|
|
Line 15: |
Line 15: |
|
| |
|
| =Text= | | =Text= |
| {{#Wiki_filter:Successful Licensing of the ALS FPGA Based Safety Related I&C PlatformSuccessful Licensing of the ALS FPGA Based Safety Related I&C PlatformWolf Creek Nuclear Operating CorporationWolf Creek Nuclear Operating Corporation Introduction | | {{#Wiki_filter:Successful Licensing of the ALS FPGA Based Safety Related I&C Platform Wolf Creek Nuclear Operating Corporation |
| **Wolf Creek Nuclear Operating Corporation (WCNOC) to install Wolf Creek Nuclear Operating Corporation (WCNOC) to install first implementation of the Advanced Logic System (ALS) first implementation of the Advanced Logic System (ALS) during fall 2009 refueling outageduring fall 2009 refueling outage
| | |
| *
| | Introduction |
| *ForWCNOCandCSInnovations(CSI)installationis ForWCNOCandCSInnovations(CSI)installationis
| | * Wolf Creek Nuclear Operating Corporation (WCNOC) to install first implementation of the Advanced Logic System (ALS) during fall 2009 refueling outage |
| *
| | * For WCNOC and CS Innovations (CSI) (CSI), installation is culmination of five year development and 24 month licensing effort Wolf Creek Non-Proprietary Page 2 |
| *For WCNOC and CS Innovations (CSI), installation is For WCNOC and CS Innovations (CSI), installation is culmination of five year development and 24 month licensing culmination of five year development and 24 month licensing efforteffortPage 2Wolf Creek Non-Proprietary | | |
| **ALS project was born out of immediate need to solve reliability and ALS project was born out of immediate need to solve reliability and obsolescence issues obsolescence issues
| | Safety Related I&C Platform Study |
| -
| | * ALS project was born out of immediate need to solve reliability and obsolescence issues |
| -WCNOC conducted study of challenges faced by all USNPPs replacing their WCNOC conducted study of challenges faced by all USNPPs replacing their existing safety related I&C systems.existing safety related I&C systems. | | - WCNOC conducted study of challenges faced by all USNPPs replacing their existing safety related I&C systems. |
| --Found that original manufacturers of existing equipment are in most cases out of Found that original manufacturers of existing equipment are in most cases out of business or no longer support the product lines.business or no longer support the product lines. | | - Found that original manufacturers of existing equipment are in most cases out of business or no longer support the product lines. |
| --Situation typically leads to two approaches, each with their own challenges:Situation typically leads to two approaches, each with their own challenges:1Reverseengineerexistingsystem/maintainasobsolescenceandfailuresoccur1Reverseengineerexistingsystem/maintainasobsolescenceandfailuresoccurSafety Related I&C Platform Study | | - Situation typically leads to two approaches, each with their own challenges: |
| : 1. Reverse engineer existing system/maintain as obsolescence and failures occur 1. Reverse engineer existing system/maintain as obsolescence and failures occur-
| | 1 Reverse engineer existing system/maintain as obsolescence and failures occur 1. |
| -ShortShort--term fix for longterm fix for long--term problemterm problem
| | - Short Short--term fix for long long--term problem |
| --Offers little benefit from advancements in system integrity, diagnostics, and Offers little benefit from advancements in system integrity, diagnostics, and testabilitytestability | | - Offers little benefit from advancements in system integrity, diagnostics, and testability |
| --Updated version subject to same obsolescence problems, multiplied due to number Updated version subject to same obsolescence problems, multiplied due to number of components required to replace or update all safety related I&C systemsof components required to replace or update all safety related I&C systems | | - Updated version subject to same obsolescence problems, multiplied due to number of components required to replace or update all safety related I&C systems |
| --Requires specific experts and specific trainingRequires specific experts and specific training2. Replace the system with a Commercial | | - Requires specific experts and specific training |
| : 2. Replace the system with a Commercial--OffOff--The Shelf System (COTS)The Shelf System (COTS)
| | : 2. Replace the system with a Commercial-Commercial-OffOff--The Shelf System (COTS) |
| -
| | - Complex system, designed targeted for more complex industrial control apps |
| -Complex system, designed targeted for more complex industrial control appsComplex system, designed targeted for more complex industrial control apps | | - COTS platforms are rapidly advancing, thus shortening the obsolescence cycle. |
| --COTS platforms are rapidly advancing, thus shortening the obsolescence cycle. COTS platforms are rapidly advancing, thus shortening the obsolescence cycle. This creates a cost model the NPP is unable to justifyThis creates a cost model the NPP is unable to justify | | This creates a cost model the NPP is unable to justify |
| --Cost and effort to upgrade physical and procedural infrastructure provides little Cost and effort to upgrade physical and procedural infrastructure provides little benefitbenefitPage 3Wolf Creek Non-Proprietary Safety I&C Platform Goals | | - Cost and effort to upgrade physical and procedural infrastructure provides little benefit Wolf Creek Non-Proprietary Page 3 |
| **Common Platform for Safety I&C ArchitectureCommon Platform for Safety I&C Architecture
| | |
| **Mitigate Impact of Future ObsolescenceMitigate Impact of Future Obsolescence
| | Safety I&C Platform Goals |
| **Increase Integrity Increase Integrity | | * Common Platform for Safety I&C Architecture |
| **IncreaseReliability IncreaseReliability Increase Reliability Increase Reliability | | * Mitigate Impact of Future Obsolescence |
| **Minimize Cost and Effort to RetrofitMinimize Cost and Effort to Retrofit
| | * Increase Integrity |
| **Advanced Testing and DiagnosticsAdvanced Testing and Diagnostics
| | * Increase Reliability |
| **No Additional Diverse Actuation SystemsNo Additional Diverse Actuation Systems
| | * Minimize Cost and Effort to Retrofit |
| **Approval for RPS/ESFAS ApplicationsApproval for RPS/ESFAS ApplicationsPage 4Wolf Creek Non-Proprietary Status of Project
| | * Advanced Testing and Diagnostics |
| **SER Approved!!!
| | * No Additional Diverse Actuation Systems |
| SER Approved!!! | | * Approval for RPS/ESFAS Applications Wolf Creek Non-Proprietary Page 4 |
| *
| | |
| *Overall Review Consisted of Multiple ReviewsOverall Review Consisted of Multiple Reviews | | Status of Project |
| -
| | * SER Approved!!! |
| -Generic TopicalGeneric Topical | | * Overall Review Consisted of Multiple Reviews |
| --Applications SpecificApplications SpecificGiAlii GiAlii-
| | - Generic Topical |
| -G ener i c A pp li cat i on G ener i c A pp li cat i on* | | - Applications Specific |
| *MSFIS Equipment Designed, Built, Tested.. Ready for InstallMSFIS Equipment Designed, Built, Tested.. Ready for Install | | - Generic G i AApplication li i |
| **Install Fall 2009Install Fall 2009Page 5Wolf Creek Non-Proprietary Overview of the SER
| | * MSFIS Equipment Designed, Built, Tested.. Ready for Install |
| **First time an FPGA platform used for safetyFirst time an FPGA platform used for safety--related applications related applications
| | * Install Fall 2009 Wolf Creek Non-Proprietary Page 5 |
| **Review was similar to the review of a microprocessor platformReview was similar to the review of a microprocessor platform
| | |
| **ALS platform overviewALS platform overview
| | Overview of the SER |
| **Development process reviewDevelopment process reviewPltfi Pltfi*
| | * First time an FPGA platform used for safety- safety-related applications |
| *Pl a tf orm rev i e w Pl a tf orm rev i e w* | | * Review was similar to the review of a microprocessor platform |
| *Life cycle planning reviewLife cycle planning review | | * ALS platform overview |
| **Equipment qualification reviewEquipment qualification review
| | * Development process review |
| **Diversity and DefenseDiversity and Defense--in in--Depth review Depth review
| | * Pl tf Platform review i |
| **IEEE 603 IEEE 603--1991 review1991 review
| | * Life cycle planning review |
| **IEEE 7 IEEE 7--4.3.2 4.3.2--2003 review 2003 reviewPage 6Wolf Creek Non-Proprietary SER Conclusions
| | * Equipment qualification review |
| **Development process was of a high quality to ensure design correctness Development process was of a high quality to ensure design correctness of the applicationof the application | | * Diversity and Defense Defense--in in--Depth review |
| **ALS platform meets the requirements of:ALS platform meets the requirements of: | | * IEEE 603-603-1991 review |
| - | | * IEEE 7-7-4.3.2 4.3.2--2003 review Wolf Creek Non-Proprietary Page 6 |
| -IEEE 603 IEEE 603--1991 1991--IEEE 7 IEEE 7--4.3.2 4.3.2--20032003*
| | |
| *ALS platform meets or exceeds all equipment qualification requirementsALS platform meets or exceeds all equipment qualification requirements | | SER Conclusions |
| *
| | * Development process was of a high quality to ensure design correctness of the application |
| *ALSplatformmeetstheguidanceprovidedin:
| | * ALS platform meets the requirements of: |
| ALSplatformmeetstheguidanceprovidedin:
| | - IEEE 603-603-1991 |
| *
| | - IEEE 7-7-4.3.2-4.3.2-2003 |
| *ALS platform meets the guidance provided in: ALS platform meets the guidance provided in:- | | * ALS platform meets or exceeds all equipment qualification requirements |
| -ISG ISG--01, ISG01, ISG--02, ISG02, ISG--04 04*
| | * ALS platform meets the guidance provided in: |
| *Generic approval of ALS process documentationGeneric approval of ALS process documentation | | - ISG ISG--01, ISG-ISG-02, ISG-ISG-04 |
| **Generic approval of ALS hardware documentationGeneric approval of ALS hardware documentation
| | * Generic approval of ALS process documentation |
| **Generic approval of ALS FPGA programming documentationGeneric approval of ALS FPGA programming documentation
| | * Generic approval of ALS hardware documentation |
| **Future use of the ALS platform will require minimal information to be Future use of the ALS platform will require minimal information to be submitted submittedPage 7Let's review the goals of the project and how they were met! | | * Generic approval of ALS FPGA programming documentation |
| Let's review the goals of the project and how they were met!Wolf Creek Non-Proprietary Meeting the GoalsCommon Platform for Safety I&C
| | * Future use of the ALS platform will require minimal information to be submitted Lets review the goals of the project and how they were met! |
| **ALS architecture is scalable, from single system replacement to full safety I&C ALS architecture is scalable, from single system replacement to full safety I&C replacementreplacement
| | Wolf Creek Non-Proprietary Page 7 |
| **ALS is architected with dedicated and redundant control modules, which are designed for ALS is architected with dedicated and redundant control modules, which are designed for reliability and integrity attributes critical to safety systemsreliability and integrity attributes critical to safety systemsMitigate Future Obsolescence Mitigate Future Obsolescence
| | |
| * | | Meeting the Goals Common Platform for Safety I&C |
| *Fewer components and common components Fewer components and common components --one FPGA per board incorporates all one FPGA per board incorporates all diitliitfiltdbiti("hit"ICid) diitliitfiltdbiti("hit"ICid) di g it a l c i rcu it s, filters, an d bus commun i ca tion (no "c hi p se t" IC s requ i re d)di g it a l c i rcu it s, filters, an d bus commun i ca tion (no "c hi p se t" IC s requ i re d)*
| | * ALS architecture is scalable, from single system replacement to full safety I&C replacement |
| *For the primary critical component (FPGA), obsolescence is mitigated by utilizing For the primary critical component (FPGA), obsolescence is mitigated by utilizing portable RTL design which supports targeting to a new technology if required in the futureportable RTL design which supports targeting to a new technology if required in the futureIncrease Integrity Increase Integrity | | * ALS is architected with dedicated and redundant control modules, which are designed for reliability and integrity attributes critical to safety systems Mitigate Future Obsolescence |
| *
| | * Fewer components and common components - one FPGA per board incorporates all di it l circuits, digital i it filters, filt anddbbus communication i ti ((no chip hi set t IC ICs required) i d) |
| *ALS is capable of detecting failures while the system is operationalALS is capable of detecting failures while the system is operational | | * For the primary critical component (FPGA), obsolescence is mitigated by utilizing portable RTL design which supports targeting to a new technology if required in the future Increase Integrity |
| **ALS performs corrective action upon detection of a failureALS performs corrective action upon detection of a failure
| | * ALS is capable of detecting failures while the system is operational |
| **The ALS utilizes redundancy and/or Digital BIST for all critical circuitsThe ALS utilizes redundancy and/or Digital BIST for all critical circuits
| | * ALS performs corrective action upon detection of a failure |
| **ALS Incorporates dedicated integrity logic and provides runALS Incorporates dedicated integrity logic and provides run--time detection of a changed time detection of a changed device and/or board behaviordevice and/or board behaviorPage 8Wolf Creek Non-Proprietary Meeting the Goals -2 Increase Reliability
| | * The ALS utilizes redundancy and/or Digital BIST for all critical circuits |
| **Increased reliability and robustness by implementing an appropriate level of design Increased reliability and robustness by implementing an appropriate level of design complexity, which results in fewer active components, and translates directly to a lower complexity, which results in fewer active components, and translates directly to a lower system failure ratesystem failure rate
| | * ALS Incorporates dedicated integrity logic and provides run- run-time detection of a changed device and/or board behavior Wolf Creek Non-Proprietary Page 8 |
| **ALS utilizes only proven design practices and methodologies for implementation of the ALS utilizes only proven design practices and methodologies for implementation of the hardwarehardware**ALS utilizes distributed monitoring of the integrity and validity of signals, and provides the ALS utilizes distributed monitoring of the integrity and validity of signals, and provides the ca p abilit y to take action on exce p tions ca p abilit y to take action on exce p tionspyp pypMinimize Cost of Retrofit
| | |
| *
| | Meeting the Goals - 2 Increase Reliability |
| *Installation is simplified due to reduced hardware and wiring, maintenance is simple, Installation is simplified due to reduced hardware and wiring, maintenance is simple, efficient, and reliable translating to lower onefficient, and reliable translating to lower on--going costs to maintaingoing costs to maintain | | * Increased reliability and robustness by implementing an appropriate level of design complexity, which results in fewer active components, and translates directly to a lower system failure rate |
| **The ALS provides simple, efficient, and reliable maintenance with a high degree of The ALS provides simple, efficient, and reliable maintenance with a high degree of visibility into the system, where all boards are easily replaceable, reusable, and hotvisibility into the system, where all boards are easily replaceable, reusable, and hot-
| | * ALS utilizes only proven design practices and methodologies for implementation of the hardware |
| -swappableswappable**Training for plant personnel is reduced due to simplicity of the system and the ability to Training for plant personnel is reduced due to simplicity of the system and the ability to implement multiple applications with a common platformimplement multiple applications with a common platformAdvanced Testing and Diagnostics Advanced Testing and Diagnostics
| | * ALS utilizes distributed monitoring of the integrity and validity of signals, and provides the p |
| *
| | capability y to take action on exceptions p |
| *Provides deterministic testing, maintaining the same behaviorProvides deterministic testing, maintaining the same behavior | | Minimize Cost of Retrofit |
| **A run A run--time test strategy provides exhaustive selftime test strategy provides exhaustive self--testing to validate system integritytesting to validate system integrity
| | * Installation is simplified due to reduced hardware and wiring, maintenance is simple, efficient, and reliable translating to lower on-on-going costs to maintain |
| **Advanced diagnostics are provided utilizing the ASU and BuiltAdvanced diagnostics are provided utilizing the ASU and Built--in Selfin Self--test (BIST)test (BIST)Page 9Wolf Creek Non-Proprietary No Additional Diverse ActuationISG #2 -Diversity and defense in depth
| | * The ALS provides simple, efficient, and reliable maintenance with a high degree of visibility into the system, where all boards are easily replaceable, reusable, and hot hot-- |
| **The ALS architecture implements key design attributes which are sufficient to The ALS architecture implements key design attributes which are sufficient to eliminate the consideration of Common Cause Failure (CCF)eliminate the consideration of Common Cause Failure (CCF)
| | swappable |
| -
| | * Training for plant personnel is reduced due to simplicity of the system and the ability to implement multiple applications with a common platform Advanced Testing and Diagnostics |
| -This conclusion is based on the guidance provided in U.S. NRC document DI&CThis conclusion is based on the guidance provided in U.S. NRC document DI&C- | | * Provides deterministic testing, maintaining the same behavior |
| -ISG ISG--02 "Task Working Group #2: Diversity and Defense02 "Task Working Group #2: Diversity and Defense--in in--Depth Issues", Revision Depth Issues", Revision 1, September 20071, September 2007
| | * A run-run-time test strategy provides exhaustive self- self-testing to validate system integrity |
| *
| | * Advanced diagnostics are provided utilizing the ASU and Built Built--in Self Self--test (BIST) |
| *DI&C DI&C ISG ISG02statesinsection5 "Therearetwodesignattributesthatare02statesinsection5 "Therearetwodesignattributesthatare | | Wolf Creek Non-Proprietary Page 9 |
| *
| | |
| *DI&C DI&C-
| | No Additional Diverse Actuation ISG #2 - Diversity and defense in depth |
| -ISG ISG-
| | * The ALS architecture implements key design attributes which are sufficient to eliminate the consideration of Common Cause Failure (CCF) |
| -02 states in section 5 There are two design attributes that are 02 states in section 5 There are two design attributes that are sufficient to eliminate consideration of CCF:"sufficient to eliminate consideration of CCF:" | | - This conclusion is based on the guidance provided in U.S. NRC document DI&C- DI&C-ISG--02 Task Working Group #2: Diversity and Defense-ISG Defense-in in--Depth Issues, Revision 1, September 2007 |
| -
| | * DI&C--ISG DI&C ISG--02 states in section 5 There There are two design attributes that are sufficient to eliminate consideration of CCF: |
| -Staff position 1 states that if sufficient diversity exists in the protection system such Staff position 1 states that if sufficient diversity exists in the protection system such common cause failures within channels can be considered to be fully addressed common cause failures within channels can be considered to be fully addressed without further action, no additional diversity would be necessary in the safety without further action, no additional diversity would be necessary in the safety system.system.--Since there is adequate diversity, no DAS or manual actions were necessarySince there is adequate diversity, no DAS or manual actions were necessaryPage 10Wolf Creek Non-Proprietary Compliance with ISG #1 and #4ISG #1 -Cyber Security | | - Staff position 1 states that if sufficient diversity exists in the protection system such common cause failures within channels can be considered to be fully addressed without further action, no additional diversity would be necessary in the safety system. |
| **There is no inbound communications, so there is no path for cyber attackThere is no inbound communications, so there is no path for cyber attack
| | - Since there is adequate diversity, no DAS or manual actions were necessary Wolf Creek Non-Proprietary Page 10 |
| **Logic configuration can only be changed by removal of board while the channel is offLogic configuration can only be changed by removal of board while the channel is off--line, line, so no changes are possible while the channel is performing the safety functionso no changes are possible while the channel is performing the safety function
| | |
| **There is no operational software, so there can be no unintended functions within the There is no operational software, so there can be no unintended functions within the software, and no operational software changessoftware, and no operational software changes
| | Compliance with ISG #1 and #4 ISG #1 - Cyber Security |
| **AllhardwarecircuitsaretracedtostatemachinesusedbyrequirementsTherearenoAllhardwarecircuitsaretracedtostatemachinesusedbyrequirementsThereareno All hardware circuits are traced to state machines used by requirements. There are no All hardware circuits are traced to state machines used by requirements. There are no unneeded circuits unneeded circuits | | * There is no inbound communications, so there is no path for cyber attack |
| **The design life cycle considered cyber security as required by RG 1.152The design life cycle considered cyber security as required by RG 1.152 ISG #4 ISG #4 --CommunicationsCommunications
| | * Logic configuration can only be changed by removal of board while the channel is off off--line, so no changes are possible while the channel is performing the safety function |
| *
| | * There is no operational software, so there can be no unintended functions within the software, and no operational software changes |
| *The only twoThe only two--way communications with nonway communications with non--safety is with the ASU safety is with the ASU | | * All hardware circuits are traced to state machines used by requirements requirements. There are no unneeded circuits |
| **Section 1. There is no interdivisional communicationsSection 1. There is no interdivisional communications
| | * The design life cycle considered cyber security as required by RG 1.152 ISG #4 - Communications |
| **Section 2. The command prioritizations is between automatic and manual safety related Section 2. The command prioritizations is between automatic and manual safety related signals, and the command to isolate takes priority. All inputs are safetysignals, and the command to isolate takes priority. All inputs are safety--related. There are related. There are no non no non--safety inputs during operation. Since the command is processed by a finite state safety inputs during operation. Since the command is processed by a finite state machine, verification is simplified.machine, verification is simplified.
| | * The only two two--way communications with non-non-safety is with the ASU |
| **Section 3. There are no multidivisional control and display stationsSection 3. There are no multidivisional control and display stationsPage 11Wolf Creek Non-Proprietary What's Next at Wolf CreekWolf Creek Safety I&C Replacement Plan
| | * Section 1. There is no interdivisional communications |
| | * Section 2. The command prioritizations is between automatic and manual safety related signals, and the command to isolate takes priority. All inputs are safety safety--related. There are no non-non-safety inputs during operation. Since the command is processed by a finite state machine, verification is simplified. |
| | * Section 3. There are no multidivisional control and display stations Wolf Creek Non-Proprietary Page 11 |
| | |
| | Whats Next at Wolf Creek Wolf Creek Safety I&C Architecture (RPS/ESFAS) |
| | Wolf Creek Safety I&C Replacement Plan |
| -MSFIS (RF17, Fall 2009) | | -MSFIS (RF17, Fall 2009) |
| -LSELS (RF19, Fall 2012) | | -LSELS (RF19, Fall 2012) |
| -BOP ESFAS (RF19, Fall 2012)Wolf Creek Safety I&C Architecture (RPS/ESFAS) | | -BOP ESFAS (RF19, Fall 2012) |
| -SSPS-TC/CCM (On-line, 2010) | | -SSPS |
| -RVLISPage 12Wolf Creek Non-Proprietary Gregg ClarksonProject Manager, Safety I&CWolf Creek Nuclear Operating Corporation (620) 364-8831 x4438 grclark@wcnoc.com Steen Sorensen President CS Innovations, LLC (480) 612-2040 steen@cs-innovation.comGregg ClarksonProject Manager, Safety I&C Wolf Creek Nuclear Operating Corporation (620) 364-8831 x4438 grclark@wcnoc.com Steen Sorensen President CS Innovations, LLC (480) 612-2040 steen@cs-innovation.com}} | | -TC/CCM (On-line, 2010) |
| | -RVLIS Wolf Creek Non-Proprietary Page 12 |
| | |
| | Gregg Clarkson Project Manager, Safety I&C Wolf Creek Nuclear Operating Corporation (620) 364-8831 x4438 grclark@wcnoc.com Steen Sorensen President CS Innovations, LLC (480) 612-2040 steen@cs-innovation.com}} |
|
---|
Category:Meeting Briefing Package/Handouts
MONTHYEARML23275A1712023-10-16016 October 2023 October 16, 2023, Licensee Pre-submittal Meeting Slides - License Amendment Request to Revise Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505-A, Revision 2 for Wolf Creek Generating Station ML21333A1512021-11-29029 November 2021 Pre-Submittal Meeting Slides License Amendment Request Addressing Portable Lighting for Operator Manual Actions ML21179A0892021-07-13013 July 2021 Background Information July 13, 2021, Pre-Submittal Public Teleconference ML20308A7332020-11-18018 November 2020 Slides for GSI-191 Pre-Submittal Public Teleconference November 18, 2020 ML18299A0492018-10-30030 October 2018 Accident Analyses Methodology Transition LAR Public Meeting IR 05000482/20174072017-12-22022 December 2017 Summary of Closed Regulatory Conference to Discuss Wolf Creek, Unit 1, Security Inspection Report 05000482/2017407 ML16271A4822016-09-27027 September 2016 Summary of Regulatory Conference to Discuss Safety Significance of Wolf Creek Generating Station Emergency Generator Excitation Diode Apparent Violation ML16236A0952016-08-25025 August 2016 and Wolf Creek Generating Station - August 25, 2016, Class 1E Electrical Equipment Air Conditioning System Pre-Application Meeting ML16095A0782016-04-12012 April 2016 Slides for the WCGS Meeting Discussion 4/12/16 ML16095A0852016-04-12012 April 2016 Large Scale Head Loss Test Specification 4/12/16 ML16095A0802016-04-12012 April 2016 Large Scale Penetration Test Specification 4/12/16 ML16095A0922016-03-31031 March 2016 Large Scale Penetration and Head Loss Test Plan 4/12/16 ML14188C4812014-07-0707 July 2014 Summary of Annual Assessment Meeting with Wolf Creek Generating Station ML14134A1842014-05-14014 May 2014 Summary of Public Meeting to Discuss an Apparent Violation Identified at Wolf Creek Generating Station ML14038A3852014-02-0606 February 2014 1/22/2014 - Summary of Public Meeting to Discuss Corrective Actions Implemented to Address the Chilling Effect Letter ML13218A0212013-08-0707 August 2013 Licensee Slides, 08/07/13 Preapplication Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Long-Term Corrective Actions for Water Hammer Events in the Essential Service Water System at Wolf Creek ML13205A2142013-07-30030 July 2013 Operating Corporation - Slides for Pre-application Meeting on 7/30/13 - Core Design and Safety Analysis Methodology Transition License Amendment Request for Wolf Creek Generating Station ML12263A3622012-09-20020 September 2012 Pre-application Meeting Slide Core Design and Safety Analysis Methodology Transition License Amendment Request TAC No. ME9495) ML12191A1742012-07-0909 July 2012 6/25/2012 Summary of Public Meeting with Wolf Creek Nuclear Operating Corporation ML1110104292011-04-11011 April 2011 Summary of Annual Performance Assessment Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Wolf Creek Generating Station Performance for the NRC Inspection Period Ending December 31, 2010 ML1016204902010-06-16016 June 2010 Notice of Construction Reactor Oversight Process Category 2 Public Meeting Handout: Wolf Creek 2, Notice of Violation and Proposed Imposition of Civil Penalty, Dated 11/21/1984 ML1016901162010-06-16016 June 2010 6/16/2010 Construction Reactor Oversight Process Category 2 Public Meeting Handout: Meeting Slides (Enforcement Cases) ML1013404892010-05-14014 May 2010 Summary of Annual Performance Assessment Meeting with Wolf Creek Nuclear Operating Corporation to Discuss the Wolf Creek Generating Station Performance for the NRC Inspection Period from January 1 Through December 31, 2009 ML0933702032009-12-0303 December 2009 Summary of Public Meeting for Wolf Creek Generating Station ML0933801482009-11-20020 November 2009 Licensee Handouts from November 20, 2009, Public Meeting with Union Electric Company and Wolf Creek Nuclear Operating Company to Discuss GL 2004-02 Response Rai'S ML0913300232009-05-13013 May 2009 Meeting Slides, Successful Licensing of the Als Fpga Based Safety Related I&C Platform ML0912600692009-05-0606 May 2009 Lessons Learned Using Digital I&C Interim Staff Guidance Workshop ML0902102422009-01-15015 January 2009 Licensee Slides, January 15, 2009, Category 1 Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Changes to Post Fire Shutdown Unresolved Items Analysis Methods Pre-Application for Wolf Creek Generating Station ML0834700222008-12-11011 December 2008 Slides, Category 2 Public Meeting Digital Instrumentation and Control Steering Committee M080717, M080717-Commission Briefing Slides/Exhibits Briefing on Fire Protection2008-07-17017 July 2008 M080717-Commission Briefing Slides/Exhibits Briefing on Fire Protection ML0817706682008-06-25025 June 2008 Summary of Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Several Initiatives That Were Being Implemented to Improve Plant Performance at Wolf Creek ML0803706102008-01-11011 January 2008 Westinghouse Electric Company LLC, LTR-CDME-08-2, Rev. 1 NP-Attachment, Meeting Handouts from the December 13, 2007 Meeting with Wolf Creek and NRR on H*/B*. ML0729204682007-10-29029 October 2007 09/25/2007, Summary of Meeting Between the U.S. Nuclear Regulatory Commission Staff and Strategic Teaming and Resource Sharing Representatives to Discuss License Renewal Activities ML0721501532007-08-0202 August 2007 NRC Staff Handout for August 2, 2007, Meeting with Wolf Creek Nuclear Operating Corporation ML0721102382007-07-24024 July 2007 Performanc Contracting, Inc.'S Powerpoint Slide, Proposed Wolf Creek/Callaway Test Configuration ML0719303772007-07-11011 July 2007 Handouts (NRC and Licensee) for Meeting with Representatives of Wolf Creek Nuclear Operating Corporation ML0718606902007-06-19019 June 2007 06/19-20/2007 Slides,Fabrication Records Review, from Category 2 Public Meeting Between the NRC Staff and the Expert Panel for the Wolf Creek Advanced Finite Element Analyses (Fea) ML0716203882007-06-0101 June 2007 06/01/07 - Presentation Material, Advanced Fea Crack Growth Calculations for Evaluation of PWR Pressurizer Nozzle Dissimilar Metal Weld Circumferential Pwscc. ML0733409182007-05-31031 May 2007 05/31/2007 Presentation by J. Cudsworth NRC Treatment of Issues Other than Category 2 Issues for License Renewal ML0713703642007-05-17017 May 2007 Handout for Meeting with Wolf Creek Nuclear Operating Corporation on the Licensee'S Application for the Main Steam and Feedwater Isolation System (Msfis) Modification ML0713506532007-05-0808 May 2007 Slides, Recommendations for Critical Flaw Size Calculations (in Wolf Creek Advanced Fea Project). ML0713506462007-05-0808 May 2007 Industry Slides, Advanced Fea Crack Growth Calculations for Evaluation of PWR Pressurizer Nozzle Dissimilar Metal Weld Circumferential PWSCC, from Status Meeting on Implications of Wolf Creek Dissimilar Metal Weld Inspections ML0713506512007-05-0808 May 2007 Slides, Category 2 Public Meeting with NEI on the Implications of the Wolf Creek Dissimilar Metal Weld Inspections. ML0713603732007-05-0101 May 2007 Enclosure-1 05/01/2007 Dominion Engineering Presentation Advanced Fea Crack Growth Calculations for Evaluation of PWR Pressurizer Nozzle Dissimilar Metal Weld Circumferential Pwscc. ML0713603962007-05-0101 May 2007 Enclosure 2-05/01/2007 Engineering Mechanics Corporation of Columbus Presentation, NRC Welding Residual Stress Solutions as Generated by Battelle and Emc2. ML0701704732007-01-19019 January 2007 12/19/2006 Summary of Public Meetings Related to the Review of the Wolf Creek Generating Station License Renewal Application ML0635603632006-12-20020 December 2006 12/01/2006 Industry Meeting Handout: Draft Report (December 2006) - Implications of Wolf Creek Pressurizer Butt Weld Indications Relative to Safety Assessment and Inspection Requirements ML0701601892006-12-19019 December 2006 12/19/2006, Viewgraphs from Meeting with Wolf Creek Generating Station to Discuss License Renewal Process and Environmental Scoping ML0635603582006-11-30030 November 2006 Industry Presentation Slides: MRP-139 Analysis Basis ML0635603462006-11-30030 November 2006 November 30, 2006 NRC Presentation Slides: Wolf Creek Flaw Evaluation 2023-10-16
[Table view] Category:Slides and Viewgraphs
MONTHYEARML23275A1712023-10-16016 October 2023 October 16, 2023, Licensee Pre-submittal Meeting Slides - License Amendment Request to Revise Technical Specifications to Adopt Risk-Informed Completion Times TSTF-505-A, Revision 2 for Wolf Creek Generating Station ML21333A1512021-11-29029 November 2021 Pre-Submittal Meeting Slides License Amendment Request Addressing Portable Lighting for Operator Manual Actions ML20310A2232020-11-19019 November 2020 Slides for ERO Staffing pre-submittal Public Teleconference November 19, 2020 (L-2020-LRM-0104) IR 05000482/20174072017-12-22022 December 2017 Summary of Closed Regulatory Conference to Discuss Wolf Creek, Unit 1, Security Inspection Report 05000482/2017407 ML16236A0952016-08-25025 August 2016 and Wolf Creek Generating Station - August 25, 2016, Class 1E Electrical Equipment Air Conditioning System Pre-Application Meeting ML16236A0972016-08-25025 August 2016 Operating Corporation - August 25, 2016, Core Design and Safety System Analysis Methodology Transition License Amendment Request Revised ML16095A0782016-04-12012 April 2016 Slides for the WCGS Meeting Discussion 4/12/16 ML14188C4812014-07-0707 July 2014 Summary of Annual Assessment Meeting with Wolf Creek Generating Station ML14134A1842014-05-14014 May 2014 Summary of Public Meeting to Discuss an Apparent Violation Identified at Wolf Creek Generating Station ML14038A3852014-02-0606 February 2014 1/22/2014 - Summary of Public Meeting to Discuss Corrective Actions Implemented to Address the Chilling Effect Letter ML13218A0212013-08-0707 August 2013 Licensee Slides, 08/07/13 Preapplication Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Long-Term Corrective Actions for Water Hammer Events in the Essential Service Water System at Wolf Creek ML13219A1932013-08-0707 August 2013 Licensee Slides (Final), 08/07/13 Preapplication Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Long-Term Corrective Actions for Water Hammer Events in the Essential Service Water System at Wolf Creek ML13205A2142013-07-30030 July 2013 Operating Corporation - Slides for Pre-application Meeting on 7/30/13 - Core Design and Safety Analysis Methodology Transition License Amendment Request for Wolf Creek Generating Station ML13121A4892013-05-0101 May 2013 End of Cycle Meeting Summary 4-18-13 ML12263A3622012-09-20020 September 2012 Pre-application Meeting Slide Core Design and Safety Analysis Methodology Transition License Amendment Request TAC No. ME9495) ML12191A1742012-07-0909 July 2012 6/25/2012 Summary of Public Meeting with Wolf Creek Nuclear Operating Corporation ML1110104292011-04-11011 April 2011 Summary of Annual Performance Assessment Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Wolf Creek Generating Station Performance for the NRC Inspection Period Ending December 31, 2010 ML1016901162010-06-16016 June 2010 6/16/2010 Construction Reactor Oversight Process Category 2 Public Meeting Handout: Meeting Slides (Enforcement Cases) ML1013404892010-05-14014 May 2010 Summary of Annual Performance Assessment Meeting with Wolf Creek Nuclear Operating Corporation to Discuss the Wolf Creek Generating Station Performance for the NRC Inspection Period from January 1 Through December 31, 2009 ML0933702032009-12-0303 December 2009 Summary of Public Meeting for Wolf Creek Generating Station ML0933801482009-11-20020 November 2009 Licensee Handouts from November 20, 2009, Public Meeting with Union Electric Company and Wolf Creek Nuclear Operating Company to Discuss GL 2004-02 Response Rai'S ML0913300232009-05-13013 May 2009 Meeting Slides, Successful Licensing of the Als Fpga Based Safety Related I&C Platform ML0912600762009-05-0606 May 2009 Lessons Learned Using Digital I&C Interim Staff Guidance Workshop Application of ISG-4 During Wolf Creek and Oconee Reviews ML0912600692009-05-0606 May 2009 Lessons Learned Using Digital I&C Interim Staff Guidance Workshop ML0902102422009-01-15015 January 2009 Licensee Slides, January 15, 2009, Category 1 Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Changes to Post Fire Shutdown Unresolved Items Analysis Methods Pre-Application for Wolf Creek Generating Station ML0834700222008-12-11011 December 2008 Slides, Category 2 Public Meeting Digital Instrumentation and Control Steering Committee M080717, M080717-Commission Briefing Slides/Exhibits Briefing on Fire Protection2008-07-17017 July 2008 M080717-Commission Briefing Slides/Exhibits Briefing on Fire Protection ML0817706682008-06-25025 June 2008 Summary of Meeting with Wolf Creek Nuclear Operating Corporation to Discuss Several Initiatives That Were Being Implemented to Improve Plant Performance at Wolf Creek ML0813606472008-06-10010 June 2008 05/01/2008-Summary of Public Meeting on Safety Evaluation Report with Open Items Regarding the Wolf Creek Generating Station License Renewal Review ML0721102382007-07-24024 July 2007 Performanc Contracting, Inc.'S Powerpoint Slide, Proposed Wolf Creek/Callaway Test Configuration ML0720601382007-07-17017 July 2007 Slides from Meeting Between NRC Staff and Wolf Creek Panel Enclosures 2 to 3, Advanced Fea Crack Growth Calculations for Evaluation of PWR Pressurizer Nozzle Dissimilar Metal Weld Circumferential Pwscc. ML0719303772007-07-11011 July 2007 Handouts (NRC and Licensee) for Meeting with Representatives of Wolf Creek Nuclear Operating Corporation ML0718606902007-06-19019 June 2007 06/19-20/2007 Slides,Fabrication Records Review, from Category 2 Public Meeting Between the NRC Staff and the Expert Panel for the Wolf Creek Advanced Finite Element Analyses (Fea) ML0716203882007-06-0101 June 2007 06/01/07 - Presentation Material, Advanced Fea Crack Growth Calculations for Evaluation of PWR Pressurizer Nozzle Dissimilar Metal Weld Circumferential Pwscc. ML0733409182007-05-31031 May 2007 05/31/2007 Presentation by J. Cudsworth NRC Treatment of Issues Other than Category 2 Issues for License Renewal ML0713703642007-05-17017 May 2007 Handout for Meeting with Wolf Creek Nuclear Operating Corporation on the Licensee'S Application for the Main Steam and Feedwater Isolation System (Msfis) Modification ML0713506512007-05-0808 May 2007 Slides, Category 2 Public Meeting with NEI on the Implications of the Wolf Creek Dissimilar Metal Weld Inspections. ML0713506532007-05-0808 May 2007 Slides, Recommendations for Critical Flaw Size Calculations (in Wolf Creek Advanced Fea Project). ML0713603732007-05-0101 May 2007 Enclosure-1 05/01/2007 Dominion Engineering Presentation Advanced Fea Crack Growth Calculations for Evaluation of PWR Pressurizer Nozzle Dissimilar Metal Weld Circumferential Pwscc. ML0713603962007-05-0101 May 2007 Enclosure 2-05/01/2007 Engineering Mechanics Corporation of Columbus Presentation, NRC Welding Residual Stress Solutions as Generated by Battelle and Emc2. ML0701601892006-12-19019 December 2006 12/19/2006, Viewgraphs from Meeting with Wolf Creek Generating Station to Discuss License Renewal Process and Environmental Scoping ML0635603462006-11-30030 November 2006 November 30, 2006 NRC Presentation Slides: Wolf Creek Flaw Evaluation ML0635603582006-11-30030 November 2006 Industry Presentation Slides: MRP-139 Analysis Basis ML0632100802006-11-16016 November 2006 Industry Presentations: Nov. 16, 2006 Public Meeting ML0632100772006-11-16016 November 2006 NRC Presentation: NRC Perspective on Wolf Creek Inspection Results ML0622804372006-08-16016 August 2006 Handouts from Wolf Creek Nuclear Operating Corporation and from Union Electric Company for Meeting with NRC on the Main Steam Isolation Valve (MSIV) Operability Determination ML0618000292006-06-28028 June 2006 Handout for June 28, 2006, Meeting with Representatives of Wolf Creek Nuclear Operating Corporation for Wolf Creek Generating Station on the Main Steam and Feedwater Isolation System (Msfis) Controls Replacement Project ML0615106012006-05-23023 May 2006 EPRI HRA Users Group Review of Draft NUREG-1842 ML0617902332006-03-0808 March 2006 RIC 2006 Presentation - W3D - Maurice E. Dingler - GSI 191 ML0516705662005-06-16016 June 2005 Summary of Annual Performance Assessment Meeting with NRC Re Oversight Process and Safety Performance at Wolf Creek Generating Station 2023-10-16
[Table view] |
Text
Successful Licensing of the ALS FPGA Based Safety Related I&C Platform Wolf Creek Nuclear Operating Corporation
Introduction
- Wolf Creek Nuclear Operating Corporation (WCNOC) to install first implementation of the Advanced Logic System (ALS) during fall 2009 refueling outage
- For WCNOC and CS Innovations (CSI) (CSI), installation is culmination of five year development and 24 month licensing effort Wolf Creek Non-Proprietary Page 2
Safety Related I&C Platform Study
- ALS project was born out of immediate need to solve reliability and obsolescence issues
- WCNOC conducted study of challenges faced by all USNPPs replacing their existing safety related I&C systems.
- Found that original manufacturers of existing equipment are in most cases out of business or no longer support the product lines.
- Situation typically leads to two approaches, each with their own challenges:
1 Reverse engineer existing system/maintain as obsolescence and failures occur 1.
- Short Short--term fix for long long--term problem
- Offers little benefit from advancements in system integrity, diagnostics, and testability
- Updated version subject to same obsolescence problems, multiplied due to number of components required to replace or update all safety related I&C systems
- Requires specific experts and specific training
- 2. Replace the system with a Commercial-Commercial-OffOff--The Shelf System (COTS)
- Complex system, designed targeted for more complex industrial control apps
- COTS platforms are rapidly advancing, thus shortening the obsolescence cycle.
This creates a cost model the NPP is unable to justify
- Cost and effort to upgrade physical and procedural infrastructure provides little benefit Wolf Creek Non-Proprietary Page 3
Safety I&C Platform Goals
- Common Platform for Safety I&C Architecture
- Mitigate Impact of Future Obsolescence
- Minimize Cost and Effort to Retrofit
- Advanced Testing and Diagnostics
- No Additional Diverse Actuation Systems
- Approval for RPS/ESFAS Applications Wolf Creek Non-Proprietary Page 4
Status of Project
- Overall Review Consisted of Multiple Reviews
- Generic Topical
- Applications Specific
- Generic G i AApplication li i
- MSFIS Equipment Designed, Built, Tested.. Ready for Install
- Install Fall 2009 Wolf Creek Non-Proprietary Page 5
Overview of the SER
- First time an FPGA platform used for safety- safety-related applications
- Review was similar to the review of a microprocessor platform
- Development process review
- Life cycle planning review
- Equipment qualification review
- Diversity and Defense Defense--in in--Depth review
- IEEE 7-7-4.3.2 4.3.2--2003 review Wolf Creek Non-Proprietary Page 6
SER Conclusions
- Development process was of a high quality to ensure design correctness of the application
- ALS platform meets the requirements of:
- IEEE 603-603-1991
- IEEE 7-7-4.3.2-4.3.2-2003
- ALS platform meets or exceeds all equipment qualification requirements
- ALS platform meets the guidance provided in:
- ISG ISG--01, ISG-ISG-02, ISG-ISG-04
- Generic approval of ALS process documentation
- Generic approval of ALS hardware documentation
- Generic approval of ALS FPGA programming documentation
- Future use of the ALS platform will require minimal information to be submitted Lets review the goals of the project and how they were met!
Wolf Creek Non-Proprietary Page 7
Meeting the Goals Common Platform for Safety I&C
- ALS architecture is scalable, from single system replacement to full safety I&C replacement
- ALS is architected with dedicated and redundant control modules, which are designed for reliability and integrity attributes critical to safety systems Mitigate Future Obsolescence
- Fewer components and common components - one FPGA per board incorporates all di it l circuits, digital i it filters, filt anddbbus communication i ti ((no chip hi set t IC ICs required) i d)
- For the primary critical component (FPGA), obsolescence is mitigated by utilizing portable RTL design which supports targeting to a new technology if required in the future Increase Integrity
- ALS is capable of detecting failures while the system is operational
- ALS performs corrective action upon detection of a failure
- The ALS utilizes redundancy and/or Digital BIST for all critical circuits
- ALS Incorporates dedicated integrity logic and provides run- run-time detection of a changed device and/or board behavior Wolf Creek Non-Proprietary Page 8
Meeting the Goals - 2 Increase Reliability
- Increased reliability and robustness by implementing an appropriate level of design complexity, which results in fewer active components, and translates directly to a lower system failure rate
- ALS utilizes only proven design practices and methodologies for implementation of the hardware
- ALS utilizes distributed monitoring of the integrity and validity of signals, and provides the p
capability y to take action on exceptions p
Minimize Cost of Retrofit
- Installation is simplified due to reduced hardware and wiring, maintenance is simple, efficient, and reliable translating to lower on-on-going costs to maintain
- The ALS provides simple, efficient, and reliable maintenance with a high degree of visibility into the system, where all boards are easily replaceable, reusable, and hot hot--
swappable
- Training for plant personnel is reduced due to simplicity of the system and the ability to implement multiple applications with a common platform Advanced Testing and Diagnostics
- Provides deterministic testing, maintaining the same behavior
- A run-run-time test strategy provides exhaustive self- self-testing to validate system integrity
- Advanced diagnostics are provided utilizing the ASU and Built Built--in Self Self--test (BIST)
Wolf Creek Non-Proprietary Page 9
No Additional Diverse Actuation ISG #2 - Diversity and defense in depth
- The ALS architecture implements key design attributes which are sufficient to eliminate the consideration of Common Cause Failure (CCF)
- This conclusion is based on the guidance provided in U.S. NRC document DI&C- DI&C-ISG--02 Task Working Group #2: Diversity and Defense-ISG Defense-in in--Depth Issues, Revision 1, September 2007
- DI&C--ISG DI&C ISG--02 states in section 5 There There are two design attributes that are sufficient to eliminate consideration of CCF:
- Staff position 1 states that if sufficient diversity exists in the protection system such common cause failures within channels can be considered to be fully addressed without further action, no additional diversity would be necessary in the safety system.
- Since there is adequate diversity, no DAS or manual actions were necessary Wolf Creek Non-Proprietary Page 10
Compliance with ISG #1 and #4 ISG #1 - Cyber Security
- There is no inbound communications, so there is no path for cyber attack
- Logic configuration can only be changed by removal of board while the channel is off off--line, so no changes are possible while the channel is performing the safety function
- There is no operational software, so there can be no unintended functions within the software, and no operational software changes
- All hardware circuits are traced to state machines used by requirements requirements. There are no unneeded circuits
- The only two two--way communications with non-non-safety is with the ASU
- Section 1. There is no interdivisional communications
- Section 2. The command prioritizations is between automatic and manual safety related signals, and the command to isolate takes priority. All inputs are safety safety--related. There are no non-non-safety inputs during operation. Since the command is processed by a finite state machine, verification is simplified.
- Section 3. There are no multidivisional control and display stations Wolf Creek Non-Proprietary Page 11
Whats Next at Wolf Creek Wolf Creek Safety I&C Architecture (RPS/ESFAS)
Wolf Creek Safety I&C Replacement Plan
-MSFIS (RF17, Fall 2009)
-LSELS (RF19, Fall 2012)
-BOP ESFAS (RF19, Fall 2012)
-SSPS
-TC/CCM (On-line, 2010)
-RVLIS Wolf Creek Non-Proprietary Page 12
Gregg Clarkson Project Manager, Safety I&C Wolf Creek Nuclear Operating Corporation (620) 364-8831 x4438 grclark@wcnoc.com Steen Sorensen President CS Innovations, LLC (480) 612-2040 steen@cs-innovation.com