (pre-FAT) is to ensure that the FAT procedure is developed properly in accordance with the VI10 Tricon Protection Set for PPS hardware, applicable software, and associated components function as designed in an operating integrated system environment.

The Pre-Factory Acceptance Test (Pre-FAT) informally executes the Factory Acceptance Test procedures to determine their suitability, correctness, completeness, and efficiency of the test procedures. Results from the Pre-FAT may be used to identify integration deficiencies.

However, the primary goal of the Pre-FAT is to improve the test procedures themselves prior to the initial run of the FAT.

1.3.2. Hardware Validation Test (HVT)

The purpose of the Hardware Validation Test (HVT) is to demonstrate that the VI 0 Tricon Protection Set hardware and interfacing hardware components function as designed in an operating integrated system environment prior to FAT.

The HVT is developed in accordance with Project Procedures Manual (PPM) 6.0, [Ref 2.4.4]. In order to complete the HVT, each test item must be initialed by test personnel and at the end of

in v'e.ns>ý s " i ne. v n s' s.

Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 9 of 38 Date: 10/13/2011 each test section an initial and date is required from test personnel, QA, and a Pacific Gas and Electric representative.

The HVT will be performed by simulating inputs at the terminal blocks for Analog Inputs (Al) and Digital Inputs (using Measurement and Test Equipment, M&TE) which are processed and made available to the non safety-related MWS via the NetOptics Port Aggregator Tap. The CAPE Software and applicable I/O modules together with hardware test software TSAP and TriStation laptop will be utilized to manipulate point values and display status as necessary.

1.3.3. Factory Acceptance Test (FAT)

The purpose of the Factory Acceptance Test (FAT) is to demonstrate that the VI 0 Tricon Protection Set for PPS hardware, application software, and associated components function as designed in an operating integrated system environment.

Note that V10 Tricon System software verification testing will be conducted prior to the FAT as part of verification and validation (V&V) of the VIO Tricon Protection Set software application under separate procedures. Software verification testing is conducted during the Implementation Phase of the project lifecycle - see the Software Verification and Validation Plan [Ref 2.4.8] for additional information.

FAT procedures are developed specific to the Pacific Gas & Electric application specifications.

Systematic testing will be based on the functional diagrams series drawings [Ref 2.3.5] and will provide for documented check-off of each step. The application program is loaded into the system and the test procedures implemented. Pacific Gas & Electric will approve the test procedures prior to starting FAT and have the opportunity to witness FAT. At the highest level, each Protection Set functions as follows:

" Perform a system service routine, which initializes, syncs, and establishes the system staging.

" Process input signals read from Tricon analog input and digital input signals.

" Perform computations for the programs.

• Process program results and send output data from the Tricon analog and digital output modules.

n s'.> s- inv'e.ns'.t s" in ve.

Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 10 of 38 Date: 10/13/2011 1.4. V10 Tricon portion of the PPS Figure 1: Tricon Protection Set and its Class II Communication.

in -V'e. n s" s-" in v e. n s'.* s Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 11 of 38 Date: 10/13/2011 1.4.1. Hardware Each V 10 Tricon Protection Set of the PPS Replacement comprises three V10 Tricon chassis:

iPZ 1.4.2. Software The TriStation 1131 Application Programming Software that runs on Microsoft Windows XP operating system will be used to develop the software application for the V1O Tricon Protection Sets. Invensys Operations Management will provide the TriStation 1131 software and license.

Refer to Software Requirements Specification (SRS) [Ref 2.4.10] for additional details.

1.4.3. Software that is not subject to Validation

" TriStation 1131

" Tricon Firmware

• TS1131 Standard Libraries

• Windows 2000/XP/7TM** - TriStation Laptop/Workstation OS

• • Windows OS, PC, and laptop (these are not tested, but functionally checked prior to test/integration activities).

1.4.4. System Communication The Class I (safety-related) V10 Tricon Protection Set will utilize two Tricon Communication Modules (TCM) in the Main Chassis to communicate with external Class II (non-safety) devices.

The fiber optic cable electrically isolates the Tricon TCM from the external Class II devices.The NetOptics Network Aggregator Tap directs the network traffic between the TCM and MWS.

The NetOptics device permits two-way communications between the non-safety MWS belonging to a specific Protection Set and the Tricon in that Protection Set, but allows only one-way communication to other non-safety systems (e.g., the PPC Gateway server computer) to be determined by PG&E (though not within the Invensys Operations Management scope). The NetOptics devices will be procured by Pacific Gas & Electric and provided to Invensys Operations Management at the start of pre-FAT.

The non-safety media converters, procured by Invensys Operations Management, will be set up between the Tricon Main Chassis and the NetOptics Network Aggregator Tap. The media

in v'e.ns>. . in Ve. n s".ts' Operations Management Triconex I Document: 1 993754-1-813 1 Title: I DCPP PPS Validation Test Plan Revision: 0 Page: 12 of 38 Date: 10/13/2011 converters convert the fiber optic medium at the output of the TCM to copper medium at the input of the NetOptics Network Aggregator Tap.

The MWS is a non-safety device that will be developed separately from the PPS Replacement Project under a separate Pacific Gas & Electric Purchase Order (PO), budget, and staff.

However, the MWS will be available during FAT to facilitate testing of the VIO Tricon Protection Sets.

The network equipment, including media converter, NetOptics Network Aggregator Tap, and gateway hub, and the MWS will not be within the test scope of this VTP. The Nuclear Delivery (ND) group will coordinate with Pacific Gas & Electric for system staging prior to turn over to Nuclear IV&V. The Nuclear IV&V group will confirm proper operation of network communications system interfaces before beginning testing addressed in this VTP. The Optical Fiber from TCM + 10/1 00baseT Ethernet Media Converter to port aggregator will be supplied by IOM.

The MWS will be utilized at the start of pre-FAT to exercise its interface with the Vi 0 Tricon Protection Set and test the TSAP application code.

1.4.5. System interfaces The following is a list of the PPS system interfaces:

" Advanced Logic System (ALS)

" Plant Process Computer (PPC)

" Main Annunciator System

" Main Control Panels

" Hot Shutdown Panel

" Solid State Protection System (SSPS)

" Rod Control System

• Pressurizer Pressure Control System

• Pressurizer Level Control System

" Auxiliary Feedwater (AFW) Control System

• Reactor Vessel Level Indicating System (RVLIS)

" Low Temperature Overpressure Protection System (LTOPS)

• Residual Heat Removal (RHR) Interlocks For additional detail refer to the Hardware Requirements Specification (HRS) [Ref 2.4.9]. The above list is only shown for overview understanding of the PPS system interfaces and they are not within the test scope of this project.

i 1 v7"e . n ",-j s " in V e. nfs'.* s" Operations Management Triconex Document: 993754-1-813 Title:- DCPP PPS Validation Test Plan Revision: 0 Page: 13 of 38 Date: 10/13/2011

2. References 2.1. Industry Documents 2.1.1 IEEE 1012 - 1998, Standard for Software Verification and Validation.

2.2. NRC Documents 2.2.1 Branch Technical Position 7-14, Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems, U.S. Nuclear Regulatory Commission.

2.2.2 NUREG-0800, Standard Review Plan, Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition, Chapter 7 - Instrumentation and Controls, U.S. Nuclear Regulatory Commission.

2.2.3 U.S. NRC Regulatory Guide (RG) 1.168, Verification, Validation, Reviews, and Audits for Digital Computer Software Used in Safety Systems of Nuclear Power Plants.

2.2.4 U.S. NRC Digital Instrumentation and Controls Interim Staff Guidance DI&C-ISG-06.

2.2.5 10CFR50, Appendix A, GDC 21 "Protection System Reliability and Testability."

2.3. Pacific Gas & Electric Documents 2.3.1 Pacific Gas & Electric Purchase Order # 3500897372.

2.3.2 Pacific Gas & Electric 08-0015-SP-001, Functional Requirements Specification.

2.3.3 Pacific Gas & Electric Process Protection System Replacement Conceptual Design Document.

2.3.4 Pacific Gas & Electric Process Protection System Replacement Interface Requirements Specification.

2.3.5 101 15-J-NPG, Process Protection System Controller Transfer Functions Design Input Specification.

2.4. Invensys Operations Management Documents 2.4.1 IOM-Q2, Invensys Operation Management Nuclear Quality Assurance Manual.

2.4.2 NSIPM, Nuclear Systems Integration Program Manual, NTX-SER-09-21.

2.4.3 Software Configuration Management Procedure (SCMP).

2.4.4 Project Procedures Manual (PPM).

2.4.5 Project Management Plan (PMP), 993754-1-905.

2.4.6 Project Quality Plan (PQP), 993754-1-900.

2.4.7 Software Quality Assurance Plan (SQAP), 993754-1-801.

2.4.8 Software Verification and Validation Plan (SVVP), 993754-1-802.

2.4.9 Hardware Requirements Specification (HRS), 993754-1-807.

2.4.10 Software Requirements Specification (SRS), 993754-1-809.

2.4.11 Quality Procedure Manual (QPM).

n v* e. n s- n V e.n s-.ý::o s-Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 14 of 38 Date: 10/13/2011

3. Definitions and Acronyms 3.1. Definitions Acceptance (Pass/Fail) Criteria: Decision rules used to deten-nine whether a software or hardware passes or fails a test.

Acceptance Testing: Formal testing conducted to determine whether or not a system satisfies its acceptance criteria and to enable the customer to determine whether or not to accept the system.

Anomaly: A condition observed in the documentation or operation of hardware and software that deviates from expectations based on previously verified hardware/software products or reference documents. A critical anomaly is one that must be resolved before the V&V effort proceeds to the next phase.

Project Traceability Matrix: A documented matrix indicating the origin of the requirements, their implementing design output documentation and the corresponding testing requirements.

Software Validation Testing: The process of evaluating software through testing at the end of the development process to deten-nine whether it satisfies specified requirements.

Test Plan: A document describing the scope, approach, resources, and schedule of intended testing activities. It identifies test items, the features to be tested, the testing tasks, who will do each task, and any risks requiring contingency planning.

Test Procedure: A document specifying the sequence of actions for the execution of a test.

Test Specification: A specification that translates customer requirements and design features into test specifications and test approaches for validation by testing. It may add to or refine the test approaches described in the Validation Test Plan. (Also known as the Test Design Specification.)

Unit: An assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment. A unit can be disconnected, removed as a single piece, and replaced by a spare. It has definable performance characteristics that permit it to be tested as a single assembly. Software functions that meet the requirements of this definition are also defined as a unit. By this definition, the words "unit" and "module" (hardware/software) are interchangeable.

Verification: The process of evaluating a system or component to determine whether the products of a given development phase satisfy the conditions imposed at the start of that phase.

Validation: The process of evaluating a system or component during or at the end of the development process to determine whether it satisfies specified requirements.

i n V e. n S'. S" in v*e. n s..j s.

Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 15 of 38 Date: 10/13/2011 3.2. Acronyms AFW Auxiliary Feedwater Al Analog Inputs ALS Advanced Logic System COTS Commercial-off-the-Shelf DCPP Diablo Canyon Power Plant DRCS Document Review Comment Sheet DTTA Delta Temperature & Average Temperature ESFAS Engineered Safety Features Actuation System FAT Factory Acceptance Test FBD Function Block Diagram FTA Field Termination Assembly HRS Hardware Requirements Specification HVT Hardware Validation Test ICN Interim Change Notice 10,1/0 Input/Output IRS Interface Requirements Specification IV&V Independent Verification and Validation LTOPS Low Temperature Overpressure Protection System M&TE Measurement and Test Equipment MWS Maintenance Workstation ND Nuclear Delivery NIST National Institute of Standards and Technology NQA Nuclear Quality Assurance NRC Nuclear Regulatory Commission NSIPM Nuclear Systems Integration Program Manual OOR Out-of-Range OPDT Overpower Delta-T OPTR Overpressure Turbine Runback OTDT Overtemperature Delta-T OTTR Overtemperature Turbine Runback PE Project Engineer PG&E Pacific Gas and Electric PM Project Manager PMP Project Management Plan PO Purchase Order PPC Plant Process Computer PPM Project Procedures Manual PPS Process Protection System PQAE Project Quality Assurance Engineer PQP Project Quality Plan PTM Project Traceability MatrixQA Quality Assurance QPM Quality Procedures Manual RHR Residual Heat Removal RTS Reactor Trip System RVLIS Reactor Vessel Level Indicating System SCMP Software Configuration Management Plan

in v e. n s'. s- inv e. n S.*S" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 16 of 38 Date: 10/13/2011 SDC Software Development Checklist SDD Software Design Description S/G Steam Generator SIDR System Integration Deficiency Report SIL Software Integrity Level SQAP System Quality Assurance Plan SRS Software Requirements Specification SSPS Solid State Protect System SUT System Under Test SVT Software Verification Test SVVP Software Verification and Validation Plan TCM Triconex Communications Module TRB Test Review Board TS1131 TriStation 1131 TSAP TriStation Application Project TTD Trip Time Delay V&V Verification and Validation VTP Validation Test Plan VTS Validation Test Specification

n V'e. n s'.> s" i n v'e.n s-,l s" Operations Management Triconex I.Document:

Revision:

993754-1-813 0

Title:

Page:

DCPP PPS Validation Test Plan 17 of 38 1 Date:I 10/13/2011 -I

4. Test Overview The V&V approach as described in I EEE 1012-1998 [Ref 2.1.1] will be used for conducting project V&V activities. These activities will be planned and scheduled per Software Verification and Validation Plan (SVVP) [Ref. 2.4.8], the project schedule, the applicable PPMs [Ref 2.4.4],

and the PQP [Ref 2.4.6].

The V&V effort shall be accomplished using a separate Nuclear Independent Verification &

Validation (IV&V) organization not associated with the Nuclear Delivery (ND) organization as identified in the PQP [Ref 2.4.6]. This independent V&V process is consistent with the process described in Annex C.4.1 of IEEE 1012-1998 [Ref 2.1.1].

4.1. Organization EL 4.1.2. Staffing and Training Needs Test staff personnel are qualified as determined by the Nuclear IV&V Manager, in coordination with the Software Verification Validation Plan (SVVP) [Ref. 2.4.8], as documented in the Project training files, per PPM 9.0[Ref 2.4.4]. Test staff personnel must be current on required Project training prior to start of formal testing.

Test staff shall have completed the following:

" The TRICON/TriStation 1131 Comprehensive course

" The TriStation 1131 Standard or Comprehensive Programming Course

" Or have equivalent experience.

For additional project requirements, refer to the SVVP [Ref. 2.4.8]. The Nuclear IV&V Manager may authorize substitution of equivalent training or experience for any qualification, training, or skills requirement, where appropriate.

i n v\e.n s'.* s" in v'e. n s'.i s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 18 of 38 F Date:I 10/13/2011 ILi 4.2. Schedule The project schedule was developed based on the life cycle defined in the NSIPM [Ref 2.4.2] as implemented by the PPM [Ref 2.4.4]. Adhering to the procedure manuals assure the required project deliverables will satisfy PG&E technical and NRC regulatory requirements, and that the necessary supporting collateral will be generated to support the safety conclusions of both ND and Nuclear IV&V. Refer to the project schedule for the latest date and duration for completion of each task. Project related validation test tasks are as follows:

IZI

in ve, ns-,* s" in v'e. n s'.> s Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 19 of 38 Date: 10/13/2011 wP 4.3. Resources ND team members report to the PM. Nuclear QA team members report to the Nuclear QA Manager. Nuclear IV&V team members report to Nuclear IV&V Manager, who provides resource management of Nuclear IV&V staff and other resources (such as materials, equipment, work space, etc., required by the Nuclear IV&V team) to ensure that adequate resources are assigned to the PPS Replacement Project for proper implementation. Refer to the PMP [Ref

in v'e. n s".! .e Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 20 of 38 Date: 10/13/2011 2.4.5] for the details of the project organization and responsibilities assigned to each project team member and Nuclear IV&V team member.

4.4. Responsibilities

1. Nuclear IV&V Manager is responsible for staffing the Nuclear IV&V group and approving All Nuclear IV&V generated documents.

2. Project Engineer is responsible for providing support to the Test Director, as needed.

3. Project Quality Assurance Engineer is responsible for observing the testing activities, as directed by the applicable test procedures.

4. Nuclear IV&V Team is responsible for developing, review, and release all Nuclear IV&V generated documents and conducting tests in accordance with the system Software Verification and Validation Plan (SVVP), [Ref 2.4.8].

5. Test Director is responsible for coordinating and executing all tests that are in accordance to related test procedures.

6. Test Engineer or Test Technician is responsible for hardware and software test setup, and supporting all associated tests as needed under the direction of the PE or Test Director, as appropriate.

4.5. Tools, Techniques, and Methodologies L-Z

i n V e, n in v'e. n s'.> s" 'l s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 21 of 38 Date: 10/13/2011

i n v e n s'.s" in v e. n s.", s" Operations Management Triconex Document:1 993754-1-813 Title: DDCPP PPS Validation Test Plan Revision: 0 Page: 22 of 38 Date: 10/13/2011

5. Test Requirements

inV".ns'.I-.s" in v e. n s" Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 23 of 38 Date: 10/13/2011 5.1.1. Hardware The HRS [Ref 2.4.9] lists the V 10 Tricon hardware modules that will be used in the VI0 Tricon Protection Set system. These hardware modules connect the program stored in the main processor to the field I/O and communication channels. V10 Tricon equipment includes:

• Main Chassis, Nuclear (81 10N2).

" Primary Remote Chassis (8112N).

• Remote Chassis (8112).

" Main Processor, Nuclear (3008N).

• 120VAC/DC Power Module, Nuclear (831 0N2).

" 120VAC/DC Power Module, non-Nuclear (8310).

" TCM-FO Triconex Communications Module, Nuclear (4352AN).

" Analog Input Modules: Differential Nuclear (3721N) and Isolated, Nuclear (3703EN).

• Analog Output Modules: Nuclear (3805HN) and non-Nuclear (3805E).

" Discrete Input Modules: 24 VAC/DC Nuclear (3503EN2), 24 VAC/DC non-Nuclear (3501E), and 115VAC/DC Nuclear (3501TN2).

" Discrete Output Modules: Relay Output non-Nuclear (3636T), and Discrete Nuclear (3601TN) (115 VAC).

Additional chassis and cabinet descriptions can be found in the Hardware Requirements Specification (HRS), [Ref 2.4.9].

5.1.2. Software The Tricon application software (TSAP) will be developed separately for each VIO Tricon Protection Set. The TSAPs shall be independently verified and validated by Nuclear IV&V.

Table 2. Protection Set Functions Title Description Protection Set

1. System Gathers system, chassis, slot, I/O module diagnostic status, signal I Diagnostics processing and power supply alarms into variables that can be II including accessed by the other application functions and the MWS. III System IV Alarms-

2. Reactor ALS scope Coolant Flow

3. Wide Range Input to Low Temperature Overpressure Protection System I Reactor (LTOPS) provides protection against over pressurization at low II Coolant plant temperature.

Temperature

i n v e. n s-. s i n V'e. n s->ý s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation TestPlan Revision: 0 Page: 24 of 38 Date: 10/13/2011 Title Description Protection

4. Wide Range Input to LTOPS provides protection against over pressurization at III Reactor low plant temperature. IV Coolant Pressure Input to Residual Heat Removal (RHR) valve interlock circuit provides protection against improper operation of RHR isolation valves.

5. DTTA Delta Temperature & Average Temperature I Overtemperature Delta-T (OTDT) Reactor Trip provides DNB II protection. The setpoint for the OTDT reactor trip and III Overtemperature Turbine Runback (OTTR)are continuously IV calculated by the PPS for each of the four reactor coolant loops.

Overpower Delta-T (OPDT) Reactor Trip provides protection against excessive power (fuel rod rating protection). The setpoint for the OPDT reactor trip and Overpower Turbine Runback (OPTR) are continuously calculated by the PPS for each of the four reactor coolant loops.

6. Pressurizer Pressurizer High Water Level Reactor Trip provides backup I Level protection to the Pressurizer High Pressure Reactor Trip and II prevents the pressurizer from becoming water solid during low III worth and low power rod withdrawal accidents.

7. Pressurizer ALS scope.2 Pressure

8. Pressurizer Pressurizer Vapor Space Temperature Low signal provides an IV Vapor RHR valve V-8701 interlock circuit input.

Temperature

9. Steam Provide safety-related outputs for post-accident monitoring (S/G 1 I Generator thru 4). Steamflow is an input for the pressure-compensated II Steam Flow steamflow calculation.

10. Steamline Steamline Pressure Low SI and Steamline Isolation initiate the I Break automatic starting of boron injection and decay heat removal 11 Protection systems and to provide protection against steamline break III accidents. IV Steamline Pressure High Negative Rate Steamline Isolation provides protection in the case of a steamline break when Pressurizer Pressure is less than the P-1 I setpoint and Low Steamline Pressure SI is blocked.

2 The Tricon is providing instrument power for Pressurizer Pressure. Pressurizer Pressure is an input to DTTA for all protection sets. However, all safety functions associated with Pressurizer Pressure will be assigned to ALS.

in V'e ns-.! s" i n V e. n s'. s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 25 of 38 Date: 10/13/2011 Title Description Protection 1I. Steam Steam Generator (S/G) High-High Level Turbine Trip and I Generator Feedwater Isolation (P-14, S/G High Level Permissive) provide 11 Narrow Range protection against S/G overfills and damage to the main steamlines III Level or main turbine. IV S/G Low-Low Level Reactor Trip and Auxiliary Feedwater (AFW) Pump Start protects the reactor from loss of heat sink in the event of loss of feedwater to one or more S/Gs or a major feedwater line rupture. The signals to actuate reactor trip and start AFW pumps are delayed through the use of a Trip Time Delay (TTD) for reactor power levels below 50% of rated thermal power.

The use of the TTD allows added time for natural S/G level stabilization or operator intervention to avoid an inadvertent protection system actuation.

12. Turbine Chamber Pressure High to P-13 Interlock. The purpose of the P-13 I Impulse permissive is to provide an input to P-7 indicative of low turbine II Chamber power when less than the setpoint. The purpose of the P-7 Pressure permissive is to disable selected Reactor Trip signals while operating at low power levels.

Turbine Impulse Chamber Pressure Low Interlock C-5 blocks control rod withdrawal. The purpose of the C-5 interlock is to prevent automatic outward rod motion when power is less than the design limit for Rod Speed and Direction.

13. Containment ALS scope Pressure IZI

i 7 ve. n s' inv'e. ns',* s" Operations Management Triconex Document: J 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 26 of 38 Date: 10/13/2011 La

i n v'e. n s'.t s" i V 2. n s'.9 s Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 27 of 38 Date: 10/13/2011 w]

inv'e.n s'.o s" in V'e. n s'.> s" Operations Management Triconex Document: 993754-1-813 1 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 28 of 38 Date: 10/13/2011 w7

i nv'e.n s'.> s" in V e. n s'.o s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 29 of 38 Date: 10/13/2011 w

in 'e. n s'.4 s" in ve. n s'.> s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 30 of 38 F Date: I 10/13/2011 Ii EL 5.4. Approvals 5.4.1. Validation Test Plan Approvals This Validation Test Plan is required to be reviewed by the Nuclear IV&V Engineer, and approved by the Nuclear IV&V Manager.

5.4.2. Validation Test Document Approvals ELI

in v*e. n s'.=j s. i n Ve.n s. YS Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 31 of 38 Date:I 10/13/2011

6. Test Implementation 6.1. Test Tasks ELI

in V'e. n s'.> s- inv'e.n s'.* s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 32 of 38 Date: 10/13/2011

i v'en s'.t s" inVe. n s s Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 33 of 38 Date: 10/13/2011 IEL

inv'e.n s-,u s' in ve. n s'.> s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 34 of 38 Date: 10/13/2011 wq

in v e. ns'.4 s' in v'e. n s".>Y s" Operations Management Triconex Document:1 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 35 of 38 Date: 10/13/2011

7. Acceptance Criteria 7.1. General EL

n in v'e. n s>. s" i n' Vs. s".ýj s Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 36 of 38 Date: 10/13/2011 wq

in ve. n s-.- s' inV'e. n s'.. s" Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 37 of 38 1 Date: I 10/13/2011

8. Test Implementation and Documentation These documents are quality records as defined in QPM 16.0, Quality Records [Ref 2.4.11], and shall be controlled per PPM 4.0, [Ref 2.4.4], Project Document & Data Control. The specific documents shall be developed and processed in accordance with the controlling Project Procedure.

w--

8.1. Test Summary Reports A Test Report is required to be developed per PPM 6.0, [Ref 2.4.4], Test Control, to summarize the results of the tests performed. The required V&V reports are as described in the SVVP. The Test Report may be referenced in the Test Phase summary report and other applicable V&V reports. The Test Report may also incorporate other reports (SIDRs) as attachments.

w-

i n v e. n s'.ý s ifn v'e. n s'.Y s Operations Management Triconex Document: 993754-1-813 Title: DCPP PPS Validation Test Plan Revision: 0 Page: 38 of 38 Date: 10/13/2011 ZEJ