Vol III of 810617-18 Slide Presentation Re Independent Design Review of Instrumentation & Control Sys Before Instrumentation & Control Sys Review Board

ML17297A915
Person / Time
Site:	Palo Verde
Issue date:	06/18/1981
From:	ARIZONA PUBLIC SERVICE CO. (FORMERLY ARIZONA NUCLEAR
To:
Shared Package
ML17297A913	List: ML17297A911 ML17297A915
References
NUDOCS 8110130252
Download: ML17297A915 (557)
v • d • e

Text

INDEPENDENT DESIGN REVXEW of the PALO VERDE NUCLEAR GENERATING STATION INSTRUMENTATION AND CONTROL SYSTEMS Before the XNSTRUMENTATXON & CONTROL SYSTEMS REVIEW BOARD VOLUME IXI of III A P P E N D I X Phoenix, Arizona June 17-18, 1981 GRUMLEY REPORTERS PHOENIX, ARIZONA effog4OOaSZ 81~00m a CK F OS000528 F'R

PALO VERDE NUCLEAR GENERATING STATION BALANCE OF PLANT IMSTRUMEMTATIOMAND CONTROL SYSTEMS REVIEW BOARD PHOENIX, AZ JUNE 17-18, 1981

0 INSTRUMENTATION AND CONTROLS INDEPENDENT DESIGN REVIEW 6/17 R 18/81 BOARD CONVENES FOR BECHTEL PRESENTATION (MEETING NO, 1) 6/25/81 APS LICENSING REVIEWS TRANSCRIPT 7/02/81 FINAL TRANSCRIPT SENT TO NRC, REVIEW BOARD AND BECHTEL 7/16/81 BECHTEL'S DRAFT RESPONSE SENT TO APS FOR INFORMAL REVIEW 7/23/81 APS COMMENTS ON DRAFT RESPONSE SENT TO BECHTEL WEEK OF FOLLOW-UP MEETING WITH NRC (MEETING NO, 2) 7/27/81 8/06/81 BECHTEL SUBMITS RESPONSES TO OPEN ITEMS FROM REVIEW MEETING NO, 1 8/17/81 APS SENDS BOARD'S COMMENTS ON RESPONSES TO BECHTEL 8/26/81 THOSE BOARD MEMBERS WITH COMMENTS WILL RECONVENE TO MEET WITH BECHTEL" 9/04/81 LETTER TO NRC CLOSING OUT REVIEW WEEK OF NRC IRC DRAWING REVIEW AND SITE VISIT 9/07/81

~ 'RECONVENING NAY BE FULFILLED NITH CONFERENCE CALL SCHEDULE 1

REVIEW BOARD AGENDA BOP INSTRUMENTATION R CONTROL SYSTEMS 1, INTRODUCTION A, NSSS INTERFACES 2, SYSTEM OVERVIEW A, ENGINEERED SAFETY FEATURE SYSTEMS 1, BOP ESFAS A DESIGN CRITERIA B SYSTEM DESCRIPTION 2, ESF ACTUATED DEVICE LOGIC TYPICALS 3, ESF LOAD SEQUENCER A DESIGN CRITERIA B SYSTEM DESCRIPTION B, SYSTEMS REQUIRED FOR SAFE SHUTDOWN 1, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY A, DESIGN CRITERIA B SYSTEM DESCRIPTION c, LAYOUT EXHIBIT i

REVIEW BOARD AGENDA BOP INSTRUMENTATION R CONTROL SYSTEMS

2. SYS TEM OVERVIEW (CONT'D)

C, SAFETY-RELATED DISPLAY INSTRUMENTATION 1, PROCESS INSTRUf'lENTATION A DESIGN CRITERIA B SYSTEM DESCRIPTION 2, SAFETY EQUIPMENT STATUS SYSTEM (SESS)

A DESIGN CRITERIA B SYSTEM DESCRIPTION c, LAYOUT POST ACCIDENT MONITORING (REG GUIDE 1 97 REV 2)

A DESIGN CRITERIA B SYSTEM DESCRIPTION D, ALL OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY 1, CLASS IE ALARM SYSTEf'l A DESIGN CRITERIA B SYSTEM DESCRIPTION 2, SAFETY PARAMETER DISPLAY SYSTEM (SPDS)

A, DESIGN CRITERIA B SYSTEM DESCRIPTION E, CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 1, DESIGN CRITERIA 2, SYSTEM DESCRIPTION EXHIBIT ii

0 0

REVIEW BOARD AGENDA BOP INSTRUMENTATION R CONTROL SYSTEMS 3, COMPLIANCE WITH REGULATORY REQUIREMENTS A, SRP'S B, GDC'S C, REGULATORY GUIDES D, IEEE STANDARDS E, BTP'S F, I E BULLETINS G, NUREG-0737 ADDITIONAL ITEMS OF CONCERN A, INSTRUMENTATION AND CONTROL SYSTEMS BRANCH CONCERNS (NRC LETTER DATED APRIL 16, 1981) 5 BACKGROUND INFORMATION EXHIBIT iii

INSTRUMENTATIONAND CONTROLS ENGINEERED SAFETY- ALL OTHER NDN-SAFETY

~ REACTOR SAFE SAFETY RELATED SAF ETY- RELATED TRIP SHUTDOWN FEATURE DISPLAY RELATED CONTROL SYSTEM SYSTEMS SYSTEMS INSTRUMENTATION INSTRUMENTATION SYSTEMS I

I I

BOP BOP BOP BOP BOP I

gas~~ J I

NSSS INTER FACE I

NSSS NSSS NSSS NSSS NSSS NSSS SCOPE OF BOP INSTRUMENTATION AND CONTROLS REVIEW BOARD FIGURE 1-1

FUEL BLDG CONTAINMENTBLDG TURBINE BLDG AUX BLDG RAD WASTE CONTROL BLDG BLDG DIESEL GEN BLDG FIGURE 1-2 PVNGS GENERAL PLANT ARRANGEMENT

AUXI BUILDING RAD. ON. SYS QA,'B IE P NSSSAN LOG A B C 0 A I B B C i D

~A~BQ ESFAS AUX RELAY AUX PROTECTIVE NSSS ANALOG NSSS CONTROL SYS CORRIDOR KITCHEN BUILDING B B S

~ ~ B

[ iso PPS PANTRY S G.FW-TG AUX PPS-CNDS OFFICE BOP ANALOG-IE RADWASTE BUILDING SESS B +A 2 0 CONFERENCE ROOM t R CVCS O

o CABLE ELEC p I-CC CC RISER ESF SHAFT MIMIC mg

~ CCB Q

@ ~O ggO CB CD CB OFFICE OFFICE OFFICE COMPUTER ROOM LI STORAGE DWN DIESEL GENERATOR BUILDING UP FIGURE 1-3 MAIN CONTROL ROOM ARRANGEMENT

PVNGS CLASSIFICATIONS QUALITY CLASS Q

~ FULL COMPLIANCE WITH 10CFR50, APPENDIX Bp PER ANSI N f5 2-1971 (ALL ENGINEERED SAFETY FEATURES [ESFj CONPONENTS ARE Q )

B, QUALITY CLASS "R

~ SIMILAR TO 10CFR50, APPENDIX Bi BUT REQUIRES LESS. EXTENSIVE DOCUMENTATION C, QUALITY CLASS

~ INDUSTRY STANDARD EQUIPMENT D, SEISMIC CATEGORY I

~ REMAIN FUNCTIONAL FOR SSE AND OBE REMAIN FUNCTIONAL BEFORE'URING'ND AFTER SSE QF1 REMAIN FUNCTIONAL BEFORE AND AFTER SSE QF2 E, SEISMIC CATEGORY II

~ COMPONENTS ESSENTIAL TO POWER GENERATION DESIGNED TO NOT MALFUNCTION FOR AN EQUIVALENT STATIC LOAD OF OalZG HORIZONTAL AND OA09G VERTICAL F, SEISMIC CATEGORY III

~ DESIGNED FOR AN EQUIVALENT STATIC LOAD OF 0,05G OR TO MEET UNIFORM BUILDING CODE FOR SEISMIC ZONE 2 6i SEI SM I C CATEGORY IX I DESIGN ANALYZED FOR NON-COLLAPSE FOR SSE EXHIBIT 1-1

CESSAR GENERAL INTERFACE REQUIREMENTS

REFERENCE:

CESSAR SECTION 7.1,3

1) ~P~

VITAL INSTRUMENT POWER REQUIREMENTS FOR THE SAFETY RELATED IN CONPLIANCE SYSTEMS ARE DISCUSSED IN CESSAR SECTION 8 3,1,

2) P c o CESSAR DESIGN SCOPE CLASS 1E EQUIPMENT SHALL BE LOCATED WITHIN IN CONPLIANCE THE PLANT SO AS TO ENSURE THE VARIOUS NATURAL PHENOMENA SPECIFIED IN GDC 2 WHICH ARE APPLICABLE TO THE APPLICANT S SITE WILL NOT RESULT IN DEGRADATION OF THAT EQUIPMENT BELOW THE LEVEL REQUIRED TO ALLOW IT TO PERFORM REQUIRED PROTECTIVE ACTION ASSUMING A S I NG LE FA I LURE s

3) P c P THE LOCATION OF SAFETY-RELATED INSTRUMENTATION AND CONTROL COM- IN CONPLIANCE PONENTS SHALL TAKE INTO ACCOUNT THEIR POTENTIAL DAMAGE DUE TO PIPING FAILURES'UCH AS PIPE WHIP> JET IMPINGEMENT'TC> g FROM HIGH OR MEDIUM ENERGY FLUID SYSTEMS ~

EXHIBIT 1A-1

p I S S CESSAR GENERAL INTERFACE REQUIRENENTS

REFERENCE:

, CESSAR SECTION 7.1,3 EQUI D S THE LOCATION OF THESE COMPONENTS AND THE ROUTING OF 1E AND ASSOCIATED CABLES AND SENSING LINES SHOULD AVOID SUCH HAZARDS

-OR SHALL BE PROVIDED WITH ADEQUATE PROTECTION SUCH THAT REQUIRED PROTECTIVE ACTION CAN BE PERFORMED ASSUMING A SINGLE PIPING FAILURES ITS ASSOCIATED EFFECTS> AND A SINGLE FAILURE)

0) HISS~

THE SAFETY-RELATED EQUIPMENT SHALL BE PROTECTED FROM POTENTIAL IN COHPLIANCE MISSILE SOURCES, THE 1E AND ASSOCIATED CABLING AND SENSING LINES SHALL BE HANDLED IN A SIMILAR FASHIONs

5) ~S THE ROUTING OF 1E AND ASSOCIATED CABLING AND SENSING LINES FROM IN CONPLIANCE SENSORS BE ARRANGED TO MINIMIZE THE POSSIBILITY OF COMMON MODE FAILURES TH I S REQUIRES THAT THE CABLING FOR THE FOUR SAFETY CHANNELS BE ROUTED SEPARATELY'OWEVERS THE CABLES OF DI FFERENT SAFETY FUNCTIONS WITHIN ONE CHANNEL> MAY BE ROUTED TOGETHER)

LOW ENERGY SIGNAL CABLES SHALL BE ROUTED SEPARATELY FROM ALL POWER CABLES s SAFETY RELATED SENSORS SHALL BE SEPARATED THE SEPARAT I ON EXHIBIT 1A-2

I S CESSAR GENERAL INTERFACE REQUIRENENTS

REFERENCE:

CESSAR SECTION 7,1,3 OF THEIR SAFETY RELATED CABLES REQUIRES THAT THE CABLES BE ROUTED IN SEPARATE CABLE TRAYS ~ ASSOCIATED CIRCUIT CABLING FROM REDUNDANT CHANNELS SHALL BE SEPARATED> PROVIDED WITH ISOLATION'NALYZED'R TESTED TO DEMONSTRATE THAT NO SINGLE CREDIBLE FAILURE CAN ADVERSELY AFFECT MORE THAN ONE REDUNDANT CHANNELs NON-CLASS 1E INSTRUMENTATION CIRCUITS AND CABLES (LOW LEVEL)

WHICH MAY BE IN PROXIMITY TO ASSOCIATED CIRCUITS AND CABLES'RE TO BE TREATED AS ASSOCIATED CIRCUITS IF ANALYSES OR TESTS DEMONSTRATE THAT CREDIBLE FAILURES THEREIN COULD ADVERSELY AFFECT CLASS 1E CIRCUITS

6) ~I CABLING ASSOCIATED WITH REDUNDANT CHANNELS OF SAFETY RELATED IN COMPLIANCE CIRCUITS SHALL BE INSTALLED SUCH THAT A SINGLE CREDIBLE EVENT CANNOT CAUSE MULTIPLE CHANNEL MALFUNCTIONS OR INTERACTIONS BETWEEN CHANNELS)

EXHIBIT 1A-3

CESSAR GENERAL INTERFACE REQUIREMENTS

REFERENCE:

CESSAR SECTION 7,1,3 7)

THE SAFETY-RELATED EQUIPMENT SHALL BE LOCATED SO AS NOT TO VIOLATE IN COMPLIANCE THE TEMPERATURE AND HUMIDITY LIMITS OF CESSAR SECTION 3,11,

8) O AUXILIARY AND SUPPORTING SYSTEMS FOR THE SAFETY RELATED INSTRUMEN- IN COMPLIANCE TATION AND CONTROLS SHALL BE DESIGNED TO CAUSE A SYSTEMS LEVEL BYPASS INDICATIONS WHEN THEY ARE BYPASSED OR DELIBERATELY MADE INOPERABLE, FOR THE SAFETY-RELATED SYSTEM WHICH WOULD BE AFFECTED BY THE BYPASSING OR DELIBERATE INOPERABILITY OF THE AUXILIARY OR SUPPORTING SYSTEMs THE RPS AND ESFAS A~AR~S AND THE ~E~OT~ PPS AND DNBR/LPD CALCULATOR OPERATOR S MODULES SHALL BE LOCATED IN THE MAIN CONTROL ROON>

EXHIBIT 1A-4

I S U CESSAR GENERAL INTERFACE REQUIRENENTS

REFERENCE:

CESSAR SECTION 7,1,3 QUI E

9) 0 THE RPS AND ESFAS MANUAL ACTUATION DEVICES SHALL BE LOCATED IN IN CONPLIANCE=

THE CONTROL ROOMi THE INSTRUMENTATION AND CONTROL COMPONENTS OF THE SAFE SHUTDOWN SYSTEMS ON THE REMOTE SHUTDOWN PANEL OR AT LOCAL LOCATI ONS SHALL BE MANUALLY OPERABLE ~

10) I s THE PPSg INCLUDING SENSORS'HALL BE CAPABLE OF BEING PERI ODI IN CONPLIANCE CALLY TESTED IN ACCORDANCE WITH THE TECHNICAL SPECIFICATIONS OF CHAPTER 16, THOSE PORTIONS WHICH COULD ADVERSELY AFFECT REACTOR OPERATIONS SHALL BE CAPABLE OF BEING TESTED WHEN THE REACTOR IS SHUT DOWN ALL OTHER SAFETY-RELATED INSTRUMENTATION SHALL BE CAPABLE OF BEING TESTED DURING NORMAL OPERATIONs

11) C s S THE COMPONENTS OF THE SAFETY-RELATED EQUIPMENT SHALL BE LOCATED SO IN CONPLIANCE AS NOT TO EXCEED THE CHEMISTRY LIMITS SPECIFIED IN SECTION 3all EXHIBIT 1A-5

I S CESSAR GENERAL INTERFACE REQUIRENENTS

REFERENCE:

CESSAR SECTION 7,1,3 12)

NOT APPLICABLE TO THE SAFETY RELATED INSTRUMENT AND CONTROLS IN CONPLIANCE EQUIPMENTs

13) SY SAFETY-RELATED COMPONENTS SHALL BE LOCATED SO AS TO CONFORM TO IN CONPLIANCE THE SEPARATIONS INDEPENDENCE'ND OTHER CRITERIA SPECIFIED IN THIS SECTION, THE SAFETY-RELATED COMPONENTS SHALL BE LOCATED TO PROVIDE ACCESS FOR MAINTENANCE'ESTING AND OPERATION AS REQUIRED'NALOG AND DIGITAL SIGNALS PROVIDED TO THE SAFETY-RELATED COM-PONENTS SHALL NOT SHARE THE SAME MULTICONDUCTOR CABLE> UNLESS SPECI F I CALLY CALLED FOR OR APPROVED BY COMBUST I ON ENG I NEER I NG s

14) R RADIOLOGICAL WASTE DISCHARGE LINES OR COMPONENTS SHALL NOT BE IN CONPLIANCE ROUTED OR LOCATED NEXT TO PROTECTION SYSTEM ELECTRONIC COMPO-NENTS IN A MANNER THAT WILL RESULT IN EXCEEDING THE RADIATION LIMITS SPECIFIED IN SECTION 3,11, EXHIBIT lA-6

CESSAR GENERAL INTERFACE REQUIREMENTS

REFERENCE:

CESSAR SECTION 7,1,3 QUIR S

15) Ov THE COMPONENTS OF THE SAFETY-RELATED EQUIPMENT SHALL BE LOCATED IN COMPLIANCE SO AS NOT TO EXCEED THE PRESSURE LIMITS SPECIFIED IN SEC-TION 3,11,

16) IlEL!~S

~ A FIRE PROTECTION SYSTEM SHALL BE PROVIDED TO PROTECT THE IN COMPLIANCE SAFETY RELATED EQUIPMENTS INCLUDING SENSORS'ONSISTENT WITH GDC 3, THIS SHALL INCLUDE FACILITIES FOR DETECTION'LARM-ING, AND EXTINGUISHING OF FIRES) FACILITIES AND METHODS FOR MINIMIZING THE PROBABILITY AND EFFECTS OF FIRES'NCLUD-ING FIRE BARRIERS'IRE RESISTANT AND NON-COMBUSTIBLE MATE-RIALS, AND OTHER SUCH ITEMS'HALL BE EMPLOYED WHENEVER POSSIBLEs ADEQUATE DRAINAGE SHALL BE PROVIDED IF WATER IS USED TO EXTINGUISH FIRES s INADVERTENT OPERATION OR RUPTURE OF FIRE PROTECTION SYSTEMS SHALL NOT RESULT IN THE REDUCTION OF THE FUNCTIONAL CAPABILITY OF SAFETY-RELATED SYSTEMS OR COMPONENTS BELOW THAT REQUIRED TO PERFORM THEIR SAFETY FUNCTIONs EXHIBIT 1A-7

I S U ND S CESSAR GENERAL INTERFACE REQUIRENENTS

REFERENCE:

CESSAR SECTION 7, 1,3 QU DESG E UE

~ PHYSICAL IDENTIFICATION SHALL BE PROVIDED TO ENABLE PLANT COMPLIANCE PERSONNEL TO RECOGNIZE THAT PPSi ESFAS AUXILIARY RELAY CABI- PER FSAR SEc-NETS'TSSg AND THEIR CABLING ARE SAFETY-RELATED, THE CABI- TION 8.3.1.3 NETS SHALL BE IDENTIFIED BY NAMEPLATEss A COLOR CODING (ASSOCIATED SCHEME SHALL BE USED TO IDENTIFY THE PHYSICALLY SEPARATED CIRCUITS CHANNEL CABLING FROM SENSOR TO THE PPS (REFER TO CESSAR TREATED AS SECTION 7. 1,3 5)g THE SAME COLOR CODE SHALL BE USED FOR CLAsS lE INTERBAY OR INTERCABINET IDENTIFICATION IDENTIFIED BY THE SEPARATION CABLING OR WIRING WITHIN A BAY AT THE CABINET WHICH IS IN FOLLOWS'N THE CHANNEL OF ITS CIRCUIT CLASSIFICATION SHALL NOT BE COLOR CODED'HE CABINET NAMEPLATES AND CABLING SHALL BE COLOR CODED AS GROUP COLOR CODEa)

S S C D C~A~~~~ A: RED A: RED CHANNEL J: WHITE/RED STRIPE CHANNEL B: GREEN B: GREEN CHANNEL K.'WHITE/GREEN STRIPE CHANNEL Cl YELLOW CHANNEL L: WHITE/YELLOW STRIPE CHANNEL D: BLUE CHANNEL N: WHITE/BLUE STRIPE EXHIBIT 1A-8

CESSAR GENERAL INTERFACE REQUIRENENTS

REFERENCE:

CESSAR SECTION 7,1,3 ALL NON-PANEL MOUNTED PROTECTION SYSTEM INSTRUMENTATION AND CONTROL COMPONENTS ARE IDENTIFIED WITH A NAME TAG WHICH PROVIDES THE CHANNEL NUMBER AND THE SUFFIX Ap Bg Cg OR D TO SPECIFICALLY IDENTIFY THE PROTECTION CHANNEL WITH WHICH THE COMPONENT IS I DENT I F I ED s

17) ~E ENVIRONMENTAL SUPPORT SYSTEMS SHALL BE PROVIDED TO ENSURE THAT IN CONPLIANCE THE ENVIRONMENTAL CONDITIONS OF THE SAFETY RELATED SYSTEMS DO NOT EXCEED THE REQUIREMENTS FOR 1E EQUIPMENT AS DEFINED IN SECTION 3 11 18)

SEISMIC REQUIREMENTS FOR SAFETY RELATED EQUIPMENT ARE SPECIFIED IN CONPLIANCE IN SECTION 3, 10, EXHIBIT 1A-9

I R CESSAR GENERAL INTERFACE REQUIREMENTS

REFERENCE:

CESSAR SECTION 7,1.3

19) P Mo S THE INPUTS TO THE RPS AND ESFAS CAN BE SENT TO THE PMS FOR TREND- IN COMPLIANCE ING'ATA LOGGING AND OTHER HISTOR'ICAL FUNCTIONS BUT ARE NOT USED FOR OTHER CONTROL FUNCTIONS> THESE INPUTS SHALL HAVE PROPER ISOLATION TO PREVENT ANY FAILURE IN THE PMS FROM ADVERSELY AFFECTING THE RPS OR ESFAS, EXHIBIT 1A-10

REACTOR PROTECTION SYSTEM SUPPLEMENTARY PROTECTION SYSTEM PROCESS INDEPENDENT'RESSURIZER SYSTEMS SENSORS DISPLAYS DISPLAYS PRESSURE VARIABLES SENSOR PROTECTION SYSTEM LOGIC

~

~ I MANUAL CONTROLS PROTECTION SYSTEM LOGIC I MANUAL CONTROLS

~ I MANUAL CONTROLS -SRP7.2- '

LOGIC

~ REACTOR PROTECTION SYSTEM (RPS)

CEDM'S

~

NSSS ~ SUPPLEMENTARY PROTECTION SYSTEM (SPS)

I DROP 0 REACTOR TRIP ROD DISPLAYS SWITCH GEAR CONTACTS I

REACTOR TRIP SYSTEM REACTOR TRIP SYSTEM ELECTRICAL AND MECHANICALDEVICES AND CIRCUITRY (FROM SENSORS THROUGH ACTUATION DEVICES) REQUIRED TO INITIATE REACTOR SHUTDOWN FIGURE 1A-1

SGI-A PZRI SG 1-0 ELEV. 100' SG 'I

-8 PZR-0 Q."

sss-

. SG ass~ s Qss s x

SG I~rg PZR A M.S.S.S.

SG2

~.

Ss ~ 4 ~

-0 sas.s~G'G CNTMT BLDG.

0 CNTMT-0 SG2 o o ~O @ass U

CNTMT A

SG 2-B I Is s

8 ADX. BLDG. SG 2 CNTMT-C n n SG 2

~

s SG2

-0 Inr "Sn o"ll CNTMT-C RPS ESFAS SENSOR LOCATIONS FIGURE 1A-2

ADDITIONAL CESSAR INTERFACE REQU I RENENTS

REFERENCE:

CESSAR SECTION 7,2,3 DESI

1) ~S PREAMPLIFIERS FOR THE FISSION CHAMBERS SHALL BE MOUNTED OUTSIDE IN CONPLIANCE THE BIOLOGICAL SHIELD BUT INSIDE THE CONTAINMENT BUILDINGs THE PREAMPLIFIERS AND CABLING SHALL BE PROVIDED WITH PHYSICAL AND ELECTRICAL SEPARATIONs

2) 0 R ADMINISTRATIVE PROCEDURES OR OTHER SUITABLE MEANS SHALL BE USED IN COMPLIANCE TO CONTROL CHANGES TO CPC CONSTANTS'DJUSTMENTS TO VARIABLE SETPOINTS AND THE BYPASSING OF CHANNELS WHICH COULD AFFECT OPERATIONi EXHIBIT 1A-11

2, SYSTEN OVERVIOl

-SRP 7.3-

~ ESFAS

~ CONTAINMENT NSSS ESFAS BOP ESFAS NSSS ISOLATION

~ SAFETY INJECTION PROCESS CONTAINMENT SYST Eh1S SENSORS DISPLAYS SENSORS DISPLAYS SPRAY I

VARIABLES

-SRP 7.3

~ BOP ESFAS 5 ESF PROTECTION i LOADSEQUENCER PROTECTION MANUAL ~ CONTAINMENT SYSTEM l CONTROLS ~CONTROLS ISOLATION LOGIC +t ~ MAINSTEAM I SO LATI 0 N BOP ~ AUXILIARY FEEDWATER

~ FUEL BLDG ESSENTIAL VENTILATION

~ CONTAINMENT ACTUATED I DEVICE LOGIC

~ MANUAL CONTROLS ACTUATED LOGIC I h1ANUAL CONTROLS LOGIC MANUAL CONTROLS PURGE ISOLATION

~ CONTROL ROOM ESSENTIAL VENTILATION

~ CONTAINMENT

~

COh1BUSTIBLE GAS NSSS ACTUATED DEVICES ESF SYSTEM SENSORS

~ I I

DISPLAYS SUPPORT SYSTEM SENSORS

~ I I

DISPLAYS ESF SYSTEM SENSORS I

DISPLAYS CONTROL (MANUAL)

+

NSSS ESF SYSTEh1S BOP ESF SUPPORT BOP ESF SYSTEhIS I

SYSTEMS I

I

~ DIESEL GENERATORS IDG)

BOP SUPPORT ~ DG FUEL OIL STORAGE AND TRANSFER ACTUATED DEVICES BOP

~ CLASS IE DC POWER SUPPORT

~ CLASS IE AC POWER I ~ ESSENTIAL COOLING WATER 4 ~ ESSENTIAL SPRAY PONDS

~ ESSENTIAL CHILLEO WATER BOP ACTUATED DEVICES ENGINEERED SAFETY FEATURE SYSTEM ELECTRICAL ANO hIECHANICAL DEVICES AND CIRCUITRY IFROM SENSORS THROUGH ACTUATION DEVICES) REQUIRED TO INITIATEPROTECTIVE ACTION.

FIGURE 2A-1

2,A,1,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S

1) THE BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (BOP ESFAS) SHALL PROVIDE INITIATING SIGNALS FOR BALANCE OF PLANT ENGINEERED SAFETY FEATURE (BOP ESF)

SYSTEM COMPONENTS WHICH REuUIRE AUTOMATIC INITIATION FOLLOWING A DESIGN BASIS EVENT, THE BOP ESFAS ACTUATION SIGNALS ARE:

FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SIGNAL (FBEVAS)

CONTAINMENT PURGE ISOLATION ACTUATION SIGNAL (CPIAS)

CONTROL ROOM VENTILATION ISOLATION ACTUATION SIGNAL (CRVIAS)

CONTROL ROOM ESSENTIAL FILTRATION ACTUATION SIGNAL (CREFAS)

THE AUTOMATICALLYACTUATED BOP ESF SYSTEMS ARE:

FUEL BUILDING ESSENTIAL VENTILATION SYSTEM CONTAINMENT PURGE ISOLATION SYSTEM CONTROL ROOM ESSENTIAL VENTILATION SYSTEM AND THEIR SUPPORT SYSTEMS THE ONE MANUALLY ACTUATED ESF SYSTEM IS:

CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM EXHIBIT 2A1-1

2,A, 1, A, BALANCE OF PLANT ENGINEERE SAFETY FEATURES ACTUATION SYSTEM S I

2) SPECIFIC DESIGN CRITERIA FOR THE BOP ESFAS ARE DETAILED IN IEEE 279-1971 "CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS," SECTION 3, DETAILED AS FOLLOWS:

OP S SIG S S

1) DESIGN BASIS EVENTS

2) MONITORED VARIABLES

3)

NUMBER AND LOCATION OF SENSORS

0) NORMAL OPERATION NOMINAL VARIABLE VALUES

5) NORMAL OPERATION VARIABLE LIMITS

6) ACTUATION SETPOI NTS

7) MARGIN TO ACTUATION

8) QUALIFICATION, REDUNDANCY, FAILURE MODES

9) MINIMUM PERFORMANCE REQUIREMENTS EXHIBIT 2A1-2

BASIS (1): THE DESIGN BASIS EVENTS REQUIRING BOP ESF ACTION ARE:

@v ~

gi o~+ y~ o~

%+i'cP DESIGN BASIS EVENTS gV y o+io+

LOSS OF REACTOR 'C,E B,E iA COOLANT LARGE BREAK LOSS OF REACTOR G,E B,E 'A.

COOLANT SMALL BREAK FUEL HANDLING ACCIDENT CONTAINMENT BUILDING FUEL HANDLING ACCIDENT SPENT FUEL POOL CHLORINE GAS RELEASE D FIRE/SMOKE-PLANT VICINITY A. MANUALACTUATION B. ACTUATED BY INITIATIONOF CPIAS OR CIAS C. ON SIAS THE FUEL BUILDING ESSENTIAL VENTILATIONSYSTEM STARTS AND IS ALIGNED TO EXHAUST FROM THE AUXILIARYBUILDING D. CONTROL ROOM ISOLATION AND RECIRCULATION E. ACTUATED BY SIAS OR CIAS: SIAS AND CIAS LOGIC IS PART OF NSSS SCOPE.

F. ACTUATED BY FBEVAS.

2.A.1.A BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM DESIGN CRITERIA EXHIBIT 2A1-3

BASIS (2): MONITORED VARIABLES INITIATINGPROTECTIVE SIGNALS VARIABLE e~ e~ P ~~ c~. c~ <~ e FUEL BUILDING AIRBORNE ACTIVITY CONTROL ROOM VENTILATIONINTAKE ACTIVITY CONTROL ROOM VENTILATIONINTAKE CHLORINE CONTROL ROOM VENTILATIONINTAKE SMOKE(A)

CONTAINMENTHYDROGEN PRESSURIZER PRESSURE(B) X X CONTAiNMENT PRESSURE(B) X X CONTAINMENTAIRBORNE ACTIVITY (A)NON SAFETY RELATED SENSOR (B)PART OF NSSS ESFAS PROTECTIVE SIGNALS INITIATINGPROTECTIVE ACTIONS c< K g'

~+ ~>

g+v 0 ,

'b W g>

4,'

g

+v'v SIGNAL ~~ +0 +<<v+g +0<>v+g <O<O g'g SIAS CIAS CPIAS CREFAS CRVIAS FBEVAS MANUAL EXH I BIT 2A1-4

BASIS (3): THE NUMBER AND LOCATION OF THE SENSORS REQUIRED TO MONITOR THE VARIABLES ARE:

MONITORED NUMBER VARIABLE TYPE OF SENSORS LOCATION POWER ACCESS PURGE GEIGER-MUELLER OUTSIDE CONTAINMENT EXHAUST AREA BETWEEN POWER ACCESS RADIATION LEVEL PURGE EXHAUST DUCT AND REFUELING PURGE EXHAUST DUCT FUEL BUILDING P-SCINTILLATION FUEL BUILDING EXHAUST DUCT EXHAUST DUCT RADIATION LEVEL FUEL POOL AREA GEIGER-MUELLER OVERLOOKING SPENT RADIATION LEVEL FUEL POOL CONTROL ROOM AIR P-SCINTILLATION CONTROL ROOM OUTSIDE INTAKE ACTIVITY AIR INTAKE DUCT LEVEL CONTROL ROOM AIR CHEMICALLYIMPREG- 2 CONTROL ROOM OUTSIDE INTAKE CHLORINE NATED PAPER TAPE, AIR INTAKE DUCT LEVEL (COLOR REACTION)

CONTROL ROOM AIR IONIZATION (PROD UCTS CONTROL ROOM OUTSIDE INTAKE SMOKE OF COMBUSTION AIR INTAKE DUCT DETECTOR CONTAINMENT THERMAL 0 UTSI DE CONTAINMENT HYDROGEN COND U CTI VITY PERMANENTLY INSTALLED ANALYZER WITH NORMALLYCLOSED INLET AND RETURN VALVES AVAILABLEFOR MANUALSTARTUP FROM CONTROL ROOM EXH I BIT 2A1-5

BASES (4), (5), (6), ANO (7): THE NORMAL OPERATION LIMITS FOR EACH VARIABLE,THE ACTUATION SETPOINTS ANO THE MARGIN BETWEEN THE OPERATION LIMITS ANO ACTUATION SETPOINTS ARE:

NORMAL ACTUATION (FULL POWER) OPERATION ACTUATION MARGIN TO SIG MAL NOMINAL LIMIT SETPOINT ACTUATION FBEVAS FUEL BUILDING LESS THAN LESS THAN 2x10 1 x10 SENSITIVITY CM3 ~CM

~

EXHAUST DUCT SENSITIVITY HIGH ACTIVITY (XE-133) (XE-133)

(10 (XE-133) (10 ~(XE-133))

( CM3 ( CM FUEL POOL HIGH 0.5MR H

0.5 MR H

2.5 MR H

2.0 H RADIATION LEVEL CPIAS POWER ACCESS PURGE EXHAUST (2 5 MR H

(2 5 MR H

2.5H NEGLI Gl BLE RADIATION LEVEL CREFAS CONTROL ROOM AIR LESS THAN LESS THAN zx10 1 x10-6 g C CM3 CM3 INTAKE HIGH ACTIVITYLEVEL

(

(10 ~

SENSITIVITY CM3 (XE-133)

SENSITIVITY

(

(10-S~CI CM3 (XE 133)

(XE-133) (XE-133)

CRVIAS CONTROL ROOM AIR LESS THAN LESS THAN 4 PPM 4 PPM INTAKE HIGH SENSITIVITY SENSITIVITY (BY VOL) (BY VOL)

CHLORINE LEVEL CONTROL ROOM AIR LESS THAN LESS THAN 1 1.2 INTAKE HIGH SMOKE SENSITIVITY SENSITIVITY 25'BSCURATION OBSCURATION LEVEL (MANUAL INITIATIONOF CRVIAS UPON DETECTION OF SMOKE)

EXHIBIT 2A1-6

2.A.1,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM DESIG I E BASIS (8): THE QUALIFICATION, REDUNDANCY AND FAILURE MODE REQUIREMENTS OF THE BOP ESFAS SHALL BE AS FOLLOWS:

BOP ESFAS COMPONENTS SHALL BE QUALIFIED TO WITHSTAND, AND REMAIN OPERABLE DURING THE ENVIRONMENTAL CONDITIONS MAINTAINED AT THE EQUIPMENT LOCATIONS BEFORE, DURING, AND AFTER THE SPECIFIED DESIGN BASIS EVENTS.

BOP ESFAS COMPONENTS SHALL WITHSTAND, AND REMAIN OPERABLE, DURING AND AFTER A SAFE SHUTDOWN EARTHQUAKE (SSE),

A SINGLE FAILURE WITHIN THE BOP ESFAS SHALL NOT PREVENT PROPER PROTECTIVE ACTION AT THE SYSTEM LEVEL, A LOSS OF POWER TO THE BOP ESFAS MEASUREMENT CHANNELS AND/OR TO THE LOGIC SYSTEM CAUSES SYSTEM ACTUATION, EXHIBIT 2A1-7

BASIS (9): THE MINIMUMPERFORMANCE REQUIREMENTS OF THE BOP ESFAS SHALL BE AS FOLLOWS:

THE REQUIRED BOP ESFAS RESPONSE TIMES AND ACCURANCIES OF MEASUREMENT CHANNELS ARE PROVIDED BELOW. THE TOTAL BOP ESFAS RESPONSE TIMES REPRESENT THE SUM OF THE MEASUREMENT CHANNEL RESPONSE TIME PLUS THE BOP ESFAS LOGIC RESPONSE TIME.

MEASUREMENT CHANNEL BOP ESFAS MEASUREMENT RESPONSE LOGIC RESPONSE CHANNEL TIME TIME ACCURACY

1) CONTAINMENT 0.75S 1.278S +20%

POWER ACCESS (POWER)

PURGE EXHAUST 1.25S AREA RADIATION REFUELING)

2) FUEL POOL AREA 0.5S 1.278S +20/

RADIATION

3) FUEL BUILDING 0.5S 1.278S +25%

EXHAUST AIR-BORNE ACTIVITY

4) CONTROL ROOM 0.5S 1.278S +-25/

AIR INTAKE AIRBORNE ACTIVITY

5) CONTROL ROOM 8S 1.278S +20% OF THE AIR INTAKE CHLORINE CON-CHLORINE CENTRATION IN THE MEASURE-MENT POINT

6) CONTROL ROOM 50S N.A. (MANUAL +1 0%

AIR INTAKE INITIATION)

SMOKE EX HI BIT 2A1- 8

2.A,l,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S

5) ONLY THOSE ESF SYSTEMS THAT, WHEN ACTUATED, DO NOT CAUSE A PLANT CONDITION REQUIRING PROTECTIVE ACTION, OR DISTURB REACTOR OPERATIONS, SHALL BE CONTROLLED BY THE BOP ESFAS,

4) THE AUTOMATICALLYACTUATED BOP ESF SYSTEMS SHALL USE ONE-OUT-OF-TWO INPUT SIGNAL LOGIC,

5) THE BOP ESFAS LOGIC SHALL BE CONTAINED IN SEPARATE ENCLOSURES ISOLATED FROM THE NSSS TWO-OUT-OF-FOUR ESFAS AND REACTOR PROTECTIVE SYSTEM (RPS) LOGIC,

6) THE ACTUATION SYSTEM CONSISTS OF THE SENSORS, BISTABLES, INITIATION LOGIC, AND ACTUATION LOGIC THAT MONITOR SELECTED PLANT PARAMETERS AND PROVIDE AN ACTUATION SIGNAL TO EACH INDIVIDUALACTUATED COMPONENT IN THE ESF SYSTEM IF THE PLANT PARAM-ETERS REACH PRESELECTED SETPOINTS,

7) THE BOP ESFAS SHALL PROVIDE THE LOGIC TO AUTOMATICALLY START AND SEQUENTIALLY LOAD THE DIESEL GENERATORS AND TO SHED ALL 4,16 KV CLASS IE LOADS ON A LOSS OF POWER, EXHIBIT 2A1-9

2.A,l.A. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM

8) THE FOLLOWING CODES AND STANDARDS SHALL BE USED IN THE DESIGN OF THE BOP ESFAS:

~ 10CFR50, LICENSING OF PRODUCTION AND UTILIZATION FACILITIES, APPENDIX A, GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS, JULY 15, 1973,

~ INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE) STD 279-197j, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS,

~ IEEE STD 323-1974, STANDARD FOR QUALIFYING CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS.

~ IEEE STD 338-1971, TRIAL-USE CRITERIA FOR THE PERIODIC TESTING OF NUCLEAR POWER GENERATING STATION PROTECTION SYSTEMS.

~ IEEE STD 344-1975, RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE

.EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS,

~ IEEE STD 379-1972, TRIAL-USE GUIDE FOR THE APPLICATION OF THE SINGLE-FAILURE CRITERION TO NUCLEAR POWER GENERATING STATION PROTECTION SYSTEMS.

e IEEE STD 384-1974, TRIAL-USE STANDARD CRITERIA FOR SEPARATION OF CLASS IE EQUIPMENT AND CIRCUITS, AS MODIFIED BY NRC REGULATORY GUIDE 1,75, e IEEE STD 420-1973, TRIAL-USE GUIDE FOR CLASS IE CONTROL SWITCHBOARDS FOR NUCLEAR POWER GENERATING STATIONS ~

EXHIBIT 2Al-10

2,A,l,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM

9) THE INITIATING CIRCUITS SHALL CONTINUOUSLY MONITOR KEY PROCESS VARIABLES INDICATING ACCIDENT CONDITIONS AND TRANSMITTING DIGITAL (ON-OFF) SIGNALS TO THE BOP ESFAS I N IT I AT I NG LOGIC,

10) THE BOP ESFAS INITIATING LOGIC SHALL PROVIDE TWO ESFAS INITIATION SIGNALS FOR THE ACTUATION LOGIC, ll) THE SYSTEM SHALL MONITOR THE UNDERVOLTAGE RELAYS ON THE 4,16 [<V CLASS IE BUS AND INITIATE A LOGIC SIGNAL ON A TWO-OUT-OF-FOUR COINCIDENCE OF BUS UNDERVOLTAGE, THIS LOGIC SIGNAL WILL BE USED TO SHED ALL CLASS lE 4,16 KV LOADS EXCEPT THE LOAD CENTER TRANSFORMERS, SHED CERTAIN 480V LOADS, START THE DIESEL GENERATOR, START EQUIPMENT REQUIRED AFTER A LOSS OF OFFSITE POWER, AND TRIP THE 4.16 t<V CLASS IE BUS PREFERRED POWER SUPPLY BREAKERS, EXHIBIT 2A1-11

2,A, 1, A, BALANCE OF PLANT ENGINEER SAFETY FEATURES ACTUATION SYSTEM SI E

12) THE SYSTEM SHALL PROVIDE SEQUENCING LOGIC FOR SEQUENTIAL LOADING OF ESF AND FORCED SHUTDOWN LOADS ONTO THE ESF BUS UPON CLOSING OF THE DIESEL GENERATOR BREAKER, A SAFETY INJECTION ACTUATION SIGNAL (SIAS), OR AN AUXILIARY FEEDWATER ACTUATION SIGNAL (AFAS),

13) THE BOP ESFAS SHALL BE DESIGNED TO THE REQUIREMENTS FOR NUCLEAR SAFETY-RELATED SYSTEMS SUCH THAT THE DEVICES MUST MAINTAIN THEIR SAFETY-RELATED FUNCTIONAL CAPA-BILITY UNDER ALL NORMAL AND ABNORMAL PLANT OPERATING CONDITIONS,

14) THE TWO REDUNDANT INITIATING LOGIC SYSTEMS AND THE TWO REDUNDANT ACTUATION LOGIC SYSTEMS SHALL BE SEPARATED AND IDENTIFIED BY APPROPRIATE COLORED NAMEPLATE AND WIRING SEPARATION IDENTIFICATION,

15) POWER FOR EACH INDEPENDENT AND REDUNDANT LOGIC SUBSYSTEM SHALL BE SUPPLIED FROM A SEPARATE CLASS IE 120V-AC VITAL INSTRUMENT AND CLASS IE 125V-DC DISTRIBUTION BUS,

16) THE SYSTEM SHALL ACCEPT POWER INPUT LINE VARIATIONS AND TRANSIENTS WITHOUT PRODUCING FALSE PROTECTIVE ACTUATIONS OR PREVENTING REQUIRED RESPONSE TO ACCIDENT CONDITIONS, EXHIBIT 2Al-12

I 2,A,1,A. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM ESIG E I

17) PROVISIONS FOR TESTING SHALL BE IN ACCORDANCE WITH REGULATORY GUIDE (RG) 1,22 AND IEEE 338-1971.,

13) INTERLOCKS SHALL PREVENT THE OPERATOR FROM BYPASSING MORE THAN ONE SENSOR CHANNEL AT A TIME FOR ANY ONE TYPE OF TRIP. THIS INTERLOCK SHALL NOT COMPROMISE THE REDUNDANCE AND INDEPENDENCE OF THE CHANNELS,

19) SHOULD ANOTHER ACCIDENT CONDITION OCCUR AFTER THE LOAD SEQUENCER HAS STARTED, THE SEQUENCER SHALL RESET TO ZERO, EQUIPMENT IN OPERATION AT THIS TIME SHALL REMAIN IN OPERATION, IF A LOSS OF OFFSITE POWER (LOP) SIGNAL IS INITIATED AFTER THE LOAD SEQUENCER HAS STARTED, ALL LOADS WILL BE SHED AND RESEQUENCED ON THE DIESEL GENERA-TOR BREAKER CLOSURE, EXHIBIT 2Al-13

~ MANUALINPUT ALARM R - RED LIGHTS G - GREEN W - WHITE OR GATE B S MEMORY S=SET R = RESET SEAS SAFETY EQUIPMENT

~

AND GATE ACTUATED STATUS SEIS SAFETY EQUIPMENT INOPERABLE STATUS NOT HS HANDSWITCH ON DELAY OFF DELAY (TIMED MEMORY)

S.P.

H HIGH BISTABLE FIGURE 2A1-1 LOGIC SYMBOLS

2,A,1,B, BALANCE OF PLANT ENGINEE D SAFETY FEATURES ACTUATION SYSTEM S E

1) BOP ESFAS MEASUREMENT CHANNELS A, PROCESS MEASUREMENT CHANNELS ARE USED TO PERFORM THE FOLLOWING FUNCTIONS:

CONTINUOUSLY MONITOR EACH SELECTED GENERATING STATION VARIABLE PROVIDE INDICATION OF OPERATIONAL AVAILABILITYOF EACH SENSOR TO THE OPERATOR TRANSMIT SIGNALS TO BISTABLES WITHIN THE ESFAS INITIATING LOGIC B, PROTECTIVE PARAMETERS ARE MEASURED WITH TWO INDEPENDENT PROCESS MEASUREMENT CHANNELS EXHIBIT 2A1-14

2,A,l,B. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SSEM E RI 0

1) BOP ESFAS MEASUREMENT CHANNELS (CONT'D)

C, A MEASUREMENT CHANNEL CONSISTS OF INSTRUMENT SENSING LINES, SENSOR, TRANSMITTER, POWER SUPPLY, ISOLATION DEVICE, INDICATOR, AND INTERCONNECTING WIRING, SIGNAL ISOLATION IS PROVIDED FOR COMPUTER INPUTS AND ANNUNCIATION, D. EACH REDUNDANT MEASUREMENT CHANNEL IS SUPPLIED FROM A SEPARATE 120V VITAL AC DISTRIBUTION BUS

2) BOP ESFAS BISTABLE AND INITIATING LOGIC A, THE BOP ESFAS INITIATING LOGICS PERFORM THE FOLLOWING FUNCTIONS:

COMPARES THE SIGNAL RECEIVED FROM THE SENSOR WITH A PREDETERMINED INITIATION SETPOINT IN THE BISTABLE CIRCUIT, PROVIDES CHANNEL AND SIGNAL STATUS INFORMATION TO THE OPERATOR, PROVIDES TWO ESFAS INITIATION SIGNALS FOR THE ACTUATING LOGIC.

EXHIBIT 2A1-15

2.A.l.B. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S E S I 0

2) BOP ESFAS BISTABLE AND INITIATING LOGIC (CONT'D)

B, THE BOP ESFAS INITIATING LOGIC CONSISTS OF BISTABLES, BISTABLE OUTPUT RELAYS, TRIP OUTPUT SIGNALS, INDICATING LIGHTS, AND INTERCONNECTING WIRING, C. SIGNALS FROM THE PROTECTIVE MEASUREMENT CHANNELS ARE SENT TO COMPARATOR CIRCUITS (BISTABLES) WHERE THE INPUT SIGNALS ARE COMPARED TO PREDETERMINED SETPOINTS. WHENEVER A CHANNEL PARAMETER REACHES THE PREDETERMINED SETPOINT, THE CHANNEL BISTABLE DEENERGIZES AN OUTPUT RELAY, D, EACH REDUNDANT CHANNEL BISTABLE RELAY IS SUPPLIED FROM A SEPARATE 120V VITAL AC DISTRIBUTION BUS,

'E, THE BISTABLE SETPOINTS ARE ADJUSTABLE FROM THE FRONT OF THE CABINET, ACCESS IS LIMITED, HOWEVER, BY MEANS OF A KEY-OPERATED SWITCH. BISTABLE SETPOINTS ARE CAPABLE OF BEING READ OUT ON A DISPLAY LOCATED ON THE CABINET, F, THE ESFAS INITIATION SIGNALS ARE GENERATED IN TWO CHANNELS DESIGNATED A AND B, A SIGNAL FROM THE BISTABLE OUTPUT RELAY IN EITHER OR BOTH PROTECTIVE MEASURE-MENT CHANNELS GENERATES ESFAS INITIATING SIGNALS TO BOTH ACTUATION CHANNELS.

EXHIBIT 241-16

2,A,l,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S I

3) BOP ESFAS ACTUATING LOGIC A, THE BOP ESFAS ACTUATING LOGICS PERFORM THE FOLLOWING FUNCTIONS:

RECEIVE ESFAS SIGNALS FROM THE ESFAS INITIATING LOGIC FORM ONE-OUT-OF-TWO INCIDENCE OF LIKE ESFAS SIGNALS PROVIDE A MEANS FOR REMOTE MANUAL INITIATION-PROVIDE STATUS INFORMATION TO THE OPERATOR B. THE ESFAS ACTUATING LOGIC IS PHYSICALLY LOCATED IN TWO ESFAS CABINETS, ONE CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 1 EQUIPMENT, WHILE THE OTHER CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 2 EQUIPMENT, EXHIBIT 2A1-17

2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEN S S E I C, THE TWO INITIATING SIGNALS (ONE FRON EACH BISTABLE AND INITIATING LOGIC) ARE ARRANGED IN A ONE-OUT-OF-TWO LOGIC IN EACH ACTUATION CHANNEL, ACTUATION OF EITHER SIGNAL DEENERGIZES THE GROUP RELAY ASSOCIATED WITH THAT CHANNEL, AND RESULTS IN AN ACTUATION SIGNAL, D, EACH ACTUATION CHANNEL IS SUPPLIED FRON A SEPARATE 120V AC DISTRIBUTION BUS AND A SEPARATE CLASS IE 125V DC DISTRIBUTION BUS,

4) BOP ESF SYSTEN ACTUATION A, CONPONENTS IN EACH BOP ESF SYSTEN ARE ACTUATED BY GROUP RELAYS, THE GROUP-RELAY CONTACTS ARE IN THE POWER CONTROL CIRCUIT FOR THE ACTUATED CONPONENTS OF EACH ESF SYSTEN, B, THE INITIATING AND ACTUATING LOGIC CAUSES DEENERGIZATION OF THE ACTUATION RELAY WHENEVER THE BISTABLE OUTPUT RELAY IS DEENERGIZED, C, DEENERGIZATION OF THE GROUP RELAY ACTUATES THE ESF SYSTEN CONPONENTS, EXHIBIT 2A1-18

a 2,A, 1,B, BALANCE OF PLANT ENGINE SAFETY FEATURES ACTUATION SYSTEM S S S I 0

5) CHANNEL BYPASSES A, INITIATING LOGIC BYPASSES ARE PROVIDED IN THE BOP ESFAS AND ARE EMPLOYED TO REMOVE THE INITIATING LOGIC FROM SERVICE FOR MAINTENANCE, B, THE ACTUATING LOGIC IS CONVERTED TO A SINGLE ACTIVE CHANNEL FOR THE ESFAS-MONITORED VARIABLE BYPASSED, THE BYPASS TIME INTERVAL FOR MAINTENANCE IS SO SHORT THAT THE PROBABILITY OF FAILURE OF THE REMAINING MEASUREMENT CHANNEL AND INITIATING LOGIC IS ACCEPTABLY LOW DURING MAINTENANCE BYPASS PERIODS, C, OTHER ESFAS-MONITORED VARIABLE INITATING LOGICS THAT HAVE NOT BEEN BYPASSED IN EITHER OF THEIR TWO CHANNELS REMAIN IN A ONE-OUT-OF-TWO ACTUATING LOGIC, D, THE BYPASS IS MANUALLY INITIATED AND MANUALLY REMOVED, E, AN ELECTRICAL INTERLOCK ALLOWS ONLY ONE INITIATING LOGIC FOR ANY ONE ESFAS-MONITORED VARIABLE TO BE BYPASSED AT ONE TIME, F, BYPASSES ARE ANNUNCIATED VISUALLY AND AUDIBLY TO THE OPERATOR, EXHIBIT 2Al-19

2,A,l,B. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S E

6) OPERATING BYPASSES THE BOP ESFAS HAS NO OPERATING BYPASSES,

7) INTERLOCKS ELECTRICAL INTERLOCKS IN THE .BOP ESFAS PREVENT THE OPERATOR FROM BYPASSING MORE THAN ONE INITIATING LOGIC FOR A PARTICULAR ESFAS-MONITORED VARIABLE AT A TIME, DIFFERENT ESFAS-MONITORED VARIABLE INITIATING LOGICS MAY BE BYPASSED SIMULTANEOUSLY, EITHER IN THE SAME CHANNEL OR IN DIFFERENT CHANNELS, EXHIBIT 2A1-20

2,A.l.B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S S SC I IO

8) REDUNDANCY REDUNDANT FEATURES OF THE BOP ESFAS INCLUDE:

A. TWO INDEPENDENT CHANNELS, FROM PROCESS SENSOR/TRANSMITTER THROUGH AND INCLUDING BISTABLE OUTPUT RELAYS B, TWO INITIATING LOGIC PATHS ARE PRESENT FOR EACH ACTUATION SIGNAL C, EACH ACTUATION SIGNAL ACTUATES TWO OUTPUT TRAINS SO THAT REDUNDANT SYSTEM COMPONENTS MAY BE ACTUATED FROM SEPARATE TRAINS D, POWER FOR THE SYSTEM PROVIDED FROM TWO SEPARATE BUSES (POWER FOR CONTROL AND OPERATION OF REDUNDANT ACTUATED COMPONENTS COMES FROM SEPARATE BUSES, LOAD GPOUP 1 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 1 BUS AND LOAD GROUP 2 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 2 BUS.)

THE RESULT OF THE REDUNDANT FEATURES IS A SYSTEM THAT MEETS THE SINGLE FAILURE CRITERION, EXHIBIT 2Al-21

MEASUREMENT INITIATING ACTUATION ACTUATED CHANNEL LOGIC LOGIC DEVICES SET POINT SENSOR TRANSMITTER POWER SUPPLY Hl ISOLATION DEVICE INDICATO R 1/2 TO TRAIN A BYPASS CR ACTUATED DEVICES MANUAL CR TO TRAIN 8 SET MANUAL POINT ACTUATED 1/2 DEVICES SENSOR BYPASS TRANSMITTER POWER SUPPLY Hl ISOLATION DEVICE INDICATOR NOTE:

SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELECTRICALLY ISOLATEO ANO PHYSICALLY SEPARATED. TYPICAL BOP ESFAS LOGIC FIGURE 2A1-2

0 0

MEASUREMENT INITIATING ACTUATION ACTUATED CHANNEL LOGIC LOGIC DEVICES SET POINT SENSOR TRANSMITTER POWER SUPPLY Hl ISOLATION DEVICE 1/2 TO TRAIN A INDICATOR CR ACTUATED DEVICES MANUAL SET CR POINT MANUAL TO TRAIN 8 SENSOR ACTUATED TRANSMITTER 1/2 DEVICES ll POWER SUPPLY Hl ISOLATION DEVICE I ND I CATO R NOTE:

SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELECTRICALLY ISOLATED ANO PHYSICALLY SEPARATED. TYPICAL BOP ESFAS LOGIC FIGURE 2A1- 2A

2,A,1,8, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM

9) DIVERSITY THE BOP ESFAS IS DESIGNED TO ELIMINATE CREDIBLE DUAL CHANNEL FAILURES ORIGINATING FROM A COMMON CAUSE, THE FAILURE MODES OF REDUNDANT CHANNELS AND THE CONDITIONS OF OPERATION THAT ARE COMMON TO THEM ARE ANALYZED TO ASSURE THAT:

A, THE MONITORED VARIABLES PROVIDE ADEQUATE INFORMATION DURING THE ACCIDENTS B, THE EQUIPMENT CAN PERFORM AS REQUIRED C, THE INTERACTIONS OF PROTECTIVE ACTIONS, CONTROL ACTIONS, AND THE ENVIRONMENTAL CHANGES THAT CAUSE, OR ARE CAUSED BY, THE DESIGN BASIS EVENTS DO NOT PREVENT THE MITIGATION OF THE CONSEQUENCES OF THE EVENT, EXHIBIT 2A1-22

0 0

2,A,1,B. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S E D SC IO

9) DIVERSITY (CONT'D)

D, THE SYSTEM CANNOT BE MADE INOPERABLE BY THE INADVERTENT ACTIONS OF OPERATING AND MAINTENANCE PERSONNEL IN ADDITION, THE DESIGN IS NOT ENCUMBERED WITH ADDITIONAL COMPONENTS OR CHANNELS WITHOUT REASONABLE ASSURANCE THAT SUCH ADDITIONS ARE BENEFICIAL,

10) TESTING PROVISIONS ARE MADE TO PERMIT PERIODIC TESTING OF THE BOP ESFAS, TESTS COVER THE TRIP ACTIONS FROM SENSOR INPUT THROUGH THE PROTECTION SYSTEM AND THE ACTUATION DEVICES, SYSTEM TEST DOES NOT INTERFERE WITH THE PROTECTIVE FUNCTION OF THE SYSTEM, THE TESTING SYSTEM MEETS THE CRITERIA OF IEEE STANDARD 338-1971 AND OF REGULATORY GUIDE 1,22.

EXHIBIT 2A1-23

2,A,l,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM ES

10) TESTING (CONT'D)

ACTUATION OF THE ESF SYSTEMS CONTROLLED BY THE ONE-OUT-OF-TWO ESFAS DOES NOT DISTURB NORMAL PLANT OPERATING CONDITIONS, THE ONE-OUT-OF-TWO ESFAS IS TESTED BY COf"IPLETE ACTUATION AS FOLLOWS:

A, SENSOR CHECKS, DURING REACTOR OPERATION, THE f'1EASUREMENT CHANNELS PROVIDING AN If'lPUT TO THE ESFAS ARE CHECKED BY COMPARING THE OUTPUTS OF SIMILAR CHANNELS, AND BY CROSS-CHECKING WITH RELATED MEASUREf1ENTS, DURING EXTENDED SHUTDOWN PERIODS OR REFUELING, THESE MEASUREMENT CHANNELS ARE CHECKED AND CALIBRATED AGAINST KNOWN STANDARDS, B, TRIP BISTABLE TEST, TESTING OF THE SYSTEM IS ACCOMPLISHED BY MANUALLY VARYING THE INPUT SIGNAL TO THE TRIP SETPOINT LEVEL ON ONE BISTABLE AT A TIME AND OBSERVING THE TRIP ACTION, EXHIBIT 2A1-24

2,A,1,B, BALANCE OF PLANT ENGINEER D SAFETY FEATURES ACTUATION SYSTEN SYS E S 0

10) TESTING (CONT'D)

WHEN THE BISTABLE OF A PROTECTIVE CHANNEL IS IN A TRIPPED CONDITION, THE FOLLOWING CONDITIONS SHOULD EXIST, THE BISTABLE OUTPUT RELAY IS DEENERGIZED, THE GROUP RELAY IN EACH ACTUATION CHANNEL IS DEENERG IZED, THE ESF COMPONENTS ARE IN THE ESFAS ACTUATION POSITION, ACTUATION IS ANNUNCIATED ON THE CONTROL ROON ANNUNCIATOR PANEL, EXHIBIT 2Al-25

2,A,1,B, BALANCE OF PLANT ENGINE D SAFETY FEATURES ACTUATION SYSTEM S S C P

10) TESTING (CONT'D)

PROPER OPERATION MAY BE VERIFIED BY THE FOLLOWING:

CHECKING THE POSITION OF EACH ESF COMPONENT CHECKING THE ACTUATION ANNUNCIATION CHECKING THE ESF COMPONENT STATUS INDICATION THE TEST IS REPEATED FOR THE OTHER BISTABLE, C, RESPONSE TIME TESTS, RESPONSE TIME TESTING WILL BE PERFORMED AT REFUELING INTERVALS, THESE TESTS INCLUDE THE SENSORS FOR EACH ESFAS CHANNEL AND ARE BASED ON THE PREVIOUSLY DEFINED SYSTEM RESPONSE TIME CRITERIA, EXHIBIT 2A1-26

2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S

11) ACTUATED SYSTEMS A, FUEL BUILDING ESSENTIAL VENTILATION SYSTEM

~ IN THE EVENT OF A FUEL HANDLING ACCIDENT IN THE SPENT FUEL AREA, SENSORS IN THE FUEL BUILDING WILL DETECT THE FISSION PRODUCTS RELEASED FROM THE FUEL,

~ THE FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SIGNAL (FBEVAS) IS INITIATED BY ONE-OUT-OF-TWO HIGH AIRBORNE ACTIVITY SIGNALS FROM RADIATION MONITORS, ONE OF WHICH IS A GASEOUS MONITOR IN THE FUEL BUILDING NORMAL EXHAUST DUCT, AND THE OTHER OF WHICH IS AN AREA RADIATION MONITOR ON A WALL OVERLOOKING THE FUEL POOL,

~ THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM IS AUTOMATICALLY ACTUATED BY A FBEVAS FROM THE BOP ESFAS TO REDUCE THE RELEASE OF FISSION PRODUCTS INTO THE ENVIRONMENT, EXHIBIT 2A1-27

2,A,1.B, BALANCE'.OF PLANT ENGINEE D SAFETY FEATURES ACTUATION SYSTEM S E

~ THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRIC POWER TO ONE-OUT-OF-TWO LIKE CHANNELS IN THE MEASUREMENT CHANNELS, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE FUEL BUILDING ESSENTIAL VENTILA-TION SYSTEM,

~ MANUAL INITIATION OF THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM IS PROVIDED IN THE CONTROL ROOM,

~ THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM IS COMPOSED OF COM-PONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP 1 AND LOAD GROUP 2 THE INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 1 ARE PHYSICALLY AND ELECTRICALLY SEPARATE AND INDEPENDENT OF THE INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 2, INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN EQUIPMENT FUNCTIONAL CAPABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT REQUIRE FUEL BUILDING VENTILATION ISOLATION, EXHIBIT 2A1-28

2,A, l,B, BALANCE OF PLANT ENGINEER SAFETY FEATURES ACTUATION SYSTEN P

~ THE FBEVAS IS COi"1BINED WITH THE SIAS IN THE DEVICE CONTROL CIRCUITS SO THAT ANY ONE OF THE SIGNALS (LOGICAL OR) ACTIVATE THE REQUIRED DEVICES, DURING SIAS OPERATION, THE FUEL BUILDING/AUXILIARYBUILDING ESSENTIAL VENTILATION SYSTEN IS ALIGNED TO EXHAUST FRON THE AUXILIARY BUILDING, THE SIAS TAKES PRECEDENCE OVER FBEVAS SHOULD BOTI( SIGNALS BE PRESENT AT THE SAI'1E TIf'lE, EXHIBIT 2A1-29

2,A,l,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SS S IP I B, CONTAINMENT PURGE ISOLATION SYSTEM o IN THE EVENT OF A FUEL HANDLING ACCIDENT INSIDE THE CONTAINMENT, SENSORS WILL DETECT THE FISSION PRODUCTS RELEASED FROM THE FUEL,

'j

~ THE CONTAINMENT PURGE ISOLATION ACTUATION SIGNAL (CPIAS) IS INITIATED BY ONE-OUT-OF-Tl40 HIGH AIRBORNE ACTIVITY SIGNALS FROM REDUNDANT RADIATION MONITORS LOCATED IN CLOSE PROXIMITY WITH THE POHER ACCESS PURGE EXHAUST DUCT AND THE REFUELING PURGE EXHAUST DUCT, e THE CONTAINMENT PURGE ISOLATION SYSTEM IS AUTOMATICALLYACTUATED BY THE CPIAS FROM THE BOP ESFAS TO PROHIBIT RELEASE OF RADIOACTIVE MATERIAL INTO THE ENVIRONMENT, EXHIBIT 2A1-50

MEASUREMENT INITIATING ACTUATION ACTUATED CHANNEL LOGIC LOGIC DEVICES SET POINT FUEL POOL I

RA 0 ATION SENSOR CREFAS A TRANSMITTER Hl POWER SUPPLY ISOLATION DEVICE INDICATOR 1/2 TO TRAIN A BYPASS CR ACTUATED DEVICES MANUAL CR TO TRAIN 8 SET MANUAL ACTUATED FUEL BUILDING POINT 1/2 DEVICES EXHAUST DUCT BYPASS ACTIVITYSENSOR TRANSMITTER Hl CREFAS B POWER SUPPLY ISOLATION DEVICE IND I CATO R NOTE:

SIGNALS BETWEEN REOUNOANT CHANNELS ARE ELECTRICALLY ISOLATED ANO PHYSICALLY SEPARATEO. FBEVAS LOGIC FIGURE 2A1-3

FBEVAS BOP ESFAS TO Hl ATMOSPHERE RADIATION 0 OSA RU NORMAL AHU

/ NURMAL EXHAUST PLENUM i I NORMAL

/ i EXHAUST FAN ROOF Wp'g Hg h l FC FC FC FC w/

/

/ FC ~~

QRU SPENT FUEL ESSENTIAL AFU ESSENTIAL AFU BLDG.

POOL FUEL BLDG. SIAS EL.

100'UX NSSS ESFAS FROM ESF FIGURE 2A14 PUMP ROOMS FUEL BUILDING ESSENTIAL VENTILATIONSYSTEM SIMPLIFIED DIAGRAM

2.A,1.8. BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SSE D RP I o THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRIC POWER TO ONE-OUT-OF-TWO LIKE CHANNELS IN THE MEASUREMENT CHANNELS, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE CONTAINMENT PURGE ISOLATION SYSTEM, e MANUAL INITIATION OF THE CONTAINMENT PURGE ISOLATION SYSTEM IS PROVIDED IN THE CONTROL ROOM,

~ THE CONTAINMENT PURGE ISOLATION SYSTEM IS COMPOSED OF COMPONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP 1 AND LOAD GROUP 2, INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 1 ARE PHYSICALLY AND ELECTRICALLY SEPARATE AND INDEPENDENT OF INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 2, INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN EQUIPMENT FUNCTIONAL CAPABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT ARE MITIGATED BY THE CONTAINMENT PURGE ISOLATION SYSTEM, e THE CPIAS IS COMBINED WITH THE CONTAINMENT ISOLATiON ACTUATiON SIGNAL (CIAS) IN THE CONTROL CIRCUITS OF THE ISOLATION VALVES SO THAT EITHER SIGNAL (LOGICAL OR) CAN ACTUATE THESE VALVES.

EXHIBIT 2A1-31

TO FUEL BLDG DAMPER (CLOSE)

TO AUX BLDG r MCC 802 HFL-004 DAMPER (OPED) rR STOP START START /CR FAN A SIAS THIS DWG TO HEATER (ON)

FROM AUX BLDG DAMPER (OPEN) HFL-004 / R (HS-62)

OVERRIDE HFL-003 TO ALARM HS-62 HS 64 START FUEL B PERMISSIVE rCR B02 HFL-003 TYPE-CMC F VAS FROM FUEL BLDG HFL-004 /R SPRING RETURN TO NEUTRAL DAMPER (OPEN) (HS-64)

SEOUENCE ST TO FUEL BLDG HFL-004 DAMPER (OPEN)

TO AUX BLDG HFL-004 DAMPER (CLOSE)

STOP START TO AUX BLDG HS-62 STOP AUX BLDG HFL 004 DAMPER (CLOSE) r MCC HS-64 STOP FUEL BLDG HFL-004 TO FUEL BLDG DAMPER (CLOSE)

/6 STOP FAN A rCR OVERRIDE FROM AUX BLDG HFL 004 IG HS-64 DAMPER (CLOSE) (HS 62) TYPE-CMC ELECTRICAL PROTECTION rCR SPRING RETURN SEIS G TO NEUTRAL FROM FUEL BLDG ~

DAMPER (CLOSE) I'HS-641 FIGURE 2A1-5 FUEL BUILDING ESSENTIAL VENTILATIONACTUATION SYSTEM TYPICAL ACTUATED DEVICE LOGIC

MEASUREMENT INITIATING ACTUATION ACTUATED CHANNEL LOGIC LOGIC DEVICES SET POINT POWER ACCESS PURGE EXHAUST RADIATIONSENSOR CREFAS A TRANSMITTER Hl POWER SUPPLY ISOLATION DEVICE INDICATOR 1/2 TO TRAIN A BYPASS ACTUATED CR DEVICES MANUAL TO TRAIN B SET MANUAL ACTUATED POINT 1/2 DEVICES POWER ACCESS BYPASS PURGE EXHAUST RADIATIONSENSOR TRANSMITTER Hl POWER SUPPLY CREFAS B ISOLATION DEVICE IN D I GATOR NOTE:

SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELECTRICALLY ISOLATEO AND PHYSICALLY SEPARATED.

CPIAS LOGIC FIGURE 2A1-6

HS-2 OPEN z MCC CR R

OPEN INLET ISOLATION VALVE UV.2A gCR y MCC R OPEN OUTLET /R ISOLATION VALVE

~ CPIAS UV-2B z MCC I G CLOSE INLET CIAS ISOLATION VALVE I UV-2A HS-2 CLOSE SEAS G

j MCC G iCR CLOSE OUTLET ISOLATION VALVE SEIS UV-2B SEAS ELECTRICAL PROTECTION STOPS INLET ISOLATION VALVE TORQUE PROTECTION UV-2A TORQUE PROTECTION STOPS OUTLET ISOLATION VALVE ELECTRICAL PROTECTION U V-2B SEIS FIGURE 2A1-7 CONTAINMENTPURGE ISOLATION ACTUATION SYSTEM TYPICAL ACTUATED DEVICE LOGIC

2.A.1.B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SYS E D SC C. CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS

~ THE CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS ARE THE CONTROL ROOM VENTILATION ISOLATION SYSTEM AND THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM.

o THE CONTROL ROOM VENTILATION ISOLATION ACTUATION SIGNAL (CRVIAS) IS INITIATED BY ONE-OUT-OF-TWO CONTROL ROOM OUTSIDE AIR INTAKE HIGH CJILORI NE SIGNALS.

~ THE CONTROL ROOM VENTILATION ISOLATION SYSTEM IS AUTOMATICALLY ACTUATED BY A CRVIAS FROM THE BOP ESFAS TO ACTIVATE THE CONTROL ROOM ESSENTIAL AHU'S AND ISOLATE THE CONTROL ROOM FROM OUTSIDE AIR,

~ THE CONTROL ROOM ESSENTIAL FILTRATION ACTUATION SIGNAL (CREFAS) IS INITIATED BY ONE-OUT-OF-THO CONTROL ROOM OUTSIDE AIR INTAKE HIGH AIRBORNE ACTIVITY SIGNALS, A FBEVAS, OR A CPIAS, EXHIBIT 2A1-52

2,4,1.8, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S SC P 0

. ~ THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM IS AUTOMATICALLYACTUATED BY A CREFAS FROM THE BOP ESFAS TO ACTIVATE THE CONTROL ROOM ESSENTIAL AHU'S AND ROUTE OUTSIDE AIR THROUGH THE ESSENTIAL FILTRATION UNITS TO PRESSURIZE THE CONTROL ROOM AND PREVENT INFILTRATION OF UNTREATED AIR, o THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRIC POWER TO ONE OF THE Tll0 LIKE CHANNELS IN THE MEASUPEMENT CHANNEf.S, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE CONTROL ROOM VENTILATION ISOLATION SYSTEM,

~ THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRICAL POl'IER TO ONE OF THE TWO LIKE CHANNELS IN THE MEASUREMENT CHANNELS, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM.

~ MANUAL INITIATION OF THE CONTROL ROOM VENTILATION ISOLATION SYSTEM AND THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM IS PROVIDED IN THE CONTROL ROOM, EXHIBIT 241-33

2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SYS S R PTIO

~ BOTH CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS ARE COMPOSED OF COMPONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP 1 AND LOAD GROUP 2.

INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 1 ARE PHYSICAL Y AND ELECTRICALLY SEPARATE AND INDEPENDENT OF INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 2, INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN CONTROL ROOM HABITABILITYFOLLOWING THOSE DESIGN BASIS EVENTS THAT REQUIRE THE CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS.

~ THE CREFAS IS COMBINED MITH THE SIAS IN THE DEVICE CONTROL CIRCUITS SO THAT ANY ONE OF THE SIGNALS (LOGICAL OR) ACTUATES THE REQUIRED DEVICES,

~ THE CRVIAS IS COMBINED WITH THE SIGNALS THAT ACTUATE THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM IN THE DEVICE CONTROL CIRCUITS SO THAT-ANY OF THESE SIGNALS (LOGICAL OR) CAN ACTUATE THE ISOLATION VALVING COMMON TO BOTH OF THE CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS, THE CRVIAS TAKES PRECEDENCE OVER CREFAS TO ISOLATE THE CONTROL ROOM SHOULD BOTH SIGNALS BE PRESENT AT THE SAME TIME, EXHIBIT 2Al-34

0 2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SYS E D SCR P 0 IN ADDITION TO THE AUTOMATIC INITIATING SIGNALS, TWO INDEPENDENT SMOKE DETECTORS ARE PROVIDED IN THE OUTSIDE AIR INTAKE PLENUM, UPON DETECTION OF SMOKE, AN AUDIBLE AND VISIBLE ALARM HILL ALERT THE OPERATOR TO MANUALLY INITIATE THE CONTROL ROOM VENTILATION ISOLATION SYSTEM, EXHIBIT 2A1-35

0, MEASUREMENT INITIATING ACTUATION ACTUATED CHANNEL LOGIC LOGIC DEVICES SET POINT CONTROL ROOM AIR INTAKE CHLORINE SENSOR TRANSMITTER Hl POWER SUPPLY ISOLATION DfVICE INDICATOR 1/2 TO TRAIN A BYPASS ACTUATED DEVICES MANUAL CR TO TRAIN B MANUAL SET ACTUATED POINT S/2 DEVICES CONTROL ROOM BYPASS AIR INTAKE CHLORINE SENSOR TBANSMITTER Hl POWER SUPPLY ISOLATION DEVICE INDICATOR NOTE:

SIGNALS BETWEEN REOUNOANT CHANNELS ARE ELECTRICALLY ISOLATEO ANO PHYSICALLY SEPARATEO.

CRVIAS LOGIC FIGURE 2A1-8

t MEASUREMENT INITIATING ACTUATION ACTUATED CHANNEL LOGIC LOGIC DEVICES SET CONTROL ROOM POINT CPIAS A AlR INTAKE ACTIVITYSENSOR TRANSMITTER Hl POWER SUPPLY ISOLATION DEVICE INDI CATO R 1/2 TO TRAIN A BYPASS ACTUATED DEVICES MANUAL FBEVAS A FBEVAS B CR TO TRAIN B SET MANUAL ACTUATED CONTROL ROOM POINT S/2 DEVICES AIR INTAKE BYPASS ACTIVITYSENSOR TRANSMITTER Hl POWER SUPPLY ISOLATION DEVICE I N D I CATO 8 CPIAS B NOTE:

SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELE CTRICALLY ISOLATEO ANO PHYSICALLY SEPARATED. CREFAS LOGIC FIGURE 2A1-9

2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S S M E T D. CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM

~ THE CONTAINMENT HYDROGEN GAS CONCENTRATION MAY INCREASE TO A COMBUSTIBLE CONCENTRATION FOLLOWING A LOCA. IN THE UNLIKELY EVENT THAT A LOCA DOES OCCUR THE CONTAINMENT HYDROGEN GAS CONCENTRATION IS MAINTAINED LESS THAN THE LOWER COMBUSTIBLE LIMIT BY OPERATION OF THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM,

~ THE PRINCIPAL PARAMETER MONITORED FOR DETERMINING WHEN THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM IS TO BE PLACED IN SERVICE IS HYDROGEN CONCENTRATION. THE CONTAINMENT HYDROGEN ANALYZER IS NORMALLY ON STANDBY, FOLLOWING A DESIGN BASIS ACCIDENT (DBA), THE HYDROGEN ANALYZER IS PLACED IN SERVICE WITH CONTROLS MOUNTED IN THE MAIN CONTROL ROOM,

~ THE CONTAINI'lENT COMBUSTIBLE GAS CONTROL SYSTEM COMPONENTS ARE CONTROLLED MANUALLY FROM CONTROL SWITCHES LOCATED AT LOCAL PANELS, THE LOCAL PANEL(S) WILL BE ACCESSIBLE AFTER A DBA, EXHIBIT 2A1-56

2,A.1.B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S S E C

~ A CONTROL SWITCH WITH AN OVERRIDE FEATURE IS PROVIDED FOR EACH OF THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEf j ISOLATION VALVES, THIS CONTROL SWITCH OVERRIDE FEATURE IS FUNCTIONAL ONLY AFTER RECEIPT OF THE CIAS, AND PERMITS CONTROL OF EACH VALVE INDEPENDENT OF THE CIAS, THE OPEN AND CLOSED POSITIONS OF TilESE VALVES, IN ADDITION TO THE OVERRIDE STATUS, ARE INDICATED IN THE CONTROL ROOM.

~ THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM IS COMPOSED OF COMPONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP j. AND LOAD GROUP 2, INSTRUMENTATION AND CONTROLS OF COMPONENTS AND EQUIPMENT IN LOAD GROUP j. ARE PHYSICALLY AiND ELECTRICALLY SEPARATE AND INDEPENDENT OF INSTRUMENTATION AND CONTROLS OF COf'1PONENTS AND EQUIPMENT IH LOAD GROUP 2. INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN EQUIPMENT FUNCTIONAL CAPABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT ARE I'1ITIGATED BY THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM,

~ THE CONTAINMENT COf'1BUSTIBLE GAS CONTROL SYSTEM TEST PRESSURE IS GREATER THAN THE PEAK CONTAINMENT DESIGN PRESSURE, THIS PRECLUDES SYSTEf'1 OVER-PRESSURIZATION BY THE INADVERTENT OPENING OF THE ISOLATION VALVES, EXHIBIT 2A1-37

BOP ESFAS NSSS ESFAS 0- MANUAL CRVIAS SIAS 0-~ CR CREFAS TO

'ATMOSPHERE AT SMOKE C ONTROL ROOM

/ /

OPENS

/ CLOSES OAMPERS h( h~

/

OAMPERS NORMAL

/

NO NO M M NO NO NORMAL AHU ESSENTIAL AHU ESSENTIAL AHU CH 0 FC FC CH CH FIGURE 2A1-10 CONTROL ROOM ESSENTIAL VENTILATIONSYSTEM SIMPLIFIED DIAGRAM

HS OPEN R

/ MCC LOP SIAS OPEN

'll, / CR R

DAMPER CREFAS SEAS L r MCC G CLOSE OPEN CRVIAS CR CLOSE

/'

DAMPER r OVERRIDE SEAS CR SPRING RETURN HS CLOSE CR TO NEUTRAL TORQUE PROTECTION STOP DAMPER MOVEMENT ELECTRICAL PROTECTION SEIS CONTROL ROOM ESSENTIAL VENTILATIONSYSTEMS TYPICAL ACTUATED DEVICE LOGIC FIGURE 2A1-11

HS CLOSE {MOMENTARY)

CLOSE CIAS VALVE OPEN VALVE HS OPEN (MOMENTARY)

CONTAINMENTCOMBUSTIBLE GAS CONTROL SYSTEM DEVICE CONTROL LOGIC FIGURE 2A1-12

2,A,2. ENGINEERED SAFETY FEATURES SYSTEM ACTUATED DEVICE TYPICAL LOGIC EACH ESF SYSTEM-ACTUATED DEVICE RECEIVES AN ESFAS SIGNAL OR COMBINATION OF ESFAS SIGNALS TO AUTOMATICALLYACTUATE THE DEVICE TO ITS "SAFE" POSITION AS REQUIRED TO PERFORM THE ESF SYSTEM FUNCTION, AND TO BLOCK INADVERTENT OPERATOR INTERVENTION.

RESET OF THE ESFAS SIGNAL DOES NOT AFFECT THE STATUS OF THE ACTUATED DEVICE: THE DEVICE REMAINS IN ITS "SAFE" MODE OF OPERATION ON RESET OF THE ESFAS SIGNAL, (RESET OF AN ESFAS SIGNAL CAN OCCUR ONLY AFTER THE INITIATING CONDITIONS HAVE CLEARED, AND THE OPERATOR HAS MANUALLY RESET THE ESFAS SIGNAL LOGIC)

EACH ESF SYSTEM-ACTUATED DEVICE IS PROVIDED WITH MANUAL CONTROL TO ENABLE THE OPERATOR TO ACTUATE THE DEVICES AS NECESSARY FOR OPERATION AND TESTING, FEEDBACK TO THE OPERATOR IS PROVIDED IN THE FORM OF RED AND GREEN LIGHTS IDENTIFYING THE OPERATIONAL STATUS OF THE DEVICE.

ELECTRICAL PROTECTION CIRCUITS ARE PROVIDED TO PRECLUDE PHYSICAL DAMAGE UNDER OVERLOADED CONDITIONS. IN THE CASE OF MOTOR-OPERATED VALVES, THE THERMAL OVERLOAD PROTECTION IS BYPASSED BY THE ESFAS SIGNAL, ANNUNCIATION OF ELECTRICAL PROTECTION IS PROVIDED, EXHIBIT 2A2-j.

2,A,2, ENGINEERED SAFETY FEATURES SYSTEN ACTUATED DEVICE TYPICAL LOGIC AN ESF SYSTEM-ACTUATED DEVICE IS PROVIDED WITH THE CAPABILITY TO OVERRIDE THE ESFAS SIGNAL TO ALLOW NANUAL CONTROL OF THE ESF SYSTEN, IN GENERAL, OVERRIDE OF THE ESFAS IS PERFORNED AS FOLLOWS:

WITH THE ESFAS SIGNAL PRESENT, THE OVERRIDE NODE IS ENABLED BY PLACING THE CONTROL SMITCH IN THE "SAFE" POSITION.

FEEDBACK TO THE OPERATOR IS PROVIDED IN THE FORN OF A WHITE LIGHT INDICATING THAT THE OVERRIDE NODE IS ENABLED, THE OVERRIDE MODE IS AUTOHATICALLY RESET WHEN THE ESFAS SIGNAL IS RESET AND NO LONGER PRESENT, THE OVERRIDE FUNCTIONS TO BLOCK THE ESFAS SIGNAL AND TO ENABLE NANUAL CONTROL OF THE ACTUATED DEVICE, THE OVERRIDE ITSELF DOES NOT AFFECT THE STATUS OF THE ACTUATED DEVICE.

THE ACTUATED DEVICE CAN THEN BE RETURNED TO THE "NORNAL" NODE OF OPERATION BY PLACING THE CONTROL SWITCH IN THE "NORNAL" POSITION, EXHIBIT 2A2-2

2,A.2, ENGINEERED SAFETY FEATURES SYSTEM ACTUATED DEVICE TYPICAL LOGIC EACH ESF SYSTEM-ACTUATED DEVICE IS MONITORED BY THE SAFETY EQUIPMENT STATUS SYSTEM (SESS) FOR SAFETY EQUIPMENT ACTUATED STATUS (SEAS) WHICH PROVIDES ANNUNCIATION ON "FAILURE TO AUTOMATICALLYACTUATE" SAFETY EQUIPMENT INOPERABLE STATUS (SEIS) WHICH PROVIDES ANNUNCIATION ON "BYPASS OR INOPERABLE STATUS" INTERFACING,SIGNALS TO ACTUATE SUPPORT SYSTEMS OR DEVICES ARE PROVIDED AS NECESSARY, EXH I BIT 242-5

ENGINEERED SAFETY FEATURE SYSTEM ACTUATED DEVICE TYPICAL LOGIC OO0 STOP START HS 'SAFE" POSITION SPAING AETURN TQ SuPPORT DEVICE TO CFNTEA ACTUATE'EVICE ESFAS SIGNAL TO "SAFE" POSITION TO SUPPORT DEVICE ACTUATE DEVICE TO HS "NOAMAL"POSITION "NORMAL" POSITION ELECTAICAL PAOTECTION LEIS "SAFE" POSITION AS AEGUIRED TO PEAFOAM ESF SYSTEM FUNCTION "NOAMAL"POSITION IS OPPOSITE FAOM "SAFE" POSITION, NOT! NECESSAAILY THE OPERATING POSITION FIGURE 2A2-1

Ill 1l ~ pa+

~g ~

0 l~;

Ng MAIN CONTROL ROOM SLIDE 1

e " TRAIN A SWITCHES ~

~ ~

pic .~

JW+h, p~~,~~higrg p YOR SE h

pic BOP ESFAS MANUALINITIATIONSWITCHES SLIDE 2

TRAIN B SWITCHES gfrlH

~E

~

f

~ ~

~ ~,

JJYJ'E S

~ <r v QSS S<

. l~J,E

,".",

;":" E;.Wpt ~SST)SSSS~j.;,~i'tA SVS':~I OVS;<SS,SSISSOS@~5j<JES S

esa ~E SV<r< 6+~%g E hl ~

?i,'ij E

\

~ P~

~

N <S'."'"'"',.".. '".. VAliN ..- '

.- . X>0" 'EÃ: ES'..

',4* <<

~ f

/i (

"='tg

'l8 jjjggqi,gg)~~.EW,:l>

'<<(gag ~'@'g~gPrF> <<r<

."",.>'..':;:.'j,

.$ j l "Pe'g

~

',,<<OEN~ ~l F/ONCE 1RII'YPAQ~~j;",

HOl~lglVP.~;~1.q

$ S $6<PE<, +t Y~JE

< ~ ( gE

'4

'> <<! <>>im;"o

~

~ ~ ~ <'I E '< rll<

BOP ESFAS MANUALINITIATIONSWITCHES >

SLIDE 3 I

0 BOP ESFAS., T REACTOR TRIP SYSTEM I

H 50 I H $4 t af fls th ME55 th LOME55 TOV'

~ LVL CN LVL Ol

~~0K LN PQ 5 CH CH TOO TOO I

N H 50 I H 50 2 th OlPASS 5t5 TfS'I LVL Ol LVL

%-Qt tfE.TOO ME. TOO f

'. gP, r,f ~ ') I ca N LO LO $ 4 I lO $ 0 I l'll LO $ 0 t LOOC fLN Clt a OHT th MESS tff55 LIL 50 I LEO a

CN CH Ol Ol CN CH CH TOO TRt TRF I t LO LO 54 I LO 50 I LO $ 4 2 LO K TLOW LO ta LIL th Ol MESS MESC LVL LVL a

$0 I OHN ME-THt W

~ K-TOO tf0. ~ K& CN ME TW BOP ESFAS 5 RPS ANNUNCIATION SLIDE 4

ACTUATION ALARMS

'I HI LO CREFAS P1A PRESS PZR PRESS A CH CH TRP TtuP BYP

<<<< k'~<~m P ~ "%$ pro ;~A'<<<<<<$

8 .N $ 0)

FBKVAS CAEFAS PN PRESS SPS UL B a CH PRE-TRIP TEST N

". ~

') g Srk<<~<<~g glp$

NTN RAD 8 8 LOSS I -)

FQ CL2 CNMF PRESS PRESS CH RAD CH CH CH CH TRP TRIP lRP y Jj>(i g, y'~"~v'v~y~~.

'GP

~ ~

f j

1 BOP 8 uI SOI '.L0Nt 'NSf'N.

ESFAS ESFAS GMNT PRESS . PRESS

'ESS N CH CH CH TEST BYP PRE"TNP CH'%E-TtuP

%-TNP 'f%5F, CHANNEL TRIP ALARMS BOP ESFAS ANNUNCIATION SLIDE 5

GREEN LIGHTS ILLUMINATED

~ e y

8 KNSE, WHITE LIGHT ILLUMINATED'SF DEVICE SWITCHES SLIDE 6

0 GREEN LIGHTS ILLUMINATED RED LIGHT ILLUMINATED A

Cr1 1pr DKIIIOF.

WHITE LI GHT ILLUMINATED ESF DEVICE SWITCHES SLIDE 7

Ol RED LIGHTS ILLUMINATED GREEN LIGHT ILLUMINATED

? a P

WHITE LIGHTS ILLUMINATED ESF DEVICE SWITCHES SLIDE 8

RED LIGHTS ILLUMINATED

{ ~

4 II w1 I~ Il eI ~

WHITE LIGHTS ILLUMINATED ESF DEVICE SWITCHES SLIDE 9

2,A,3,A, ESF LOAD SEQUENCER SYSTEM DES G THE ESF LOAD SEQUENCER SYSTEM IS A SUBSYSTEM OF THE BOP ESFAS AND IS DESIGNED TO THE BOP ESFAS DESIGN CRITERIA.

BOP ESFAS DESIGN CRITERIA SPECIFIC TO THE ESF LOAD SEQUENCER SYSTEM ARE:

I

1) THE BOP ESFAS SHALL PROVIDE THE LOGIC TO AUTOMATICALLYSTART AND SEQUENTIALLY LOAD THE DIESEL GENERATORS AND TO SHED ALL 4,16 KV CLASS IE LOADS ON A LOSS OF POWER,

2) THE SYSTEM SHALL MONITOR THE UNDERVOLTAGE RELAYS ON THE 4, 16 [<V CLASS IE BUS AND INITIATE A LOGIC SIGNAL ON A TWO-OUT-OF-FOUR COINCIDENCE OF BUS UNDER-VOLTAGE, THIS LOGIC SIGNAL WILL BE USED TO SHED ALL CLASS IE 4,16 KV LOADS EXCEPT THE LOAD CENTER TRANSFORMERS, SHED CERTAIN 480 V LOADS, START THE DIESEL GENERATOR, START EQUIPMENT REQUIRED AFTER A LOSS OF OFFSITE POWER, AND TRIP THE 4. 16 vV CLASS IE BUS PREFERRED POWER SUPPLY BREAKERS, THE SYSTEM SHALL PROVIDE SEQUENCING LOGIC FOR SEQUENTIAL LOADING OF ESF AND FORCED SHUTDOWN LOADS ONTO THE ESF BUS UPON CLOSING OF THE DIESEL GENERATOR BREAKER, A SAFETY INJECTION ACTUATION SIGNAL (SIAS), OR AN AUXILIARY FEEDWATER ACTUATION SIGNAL (AFAS),

EXHIBIT 2A3-1

2.A.B,A. ESF LOAD SEQUENCER SYSTEN DESIGN C ITE I

4) SHOULD ANOTHER ACCIDENT CONDITION OCCUR AFTER THE LOAD SEQUENCER HAS STARTED, THE SEQUENCER SHALL RESET TO ZERO, EQUIPNENT IN OPERATION AT THIS TINE SHALL REHAIN IN OPERATION. IF A LOSS OF OFFSITE POWER (LOP) SIGNAL IS INITIATED AFTER THE LOAD SEQUENCER HAS STARTED, ALL LOADS WILL BE SHED AND RESEQUENCED ON THE DIESEL GENERATOR BREAKER CLOSURE, EXHIBIT 2A5-2

2,A,3.B, ESF LOAD SEQUENCER SYSTEM S M ES I

1) EACH REDUNDANT ESF LOAD SEQUENCER SYSTEM PERFORMS LOGIC FUNCTIONS TO GENERATE THE FOLLOllI NG SIGNALS:

LOSS OF OFFSITE POWER (LOP) SIGNAL/LOAD SHED SIGNAL DIESEL GENERATOR START SIGNAL (DGSS)

LOAD SEQUENCER START AND PERMISSIVE SIGNALS

2) EACH REDUNDANT ESF LOAD SEQUENCER SYSTEM IS SUPPLIED FROM A SEPARATE 120V VITAL AC DISTRIBUTION BUS AND A SEPARATE CLASS IE 125V DC DISTRIBUTION BUS,

3) ESF LOAD SEQUENCER SYSTEM SIGNALS ARE GENERATED FOR TWO LOAD GROUPS DESIGNATED LOAD GROUP 1 AND LOAD GROUP 2, THE LOGIC IS PHYSICALLY LOCATED IN THE TWO BOP ESFAS CABINETS. ONE CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 1 EQUIPMENT, WHILE THE OTHER CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 2 EQUIPMENT EXHIBIT 2A3-3

2.A.3.B, ESF LOAD SEQUENCER SYSTEM S S E ESC

4) REDUNDANCY REDUNDANT FEATURES OF THE ESF LOAD SEQUENCER SYSTEM INCLUDE:

TWO INDEPENDENT LOGIC PATHS FROM INPUT SIGNALS THROUGH AND INCLUDING OUTPUT RELAYS POHER FOR THE SYSTEM PROVIDED FROM TWO SEPARATE BUSES (POWER FOR CONTROL AND OPERATION OF REDUNDANT ACTUATED COMPONENTS COMES FROM SEPARATE BUSES, LOAD GROUP 1 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 1 BUS AND LOAD GROUP 2 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 2 BUS,)

5) TESTING PROVISIONS ARE MADE TO PERMIT PERIODIC TESTING OF THE ESF LOAD SEQUENCER SYSTEM, TESTS COVER THE TRIP ACTIONS FROM INPUT SIGNALS THROUGH THE SYSTEM AND THE ACTUATION DEVICES, SYSTEM TEST DOES NOT INTERFERE HITH THE PROTECTIVE FUNCTION OF THE SYSTEM, EXHIBIT 2A3-4

2,A,3.B. ESF LOAD SEQUENCER SYSTEM SYSTE DE R P I

5) TESTING (CONT'D)

ACTUATION OF THE COMPONENTS CONTROLLED BY THE-ESF LOAD SEQUENCER SYSTEM DOES NOT DISTURB NORMAL PLANT OPERATING CONDITIONS: THEREFORE THE ESF LOAD SEQUENCER SYSTEM IS TESTED BY COMPLETE ACTUATION. PROPER OPERATION MAY BE VERIFIED BY THE FOLLOWING:

CHECKING THE POSITION OF EACH ESF COMPONENT CHECKING THE ACTUATION ANNUNCIATION CHECKING THE ESF COMPONENT STATUS INDICATION RESPONSE TIME TESTING MILL BE PERFORMED AT REFUELING INTERVALS.

EXHIBIT 2A3-5

2,A,3,B, ESF LOAD SEQUENCER SYSTEM SYS E DESCRI T 0

6) ESF LOAD SEQUENCER SYSTEM SIGNAL LOGIC A. LOSS OF OFFSITE POWER (LOP) SIGNAL/LOAD SHED SIGNAL EACH LOP SIGNAL/LOAD SHED SIGNAL LOGIC PERFORMS THE FOLLOWING FUNCTIONS:

CONTINUOUSLY MONITOR THE CLASS IE 4. 16 t<V BUS FOR AN UNDERVOLTAGE CONDITION USING FOUR UNDERVOLTAGE RELAYS PROVIDE INDICATION AND ANNUNCIATION OF AN UNDERVOLTAGE RELAY TRIP TO THE OPERATOR PROVIDE A LOGIC OUTPUT ON A TWO-OUT-OF-FOUR COINCIDENCE OF UNDERVOLTAGE RELAY TRIP OR MANUAL ACTUATION THIS LOGIC GENERATES LOP SIGNAL TO THE DIESEL GENERATOR START SIGNAL LOGIC LOP SIGNAL (MAINTAINED THROUGH A 60 SECOND OFF DELAY) TO ACTUATE FORCED SHUTDOWN SYSTEM LOADS BY DE-ENERGIZING ACTUATION RELAYS LOAD SHED PULSE (1 SECOND) TO SHED 4,16 KV AND SELECTED 480V LOADS FROM THE CLASS IE 4.16 I<V BUS AND TO TRIP THE 4.16 vV CLASS IE BUS PREFERRED (OFFSITE) POWER SUPPLY BREAKERS BY ENERGIZING ACTUATION RELAYS INDICATION AND ANNUNCIATION TO THE OPERATOR EXHIBIT 2A3-6

4.16 kv CLASS IE BUS 2/4 UNDER- DGSS VOLTAGE 60 SECOND LOAD SHED AND TRIP 1 SECOND PREFERRED SUPPLY BREAKERS MANUALACTUATION TG ACTUATE LOP FORCED SHUTDOWN LOADS LOADSEGUENCER LOP SIGNAL/LOADSHED LOGIC FI GU RE 2A3-1

2.A,3,B, ESF LOAD SEQUENCER SYSTEM SSE SC I I B, DIESEL GENERATOR START SIGNAL (DGSS) LOGIC EACH DGSS LOGIC PERFORMS THE FOLLOWING FUNCTION:

COMBINES THE LOP, THE SIAS, THE AFAS AND MANUAL ACTUATION IN A LOGICAL "OR" TO GENERATE A DGSS TO START THE DIESEL GENERATOR, C, LOAD SEQUENCER START AND PERMISSIVE SIGNAL LOGIC EACH LOAD SEQUENCER START AND PERMISSIVE SIGNAL LOGIC PERFORMS THE FOLLOWING FUNCTIONS:

MONITOR INPUT SIGNALS DETERMINE THE APPROPRIATE MODE OF OPERATION GENERATE SEQUENTIALLY-TIMED START AND PERMISSIVE SIGNALS TO ESF AND FORCED SHUTDOWN LOADS AS REQUIRED TO PREVENT INSTABILITY OF THE CLASS IE BUSES.

START SIGNALS ACTUATE DEVICES BY DE-ENERGIZING ACTUATION RELAYS: PERMIS-SIVE SIGNALS ALLOW LOADING OF DEVICES BY ENERGIZING ACTUATION RELAYS, EXHIBIT 2A3-7

SIAS AFAS-1 AFAS-2 DGSS TO ACTUATE DIESEL GENERATOR LOP MANUALACTUATION DGSS LOGIC FIGURE 2A3-2

2,A,3,B, ESF LOAD SEQUENCER SYSTEM S DSC I 0 THE LOAD SEQUENCER CONTROLS ONLY PUMPS, FANS AND CHILLERS, AND DOES NOT CONTROL ANY VALVES OR DAMPERS, AS SUCH THE LOAD SEQUENCER DOES NOT CAUSE COMPLETE ESF SYSTEM ACTUATION, THE LOAD SEQUENCER IS DESIGNED TO RESPOND TO THE FOLLOWING CONDITIONS:

LOSS OF COOLANT ACCIDENT (LOCA) WITH OFFSITE POWER AVAILABLE LOCA WITHOUT OFFSITE POWER AVAILABLE ACCIDENT OTHER THAN LOCA WITH OFFSITE POWER AVAILABLE ACCIDENT OTHER THAN LOCA WITHOUT OFFSITE POWER AVAILABLE LOSS OF OFFSITE POWER WITH OR WITHOUT AN ACCIDENT OTHER THAN LOCA FOLLOWED AT A LATER TIME BY A LOCA LOCA FOLLOWED AT A LATER TIME BY A LOP EXHIBIT 2A3-8

2,A,3,B, ESF LOAD SEQUENCER SYSTEN S E DESCR ON THE LOAD SEQUENCER HAS A NORNAL NODE (NODE 0) AND FOUR OPERATING NODES j., SIAS/CSAS 1'IITHOUT AN LOP 2, SIAS/CSAS COINCIDENT WITH AN LOP SEQUENCING IS STARTED ON A DIESEL GENERATOR BREAKER CLOSURE SIGNAL 3; LOP WITHOUT AN SIAS/CSAS SEQUENCING IS STARTED ON A DIESEL GENERATOR BREAKER CLOSURE SIGNAL

4. OTHER SIGNALS WITHOUT AN SIAS/CSAS AND WITHOUT AN LOP, THESE S IGNALS ARE A. CRVIAS AND CREFAS CONBINED IN A LOGICAL "OR" a, FBEVAS c, AFAS-j. AND AFAS-2 CONBINED IN A LOGICAL "OR" D, DIESEL GENERATOR RUNN ING EXHIBIT 2A3-9

2.A,3.B. ESF LOAD SEQUENCER SYSTEM S E D RECEIPT OF SUBSEQUENT INPUT SIGNALS REQUIRING A CHANGE OF OPERATING MODE CAUSES THE LOAD SEQUENCER TO RESET, TRANSFER TO THE REQUIRED MODE AND INITIATE SEQUENCING OF THE REQUIRED LOADS, THE DEVICES SEQUENTIALLY ACTUATED THROUGH THE LOAD SEQUENCER RECEIVE LOAD SHED SIGNAL ON BUS UNDERVOLTAGE TO TRIP THE DEVICE LOAD LOAD SEQUENCER START SIGNAL TO START THE DEVICE AT THE APPROPRIATE TIME RESET OF THE LOAD SEQUENCER AND ITS ACTUATION RELAYS DOES NOT STOP OR SHED ACTUATED DEVICES, DEVICES ARE SHED ONLY ON THE LOAD SHED SIGNAL, EXHIBIT 2A3-10

SIAS/CSAS

.ACTUATE LOCA LOADS WITH MODE1 OFFSITE POWER AVAILABLE LOP DG BREAKER CLOSED ACTUATE LOCA LOADS WITHOUT MODE 2 OFFSITE POWER-AVAILABLE ACTUATE ACCIDENT OTHER THAN LOCA MODE 3 OR FORCED SHUTDOWN LOADS ACTUATE ACCIDENT MODE 4 OTHER THAN LOCA LOADS WITH OFFSITE OTHER SIGNALS POWER AVAILABLE CRVIAS "OR" CREFAS FBEVAS AFAS-1 "OR" A FAS-2 DG RUNNING LOAD SEQUENCER LOGIC FI GURE 2A3-3

OOO STOt START HS - TD SUPPORT DEVICE SPRING RETURN TO CENTER START'EOUENCER START ACTUATED DEVICE SEAS TO SUPtORT DEVICE STOt HS STOP ACTUATED DEVICE LOAD SHED ELECTRICAL tROTECTION SEIS ENGINEERED SAFETY FEATURE SYSTEM SEQUENCER ACTUATED DEVICE TYPICAL LOGIC 2A3-4 ~

'IGURE

SYSTEMS REQUIRED FOR SAFE SHUTDOWN PROCESS CONTROL ROOM SYSTEM DISPLAYS VARIABLES SENSORS I -SRP 7.4-REMOTE SHUTDOWN

~ CHEMICAL AND DISPLAYS j NSSS VOLUME CONTROL BORON ADDITION I

CONTROL ROOM PORTION I MANUALLY CONTROLS ~ SHUTDOWN COOLING ACTUATED NSSS SAFE DEVICE SHUTDOWN I LOGIC REMOTE SHUTDOWN DEVICES CONTROLS CONTROL BOOM SRP 7.4 r

DISPLAYS ~ DIESEL GENERATORS (PG)

SENSORS INCLUDING ESF LOAD SEQUENCER REMOTE SHUTDOWN 0 DG FUEL OIL STORAGE BOPSAFE DISPLAYS AND TRANSFER SHUTDOWN I ~ CLASS IE DC POWER DEVICES CONTROL ROOM

~ CLASS IE AC POWER MANUALLY CONTROLS BOP ACTUATED ~ AUXILIARYFEEDWATER DEVICE ATMOSPHERIC STEAM LOGIC REMOTEERUTOOWN DUMP CONTROLS ~ ESSENTIAL COOLING WATER

~ ESSENTIAL SPRAY PONDS ESSENTIAL CHILLED WATER SYSTEMS REQUIRED FOR SAFE SHUTDOWN ELECTRICAL AND MECHANICAL DEVICES AND CIRCUITRY REQUIRED TO ACHIEVE AND MAINTAIN A SAFE SHUTDOWN CONDITION OF THE PLANT.

FIGURE 2B-1

2,B, 1,A, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY D S

1) DESIGN FOR MAINTAINING THE PLANT IN A SAFE SHUTDOWN CONDITION WHEN THE MAIN CONTROL ROOM IS INACCESSIBLE SHALL BE IN ACCORDANCE WITH 10CFR50 APPENDIX A, GDC 19, "CONTROL ROOM,"

SAFE SHUTDOWN REQUIREMENTS COMPRISE:

THE CAPABILITY FOR PROMPT HOT SHUTDOWN (REACTOR IS SUBCRITICAL AT NORMAL OPERATING PRESSURE AND TEMPERATURE) INCLUDING THE NECESSARY INSTRUMENTATION

~

AND CONTROLS TO MAINTAIN THE UNIT IN A SAFE CONDITION DURING HOT SHUTDOWN, AND THE POTENTIAL CAPABILITY FOR SUBSEQUENT COLD SHUTDOWN OF THE REACTOR THROUGH THE USE OF SUITABLE PROCEDURES AND CONTROLS AND INSTRUMENTATION OUTSIDE THE CONTROL ROOM,

2) ACCESS BACK INTO THE MAIN CONTROL ROOM WILL GENERALLY BE ACHIEVED PRIOR TO THE INITIATION OF COLD SHUTDOWN: HOWEVER, THE CAPABILITY FOR BRINGING THE REACTOR TO COLD SHUTDOWN CONDITIONS EXISTS OUTSIDE THE CONTROL ROOM THROUGH THE USE OF SUITABLE PROCEDURES AND SECONDARY CONTROLS,

3) CONTROL ROOM EVACUATION IS INITIATED FROM AN "UNDEFINED" CAUSE, FOR EXAMPLE, CONTROL ROOM ENVIRONMENT NOT HABITABLE, EXHIBIT 2B1-1

0 2,B, l,A, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY DE

4) DFSIGN BASIS ACCIDENTS ARE ASSUMED MO TO OCCUR SIMULTANEOUSLY WITH CONTROL ROOM EVACUATION,

5) LOP AND SEISMIC EVENTS (SSE) SHALL NOT JEOPARDIZE THE SAFE SHUTDOWN FUNCTION,

6) SYSTEMS, CONTROLS, AND INDICATIONS ESSENTIAL TO THE RESIDUAL HEAT REMOVAL FUNCTION DURING HOT SHUTDOWN SHALL BE DESIGNED WITH SUITABLE REDUNDANCY IN ACCORDANCE WITH 10CFR50 APPENDIX A, GDC 34, "RESIDUAL HEAT REMOVAL",

7) LOSS OF SAFE SHUTDOWN SYSTEM REDUNDANCY DOES NOT OCCUR AS A RESULT OF THE EVENT (EXCLUDING CONTROL ROOM FIRE) REQUIRING CONTROL ROOM EVACUATION.

8) ALL SEISMICALLY QUALIFIED AUTOMATIC FUNCTIONS PERFORM AS REQUIRED.

9) DESIGN OF THE REMOTE SHUTDOWN PANEL, SYSTEM CONTROLS, AND SURVEILLANCE INSTRUMENTA-TION SHALL NOT DEGRADE THE PRIMARY SHUTDOWN CONTROLS LOCATED IN THE MAIN CONTROL ROOM AND SHALL BE DESIGNED IN ACCORDANCE WITH THE APPLICABLE SECTIONS OF IEEE 279 1971, "CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS".

EXH I B IT 2B1-2

2,B, 1,B, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY

1) THE FOLLOWING SYSTEMS ARE REQUIRED FOR SAFE SHUTDOWN AUXILIARY FEEDWATER ATMOSPHERIC STEAM DUMP DIESEL GENERATORS INCLUDING ESF LOAD SEQUENCER DG FUEL OIL STORAGE AND TRANSFER ESSENTIAL COOLING WATER FSSENTIAI SPRAY PONDS ESSENTIAL CHILLED WATER CLASS 1E AC POWER CLASS lE DC POWER CHEMICAL AND VOLUME CONTROL, BORON ADDITION PORTION SHUTDOWN COOLING EXHIBIT 281-3

o '

2,8, l,s. REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY S S 1 ESC I T SHOULD THE CONTROL ROOM BECOME INACCESSIBLE, THE REACTOR MAY BE MANUALLY TRIPPED FROM THE CONTROL ROOM, AS IT IS BEING EVACUATED, OR FROM THE REACTOR TRIP SWITCH-GEAR SYSTEM (AUXILIARY BUILDING ELEV. 120'),

HOT SHUTDOWN CONDITIONS CAN BE MAINTAINED FROM OUTSIDE THE CONTROL ROOM BY CONTROL OF PRESSURIZER PRESSURE AND LEVEL, AUXILIARY FEEDWATER FLOW, AND ATMOSPHERIC STEAM DUMP, INSTRUMENTATION AND CONTROLS ARE AVAILABLE AT THE REMOTE SHUTDOWN PANEL AND ESF SWITCHGEAR (CONTROL BUILDING ELEV, 100') FOR THESE SYSTEMS AND COMPONENTS, THE REMOTE SHUTDOWN PANEL CONSISTS OF THREE PHYSICALLY SEPARATE CABINETS, INSTRU-MENTATION, AND CONTROLS FOR CHANNEL A AND TRAIN A SYSTEMS AND COMPONENTS ARE PROVIBED IN ONE CABINET: INSTRUMENTATION AND CONTROLS FOR CHANNEL B AND TRAIN B SYSTEMS AND COMPONENTS ARE PROVIDED IN A SECOND CABINET: AND NON-SAFETY-RELATED INSTRUMENTATION IS PROVIDED IN THE THIRD CABINET. CONTROLS FOR CHANNEL C ARE PROVIDED IN A SEPARATE SUBSECTION OF THE TRAIN A CABINET AND CONTROLS FOR CHANNEL D ARE PROVIDED IN A SEPARATE SUBSECTION OF THE TRAIN B CABINET. CONTROLS FOR LARGE HORSEPOWER COMPONENTS (480V AND 4,16 KV SWITCHGEAR) ARE PROVIDED IN THE ADJACENT TRAIN A AND TRAIN B ESF SWITCHGEAR ROOMS, THE TRAIN A REMOTE SHUTDOWN PANEL IS PHYSICALLY SEPARATED FROM THE TRAIN B REMOTE SHUTDOWN PANEL BY A FIRE WALL, DOORS PROVIDE ACCESS TO THE PANELS, EXHIBIT 2B1-4

PN>NSRKik&m~ ~PM4@emeg

~wwwNN ESF SWITCH GEAR ESF ROOM SWITCH GEAR ROOM TRAIN A TRAIN B o

A 8 ID)

$ (C)

N KQMN m. ~~n~~~

REMOTE SHUTDOWN PANELS FIGURE 2B1-1 REMOTE SHUTDOWN PANEL LOCATION CONTROL BLDG

0' 2,B, l.a. REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY C I 0

5) IN THE EVENT OF A LOP, THE DIESEL GENERATORS WILL AUTOMATICALLYBE STARTED AND SEQUENTIALLY LOADED BY THE ESF LOAD SEQUENCER SYSTEM AND THE DIESEL GENERATOR CONTROL SYSTEMS. CONTROL OUTSIDE OF THE CONTROL ROOM IS PROVIDED AT j.OCAL PANELS IN THE DIESEL GENERATOR BUILDING,

6) COLD SHUTDOWN CAN BE ACHIEVED FROM OUTSIDE THE CONTROL ROOM THROUGH THE USE OF SUITABLE PROCEDURES AND LOCAL CONTROLS.

7) PARALLEL CONTROL BETWEEN THE CONTROL ROOM AND THE REMOTE SHUTDOWN PANEL, ESF SWITCHGEAR OR LOCAL CONTROL'IS UTILIZED, TRANSFER OF CONTROL IS USED ONLY FOR ANALOG CONTROL (AUXILIARY FEEDWATER TURBINE SPEED CONTROL),

8) REDUNDANCY REDUNDANT FEATURES INCLUDE:

\

TWO INDEPENDENT INSTRUMENTATION AND CONTROL CHANNELS FOR SAFE SHUTDOWN SYSTEMS AND COMPONENTS POWER PROVIDED FROM TWO SEPARATE BUSES EXHIBIT 2B1-5

REMOTE SHUTDOWN PANEL CABINET INSTRUMENTATION A(C) B(D)

AUXILIARY FW REGULATING VALVE POSITION INDICATOR X(X)

AUXILIARY FW TURBINE SPEED INDICATOR X AUXILIARY FW FLOW X X NEUTRON POWER LEVEL X X REACTOR COOLANT HOT LEG TEMPERATURE X X PRESSURIZER PRESSURE X X PRESSURIZER LEVEL X X SAFETY INJECTION TANK PRESSURE X X STEAM GENERATOR PRESSURE X X STEAM GENERATOR LEVEL X X REFUELING WATER TANK LEVEL X X LETDOWN SYSTEM PRESSURE LETDOWN SYSTEM FLOW LETDOWN SYSTEM TEMPERATURE VOLUME CONTROL TANK LEVEL CHARGING LINE PRESSURE CHARGING LINE FLOW SHUTDOWN COOLING HEAT EXCHANGER TEMPERATURES SHUTDOWN COOLING FLOW CONDENSATE STORAGE TANK LEVEL EXHIBIT ZB1-6

Cl REMOTE SHUTDOWN PANEL CABINET CONTROLS 'A(C) B(D)

SG ATMOSPHERIC DUMP VALVE PERMISSIVE COHTROL X(x) X(x)

AUXILIARY FW REGULATIHG VALVE CONTROL X(X) X AUXILIARY FW ISOLATION VALVE COHTROL X(x) X SG ATMOSPHERIC STEAM DUMP MODULATIHG CONTROLLER X X AUXILIARY FW TURBINE STEAM SUPPLY VALVE CONTROL X AUXILIARY FW TURBINE SPEED CONTROL TRANSFER SWITCH X AUXILIARY FW TURBIHE SPEED CONTROL POTENTIOMETER X AUXILIARY FW TURBINE TRIP VALVE CONTROL X AUXILIARY FW TURBIHE TRIP PUSHBUTTON X MS IS ACTUATION PUSHBUTTON X(x) X(x)

AUXILIARY PRESSURIZER SPRAY VALVE CONTROL X X RCP CONTROLLED BLEEDOFF CONTAINMENT ISOLATION VALVE CONTROL X X RCP CONTROLLED AND BLEEDOFF RELIEF ISOLATIOH VALVE CONTROL X LETDOWN ISOLATION VALVE CONTROL X X BACKUP HEATER GROUPS 1 AND 2 CONTROL X X SAFETY INJECTION TANK VENT VALVE CONTROL AND POWER DISCONNECT SWITCH X X SHUTDOWN COOLING PUMPS RECIRCULATIOH VALVE CONTROL X X STEAM GENERATOR PRESSURE VARIABLE SETPOIHT RESET X(x) X(x)

PRESSURIZER PRESSURE VARIABLE SETPOINT RESET X(x) X(x)

EXHIBIT 281-7

ESF SWITCHGEAR TRAIN A TRAIN B AUXILIARY FEEDWATER PUMP ESSENTIAL COOLING HATER PUMP ESSENTIAL SPRAY POND PUMP CHARGING PUMP ESSENTIAL CHILLER LOW PRESSURE SAFETY INJECTION PUMP CONTROL ROOM ESSENTIAL AHU EXHIBIT 2B1-8

LOCAL CONTROLS TRAIN A TRAIN B SIT ISOLATION VALVES LPSI/CS PUMPS CROSS-CONNECT VALVES SHUTDOWN COOLING HEAT EXCHANGER INTAKE AND EXIT VALVES LPSI PUMP SUCTION VALVES LPSI ISOLATION VALVES SHUTDOWN COOLING HEAT EXCHANGER'PRAY BYPASS VALVES SHUTDOWN COOLING HEAT EXCHANGER FLOW CONTROL VALVES SHUTDOWN COOLING WARM-UP BYPASS VALVES SHUTDOWN COOLING SUCTION LINE VALVES SHUTDOWN COOLING HEAT EXCHANGER BYPASS FLOW CONTROL VALVES EXHIBIT 2B1-9

0 HS START CR RS HS START TO SUPPORT DEVICE CR R G START ACTUATED SEQUENCER DEVICE SEAS.

CR W

CR RS TO SUPPORT DEVICE G G STOP HS STOP ACTUATED CR DEVICE HS STOP RS LOAD SHED ELECTRICAL PROTECTION SEIS FIGURE 2B1-2 SAFE SHUTDOWN SYSTEM TYPICAL DEVICE LOGIC

TO ATMOSPHERE QFX I I RS RS CR CR I ZI HIC HIC ZI 8 8 8 8 I I RS s

I I

r-Q I I

I .

I I I PSV CR I I IXSL I 8

I I g

I VENT 8 I L I HY s gev gcv I I I/P QHY 8

8 HY FC 8

Pesv Pl PT FO FO VENT CR CR HV ZSH ZSL ZT I

PT 8

ATM FC DUMP VALVE ACCUMULATOR TYPICAL FOR I ATMOSPHERIC DUMPVALVE/

MAIN STEAM INST MAIN LINE {2 MAIN AIR STEAM STEAM LINES/

LINE STEAM GENERATOR)

TYPICAL ATMOSPHERIC DUMP VALVE CONTROL SYSTEM FIGURE 281-3

PROCESS SYSTEM VARIABLES NSSS ESF SAFETY RELATED DISPLAY INSTRUMENTATION ESF SUPPORT SENSORS ~ DISPLAYS BOP SAF ETY-RE LATED DISPLAY INSTR U MENTATION ESF DISPLAY INSTRUMENTATIONWHICH IS AVAILABLETO THE OPERATOR TO ALLOW REACTOR HIM TO MONITOR CONDITIONS SO THAT HE TRIP MAY PERFORM MANUALACTIONS IMPORTANT TO PLANT SAFETY.

SRP 1.5 -SRP 7.5-

~ SAFETY-RELATED PLANT PROCESS ~ ESF SYSTEMS MONITORING DISPLAY INSTRUMENTATION

~ POST-ACCIDENT MONITORING

~ REACTOR TRIP SYSTEM MONITORING NSSS BOP

~ ESF SYSTEMS MONITORING ~ AUTOMATIC BYPASS INDICATION-

~ 'CEA POSITION INDICATION ISAFETY EQUIPMENT STATUS ISYSTEM (SESS)

~ POST-ACCIDENT MONITORING FIGURE 2C-1

0 2,C,l,A PROCESS INSTRUYiENTATION S

1) PIPING AND INSTRUMENT DIAGRAMS

2) DETAILED DESIGN CRITERIA

5) CODES AND STANDARDS'OCFR50, APPENDIX Ai GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS'ut Y 15, 1971 IEEE STD 279-1971> CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS IEEE STD 525-1974> STANDARD FOR QUALIFYING CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS IEEE STD 544-1975/ RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS I EEE STD 584-1974'R IAL-USE STANDARD CRITERIA FOR SEPARATION OF CLASS IE EQUIPMENT AND CIRCUITS> AS MODIFIED BY NRC REGULATORY GUIDE 1>75

4) INSTRUMENTS SHALL BE PROVIDED TO OPERATE AT A NOMINAL 115 Y-AC SUPPLIED TO INSTRUMENT CABINETS'ONTROLS AND ANNUNCIATORS SHALL OPERATE AT 120 Y-AC OR 125 V-DC NOMINALa THE MAXIMUM AND MINIMUM VOLTAGE LIMITS FOR THE 120 Y-AC AND 125 V-DC SYSTEMS ARE GIVEN IN THE ELECTRICAL SYSTEMS DESIGN CRITERIA)

EXHIBIT 2C1-1

2,C,1,A PROCESS INSTRUYiENTATION

5) RESISTANCE TEMPERATURE DETECTORS (RTD) SHALL UTILIZE A THREE-WIRE CIRCUITs THE RTD SENSORS SHALL HAVE AN RO = 100 OHMS (PREFERRED) s EXCEPTIONS WILL BE CONSIDERED ON A CASE BY CASE BASIS s THERMOCOUPLE MATERIALS SHALL BE CHROMEL-ALUMEL> TYPE Ks

6) ELECTRONIC TRANSMITTER LOOPS SHALL UTILIZE A CURRENT RANGE OF 0 TO 20 MILLI-AMPERES s PNEUMATIC LOOPS SHALL UTILIZE 3 TO 15 PS I G INSTRUMENT AIRs

7) CRITICAL DATA ACQUISITION> ALARMING> AND PROTECTIVE CONTROLS SHALL BE ENERGIZED FROM A DC-POWER SOURCEs

8) ALL CONTROL SYSTEMS DESIGNS SHALL INCLUDE SHIELDING> GROUNDING> AND PHYSICAL SEPARATION PROVISIONS WHICH WILL MINIMIZE THE EFFECTS OF HIGH VOLTAGE SWITCHING SURGES'NDUCTIVE COUPLING'ND ONSITE RADIO TRANSMISSION SIGNALSs

9) ALUMINUM SHALL NOT BE USED IN OR AROUND EQUIPMENT CONTAINING OR PRODUCING AMMONIAs ALUMINUM AND ZINC SHALL BE EXCLUDED WHEREVER POSSIBLE FROM INSTRUMENT AND CONTROL DEVICE CASINGS WHICH ARE IN THE CONTAINMENT AND COULD BE EXPOSED TO THE CONTAINMENT SPRAY FLUIDs EXPOSED ALUMINUM SHALL NOT BE USED FOR INSTRUMENTS INSTALLED IN THE C'IRCULATING WATER SYSTEM WHERE CONTACT WITH THE CIRCULATING

'WATER I S POSS I BLE s EXHIBIT 2Cl-2

2, C,1,A PROCESS I NSTRUYiENTATIOf1

10) PROVISIONS SHALL BE MADE SUCH THAT RESPONSE TIME TESTING CAN BE PERFORMED ON SAFETY-RELATED CHANNELS<

11) NUCLEAR INSTRUMiENTATION AND RADIATION MONITORING INDICATORS AND RECORDERS SHALL HAVE LOG SCALES AND CHARTS> ALL OTHER INDICATING AND RECORDING DEVICES WITH THE EXCEPTION OF MOTOR CURRENT INDICATORS SHALL BE LINEAR DIRECT READING WITH A MINIMUM SCALE LENGTH OF f INCHES< LJHEREVER POSSIBLE> ALARMS SHALL NOT BE INITIATED FROMi INDICATORS OR RECORDER CONTACTS>

12) IN LINE PADDLE TYPE FLOW SWITCHES SHALL NOT BE USEDs f'1AGNETIC TYPE FLOW METERS ARE PREFERRED FOR SLUDGE OR SLURRY SERVICEI U) FLOW ELEMENTS SHALL BE SIZED> WHEREVER PRACTICABLE> FOR 100 IN) h20 AND DESIGN FLOW SHALL BE 85 PERCENT OF RANGE

14) EQUIPMENT CONTROL CIRCUIT STATUS (AUTOMATIC OR MANUAL) SHALL BE INDICATED ON THE CONTROL ROOM CONTROL PANELS ALONG WITH THE EQUIPMENT STATUS (RUNNING OR STOPPED)<

15) ALL OVERRIDES OF ENGINEERED SAFETY FEATURES EQUIPMENT SHALL BE INDI CATED s

16) IN GENERALg TIl"1E DELAY RELAYS SHALL NOT BE USED TO BYPASS SHORT TIME NUISANCE ALARl'1S UPON EQUIPMENT STARTUPi NUISANCE ALARMS SHALL BE BYPASSED UPON MANUAL SHUTDOWN OF STANDBY OR REDUNDANT COMPONENTS'XHIBIT 2C1-5

2, C, 1, A PROCESS INSTRUNENTATION S

17) NERCURY SHALL NOT BE USED FOR ANY APPLICATION WITHIN THE CONTAINMENT BUILDING, SPENT FUEL POOL AREAR'ORON RECOVERY AREAR'HEMICAL AND VOLUME CONTROL AREAS'R IN THE RADWASTE BUILDINGs SWITCHES USING MERCURY'HETHER ENCAPSULATED OR NOTi-AND MERCURY WETTED RELAYS SHALL NOT BE USED IN SAFETY SYSTEMSs

18) NERCURY SHALL NOT BE USED IN INSTRUMENTS IN DIRECT OR INDIRECT CONTACT WITHE

~ THE PRIMARY COOLANT SYSTEM

~ THE FEEDWATER AND CONDENSATE SYSTEMS

~ SYSTEMS WHICH PROVIDE MAKEUP TO THE PRIMARY'EEDNATERp AND CONDENSATE SYSTEMSs

19) INSTRUMENTS CONTAINING MERCURY FOR LEVELS PRESSURE DIFFERENTIAL PRESSUREg TEMPERATURE, OR FLoW SWITcHES MAY BE usED ouTSIDE oF THE sPECIFIc MERcuRY ExcLusIoN AREAS AND SYSTEMSs ONLY HERMETICALLY-SEALED MERCURY SWITCH ASSEMBLIES CONTAINED WITHIN NATIONAL ELECTRICAL MANUFACTURERS ASSOCIATION (NENA) NENA-4 HOUSINGS SHALL BE USED s CARE SHALL BE TAKEN IN SELECT I NG INSTRUMENTS FOR USE SUCH THAT A BROKEN MERCURY SNITCH CAPSULE SHALL NOT RESULT IN MERCURY ENTERING SUMPSs SWITCHES WHICH WILL CONTAIN THE MERCURY WITHIN THE INSTRUMENT CASE MAY BE USED's Esp NAGNETROL TYPE SNITCHs I EXHIBIT 2Cl-4

2,C,1,A PROCESS INSTRUNENTATION

20) ['1ERCURY MANOMETERS SHALL BE RESTRICTED FROM USE IN THE PLANT OPERATING PROCESS INSTRUMENTATION'UT MAY BE USED IN INSTRUMENT SHOPSi

21) ALL SYSTEMS SHALL INCLUDE THE REQUIRED STRAIGHT RUNS FOR FLOW MEASUREMENT NOZZLESs FLOW METERING RUNS SHALL BE IN ACCORDANCE WITH ASf'lE PUBLICATIONS FLUID NETERSg THEIR THEORY AND APPLICATIONS SUPPLEMENT TO ASf'lE PTC-19, EXHIBIT 2C1-5

0 2,C,1,B PROCESS INSTRUNENTATION

1) A TYPICAL PROCESS INSTRUMENTATION LOOP CONSISTS OF:

SENSOR PROCESSING ELECTRONICS DISPLAY

2) YARIOUS SENSORS INCLUDE'HERMOCOUPLES AND RTD'S PRESSURE TRANSMITTERS INCLUPING DIFFERENTIAL PRESSURE TRANSMITTERS FOR LEVEL AND FLOW MONITORING RADIATION MONITORS ~ SCINTILLATION> (GEIGER-NUELLER ANALYZERS H2 (THERMAL CONDUCTIVITY)g CL2 (CHEMICALLY IMPREGNATED PAPER TAPE)

FLOAT AND DISPLACER TYPE LEVEL INSTRUMENTS

5) PROCESSING ELECTRONICS INCLUDE'IGNAL CONVERTERS ( I/Ep E/E INCLUDING ISOLATORS> SQUARE ROOT) BISTABLES

0) PROCESSING ELECTRONICS ARE HOUSED WITHIN CONTROL ROOM CABINETS 2 SEPARATE CLASS IE CABINETS (A AND B)g AND SEPARATE NON-IE CABINETS EXHIBIT 2C1-6

2, C, 1, B PROCESS INSTRUYiENTATION S

5) DISPLAYS INCLUDE'.

INDICATORS RECORDERS INDICATING LIGHTS ANNUNCIATOR EXHIaIT 2C1-7

1,C, l,B PROCESS INSTRUNENTATION ENGINEERED SAFETY. FEATURE SYSTEN HONITORING (SHEET 1 oF 6)

TYPE NUMBER OF DISPLAYED PARAMETER OF READOUT CHANNELS LOCATION RANGE ACCURACY FUEL BUILDiNG (FB)

ESSENTIAL VENTILATION SYSTEM FB VENTILATION INDICATING 1 VaiR/ CONTROL NA ISOLATION DAMPER LIGHTS DAMPER ROOM POSITION FB ESSENTIAL EXHAUST INDICATING 1 PAIR/FAN CONTROL NA FANS MOTOR STARTER LIGHTS ROOM CONTACT POSITION FUEL POOL AREA INDICATOR CONTROL 1O-' 1O" +20%

RADIATION MONITOR ROOM MR/H INDICATOR 10 10 +25%

FUEL BUILDING EXHAUST CONTROL GAS ACTIVITY ROOM ~ Ci/CM MONITOR EXHIBIT 2C1-8

1, C, 1; B PROCESS INSTRUMENTATION ENGINEERED SAFETY FEATURE SYSTEM MONITORING (SHEET 2 oF 6)

TYPE NUMBER OF DISPLAYED PARAMETER OF READOUT CHANNELS LOCATION RANGE ACCURACY FUEL BUILDING AFU INDICATOR CONTROL 0 To 10F +1 CHARCOAL ROOM DIFFERENTIAL TEMPERATURE MONITOR FUEL BUILDING INDICATOR CONTROL 0 TO Os5 INi NEGATIVE PRESSURE ROOM H20 (DIFF PRES ACROSS INSIDE OF BLDG AND AMBIENT)

CONTAINMENT PURGE ISOLATION SYSTEM NORMAL PURGE ISOLA INDICATOR 1 PAIR/ CONTROt T I ON VALVE POSITION LI GHTS VALVE ROOM EXHIBIT 2C1-9

~

)

'l ~ ~

I

)

~ a~a)a I

I~

I ' II L )

I I II ~ g

~

~ ~

~ i ~

) ~ 0 ~ ~

I

1,C,1,B PROCESS INSTRUNENTATION S S ENGINEERED SAFETY FEATURE SYSTEt" MONITORING (SHEET 4 oF 6)

TYPE NUMBER OF DISPLAYED PARAMETER OF READOUT CHANNELS LOCAT ION RANGE ACCURACY CONTROL ROOM/BUILDING INDICATING 1 PAIR/FAN CONTROL ESSENTIAL FAN LIGHTS ROOM MOTOR STARTER CONTACT POSITION CONTROL ROOM AIR I ND I CATOR CONTROL 10-6 To 10-1 +25%

INTAKE GAS ROOM C I/CM ACTIVITY MONITORS CONTROL ROOM AIR I ND I CATOR CONTROL 0 TO 4 PPM +20% oF INTAKE CHLORINE ROOM CONCEN-MON I TOR TRATION CONTROL ROOM TEMPER- INDICATOR CONTROL 0 To 160F . +2%

ATURE MONITORS RooM EXHIBIT 2C1-11

0 1, C, 1, B PROCESS INSTRUMENTATION S C I

'ENGINEERED SAFETY FEATURE SYSTEM MONITORING (SHEET 5 OF 6)

TYPE NUMBER OF DISPLAYED PARAMETER OF READOUT CHANNELS LOCAT ION RANGE ACCURACY CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM CONTAINMENT HYDROGEN INDICATOR CONTROL 0 To 10% +2,5%

ROOM HYDROGEN CONTROL INDICATING 1 PAIR/ CONTROL CONTAINMENT LIGHTS VALVE ROOM ISOLATION VALVE POSITION AUXILIARY FEEDWATER SYSTEM AUXILIARY F EEDWATER INDICATOR 1/PUMr CONTROL 0 To 2000 +1,5%

PUMP DISCHARGE ROOM PSIG PRESSURE EXHIBIT 2C1-12

0 1,C,1,B PROCESS INSTRUNENTATION SS .SC I ENGINEERED SAFETY FEATURE SYSTEN NONITORING (SHEET 6 QF 6)

TYPE NUMBER OF DISPLAYED PARAMETER OF READOUT CHANNELS LOCAT ION RANGE ACCURACY AUXILIARY FEEDNATER INDICATOR 1/AUXILIARY CONTROL 0 To 2000 +2%

FLOW FEEDWATER ROOM GAL/MIN LINE AUXILIARY FEEDNATER INDICATING 1 PAIR/ CONTROL REGULATING VALVES LIGHTS VALVE ROOM AUXILIARY FEEDNATER INDICATOR CONTROI 0 To 6000 +1,5%

PUMP TURBINE SPEED ROOM R/M I N AUXILIARY FEEDWATER INDICATING 1 PAIR/ CONTROL NA SUCTION FROM CST LIGHTS VALVE ROOM I SOLAT ION VALVES ESF STATUS PANEL SYSTEM AVAILABILITY INDICATING 1 LIGHT/ CONTROL=

LIGHTS SYSTEM/ ROOM TRIP EXHIBIT 2C1-13

0 INSTRUMENT CABINET CONTROL BOARD FIELD DEVICE I Q-- I 1

QNSoM- AISD QP INOICAToR A POI ~ 70 SIICD,P,<~Xa CZCI

~CABLE QB L'eD 2AXtDSI MOD 2A)4 DSI TRANSMITTER TB-A A POT-70 A POSL 10 POT 70 I-SO/c QXA <PZI LI I CABLE L'2 IS QA g

~

~

I I I

~

X 9'Ig QQ l20 VA C. MOD 27OIS-P4A I INSTR PWR fULNISRED DY IIVAC Q MOD 2AI IEV MOD 2AI4ALM-AR b SUD CONTIVCTOIC I QI I

TB-C I

Kl TO ANNUNCIATOR LOGIC CABINET I

I K2 VIA 1'SOLATIOI4 CABINET I ( J SAA-Col)

I 10 RFOB I CAB L'E QU I

I QT I n, IY Z,~ IIET I I

I I INTERNAL I SPACE I

~CR ~CR I 'T Y 70 I

I ATMOS pcs I

FblPUCXBD OT UYAC SCBCoNYBICTOK INSTRUMENT LOOP DIAGRAM HVAC FUEL BUILDING FIGURE 2C1-1

2,C,2,A SAFETY EQUIPMENT STATUS SYSTEM ES

1) THE SAFETY EQUIPMENT STATUS SYSTEM (SESS) SHALL FUNCTION TO ALERT THE OPERATOR BY-VISUAL AND AUDIBLE MEANS INSOFAR AS PRACTICABLE AT A SYSTEM LEVEL WHEN ANY PIECE OF AUTOMATICALLY-ACTUATEDESF EQUIPMENT HAS BEEN BYPASSED OR RENDERED INOPERABLE AND NOT AVAILABLE FOR USE,

2) THE SESS SHALL ALSO, IN THE EVENT OF AN ESFAS, MONITOR ALL OF THE ESF COMPONENTS AND ALERT THE OPERATOR BY VISUAL AND AUDIBLE MEANS WHEN ANY PIECE OF EQUIPMENT HAS NOT COMPLETED THE TRANSITION TO THE SAFE OPERATING POSITION,

3) THE SAFETY EQUIPMENT STATUS SYSTEM WILL BE DESIGNED IN COMPLIANCE WITH THE FOLLOWING STANDARDS:

AMERICAN NATIONAL STANDARDS INSTITUTE (ANSI), STANDARD C37,90A, SURGE WITHSTAND CAPABILITY INSULATED POWER CABLE ENGINEERS ASSOCIATION (IPCEA), STANDARD S-61-002, SECTION 6.5, FLAME RESISTING TEST NATIONAL ELECTRIC MANUFACTURERS ASSOCIATION (NEMA), STANDARD ICS-1970 PART 1-109, INDUSTRIAL CONTROLS AND SYSTEMS TESTS EXHIBIT 2C2-1

2,C.2,A SAFETY EQUIPMENT STATUS SYSTEM ES G C ER INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE), STANDARD 279, SECTION 4,15, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS NRC REGULATORY GUIDE 1.29, SEISMIC DESIGN CLASSIFICATION NRC REGULATORY GUIDE 1.47, BYPASSED AND INOPERABLE STATUS INDICATION FOR NUCLEAR POWER PLANT SAFETY SYSTEMS NRC REGULATORY GUIDE 1. 75, PHYSICAL INDEPENDENCE OF ELECTRIC SYSTEMS

4) THE SYSTEM SHALL CONSIST OF TWO PORTIONS: ONE REPORTING THE STATUS OF SAFETY TRAIN A EQUIPMENT, THE OTHER REPORTING THE STATUS OF SAFETY TRAIN B EQUIPMENT, THE SYSTEM SHALL ACCEPT CHANNELIZED CLASS IE ASSOCIATED INPUTS. THE SYSTEM INPUTS ARE CLASS IE ASSOCIATED, THEREFORE THE SYSTEM SHALL BE POWERED FROM CLASS IE 125V-DC POWER SUPPLIES,

5) STATUS CONTACTS SHALL CONTINUOUSLY MONITOR THE AVAILABILITYOF CONTROL POWER AND THE POSITION OF CIRCUIT BREAKERS OF ALL AUTOMATICALLYACTUATED ESF DEVICES, A LOSS OF CONTROL POWER OR DELIBERATE RACKING OUT OF A BREAKER SHALL AUTOMATICALLY INDICATE AT THE COMPONENT LEVEL THE DEVICE WHICH HAS BEEN RENDERED INOPERABLE, SIMULTANEOUSLY, A SYSTEM LEVEL INDICATION WITH AUDIBLE ALARM SHALL BE INITIATED, EXHIBIT 2C2-2

2,C,2,A SAFETY EQUIPMENT STATUS SYSTEM DES G C I THE CAPABILITY FOR INITIATING A MANUAL BYPASS INDICATION AND ALARM IS PROVIDED TO INDICATE THE BYPASS CONDITION TO THE OPERATOR FOR THOSE MANUAL VALVES AND OTHER COMPONENTS WHICH ARE NOT AUTOMATICALLYMONITORED, THE INITIATION AND REMOVAL OF MANUAL BYPASS INDICATION WILL BE UNDER ADMINISTRATIVE CONTROL, A SYSTEM OF STATUS CONTACTS SHALL MONITOR THE SAFE OPERATING POSITION OF ALL AUTOMATICALLYACTUATED ESF DEVICES DURING AN ESFAS, THESE STATljS CONTACTS SHALL AUTOMATICALLY INDICATE AT THE COMPONENT LEVEL THE DEVICE WHICH HAS FAILED TO AUTOMATICALLY COMPLETE THE TRANSITION TO THE SAFE OPERATING POSITION WITHIN A NORMAL TIME PERIOD, SIMULTANEOUSLY, A SYSTEM LEVEL INDICATION WITH AUDIBLE ALARM SHALL BE INITIATED, ALL SYSTEMS AFFECTED BY THE BYPASSING/INOPERABILITY OF A GIVEN COMPONENT WHICH IS SHARED BY MULTIPLE SYSTEMS AUTOMATICALLYGENERATES A BYPASS/INOPERABLE AUDIBLE AND VISUAL ALARM IN EACH SYSTEM AFFECTED, INDICATION AND ANNUNCIATION TEST CAPABILITY IS PROVIDED BY SIMULATING A TROUBLE CONTACT CONDITION WHEN THE TEST BUTTON IS DEPRESSED, THE TEST FEATURE IS INDEPENDENT FOR EACH CHANNEL, A MINIMUM OF TWO LAMPS, CONNECTED IN PARALLEL, SHALL BE FURNISHED FOR EACH ANNUNCIATOR 'WINDOW, INDICATOR WINDOW, AND INDICATOR SWITCH.

EXHIBIT 2C2-3

2,C,2,A SAFETY EQUIPMENT STATUS SYSTEM SIG C I I ll) ALL COMPONENTS INCLUDING SOLID-STATE DEVICES, TRANSFORMERS, RESISTORS, AND RELAYS SHALL BE OF A QUALITY, AND SHALL BE USED IN THE SYSTEM IN A WAY THAT WILL ENSURE HIGH RELIABILITY, MINIMUM MAINTENANCE REQUIREMENTS, AND LOW FAILURE RATES, EASE OF MAINTENANCE SHALL BE A PRIMARY CONSIDERATION IN THE EQUIPMENT DESIGN OF ALL COMPONENTS OPERATED BELOW THEIR ELECTRICAL AND THERMAL RATED VALUES, TAKING INTO ACCOUNT ALL POSSIBLE COf'>BINATIONS OF OPERATING ENVIRONMENTS, POWER SOURCE RANGES, AND TRANSIENT CONDITIONS,

12) THE SAFETY EQUIPMENT STATUS SYSTEM SHALL BE LOCATED IN THE CONTP~L ROOM AND SEISMICALLY QUALIFIED TO THE FOLLOWING ACCEPTANCE CRITERIA:

STRUCTURAL FAILURE WHICH WOULD CAUSE THE SYSTEM LOGIC CABINETS AND/OR WINDOW DISPLAYS TO DISLODGE FROM THEIR AMOUNTING OR CAUSE ANY PART OF THESE SUBASSEMBLIES TO DETACH AND FALL DURING AN OBE'AND SSE SHALL NOT BE PERf'lITTED, THE EQUIPMENT SHALL NOT CAUSE SHORT CIRCUITS OR SPURIOUS SIGNALS THAT WOL'LD ADVERSELY AFFECT THE CLASS IE EQUIPf'lENT PROVIDING INPUTS TO THIS SYSTEM, EXHIBIT 2C2-I4

2,C,2,a SAFETY EQUIPNENT STATUS SYSTEN S I

1) THE SESS CONSISTS OF TWO PHYSICALLY SEPARATE SYST01S. ONE OF THESE SYSTENS PROVIDES NONITORING AND ANNUNCIATION FOR SAFETY TRAIN A EQUIPNENT, THE OTHER SYSTEN PROVIDES NONITORING AND ANNUNCIATION FOR SAFETY TRAIN B EQUIPNENT.

2) EACH OF THE TRAIN RELATED SYSTENS CONSISTS OF SYSTEf1 LEVEL WINDOW CABINET, CONPONENT LEVEL INDICATOR LIGHT PANEL, SYSTEf1 CONTROL PAiNEL, LOGIC CABINET, AUDIBLE ALARI'1 DEVICES, AND INTERCONNECTING CABLES, EXHIBIT 2C2-5

LOGIC CABINETS SYSTEM LOGIC SECTION LOGIC SECTION SYSTEM ANNUNCIATOR TRAIN A TRAIN B ANNUNCIATOR WINOOW CABINET LOAO GROUP I LOAO GROUP 2 WINOOW CABINET SYSTEM CONTROL INOICATOR LIGHT SYSTEM CONTROL INOICATOR LIGHT

'A'TATUS PANEL PANEL PANEL PANEL STATUS CONTACT CONTACT INPUTS INPUTS TRAIN TRAIN

~

'8'25 V-OC IE POWER 'A' 125 V-OC IE POWER

'8'LECTR ELECTR TONE NO. I TONE NO. I SEIS SEIS ELECTR TONE NO. 2 ELECTR TONE NO. 2 SEAS SEAS SAFETY EQUIPMENT STATUS SYSTEM SYSTEIVI AR RANG EIVIENT FIGURE 2C-1A

2,C.2.a SAFETY EQUIPMENT STATUS SYSTEM

5) EACH OF THE TRAIN RELATED SYSTEMS PERFORMS INDICATION OF SAFETY EQUIPMENT ACTUATED STATUS (SEAS)

SAFETY EQUIPMiENT IiNOPERABLE STATUS (SEIS)

0) EACH OF THE TRAIN RELATED SYSTEMS IS POWERED FROM A SEPARATE CLASS IE 125V-DC DISTRIBUTION BUS.

5) THE ANNUiNCIATION SEQUENCE OF OPERATION AND TESTING FOR SESS ALARMS IS SAME AS THAT FOR THE PLANT ANNUNCIATOR, EXHIBIT 2C2-6

2.C.2,s SAFETY EQUIPf"jENT STATUS SYSTEM

6) SAFETY EQUIPMENT ACTUATED STATUS (SEAS) LOGIC THE SEAS LOGIC

~ CONTINUOUSLY MONITORS THE OPERATING STATUS OF ESF AND ESF SUPPORT SYSTEM ACTUATED DEVICES, CONTINUOUSLY MONITORS THE STATUS OF ESFAS SIGNALS, PROVIDES "FAILURE TO AUTOMATICALLYACTUATE" ANNUNCIATION IF ALL ACTUATED DEVICES IN A SYSTEM DO NOT TRANSITION TO THE "SAFE" POSITION REQUIRED TO PERFORM THE ESF SYSTEM FUNCTION AFTER RECEIPT OF AN ESFAS SIGNAL AND AN ALLOWABLE TRANSITION TIME. THIS ANNUNCIATION IS AUDIBLE AND INDICATED ON THE SYSTEM LEVEL WINDOW CABINET,

~ PROVIDES INDICATION OF COMPOhENTS OR GROUP OF COMPONENTS WHICH FAILED TO TRANSITION TO THE "SAFE" POSITION. THIS INDICATION IS ON THE COf'1PONENT LEVEL INDICATOR LIGHT PANEL.

~ PROVIDES "FAILURE TO AUTOMATICALLYACTUATE" ANNUNCIATION IF ALL THE ACTUATED DEVICES IN A SUPPORT SYSTEM DO NOT TRANSITION TO THE "SAFE" POSITION REQUIRED TO PERFORM THE ESF SUPPORT SYSTEM FUNCTION, EXHIBIT 2C2-7

2,C,2,a SAFETY EQUIPMENT STATUS SYSTEM

7) SAFETY EQUIPMENT INOPERABLE STATUS (SEIS) LOGIC THE SEIS LOGIC

~ CONTINUOUSLY MONITORS THE "AVAILABILITY"OF ESF AND ESF SUPPORT SYSTEM COI'i-PONENTS TO RESPOND TO AND PERFORM THE ESF SYSTEM FUNCTIONS WHEN REQUIRED.

"AVAILABILITY"CONSISTS OF THE FOLLOWING AS APPROPRIATE AVAILABILITYOF CONTROL POWER TO ACTUATE THE DEVICE CIRCUIT BREAKER IS NOT "RACKED-OUT" MANUALLY OPERATED VALVE INTENDED FOR USE MORE THAN ONCE A YEAR IS PROPERLY ALIGNED

~ PROVIDES "INOPERABLE STATUS" ANNUNCIATION IF ANY MONITORED COMPONENT IN A SYSTEM IS NOT "AVAILABLE"TO PERFORM ITS REQUIRED FUNCTION, PROVIDES A MEANS TO MANUALLY INITIATE SYSTEMi "INOPERABLE STATUS" IF A MANUAL VALVE INTENDED FOR USE LESS THAN ONCE A YEAR OR OTHER COMPONENT IS REMOVED FROM SERVICE, THIS INITIATION IS UNDER ADMINISTRATIVE CONTROL.

~ PROVIDES "INOPERABLE STATUS" ANNUNCIATION IF ANY SUPPORT-SYSTEM-MONITORED COMPONENT IS INOPERABLE OR HAS A MANUAL "INOPERABLE STATUS" INITIATION.

EXHIBIT 2C2-8

"SAFE" POSITION "SAFE" POSITION TO SUPPORTED SYSTEM SYSTEM

'"FAILTO AUTO ACTUATE" ALARM FROM SUPPORT SYSTEM "SAFE" POSITION TIME DELAY ESFAS SIGNAL(s)

SAFETY EQUIPMENT STATUS SYSTEM (SESS)

SAFETY EQUIPMENT ACTUATED STATUS (SEAS) TYPICAL LOGIC FOR AN ESF OR ESF SUPPORT SYSTEM FIGURE 2C-2

MANUALINITIATION

'COMPONENT "AVAILABLE" TO SUPPORTED SYSTEM COMPONENT "AVAILABLE" SYSTEM "INOPERABLE" COMPONENT "AVAILABLE" FROM SUPPORT SYSTEM SAFETY EQUIPMENT STATUS SYSTEM (SESS)

SAFETY EQUIPMENT INOPERABLE STATUS (SEIS) TYPICAL LOGIC FOR AN ESF OR ESF SUPPORT SYSTEM FIGURE 2C-3

HIGH MAIN STEAM PRESSURE AUX FW AUX FW CONTAINMENT R ECIRCULATION STEAM GEN STEAM GEN ISOLATION ISOLATION SAFETY INJECTION NO. 1 NO. 2 LOW PASSIVE CONTAINMENT PRESSURE CONTAiNMENT IODINE SAFETY REMOVAL PURGE SAFETY SPRAY INJECTION ISOLATION INJECTION CONTROL CONTROL FUEL CONTAINMENT ROOM BLDG BUILDING COMBUSTIBLE BOP NSSS F ILTRATION& ESSENTIAL ESSENTIAL GAS ESFAS ESFAS ISOLATION ACU'S VENT I LAT I ON CONTROL ESSENTIAL ESSENTIAL ESSENTIAL DIESEL IE NON-ESF CHI L LED COOLING SPRAY GENERATOR LOAD CENTER LOAD SHED WATER WATER POND BREAKERS SESS ANNUNCIATOR PANEL FIGURE 2C-4

HIGH CONTA INMENT MAIN STEAM PRESSURE AUX FW AUX FW ISOLATION SAFETY RECIRCULATION STEAM GEN STEAM GEN ISOLATION INJECTION NO. 1 NO. 2 LOW PASSIVE CONTAINMENT PRESSURE CONTAINMENT IODINE SAFETY P3JRG E SAFETY INJECTION SPRAY REMOVAL ISOLATION INJECTION CONTROL CONTROL FUEL CONTAINMENT ROOM BLDG BUILDING COMBUSTIBLE BOP NSSS F ILTRATION & ESSENTIAL ESSENTIAL GAS ESFAS ESFAS ISOLATION ACU'S VENTILATION CONTROL ESSENTIAL ESSENTIAL ESSENTIAL DIESEL IE NON-ESF CHILLED COOLING SPRAY GENERATOR LOAD CENTER LOAD SHED WATER WATER POND BREAKERS MANUALBYPASS INITIATE ALARM FLASHER LAMP BYPASS/INOP STATUS STATUS RESET RESET RESET TEST TEST DISPLAY SYSTEM RESET AND TEST SESS CONTROL PANEL FIGURE 2C-5

SESS COMPONENT STATUS MAINSTEAM CONTAINMENT ISOLATION ISOLATION H I G H PR ESSUR E AUX FW AUX FW SAF ETY IN JECT ION RECIRCULATION STM GEN I STM GEN2 CONTAINMENT LOW PRESSURE PASSIVE CONTAINMENT IODINE PURGE SAF ETY INJECTION SAFETY INJECTION SPRAY REMOVAL ISOLATION CONTROL ROOM CONTROL BUILDING FUEL BUILDING FILTRATIONAND ISOLATION ESSENTIAL ACUS ESSENTIAL VENTILATION ESSENTIAL ESSENTIAL CHILLED COOLING ESSENTIAL DIESEL IE LC NON-ESF WATER WATER SPRAY POND GENERATOR BREAKERS LOAD SHED FIGURE 2C-6

0,

,m

4

~C J<<

~<< ~ ~ ~ <<<<P<< I P

<<,'r

.'~: .";. ~" ~ - ~ ~

I; IV ~,

~ 'I

<<<<IP a ~

I l ~ ~~

III -IW rp%. "~ ~ I P<<IPP <<vl C4 PI@0 tPI. p'kr ~

J

~ Pv'1

• Iv ,P ~ Ie +V ~ Pe ~r I I ~

I Iac

'"I t ~ ~ 't ."" .III I <<r:>>rv . y lI, '

~ ~ ~ ~

p V' r r r!

~ ~

N t

'Ij PP JA: ~

\

I

~

I 7z

~ ~

I ~

V W %r '1b IJÃAIEvk P V<<PI JI e<<P SESS PANELS SLIDE'10

egg L

I i

r

~ I 0%t

~i ~i

~ ~

~

i

~ I i

~ i i

~ ~ fi k

~r

~ ~

I I I I I i

SESS CONTROL f'ANELS SLIDE 1]

+4~~ N 8 'i'i +

'P'N NN PRESS AN RECRC FW FW SAFETY IHJ SG I SG2 rASSIVE CNTllT CHTMT IODINE smn SAFETY INJ SPRAY REM PRG ISOL NJ

~~P~t'h r 'NNF OllTMT BLDG BLDG COMBUSTIBLE BOP NSSS FILT ESFAS ESS ESS GAS ESFAS L 50L ACU'S VENT CONT fg ~

ESS ESS IE NON<SF KSS DG CLG SPRAY LC LOAD CHW SYS WTR POND BKRS SHED SESS ANNUNCIATOR PANEL SLIDE 12

4fdC ~~a~ ~ 4a QQ$ 4ggg aa a

' 0" 0" 0'J00 C~g

~0 0 0 ~ ~ ~0 ~

.W ~ '.:. ':-': ~

~ ' ~ >' t~l $ fr

! .'4 ar ~ a ~ r' 0 ~ a0 A ~

tt ~ }

,C t a' 0. Q+glt 01

,'<a:j~.

~ at ar ~0

<<tta) ~ t 0

~ IN% ..Pl.'r

~0

~ ~

~ 4 04 0+

E~ at 00 SESS COMPONENT STATUS SLIDE 13

I p t \ iy f

. ,.(.

N% 1 VLV

@"-:-""'::-""'=-i-": -'~-:: -""-"-"-'>-"->"

Q~j 'y,g+L.', <%i <+'II <<j>~j T f~~

4 NNC gga, g+Q

'-' Ng g Q jggf ':

g+g,,'.j,g'f~>I W le 4+ \ ~ I ACC SSCM Wa ace'w~oOE j'.";.-:;:,-'.,;-'-,=,::

~ ~

~A

'f f~~(~<i'iJ 'iij':";":.,fuge lwugo)go.;;-:,':

$ 4I4TIAl, VN,N'8 0 l,':.g".'::.'..'j'.,'."!,".-::; '., BLUE LIGHTS: "'a@i~

flON,-';:,'..-'".-',-.::,:;.",::::;::-,",::"'=.,:.'-.,:;.'.;:.,:.'=:::.::;=.

+'ESS COMPONENT STATUS SLIDE 14

'jf 'S%~ h At r WP g j eI I IS h ~ h I h Np y g IVI'4 I ~'-- +1('kit>>

4- ",.'-..'.:l':-:.'.- '".::-'-:".'::".'-.",-:::;, =:y,. -.",--".j~",';;-:":, '~.Pjji -".: ~', "-~:-'.:;"~'"

A$ ~@5~)(~~'.g)'g: 'h11

'y!b~4g~-,g'ksiIIg'vi-'$ I .v~I~. >> fI'Igqsgg'PjgpiI'cy,') ~. (a~,.')(w> san+I'+q~."~l I

~ ~

QN. NN NN

.-one STSN tNMS FN f OL fIFETY SOl j N4.

', II' III tr,, I.

y-':.

A> hh ~

""'iew

~ ~

. ',". t'ASNt ONlP reaa i' 5AFffY NN%'tOl NO

'SAFETY .i QQ 5NAY Igl P'a tS ')

' C ht IW ~ 1&

I rh FiLT aoe SNIIISII oo fII gaa KSI'N 4 50L Itt h >r t ~

I I ~

KSS fSS DO.

• "; 'NOIMN"".

CLC StRAY LOQ CHW

' t<<t PS. NS

~ ~ ~ h ' I I

I

~

Aht ~ tt ~C I

-'S.

c p

I

. SESS CONTROL PANEL SLIDE 15 h4 tt ~ C hth ~

'I

,~c ALNsl =LANK/ LANS "I."::QAWS '; C~

S ~

RESP "'@LP ',:: aeip,;! ~ t

'lp ~.I <<I: I1h g: ~".g 4 r gl

"-'NNI NfAI "jklNK '

j E'N OIITNT 1

NOIR FW 501 t'II@

v

~

Q WHITE LIGHT ILLUMINATED qn INAY RKli ISOL I

I );.

l NSSS /l~

KSFAS I Ve '

~ 4 l. Nl . > ~

M ..

~

'I KSS KN OQ j CLc StSAY SYS

~

I Ngf., 8NS ', ~ ws 'z.oi i . SHQ l . Q pip ~

ilg : ~ ~

I I, 'Lgl l .f

~c 4 ag SESS CONTROL PANEL SLIDE 16 4r I

, l'g .l I Cg

'I!r.

~ ~ ~p e'l' l ~

r q I I /

i iIXpN

~ i I jg" lll T J

CD "so

'TT ~

j Tl ~

I 33 CD%

I Om +

ITl 'P ITl ~ '-. ~

O ~ ~

CD 0 :I 4 1 I

'OST ACCIDENT MONITORING RECORDERS SLIDE 18

2, C,3,A POST ACCIDENT MONITORING ESG I E I POST ACCIDENT MONITORING INSTRUMENTATION SHALL BE PROVIDED IN ACCORDANCE WITH REGULATORY GUIDE 1,97'EVISION 2, INSTRUMENTATION FOR LIGHT-WATER-COOLED NUCLEAR POWER PLANTS TO ACCESS PLANT AND ENVIRONS CONDITIONS DURING AND FOLLOWING AN ACCIDENT

1) THE FOLLOWING DESIGN AND QUALIFICATION CRITERIA CATEGORIES SHALL BE USED.'ATEGORY 1:

0 INSTRUMENTATION SHALL BE QUALIFIED IN ACCORDANCE WITH REGULATORY GUIDE 1,89 (NUREG-0588) AND REGULATORY GUIDE 1,100

~ INSTRUMENTATION SHALL BE DESIGNED SO THAT ANY SINGLE FAILURE SHALL NOT RESULT IN LOSS OF THE SURVEILLANCE FUNCTION ON THE SYSTEM LEVEL AFTER AN INCIDENTs REDUNDANT OR DIVERSE CHANNELS SHALL BE ELECTRICALLY INDEPENDENT AND PHYSICALLY SEPARATED IN ACCORDANCE WITH REGULATORY GUIDE la 75

~ INSTRUMENTATION SHALL BE POWERED FROM CLASS IE POWER

~ INSTRUMENTATION SHALL Bf AVAILABLE PRIOR TO AN ACCIDENT EXCEPT AS PROVIDED IN IEEE 279 PARAGRAPH 4.11 OR AS SPECIFIED IN TECHNICAL SPECIFICATIONS

~ INSTRUMENTATION SHALL BE EQUALITY CLASS 9 EXHIBIT 2C3-1

2. C, 3, A POST ACCIDENT MONITORING

~ CONTINUOUS INDICATION SHALL BE PROVIDED

~ RECORDING SHALL BE PROVIDED (ONE CHANNEL)

P TRANSMISSION OF SIGNALS FOR OTHER USE SHALL BE THROUGH ISOLATION DEVICES

~ TYPES Ag Bg AND C INSTRUMENTS SHALL BE SPECIFICALLY IDENTIFIED ON THE CONTROL PANELS>

CATEGORY 2:

~ SENSORS SHALL BE QUALIFIED IN ACCORDANCE WITH REGULATORY GUIDE '1 89 (NLIREG-0588), SEISMIC QUALIFICATION IN ACCORDANCE WITH REGULATORY GUIDE 1,100 SHALL BE PROVIDED WHEN THE INSTRUMENTATION IS PART OF A SAFETY RELATED SYSTEMa

~ INSTRUMENTATION SHALL BE POWERED FROM A NON-CLASS IE INSTRUMENT BUS WITH CLASS IE POWER AS BACKUP OR FROM CLASS IE POWER

~ THE OUT-OF-SERVICE INTERVAL SHALL BE BASED ON NORMAL TFCHNICAL SPECIFICATION REQUIREMENTS ON THE APPLICABLE SYSTEMS

~ SENSORS SHALL BE QUALITY CLASS Qg (IN SOME CASES'UALITY CLASS R) DISPLAYS SHALL BE QUALITY CLASS R EXHIBIt 2C3-2

I 2.C.3. A POST ACCIDENT MONITORING DE 6 ER 1 DISPLAY SHALL BE ON AN INDIVIDUAL INSTRUMENT OR ON DEMAND ON A CRT

~ DATA RECORDING SHALL BE PROVIDED FOR EFFLUENT RADIOACTIVITY MONITORS'OREA RADIATION MONITORS> AND METEOROLOGY MONITORS> DEDICATED RECORDERS SHALL BE PROVIDED WHERE DIRECT OR IMMEDIATE TREND OR TRANSIENT INFORMATION IS ESSENTIAL FOR OPERATOR I NFORMAT I ON OR ACTI ON s

~ TRANSMISSION OF SIGNALS FOR OTHER USE SHALL BE THROUGH ISOLATION DEVICES<

~ TYPES Ag Bg AND C INSTRUMENTS SHALL BE SPECIFICALLY IDENTIFIED ON THE CONTROL PANELS s CATEGORY 3.'

INSTRUMENTATION SHALL BE OF HIGH QUALITY COMMERCIAL GRADE AND SHALL BE SELECTED TO W I THSTAND THE SERV I CE ENVI RONMENT s O DISPLAY SHALL BE ON AN INDIVIDUAL INSTRUMENT OR ON DEMAND ON A CRT> DATA RECORDING SHALL BE PROVIDED FOR EFFLUENT RADIOACTIVITY MONITORS'REA RADIATION MON I TORSg AND METEOROLOGY MONITORS, DEDICATED RECORDERS SHALL BE PROVIDED WHERE DIRECT OR IMMEDIATE TREND OR TRANSIENT INFORMATION IS ESSENTIAL FOR OPERATOR INFORMATION OR ACTION s EXHIBIT 2C3-3

2, C,3,A POST ACCIDENT NGNITORING I

2) SERVICING'ESTING> AND CALIBRATION PROGRAMS SHALL BE PROVIDED TO MAINTAIN THE CAPABILITY OF THE MONITORING INSTRUMENTATION) FOR THOSE INSTRUMENTS WHERE THE REQUIRED INTERVAL BETWEEN TESTING WILL BE LESS THAN THE NORMAL TIME INTERVAL BETWEEN GENERATING STATION SHUTDOWNS> A CAPABILITY FOR TESTING DURING POWER OPERATION SHALL BE PROVIDED s

3) WHENEVER MEANS FOR REMOVING CHANNELS FROM SERVICE ARE INCLUDED IN THE DESIGNS THE DESIGN SHALL FACILITATE ADMINISTRATIVE CONTROL OF THE ACCESS TO SUCH REMOVAL MEANS,

0) THE DESIGN SHALL FACILITATE ADMINISTRATIVE CONTROL OF THE ACCESS TO ALL SETPOINT ADJUSTMENTS g I lODULE CALIBRAT I ON ADJUSTMENTS'ND TEST PO I NTS s

5) THE MONITORING INSTRUMENTATION DESIGN SHALL MINIMIZE THE DEVELOPMENT OF CONDITIONS THAT WOULD CAUSE METERS'NNUNCIATORSg RECORDERS'LARMS'TC s y TO GIVE ANOMALOUS I NDI CAT I ONS POTENT I ALLY CONFUS I NG TO THE OPERATOR ~

6) THE INSTRUMENTATION SHALL BE DESIGNED TO FACILITATE THE RECOGNITION'OCATIONS REPLACEMENTS REPAIRS OR ADJUSTMENT OF MiALFUNCTIONING COMPONENTS OR MODULES,

7) TO THE EXTENT PRACTICABLE'ONITORING INSTRUMiENTATION INPUTS SHALL BE FROM SENSORS THAT DIRECTLY MiEASURE THE DESIRED VARIABLES'XHIBIT 2C3-0

2, C,B,A POST ACCIDENT YiONITORING

8) TO THE EXTENT PRACTICAL> THE SAME INSTRUMENTS SHALL BE USED FOR ACCIDENT MONITORING AS ARE USED FOR THE NORMAL OPERATIONS OF THE PLANT TO ENABLE THE OPERATOR TO USERS DURING ACCIDENT SITUATIONS> INSTRUMENTS WITH WHICH HE IS MOST FAMILIAR'OWEVER, WHERE THE REQUIRED RANGE OF MONITORING INSTRUMENTATION RESULTS IN A LOSS OF INSTRU-MENTATION SENSITIVITY IN THE NORMAL OPERATING RANGE SEPARATE INSTRUMENTS SHALL BE USED')

PERIODIC TESTING SHALL BE IN ACCORDANCE WITH THE APPLICABLE PORTIONS OF REGULATORY 6UIDE lsl18 PERTAINING TO TESTING OF INSTRUMENTS CHANNELSs (NOTE'ESPONSE TIME TESTING NOT USUALLY NEEDED>)

EXHIBIT 2C5-5

2,C,S,B POST ACCIDENT NONITORING S

1) TYPE A VARIABLES'THOSE VARIABLES TO BE MONITORED THAT PROVIDE THE PRIMARY INFORMATION REQUIRED TO PERMIT. THE CONTROL ROOM OPERATOR TO TAKE SPECIFIC MANUALLY CONTROLLED ACTIONS FOR WHICH NO AUTOMATIC CONTROL IS PROVIDED AND WHICH ARE REQUIRED FOR SAFETY SYSTEMS TO ACCOMPLISH THEIR SAFETY FUNCTION FOR DESIGN BASIS ACCIDENT EVENTS s PRIMARY INFORMATION IS THAT WHICH IS ESSENTIAL FOR THE DIRECT ACCOMPLISHMENT OF THE SPECIFIED SAFETY FUNCTIONS) IT DOES NOT INCLUDE THOSE VARIABLES WHICH ARE ASSOCIATED WITH CONTINGENCY ACTIONS THAT MAY ALSO BE IDENTIFIED IN WRITTEN PROCEDURES>

A C-E REVIEW OF EMERGENCY GUIDELINES (LOCAL VSLB, SG TUBE RUPTUREg ATHSp REACTOR TRIPg LOSS OF FEED AND LOSS OF FORCED FLOW) IS UNDERWAY TO IDENTIFY FOR EACH EVENTS REQUIRED NANUAL ACTION INSTRUMENT CONSULTED REQUIRED RANGE AND ACCURACY CURRENT QUALIFICATION STATUS COMPLETION IS EXPECTED IN NOVEMBER'981, IN ADDITIONS A REVIEW OF THE EMERGENCY PROCEDURES AFTER THEY ARE DEVELOPED WILL BE PERFORMED TO ENSURE THE REQUIRED VARIABLES HAVE BEEN IDENTIFIED EXHIBIT 2C)-F.

2,C,3,B POST ACCIDENT MONITORING SYSTEM DESCRIPTION

2) TYPE 8 VARIABLES: THOSE VARIABLES THAT PROVIDE INFORMATION TO INDICATE HHETHER PLANT SAFETY FUNCTI ONS ARE BEING ACCOMPLI SHED s PLANT SAFETY FUNCTI ONS ARE (1) REACTIVITY CONTROLS (2) CORE COOLING'3) MAINTAINING REACTOR COOLANT SYSTEM I NTEGRITYg AND (4) MAINTAINING CONTAINMENT INTEGRITY (INCLUDING RADIOACTIVE EFFLUENT CONTROL), VARIABLES ARE LISTED WITH DESIGNATED RANGES AND CATEGORY FOR DESIGN AND QUALIFICATION REQUIREMENTS'EY VARIABLES ARE INDICATED BY DESIGN AND QUALIFICATION CATEGORY 1s

~ CATEGORY 1 VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT SUMP BOTTOM OF CONTAINMENT SENSOR RANGE 11 FTi (+6 IN) ABOVE HATER LEVEL HIDE TO 600p000 GALLON SUMP TO +6 IN< ABOVE MAXIMUM EXPECTED RANGE EQUIVALENT FLOOD LEVEL)

DISPLAY 2 CHANNELS, CLASS IEi RECORDING ON ONE CHANNEL EXHIBIT 2C3-7

2,C,3,B POST ACCIDENT NONITORING SYSTEN DESCRIPTION TYPE B CATEGORY 1 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT PRESSURE 0 TO DESIGN PRESSURE SENSOR RANGE -5 PS I G TO 180 PS I G (60 PSIG) 10 PS I A TO DESIGN DISPLAY 2 CHANNELS, CLASS IEi PRESSURE (60 PSIG) RECORDING ON ONE CHANNEL CONTAINMENT ISOLATION CLOSED NOT CLOSED DISPLAY VALVE STATUS FOR ALL VALVE POSITION AUTOMATIC OR REMOTE MANUAL (EXCLUDING CHECK VALVES) CONTAINMENT ISOLATION VALVES CATEGORY 2 VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT SUMP SUMP SENSOR RANGE +6 IN ) ABOVE BOTTOM HATER LEVEL NARROW OF RADWASTE DRAIN SUMP TO +6 IN, RANGE ABOVE TOP OF SUMP D I SPLAY 1/SUMP'ENSOR QUALIFIED TO POST LOCA ENVIRONMENTS SEISMIC CATEGORY II EXHIBIT 2C3-8

2,C,5 ~ B POST ACCIDENT MONITORING SYSTEM DESCRIPTION

~ TYPE B CATEGORY 5 VARIABLE REQUIREMENT DESIGN FEATURE RCS SOLUBLE BORON 0 TO 6000 PPM POST ACCIDENT SAMPLING SYSTEM; CONCENTRATION RANGE 0 TO 6000 PPMg REMOTE SAMPLE> IN-LINE AUTOMATIC (GRAB SAMPLE BACKUP)

EXHIBIT 2C5-9

2,C,3,B POST ACCIDENT NONITORING SYSTEN DESCRIPTION

3) TYPE C YAR IABLES THOSE VARIABLES THAT PROVIDE INFORMATION TO INDICATE THE POTENTIAL FOR BEING BREACHED OR THE ACTUAL BREACH OF THE BARR I ERS TO F I SS ION PRODUCT RELEASES s

THE BARRIERS ARE (1) FUEL CLADDING'2) PRIMARY COOLANT PRESSURE BOUNDARY'ND (3)

CONTAINMENT>

1 CATEGORY 1 ttAR I ABLE REQUIREMENT DESIGN FEATURE RADIOACTIVITY 1/2 TECH SPEC LIMIT SENSOR RANGE 1R/HR TO 105R/HR CONCENTRATION OR TO 100 TIMES TECH DISPLAY CRT, NON-CLASS IE, a 2 RADIATION LEVEL IN SPEC LIMITS R/HR SAFETY RELATED CHANNEL CIRCULATING PRIMARY DISPLAYS AT CABINETS COOLANT CLASS IEg RECORDING ON ONE CHANNEL CONTAINMENT PRESSURE 10 PSIA TO DESIGN SENSOR RANGE -5 PSIG TO 180 PSIG PRESSURE (60 PSIG) DISPLAY 2 CHANNELS, CLASS IEi 10 PSIA TO 3 TIMES RECORDING ON ONE CHANNEL DESIGN PRESSURE EXHIBIT 2C3-10

2,C,),B POST ACCIDENT NONITORING USE

~ TYPE C CATEGORY 1 (CONT'D)

VARIABLE REQUI REMENT DESIGN FEATURE CONTAINMENT SUMP BOTTOM OF CONTAINMENT SENSOR RANGE 11 FT (+6 IN, ABOVE HATER LEVEL l'lIDE TO 600,000 GALLON SUMP TO +6 IN a ABOVE MAXIMUM EXPECTED RANGE EQUIVALENT FLOOD LEVEL)

DISPLAY 2 CHANNELS, CLASS IE, RECORDING ON ONE CHANNEL CONTAINMENT HYDROGEN 0 TO 10% (CAPABLE SENSOR RANGE 0 TO 10%

CONCENTRATION OF OPERATING FROM AVAILABLE 50 MINUTES AFTER 10 PSIA TO MAXIMUM INITIATION OF SAFETY INJECTION DESIGN PRESSURE) CAPABLE OF OPERATING FROM 5 PSIG TO 60 PSIG (CONTAINMENT DESIGN PRESSURE)

DISPLAY 2 CHANNELS, CLASS IE RECORDING ON ONE CHANNEL EXHIBIT 2C5-11

2, C,3,B POST ACCIDENT YiONITORING

~ TYPE C CATEGORY 2 VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT SUMP WATER SUMP SENSOR RANGE +6 IN) ABOVE BOTTOM LEVEL NARROW RANGE OF RADWASTE DRAIN SUMP TO 6 INI ABOVE TOP OF SUMP DISPLAY 1/SUMP SENSOR QUALIFIED TO POST LOCA ENVIRONMENTS SEISMIC CATEGORY I I CONTAINMENT EFFLUENT 10 ~CI/CC To SENSOR RANGE 10 FCI/CC TO RADIOACTIVITY NOBLE 10 vCI/CC 10 2~CI/CC AT PLANT VENT GASES FROM IDENTIFIED DISPLAY CRT RELEASE POINTS SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY I I RADIATION EXPOSURE RATE 10 R/HR TO 13 MONITORS (INSIDE BUI LDINGS OR 10 R/HR SENSOR RANGE 10 R/HR TO 10 R/HR AREAS WHICH ARE IN DIRECT DisPLAY CRT CONTACT WITH PRIMARY CON- SENSORS QUALIFIED TO POST ACCIDENT TAINMENT WHERE PENETRATIONS ENVIRONMENTS SEISMIC CATEGORY I I AND HATCHES ARE LOCATED)

EXHIBIT 2C3-12

2, C,3,B POST ACCIDENT NONITORING

~ TYPE C CATEGORY 2 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE EFFLUENT RADIOACTIVITY- 10 vCI/CC To SENSOR RANGE 10 vCI/CC TO NOBLE 6ASES (FROM 10 vCI/CC 10~vCI/CC AT FUEL BUILDING VENT BUILDINGS INDICATED DISPLAY CRT ABOVE) SENSOR QUALIFIED TO POST ACCIDENT ENV I RONMENTp SEISMIC CATEGORY I I

~ CATEGORY 3 VARIABLE REQUIREMENT DESIGN FEATURE SAMPLERS ANALYSIS OF PRIMARY 10PCI/GM TO 10 CI/GM POST ACCIDENT SAMPLING SYSTEMS COOLANT (6AMMA QR TID-14844 soURcE RANGE 10 v CI/CC TO 10 CI/CC SPECTRUM) TERM IN COOLANT VOLUME REMOTE I SOTOP I Cg IN LINE AUTOMATIC (GRAB SAMPLE BACKUP)

CONTAINMENT AREA 1 R/HR TO 10 R/HR SENSOR RANGE 1 R/HR TO 10 R/HR RADIATION DISPLAY CRT EXHIBIT 2C3-13

2,C,3,B POST ACCIDENT NONITORING 0

~ TYPE C CATEGORY 3 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE EFFLUENT RADIOACTIVITY- 10 vCI/CC To SENSOR RANGE 10 ~CI/CC TO NOBLE GAS EFFLUENT FROM 10 v CI/cc 10 3 v CI/cc CONDENSER AIR REMOVAL DISPLAY CRT SYSTEM EXHAUST SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENT

4) TYPE D VARIABLES THOSE VARIABLES THAT PROVIDE INFORMATION TO INDICATE THE OPERATION OF INDIVIDUAL SAFETY SYSTEMS AND OTHER SYSTEMS IMPORTANT TO SAFETY) THESE VARIABLES ARE TO HELP THE OPERATOR MAKE APPROPRIATE DECISIONS IN USING THE INDIVIDUAL SYSTEMS IMPORT/NT TO SAFETY I N MI TI GATING THE CONSEQUENCES OF AN ACCIDENT i

~ CATEGORY 1 VARIABLE REQUIREMENT DESIGN FEATURE CONDENSATE STORAGE PLANT SPECIFIC SENSOR RANGE 0 TO 50 FT TANK LEVEL DISPLAY 2 CHANNELS, CLASS IE RECORDING ON ONE CHANNEL EXHIBIT 2C3-14

2, C,3, B POST ACCIDENT MONITORING SYSTEM DESCRIPTION

~ TYPE D CATEGORY 2 VARIABLE REQUIREMENT DESIGN FEATURE PRIMARY SYSTEM SAFETY CLOSED NOT CLOSED PVNGS WILL COMPLY RELIEF VALVE POSITIONS PRESSURIZER HEATER ELECTRIC CURRENT PVNGS WILL COMPLY STATUS SAFETY/RELIEF VALVE, CLOSED NOT CLOSED PVNGS WILL COMPLY POSITIONS OR MAIN STEAM FLOW AUXILIARY FEEDWATER 0 To 110% DESIGN FLOW SENSOR RANGE 0 TO 2000 GPM FLoW

= 0 To 228%

DISPLAY 2 CHANNELS't ASS IE CONTAINMENT ATMOSPHERE 40 F To 400 F PVNGS WILL COMPLY TEMPERATURE CONTAINMENT SUMP 50 F To 250 F DESIGN IMPLEMENTATION IS IN WATER TEMPERATURE REVIEW EXHIBIT 2C3-15

2,C,3,B POST ACCIDENT NONITORING SSYSTEH DESCRIPTION 1 TYPE D CATEGORY 2 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE ESSENTIAL COOLING 32 F To 200 F SENSOR RANGE 0 TO 200 F WATER SYSTEM TEMPERATURE DISPLAY 1/TRA I N p SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY II ESSENTIAL COOLING 0 To 110% SENSOR RANGE 0 To 20g000 GPM =

HATER SYSTEM FLOW DESIGN Ft OW 0 To 114%

DISPLAY 1/TRA I N p SENSOR QUALIFIED To POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY I I EMERGENCY OPEN CLOSED DISPLAY DAMPER STATUS FOR ALL VENTILATION DAMPER STATUS AUTOMATIC OR REMOTE MANUAL POSITION EMERGENCY VENTILATION DAMPERS STATUS OF STANDBY VOLTAGES y DISPLAY ESF BUS VOLTAGES AND POWER AND OTHER ENERGY CURRENTS'LASS IE CURRENTS'RESSURES SOURCES LOW PRESSURE ALARMS ON NSIVi NFIV AND ATMOSPHERIC DUMP VALVE ACCUMU-LATORS i SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY II EXfl I B IT 2C3-16

2,C,3,B POST ACCIDENT NONITORING SYSTEN DESCRIPTION e TYPE D CATEGORY 3 VARIABLE REQUIREMENT DESIGN FEATURE REACTOR COOLANT PUMP NOTOR CURRENT DISPLAY PUMP MOTOR CURRENT STATUS H I GH-LEVEL RADIOACTIVE TOP TO BOTTOM DISPLAY SENSOR RANGE 0-32,000 GPM LIQUID TANK LEVEL NAIN CONTROL ROOM ALARM OF RADWASTE SYSTEM TROUBLE RADWASTE SYSTEMS ARE NORMALLY CONTROLLED FROM RADWASTE CONTROL ROOMs NAIN CONTROL ROOM DISPLAY ON DEMAND VIA CRT TERMINALs RADIOACTIVE 6AS 0 To 150% DISPLAY SENSOR RANGE WILL BE HOLDUP TANK PRESSURE DESIGN PRESSURE PROVIDED TO COMPLY WITH 0 TO 150%

DESIGN PRESSUREs NAIN CONTROL ROOM ALARM OF- RADWASTE SYSTEM TROUBLE RADWASTE SYSTEMS ARE NORMALLY CONTROLLED FROM RADWASTE CONTROL ROOMs NAIN CONTROL ROOM DISPLAY ON DEMAND VIA CRT TERMINALa EXHIBIT 2C3-17

2. C,3. B POST ACCIDENT NONITORING S I

5) TYPE E YAR IABLES THOSE VARIABLES TO BE MONITORED AS REQUIRED FOR USE IN DETERMI N-ING THE MAGNITUDE OF THE RELEASE OF RADIOACTIVE MATERIALS AND CONTINUALLY ASSESSING SUCH RELEASESs CATEGORY 1 YARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT AREA 1 R/HR TO SENSOR RANGE: 1 R/HR TO RADIATION-HIGH RANGE 107R/HR 107 R/HR DISPLAY: CRT AND 2 SAFETY RATED CHANNEL DISPLAYS AT CABINET, CLASS 1E, RECORDING ON ONE CHANNEL EXHIBIT 2C3-18

2.C,3,B POST ACCIDENT NONITORING S S E DESC I 0

~ TYPE E CATEGORY 2 VARIABLE REQUIREMENT DESIGN FEATURE RADIATION EXPOSURE RATE 10 1 R/HR To 10 MONITORS (INSIDE BUILDINGS OR 104 R/HR SENSOR RANGE 10 R/HR TO AREAS WHERE ACCESS IS 104 R/HR REQUIRED TO SERVICE DISPLAY CRT EQUIPMENT IMPORTANT TO SENSORS QUALIFIED TO POST SAFETY) ACCIDENT ENVIRONMENT LOCAL DISPLAY AND ANNUNCIATION CONTAINMENT OR PURGE 10 6 v CI/cc To PLANT VENT MONITORED AS EFFLUENT NOBLE 6ASES 10~ ~CI/CC IDENTIFIED BELOW AND VENT FLOW RATE 0 To 110% VENT DESIGN FLOW COMMON PLANT VENT 10 6 I'CI/CC TO PLANT VENT MONITORED AS NOBLE 6ASES AND VENT 103 ~CI/CC IDENTIFIED BELOW FLOW RATE 0 To 110%

DESIGN FLOW EXHIBIT 2C3-19

2.C,3,B POST ACCIDENT NONITORIN6 S S 0

~ TYPE E CATEGORY 2 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE AUXILIARY BUILDING 10-6.CI/CC TO SENSOR RANGE 10 9 P CI/CC TO NOBLE 6ASES AND VENT 103 PCI/cc 105 PCI/CC AT PLANT VENT FLOW RATE 0 TO 110% VENT DISPLAY CRT, NON-CLASS IE DESIGN FLOW SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENT FLOW MEASUREMENT WILL BE PROVIDED CONDENSER AIR REMOVAL 10 6 PCI/CC TO SENSOR RANGE 10 6 PCI/CC TO SYSTEM EXHAUST 105 PCI/Cc 105 P CI/CC NOBLE 6ASES AND VENT 0 To 110% VENT DISPLAY CRT, NON-CLASS IE FLOW RATE DESIGN FLOW SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENT.

FLOW MEASUREMENT WILL BE PROVIDED VENT FROM STEAM 6ENER- 10 1 P CI/cc To [MONITOR/STEAM LINE ATORS SAFETY RELIEF 103 v CI/cc SENSOR RANGE 10 1 P CI/CC TO VALVES OR ATMOSPHERIC (DURATION OF 103 PCI/cc DUMP VALVES NOBLE RELEASES IN DISPLAY CRT 6ASES AND VENT FLOW SECONDS AND SENSORS QUALIFIED TO POST RATE NASS OF STEAM ACCIDENT ENVIRONMENT PER ONIT TIME)

EXHIBIT 2C3-20

0

2. C,3. B POST ACCIDENT PIONITORING S E DESC I IO

~ TYPE E CATEGORY 2 (CONT D)

VARIABLE REQUIREMENT DESIGN FEATURE FUEL BUILDING 10-6 vCI/cc To SENsoR RANGE 10 6 p CI/cc To VENT NOBLE 6ASES 102 v CI/cc 102 v CI/cc AND VENT FLOW RATE 0 To 110% VENT DISPLAY CRT DESIGN FLOW SENSORS QUALIFIED TO POST ACCIDENT ENVIRONMENT FLOW MEASUREMENT WILL BE PROVIDED EXHIBIT 2C3-21

2,C,3.8 POST ACCIDENT NONITORING S E HLm 0 TYPE E CATEGORY 3 VARIABLE REQUIREMENT DESIGN FEATURE PARTICULATES AND 10 3 v.CI/CC To NONITORS AT PLANT VENT HALOGENS AT ALL 102 vCI/cc FUEL BUILDING VENT IDENTIFIED RELEASE 0 TO 130% VENT NAI N CONDENSER AI R POINTS (EXCEPT DESIGN Ft OW REMOVAL EXHAUST STEAM GENERATOR SENSOR RANGE 10 3 FCI/CC TO SAFETY RELIEF VALVES 102 v.CI/cc OR ATMOSPHERIC STEAM FLOW MEASUREMENT WILL BE PROVIDED DUMP VALVES AND CON-DENSOR AIR REMOVAL SYSTEM EXHAUST)

SAMPLI NGy WITH ON SITE ANALYSIS CAPA-BILITY EXHIBIT 2C3-22

2,C,3,B POST ACCIDENT MONITORING

~ TYPE E CATEGORY 3 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE AI RBORN RADIO- 10-9 pCI/CC To PVNGS WILL COMPLY HALOGENS AND 10 3 p CI/cc PARTICULATES (PORTABLE SAMPLING WITH ONSITE ANA-LYSIS CAPABILITY)

EXHIBIT 2C3-23

2,C.3.B POST ACCIDENT PlONITORING S S

~ TYPE E CATEGORY 3 (CONT'D)

VAR I ABLE REQUIREMENT DESIGN FEATURE PLANT AND ENVIRONS 10 3 R/HR To 104 PVNGS WILL COMPLY RADIATION R/HRg PHOTONS (PORTABLE INSTRU- 10 3 RADS/HR TO MENTATION) 104 RADS/HRr BETA RADIA-TIONS AND LOW-ENERGY PHOTONS PLANT AND ENVIRONS NULTICHANNEL PVNGS WI LL COMPLY RADIOACTIVITY GAMMA-RAY (PORTABLE INSTRU- SPECTROMETER MENTATION)

EXHIBIT 2C3-24

2,C,3,B POST ACCIDENT NONITORIN6 SC I

~ TYPE E CATEGORY 3 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE HI ND DIRECTION 0 To 360 (+5 0 TO 540 (+5 ACCURACY)

ACCURACY WITH STARTING THRESHOLD Os75 A DEFLECTION OF 15 ), START I NG SPEED Os45 MPS MPHs'AMPING (1,0 MPH),

DAMPING RATIO RATIO Os4i DISTANCE BETWEEN 0,4 AND CONSTANT 3 3 FT, 0, 6g D I STANCE CONSTANT 2 METERSs

('JIND SPEED 0 TO 30 MPS (67 MPH) 0 To 50 MPH +1% oR 0,15 MPH

+0,22 MPS (0,5 MPH) OR WHICHEVER IS GREATER p ACCURACY FOR WIND WITH A STARTING THRESHOLD SPEEDS LESS THAN 11 OF 0,6 MPHs

. MPS (25 MPH) WITH A STARTING THRESHOLD OF LESS THAN Os45 MPS (1 0 s MPH)

EXHIBIT 2C3-25

2,C,3,B POST ACCIDENT NONITORING 0

~ TYPE E CATEGORY 3 (CONT'D)

VARIABLE REaUIREMENT DESIGN FEATURE ESTIMATION OF ATMOS- BASED ON VERTICAL BASED ON A VERTICAL DIFFERENCE PHERIC STABILITY TEMPERATURE DIFF- OF 160 FT, +6 F ANALOG AND ERENCE FROM D IG ITALO'18 TO -6 F ANALOG PRIMARY. SYSTEMS ONLY AND +0,18 F ACCURACY,

-5CT010C

(-9 F To 18 F)

AND +0,15 C ACCURACY PER 50 METER INTERVALS

(+0s'3 F ACCURACY PER 164-FOOT INTERVALS) OR ANALOGOUS RANGE FOR ALTERNATIVE STABILITY ESTIMATES EXH I B IT 2C3-26

2,C,3,B POST ACCIDENT MONITORING 5 C

~ TYPE E CATEGORY 3 (CONT'D)

VARIABLE REQUIREMENT DESIGN FEATURE ACCIDENT SAMPLING POST ACCIDENT SAMPLING CAPABILITY (ANALYSIS SYSTEM.'(REMOTE CAPABILITY ONSITE) SAMPLERS IN-LINE AUTOMATIC GRAB SAMPLE BACKUP)

PRIMARY COOLANT GRAB SAMPLE RANGES'0 R SUMP VIA GRAB SAMPLE

~ GROSS ACTIVITY 10 pCI/Ml To 3 p CI/cc To 10 CI/cc 10 CI/Ml

~ GAMMA SPECTRUM ( I SOTOP I c ISOTOPIC ANALYSIS

'ANALYSIS)

~ BORON CONTENT 0 To 6000 PPM 0 To 6000 PPM CHLORIDE CONTENT 0 TO 20 PPM 0 To 20 ppM I DISSOLVED 0 To 2000 cc 0 TO 2000 cc (STP)/KG HYDROGEN (STP)/KG P DISSOLVED 0 TO 20 PPM 0 TO 20 PPM OXYGEN o PH 1 TO 13 1 TQ 13 EXHIBIT 2C3-27

2.C.3. B POST ACCIDENT NON ITORIN6

~ TYPE E CATEGORY 3 (CONT'D)

YAR I ABLE REQUI REMENT DESIGN FEATURE ACCIDENT SAMPLING POST ACCIDENT SAMPLING SYSTEM'REMOTE CAPABILITY (ANALYSIS SAMPLERS IN-LINE CAPABILITY ON-SITE) AUTOMATIC)

CONTAINMENT AI R 6RAB SAMPLE P HYDROGEN (,ONTENT 0 To 10% 0 To 10%

0 'OXYGEN CONTENT 0 To 30% 0 To 30%

~ 6AMMA SPECTRUM (I SOTOP I C 10-7 vCI/CC To 105 vCI/CC ANALYSIS) ISOTOPIC ANALYSIS EXHIBIT 2C3-28

ALL OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY NSSS PROCESS SYSTEM SENSORS DISPLAYS -SRP 7.6-VARIABLES I ~ SHUTDOWN COOLING SYSTEM I SUCTION LINE VALVE NSSS INTERLOCKS I I ~ SAFETY INJECTION TANK I NSSS ISOLATION VALVE I ACTUATED LOGIC INTERLOCKS DEVICES I

I I

I I

I I

L BOP PROCESS SYSTEM VARIABLES SENSORS ~ I I

DISPLAYS BOP SRP 7.6 BOP ~ CLASS IE ALARMSYSTEM ALL OTHER INSTRUMENTATIONSYSTEMS REQUIRED FOR SAFETY ALARM ~ SAFETY PARAMETER LOGIC DISPLAY SYSTEM (SPDS)

INSTRUMENTATIONSYSTEMS DESIGNED TO PROTECT OTHER VITALSYSTEMS FROM POTENTIALLY DAMAGINGTRANSIENTS.

(EXCLUDES FIRE PROTECTION)

FIGURE 2D-1

0 2, D.l. A CLA I E ALARM SYSTEM ES G

1) THE CLASS IE ALARM SYSTEM SHALL BE PROVIDED FOR A LIMITED NUMBER OF OPERATIONAL OCCUR-RENCES FOR WHICH NO SPECIFIC AUTOMATIC ACTUATION OF A SAFETY SYSTEM IS REQUIRED.

THE SYSTEf"'j ALERTS THE OPERATOR TO KEEP THE PLANT OPERATING WITHIN TECHNICAL SPECIFI-CATION LIMITS AND AIDS IN PRECLUDING EQUIPMENT DAf'IAGE..

2) THE CLASS IE ALARM SYSTEfl SHALL BE DESIGNED IN COflPLIANCE WITH THE FOLLOWING STAiN-DARDS:

10CFRSO, LICENSING OF PRODUCTION AND UTILIZATION FACILITIES, APPENDIX A, GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS, JULY 15, 1971, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE) STD 279-1971, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR. POWER GENERATING STATIONS, IEEE STD 323-1974, STANDARD FOR QUALIFYING CLASS IE EQUIPMEfuT FOR NUCLEAR POWER GENERATING STATIONS.

IEEE STD 338-1971, TRIAL-USE CRITERIA FOR THE PERIODIC TESTING OF NUCLEAR POWER GENERATING STATION PROTECTION SYSTEMS, IEEE STD 344-1975, RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS, EXHIBIT 2D1-1

2.D.l,A CLASS IE ALARM SYSTEM E IG IEEE STD 384-1974, TRIAL-USE STANDARD CRITERIA FOR SEPARATION OF CLASS IE.

EQUIPMENT AND CIRCUITS, AS MODIFIED BY NRC REGULATORY GUIDE 1,75.

3) POWER FOR EACH REDUNDANT CLASS IE ANNUNCIATOR SHALL BE SUPPLIED FROM A SEPARATE CLASS IE 125V-DC DISTRIBUTION BUS.

4) EACH CLASS IE ANNUNCIATOR SHALL BE A UNIT INDEPENDENT FROM THE PLANT ANNUNCIATOR AND SHALL BE WITH INTEGRAL WINDOWS, HORN, POWER SUPPLY, AND LOGIC CARDS,

5) THE ANNUNCIATION SEQUENCE OF OPERATION AND TESTING FOR THE CLASS IE ANNUNCIATORS SHALL BE THE SAME AS THE PLANT ANNUNCIATOR WITH .THE FOLLOWING EXCEPTIONS:

CLASS IE ANNUNCIATOR SHALL HAVE A KEY-LOCKED ALARM ACKNOWLEDGE FUNCTION, AND CLASS IE ANNUNCIATOR DOES NOT REQUIRE A RETURN-TO-NORMAL AUDIBLE.

6) THE CLASS IE ALARM SYSTEM SHALL BE DESIGNED TO THE REQUIREMENTS FOR NUCLEAR SAFETY-RELATED SYSTEMS SUCH THAT THE DEVICES MUST MAINTAIN THEIR SAFETY-RELATED FUNCTIONAL CAPABILITY UNDER ALL NORMAL AND ABNORMAL PLANT OPERATING CONDITIONS, EXHIBIT 2D1-2

2,D,l,s CLASS IE ALARN SYSTEN S S

1) CLASS IE ALARNS ARE PROVIDED TO ALERT THE OPERATOR IN THE EVENT OF LOSS OF NUCLEAR COOLING WATER TO THE REACTOR COOLANT PUf'1PS SEAL COOLERS INADEQUATE SAFETY INJECTION TANK PRESSURE HIGH WATER LEVEL IN AN ECCS PUf'1P ROOM,

2) SILENCING OF THE ALARN AUDIBLE IS PROVIDED BY A KEY-LOCKED ALARN ACKNOWLEDGE SWITCH FOR EACH CLASS IE ANNUNCIATOR.

3) FOUR CLASS IE ANNUNCIATORS ARE PROVIDED, TWO IN INSTRUftEi4T CHANNEL A AND TWO IN INSTRUf'lENT CHANNEL B, THE INSTRUNENT CHANi4EL A ANNUNCIATORS ARE PHYSICALLY SEPARATE AND INDEPENDENT OF THE If4STRUNENT CHANNEL B ANf4UNCIATORS. THE INSTRUNEf4T CHANNEL A ANNUNCIATORS ARE SUPPLIED POWER FRON A CLASS IE 125V-DC DISTRIBUTION BUS (LOAD GROUP 1) SEPARATE FRON THE If4STRUNENT CHANNEL B ANNUNCIATORS (LOAD GROUP B),

EXHIBIT 2D1-3

2.D, l,s CLASS IE ALARM SYSTEM S S E DESC IO

4) THE FOUR CLASS IE ANNUNCIATORS ARE:

ANNUNCIATOR CHANNEL ALARMS PROVIDED J-RKA-UA-2C INADEQUATE SAFETY INJECTION TANK PRESSURE-SAFETY INJECTION TANKS 3 AND 4 HIGH WATER LEVEL IN ECCS TRAIN A PUMP ROOMS (1 ANNUNCIATOR WINDOW/PUMP ROON)

J-RKB-UA-2D INADEQUATE SAFETY INJECTION TANK PRESSURE-SAFETY INJECTION TANKS 1 AND 2 HIGH WATER LEVEL IN ECCS TRAIN B PUMP ROOMS (1 ANNUNCIATOR WINDOW/PUMP ROON)

J-RKA-UA-4D LOSS OF NUCLEAR COOLING WATER TO THE REACTOR COOLANT PUMPS SEAL COOLERS (1 ANNUNCIATOR WINDOW/PUMP)

J-RKB-UA-4E LOSS OF NUCLEAR COOLING WATER TO THE REACTOR COOLANT PUMPS SEAL COOLERS (1 ANNUNCIATOR WINDOW/PUMP)

EXHIBIT 2D1-4

2.D.l,s CLASS IE ALARN SYSTPI SSE SC I 0

5) EACH CLASS IE ANNUNCIATOR IS A UNIT WITH INTEGRAL WINDOWS, HORN, POWER SUPPLY AND ANNUNCIATOR LOGIC CARDS NOUNTED IN THE ANNUNCIATOR SECTION OF THE PIAIN CONTROL BOARDS, SEPARATE SWITCHES FOR ALARN ACKNOWLEDGE (SILENCING), FLASHER RESET, LANP RESET, AND TEST ARE LOCATED WITHIN OPERATOR REACH')

CLASS IE ALARN FUNCTIONS A) LOSS OF NUCLEAR COOLING MATER TO THE REACTOR COOLANT PUNPS SEAL COOLERS REDUNDANT SAFETY GRADE INSTRUMENT CHANNELS CONTINUOUSLY NONITOR NUCLEAR COOLING WATER FLOW TO THE SEAL COOLERS FOR EACH REACTOR COOLANT PUMP, ANNUNCIATION IS PROVIDED IF THE NUCLEAR COOLING MATER FLOW RATE IS REDUCED BELOW THE NININUM REQUIRED FOR PUNP OPERATION, NONITORING IS AVAILABLE DURING NORNAL OPERATION COINCIDENT WITH LOP, B) INADEQUATE SAFETY INJECTION TANK PRESSURE SAFETY GRADE INSTRUNENT CHANNELS NONITOR THE PRESSURE IN EACH SAFETY INJECTION TANK AND THE PRESSURIZER, ANNUNCIATION IS PROVIDED IF PRESSURE IN A SAFETY INJECTION TANK FALLS BELOW 600 PSIG WHILE PRESSURIZER PRESSURE IS ABOVE 700 PSIG, INDICATING THE UNAVAILABILITYOF THE SAFETY INJECTION TANK TO PERFORN ITS CORE FLOODING FUNCTION IN THE EVENT OF A LOCA, EXHIBIT 2D1-5

2,D.l.a CLASS IE ALARM SYSTEM 5 S E DESCR P IO C) HIGH 1'lATER LEVEL IN AN ECCS PUMP ROOM SAFETY GRADE INSTRUMENT CHANNELS MONITOR LEVEL IN THE DRAIN BASIN IN THE ROOMS FOR THE LOW PRESSURE SAFETY INJECTION PUMPS, HIGH PRESSURE SAFETY INJECTION PUMPS, AND CONTAINMENT SPRAY PUMPS, ANNUNCIATION IS PROVIDED ON A HIGH LEVEL SIGNAI INDICATING LEAKAGE IN A PUMP ROOM, EXHIBIT 2D1-6

2,D,2,A SAFETY PARAMETER DISPLAY SYSTEM

1) THE SAFETY PARAMETER DISPLAY SYSTEM (SPDS) SHALL BE PROVIDED TO ASSIST CONTROL ROOM PERSONNEL IN EVALUATING THE SAFETY STATUS OF THE PLANT. THE PRIMARY FUNCTION OF THE SPDS IS TO AID THE OPERATOR IN THE RAPID DETECTION OF ABNORMAL OPERATING CONDITIONS,

2) THE SPDS SHALL BE DESIGNED TO THE FOLLOWING CODES AND STANDARDS:

A. 10 CFR 50, APPENDIX A, GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS, JULY 15, 1971, B, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE), STANDARD 344-1975, RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS, C, NUREG-0696, FUNCTIONAL CRITERIA FOR EMERGENCY RESPONSE FACILITIES, EXHIBIT 2D2-1

2.D,2,A SAFETY PARAMETER DISPLAY SYSTEM

5) THE IMPORTANT PLANT FUNCTIONS RELATED TO THE PRIMARY SPDS DISPLAY WHILE THE PLANT IS GENERATING POWER SHALL INCLUDE BUT:"POT BE LIMITED TO:

~ REACTIVITY CONTROL

~ REACTOR CORE COOLING

~ HEAT REMOVAL FROM THE PRIMARY SYSTEM

~ REACTOR COOLANT SYSTEf'I INTEGRITY

~ RADIOACTIVITY CONTROL

~ CONTAINMENT INTEGRITY

4) THE SPDS FUNCTION IN THE CONTROL ROOM SHALL BE PROVIDED DURIiJG AND FOLLOWING ALL EVENTS EXPECTED TO OCCUR DURING THE LIFE OF THE PLANT, INCLUDING SSE,

5) THE SPDS DISPLAY SHALL TAKE ACCOUNT OF HUMAN FACTORS AND THE MAN-MACHINE INTERFACE.

THE SPDS DISPLAY SHALL BE INCORPORATED INTO THE MAIN CONTROL ROOM WITH A LOCATION THAT WILL ALLOW THE DISPLAYS TO BE EASILY OBSERVED BY THE OPERATIONS STAFF,

6) THE SPDS DISPLAY SHALL REFLECT AND BE CAPABLE OF SUPPORTING ALL OPERATIi'JG MODES.

EXHIBIT 2D2-2

0 2.D,2,A SAFETY PARAMETER DISPLAY SYSTEM

7) THE SPDS DISPLAY SHALL ALSO BE AVAILABLE IN THE TSC, SATELLITE TSC, AND EOF,

8) THE SPDS SHALL BE DESIGNED TO AN OPERATIONAL UNAVAILABILITYGOAL AS DEFINED IN NUREG 0696 OF 0,01 FOR THE DATA DISPLAY FUNCTION AT EACH FACILITY WHEN THE REACTOR IS ABOVE COLD SHUTDOWN STATUS, IN ADDITION, THE SPDS DISPLAY FUNCTION IN THE CONTROL ROOM SHALL BE DESIGNED TO AN OPERATIONAL UNAVAILABILITYGOAL OF O,2 FOR COLD SHUTDOWN STATUS INCLUDING THE REFUELING MODE, EXHIBIT 2D2-5

SAFETY PARAMETER DISPLAY SYSTEM j.) THE SPDS CONSISTS OF TWO DISPLAY SYSTEMS LOCATED IN THE CONTROL ROOM.

~ A FULL-COLOR CRT DISPLAY DRIVEN FROM THE TECHNICAL SUPPORT CENTER (TSC)

COMPUTER SYSTEM.

~ A SEISMICALLY QUALIFIED DISPLAY SYSTEM DRIVEN FROM A SEPARATE CONTROL ..

ROOM PROCESSOR SYSTEfl,

2) PLANT FUNCTIONS INCLUDED IN THE SPDS DISPLAYS ARE:

~ REACTIVITY CONTROL

~ REACTOR CORE COOLING

~ HEAT REMOVAL FROM THE PRIMARY SYSTEM

~ REACTOR COOLANT SYSTEM INTEGRITY

~ RADIOACTIVITY CONTROL

~ CONTAINMENT INTEGRITY EXHIBIT 2D2-4

0 0

NSSS (WITHIN CESSAR SCOPE)

SRP 7.7

~ STEAM BYPASS CONTROL SYSTEM PROCESS SENSORS DISPLAYS ~ FEEDWATER CONTROL SYSTEM (15% - 100%)

SYSTEM

~ PRESSURIZER LEVEL CONTROL SYSTEM VARIABLES

~ PRESSURIZER PRESSURE CONTROL SYSTEM

~ BORON CONTROL SYSTEM

~ REACTOR POWER CUTBACK SYSTEM

~ REACTOR REGULATING SYSTEM

~ CONTROL ELEMENT DRIVE MECHANISM CONTROL SYSTEM AUTOMATIC MANUAL ~ EX.CORE NEUTRON FLUX MONITORING SYSTEM CONTROL CONTROL ~ IN. CORE NEUTRON FLUX MONITORING SYSTEM

~ CORE OPERATING LIMITSUPERVISORY SYSTEM

~ PLANT MONITORING SYSTEM NSSS (OUTSIDE CESSAR SCOPE)

SRP 7.7

~ STEAM BYPASS CONTROL SYSTEM OPTION WITH 2 VALVES TO ATMOSPHERE

~ EXTENDED RANGE (0% 15%) FEEDWATER CONTROL SYSTEM PROCESS BOP SRP 7.7 CONTROL SENSORS DISPLAYS LOOSE PARTS MONITORING SYSTEM DEVICES.

CONTROL SYSTEMS NOT REQUIRED FOR SAFETY ELECTRICAL AND MECHANICALDEVICES AND CIRCUITRY REQUIRED FOR PLANT OPERATION BUT WHOSE FUNCTIONS ARE NOT ESSENTIAL FOR THE SAFETY OF THE PLANT CONTROL SYSTEMS NOT REQUIRED FOR SAFETY FIGURE 2E-1

2E,1 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY D G

1) FEEDWATER CONTROL SYSTEM EXTENDED RANGE FOR OPERATION BETWEEN 0 AND 15% POWER, THE FEEDWATER CONTROL SYSTEM (FWCS)

SHALL AUTOMATICALLY CONTROL THE STEAM GENERATOR DOWNCOMER WATER LEVEL, STEAM GENERATOR LEVEL WILL BE CONTROLLED DURING THE FOLLOWING CONDITIONS (ASSUMING THAT ALL OTHER CONTROL SYSTEMS ARE OPERATING IN AUTOMATIC):

1, STEADY STATE OPERATIONS; 2 1% PER MINUTE TURBINE LOAD RAMPS BETWEEN 0 AND 15% NSSS POWER; 3, LOSS OF ONE OF TWO OPERATING FEEDWATER PUMPS; AND 4, LOAD REJECTION OF ANY MAGNITUDE.

EXHIBIT 2E-1

2E,1 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY DESIG CR E

2) STEAM BYPASS CONTROL SYSTEM OPTION WITH TWO VALVES TO ATMOSPHERE THE CESSAR SYSTEM IS MODIFIED FOR PVNGS TO DUMP STEAM TO ATMOSPHERE THROUGH TWO OF THE TURBINE BYPASS VALVES. THESE VALVES SHALL BE THE LAST TO OPEN AND FIRST TO CLOSE DURING STEAM BYPASS OPERATION, EXHIBIT 2E-2

2E.l CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 9SI C E

5) LOOSE PARTS MONITORING SYSTEM A LOOSE PARTS MONITORING SYSTEM (LPMS) SHALL BE PROVIDED TO DETECT AND RECORD SIGNALS RESULTING FROM IMPACTS OCCURRING WITHIN THE REACTOR COOLANT SYSTEM.

EXHIBIT 2E-5

2E.2 CONTROL SYSTENS NOT REQUIRED FOR SAFETY S '

1) FEEDWATER CONTROL SYSTEN EXTENDED RANGE BELOW 15% NSSS POWER, THE FWCS PERFORI'IS DYNANIC CONPENSATION ON THE LEVEL SIGNAL TO GENERATE AN OUTPUT SIGNAL INDICATIVE OF THE REQUIRED FEEDWATER FLO>$ , THE OUTPUT SIGNAL IS USED TO GENERATE THE DOWNCOf'iER VALVE POSITION DEMAND SIGNAL, WHEN IN THIS CONTROL f"lODE THE ECONONIZER VALVE WILL BE CLOSED AND THE PUNP SPEED SETPOINT WILL BE AT ITS YiININUN VALUE, EXHIBIT 2E-4

TOTAL STEAM TOTAL REACTOR FLOW FEEDWATER POWER FLOW LEVEL Z

F ILTER FILTER LEVEL COMPARATOR 1

I La ~~~~ ass PI 15%

POWER SETPOINT COMPARATOR MANUAL/AUTO CONTROL STATION COMPARATOR TO FWCS 2 I ZERO

+

FROM I HIGH FWG$ 2 EELECT PRESET VALUE T + i OOWNCOMER ECONOMIZER PUMP VALVE VALVE PROGRAM PROGRAM PROGRAM MANUAL/AUTO MANUAL/AUTO MANUAL/AUTO CONTROL CONTROL CONTROL STATION STATION STATION TO TO TO DOWNCOMER ECONOMIZER F EEDWATER VALVE VALVE PUMP FEEDWATER CONTROL SYSTEM BLOCK DIAGRAM FIGURE 2E-2

2E,2 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY S S D SC IO

2) STEAM BYPASS CONTROL SYSTEM OPTION WITH TWO VALVES TO ATMOSPHERE THE CESSAR SYSTEM IS MODIFIED FROM 4 VALVE GROUPS TO 5 VALVE GROUPS, VALVE GROUP 5 CONTAINS THE 7TH AND Bvw STEAM BYPASS VALVES WHICH DISCHARGE TO ATMOSPHERE, VALVE GROUP 5 JS THE LAST GROUP TO SEQUENCE OPEN AND IS NOT INTERLOCKED WITH A LOSS OF CONDENSER VACUUM SIGNAL',

EXHIBIT 2E-5

AIR SUPPLY MEASURED MAIN STEAM HEADER PRESSURE ATMOSPHERE MAIN STEAM ELECTRO/

STEAM HEADER CONTROLLER PNEUMATIC FLOW PRESSURE PROGRAM CONVERTOR PRESSURIZER PRESSURIZER PRESSURE PRESSURE BIAS PROGRAM 8 TURBINE I I BYPASS VALVES I

(6 TO I I CONDENSER a

AND 2 TO I, ATMOSPHERE)

I I I I QUICK OPENING SIGNAL CHANGE COMPARATOR DETECTOR

~

I I

I I

THRESHOLD VALVE PERMISSIVE SIGNAL SETTING STEAM BYPASS CONTROL SYSTEM BLOCK DIAGRAM FIGURE 2E-3

0 '

2E,2 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY S S E DESC I

3) LOOSE PARTS MONITORING SYSTEM EIGHT HIGH TEMPERATURE PIEZOELECTRIC ACCELEROMETERS (TRANSDUCERS) WILL BE LOCATED IN THE AREAS WHERE LOOSE PARTS ARE MOST LIKELY TO BECOME ENTRAPPED.

THESE ARE:

1, TWO REDUNDANT TRANSDUCERS WILL BE CLAMP MOUNTED ON THE IN-CORE INSTRUMENT GUIDE TUBES ON THE REACTOR VESSEL LOWER HEAD, DIAMETRICALLY OPPOSED 2, TWO REDUNDANT TRANSDUCERS WILL BE STUD MOUNTED ON THE REACTOR VESSEL UPPER HEAD SERVICE STRUCTURE FLANGE, DIAMETRICALLY OPPOSED 3, TWO REDUNDANT TRANSDUCERS ON THE LOWER HEAD REGION OF EACH STEAM GENERA-TOR, ONE TRANSDUCER WILL BE CLAMPED TO THE PRIMARY INLET PIPE AND THE OTHER WILL BE CLAMPED TO THE PRIMARY OUTLET PIPE, EXHIBIT 2E-6

2E,2 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY S ST ESC IPTIO A DATA ACQUISITION PANEL LOCATED IN THE CONTROL ROOM AREA CONTAINS ALARM MODULES THAT CONTINUALLY MONITOR THE INCOMING SIGNALS FROM THE PREAMPLIFIER FOR THE PRESENCE OF IMPACTING, THE OCCURRENCE OF A LOOSE PART IMPACTING ON THE INSIDE OF THE STRUCTURE CAUSES BURSTS OF SIGNALS THAT EXCEED THE ALARM SET POINT AND TRIGGER THE

ALARM, THE DATA ACQUISITION PANEL INCLUDES TAPE RECORDERS WITH PLAYBACK AND AN AUDIO MONITOR, EXHIBIT 2E-7

CONPLIANCE WITH REGULATORY REQUI RENENTS EXHIBIT 5-i

REGULATORY REQUIREMENTS STANDARD REVIEW PLANS 7.1 THRU 7.7, REV.1 I

I I

I GENERAL BRANCH REGULATORY IEEE I DESIGN TECHNICAL ISE BULLETINS NUREG.0737 GUIDES STANDARDS CRITERIA POSITIONS I I

AS APPLICABLE PER SRP TABLE 7-1 I FIGURE 3-1

SUMMARY

OF REGULATORY REQUIREMENTS

INSTRUMENTATIONAN D CONTROLS STANDARD REVIEW PLAN 7.1, REV. 1 TABLE 7-1 ENGINEERED SAFETY- ALL OTHER NON-SAF ETY REACTOR SAFE SAFETY RELATED SAF ETY- RELATED TRIP FEATURE SHUTDOWN DISPLAY RELATED CONTROL SYSTEM SYSTEMS SYSTEMS INSTRUMENTATION INSTRUMENTATION SYSTEMS SRP 7.2, REV.1 SRP 7.3, REV.1 SRP 7.4, REV.1 SRP,7.5, REV. 1 SRP 7.6, REV.1 SRP 7.7, REV. 1 I

I BOP BOP BOP BOP BOP I

gee ~~ mal I

NSSS INTERFACE I

NSSS NSSS NSSS NSSS NSSS NSSS SCOPE OF BOP INSTRUMENTATION AND CONTROLS REVIEW BOARD FIGURE 3A-1

SRP SEC THE GENERAL DESIGN CRITERIA AND IEEE STD 279 SET FORTH IN C011PLIANCE REQUIREMENTS THAT MUST BE MET BY ALL DESIGNS FOR THE ESFAS IN ADDITION> THESE ARE ALSO USED FOR THE INSTRUMENTATION AND CONTROLS FOR THE ESSENTIAL AUXILIARY SUPPORTING SYSTEMS s EXHIBIT 5A-1

S C S SC 0 74 1, SY E RE U Y GENERAL DESIGN CRITERIA 26, 33 AND 34, AND IEEE STD 279 IN CONPLIANCE SPECIFY THE REQUIREMENTS THAT SYSTEMS REQUIRED FOR SAFE SHUTDOWNS AMONG OTHERS> MUST MEET WITH REGARD TO ALL OPERATING CONDITIONS (SUCH AS LOSS OF OFFSITE POWER)i SO THAT THEY CAN PERFORM THEIR SAFETY FUNCTION ASSUMING A SINGLE FAILURE IF A DETERMINATION IS MADE THAT THE SYSTEMS REQUIRED FOR SAFE SHUTDOWN MEET THE REQUIREMENTS OF THESE CRITERIA'HEY ARE ACCEPTABLE IN THIS REGARDS ELECTRICAL AND PHYSICAL INDEPENDENCE REQUIREMENTS AS DIS-CUSSED IN SRP SECTIONS 7 2 AND 7 3 SHOULD BE MET 2 CONFORMACEWT S G E UE CRI E 0 I EEE STD 279' EEE STD 379'ND REGULATQRY GUIDE 1, 53 PRO- IN CONPLIANCE VIDE RECOMMENDATIONS AND GUIDANCE FOR MEETING THE SINGLE FAILURE CRITERION REGARDING THE APPLICATION OF THE SINGLE FAILURE CRITERION TO THE DESIGN OF MANUALLY CONTROLLED ELECTRICALLY-OPERATED VALVES> THE ACCEPTABILITY OF PROPOSED DESIGNS IS BASED ON BRANCH TECHNICAL POSITION ICSB 18 EXHIBIT 3A-2

e S S 0 7, (CONT) 3, DE IF I 0 S A S S U THE METHOD USED FOR IDENTIFYING POWER AND SIGNAL CABLES AND IN CONPLIANCE CABLE TRAYS AS SAFETY-RELATED EQUIPMENT> AND THE IDENTIFICA-TION SCHEME USED TO DISTINGUISH BETWEEN REDUNDANT CABLES'ABLE TRAYS'ND INSTRUMENT PANEL'S SHOULD BE IN ACCORDANCE WITH THE RECOMMENDATIONS OF SECTIONS 5.1.2 AND Dc6s3 OF REGULATORY GUIDE 1 75> PHYSICAL INDEPENDENCE OF ELECTRIC SYSTEMS'ND SECTION 4,2 2 OF IEEE STD 279 COLOR CODING IS A PREFERRED METHOD OF IDENTIFICATIONs 4, VI AL SUPPO G S E S THE INSTRUMENTATION'ONTROLS AND ELECTRIC EQUIPMENT ASSO- IN CONPLIANCE CIATED WITH THE AUXILIARY SYSTEMS THAT SUPPORT THE SYSTEMS REQUIRED FOR SAFE SHUTDOWN SHOULD MEET THE SAME ACCEPTANCE CRITERIA AS FOR THE SYSTEMS THEY SUPPORTS EXHIBIT 3A-3

SRP SEC 0 7 (coNT)

Si SYS E ES I G SS C C GENERAL DESIGN CRITERIA 1 AND 21, IEEE STD 279' EEE STD 336, IN COMPLIANCE AND REGULATORY GUIDES 1 22, 1 47 AND 1,68 CONTAIN THE APPLI-CABLE ACCEPTANCE CRITERIA WITH REGARD TO PREOPERATION AND PERIODIC TESTINGS QUALITY ASSURANCES AND DESIGN PROVISIONS FOR INDICATING THE AVAILABILITYOF SYSTEMS REQUIRED FOR-SAFE SHUTDOWN. AND ESSENTIAL AUXILIARY SUPPORTING SYSTEMS<

EXHIBIT 3A-4

0 S SC 75 1 THE SRDI SHOULD COVER APPROPRIATE VARIABLES, CONSISTENT IN CONPLIANCE WITH THE ASSUMPTIONS FOR ACCIDENT ANALYSES AND WITH THE INFORMATION NEEDS OF THE OPERATORS IN NORMAL'RANSIENTS AND ACCIDENT CONDITIONS'HE DESIGN OF THE POST-ACCIDENT SRDI SHOULD CONFORM TO THE RECOMMENDATIONS OF REGULATORY GUIDE 1,97, THE ACCURACY AND RANGE OF INDICATING INSTRU-MENTATION SHOULD BE CONSISTENT WITH THE ASSUMPTIONS OF THE ACCIDENT ANALYSES) ANY EXCEPTIONS TO THESE REQUIREMENTS WILL BE REFERRED TO THE APPROPRIATE BRANCH FOR RESOLUTION ON AN INDIVIDUAL CASE BAS IS s 2, ALL MONITORING CHANNELS SHOULD BE REDUNDANT'O ASSURE THAT IN CONPLIANCE WRONG INDICATION DUE TO DEVICE MALFUNCTION WILL NOT CAUSE FALSE ACTION OR INACTION ON THE PART OF THE OPERATORs IDENTIFICATION MALFUNCTIONS CAN BE IDENTIFIED BY CROSS CHECKING BETWEEN REDUNDANT CHANNELS s EXHIBIT 5A-5

SRP S C IO . 5 (coNT)

QU T 3 REDUNDANT CHANNELS OF SAFETY-RELATED DISPLAY INSTRUMEN- IN CONPLIANCE TATION SHOULD BE ISOLATED PHYSICALLY AND ELECTRICALLY TO ASSURE THAT A SINGLE FAILURE WILL NOT RESULT IN COMPLETE LOSS OF INFORMATION ABOUT A MONITORED VARIABLE SINGLE FAILURES MIGHT INCLUDE SUCH POSSIBLE FAULTS AS SHORTS OR OPEN CIRCUITS OR INTERCONNECTING SIGNAL OR POWER CABLES>

IT ALSO INCLUDES SINGLE CREDIBLE MALFUNCTIONS OR EVENTS THAT MIGHT CAUSE A NUMBER OF SUBSEQUENT COMPONENTS MODULE>

OR CHANNEL FAILURESs ALL SRDI=SHOULD BE CAPABLE OF OPERAT-ING FROM ONSITE POWER IF SIGNALS FROM THE POST-ACCIDENT MONITORING EQUIPMENT ARE USED FOR CONTROLS THE REQUIRED ISOLATION DEVICES WILL BE CLASSIFIED AS PART OF THE POST-ACCIDENT MONITORING INSTRUMENTATION NO CREDIBLE FAILURE AT THE OUTPUT OF AN ISOLATION DEVICE SHOULD PREVENT THE ASSOCIATED MONITORING CHANNEL FROM MEETING MINIMUM PERFOR-MANCE REQUIREMENTS CONSIDERED IN THE DESIGN BASEST EXHIBIT 3A-6

SRPSC 0 (CONT) 0s CAPABILITY SHOULD BE PROVIDED FOR CHECKING> WITH A HIGH IN COMPLIANCE DEGREE OF CONFIDENCE> THE OPERATIONAL AVAILABILITYOF EACH SYSTEM INPUT SENSOR DURING REACTOR OPERATION AN ACCEPT-ABLE WAY OF ACCOMPLISHING THIS WOULD BE BYl A PERTURBATING THE MONITORED VARIABLE AND OBSERVING THE RESULTING INDICATIONS i B, INTRODUCING AND VARYING A SUBSTITUTE INPUT TO THE SENSOR OF THE SAME NATURE AS THE MEASURED VARIABLEs C, CROSS CHECKING BETWEEN CHANNELS THAT BEAR A KNOWN RELATIONSHIP TO EACH OTHER AND THAT HAVE READOUTS AVAILABLEi FOR CHANNELS WHICH MONITOR A NORMALLY STATIC PARAMETER>

PROVISIONS SHOULD BE MADE TO ALLOW PERIODIC TESTING IN ACCORDANCE WITH REGULATORY 6U IDE j. 22'HEREBY VERIFYING CHANNEL OPERABILITY EXHIBIT 3A-7

SPS ,5 (CONT) 5 AN INDICATION SYSTEM SHOULD BE PROVIDED COVERING BYPASSED IN COMPLIANCE OR DELIBERATELY INOPERABLE CONDITIONS OF SAFETY SYSTEMS>

GUIDELINES FOR THE INDICATION SYSTEM ARE PROVIDED IN REGU-LATORY GUIDE 1 47 AND BRANCH TECHNICAL POSITION ICSB 21 6s CABLES> CABLE TRAYS, COMPONENTS'ODULES> AND INTERCONNECT- IN COMPLIANCE ING WIRING SHOULD BE IDENTIFIED> THE METHOD USED FOR IDENTIFICATION AND THE SCHEME USED TO DISTINGUISH BETWEEN REDUNDANT CABLES'ABLE TRAYS'OMPONENTS'ODULES'ND INTERCONNECTING WIRING ARE ACCEPTABLE IF THEY ARE IN ACCOR-DANCE WITH THE RECOMMENDATIONS OF REGULATORY 6UIDE 1,75, 7i COMPONENTS AND MODULES SHOULD BE OF A QUALITY CONSISTENT IN COMPLIANCE WITH THE RELIABILITY REQUIREMENTS FOR SAFETY-RELATED SYSTEMS<

AN ACCEPTABLE QUALITY WOULD BE THAT OF COMPONENTS AND MODULES THAT HAVE BEEN PREVIOUSLY USED IN SIMILAR SERVICE CONDITIONS AND HAVE DEMONSTRATED LOW MAINTENANCE REQUIREMENTS AND FAIL-URE RATES OTHER MEANS TO DEMONSTRATE ACCEPTABLE QUALITY WOULD BE THROUGH ANALYSIS AND TESTING OF COMPONENTS AND MOD-ULES'N ACCORDANCE WITH CRITERIA CITED IN TABLE 7-li EXHIBIT 3A-8

(CONT) 8, IN ORDER TO ASSURE THAT THE REQUIREMENTS OF 6ENERAL DESIGN -

IN CONPLIANCE CRITERION li EQUALITY STANDARDS AND RECORDS> ARE MET IN THE SRDIi THE QUALITY ASSURANCE PROGRAM MUST SATISFY THE REQUIRE-MENTS OF IEEE STD 336, AS AMPLIFIED BY REGULATORY 6UIDE l>30)

EXHIBIT 3A-9

S P SEC 0 .6 EQ 1 SS ED C U GDC 26 AND 33 AND IEEE STD 279 SPECIFY THE REQUIREMENTS THAT CONPLIANCE OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY'MONG.

OTHERS> MUST MEET WITH REGARD TO ALL OPERATING CONDITIONS (SUCH AS LOSS OF OFFSITE POWER)i SO THAT THEY CAN PERFORM NEEDED SAFETY FUNCTIONS ASSUMING A SINGLE FAILUREs IF A DETERMINATION IS MADE THAT THESE SYSTEMS MEET THE REQUIRE-REQUIREMENTS'N MENTS OF THESE REDUNDANCY CRITERIA'HEY ARE ACCEPTABLE WITH REGARD TO EXHIBIT 3A-10

SRP S C IO 6 (CONT) 2, 0 0 IEEE STO 279, IEEE STO 379, AND REGULATORY 6UIOE 1.53 PROVIOE IN CONPLIANCE THAT SAFETY SYSTEMS SHOULD BE CAPABLE OF PERFORMING NEEDED SAFETY FUNCTIONS AFTER SUSTAINING A SINGLE FAILURES REGARD-ING THE APPLICATION OF THE SINGLE FAILURE CRITERION TO THE DESIGN OF MANUALLY-CONTROLLED ELECTRICALLY-OPERATED VALVES IN SAFETY SYSTEMS> THE ACCEPTABILITY OF PROPOSED DESIGNS IS BASED ON BRANCH TECHNICAL POSITION ICSB 18 (PSB) THIS POSITION STATES THAT IT IS ACCEPTABLE TO DISCONNECT ELECTRIC POWER TO A SAFETY-RELATED VALVE AS A MEANS OF DESIGNING AGAINST AN ACTIVE VALVE MALFUNCTIONS THE REQUIREMENTS FOR TOLERANCE OF SINGLE FAILURES IN FIRE DETECTION SYSTEMS ARE GIVEN IN NFPA 72D, E C THE METHOD USED FOR IDENTIFYING POWER AND SIGNAL CABLES AND IN CONPLIANCE RACEWAYS AS SAFETY RELATED EQUIPMENTS AND THE IDENTIFICATION SCHEME USED TO DI STINGUI SH 'BETWEEN REDUNDANT CABLES'ACEWAYS>

AND INSTRUMENT PANELS SHOULD BE IN ACCORDANCE WITH THE RECOM-MENDATIONS OF REGULATORY 6UIDE 1 75 EXHIBIT 3A-11

(CONT) 0 THE INSTRUMENTATION'ONTROLS AND ELECTRIC EQUIPMENT IN COf"lPLIANCE ASSOCIATED WITH AUXILIARY SYSTEMS THAT SUPPORT OTHER SYSTEMS REQUIRED FOR SAFETY SHOULD MEET THE SAME ACCEPTANCE CRITERIA AS THE SYSTEMS THEY SUPPORTS GDC 1 AND 21, IEEE STDS 279, 336, AND 338; AND REGULATORY IN CONPLIANCE GUIDES 1,22, 1,47, 1,68, AND 1,118 CONTAIN THE APPLICABLE ACCEPTANCE CRITERIA WITH REGARD TO PREOPERATIONAL AND PERIODIC TESTI NGr QUALITY ASSURANCES AND DESIGN PROVISIONS FOR INDICATING THE AVAILABILITYOF OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY s EXHIBIT 3A-12

S C SRP SEC IO li 0 0 I

INSTRUMENTATION SHOULD BE PROVIDED TO MONITOR VARIABLES IN CONPLIANCE AND SYSTEMS OVER THEIR ANTICIPATED RANGES FOR NORMAL OPERATION AND FOR ANTICIPATED OPERATIONAL OCCURRENCES AS APPROPRIATE TO MINIMIZE CHALLENGES TO SAFETY SYSTEMS ~

APPROPRIATE CONTROLS SHOULD BE PROVIDED TO MAINTAIN THESE VARIABLES AND SYSTEMS WITHIN PRESCRIBED OPERATING RANGES>

2e 0 0 C 0

THE PROTECTION SYSTEM SHALL BE SEPARATED FROM CONTROL CONPLIANCE SYSTEMS TO THE EXTENT THAT FAILURE OF ANY SINGLE CONTROL SYSTEM COMPONENT OR CHANNEL WHICH IS COMMON TO CONTROL AND PROTECTION SYSTEMS SHALL NOT VIOLATE THE RELIABILITY'EDUNDANCY'ND INDEPENDENCE REQUIREMENTS OF THE PROTECTION SYSTEMs THE INTERCONNECTIONS BETWEEN THE IMPAIRED'N PROTECTION AND CONTROL SYSTEM SHALL BE LIMITED SO AS TO ASSURE THAT SAFETY IS NOT SIGNIFICANTLY EXHIBIT 3A-13

SP CC (CONT) 0 0 C 0 Po C O Ss THE DIRECT CIRCUIT-TO-CIRCUIT AND FUNCTIONAL INTERACTIONS IN CONPLIANCE BETWEEN CONTROL AND PROTECTION SYSTEMS FOR SINGLE RANDOM OR MULTIPLE FAILURES IN THE CONTROL SYSTEM SHALL NOT PREVENT THE PROTECTION SYSTEM CHANNEL FROM MEETING THE MINIMUM PERFORMANCE REQUIREMENTS SPECIFIED IN THE DESIGN BASEST EXHIBIT 3A-14

0 KEY TO ACCEPTANCE CRITERIA COMPLIANCE STATEMENT C = IN COMPLIANCE NSSS = WITHIN CESSAR SCOPE I = CESSAR INTERFACE REQUIREMENT, IN COMPLIANCE N/A = NOT APPLICABLE PER SRP TABLE 7-1 I/C = CESSAR INTERFACE REQUIREMENT, IN COMPLIANCE FOR NSSS SCOPE/

IN COMPLIANCE FOR BOP SCOPE EXHIBIT 3A-15

SRP ACCEPTANCE CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL 10 CFR 50.34, CONTENTS OF APPLICATIONS: TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS TECHNICAL INFORMATION SYSTEM FEATURE FOR SAFE DISPLAY ME NTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED ME NTATION . REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY ALL APPLICATIONS REQUIRED OF A UTILITY NSSS TO LICENSE A NUCLEAR POWER PLANT MUST INCLUDE A PRELIMINARY SAFETY ANALYSIS REPORT (PSAR) AND A FINAL SAFETY ANALYSIS REPORT (FSAR).

10 CFR 50. 36, TECHNICAL SPECIFICATIONS REEERIRENEIIT EACH APPLICANT SHALL INCLUDE IN THEIR NSSS N/A APPLICATION PROPOSED TECHNICAL SPECIFICATIONS.

10 CFR 50.55A, CODES AND STANDARDS REITII ENTNT ALL OPERATING LICENSES AND CONSTRUCTION NSSS PERMITS WILL BE SUBJECT TO THE QUALITY STANDARDS AND CODES AND SHALL DEMONSTRATE COMPLIANCE WITH IEEE

. 279-1971 EXHIBIT 3A-16

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 1, QUALITY REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL STANDARDS AND RECORDS TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED REQUIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY STRUCTURES, SYSTEMS AND COMPONENTS NSSS I/C I/C I/C I/C N/A IMPORTANT TO SAFETY SHALL BE DESIGNED, FABRICATED, ERECTED, AND TESTED TO QUALITY STANDARDS COMMENSURATE WITH THE IMPORTANCE OF THE SAFETY FUNCTIONS TO BE PERFORMED.

GENERAL DESIGN CRITERION 2, DESIGN BASES FOR PROTECTION AGAINST NATURAL PHENOMENA EttU REMENT STRUCTURES, SYSTEMS, AND COMPONENTS I/C I/C I/C I/C N/A IMPORTANT TO SAFETY SHALL BE DESIGNED TO WITHSTAND THE EFFECTS OF NATURAL PHENOMENA SUCH AS EARTHQUAKES, TORNA-DOES, HURRICANES, FLOODS, TSUNAMI, AND SEICHES WITHOUT LOSS OF CAPABILITY TO PERFORM THEIR SAFETY FUNCTIONS.

EXHIBIT 3B-1

0 GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 GENERAL DESIGN CRITERION 3, FIRE 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL PROTECTION TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED RE UIREHENT MENTATION REQUIRED FOR SAFETY FOR SAFETY STRUCTURES, SYSTEMS, AND COMPONENTS I/C I/C I/C I/C N/A IMPORTANT TO SAFETY SHALL BE DESIGNED AND LOCATED TO MINIMIZE, CONSISTENT WITH OTHER SAFETY REQUIREMENTS, THE PROBABILITY AND EFFECT OF FIRES AND EXPLOSIONS.

GENERAL DESIGN CRITERION 4, ENVIRON-MENTAL AND MISSILE DESIGN BASES RE UIRENENT STRUCTURES, SYSTEMS, AND COMPONENTS I/C I/C I/C I/C N/A IMPORTANT TO SAFETY SHALL BE DESIGNED FOR THE ENVIRONMENTAL CONDITIONS ASSOCIATED WITH NORMAL OPERATION, MAINTENANCE, TESTING, AND POSTULATED ACCIDENTS, INCLUDING LOSS-OF-COOLANT ACCIDENTS'ND PROTECTED AGAINST DYNAMIC EFFECTS, INCLUDING MISSILES, PIPE WHIPP-ING, AND DISCHARGING FLUIDS.

EXHIBIT 38-2

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 5, SHARING OF REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS STRUCTURES, SYSTEMS AND COMPONENTS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY STRUCTURES, SYSTEMS, AND COMPONENTS NSSS C N/A IMPORTANT TO SAFETY SHALL NOT BE SHARED BETWEEN NUCLEAR POWER UNITS UNLESS IT IS SHOWN THAT SHARING WILL NOT IMPAIR THEIR ABILITY TO PERFORM THEIR SAFETY FUNCTIONS, INCLUDING, IN THE EVENT OF AN ACCIDENT IN ONE UNIT, AN ORDERLY SHUTDOWN AND COOLDOWN OF THE REMAINING UNITS.

GENERAL DESIGN CRITERION 10, REACTOR DESIGN REQUIREMENT THE REACTOR CORE AND ASSOCIATED COOLANT, NSSS SCOPE CONTROL, AND PROTECTION SYSTEMS SHALL BE DESIGNED WITH APPROPRIATE MARGIN TO ASSURE FUEL DESIGN LIMITS ARE NOT EXCEEDED DURING ANY CONDITION OF NORMAL OPERATION.

EXHIBIT 3B-3

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 .

GENERAL DESIGN CRITERION 12, SUPPRES- ENGINEERED SYSTEMS SAFETY MENTATIONON ALL OTHER CONTROL REACTOR SAFETY REQUIRED RELATED INSTRU- SYSTEMS SION OF REACTOR POWER OSCILLATIONS SYSTEM FEATURE FOR SAFE DISPLAY NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED ME NTATI0 N REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY THE REACTOR CORE AND ASSOCIATED COOLANT, NSSS SCOPE CONTROL, AND PROTECTION SYSTEMS SHALL BE DESIGNED TO ASSURE THAT POWER OSCIL-LATIONS WHICH CAN RESULT IN CONDITIONS EXCEEDING FUEL DESIGN LIMITS ARE NOT POSSIBLE OR CAN BE RELIABLY AND READILY DETECTED AND SUPPRESSED.

EXHIBIT 3B-4

GENERAL DESIGN CRITERIA REFERENCE'RP TABLE 7-1 7.2 7.3 7A 7.5 7.6 7.7 GENERAL DESIGN CRITERION 13, INSTRUMEN- REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS TATION AND CONTROL FEATURE DISPLAY SYSTEM FOR SAFE MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY INSTRUMENTATION AND CONTROL SHALL BE NSSS C PROVIDED TO MONITOR VARIABLES AND SYS-TEMS OVER THEIR ANTICIPATED RANGES FOR NORMAL OPERATION, AND FOR ACCIDENT CON-DITIONS TO ASSURE ADEQUATE SAFETY.

APPROPRIATE CONTROLS SHALL BE PROVIDED TO MAINTAIN THESE VARIABLES AND SYSTEMS WITHIN PRESCRIBED OPERATING RANGES.

EXHIBIT 3B-5

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 15, REACTOR REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL COOLANT SYSTEM DESIGN TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS

. SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT MENTATION SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED RE UIREMENT N REQUIRED FOR SAFETY FOR SAFETY THE REACTOR COOLANT SYSTEM AND ASSO- NSSS SCOPE CIATED AUXILIARY, CONTROL, AND PROTEC-TION SYSTEMS SHALL BE DESIGNED WITH SUFFICIENT MARGIN TO ASSURE THAT THE DESIGN CONDITIONS OF THE REACTOR COOLANT PRESSURE BOUNDARY ARE NOT EXCEEDED.

GENERAL DESIGN CRITERION 19, CONTROL ROOM Rf UIREMENT A CONTROL ROOM SHALL BE PROVIDED FROM I/C I/C I/C I/C I/C WHICH ACTIONS CAN BE TAKEN TO OPERATE THE NUCLEAR POWER UNIT SAFELY UNDER NOR-MAL CONDITIONS AND TO MAINTAIN IT IN A SAFE CONDITION UNDER ACCIDENT CONDITIONS.

EQUIPMENT AT APPROPRIATE LOCATIONS OUT-SIDE THE CONTROL ROOM SHALL BE PROVIDED WITH DESIGN CAPABILITY FOR PROMPT HOT SHUTDOWN, INCLUDING NECESSARY INSTRUMEN-TATION AND CONTROLS, AND POTENTIAL CAPA-BILITY FOR SUBSEQUENT COLD SHUTDOWN.

EXHIBIT 3B-6

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 20, PROTECTION REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U. SYSTEMS SYSTEM FUNCTIONS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY THE PROTECTION SYSTEM SHALL BE DESIGNED NSSS N/A (1) TO INITIATE AUTOMATICALLY, TO ASSURE THAT SPECIFIED ACCEPTABLE FUEL DESIGN LIMITS ARE NOT EXCEEDED AND (2) TO SENSE ACCIDENT CONDITIONS AND TO INITIATE THE OPERATION OF SYSTEMS AND COMPONENTS IMPORTANT TO SAFETY.

CLARIFICATION THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM IS MANUALLY INITIATED.

EXHIBIT 3B-7

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 21, PROTECTION REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM RELIABILITY AND TESTABILITY SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY THE PROTECTION SYSTEM SHALL BE DESIGNED NSSS N/A FOR HIGH FUNCTIONAL RELIABILITY AND INSERVICE TESTABILITY WITH. ADEQUATE SUFFICIENT REDUNDANCY AND INDEPENDENCE.

CLARIFICATION THE BOP ESFAS "ONE-OUT-OF-TWO" SYSTEMS DO NOT MEET THE SINGLE FAILURE CRITERION DURING CHANNEL BYPASS. THE BYPASS TIME INTERVAL REQUIRED FOR MAINTENANCE IS A SHORT TIME INTERVAL. THE PROBABILITY OF FAILURE OF THE REMAINING CHANNEL IS LOW DURING .SUCH MAINTENANCE PERIODS.

EXHIBIT 3B-8

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 22, PROTECTION REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL SYSTEM INDEPENDENCE TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED RE UIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY THE PROTECTION SYSTEM SHALL BE DESIGNED NSSS C ~

N/A TO ASSURE THAT THE EFFECTS OF NATURAL PHENOMENA, AND OF NORMAL OPERATING, MAIN-TENANCE, TESTING, AND POSTULATED ACCIDEN CONDITIONS DO NOT RESULT IN LOSS OF THE PROTECTION FUNCTION.

GENERAL DESIGN CRITERION 23, PROTECTION SYSTEM FAILURE MODES RE UIREMENT THE PROTECTION SYSTEM SHALL BE DESIGNED NSSS N/A TO FAIL INTO A SAFE STATE IF CONDITIONS SUCH AS DISCONNECTION OF THE SYSTEM, LOS OF ENERGY, OR POSTULATED ADVERSE ENVIRON-MENTS ARE EXPERIENCED.

EXHIBIT 3B-9

0 GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 24, SEPARATION REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED - INSTRU- SYSTEMS OF PROTECTION AND CONTROL SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY THE PROTECTION SYSTEM SHALL BE SEPARATED NSSS FROM CONTROL SYSTEMS SUCH THAT FAILURE OF ANY SINGLE CONTROL SYSTEM COMPONENT OR CHANNEL, COMMON TO BOTH'LEAVES INTACT A SYSTEM SATISFYING ALL RE(UIREMENTS OF THE PROTECTION SYSTEM.

EXHIBIT 3B-10

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.3 7.4 7.6 7.6 7.7 GENERAL DESIGN CRITERION 25, PROTECTION EN G I NE ER ED SYSTEMS SAFETY ALL OTHER CONTROL SYSTEM RE(UIREMENT FOR REACTIVITY CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS FEATURE FOR SAFE DISPLAY MENTATION NOT MALFUNCTIONS SYSTEMS SHUTDOIVN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY RE UIREMENT THE PROTECTION SYSTEM SHALL BE DESIGNED NSSS SCOPE TO ASSURE THAT SPECIFIED ACCEPTABLE FUEL DESIGN LIMITS ARE NOT EXCEEDED FOR ANY SINGLE MALFUNCTION OF THE REACTIVITY CONTROL SYSTEMS.

GENERAL DESIGN CRITERION 26, REACTIVITY CONTROL SYSTEM REDUNDANCY AND CAPABILITY RE UIREMENT TWO INDEPENDENT REACTIVITY CONTROL NSSS SCOPE SYSTEMS OF DIFFERENT DESIGN PRINCIPLES SHALL BE PROVIDED.

EXHIBIT 3B-11

0 GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.6 7.6 7.7 GENERAL DESIGN CRITERION 27, COMBINED.

REACTOR ENGINE ERED SYSTEMS SAFETY ALL OTHER CONTROL REACTIVITY CONTROL SYSTEMS CAPABILITY TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE 'FOR SAFE DISPLAY MfNTATION NOT SYSTEMS SHUTDOlVN INSTR U. SYSTEMS REQUIRED RE UIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY THE REACTIVITY CONTROL SYSTEMS SHALL BE NSSS SCOPE DESIGNED TO HAVE A COMBINED CAPABILITY, POISON ADDITION AND RELIABILITY CONTROL-LING REACTIVITY CHANGES.

GENERAL DESIGN CRITERION 28, REACTIVITY LIMITS RE UIREMENT THE REACTIVITY CONTROL SYSTEMS SHALL BE NSSS SCOPE DESIGNED IIITH APPROPRIATE LIMITS ON THE POTENTIAL AMOUNT AND RATE OF REACTIVITY INCREASE.

EXHIBIT 3B-12

0 GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 29, PROTECTION REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS AGAINST ANTICIPATED OPERATIONAL CHANGES SYSTEM FEATURE FOR SAFE DISPLAY ME NTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY THE PROTECTION AND REACTIVITY CONTROL NSSS SYSTEMS SHALL BE DESIGNED TO ASSURE AN EXTREMELY HIGH PROBABILITY OF ACCOMPLISH-.

ING THEIR SAFETY FUNCTIONS IN THE EVENT OF ANTICIPATED OPERATIONAL OCCURRENCES.

GENERAL DESIGN CRITERION 33, REACTOR COOLANT MAKEUP RE UIREMENT A SYSTEM TO SUPPLY REACTOR COOLANT MAKEUP NSSS SCOPE FOR PROTECTION AGAINST SMALL BREAKS IN THE REACTOR COOLANT PRESSURE BOUNDARY SHALL BE PROVIDED.

EXHIBIT 3B-13

GENERAL DESIGN CRITERIA

REFERENCE:

'RP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 34, RESIDUAL REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL HEAT REMOVAL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATI0 N NOT SYSTEMS SHUTDOINN INSTRU- SYSTEMS REQUIRED RE UIREHENT MENTATION REQUIRED FOR SAFETY FOR SAFETY A SYSTEM TO REMOVE RESIDUAL HEAT SHALL N/A N/A BE PROVIDED EXHIBIT 3B-14

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 35, EMERGENCY REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS CORE COOLING SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOLVN INSTR U. SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREHENT FOR SAFETY A SYSTEM TO PROVIDE ABUNDANT EMERGENCY NSSS SCOPE CORE COOLING SHALL BE PROVIDED.

GENERAL DESIGN CRITERION 37, TESTING OF EMERGENCY CORE COOLING SYSTEM RE UIREHENT THE EMERGENCY CORE COOLING SYSTEM SHALL NSSS SCOPE BE DESIGNED TO PERMIT APPROPRIATE PERI-ODIC PRESSURE AND FUNCTIONAL TESTING.

EXHIBIT 3B-15

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1

• 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 38, CONTAINMENT REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL HEAT REMOVAL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY ME NTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED RE UIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY-A SYSTEM TO REMOVE HEAT FROM THE REACTOR NSSS SCOPE CONTAINMENT SHALL BE PROVIDED.

GENERAL DESIGN CRITERION 40, TESTING OF CONTAINMENT HEAT REMOVAL SYSTEM RE UIREMENT THE CONTAINMENT HEAT REMOVAL SYSTEM SHALL NSSS SCOPE BE DESIGNED TO PERMIT APPROPRIATE PERI-ODIC PRESSURE AND FUNCTIONAL TESTING.

EXHIBIT 38-16

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 41, CONTAINMENT REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL ATMOSPHERE CLEANUP TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT MENTATION SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED RE UIREMENT N REQUIRED FOR SAFETY FOR SAFETY SYSTEMS TO CONTROL FISSION PRODUCTS, N/A N/A N/A HYDROGEN, OXYGEN, AND OTHER SUBSTANCES WHICH MAY BE RELEASED INTO THE REACTOR CONTAINMENT SHALL BE PROVIDED AS NECES- .

SARY TO REDUCE THE CONCENTRATION AND QUALITY OF FISSION PRODUCTS, RELEASED TO THE ENVIRONMENT FOLLOWING POSTULATED ACCIDENTS.

EXHIBIT 3B-17

0 GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7;6 7.7 GENERAL DESIGN CRITERION 43, TESTING OF SAFETY ALL OTHER REACTOR ENGINEERED SYSTEMS CONTROL CONTAINMENT ATMOSPHERE CLEANUP SYSTEMS TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED RE UIREME NT ME NTATI0 N REQUIRED FOR SAFETY FOR SAFETY THE CONTAINMENT ATMOSPHERE CLEANUP SYS- N/A N/A N/A TEMS SHALL BE DESIGNED TO PERMIT APPRO-PRIATE PERIODIC PRESSURE AND FUNCTIONAL TESTING.

GENERAL DESIGN CRITERION 44, COOLING WATER RE UIREMENT A SYSTEM TO TRANSFER HEAT FROM STRUC- N/A N/A TURES, SYSTEMS, AND COMPONENTS IMPORTANT TO SAFETY, TO AN ULTIMATE HEAT SINK SHALL BE PROVIDED.

EXHIBIT 3B-18

S GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 46, TESTING OF REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL COOLING 'WATER SYSTEM TRIP SAFETY REQUIRED RELATED MENTATIONN INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY NOT SYSTEMS SHUTDOWN INSTR U. SYSTEMS REQUIRED RE UIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY t

THE COOLING WATER SYSTEM SHALL BE N/A N/A DESIGNED TO PfRMIT APPROPRIATE PERIODIC PRESSURE AND FUNCTIONAL TESTING.

GENERAL DESIGN CRITfRION 50, CONTAINMENT DESIGN BASIS RE UIREMENT THE REACTOR CONTAINMENT STRUCTURE, N/A N/A N/A INCLUDING ACCESS OPENINGS, PENfTRATIONS, AND THE CONTAINMENT HEAT REMOVAL SYSTEM, SHALL BE DESIGNED TO ACCOMMODATE, WITH-OUT fXCEEDING THE DESIGN LEAKAGE RATE AND WITH SUFFICIENT MARGIN, THE CALCU- .

LATED PRESSURE Al'ID TEMPERATURE CONDITIONS RESULTING FROM ANY LOSS-OF-COOLANT ACCIDENT.

EXHIBIT 3B-19

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 54, PIPING REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL SYSTEMS PENETRATING CONTAINMENT TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED RE UIREMENT ME NTATI0 N REQUIRED FOR SAFETY FOR SAFETY PIPING SYSTEMS PENETRATING PRIMARY N/A N/A N/A REACTOR CONTAINMENT SHALL BE PROVIDED WITH LEAK DETECTION, ISOLATION, AND CONTAINMENT CAPABILITIES.

GENERAL DESIGN CRITERION 55, REACTOR COOLANT PRESSURE BOUNDARY PENETRATING CONTAINMENT RE UIREfCENT EACH LINE THAT IS PART OF THE REACTOR N/A N/A N/A COOLANT PRESSURE BOUNDARY AND THAT PENETRATES PRIMARY REACTOR CONTAINMENT SHALL BE PROVIDED WITH CONTAINMENT ISOLATION VALVES.

EXHIBIT 3B-20

GENERAL DESIGN CRITERIA

REFERENCE:

SRP TABLE 7-1 I

7.2 7.3 7.4 7.5 7.6 7.7 GENERAL DESIGN CRITERION 56, PRIMARY REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS CONTAINMENT ISOLATION DISPLAY MENTATION SYSTEM FEATURE FOR SAFE NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY EACH LINE THAT CONNECTS DIRECTLY TO THE N/A N/A N/A CONTAINMENT ATMOSPHERE AND PENETRATES PRIMARY REACTOR CONTAINMENT SHALL BE PROVIDED WITH CONTAINMENT ISOLATION VALVES.

GENERAL DESIGN CRITERION 57, CLOSED SYSTEM ISOLATION VALVES RE UIREMENT

'ACH LINE THAT PENETRATES PRIMARY REACTOR N/A N/A N/A CONTAINMENT AND IS NEITHER PART OF THE REACTOR COOLANT PRESSURE BOUNDARY NOR CONNECTED DIRECTLY TO THE CONTAINMENT ATMOSPHERE SHALL HAVE AT LEAST ONE CON-TAINMENT ISOLATION VALVE WHICH SHALL BE EITHER AUTOMATIC, OR LOCKED CLOSED, OR CAPABLE OF REMOTE MANUAL OPERATION.

EXHIBIT 3B-21

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS REGULATORY GUIDE 1.6 (REV. 0), SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT INDEPENCENCE BETWEEN REDUNDANT STANDBY SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED POWER SOURCES AND THEIR DISTRIBUTION MENTATION REQUIRED FOR SAFETY SYSTEMS FOR SAFETY RE UIREt1ENT AN ACCEPTABLE DEGREE OF INDEPENDENCE N/A N/A BETMEEN REDUNDANT STANDBY (ONSITE) POWER SOURCES AND BET1IEEN THEIR DISTRIBUTION SYSTEC<S.

REGULATORY GUIDE 1.7 (REV. 0), CONTROL OF COMBUSTIBLE GAS CONCENTRATIONS IN CONTAINt1ENT FOLLOWING A LOCA RE UIREMENT COMBUSTIBLE GAS CONTROL SYSTEMS AND THE N/A N/A N/A N/A PROVISIONS FOR MIXING, MEASURING AND SAMPLING SHALL MEET THE RE(UIREMENTS FOR AN ENGINEERED SAFETY FEATURE.

EXHIBIT 3C-1

0 SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS 'SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS REGULATORY GUIDE l.ll {REV. 0),

INSTRUMENT LINES PENETRATING SYSTEM FEATURE SYSTEMS FOR SAFE

,SHUTDOWN DISPLAY INSTR U-MENTATION SYSTEMS NOT REQUIRED MENTATION REQUIRED FOR SAFETY CONTAINMENT FOR SAFETY RE UIREMENT INSTRUMENT LINES PENETRATING CONTAINMENT N/A SHALL BE QUALIFIED TO THE SAME LEVEL AS THE SYSTEM OF MHICH THEY ARE PART.

CLARIFICATION INSTRUMENT LINES THAT ARE A PART OF CON" TAINMENT PRESSURE BOUNDARY AND A PROTEC-TION SYSTEM ARE PROVIDED WITH ISOLATION CAPABILITY THAT MEETS THE RE(UIREMENTS FOR REDUNDANCY, INDEPENDENCE AND TESTABILITY OF THAT PROTECTION SYSTEM.

EXHIBIT 3C-2

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED MENTATIONN INSTRU- SYSTEMS SYSTEM FEATURE FOB SAFE DISPLAY NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED REGULATORY GUIDE 1.12 (REV. 1),

MENTATION REQUIRED FOB SAFETY INSTRUMENTATION FOR EARTHQUAKES FOR SAFETY RE UIREMENT THE FACILITY SHALL HAVE APPROPRIATE N/A N/A N/A N/A N/A INSTRUMENTATION TO ACCURATELY MONITOR AN EARTH(UAKE AND ASSIST IN POST EVENT ANALYSIS.

CLARIFICATION STRONG MOTION ACCELEROI1ETERS (SMA'S) ARE USED INSIDE CONTAINMENT RATHER THAN PEAK RECORDING ACCELEROGRAPHS (PRA') ~ TIME-HISTORY SMA'S PROVIDE DATA FOR RESPONSE SPECTRA ANALYSIS RATHER THAN RESPONSE SPECTRUM RECORDERS. THIRTY (30) MINUTE BATTERY 'POWER IS PROVIDED FOR CONTINUOUS OPERATION IN THE EVENT OF A LOSS OF EXTERNAL POKIER. SEISMIC MONITORING INSTRUMENTATION HAS A RESPONSE ESSENTIALLY FLAT OR E(UIVALENTLY CORRECTABLE BY COM-PUTATIONAL TECHNI(UES OVER THE RANGE OF 1 to 30 HZ. DAMPING VALUES ARE APPLICABLE TO THE OVERALL SMA. SEISMIC TRIGGERS ARE ADJUSTABLE OVER A MINItiUM RANGE OF 0.01 TO 0.03 G ON THE BASE SLAB.

EXHIBIT 3C-3

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP - SAFETY REQUIRED BELATED INSTRU- SYSTEMS REGULATORY GUIDE 1.22 (REV. 0), SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT PERIODIC TESTING OF PROTECTION SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED SYSTEM ACTUATION FUNCTIONS. MENTATION REQUIRED FOB SAFETY FOR SAFETY RE UIREHENT THE PROTECTION SYSTEM, INCLUDING SSS C N/A ACTUATION DEVICES, SHALL BE TESTED PERIODICALLY TO ASSURE PROPER FUNCTIONING.

REGULATORY GUIDE 1.29 (REV. 1), SEISMIC DESIGN CLASSIFICATION TIE E ET ALL STRUCTURES, SYSTEMS, AND COMPONENTS SSS N/A DESIGNATED SEISMIC CATEGORY I SHALL

'LIITHSTAND EFFECTS OF THE SSE AND REMAIN FUNCTIONAL.

EXHIBIT 3C-4

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.6 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRUM-INSTRU- SYSTEMS REGULATORY GUIDE 1.30 (REV. 0), QUALITY SYSTEM FEATURE FOB SAFE DISPLAY MENTATION NOT ASSURANCE.REQUIREtfENTS SYSTEMS SHUTDOWN SYSTEMS REQUIRED ENTATIONN REQUIRED FOR SAFETY RE UIREtKNT FOR SAFETY QUALITY ASSURANCE REQUIREtKNTS FOR THE NSSS INSTALLATION, INSPECTION, AND TESTING OF INSTRUtKNTATION AND ELECTRICAI EQUIPtKNT SHALL BE tKT.

REGULATORY GUIDE 1.32 (REV. 0), CRITERIA FOR SAFETY-RELATED POWER SYSTENS IEEE STANDARD 308 SHALL BE NET IN I/C I/C I/C I/C N/A REGARDS TO CRITERIA, REQUIREtfENTS AND RECOtttKNDATIONS OF SAFETY-RELATED POWER SYSTEtIS.

EXHIBIT 3C-5

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS REGULATORY GUIDE 1.45 (REV. 0), RCPB SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT LEAKAGE DETECTION SYSTEM SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY SOURCES OF REACTOR COOLANT PRESSURE N/A N/A N/A BOUNDARY LEAKAGE SHOULD BE IDENTIFIABLE AND PROPERLY MONITORED.

~

REGULATORY GUIDE 1.47 (REV. 0), BYPASSED AND INOPERABLE STATUS INDICATION

~ET INDICATION MUST BE READILY AVAILABLE IN I/C I/C N/A THE CONTROL ROOM OF INOPERABLE STATUS OF THE PROTECTION SYSTEM, ITS ACTUATED SYSTEMS, AND AUXILIARY OR SUPPORTING SYSTEMS RE(UIRED TO PERFORM ITS FUNCTION.

EXHIBIT 3C-6

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL REGULATORY GUIDE 1.53 (REV. 0), SINGLE TRIP SAF ETY REQUIRED RELATED INSTR U- SYSTEMS FAILURE CRITERION SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED REIEEE T MENTATION REQUIRED FOR SAFETY FOR SAFETY NO SINGLE FAILURE MITHIN THE PROTECTION NSSS N/A SYSTEM SHALL PREVENT PROPER PROTECTIVE ACTION AT SYSTEM LEVEL WHEN REQUIRED.

REGULATORY GUIDE 1.62 (REV. 0), MANUAL INITIATION OF PROTECTIVE ACTIONS Ell E T MANUAL INITIATION OF PROTECTIVE ACTIONS NSSS N/A N/A AT THE SYSTEM LEVEL SHALL BE EASILY ACCOMPLISHED FROM THE CONTROL ROOM.

EXHIBIT 3C-7

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.6 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS REGULATORY GUIDE 1.63 (REV. 2), SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT ELECTRIC PENETRATIONS SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREHENT FOR SAFETY ELECTRICAL PENETRATION ASSEMBLIES SHALL I/C I/C I/C I/C I/C WITHSTAND THE MAXIMUM TEMPERATURE AND PRESSURE EXPECTED FROM ANY LOCA WITHOUT EXCEEDING THE DESIGN LEAK RATE.

REGULATORY GUIDE 1.67 (REV. 0), OVER-PRESSURE PROTECTION DEVICES RE UIREIIENT ANALYSES SHALL BE DONE TO SHOW PROPER N/A N/A N/A N/A NSSS N/A FUNCTIONING OF THE PRESSURE RELIEF VALVES INSTALLED WITH NO ADVERSE EFFECTS ON OTHER PIPING OR VALVES.

EXHIBIT 3C-8

0 SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS REGULATORY GUIDE 1.68 (REV. 0), INITIAL SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT TEST PROGRAMS SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY AN INITIAL TEST PROGRAM SHALL BE NSSS CONDUCTED TO DEMONSTRATE THAT THE PLANT CAN BE OPERATED SAFELY, AS DEFINED IN 10CFR50 APPENDIX A.

REGULATORY GUIDE 1.70 (REV. 3), STANDARD FORMAT AND CONTENT OF S.A.R.'S

~EE THE PROPER FORMAT SHALL BE USED WHEN NSSS SUBMITTING THE SAFETY ANALYSIS REPORT TO THE NRC.

EXHIBIT 3C-9

SRP ACCEPTANCE CRITERIA 7.2 7.3 7A 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT REGULATORY GUIDE 1.75 (REV. 1), SYSTEMS SHUTDOWN INSTR U. SYSTEMS REQUIRED PHYSICAL INDEPENDENCE OF ELECTRIC MENTATION REQUIRED FOR SAFETY SYSTEMS FOR SAFETY RE UIREMENT ADEQUATE PHYSICAL SEPARATION OF NSSS ELECTRICAL SYSTEMS SHALL BE PROVIDED SO THAT A DESIGN BASIS EVENT MILL NOT PREVENT PROPER PROTECTIVE ACTION.

REGULATORY GUIDE 1.78 (REV. 0), CONTROL ROOM HABITABILITY fttlREME T THE CONTROL ROOM SHALL BE PROTECTED FROM N/A N/A N/A N/A HAZARDOUS CHEMICALS, NHETHER IT BE FROM EQUIPMENT FAILURE, OPERATOR ERROR, OR EVENTS OUTSIDE THE CONTROL'F THE POWER PLANT.

EXHIBIT 3C-10

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS REGULATORY GUIDE 1.80 (REV. 0), PRE-OP. SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT ~

TESTING OF INSTRUMENT AIR SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY A SUITABLE PREOPERATIONAL TEST PROGRAM N/A N/A N/A FOR THE INSTRUMENT AIR SYSTEM IS TO BE DEVELOPED WHICH WILL SUPPORT THE VALIDITY OF THE RESULTS.

REGULATORY GUIDE 1.89 (REV. 0), gUALIFI-CATION OF CLASS IE EQUIPMENT CLASS IE EqUIPMENT SHALL WITHSTAND NSSS N/A NORMAL AND ABNORMAL OPERATION, DESIGN BASIS EVENT AND CONTAINMENT TEST CONDITIONS WITH NO LOSS OF FUNCTION.

EXHIBIT 3C-11

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS REGULATORY GUIDE 1.95 (REV. 0), PROTEC- SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT MENTATIONN TION AGAINST CHLORINE RELEASE SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED ftt REQUIRED FOR SAFETY FOR SAFETY THE CONTROL ROON OPERATORS SHALL BE N/A N/A N/A N/A PROTECTED AGAINST THE ACCIDENTAL RELEASE Of CHLORINE GAS.

REGULATORY GUIDE 1.97 (REV. 2), INSTRU-MENTATION USED DURING AND,FOLLOMING AN ACCIDENT RE UIRENENT INSTRUMENTATION USED DURING AND FOLLOWING N/A I/C I/C I/C I/C I/C AN ACCIDENT SHOULD PROVIDE ALL REQUIRED INFORMATION TO PROPERLY ASSESS THE ACCIDENT.

CLARIFICATION SEE SEC. 2.C.3 EXHIBIT 3C-12

l SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT REGULATORY GUIDE 1.100 (REV. 0), SEISMIC

~T SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED QUALIFICATION OF ELECTRICAL EQUIPMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY CLASS IE ELECTRIC EQUIPMENT SHALL NSSS C N/A MITHSTAND THE EFFECTS Of AN SSE AND NUMEROUS OBE'S.

REGULATORY GUIDE 1. 105 (REV. 1),

INSTRUI1ENT SETPOINTS RE UIREt1ENT INSTRUMENT SETPOINTS IN SYSTEMS IMPORTANT NSSS N/A TO SAFETY INITIALLYARE MITHIN AND REIIAIN MITHIN THE SPECIFIED LIMITS.

EXHIBIT 3C-13

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL REGULATORY GUIDE 1.106 (REV. 1), TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS THERMAL OVERLOAD PROTECTION SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT ELECTRIC MOTORS ON MOTOR-OPERATED SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED VALVES MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY THERMAL OVERLOAD PROTECTION DEVICES N/A N/A N/A N/A THAT ARE NORMALLY IN FORCE DURING PLANT OPERATION SHOULD BE BYPASSED UNDER ACCIDENT CONDITIONS.

EXHIBIT 3C-13A

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS REGULATORY GUIDE 1.118 (REV. 1), PERIODIC SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT TESTING SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY

'ttt'"'" FOR SAFETY PROTECTION SYSTEMS AND SAFETY-RELATED NSSS N/A ELECTRICAL SYSTEMS MUST BE TESTED PERIODICALLY TO ENSURE PROPER FUNCTIONING CAPABILITIES.

REGULATORY GUIDE 1.120 (REV. 1), FIRE PROTECTION RE UIRENENT PROPER FIRE PROTECTION AND PROTECTION SYSTEM DESIGNS ALONG WITH SUFFICIENT ADMINISTRATIVE PROCEDURES IIUST ENSURE SAFE SHUTDOWN CAPABILITY IN THE EVENT OF A FIRE.

EXHIBIT 3C-14

SRP ACCEPTANCE CRITERIA IEEE STANDARD 279-1971, CRITERIA FOR 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL PROTECTION SYSTEMS FOR NUCLEAR POWER TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS GENERATING STATIONS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY SECTION 4. 1 GENERAL FUNCTIONAL FOR SAFETY THE PROTECTION SYSTEM SHALL AUTOMATICALLY NSSS N/A INITIATE APPROPRIATE PROTECTIVE ACTION WHENEVER A CONDITION MONITORED BY THE SYSTEM REACHES A PRESET LEVEL.

CLARIFICATION INSTRUMENTATION OF THE CONTAINMENT COM-BUSTIBLE GAS CONTROL SYSTEM ALARMS ON HIGH HYDROGEN CONCENTRATION: MANUAL CONTROLS ALLOW SYSTEM ACTUATION.

EXHIBIT 3D-l

SRP ACC ANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED) SAFETY ALL OTHER CONTROL REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED SECTION 4.2 SINGLE FAILURE CRITERION MENTATION REQUIRED FOR SAFETY FOR SAFETY ANY SINGLE FAILURE MITHIN THE PROTECTION NSSS N/A SYSTEM SHALL NOT PREVENT PROPER PROTEC-TIVE ACTION AT THE SYSTEM LEVEL WHEN REQUIRED.

CLARIFICATION ALTHOUGH NO SINGLE FAILURE IN THE BOP ESFAS MILL DEFEAT MORE THAN ONE Of THE TMO PROTECTIVE CHANNELS, A SINGLE FAILURE MAY CAUSE SPURIOUS ACTUATION. HOWEVER, THIS SPURIOUS ACTUATION IS ALLOWABLE SINCE IT DOES NOT CREATE PLANT CONDITIONS REQUIRING PROTECTIVE ACTION NOR DOES IT INTERFERE WITH NORMAL REACTOR OPERATIONS.

EXHIBIT 3D-2

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SECTION 4.3 UALITY OF COMPONENTS AND SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MODULES MENTATION REQUIRED FOR SAFETY FOR SAFETY COMPONENTS AND MODULES SHALL BE OF A NSSS N/A QUALITY THAT IS CONSISTENT WITH MINIMUM MAINTENANCE REQUIREMENTS AND LOW FAILURE RATES.

SECTION 4.4 E UIPMENT UALIFICATION TEST DATA SHALL BE AVAILABLE TO VERIFY NSSS N/A THAT PROTECTION SYSTEM EQUIPMENT SHALL MEET THE PERFORMANCE DETERMINED TO BE NECESSARY.

SECTION 4. 5 CHANNEL INTEGRITY ALL PROTECTION SYSTEM CHANNELS SHALL MAIN- I/C I/C I/C I/C N/A TAIN FUNCTIONAL CAPABILITY UNDER EXTREME CONDITIONS.

EXHIBIT 3D-3

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED SECTION 4. 6 CHANNfL INDEPENDENCE MENTATION REQUIRED FOR SAFETY FOR SAFETY CHANNELS THAT PROVIDE SIGNAlS FOR THE I/C I/C I/C I/C N/A SAME PROTECTIVE FUNCTION SHALL BE INDE-PENDENT AND PHYSICALLY SfPARATED TO DfCOUPLE EFFECTS OF UNSAFE ENVIRONMENTAL FACTORS, ELECTRIC TRANSIENTS, AND PHYSICAL ACCIDENT CONSEQUENCES DOCUMENTED IN THE DESIGN BASIS, AND TO REDUCE THE LIKELIHOOD OF INTERACTIONS BETWEEN CHANNELS DURING MAINTENANCE OPERATIONS OR IN THE EVENT OF CHANNEL MALFUNCTION.

EXHIBIT 3D-4

0 0

SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SECTION 4.7 CONTROL AND PROTECTION SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED SYSTEM INTERACTION MENTATION REQUIRED FOR SAFETY FOR SAFETY

4. 7. 1 CLASSIFICATION OF E(UIPMENT. ANY NSSS C EQUIPMENT THAT IS USED FOR BOTH PROTECTIVE AND CONTROL FUNCTIONS SHALL BE CLASSIFIED AS PART OF THE PROTECTION SYSTEM AND SHALL MEET ALL THE RE(UIREMENTS OF THIS DOCUMENT.

4. 7. 2 ISOLATION DEVICES. THE TRANS-MISSION OF SIGNALS FROM PROTECTION SYSTEM EgUIPtIENT FOR CONTROL SYSTEM USE SHALL BE THROUGH ISOLATION DEVICES WHICH SHALL BE CLASSIFIED AS PART OF THE PROTECTION SYS-TEtl AND SHALL MEET ALL THE REQUIREMENTS OF THIS DOCUt1ENT. NO CREDIBLE FAILURE AT THE OUTPUT OF AN ISOLATION DEVICE SHALL PREVENT THE ASSOCIATED PROTECTION SYSTEM CHANNEL FROM MEETING THE MINIMUM PERFOR-MANCE REIlUIRENENTS SPECIFIED IN THE DESIGN BASES.

EXHIBIT 3D-5

0 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED MENTATIONN INSTRU- SYSTEMS SECTION 4. 7 (CONTINUED) SYSTEM FEATURE FOB SAFE DISPLAY NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOB SAFETY Section 4.7.3 SINGLE RANDOM FAILURE.

WHERE A SINGLE RANDOM FAILURE CAN CAUSE A CONTROL SYSTEM ACTION THAT REQUIRES PRO-TECTIVE ACTION AND CAN ALSO PREVENT PROPER ACTION OF A PROTECTION SYSTEM CHANNEL DESIGNED TO PROTECT AGAINST THE CONDITION, THE REMAINING REDUNDANT PROTECTION CHANNELS SHALL BE CAPABLE OF PROVIDING THE PROTECTIVE ACTION EVEN llHEN DEGRADED BY A SECOND RANDOM FAILURE.

EXHIBIT 3D-6

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEfE STANDARD 279 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SECTION 4.7.4 MULTIPLE FAILURES RESULTING SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED FROM A CREDIBLE SINGLE fVENT. WHERE A MENTATION REQUIRED FOR SAFETY FOR SAFETY CREDIBLE SINGLf fVENT CAN CAUSE A CONTROL SYSTEM ACTION THAT RESULTS IN A CONDITION Rf(UIRING PROTECTIVE ACTION FROM THOSE PRO-TECTION SYSTEM CHANNELS DESIGNED TO PRO-VIDE PRINCIPAL PROTECTION AGAINST THE CONDITION, ONE OF THE FOLLOWING MUST BE MET.

EXHIBIT 3D-7

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.6 7.6 7.7.

IEEE STANDARD 279 (CONTINUED) REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY SECTION 4.8 DERIVATION OF SYSTEM INPUTS FOR SAFETY TO THE EXTENT FEASIBLE AND PRACTICAL, NSSS PROTECTON SYSTEM INPUTS SHALL BE DERIVED FROM SIGNALS THAT ARE DIRECT MEASURES OF THE DESIRED VARIABLES.

SECTION 4.9 CAPABILITY FOR SENSOR CHECKS MEANS SHALL BE PROVIDED FOR CHECKING, WITH NSSS C N/A A HIGH DEGREE OF CONfIDENCE, THE OPERA-TIONAL AVAILABILITYOF EACH SYSTEM INPUT SENSOR DURING REACTOR OPERATION.

EXHIBIT 3D-8

SRP ACCE ANCE CRITERIA 7.2 7.3 7A 7.6 7.6 7.7 IEEE STANDARD 279 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SECTION 4.10 CAPABILITY FOR TEST AND INSTRU-SYSTEMS SHUTDOWN SYSTEMS REQUIRED CALIBRATION MENTATION REQUIRED FOR SAFETY FOR SAFETY CAPABILITY SHALL BE PROVIDED FOR TESTING NSSS N/A AND CALIBRATING CHANNELS AND THE DEVICES USED TO DERIVE THE FINAL SYSTEM OUTPUT SIGNAL FROM THE VARIOUS CHANNEL SIGNALS.

FOR THOSE PARTS OF THE SYSTEM WHERE THE REQUIRED INTERVAL BETWEEN TESTING WILL BE LESS THAN NORMAL TIME INTERVAL BETWEEN GENERATING STATION SHUTDOWNS, THERE SHALL BE CAPABILITY FOR TESTING DURING POWER OPERATION.

EXHIBIT 3D-9

SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAF ETY REQUIRED RELATED INSTRU- SYSTEMS SECTION 4. 11 CHANNEL BYPASS OR REMOVAL SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED FROM OPERATION MENTATION REQUIRED FDR SAFETY FOR SAFETY THE SYSTEM SHALL BE DESIGNED TO PERMIT ANY NSSS N/A N/A ONE CHANNEL TO BE MAINTAINED, AND WHEN RE(UIRED, TESTED OR CALIBRATED DURING POWER OPERATION WITHOUT INITIATING A PRO-TECTIVE ACTION AT THE SYSTEM LEVEL. DUR-ING SUCH OPERATION AND ACTIVE PARTS OF THE SYSTEM SHALL 'OF THEMSELVES CONTINUE TO MEET THE SINGLE FAILURE CRITERION.

fXCEPTION: "ONE-OUT-OF-TWO" SYSTEMS ARE PERMITTED TO VIOLATE THE SINGLE FAILURE CRITERION DURING CHANNEL BYPASS PROVIDED THAT ACCEPTABLE RELIABILITY OF OPERATION CAN BE OTHERWISE DEMONSTRATED. FOR EXAMPLE, THE BYPASS TIME INTERVAL RE(UIRED FOR A TEST, CALIBRATION, OR MAINTENANCE OPERATION COULD BE SHOWN TO BE SO SHORT EXHIBIT 30-10

SRP ACCEPTANCE CRITERIA 72 73 7A 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED) REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SECTION 4. 11 (CONTINUED)

SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY THAT THE PROBABILITY OF FAILURE OF THE ACTIVE CHANNEL WOULD BE COMMENSURATE WITH THE PROBABILITY OF FAILURE OF THE "ONE-OUT-OF-TWO" SYSTEMS DURING ITS NORMAL INTERVAL BETWEEN TESTS.

CLARIFICATION TESTING OF THE BOP ESFAS IS DONE BY CHANNEL ACTUATION. EITHER ONE OF THE TWO CHANNELS MAY BE CALIBRATED OR REPAIRED WITHOUT DETRIMENTAL EFFECTS ON THE SYSTEM.

INDIVIDUAL TRIP CHANNELS MAY BE BYPASSED TO EFFECT A SINGLE CHANNEL LOGIC ON THE ESFAS SIGNAL. MAINTENANCE AND CALIBRATION OF THE BYPASSED CHANNEL CAN BE ACCOM-PLISHED IN A SHORT TIME INTERVAL. PROB-ABILITY OF FAILURE OF THE REMAINING EXHIBIT 3D-11

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED) REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAF ETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM F EAT URE FOR SAFE DISPLAY MENTATION NOT SECTION 4.11 (CONTINUED)

SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY CHANNEL IS ACCEPTABLY LOW DURING SUCH MAINTENANCE PERIODS.

SECTION 4.12 OPERATING BYPASSES WHERE OPERATING REQUIREMENTS NECESSITATE NSSS N/A N/A AUTOMATIC OR MANUAL BYPASS OF A PROTECTIVE FUNCTION, THE DESIGN SHALL BE SUCH THAT THE BYPASS WILL BE REMOVED AUTOMATICALLY WHENEVER PERMISSIVE CONDITIONS ARE NOT MET. DEVICES USED TO ACHIEVE AUTOMATIC REMOVAL OF THE BYPASS OF A PROTECTIVE FUNCTION ARE PART OF THE PROTECTION SYSTEM AND SHALL BE DESIGNED IN ACCORDANCE WITH THESE CRITERIA.

CLARIFICATION THERE ARE NO OPERATING BYPASSES.

EXHIBIT 3D-12

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS IEEE STANDARD 279 (CONTINUED) SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY SECTION 4.13 INDICATION OF BYPASSES FOR SAFETY IF THE PROTECTIVE ACTION OF SOME PART OF NSSS N/A N/A THE SYSTEM HAS BEEN BYPASSED OR DELIBER-ATELY RENDERED INOPERATIVE FOR ANY PUR-POSE, THIS FACT SHALL BE CONTINUOUSLY INDICATED IN THE CONTROL ROOM.

SECTION 4. 14 ACCESS TO MEANS FOR BYPASSING THE DESIGN SHALL PERMIT THE ADMINISTRATIVE NSSS N/A N/A N/A CONTROL OF THE MEANS FOR MANUALLY BYPASS-ING CHANNELS OR PROTECTIVE FUNCTIONS.

EXHIBIT 3D-13

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED SECTION 4.15 MULTIPLE SET POINTS MENTATION REQUIRED FOR SAFETY FOR SAFETY WHERE IT IS NECESSARY TO CHANGE TO A MORE NSSS N/A N/A N/A N/A RESTRICTIVE SET POINT TO PROVIDE ADEQUATE PROTECTION FOR A PARTICULAR MODE OF OPERATION OR SET OF OPERATING CONDITIONS, THE DESIGN SHALL PROVIDE POSITIVE MEANS OF ASSURING THAT THE MORE RESTRICTIVE SET POINT IS USED. THE DEVICES USED TO PREVENT IMPROPER USE OF LESS RESTRICTIVE SET POINTS, SHALL Bf CONSIDERED A PART Of THE PROTECTION SYSTEM AND SHALL BE DESIGNED IN ACCORDANCE WITH THE OTHER PROVISIONS OF THESE CRITERIA REGARDING PERFORMANCE AND RELIABILITY.

EXHIBIT 3D-14

SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SECTION 4. 16 COMPLETION OF PROTECTIVE SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED ACTION ONCE IT IS INITIATED MENTATION REQUIRED FOR SAFETY FDR SAFETY THE PROTECTION SYSTEM SHALL BE SO DESIGNED NSSS N/A N/A N/A N/A THAT, ONCE INITIATED, A PROTECTIVE ACTION AT THE SYSTEM LEVEL SHALL GO TO COMPLE-TION. RETURN TO OPERATION SHALL REQUIRE SUBSEQUENT DELIBERATE OPERATOR ACTION.

SECTION 4. 17 MANUAL INITIATION THE PROTECTION SYSTEM SHALL INCLUDE MEANS NSSS N/A N/A N/A FOR MANUAL INITIATION OF EACH PROTECTION ACTION AT THE SYSTEM LEVEL. NO SINGLE FAILURE llITHIN THE MANUAL, AUTOMATIC, OR COMMON PORTIONS OF THE PROTECTION SYSTEM SHALL PREVENT INITIATION OF PROTECTIVE ACTION BY MANUAL OR AUTOMATIC MEANS.

MANUAL INITIATION SHOULD DEPEND UPON THE OPERATION OF A MINIMUM OF EQUIPMENT.

EXHIBIT 3D-15

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED) REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SECTION 4.18 ACCESS TO SET POINT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED ADJUSTMENTS, CALIBRATION, MENTATION REQUIRED FOR SAFETY FOR SAFETY AND TEST POINTS THE DESIGN SHALL PERMIT THE ADMINISTRA- I/C I/C I/C I/C N/A TIVE CONTROL OF ACCESS TO ALL SET POINT ADJUSTMENTS, MODULE CALIBRATION ADJUST-MENTS, AND TEST POINTS.

SECTION 4.19 IDENTIFICATION OF PROTEC-TIVE ACTIONS PROTECTIVE ACTIONS SHALL Bf INDICATED AND NSSS N/A IDENTIFIED DO>N TO THE CHANNEL LEVEL.

EXHIBIT 3D-16

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED MENTATIONN INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED SECTION 4.20 INFORMATION READ OUT MENTATION REQUIRED FOR SAFETY FOR SAFETY THE PROTECTIVE SYSTEM SHALL BE DESIGNED NSSS N/A TO PROVIDE THE OPERATOR WITH ACCURATE, COMPLETE, AND TIMELY INFORMATION PERTI-NENT TO ITS OWN STATUS AND TO GENERATING STATION SAFETY. THE DESIGN SHALL MINI-MIZE THE DEVELOPMENT OF CONDITIONS WHICH WOULD CAUSE METERS, ANNUNCIATORS, RECORDERS, ALARMS, ETC., TO GIVE ANOMALOUS INDICATIONS CONFUSING TO THE OPERATOR.

SECTION 4. 21 SYSTEM REPAIR THE SYSTEM SHALL BE DESIGNED TO FACILITATE NSSS N/A THE RECOGNITION, LOCATION, REPLACEMENT, REPAIR, OR ADJUSTMENT Of MALFUNCTIONING COMPONENTS OR MODULES.

EXHIBIT 3D-17

P SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 279 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT

4. 22 IDENTIFICATION SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED SECTION MENTATION REQUIRED FOR SAFETY FOR SAFETY IN ORDER TO PROVIDE ASSURANCE THAT THE NSSS Nj'A REQUIREMENTS GIVEN IN THIS DOCUMENT CAN BE APPLIED DURING THE DESIGN, CONSTRUC-TION, IQINTENANCE, AND OPERATION OF THE PL'ANT, THE PROTECTION SYSTEM EQUIPMENT (FOR EXAMPLE, INTERCONNECTING WIRING, COMPONENTS, MODULES, ETC.), SHALL BE IDENTIFIED DISTINCTIVELY AS BEING IN THE PROTECTIVE SYSTEM. THIS IDENTIFICATION SHALL DISTINGUISH BETWEEN REDUNDANT POR-TIONS OF THE PROTECTION SYSTEM. IN THE INSTALLED EQUIPMENTS, COMPONENTS, OR MODULES MOUNTED IN ASSEMBLIES THAT ARE CLEARLY IDENTIFIED AS BEING IN THE PRO-TECTION SYSTEM DO NOT THEMSELVES REQUIRE IDENTIFICATION.

EXHIBIT 3D-18

(

SRP ACCE ANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 308-1974, REACTOR ENGINEERED SYSTEMS SAFETY MENTATIONON ALL OTHER CONTROL CRITERIA FOR TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS CLASS IE PO>lER SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED RE UIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY THE CLASS IE POWER SYSTEMS SHALL MEET THE I/C I/C I/C I/C N/A FUNCTIONAL REQUIREMENTS TO ENABLE THE SYS-TEM TO FUNCTION UNDER CONDITIONS OF DESIGN BASIS EVENTS.

IEEE STANDARD 317-1972, ELECTRICAL PENETRATING ASSEMBLIES IN CONTAINMENT STRUCTURES RE UIREMENT ELECTRICAL PENETRATION ASSEMBLIES SHALL I/C I/C I/C I/C I/C BE QUALIFIED BY TESTING AND ANALYSIS.

EXHIBIT 3D-19

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 336-1971, INSTALLATION, REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL INSPECTION AND TESTING REQUIREMENTS TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS FOR INSTRUMENTATION AND ELECTRIC SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- 'SYSTEMS REQUIRED EQUIPMENT DURING CONSTRUCTION MENTATION REQUIRED FOR SAFETY FOR SAFETY RE UIREMENT MEASURES SHALL BE ESTABLISHED FOR ASSURING NSSS PROPER DOCUMENTATION FOR INSTALLATION, INSPECTION AND TESTING OF SYSTEMS.

IEEE STANDARD 338-1971, CRITERIA FOR PERIODIC TESTING OF CLASS IE POWER AND PROTECTION SYSTEMS RE UIREtlENT ASSURE CLASS IE POWER AND PROTECTION SYS- NSSS N/A TEMS ARE PERIODICALLY TESTED COMMENSURATE TO THEIR FUNCTION.

EXHIBIT 3D-20

SRP ACCEP ANCE CRITERIA IEEE STANDARD 344-1975, SEISMIC gUALIFI- 7.2 7.3 7,4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL CATION OF CLASS IE E(UIPMENT TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED RE UIREMENT MENTATION REQUIRED FOR SAFETY FOR SAFETY CLASS IE EQUIPMENT MUST BE SEISMICALLY NSSS N/A QUALIFIED TO WITHSTAND THE EFfECTS FROM DESIGN BASIS EVENTS.

IEEE STANDARD 379-1972, APPLICATION OF SINGLE-FAILURE CRITERIA RE UIREMENT THE PROTECTION SYSTEM SHALL ADHERE TO THE NSSS SINGLE-FAILURE CRITERION.

EXHIBIT 3D-21

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 IEEE STANDARD 384-1974, CRITERIA FOR REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL SEPARATION OF CLASS IE EQUIPMENT AND TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS CIRCUITS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY RE UIREMENT FOR SAFETY I

PROPER SEPARATION OF CLASS IE EQUIPMENT I/C I/C I/C I/C I/C AND CIRCUITS SHALL BE PROVIDED TO ASSUME REQUIRED FUNCTIONS CAN BE ACCOMPLISHED FOLLOWING A DESIGN BASIS EVENT.

EXHIBIT 3D-22

0 SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION ICSB I 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U. SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY

l. INSTRUMENTATION AND ELECTRIC E(UIPMENT NSSS N/A N/A ESSENTIAL TO SAFETY WHICH MUST FUNC-TION IN AN ACCIDENT ENVIRONMENT SHOULD BE ANALYZED OR TESTED TO DEMONSTRATE THIS CAPABILITY.

2. PROTECTION CIRCUITS ESSENTIAL TO SAFETY SHOULD MEET THE SINGLE FAILURE CRITERION OF SECTION 4.2 OF IEEE 279.

3. WHERE D-C POWER IS REQUIRED FOR SAFETY, REDUNDANT 0-C SOURCES SHOULD BE PROVIDED AND THE 0-C CIRCUITS SHOULD MEET THE SINGLE FAILURE CRITERION.

EXHIBIT 3E-l

0 SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL.POSITION 1 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTBO L TRIP SAFETY REQUIRED BELATED INSTR U- SYSTEMS

4. FOR REACTOR PLANTS SUPPLYING ELECTRIC SYSTEM FEATURE FOB SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED POWER TO ELECTRIC UTILITY GRIDS, MENTATION REQUIRED FOR SAFETY REDUNDANT SOURCES OF ONSITE A-C POWER FOB SAFETY SHOULD BE PROVIDED AND THE A-C CIR-CUITS SHOULD NEET THE SINGLE FAILURE CRITERION.

EXHIBIT 3E-2

0; SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION ICSB 3 7.2 7.3 7.4 7.6 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY THE FOLLOWING MEASURES SHOULD BE INCOR- N/A N/A N/A N/A PORATED IN DESIGNS OF THE INTERFACES BETWEEN LOW PRESSURE SYSTEMS AND THE HIGH PRESSURE REACTOR COOLANT SYSTEM:

1. AT LEAST TWO VALVES IN SERIES SHOULD BE PROVIDED FOR ISOLATION.

2. WHERE BOTH VALVES ARE MOTOR-OPERATED, THE VALVES SHOULD HAVE INDEPENDENT AND DIVERSE INTERLOCKS.

3. WHERE ONE CHECK VALVE AND ONE MOTOR-OPERATED VALVE ARE PROVIDED, THE MOTOR-OPERATED VALVE SHOULD BE INTERLOCKED TO OPERATE AS ABOVE.

EXHIBIT 3E-3

SRP ACCEPTANCE CRITERIA 7.2 7.3 7A 7.5 7.6 7.7 BRANCH TECHNICAL POSITION 3 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED BELATED INSTR U- SYSTEMS INSTRUM-SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT

4. SUITABLE VALVE POSITION INDICATION SYSTEMS SHUTDOWN SYSTEMS REQUIRED SHOULD BE PROVIDED IN THE CONTROL ENTATIONN REQUIRED FOR SAFETY FOR SAFETY ROOM FOR THE INTERFACE VALVES.

5. FOR THOSE INTERFACES WHERE THE SUB-SYSTEM IS RE(UIRED FOR ECCS OPERATION, THE ABOVE RECOMMENDATIONS NEED NOT BE IMPLEMENTED.

BRANCH TECHNICAL POSITION ICSB 4 (PSB)

THE FOLLOWING FEATURES SHOULD BE INCOR- N/A N/A N/A N/A PORATED IN THE DESIGN OF MDIV SYSTEMS FOR SAFETY INJECTION TANKS TO MEET THE INTENT OF IEEE STD 279:

l. AUTOMATIC OPENING OF THE VALVES >IHEN EITHER PRIMARY COOLANT SYSTEM PRESSURE EXHIBIT 3E-4

0 SRP ACCEP ANCE CRITERIA BRANCH TECHNICAL POSITION 4 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS EXCEEDS A PRESELECTED VALUE OR A SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED SAFETY INJECTION SIGNAL IS PRESENT. MENTATION REQUIRED FOR SAFETY FOR SAFETY

2. VISUAL INDICATION IN THE CONTROL ROOM OF THE OPEN OR CLOSED STATUS OF THE VALVE.

3. AN AUDIBLE AND VISUAL ALARM, INDE-PENDENT OF ITEM (2) ABOVE, THAT IS ACTUATED BY A SENSOR ON THE VALVE 0IHEN THE VALVE IS NOT IN THE FULLY-OPEN POSITION.

4. UTILIZATION OF A SAFETY INJECTION SIGNAL TO REMOVE AUTOMATICALLYANY BYPASS FEATURE THAT MAY BE PROVIDED.

EXHIBIT 3E-5

0 SRP ACCEP ANCE CRITERIA BRANCH TECHNICAL POSITION 4 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS CLARIFICATION SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY A NORMALLY OPEN, LOCKED OPEN MDIV IS USED. FOR SAFETY THE VALVE OPENS ON SIAS. WHEN RCS PRES-SURE IS 100 PSI ABOVE TANK OPERATING PRESSURE, MOTOR BREAKER IS MANUALLY LOCKED OPEN. POSITION INDICATION AND CLOSED ALARM ARE PROVIDED ON BREAKER.

BRANCH TECHNICAL POSITION ICSB 5 THE REQUIREMENT THAT CONTROL ROD DRIVE NSS SCOPE TRIP BREAKERS ARE TESTED MONTHLY SHOULD BE INCLUDED IN ALL .PLANT TECHNICAL SPECIFICATIONS ISSUED.

EXHIBIT 3E-6

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 BRANCH TECHNICAL POSITION ICSB 9 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED BELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT'EQUIRED SYSTEMS SHUTDOM INSTRU- SYSTEMS MENTATION REQUIRED FOR SAFETY FOR SAFETY THE "DAILY ADJUSTMENT", blHICH DOES NOT I/C I/C I/C I/C N/A FULFILL THE INTENT OF REQUIREMENTS OF A CALIBRATION PROCEDURE, SHOULD REMAIN AS A DAILY REQUIREMENT BUT BE DELETED FROM THE "CHANNEL CALIBRATION" CATEGORY IN THE TECHNICAL SPECIFICATIONS.

BRANCH TECHNICAL POSITION ICSB 12

1. THE CHANGE TO THE I10RE RESTRICTIYE N/A N/A N/A N/A N/A TRIP POINTS SHOULD BE ACCOMPLISHED AUTOMATICALLYWHEN REQUIRED.

EXHIBIT 3E-7

SRP ACCE NCE CRITERIA BRANCH TECHNICAL POSITION 12 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U. SYSTEMS

2. PLANTS MITH DESIGNS NOT IN ACCORDANCE SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MITH THE ABOVE SHOULD HAVE A REQUIRE-MENTATION REQUIRED FOR SAFETY MENT THAT THE REACTOR BE SHUT DOMN FOR SAFETY PRIOR TO CHANGING THE SET POINTS I IANUALLY.

BRANCH TECHNICAL POSITION ICSB 13 THE AUXILIARY FEEDMATER SYSTEM SHOULD BE N/A N/A N/A CAPABLE OF SATISFYING THE SYSTEM FUNC-TIONAL REOUIREIIENTS AFTER A POSTULATED BREAK IN THE AUXILIARY FEEDMATER PIPING INSIDE CONTAINI1ENT TOGETHER MITH A SINGLE ELECTRICAL FAILURE.

EXHIBIT 3E-8

SRP ACCEPTANCE CRITERIA 7.2 7.3 7A 7.6 7.6 7.7 REACTOR ENGINEERED SYSTEMS. SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY BRANCH TECHNICAL POSITION ICSB 14 APPLICANTS HAVE TO DEMONSTRATE COMPLIANCE NSSS SCOPE WITH THE Rf(UIREHENTS OF GDC 20 TO 25.

(SPURIOUS MITHDRAMAL OF SINGLE CONTROL RODS. )

EXHIBIT 3E-9

SRP ACCEPTANCE CRITERIA 7.2 7.3 7.4 7.5 7.6 7.7 BRANCH TECHNICAL POSITION 16 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT THE FOLLOWING INTERLOCKS ARE CONSIDERED SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED SAFETY-RELATED AND SHOULD BE DESIGNED MENTATION REQUIRED FOR SAFETY FOR SAFETY TO MEET THE RE'QUIREMENTS OF IEEE STD 279.

THE INTERLOCKS ARE INTENDED TO PREYENT THE FOLLOWING ACTIONS:

l. INSERTION OF SHUTDOWN CEAs BEFORE NSSS THE REGULATING CEAs ARE INSERTED.

2. SIMULTANEOUS WITHDRAWAL OF tlORE THAN TMO GROUPS OF CEAs.

3. MITHDRAMAL OF A CEA GROUP OR GROUPS OUT OF PROPER SEQUENCE.

CLARIFICATION APPLICABLE TO REACTOR TRIP SYSTEM.

EXHIBIT 3f-10

SRP ACCEP CE CRITERIA BRANCH TECHNICAL POSITION ICSB 18 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY WHERE A SINGLE FAILURE IN AN ELECTRICAL N/A N/A . N/A SYSTEM CAN RESULT IN LOSS OF CAPABILITY TO PERFORt1 A SAFETY FUNCTION, THE EFFECT ON PLANT SAFETY MUST BE EVALUATED.

THIS POSITION ESTABLISHES ACCEPTABILITY OF DISCONNECTING POWER TO ELECTRICAL COMPONENTS AS ONE MEANS OF DESIGNING AGAINST A SINGLE FAILURE.

BRANCH TECHNICAL POSITION ICSB 20

l. A MANUAL INITIATION OF THE TRANSFER N/A N/A N/A TO THE RECIRCULATION MODE IS SUFFI-CIENT AND SATISFIES THE INTENT OF IEEE STD 279 PROVIDED THAT ADE(UATE INSTRUMENTATION, TItlE, AND INFORMATION DISPLAY.ARE AVAILABLE.

EXHIBIT 3E-11

SRP ACCEP CE CRITERIA I

7.2 7.3 7.4 7.6 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED BRANCH TECHNICAL POSITION 20 (CONTINUED) MENTATION REQUIRED FOR SAFETY FOR SAFETY

2. AUTOMATIC TRANSFER TO THE RECIRCULA- NSSS COPE TION MODE IS PREFERABLE AND SHOULD BE PROVIDED.

BRANCH TECHNICAL POSITION ICSB 21

1. THE BYPASS INDICATORS SHOULD ENABLE I/C I/C I/C I/C N/A THE OPERATOR TO DETERMINE THE STATUS OF EACH SAFETY SYSTEM AND WHETHER CONTINUED REACTOR OPERATION IS PERMISSIBLE.

EXHIBIT 3E-12

SRP ACCEP 1 CE CRITERIA BRANCH TECHNICAL POSITION 21 (CONTINUED) 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS

2. WHEN A PROTECTIVE FUNCTION OF A SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTRU- SYSTEMS REQUIRED SHARED SYSTEM CAN BE BYPASSED, INDI- MENTATION REQUIRED FOR SAFETY CATION OF THAT BYPASS CONDITION SHOULD FOR SAFETY BE PROVIDED IN THE CONTROL ROOM.

3. MEANS BY MHICH THE OPERATOR CAN CANCEL ERRONEOUS BYPASS INDICATIONS, IF PRO-VIDED, SHOULD BE JUSTIFIED.

4. THE INDICATION SYSTEM MUST Bf A SAFETY SYSTEM TO PERFORM FUNCTIONS THAT ARE ESSENTIAL TO SAFETY.

ADMINISTRATIVE PROCEDURES SHOULD NOT REQUIRE IMMEDIATE OPERATOR ACTION BASED SOLELY ON THE BYPASS INDICATIONS.

EXHIBIT 3E-13

SRP ACCEP ANCE CRITERIA 7.2 7.3 7.4 7.6 7.6 7.7 BRANCH TECHNICAL POSITION 21 (CONTINUED)

REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTR U- SYSTEMS

5. THE INDICATION SYSTEM SHOULD BE SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED DESIGNED AND INSTALLED IN A MANNER MENTATION REQUIRED FOR SAFETY WHICH PRECLUDES THE POSSIBILITY OF FOR SAFETY ADVERSE EFFECTS ON PLANT SAFETY SYSTEMS.

6. THE INDICATION SYSTEM SHOULD INLCUDE A CAPABILITY OF ASSURING ITS OPERABLE STATUS DURING NORMAL PLANT OPERATION.

EXHIBIT 3E-14

SRP ACCEP NCE CRITERIA BRANCH TECHNICAL POSITION ICSB 22 7.2 7.3 7.4 7.5 7.6 7.7 REACTOR ENGINEERED SYSTEMS SAFETY ALL OTHER CONTROL TRIP SAFETY REQUIRED RELATED INSTRU- SYSTEMS SYSTEM FEATURE FOR SAFE DISPLAY MENTATION NOT SYSTEMS SHUTDOWN INSTR U- SYSTEMS REQUIRED MENTATION REQUIRED FOR SAFETY FOR SAFETY ALL POSITIONS OF THE PROTECTION SYSTEMS NSSS N/A SHOULD BE DESIGNED IN ACCORDANCE WITH IEEE STD 279.

BRANCH TECHNICAL POSITION ICSB 25 IN ORDER TO COMPLY >IITH THE RE(UIREHENTS N/A N/A N/A N/A OF GDC 37, ALL ECCS PUI1PS SHOULD BE INCLUDED IN THE SYSTEM TESTS.

BRANCH TECHNICAL POSITION ICSB 26 ALL REACTOR TRIPS INCORPORATED IN THE NSS SCOPE REACTOR PROTECTION SYSTEM SHOULD BE DESIGNED TO MEET THE RE(UIREHENTS OF IEEE STD 279, WITHOUT EXCEPTION. THIS POSITION APPLIES TO THE ENTIRE TRIP FUNCTION FROM THE SENSOR TO THE FINAL ACTUATED DEVICE.

EXHIBIT 3E-15

0 3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 78-01 FLAMMABLE CONTACT-ARM NOT USED IN PVNGS DESIGN RETAINERS IN GE CR120A RELAYS 78-02 TERMINAL BLOCK QUALIFICATION PER IEEE 323-1974 (NUREG 0588)

QUALIFICATION 78-04 ENVIRONMENTAL QUALIFICATION LIMIT SWITCH QUALIFICATION REQUIRED FOR OF CERTAIN STEM MOUNTED CONTAINMENT ISOLATION VALVE INDICATION PER LIMIT SWITCHES INSIDE R,G, 1,97 TO BE IEEE 323-1974 (NUREG 0588)

REACTOR CONTAINMENT 78-05 MALFUNCTIONING OF CIRCUIT NOT USED IN PVNGS DESIGN BREAKER AUXILIARY CONTACT MECHANISM GENERAL ELECTRIC MODEL CR105X 78-06 DEFECTIVE CUTLER-HAMMER, NOT USED IN PVNGS DESIGN TYPE M RELAYS WITH DC COILS EXHIBIT 3F-1

3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES BU (CONT'D) 79-05 NUCLEAR INCIDENT AT THREE ADDRESSED TO NUREG 0737 79-05A MILE ISLAND 79-05B 79-05C 79-06 REVIEW OF OPERATIONAL ADDRESSED TO NUREG 0737 79-06A ERRORS AfjD SYSTEM 79-06B f'1ISALIGNMENTS IDENTIFIED 79-06C DURING THE THREE flILE ISLAND INCIDENT 79-09 FAILURES OF GE TYPE AK-2 WILL FOLLOW MANUFACTURER'S SERVICE ADVICE CIRCUIT BREAKER IN SAFETY IN PREVENTIVE f'1AINTENANCE RELATED SYSTEMS 79-11 FAULTY OVERCURRENT TRIP WESTINGHOUSE DB-50 NOT USED IN PVNGS DESIGN DEVICE IN CIRCUIT BREAKERS FOR ENGINEERED SAFETY SYSTEMS EXHIBIT 3F-2

3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES U S (CONT'D) 79-25 FAILURE OF WESTINGHOUSE BFD NOT USED IN PVNGS DESIGN RELAYS IN SAFETY-RELATED SYSTEMS 79-27 LOSS OF NON-CLASS 1E THE DESIGN PROVIDES FOR 2 UNGROUNDED INSTRUf'1ENTATION AND CONTROL NON-lE INSTRUMENT DISTRIBUTION PANELS POWER BUS DURING OPERATION AND 4 UNGROUNDED VITAL (CLASS 1E) PANELS, ALL NON 1E INSTRUNENTATION HAS A lE COUNTERPART TO PROVIDE CONTINUOUS CONTROL ROOf'1 READOUT OF SHUTDOWN PARANETERS EVEN WITH A TOTAL LOSS OF ALL NON lE INSTRUNENTATION, 79-28 NALFUNCTION OF NAI'1CO NANCO HAS CORRECTED THE PROBLEM BY THE USE LIMIT SWITCHES OF A SUITABLE GASKET NATERIAL, ACTION HAS BEEN TAKEN TO ENSURE THAT ALL NANCO SWITCHES ON PVNGS WILL BE INSTALLED WITH SUITABLE GASKET OTERIAL.

EXHIBIT 3F-3

3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES BU S (CONT'D) 80-06 ENGINEERED SAFETY FEATURES PVNGS ESF-ACTUATED DEVICES REMAIN IN (ESF) RESET CONTROLS EMERGENCY MODE ON RESET OF AN ESF ACTUATION SIGNAL WITH THE FOLLOWING CLARIFICATIONS ACTUATED DEVICES WITH DIFFERENT SAFETY MODES IN RESPONSE TO DIFFERENT ESF ACTUATION SIGNALS BY DESIGN MAY ACTUATE TO A DIFFERENT SAFETY MODE

'N RESET OF AN ESF ACTUATION SIGNAL, Tl-IE AUXILIARY FEEDWATER VALVES BY DESIGN CYCLE CLOSED ON AUTOMATIC AFAS RESET, 80-12 DECAY HEAT REMOVAL SYSTEM PVNGS DESIGN INCORPORATES FOUR INDEPENDENT OPERABILITY POWER CHANNELS FOR ESFAS INITIATION AND TWO FULL CAPACITY, INDEPENDENT SHUTDOWN COOLING TRAINS, THE SERIES OF EVENTS RESULTING IN LOSS OF DECAY HEAT REMOVAL ARE NOT POSSIBLE IN THE PVNGS DESIGN, EXHIBIT 3F-4

0 3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES (CONT'D) 80-16 MI SAPPLI CAT ION OF PVNGS USE OF THE SUBJECT ROSEf'10UNT PRESSURE

=

ROSEMOUNT PRESSURE TRANSMITTERS HAS BEEN REVIEWED AND THEIR TRANSMITTERS USE IN SAFETY RELATED APPLICATIONS ARE WITHIN THE CALIBRATED RANGE OF THE TRANSMITTER.

80-20 FAILURE OF WESTINGHOUSE WESTINGHOUSE TYPE W-2 CONTROL SWITCHES ARE W-2 TYPE SPRING SWITCHES tlOT USED IN THE PVNGS DESIGN, 80-23 FAILURES OF SOLENOID NO VALCOR SOLENOID VALVES USED IN SAFETY VALVES MANUFACTURED BY RELATED SERVICE IN THE PVNGS DESIGN, VALCOR ENGINEERING CORP, EXHIBIT 3F-5

3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 78-08 ENV I RONMENTAL QUALIF I CATION QUALIFICATION PER IEEE 323-1974 (NUREG 0588)

OF SAFETY-RELATED ELECTRICAL EQUIPMENT AT NUCLEAR POWER PLANTS 78-19 MANUAL OVERRIDE (BYPASS) OVERRIDE OF AN ESF ACTUATION SIGNAL IN THE OF SAFETY SYSTEMS COMPONENT LOGIC PLACES THE COMPONENT UNDER ACTUATION SIGNALS MANUAL CONTROL BLOCKING ANY SUBSEQUENT ESF ACTUATION, OVERRIDE IS AUTOMATICALLY REMOVED ON RESET OF THE ESF ACTUATION SIGNAL, ONCE IN THE OVERRIDE MODE, THE SESS ALARMS AT THE SYSTEM LEVEL EVERY SYSTEM IMPACTED WHEN THE COMPONENT IS RETURNED TO ITS NORMAL (NON-ESF) POSITION, CONTAINMENT PURGE ISOLATION VALVES HAVE SEPARATE OVERRIDE LOGIC FOR CPIAS AND FOR CIAS, EXHIBIT 3F-6

3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES S (CONT'D) 80-01 SERVICE ADVISE FOR GE FIELD INSPECTION TO IDENTIFY AFFECTED RELAYS INDUCTION DISC RELAYS IN WORK 80-12 VALVE SHAFT-TO-ACTUATOR KEY ON PVNGS, LOCTITE ADHESIVE IS USED IN MAY FALL OUT OF PLACE WHEN ADDITION TO THE PRESS FIT KEY CONNECTION MOUNTED BELOW HORIZONTAL AXIS 80-16 OPERATIONAL DEFICIENCIES IN NOT USED IN PVNGS DESIGN ROSEf"lOUNT MODEL 510DU TRIP UNITS AND MODEL 1152 TRANSMITTERS 81-01 DESIGN PROBLEMS INVOLVING IN WORK INDICATING PUSHBUTTON SWITCHES MANUFACTURED BY HONEYWELL INCORPORATED EXHIBIT 3F-7

3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 79-22 QUALIFICATION OF CONTROL SYS, ANALYSIS OF HIGH ENERGY LINE BREAK EFFECTS ON CONTROL SYSTEMS RESULTING IN COMPLICATING FAILURES IS IN PROCESS, 79-29 LOSS OF NONSAFETY-RELATED THE DESIGN PROVIDES FOR 2 UNGROUDED NON-lE REACTOR COOLANT SYSTEM INSTRUMENT PANELS AND 0 UNGROUNDED VITAL INSTRUMENTATION DURING (CLASS 1E) PANELS TO PROVIDE CONTINUOUS OPERATION CONTROL ROOM READOUT OF SHUTDOWN PARAMETERS EVEN WITH A TOTAL LOSS OF ALL NON-1E INSTRUMENTATION, 79-30 REPORTING OF DEFECTS AND IN COMPLIANCE NON-COMPLIANCE, 10CFR21 80-08 THE STATES COMPANY SLIDING NOT USED IN PVNGS DESIGN LINK ELECTRICAL TERMINAL BLOCKS 80-10 PARTIAL LOSS OF NON-NUCLEAR INSTRUMENTATION PROVIDED IS CLASS 1E AND INSTRUMENT SYSTEM POWER WOULD NOT CAUSE THE OPERATOR TO BE SUPPLY DURING OPERATION "INSTRUMENT BLIND".

EXHIBIT 3F-8

3.F IE BULLETINS, CIRCULARS AND INFORNATION NOTICES (CONT'D) 80-13 GE TYPE SBN CONTROL ALL SBM SWITCHES USED ON PVNGS ARE

~

SWITCHES DEFECTIVE POST-1976 NANUFACTURE AND NOT SUBJECT CAM FOLLOWERS TO DEFECTIVE CAN FOLLOWERS, 80-20 LOSS OF DECAY HEAT THE SERIES OF EVENTS RESULTING IN THE REI'10VAL AT DAVIS BESSE LOSS OF DECAY HEAT RENOVAL ARE NOT UNIT ¹1 WHILE IN POSSIBLE IN THE PVNGS DESIGN WHICH USES REFUELING NODE FOUR INDEPENDENT SOURCES OF INSTRUNENT POWER, AND HAS TWO INDEPENDENT, FULL CAPACITY TRAINS FOR SHUTDOWN COOLING WHICH DO NOT ISOLATE ON SPURIOUS ESF ACTUATION SIGNALS, 80-31 NALOPERAT ION OF GOULD-BROWN NOT APPLICABLE TO PVNGS SUPPLIED BREAKERS BOVERI TYPE 480 VOLT K600S WHICH WERE SUPPLIED AFTER 1977, AND K-DON 600S CIRCUIT BREAKERS EXHIBIT 3F-9

5,F IE BULLETINS, CIRCULA AND INFORMATION NOTICES 0

(CONT'D) 80-40 EXCESSIVE N2 SUPPLY PVHGS DESIGN USES SPRING-LOADED RELIEF VALVES.

PRESSURE ACTUATES SRV THE ATMOSPHERIC DUMP VALVES HAVE REDUNDANT OPERATION TO CAUSE REACTOR SOLENOID VALVES IN PNEUMATIC SUPPLY TO ISOLATE DEPRESSURIZATION OVER PRESSURE SOURCE. LEAKAGE THROUGH SOLENOID VALVES WOULD BE TO ATMOSPHERE, 81-01 POSSIBLE FAILURE OF GENERAL IN WORK FIELD INSPECTION REQUIRED TO ELECTRIC TYPE HFA RELAYS IDENTIFY AFFECTED RELAYS, 81-05 DEGRADED DC SYSTEM AT BREAKER ALARM IS ANNUNCIATED ON SESS PALISADES 81-06 FAILURE OF ITE MODEL K-600 IN WORK CIRCUIT BREAKER EXHIBIT 5F-10

G-O ITEM I,D,l, CONTROL ROOM DESIGN REVIEWS PER NUREG-0660, ALL LICENSEES AND IN COMPLIANCE, APS FORMED A CONTROL ROOI'1 APPLICANTS FOR OPERATING LICENSES WILL DESIGN REVIEW (CRDR) MANAGEMENT TEAM AND IS BE REQUIRED TO CONDUCT A DETAILED CON- PERFORMING A PRELIMINARY ASSESSMENT OF THE TROL-ROOM DESIGN REVIEW TO IDENTIFY AND PVNGS CONTROL ROOM, CORRECT DESIGN DEFICIENCIES, THE OFFICE OF NUCLEAR REACTOR REGULATION REQUIRES THE EARLY PART OF THIS EFFORT WAS DIVIDED THAT THOSE APPLICANTS FOR OPERATING INTO THREE PHASES, PHASE I OF THE STUDY LICENSES WHO ARE UNABLE TO COMPLETE THIS DEVELOPED THE GUIDELINES TO BE USED WHILE REVIEW PRIOR TO ISSUANCE OF A LICENSE CONDUCTING THE CRDR, PHASE II CONSISTED MAKE PRELIMINARY ASSESSMENTS OF THEIR OF THE DETAILED DATA-TAKING EFFORT AND THE CONTROL ROOMS TO IDENTIFY SIGNIFICANT IDENTIFICATION OF HUMAN FACTORS DEFICIENCIES, HUMAN FACTORS AND INSTRUMENTATION THE THREE TASK AREAS ADDRESSED WERE HUMAN PROBLEMS AND ESTABLISH A SCHEDULE FACTORS, SYSTEMS FACTORS, AND OPERATOR

-APPROVED BY NRC FOR CORRECTING PREPAREDNESS FACTORS, THE DEFICIENCIES .

DEFICIENCIES, IDENTIFIED WERE ANALYZED FOR PROPER RESOLU-TION AND ASSIGNED PRIORITIES TO ASSIST IN DETERMINING A SCHEDULE FOR IMPLEMENTATION, EXHIBIT 36-1

ITEM I,D,1 (COflT'D)

PHASE III, WHICH IS CURRENTLY IN PROGRESS, INCLUDES PREPARATION AND PUBLICATION OF A PRELIMINARY REPORT, THE REVIEW HAS RESULTED IN APS INITIATING IMPLEMENTATION OF THE FOLLOWING TO DATE:

~ COLOR DEMARCATION

~ INSTRUMENT RELOCATION

~ ALARM PRIORI TIZATI ON

~ ADDITIONAL INSTRUMENTATION WHEN THE CRDR IS COMPLETED, A FINAL REPORT FOR SUBMITTAL TO THE NRC WILL BE PREPARED, THE SUBMITTAL DATE IS TARGETED FOR DECEMBER, 1981, EXHIBIT 36-2

Ol 0

ITEM I,D,2 PLANT SAFETY PARAMETER DISPLAY CONSOLE PER NUREG-0660, EACH APPLICANT AND LICENSEE IN COMPLIANCE, A SPDS IS BEING SHALL INSTALL A SAFETY PARAMETER DISPLAY DEVELOPED TO DISPLAY TO OPERATING SYSTEM (SPDS) THAT WILL DISPLAY TO PERSONNEL A MINIMUM SET OF PARAMETERS OPERATING PERSONNEL A MIldIMUM SET OF WHICH DEFINE THE SAFETY STATUS OF THE PARAMETERS WHICH DEFINE THE SAFETY STATUS PLANT, THE SPDS WILL PROVIDE CON-OF THE PLANT, THIS CAN BE ATTAINED THROUGH TINUOUS INDICATION OF DIRECT AND CONTINUOUS INDICATION OF DIRECT AND DERIVED DERIVED VARIABLES, THE REQUIREMENTS VARIABLES AS NECESSARY TO ASSESS PLANT OF NUREG-0696 WILL BE UTILIZED IN

-".,SAFETY STATUS. DEVELOPMENT AND INSTALLATION OF THE SPDS, EXHIBIT 3G-3

ITEM I I,B,3 POST ACCIDENT SAMPLING A DESIGN AND OPERATIONAL REVIEW OF THE IN COMPLIANCE (SEE SEC, 2,C,3)

RADIOLOGICAL SPECTRUM ANALYSIS FACILITIES SHALL BE PERFORMED TO DETERMINE THE CAPABILITY TO PROMPTLY QUANTIFY (IN LESS TllAN 2 HOURS) CERTAIN RADIONUCLIDES THAT ARE INDICATORS OF THE DEGREE OF CORE DAMAGE, IN ADDITION TO THE RADIOLOGICAL ANALYSES, CERTAIN CHEMICAL ANALYSES ARE NECESSARY FOR f'ION ITORI NG REACTOR CONDITIONS, PROCEDURES SHALL BE PROVIDED TO PERFORM BORON AND CHLORIDE CHEMICAL ANALYSES ASSUMING A HIGHLY RADIOACTIVE INITIAL SAMPLE (RG 1,3 OR 1,4 SOURCE TERN), BOTH ANALYSES SHALL BE CAPABLE OF BEING COMPLETED PROMPTLY (I,E THE BORON SAMPLE ANALYSIS WITHIN AN HOUR AND THE CHLORIDE SAMPLE ANALYSIS WITHIN A SHIFT),

EXHIBIT 36-4

ITEM II,D,3 DIRECT INDICATION OF RELIEF AND SAFETY-VALVE POSITION REACTOR COOLANT SYSTEM RELIEF AND PVNGS WILL COMPLY, PVNGS DOES NOT UTILIZE POWER SAFETY VALVES SHALL BE PROVIDED OPERATED RELIEF VALVES, THE PVNGS PRIMARY CODE WITH A POSITIVE INDICATION IN THE SAFETY VALVES, LOCATED AT THE TOP OF THE PRES-CONTROL ROOM DERIVED FROM A SURIZER, ARE HEADERED INTO THE REACTOR DRAIN TANK RELIABLE VALVE-POSITION DETECTION '(RDT) INSIDE CONTAINMENT, UPSTREAM OF THE DEVICE OR A RELIABLE INDICATION COMMON HEADER EACH CODE SAFETY VALVE IS MONITORED OF FLOW IN THE DISCHARGE PIPE, FOR SEAL LEAKAGE BY AN IN-LINE RESIST'IVE-TEMPERATURE DEVICE (REFER TO FSAR FIGURE 5,1-1).

INDIRECT INDICATION OF CODE SAFETY VALVE LEAKAGE IS PROVIDED BY AN INCREASE OF RDT PRESSURE AND A DECREASE OF PRESSURIZER PRESSURE AND PRESSURIZER LEVEL, MONITORED BY SAFETY-GRADE INSTRUMENTATION, POSITIVE INDICATION OF SAFETY VALVE POSITION WILL BE PROVIDED IN THE CONTROL ROOM, THE INSTRUMENTA-TION WILL BE ENVIRONMENTALLY QUALIFIED IN COMPLIANCE WITH REGULATORY GUIDE 1.89, A PLANT ANNUNCIATOR ALARM WILL BE PROVIDED TO ALARM VALVE OPENING, EXHIBIT 36-5

U G-O ITEM II,E,1.2, SUBPART 2 AUXILIARY FEEDWATER SYSTEM (AFWS) FLOWRATE INDICATION AS PER GDC 13 TO PROVIDE THE CAPABILITY IN IN COMPLIANCE, THE PVNGS DESIGN THE CONTROL ROOM TO ASCERTAIN THE ACTUAL INCLUDES CLASS IE MONITORING OF PERFORMANCE OF THE AFWS WHEN IT IS CALLED AUXILIARY FEEDWATER FLOW TO BOTH TO PERFORM ITS INTENDED FUNCTION, THE FOLLOW- STEAM GENERATORS, THESE FLOW ING REQUIREMENTS SHALL BE IMPLEMENTED: INDICATOR CHANNELS ARE DISPLAYED ON THE MAIN CONTROL BOARDS, CLASS IE (1) SAFETY-GRADE INDICATION OF AUXILIARY (SAFETY GRADE) PRESSURE INDICATORS FEEDWATER FLOW TO EACH STEAM GENERATOR LOCATED UP-STREAM OF THE MANUAL SHALL BE PROVIDED IN THE CONTROL ROOM, BLOCK VALVES AND CLASS IE STEAM GENERATOR LEVEL INDICATORS ARE ALSO (2) THE AUXILIARY FEEDWATER FLOW INSTRUMENT PROVIDED CHANNELS SHALL BE POWERED FROM THE EMERGENCY BUSES CONSISTENT WITH THE SAFETY GRADE PRESSURE, LEVEl, SATISFYING THE EMERGENCY POWER AND FLOW INDICATION CHANNELS ARE DIVERSITY REQUIREMENTS OF THE AUXILIARY POWERED FROM REDUNDANT CLASS IE FEEDWATER SYSTEM SET FORTH IN AUXILIARY BUSES, SYSTEMS BTP 10-1 OF THE SRP, SECTION 10,0,9, EXHIBIT 36-6

ITEM II,E,3,1 EMERGENCY POWER FOR PRESSURIZER HEATERS THE PRESSURIZER HEATER POWER SUPPLY DESIGN THE C-E INTERFACE REQUIREMENTS FOR SHALL PROVIDE THE CAPABILITY TO SUPPLY, THE PRESSURIZER HEATERS ARE INCORPORATED FROM EITHER THE OFFSITE POWER SOURCE OR INTO THE PVNGS DESIGN, THE EMERGENCY POWER SOURCE (WHEN OFFSITE POWER IS NOT AVAILABLE), A PREDETERMINED NUMBER OF PRESSURIZER HEATERS AND ASSO-CIATED CONTROLS NECESSARY TO ESTABLISH AND MAINTAIN NATURAL CIRCULATION AT HOT STANDBY CONDITIONS, THE REQUIRED HEATERS AND THEIR CONTROLS SHALL BE CONNECTED TO THE EMERGENCY BUSES IN A MANNER THAT WILL PROVIDE REDUNDANT POWER SUPPLY CAPABILITY, PRESSURIZER HEATER MOTIVE AND CONTROL POWER INTERFACES WITH THE EMERGENCY BUSES SHALL BE ACCOMPLISHED THROUGH DEVICES THAT HAVE BEEN QUALIFIED IN ACCORDANCE WITH SAFETY-GRADE REQUIREMENTS, EXHIBIT 36-7

PVNGS PRESSURIZER HEATERS ITEMi II.E,3,1 (CONT'D)

CAPACITY IE IE RESET FROM NUMBER OF HEATERS (KW) 480V BUS POWER . CONTROLS SIAS TRIP CONTROL ROON 5-3 ELEMENT GROUPS 750 NGN-Lll NO NO NO - N/A 5-3 ELEMENT GROUPS 750 NGN-L12 NO NO NO N/A 1-3 ELEMENT GROUPS 150 PGA-L33 TRAIN A TRAIN A YES NO 1-3 ELEMENT GROUPS 150 PGB-L32 TRAIN B TRAIN B YES NO I

EXHIBIT 36-8

U G 0 ITEM I I. E,4,2 CONTAINMENT ISOLATION DEPENDABILITY

1) CONTAINMENT ISOLATION SYSTEM DESIGNS 1) IN COMPLIANCE, A CONTAINMENT SHALL COMPLY WITH THE RECOMMENDATIONS ISOLATION SIGNAL IS DIVERSELY OF SRP SECTION 6,2.4 (I ETHAT THERE

~ GENERATED BY EITHER A HIGH BE DIVERSITY IN THE PARAMETERS SENSED CONTAINMENT PRESSURE SIGNAL FOR THE INITIATION OF CONTAINMENT (5 PSIG) OR A LOW PRESSURIZER ISOLATION). "

PRESSURE SIGNAL (1685 PSIG),

THE POWER ACCESS PURGE AND REFUELING PURGE ARE ADDITIONALLY ISOLATED BY HIGH CONTAINMENT PURGE RADIOACTIVITY, EXHIBIT 5G-9

ITEM II.E,4,2 (CONTINUED)

4) THE DESIGN OF CONTROL SYSTEMS FOR 4) IN COMPLIANCE, OVERRIDE OF A CIAS AUTOMATIC CONTAINMENT ISOLATION SIGNAL IS AVAILABLE FOR EACH CONTAIN-VALVES SHALL BE SUCH THAT RESETTING MENT ISOLATION VALVE VIA THE CONTROL THE ISOLATION SIGNAL WILL NOT SWITCH FOR THAT VALVE, RESETTING OF RESULT IN THE AUTOMATIC REOPENING A CIAS DOES NOT RESULT IN THE AUTO-OF CONTAINMENT ISOLATION VALVES, MATIC OPENING OF CONTAINMENT ISOLATION REOPENING OF CONTAINMENT ISOLATION VALVES, REOPENING REQUIRES OPERATOR VALVES SHALL REQUIRE DELIBERATE ACTION FOR EACH VALVE AND DOES NOT OPERATOR ACTION, COMPROMISE THE CONTAINMENT ISOLATION TIONN SIGNAL,

5) THE CONTAINMENT SETPOINT PRESSURE IN COMPLIANCE, ITEM 1 ABOVE IDENTIFIES THAT INITIATES CONTAINMENT ISOLA- 5 PSIG AS THE CONTAINMENT SETPOINT FOR NONESSENTIAL PENETRATIONS PRESSURE THAT INITIATES CONTAINMENT MUST BE REDUCED TO THE MINIMUM ISOLATION, CALCULATIONS ARE IN PROGRESS COMPATIBLE WITH NORMAL OPERATING CONFIRMING THAT THE TRIP SETPOINT CONDITIONS, REPRESENTS THE MINIMUM VALUE COMPATIBLE WITH NORMAL OPERATING CONDITIONS, EXHIBIT 3G-10

ITEM II,E,4,2 (CONTINUED)

6) CONTAIfJMENT PURGE AND VENT ISOLATION 6) IN COMPLIANCE, BOTH THE POWER ACCESS VALVES MUST CLOSE ON A HIGH PURGE AND THE REFUELING PURGE ISOLATE RADIATION .SIGNAL. ON HIGH CONTAINMENT PURGE RADIOACTIVITY, EXHIBIT 3G-ll

0 ITEM II,F,l ADDITIONAL ACCIDENT-MONITORING INSTRUMENTATION

1) NOBLE GAS EFFLUENT MONITORS SHALL BE INSTALLED WITH AN EXTENDED RANGE DESIGNED TO FUNCTION DURING ACCIDENT CONDITIONS AS WELL AS DURING NORMAL OPERATING CONDITIONS, MULTIPLE MONITORS ARE CONSIDERED NECESSARY TO COVER THE RANGES OF INTEREST, A) NOBLE GAS EFFLUENT MONITORS WITH AN IN COMPLIANCE (SEE SEC, 2,C,3) I UPPER RANGE CAPACITY OF 10~ Ci/cc (XE-133) ARE CONSIDERED TO BE PRACTICAL AND SHOULD BE INSTALLED IN ALL OPERATING PLANTS, B) NOBLE GAS EFFLUENT MONITORING SHALL IN COMPLIANCE (SEE SEC, 2,C,3)

BE PROVIDED FOR THE TOTAL RANGE OF CONCENTRATION'XTENDING FROM NORMAL CONDITION (AS LOW AS REASONABLY ACHIEVABLE (ALARA)) CONCENTRATIONS TO A MAXIMUM OF 105 Cr/cc (XE-133),

MULTIPLE MONITORS ARE CONSIDERED TO BE NECESSARY TO COVER THE RANGES OF INTEREST, THE RANGE CAPACITY OF INDIVIDUALMONITORS SHOULD OyERLAP BY A FACTOR OF TEN.

EXH IB IT 3G-12

ITEM I I,F,1 (CONTINUED)

E SI

2) BECAUSE IODINE GASEOUS EFFLUENT MONITORS IN COMPLIANCE, (SEE SEC, 2,C.3)

FOR THE ACCIDENT CONDITION ARE NOT CON-SIDERED TO BE PRACTICAL AT. THIS TIME, CAPABILITY FOR EFFLUENT MONITORING OF RADIOIODINES FOR THE ACCIDENT CONDITION SHALL BE PROVIDED WITH SAMPLING CON-DUCTED BY ADSORPTION ON CHARCOAL OR OTHER MEDIA, FOLLOWED BY ONSITE LABORATORY ANALYSIS,

3) IN CONTAINMENT RADIATION-LEVEL MONITORS IN COMPLIANCE, REDUNDANT 107 R/HR WITH A MAXIMUM RANGE OF 10 RAD/HR SHALL MONITORS ARE PROVIDED, BE INSTALLED, A f'lINIMUr'l OF TWO SUCH MON- (SEE SEC, 2,C,3)

ITORS THAT ARE PHYSICALLY SEPARATED SHALL BE PROVIDED, MONITORS SHALL BE DEVELOPED AND QUALIFIED TO FUNCTION IN AN ACCIDENT ENVIRONMENT, THIS REQUIREMENT WAS REVISED Ill THE OCTOBER 30, 1979 LETTER FROM H,R. DENTON TO ALL OPERATING NUCLEAR POWER PLANTS TO PROVIDE FOR A PHOTON-ONLY MEASUREMENT WITH AN UPPER RANGE OF 107 R/HR, EXHIBIT 36-13

ITEM I I,F,1 (CONT'D)

4) A CONTINUOUS INDICATION OF CONTAINMENT IN COMPLIANCE, (SEE SEC, 2,C,3,)

PRESSURE SHALL BE PROVIDED IN THE CONTROL ROOM OF EACH OPERATING REACTOR, MEASURE-f1ENT AND INDICATION CAPABILITY SHALL INCLUDE THREE TIMES THE DESIGN PRESSURE OF THE COf'lTAINMENT FOR CONCRETE, FOUR TIMES THE DESIGN PRESSURE FOR STEEL, AND

-5 PSIG FOR ALL CONTAINMENTS, EXHIBIT 36-14

U G-ITEM I I, F,1 (CONT'D)

EQ G

5) A CONTINUOUS INDICATION OF CONTAINMENT WATER IN COMPLIANCE, (SEE SEC, 2,C,3)

LEVEL SHALL BE PROVIDED IN THE CONTROL ROOM FOR ALL PLANTS, A NARROW RANGE INSTRUMENT SHALL BE PROVIDED FOR PWR'S AND COVER THE RANGE FROM THE BOTTOM TO THE TOP OF THE CONTAINMENT SUMP, A WIDE RANGE INSTRUMENT SHALL ALSO BE PROVIDED FOR PWR'S AND SHALL COVER THE RANGE FROM THE BOTTOM OF THE CONTAINMENT TO THE ELEVATION EQUIVALENT TO A 600,000 GALLON CAPACITY, FOR BWR'S, A WIDE RANGE INSTRUMENT SHALL BE PROVIDED AND COVER THE RANGE FROM THE BOTTOM TO 5 FEET ABOVE THE NORMAL WATER LEVEL OF THE SUPPRESSION POOL, EXHIBIT 3G-15

ITEM I I,F,1 (CONT'D)

U

6) A CONTINUOUS INDICATION OF HYDROGEN IN COMPLIANCE, CONTINUOUS INDICATION OF CONCENTRATION IN THE CONTAINMENT CONTAINMENT ATMOSPHERE HYDROGEN CONCENTRA-ATMOSPHERE SHALL BE PROVIDED IN THE TION IS AVAILABLE IN THE CONTROL ROOM CONTROL ROOM. MEASUREMENT CAPABILITY (INDICATION IS AVAILABLE WITHIN 30 MINUTES SHALL BE PROVIDED OVER THE RANGE OF OF THE INITIATION OF SAFETY INJECTION).,

0 TO 10X HYDROGEN CONCENTRATION UNDER (SEE SEC, 2,C,3)

BOTH POSITIVE AND NEGATIVE AMBIENT PRESSURE.

EXHIBIT 3G-16

NU G-O II,F,1 INSTRUMENTATION FOR DETECTION OF INADEQUATE CORE COOLING QU SG UR LICENSEES SHALL PROVIDE A DESCRIPTION OF ANY PVNGS WILL COMPLY, CONTROL ROOM INDICA-ADDITIONAL INSTRUMENTATION OR CONTROLS TION OF THE FOLLOWING PARAMETERS (SENSORS (PRIMARY OR BACKUP) PROPOSED FOR THE PLANT PROVIDED BY C-E) WILL BE PROVIDED AS TO SUPPLEMENT EXISTING INSTRUMENTATION INDICATION OF ICC:

(INCLUDING PRIMARY COOLANT SATURATION MONI-TORS) IN ORDER TO PROVIDE AN UNAMBIGUOUS, CORE EXIT THERMOCOUPLES EASY-TO- INTERPRET INDICATION OF INADEQUATE CORE COOLING (ICC), A DESCRIPTION OF THE SUBCOOLED MARGIN MONITOR FUNCTIONAL DESIGN REQUIREMENTS FOR THE SYSTEM SHALL ALSO BE INCLUDED, A DESCRIP- HEATED JUNCTION THERMOCOUPLES TION OF THE PROCEDURES TO BE USED WITH THE PROPOSED EQUIPMENT, THE ANALYSIS USED IN (SEE SEC, 2,C,3)

DEVELOPING THESE PROCEDURES, AND A SCHEDULE FOR INSTALLING THE EQUIPMENT SHALL BE

PROVIDED, EXHIBIT 36-17

U EG-0 3 II,6,1 POWER SUPPl IES FOR PRESSURIZER RELIEF VALVES, BLOCK VALVES AND LEVEL INDICATORS WIR E PER GDC 10, 14, 15, 17, AND 20 FOR THE EVENT OF LOSS-OF-OFFSITE POWER, THE FOLLOWING POSITIONS SHALL BE IMPLEMENTED:

POWER SUPPLY FOR PRESSURIZER RELIEF AND BLOCK PVNGS DOES NOT USE POWER-VALVES PND PRESSURIZER LEVEL INDICATORS OPERATED RELIEF VALVES OR BLOCK VALVES

1) MOTIVE AND CONTROL COMPONENTS OF THE POWER-OPERATED RELIEF VALVES (PORVS) SHALL BE CAPABLE OF BEING SUPPLIED FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE WHEN THE OFFSITE POWER IS NOT AVAILABLE,

2) MOTIVE AND CONTROL COMPONENTS ASSOCIATED WITH THE PORV BLOCK VALVES SHALL BE CAPABLE OF BEING SUPPLIED FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE WHEN THE OFFSITE POWER IS NOT AVAILABLE, EXtl IB IT 36-18

UR G-0 3 II,G,j. (CONTINUED) 9U SIG

3) MOTIVE AND CONTROL POWER CONNECTIONS TO THE EMERGENCY BUSES FOR THE PORVS AND THEIR ASSO CIATED BLOCK VALVES SHALL BE THROUGH DEVICES THAT HAVE BEEN QUALIFIED IN ACCORDANCE WITH SAFETY-GRADE REQUIREMENTS,

4) THE PRESSURIZER LEVEL INDICATION INSTRUMENT IN COMPLIANCE CHANNELS SHALL BE POWERED FROM THE VITAL INSTRUMENT BUSES, THE BUSES SHALL HAVE THE CAPABILITY OF BEING SUPPLIED FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE WflEN OFFSITE POWER IS NOT AVAILABLE, EXHIBIT 3h-l9

[JU G 0 I I I . A,1,2 UPGRADE EMERGENCY SUPPORT FACILITIES EACH OPERATING NUCLEAR POWER PLANT SHALL PVNGS WILL COMPLY, DISPLAY OF DATA AT THE MAINTAIN AN ONSITE TECHNICAL SUPPORT TSC AND EOF WILL BE IN ACCORDANCE WITH CENTER (TSC) SEPARATE FROM AND IN CLOSE NUREG 0696, PROXIMITY TO THE CONTROL ROOM THAT HAS THE CAPABILITY TO DISPLAY AND TRANSMIT PLANT STATUS TO THOSE INDIVIDUALS WHO ARE KNOWLEDGEABLE OF AND RESPONSIBLE FOR ENGINEERING AND MANAGEMENT SUPPORT OF REACTOR OPERATIONS IN THE EVENT OF AN ACCIDENT, THE CENTER SHALL BE HABIT-ABLE TO THE SAME DEGREE AS THE CONTROL ROOM FOR POSTULATED ACCIDENT CONDITIONS, THE LICENSEE SHALL REVISE HIS EMERGENCY PLANS AS NECESSARY TO INCORPORATE THE ROLE AND LOCATION OF THE TSC, RECORDS THAT PERTAIN TO THE AS-BUILT CONDITIONS AND LAYOUT OF STRUCTURES, SYSTEMS, AND COMPONENTS SHALL BE READILY AVAILABLE TO PERSONNEL IN THE TSC, EXHIBIT 3G-20

I I I, A,1,2 (CONTI NUED)

AN OPERATIONAL SUPPORT CENTER (OSC) SHALL PVNGS WILL COMPLY (CONT'D)

BE ESTABLISHED SEPARATE FROM THE CONTROL ROOM AND OTHER EMERGENCY RESPONSE FACILITIES AS A PLACE WHERE OPERATIONS SUPPORT PERSONNEL CAN ASSEMBLE AND REPORT IN AN EMERGENCY SITUATION TO RECEIVE INSTRUCTIONS FROf1 THE OPERATING STAFF, COMMUNICATIONS SHALL BE PROVIDED BETWEEN THE OSC, TSC, EOF, AND CONTROL ROOM.

AN EMERGENCY OPERATING FACILITY (EOF)

WILL BE OPERATED BY THE LICENSEE FOR CON-TINUED EVALUATION AND COORDINATION OF ALL LICENSEE ACTIVITIES RELATED TO AN EMERGENCY HAVING OR POTENTIALLY HAVING ENVIRONMENTAL CONSEQUENCES.

EXHIBIT 5G-21

4, ADDITIONAL ITENS OF CONCERN EXHIBIT 4-i

ADDI IO I S 0 CO CS 0 D S G 222,01 oss o No -C s I I s u C o o G 0 0 o (I IF REACTOR CONTROLS AND VITAL INSTRUMENTS DERIVE COVERED IN AC REVIEW BOARD POWER FROM COMMON ELECTRICAL DISTRIBUTION SYSTEMS'HE AS OPEN ITEM No< 10s FAILURE OF SUCH ELECTRICAL DISTRIBUTION SYSTEMS (PROVIDED IN SECTION 5)

MAY RESULT IN AN EVENT REQUIRING OPERATOR ACTION CONCURRENT WITH FAILURE OF IMPORTANT INSTRUMENTA- 'HIS TION UPON WHICH THESE OPERATOR ACTIONS SHOULD BE RESPONSE WILL BE IN AN BAsEDs THIs coNGERN wAs ADDREssED IN IE BuLLETIN FSAR AMENDMENT, 79-27, ON NOYEMBER 30, 1979, IE BuLLETIN 79-27 WAS SENT To OPERATING LICENSE (OL) HOLDERS'HE NEAR TERM OL APPLICANTS (NORTH ANNA 2g DIABLO CANYONS MCGUIRE'ALEM 2g SEQUOYAHg AND ZIMMER)i AND OTHER HOLDERS OF CONSTRUCTION PERMITS (CP)g INCLUDING PALO VERDE, OF THESE RECIPIENTS, THE CP HOLDERS WERE NOT GIVEN EXPLICIT DIRECTION FOR MAKING A SUBMITTAL AS PART OF THE LICENSING REVIEW, HOWEVERS THEY WERE INFORMED THAT THE ISSUE WOULD BE ADDRESSED LATER>

EXHIBIT I$ -1 6-8-81

0 4, DDI IOJ I S 0 0 ICS C C D SIG LJ 222.01 (CONT D)

YOU ARE REQUESTED TO ADDRESS THIS ISSUE BY TAKING IE BULLETIN 79-27 ACTIONS 1 THRU 3 UNDER "ACTIONS To BE TAKEN BY LICENSEES s WITHIN THE RESPONSE TIME CALLED FOR IN THE ATTACHED TRANSMITTAL LETTERS COMPLETE THE REVIEW AND EVALUATION REQUIRED BY ACTIONS 1 THRU 3 AND PROVIDE A WRITTEN RESPONSE DESCRIBING YOUR REVIEWS AND ACTIONS< THIS REPORT SHOULD BE IN THE FORM OF AN AMENDMENT To YOUR FSAR AND SUBMITTED TO THE NRC OFFICE OF NUCLEAR REACTOR REGULATION AS A LICENSING SUBMITTAL<

EXHIBIT 4-2 6-8-81

4, ADDI IO I S 0 CO I S CO D S G U 222,02 G (S s C IF SAFETY EQUIPMENT DOES NOT REMAIN IN ITS EMERGENCY SEE EXHIBITS 4-5 THRU 4-12 MODE UPON RESET OF AN ENGINEERED SAFEGUARDS ACTUATION SIGNALS SYSTEM MODI F I CATION'ESIGN CHANGE OR OTHER PROTECTIVE ACTION OF THE AFFECTED EQUIPMENT IS NOT COMPROMISED ONCE THE ASSOCIATED ACTUATION SIGNAL IS RESET, THIS ISSUE WAS ADDRESSED IN IE BULLETIN 80-06 (ENCLOSED) s FOR FACILITIES WITH OPERATING LICENSES AS OF NARCH Uy 1980'E BULLETIN 80-06 REQUIRED THAT REVIEWS BE CONDUCTED BY THE LICENSEES TO DETERMINE WHICH'F ANY'AFETY FUNCTIONS MIGHT BE UNAVAILABLE AFTER RESETS AND WHAT CHANGES COULD BE IMPLEMENTED TO CORRECT THE PROBLEM<

FOR FACILITIES WITH A CONSTRUCTION PERMIT INCLUDING OL APPLICANTS BULLETIN 80-06 WAS ISSUED FOR INFOR-MATION ONLY'XHIBIT 4-5 6-8-81

4, DI 10 L S 0 CO ICSB CO C 222.02 (CONT D)

THE NRC STAFF HAS DETERMINED THAT ALL CP HOLDERS, AS A PART OF THE OL REVIEW PROCESS ARE TO BE REQUESTED To ADDRESS THIS ISSUEs ACCORDINGLY> YOU ARE REQUESTED TO TAKE THE ACTIONS CALLED FOR IN BULLETIN 80-06 ACTIONS 1 THRU 4 UNDER ACTIONS TO BE TAKEN BY LICENSEES, HITHIN THE RESPONSE TIME CALLED FOR IN THE ATTACHED TRANSMITTAL LETTERS COMPLETE THE REVIEW VERIFICATIONS AND DESCRIPTIONS OF CORRECTIVE ACTIONS TAKEN OR PLANNED AS STATED IN ACTION 1 THRU 3 AND SUBMIT THE REPORT CALLED FOR IN ACTIONS ITEM } THE REPORT SHOULD BE SUBMITTED TO THE NRC OFFICE OF NUCLEAR REGULATION AS A LICENSING SUBMITTAL IN THE FORM OF AN FSAR AMENDMENT, EXHIBIT 4-4 6-8-81

ADDI IONA I S 0 CO C N CS CO C S G 222,02 (CoNT D)

THE ENGINEERED SAFETY FEATURES (ESF) ACTUATION SIGNALS INCORPORATED IN THE PVNGS DESIGN I'NCLUDEl

1) NSSS ESFAS CONTAINMENT ISOLATION ACTUATION SIGNAL (CIAS)

CONTAINMENT SPRAY ACTUATION SIGNAL (CSAS)

HAIN STEAM ISOLATION SIGNAL (MSIS)

SAFETY INJECTION ACTUATION SIGNAL (SIAS)

RECIRCULATION ACTUATION SIGNAL (RAS)

AUXILIARY FEEDWATER ACTUATION SIGNALS (AFAS) 1 AND 2i

2) AND BOP ESFAS FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SIGNAL (FBEVAS)

CONTAINMENT PURGE ISOLATION ACTUATION SIGNAL (CP IAS)

CONTROL ROOM VENTILATION ISOLATION ACTUATION SIGNAL (CRVIAS)

CONTROL ROOM ESSENTIAL FILTRATION ACTUATION SIGNAL (CREFAS),

EXHIBIT 4-5 6-8-81

ADDI IO A I S 0 CO CE D S 6 222.02 (CONT D)

MANUAL RESET OF THE ESF ACTUATION SIGNALS IN BOTH THE NSSS AND BOP SYSTEMS DESIGN CAN BE PERFORMED ONLY AFTER THE INITIATING SIGNALS> IsEs LOW PRES-SURIZER PRESSUREg HAVE CLEARED, RESET SWITCHES ARE LOCATED AT THE PPS, ESFAS AUXILIARY RELAYS AND BOP ESFAS CABINETS, PVNGS EQUIPMENT WHICH MAY CHANGE POSITION FROM THE SAFETY OR EMERGENCY STATE ON RESET OF AN ESF ACTU-ATION SIGNAL IS IDENTIFIED IN TABLE 1s THESE ACTUATED DEVICES CAN BE CATEGORIZED AS FOLLOWS'XHIBIT 4-6 6-8-81

4, D IO SO OC DS6 U 222,02 (CONT D)

As CERTAIN ACTUATED DEVICES~ I E JOG TYPE VALVES s s OR THE ESF LOAD SEQUENCERp REQUIRE A MAINTAINED ESF SIGNAL THROUGH COMPLETION OF THEIR SAFETY FUNCTION, IF AN ESF ACTUATION SIGNAL IS RESET PRIOR TO COMPLETION OF VALVE STROKE OR COMPLETION OF ESF LOAD SEQUENCING'HE VALVE WILL STOP MID-TRAVEL OR THE SEQUENCER WILL NOT COMPLETE SEQUENCING ON THE REQUIRED EQUIPMENT (EQUIPMENT ALREADY SEQUENCED OR DOES NOT STOP) ) SINCE COMPLETION OF THESE ACTIONS TAKES NO MORE THAN 60 SECONDS'SF ACTUATION SIGNAL RESET IS NOT CONSIDERED, ESF ACTUATION'OLLOWED BY CLEARING OF THE INITIATING SIGNALS WITH THE REQUIREMENT OF MANUAL RESET AT THE APPROPRIATE CABINET ALL OCCURRING WITHIN A SHORT PERIOD OF TIME ( 1 MIN)

IS NOT CREDIBLE UNDER TRUE ACCIDENT CONDITIONS)

NO MODIFICATION TO THESE EQUIPMENT CONTROL CIRCUITS I S REQUIRED s EXHIBIT 4-7 6-8-81

C 0 C 222,02 (CoNT D)

Bs AN S IAS IS EMPLOYED IN SOME INSTANCES TO TRIP NON-ESF EQUIPMENT OFF THE IE BUSES) THIS EQUIPMENT IS CONSID-ERED IMPORTANT TO PROTECT OTHER EQUIPMENT SUCH AS CEDN'S, THE DESIGN ALLOWS AUTOMATIC RESTART OF THIS HVAC EQUIPMENT AND THE PRESSURIZER HEATERS ON PROCESS DEMAND AFTER THE SIAS IS RESETs THIS DESIGN RELIEVES THE OPERATOR FROM MANUALLY RESTARTING THIS EQUIPMENT IN THE CASE OF A SPURIOUS SIAS OR A .SMALL BREAK LOCAe THIS WILL MINIMIZE THE POTENTIAL FOR EQUIPMENT DAMAGE LEADING TO REPAI R AND PERSONNEL EXPOSURE ) IN THE CASE OF A VALID S IASp RESETTING OF THE SIAS IS NOT REQUIRED IN THE SHORT TERMS AND THE'OPERATOR CAN OVERRIDE THE SIAS TO MANUALLY RESTART THIS EQUIPMENT AS REQUI RED s EXHIBIT 4-8 8-4-81

4, ADDITIONAL ITEMS 0 CO JC CO R DESlh 222,02 (CoNT D)

C, CERTAIN ACTUATED DEVICES HAVE DIFFERENT SAFETY MODES IN RESPONSE TO DIFFERENT ESF ACTUATION SIGNALS IN THE EVENT THAT ESF ACTUATION SIGNALS REQUIRING BOTH SAFETY MODES OCCURS ONE SAFETY MODE BY DESIGN WILL HAVE PRIORITY> ON RESET OF THAT PARTICULAR ESF ACTUATION SIGNALS THE ACTUATED DEVICE WILL CHANGE POSITION TO THE SAFETY MODE REQUIRED BY THE REMAINING ESF ACTUATION SIGNALs THIS MEANS OF CONTROL DOES NOT DEFEAT REQUIRED ESF SYSTEM FUNCTIONS'ND NO MODIFICATION IS REQUIRED TO THESE EQUIPMENT CONTROL CIRCUITS s D, THE AFAS 1 AND AFAS 2 SIGNALS TO THE AUXILIARY FEEDWATER VALVES ARE DESIGNED TO CYCLE BASED ON STEAM GENERATOR LEVEL> THIS AUTOMATIC RESETTING OF THE AFAS 1 AND AFAS 2 DOES NOT AFFECT THE AFAS 1 AND AFAS 2 SIGNALS TO OTHER ACTUATED EQUIPMENTs THE AUXILIARY FEEDWATER VALVE CYCLING REPRESENTS THE DESIRED ESF SYSTEM FUNCTION AND NO MODIFICATION IS REQUIRED TO THE EQUIPMENT CONTROL CIRCUITSa EXHIBIT 4-9 6-8-81

IDENTIFICATION OF ACTUATED DEVICES WHICH CHANGE POSITION ON RESET OF ESF ACTUATION SIGNAL ESF ELEMENTARY ACTUATION SAFETY ACTION OF ESF CORRECTIVE ACTUATED DEVICE TAG NO. DIAGRAM SIGNAL MODE ACTUATION SIGNAL RESET ACTION AUXILIARY FEEDWATER J-AFB-HV-30 13- E-AFB-003 AFAS-1 OPEN/CLOSE VALVES CYCLE ON AFAS-1 NONE (D)

REGULATING VALVES J-AFA-HV-32 13- E-AFB-004 TO SG 1 AUXILIARY FEEDWATER J-AFB-HV-31 13- E-AFB-003 AFAS-2 OPEN/CLOSE VALVES CYCLE ON AFAS-2 NONE (D)

REGULATING VALVES J-AFC-HV-33 13-E-AFB-006 TO SG 2 AUXILIARY FEEDWATE R J-AFB-UV-34 13-E-AFB-005 AFAS-1 OPEN/CLOSE VALVES CYCLE ON AFAS-1 NONE (D)

ISOLATION VALVES J-AFC-UV-36 13-E-AFB-011 TO SG 1 AUXILIARY FEEDWATER J-AFB-UV-35 13-E-AFB-005 AFAS-2 OPEN/CLOSE VALVES CYCLE ON AFAS-2 NONE (D)

ISOLATION VALVES J-AFA-UV-37 13-E-AFB-010 TO SG 2 CEDM NORMAL ACU M-HCN-A02A, 13-E-HCB-001 SIAS STOPS RETURNS TO AUTO IF NOT NONE (B)

FANS -A02B,-A02C, 13-E-HCB-002 IN "PULL-TO-LOCK" 8t A02D CONTAINMENT NORMAL M-HCN-AOlA, 13-E-HCB-004 SIAS STOPS RETURNS TO AUTO IF NOT NONE (e)

ACU FANS -Aole,-A01C, 13-E-HCB-005 IN "PULL-TO-LOCK" 8 AOlD FUEL BUILDING M-HFA-M05 13-E-HFB-005 SIAS CLOSES SIAS IS THE PRIORITY NONE (C)

ESSENTIAL EXHAUST M-HFB-M05 FBEVAS OPENS MODE. ON RESET OF AFU DAMPERS SIAS, DAMPERS WILL RE-OPEN IF FBEVAS IS PRESENT.

EXHIBIT 4-10 6-8-81

IDENTIFICATION OF ACTUATED DEVICES WHICH CHANGE POSITION ON RESET OF ESF ACTUATION SIGNAL SHEET 2 ESF ELEMENTARY ACTUATION SAFETY ACTION OF ESF CORRECTIVE ACTUATED DEVICE TAG NO. DIAGRAM SIGNAL MODE ACTUATION SIGNAL RESET ACTION o AUXILIARY BUILDING M-HFA-M06 13-E-HFB-011 SIAS OPENS SIAS IS THE PRIORITY NONE (C)

ESSENTIAL EXHAUST M-HFB-M06 FBEVAS CLOSES MODE. ON RESET OF AFU DAMPERS SIAS, DAMPERS WILL RE-OPEN IF FBEVAS IS PRESENT.

o CONTROL ROOM M-HJA-024 13-E-HJB-024 SIAS OPENS CRVIAS IS THE PRIORITY NONE (C)

ESSENTIAL AHU OSA & -M03 CREFAS CLOSES MODE. ON RESET OF INTAKE DAMPERS M-HJB-M02 CRVIAS CRVIAS, DAMPERS WILL 8 -M03 RE-OPEN IF SIAS OR CREFAS IS PRESENT.

o PRESSURIZER BACKUP M-RCE-A5, 13-E-RCB-010 SIAS STOPS RETURNS TO AUTO IF NOT NONE (B)

HEATERS -A14,-Bl, IN "PULL-TO-LOCK"

-B9,-B10, 8( -B18 o ESF LOAD SEQUENCERS J-SAA-C02A 13-E-SAB-004 CSAS SEQUENTIAL RESET OF SEQUENCER NONE (A)

J-SAB-C02B SIAS STARTING OUTPUTS DEPENDING ON AFAS-1 OF ESF ESF ACTUATION SIGNALS AFAS-2 PUMPS AND PRESENT. RESET OF fBEVAS FANS SEQUENCER OUTPUTS DOES CRVIAS NOT RESET ANY ACTUATED CREFAS EQUIPMENT. RESET PRIOR TO COMPLETION OF SEQUENCING TERMINATES SEQUENCE.

o SG 2 TO AUXILIARY J-SGA-UV-138 13-E-SGB-002 AFAS-2 OPENS IF AFAS-1 HAS PRIORITY. NONE (C)

FEEDWATER PUMP A AFAS-1 IS ON RESET OF AFAS-1, STEAM SUPPLY VALVE NOT PRESENT VALVE WILL OPEN If AFAS-2 IS PRESENT.

EXHIBIT 4-11 6-8-81'

Ol IDENTIFICATION OF ACTUATED DEVICES WHICH CHANGE POSITION ON RESET OF ESF ACTUATION SIGNAL SHEET 3 ESF ELEMENTARY ACTUATION SAFETY ACTION OF ESF CORRECTIVE ACTUATED DEVICE TAG NO. DIAGRAM SIGNAL MODE ACTUATION SIGNAL RESET ACTION

~ LP SAFETY INJECTION M-S IA-Pol 13- E-S I B-002 SIAS (VIA STARTS RAS IS THE PRIORITY NONE (C)

PUMPS M-S I B-Pol SEQUENCER) . MODE. ON RESET OF RAS STOPS RAS, PUMPS WILL RE-START IF SIAS (VIA SEQUENCER) IS PRESENT.

~ SAFETY INJECTION J-S IA-UV-634 13-E-SIB-005 SIAS OPENS JOG TYPE VALVES MAY NONE (A)

TANK ISOLATION 8 -644 13- E-S I B-006 STOP MID-TRAVEL.

VALVES J-S I B-UV-614 BREAKERS ARE LOCKED 5 -624 OPEN DURING POWER OPERATION.

~ LPSI FLOW CONTROL J-SIB-UV-615 13-E-S I 8-007 SIAS OPENS JOG TYPE VALVES MAY NONE (A)

TO REACTOR COOLANT 5 -625 13- E-S I B-008 STOP MID-TRAVEL VALVES J-S IA-UV-625

& -645

~ HPSI FLOW CONTROL J-S IA-UV- 13- E-S I B-009 SIAS OPENS JOG TYPE VALVES MAY NONE (A)

TO REACTOR COOLANT -617,-627, 13- E-S I 8-010 STOP MID-TRAVEL VALVES -637,-647, 13-E-SIB-011 J-S IB-UV- 13-E-S I B-012

-616,-626,

-636,-646

~ CONTAINMENT SPRAY J-SIA-UV-672 13-E-S IB-020 CSAS OPENS JOG TYPE VALVES MAY NONE (A)

CONTROL VALVES J-S IB-UV-671 I STOP MID-TRAVEL

~ NORMAL CHILLER M-WCN-E01A 13-E-WCB-001 SIAS STOPS RETURNS TO AUTO IF NOT NONE (B)

IN "PULL-TO-LOCK" EXHIBIT 4-12 6-8-81

4, S 0 C S h 222,03 IN REVIEW c 9-OPERATING REACTOR LICENSEES WERE INFORMED BY IE INFORMATION NOTICE 79-22'SSUED SEPTEMBER 19'979, THAT CERTAIN NON-SAFETY GRADE OR CONTROL EQUIPMENTS IF SUBJECTED TO THE ADVERSE ENVIRONMENT OF A HIGH ENERGY LINE BREAK> COULD IMPACT THE SAFETY ANALYSES AND THE ADEQUACY OF THE PROTECTION FUNCTIONS PERFORMED BY THE SAFETY GRADE EQUIPMENTs ENCLOSED IS A COPY OF IE INFORMATION NOTICE 79-22, AND REPRINTED COPIES OF AN AUGUST 20'979 HEST INGHOUSE LETTER AND A SEPTEMBER 10, 1979 PUBLIC SERVICE ELECTRIC AND GAS COMPANY LETTER WHICH ADDRESS THIS MATTER s OPERATING REACTOR LICENSEES CONDUCTED REVIEWS TO DETERMINE WHETHER SUCH PROBLEMS COULD EXIST AT OPERATING FAC I LIT I ES i EXHIBIT 4-U 6-8-81

4, 222,05 (CONT'D)

NE ARE CONCERNED THAT A SIMILAR POTENTIAL MAY EXIST AT L I GHT WATER FAC I LIT I ES NOW UNDER CONSTRUCT ION s YOU ARE> THEREFORE'EQUESTED TO PERFORM A REVIEW TO DETERMINE WHAT> IF ANY'ESIGN CHANGES OR OPERATOR ACTIONS WOULD BE NECESSARY TO ASSURE THAT HIGH ENERGY LINE BREAKS WILL NOT CAUSE SYSTEM FAILURES TO COMPLI-CATE THE EVENT BEYOND YOUR FSAR ANALYSIS PROVIDE THE RESULTS OF YOUR REVIEWS INCLUDING ALL IDENTIFIED PROBLEMS AND THE MANNER IS WHICH YOU HAVE RESOLVED THEM TO NRR THE SPECIFIC SCENARIOS DI'SCUSSED IN THE ABOVE REFERENCED NESTINGHOUSE LETTER ARE TO BE CONSIDERED AS EXAMPLES OF THE KIND OF INTERACTIONS WHICH MIGHT OCCUR YOUR REVIEW SHOULD INCLUDE THOSE SCENARIOS>

WHERE APPLICABLE'UT SHOULD NOT NECESSARILY BE LIMITED TO THEM APPLICANTS WITH OTHER LHR DESIGNS SHOULD CONSIDER ANALOGOUS INTERACTIONS AS RELEVANT TO THEIR DES IGNS s EXHIBIT 4-14 6-8-81

4, SB C DESlh U E 222,04 THE ANALYSIS REPORTED IN CHAPTER 15 OF THE FSAR IN REVIEW ARE INTENDED TO DEMONSTRATE THE ADEQUACY OF SAFETY SYSTEMS IN MITIGATING ANTICIPATED OPERATIONAL OCCURRENCES AND ACC I DENTS s BASED ON THE CONSERVATIVE ASSUMPTIONS MADE IN DEFINING THESE DESIGN BASIS EVENTS AND THE DETAILED REVIEW OF THE ANALYSES BY THE STAFFS IT IS LIKELY THAT THEY ADEQUATELY BOUND THE CONSEQUENCES OF SINGLE CONTROL SYSTEM FAILURES)

TO PROVIDE ASSURANCE THAT THE DESIGN BASIS EVENT ANALYSES ADEQUATELY BOUND OTHER MORE FUNDAMENTAL CREDIBLE FAILURES YOU ARE REQUESTED TO PROVIDE THE FOLLOWING INFORMATIONl

1) IDENTIFY THOSE CONTROL SYSTEMS WHOSE FAILURE OR MALFUNCTION COULD SERIOUSLY IMPACT PLANT SAFETY s EXHIBIT 4-15 6-8-81

4, ADDITIONAL I E S 0 CONCF

. ICSB CO C DSb UR 222,04 (CONT D)

2) INDICATE WHICH'F ANY'F THE CONTROL SYSTEMS IN REVIEW (CONT'D)

IDENTIFIED IN (1) RECEIVE POWER FROM COMMON POWER SOURCES s THE POWER SOURCES CONSIDERED SHOULD INCLUDE ALL POWER SOURCES WHOSE FAILURE OR MALFUNCTION COULD LEAD TO FAILURE OR MAL-FUNCTION OF MORE THAN ONE CONTROL SYSTEM AND SHOULD EXTEND TO THE EFFECTS OF CASCADING POWER LOSSES DUE TO THE FAILURE OF HIGHER LEVEL DISTRIBUTION PANELS AND LOAD CENTERS<

3) INDICATE WHICH, IF ANY'F THE CONTROL SYSTEMS IDENTIFIED IN (1) RECEIVE INPUT SIGNALS FROM COMMON SENSORSs THE SENSORS CONSIDERED SHOULD INCLUDEg BUT SHOULD NOT NECESSARILY BE LIMITED Top COMMON HYDRAULIC HEADERS OR IMPULSE LINES FEEDING PRESSUREg TEMPERATURE> LEVEL OR OTHER SIGNALS TO TWO OR MORE CONTROL SYSTEMS s EXHIBIT 4-16 6-8-81

ADDI IO I S 0 CO C S 0 222.04 (CoNT D)

4) PROVIDE JUSTIFICATION THAT ANY SIMULTANEOUS IN REVIEW (CONT D)

MALFUNCTIONS OF THE CONTROL SYSTEMS IDENTIFIED IN (2) AND (3) RESULTING FROM FAILURES OR MALFUNCTIONS OF THE APPLICABLE COMMON POWER SOURCE OR SENSOR ARE BOUNDED BY THE ANALYSES IN CHAPTER 15 AND WOULD NOT REQUIRE ACTION OR RESPONSE BEYOND THE CAPABILITY OF OPERATORS OR SAFETY SYSTEMS)

EXHIBIT 4-17 6-8-81

5.

BACI(GROUND I NFORNAT I ON EXHIBIT 5->

t PVNGS DESIGN DEVELOPMENT THE PVNGS DESIGN DEVELOPMENTS REPRESENTED AROUND THE DESIGN IN FIGURE CRITERIA> WHICH ACT AS THE HUB OF THE DESIGN B-lr IS CENTERED THESE CRITERIA ARE REVIEWED AND APPROVED BY THE OWNER AND ESTABLISH THE SCOPE OF THE SYSTEMS THEY ARE ASSEMBLED IN THREE VOLUMES ENTITLED DESIGN CRITERIA MANUAL PALO VERDE UNITS li 2 AND 3" AND REFLECT ALL THE DESIGN CRITERIA FOR THE PLANTi THIS IS A DYNAMIC DOCUMENT THAT IS UPDATED AS NEW CRITERIA ARE INCORPORATED INTO THE PLANT DESIGNs AS SHOWN IN FIGURE B-lr A SERIES OF DOCUMENTS ESTABLISH THE CRITERIA'NCLUDING UTILITY OR OWNER-APPLICANT S SPECIFIC REQUIRE-MENTS'TANDARD NSSS SYSTEM 80 LICENSING AND BALANCE OF PLANT (BOP)

INTERFACE REQUIREMENTS'ND THE ENGINEER S BOP INFORMATION (SCHEDULEg IGNIS INTERFACES> LICENSING> BASIC CR ITER I Ag PRIDS> AND SINGLE LINE DRAW-INGS) i THESE ALL SERVE AS INPUT TO THE DESIGN CRITERIA HUBB WHICH BY AN ITERATIVE PROCESS RESULTS IN APPLICANT LICENSING DOCUMENTS'EVEL-OPMENT OF THE MODULAR PLANT ARRANGEMENT AND THE STANDARD DES AND FEEDBACK FROM THE REGULATORS'ROM THIS'ROCUREMENT SPECIFICATIONS' SYSTEM DESCRIPTIONS'CHEDULES'ONSTRUCTION SPECIFICATIONS'EST SPECIFICATIONS'ND THE STATION MANUAL ARE DEVELOPED'HE PLANT ARRANGEMENT IS'ALSO DERIVED FROM THE DESIGN CRITERIA'S REPRESENTED BY A THREE-QUARTER INCH TO THE FOOT SCALE MODEL OF THE PVI'lGS POWER BLOCK> THE MODE L I S USED TO DER I VE DETAI LED CONSTRUCTION DRAW I NGS AND PLANNING PHOTOGRAPHS'N

SUMMARY

> ONE SET OF DOCUMENTS ESTABLISH THE CRITERIA'ROM THIS SETg DESCRIPTIONS ARE PUT INTO LICENSING DOCUMENTS AND KEPT CURRENT BY CONTINUING REVIEWS MULTI-DISCIPLINE REVIEWS ARE CARRIED OUT WHERE DIFFERENT DISCIPLINES GET TOGETHER AT THE MODEL AND ANALYZE THE SYSTEMS'SSESSING THE DESIGNS SAFETY'EPARATION AND ALL CRITERIA'O ENSURE THAT THE SYSTEM MEETS THE ESTABLISHED CRITERIA THIS PROCESS GENERALLY TAKES TWO TO THREE YEARS TO ASSURE THAT THE DESIGN IS CORRECT AND REFLECTS ALL THE REQUIREMENTS'XHIBIT 5-1

UTILITY APPLICANT SPECIFIC Rf QUIREMENTS

~

STANDARD

'NSSS STANDARD LI C EN SIN G APPROVAL

'TILITY APPLICANT LICENSING DOCUMENTS

~ BOP INTERFACE REOUIREMENTS

~ DESIGN CRITERIA DEVELOPMENT OF STANDARD DESIGN ENGINEER'S PLANT ARRANGEMENT BALANCE OF PLANT DESIGN ~ PROCUREMENT INFORMATION MODULAR MODEL SPECIFICATIONS CONCEPT

~ SYSTEM

~ DESCRIPTIONS SCHEDULE

~ BOP INTERFACE

~ ENGINEERING SCHEDULE

~ LICENSING

~ CONSTRUCTION

~ BASIC CRITERIA SPECIFICATIONS

~ PAID'S ~ DETAILED

~ TEST CONSTRUCTION

~ SINGLE LINES SPECIFICATIONS DRAWINGS

~ STATION

~ PLANNING MANUAL PHOTOGRAPHS PVNGS DESIGN DEVELOPMENT FIGURE 5-1

0 RESPONSE TO IE BULLETIN 79-27 (Ref: Response to Class IE AC Power Systems Design Review Board Open Item 810)

ACTION 810 Provide the results of Bechtel's review of NRC IE Bulletin 79-27 relating to the design of PVNGS Has Bechtel looked at conditions brought about by the failure of a non-Class IE bus? (pages 165-175)

RESPONSE

IE Bulletin 79-27 addressed three review areas'hese were:

1. Revie~ the Class 1-E and non-Class 1-E buses supplying power to safety and non-safety related instrumentation and control systems which could affect the ability to achieve a cold shutdown condition using existing procedures or procedures developed under item 2 below. For each bus:

a) identify and review the alarm and/or indication provided in the control room to alert the operator to the loss of po~er to the busi b) identify the instrument and control system loads connected to the bus and evaluate the effects of loss of power to these loads including the ability to achieve a cold shutdown condition; c) describe any proposed design modifications resulting from these reviews and evaluations, and your proposed schedule for implementing those modifications .

2. Prepare emergency procedures or review existing ones that will be used by control room operators, including procedures required to achieve a cold shutdown condition, upon loss of power to each Class 1-E and non-Class 1-E bus supplying power to safety and non-safety related instrument and control systems. The emergency procedures should. include:

a) the diagnostics/alarms/indicators/symptom resulting from the review and evaluation conducted per item 1 above; Exhibit 5-2

b) the use oi alternate indication and/or coi. ol circuits which may be powered from other non-Class 1-E or Class 1-E instrumentaton and control buses; c) methods for restoring power to the bus.

Describe any proposed design modifications or administrative controls to be implemented resulting from these procedures, and your proposed schedule for implementing the changes.

3. 'e-review IE Circular No. 79-02, Failure of 120 Volt Vital AC Po~er Supplies, dated January Il, 1979, to include both Class 1-E and non-Class 1-E safety related power supply inverters. Based on a review of operating experience and your re-review of IE Circular No. 79-02, describe any proposed design modifications or administrative controls to be implemented as a result of the re-review.

EVALUATION OF DESIGN In general, our review has determined that the PVNGS design consists of two ungrounded non-Class IE 120 Vac instrument distribution panels E-NNN-Dll and E-NNN-D12 and four ungrounded vital (Class IE) 120 Vac instrument distri-bution panels E-PNA-D25, E-PNB-D26, E-PND-D27, and E>>PND-D28.

Each ungrounded nonClass IE Vac instrument distribution panel is normally supplied from a 480 Vac non-Class IE motor control center through a voltage regulator-'ransformer to a transfer switch A back-up source is provided

~

from a 480 Vac Class IE motor control center through a Class IE voltage regulator-transformer as an isolation device to the transfer switch. The transfer switch automatically transfers, upon loss of power on the normal source, to the back-up sources Manual transfer is required to return to the normal sources The distribution panel is fed from the transfer switch through a panel feeder breaker. Distribution to the instrument cabinets is through branch circuit breakers .

Each ungrounded vital (Class IE) 120 Vac instrument distribution panel is normally supplied from a 125 Vdc Class IE control center through an inverter to a manual transfer switch. A back-up source is provided from a 480 Vac non-Class IE motor control center through a voltage regulatortransformer to the manual transfer switch. The distribution panel is fed from the transfer switch through a panel feeder breaker.

Our specific response to item l.a is that an alarm for each non-Class IE instrument distribution panel is provided to the operator in the control room. Annunciation will occur on the following:

o Normal source undervoltage o Back-up source undervoltage o Ground detection o Overload tripping of the panel feeder breaker o Overload tripping of any branch circuit breaker Exhibit 5 3

An alarm is provided for each Class IE instrument distribution panel and an alarm for each Class IE inverter and transfer switch. Annunciation will occur on the following:

o Inverter output or input breaker tripped o Overload o Inverter output voltage low or high o Input dc voltage low o Loss of synchronize o Transfer switch not on normal source o Inverter fan failure o Distribution panel undervoltage o Ground detection o Overload tripping of the panel feeder breaker For item 1.b, the instrument and control system loads connected to each instrument distribution panel are provided as noted on Table 1.

Those specific instrument parameters and controls detailed in CESSAR 7.4.1.1.10.7 as being required to achieve cold shutdown are listed belo~.

Instrument loop displays and controls available to the control room operator and the instrument distribution panel supply are identified ~

Exhibit 5-4

TABLE 1 120 VAC UNGROUNDED INSTRUMEHT DISTRIBUTION PANEL INSTRUMENT AND COHTROL SYSTEM LOADS E-PNA-D25 E-PNB-D26 E-PNC-D27 E-PND-D28 E-NNN-Dl1 E-NNH-D12 ESFAS hux. Relay o ESFAS hux. Relay o ESFAS Aux. Relay o ESFAS hux. Relay RCS-2 & CVCS-2 o RCS-1 & CVCS-1 Cab. J-SAA-COl Cab. J-SAA-C01 Cab. J-SAB-C01 Cab. J-SAB-C01 Process Instr. Process Instr.

Process Protec- o Process Protec- o Supplementary o Supplementary J-ZJN-COIB&D J-ZJN-C01A & C tive Instr. tive Instr. Protect. Sys. Protect. Sys. SIS/RCP-1 Process o HSSS Rad. Mon. Cab.,

Cab. h-1 Cab. B-2 J-SBC-C04 J-SBD-C04 Instr. J-ZJN-COlF J SQN"C02 (MICD hmp >

J-SBA-C02A J-SBB-C02B 0 CEDMCS Aux. Cab. o CEDMCS Aux. Cab. NSSS Rad. Mon. Cab. CEA Display, S/U 6 Supplementary o Supplementary C5 J-SFC-Col C6 J-SFD-C01 J-SQN-C02 (Process & Control Ch. 1)

Protect. Sys. Protec. Sys. 0 hux. Prot. Cab. o hux. Prot. Cab. Gas Stripper Eff. o QVCS-3 & SIS/RCP-2 J-SBA-C04 J-SBB-C04 J-SAC-C03 J-SAD-C03 Rad. Mon., Reactor Process Instr.

Radiation Monitors o Radiation Monitors o Plant Prot. Sys. o Plant Prot. Sys. Power Cutback, J-ZJN-C01E & G J-SQA-RU-29> 31 J-SQB-RU-1>> 30>> 32, (PPS) J-SBC-C01 (PPS) J-SBD-C01 Boronometer, S/U o BOP Analog Instr Cab

& 33 &34 o Process Protective o Process Protective S/U & Control 'J-ZJN-C02A & C 6 -C07 Remote Shutdown o Remote Shutdown Instr. Cab. C Instr. Cab. D Cb, 2) 0 BOP Analog Instr. Cab.

Panel Panel J-SBC-C02A J-SBD-C02A BOP Analog Instr. J-ZJN-C02E 6 G BOP Analog Instr. o BOP Analog Instr. o MOV Position o MOV Position Cab. J-ZJN-C02B&D o Fuel Pool Instr.

Cab. J-ZJA-C02h Cab. J-ZJB-C02A Indicators Indicators BOP Analog Instr. J-PCN-E02

& B 0 hux. Prot. Cab. Cab. J-ZJN-C02F o CEDMCS hux. Prot. Cab. J-SAB-C03 Radwaste Instr. Cab.o NSSS Control Sys.

J-SAA-C03 o Plant Prot. Sys. J-ZRN-C01 & C02 J-SFN-C03 (RRS, Plant Prot. Sys. (PPS) J-SBB-C01 CEDMCS (incl. SBCS permissives, &

(PPS) J<<SBA-C01 o Process Protec- core mimic) AMI setpoint display)

Process Prot. tive Instr. Cab. NSSS Control 0 MICDS 82 Instr. Cab. h-2 B-1 J-SBB-C02A Sys. J-SFN-C03 o Reactor Trip Swgr J-SBA-C02B 0 BOP ESFAS 6 Load (FMCS-I & 2 & Current Monitor D BOP ESFAS & Load Sequencer SBCS)

Sequencer J-SAB-C02B MICDS dl J-SAA-C02A 0 MOV Position Reactor Trip Swgr MOV Position Indicators Current Monitor C Indicators 0 Containment Loose Parts &

Containment Hydrogen Vibration Mon.

Hydrogen Analyzer Gen. Pyrolysate Analyzer J-HPB-E02 Collector J-HPA-E01 0 Chlorine Detector Chlorine Detector J-HJB-E01 J-HJA-E01

f Non-Class IE Parameter Instrument or Control Class IE Instrument Distribution Panels Distribution Panels E-PNA-D25 E-PNB-D26 E-PND-D27 E-PND-D28 E-NNN-D11 E-NNN-D12 tron J-SEA J<>llOX LI-1 10Y LIC-1 10

& LR-1'10X LR-110

& LI-113 SG J-SGA- J<<SGB- J-SGC- J-SGD-pressure PI-1013A PI-1013B PI-1013C PI-1013D PI-1023A & PI-1023B & PI-1023C & PI-1023D

& PR-1013A SG J-SGA- J<<SGB- J-SGC- J-SGD- J-SGN-level LI-1113A LI-1113B LI-1113C LI-1113D LR-1111

& LR-1113A (narrow range)

J-CHA- J-CHB- JCHC- J-CHD- JWHN-level L I-203A L I-2 03B L I-2 03C LI-203D LI-200

& LI-201 Charging JWHA-flow FI-212 Charging J-CHB-pressure PI-2 1,2 SIT J-SIA- J-S IB- J-SIN- J-SIN-pressure PI-331 PI-311 PI-332 PI-312

& PI-333 & PI-313 LPSI J-S IA- J-S IB-pump flow FI-306 FO-307 Shutdown J-S IA- J-SIB-cooling heat TR-3$ 1 TR-352 exchanger & TR-303X & TR-303Y diff. temp ~

Atmospheric J-SGA- J-SGB-dump valve HIC-179A HIC-178A ontrol & HIC-184A & HIC-185A Exhibit 5-6

0

)

Motor operated valves, pumps, pressurizer heaters and .lenoids required to achieve cold shutdown are powered from buses other than the instrument distri-bution panels'n response to item 1.c, we have determined that loss of a single instrument distribution panel, Class IE or non-IE, will cause a loss of some of the indicators and recorders available to the control room'perator. The affected indicators, which employ a gas-discharge display, will extinguish on the loss of the instrument distribution panels This failure mode is distinguishable and will not offer confusing information to the operator.

In addition, the instrumentation and control systems lost will generate alarms and actuation of some equipment as the loop output contacts fail to their deenergized states. In the non-IE instrument loops affecting safe shutdown circuits, i.e. pressurizer level control of the pressurizer backup heaters, selector switches are provided on the main control panel to enable the operator to provide control from the unaffected control loop No con-trol action generated by the loss of an instrument distribution panel will prevent the operator from controlling the required safe shutdown equipment or interfere with the safe shutdown functions. Upon detection of loss of an instrument distribution panel, adequate instrumentation and control functions from the list provided above will be available to the operator to enable the operator to achieve a cold shutdown condition. No design modifications are proposed.

Item 2 Response to be provided by APS IE Circular No. 79-02, Failure of 120 Volt Vital AC Power Supplies has been re-reviewed in consideration of item 3 to include both Class IE and non-Class IE instrument distribution panel supplied For the Class IE inverters, the PVNGS design precludes the possibility of a transient causing a failure of a Class IE inverter by utilizing a battery source in parallel with a dc charger. The battery source serves to eliminate any undervoltage transients that the charger may experience. The non-Class IE instrument distribution panels are not supplied through inverters. Both the normal and back-up supplies are fed from 480 Vac through a voltage regulator-transformer. The transfer switch will automatically transfer, upon loss of power on the normal source, to the back-up source- Manual transfer is required to return to the normal source. The switch is also equipped with a mechanical handle which bypasses electric circuitry and can switch to either sources No design modifications are proposed.

Exhibit 5-7

SYc/o Sod? g OP<4 XCr~ N<>.IO