ML15099A065: Difference between revisions

From kanterella
Jump to navigation Jump to search
(Created page by program invented by StriderTol)
(Created page by program invented by StriderTol)
Line 1: Line 1:
{{Adams
#REDIRECT [[DCL-11-104, Attachment 6: Rev. 4 to Diablo Canyon Power Plant Units 1 & 2, Process Protection System (PPS) Replacement Conceptual Design Document.]]
| number = ML15099A065
| issue date = 10/26/2011
| title = Attachment 6: Rev. 4 to Diablo Canyon Power Plant Units 1 & 2, Process Protection System (PPS) Replacement Conceptual Design Document.
| author name =
| author affiliation = Altran Solutions Corp, Pacific Gas & Electric Co
| addressee name =
| addressee affiliation = NRC/NRR
| docket = 05000275, 05000323
| license number =
| contact person =
| case reference number = DCL-11-104
| package number = ML113070457
| document type = Report, Technical
| page count = 60
}}
 
=Text=
{{#Wiki_filter:Enclosure Attachment 6PG&E Letter DCL-1 1-104Diablo Canyon Power Plant Units I & 2 Process Protection System Replacement Conceptual Design Document (CDD), Revision 4(LAR Reference
: 27)
Pacific Gas & Electric CompanyDiablo Canyon Power Plant70ý .1 Units I & 2Process Protection System (PPS) Replacement Conceptual Design DocumentRev 4Prepared Sig. 1 z -Print Last Name Hefl r'%Revewe Sin A §DateUser IDPrint Last Name LintUser IDCoord Sig/Org.Print Last NameCoord SiglOrg.Print Last NameDate_________
____, ___ User ID/J.---Qo-CO-Ute w 6"R-F, A-User ID-0 1 /goc/IIJWH3RAL4?-/ dCc- 0 1'-Coord SgOrg __ -" __Print Last Name ___ _____DateUser IDDateUser IDAproval Sig.Print Last Name -aLTRarSOLUTION
ý REVISION HISTORYRevision Affected Reason for RevisionNumber Item1 All Initial IssueFigure 2-3 Updated2.3 Updated Replacement Scope description Figure 2-6 Revised per Westinghouse comment2.2.1 Updated2.2.2 Deleted -Information not conceptual.
2.2.3 Updated items 1-5; added new item 102.2.4 Added discussion of alternative Thot averaging schemes.Figure 2-8 Added new figure; renumbered remaining figures in sectionFigure 2-9 Updated2.2.4.2 Updated Section Title2.3.12.3.2 Updated Rack assignments and physical modifications 2.3.2.2 Added description of Feedwater Flow signals and Steam Flow/Feedwater FlowMismatch alarm functions and field wiring to be deleted from PPS.2.3.3 Added new section to describe external interfaces; renumbered remaining sections.
2 2.3.4 Deleted non conceptual information; updated sections; ALS data link isolation isthrough performed by fiber optic media converters.
2.3.11Figure 2-9 Revised per Westinghouse commentFigure 2-14 Added new Figure 2-14 (Diversity Architecture),
Figure 2-15 (OOS Switches),
through updated and renumbered remaining figuresFigure 2-20Table 2-1 Added new table2.4 Revised entire sectionAdded references; updated titlesDeleted Westinghouse/CSI Proprietary references 4.1 Added new section for Tricon Configuration Items; renumbered remaining sections4.2 Added new section for ALS Configuration Items; renumbered remaining sectionsEntire Document Clarified safety-related and non-safety-related classifications Entire Document Changed MVDU to Maintenance Workstation Clarified Electrical Class 1E (IEEE 308) vs. Instrument Class IA, IB, II per DCM T-19and T-24. Clarified Protection Set numbering 2.2.3.4 Initial values for m, b constants 2.3.3.2 Clarified PS description to conform to FRS and IRS2.3.3.4, 2.3.3.6 Corrected typo2.3.3.7, 2.3.3.9 Change Tricon energize to trip outputs to 24 VDC for SDOClarified Tricon Communication Module (TCM); clarified NRC approval of Net Optics4port aggregator tap2.3.5 Revised testing features description per current concept2.3.6 Clarified that qualified isolators are provided by PG&E3 Table 2-1 New table clarifies failed RTD detection conceptDCPP D3 Topical Report has received USNRC Safety Evaluation Report; Tableclarified per SERDeleted DTTA alarms from ALS; Tricon function onlyFigure 2-9 Updated ALS communications links per Topical ReportFigure 2-10 Added new figure to illustrate trip output loopbackFigure 2-13, Figure 2-14,Figure 2-16 thrbugh Updated Figures per current OOS concept; added new Figure 2-21Figure 2-213.1.30, 3.1.36 Updated references 3.2.3, 3.2.44 Updated scope REVISION
: HISTORY, continued Revision Affected Reason for RevisionNumber Item I2.1Misc. editorial chanqes42.2 Updated scope description Figure 2-1Figure 2-2 Updated figuresFigure 2-3Figure 2-4 Added New FigureTable 2-1 Deleted table -more detail than needed in CDD2.3.2.3 Updated description 2.3.2.4 Added port aggregator communication test2.3.3.2 Deleted power supply voltageFigure 2-9 Updated figure2.3.4 0 Misc editorial changes0 Updated per ALS Topical Report2.3.5 Updated per FRS and Function Block Diagrams2.3.5.2 Updated per ALS discussions 2.4.1 Deleted non-conceptual information.
Figure 2-11Figure 2-12 Added figures per ALS discussions Figure 2-12Figure 2-13 Updated FigureFigure 2-14 Updated figure; added explanation 3.1 IEEE STD 603 is 1991Added IEEE 7-4.3.2 2003Global (Not marked) Changed Maintenance Video Display unit (MVDU) to Maintenance Workstation (MWS)Global (Not marked)Deleted proprietary information designations Process Protection System Replacement Rev 4Conceptual Design Document Page i of iiCONTENTS1 INTRODUCTION
...................................................................................................................................
I1 .1 B A C K G R O U N D ...................................................................................................................................
11 .2 D E F IN IT IO N S .....................................................................................................................................
12 PROCESS PROTECTION SYSTEM REPLACEMENT CONCEPT ......................................................
32 .1 E x IST IN G S Y S TE M .............................................................................................................................
3REPLACEMENT SCOPE ..........................................................................................................................
52 .2 ..............................................................................................................................................................
52.3 REPLACEMENT SYSTEM DESIGN .................................................................................................
122.4 DIVERSITY AND DEFENSE-IN-DEPTH (D3) ....................................................................................
243 REFERENCES
....................................................................................................................................
343.1 INDUSTRY STANDARDS AND REGULATORY GUIDANCE
....................................................................
343.2 PG&E DOCUMENTS
........................................................................................................................
363.3 PRIMARY (DESIGN BASIS) DRAWING REFERENCES
.......................................................................
364 PPS RACKS AND CHANNELS
..........................................................................................................
404.1 TRICON HARDWARE CONFIGURATION ITEMS ................................................................................
404.2 ALS CONFIGURATION ITEMS ........................................................................................................
414.3 PG&E CONFIGURATION ITEMS ....................................................................................................
414.4 PROTECTION SET I FUNCTIONS AND INSTRUMENT CLASSES ..............................................................
424.5 PROTECTION SET II FUNCTIONS AND INSTRUMENT CLASSES .............................................................
454.6 PROTECTION SET III FUNCTIONS AND INSTRUMENT CLASSES .......................................................
484.7 PROTECTION SET IV FUNCTIONS AND INSTRUMENT CLASSES .......................................................
51TABLESTable 2-1 RTD Input Conditions vs. Current Output Behavior
..........................................................
10Table 2-2 Primary Protection System Functions Performed by ALS Sub-System
............................
26Table 4-1 Protection Set I Analog Output Functions
.............................................................................
42Table 4-2 Protection Set I Discrete Output Functions
......................................................................
43Table 4-3 Protection Set II Analog Output Functions
......................................................................
45Table 4-4 Protection Set II Discrete Output Functions
...................................................................
46Table 4-5 Protection Set III Analog Output Functions
......................................................................
48Table 4-6 Protection Set III Discrete Output Functions
....................................................................
49Table 4-7 Protection Set IV Analog Output Functions
......................................................................
51Table 4-8 Protection Set IV Discrete Output Functions
....................................................................
52 Process Protection System Replacement Rev 4Conceptual Design Document Page ii of iiFIGURESFigure 1-1 Westinghouse PWR Protection Scheme ...........................................................................
1Figure 2-1 Existing DCPP Reactor Protection System Concept with Eagle 21 PPS ..........................
3Figure 2-2 Simplified Existing PPS Archittecture with Eagle 21 ...............................................................
4Figure 2-3 PPS Replacement Design Concept ...................................................................................
5Figure 2-4 Simplified PPS Replacement Architecture
........................................................................
6Figure 2-5 Tricon Triple Modular Redundant Architecture
................................................................
7Figure 2-6 G eneric A LS A rchitecture
..................................................................................................
7Figure 2-7 Typical PPS Safety Functions
...........................................................................................
8Figure 2-8 PPS Equipment Rack Assignment Concept ...................................................................
12Figure 2-9 PPS Replacement Architecture Concept ........................................................................
16Figure 2-10 Triconex Trip Loopback Concept (Typical for Deenergize to Trip Outputs)
..................
19Figure 2-11 ALS-A and ALS-B Deenergize to Trip OR Configuration Concept ...............................
20Figure 2-12 ALS-A and ALS-B Energize to Trip OR Configuration Concept ..................................
21Figure 2-13 Eagle 21 Replacement PPS Class II Communications Architecture
...........................
23Figure 2-14 ALS Built In Diversity Architecture
...............................................................................
25Figure 2-15 O ut of S ervice Sw itches ......................................................................................................
27Figure 2-16 Typical PPS Replacement Loop Pseudo Function Block Diagram -Loop in Service ...... 28Figure 2-17 Loop Out of Service -No Request from MWS ............................................................
29Figure 2-18 Analog Output in Test from MWS .................................................................................
30Figure 2-19 Discrete Output Test in Trip from MWS ........................................................................
31Figure 2-20 Discrete Output Test in Bypass from MWS .................................................................
32Figure 2-21 Parameter Update from MWS ....................................................................................
33 Process Protection System Replacement Conceptual Design DocumentRev 4Page 1 of 541 Introduction
 
===1.1 BACKGROUND===
This document describes the concept for replacement of the Eagle 21 Process Protection System(E21 PPS) equipment for Diablo Canyon Power Plant Units 1 and 2. The project will replace theWestinghouse Eagle 21 protection sets currently housed in Protection Racks 1 -16 in the CableSpreading Room.The scope of the replacement concept is illustrated by the shaded area in Figure 1-1:Figure 1-1 Westinghouse PWR Protection SchemePWR Protection Concepte ffl1.2 DEFINITIONS The following definitions apply for this document:
TERM DEFINITION An arrangement of components,
: modules, and software asChannel required to generate a single protective action signal whenrequired by a generating station condition.
A channel loses itsidentity where single action signals are combined.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 2 of 54TERM DEFINITION Any assembly of interconnected components that constitutes an identifiable device, instrument, or piece of equipment.
Amodule can be disconnected, removed as a unit, and replacedModule with a spare. It has definable performance characteristics thatpermit it to be tested as a unit. A module can be a card orother subassembly of a larger device, provided it meets therequirements of this definition.
Items from which the system is assembled (such as resistors, Components capacitors, wires, connectors, transistors, tubes, switches, andsprings).
A protection set is a physical grouping of process channels withthe same Class I electrical channel designation (I, II, III, or IV).Each of the four redundant protection sets is provided withProtection Set separate and independent power feeds and processinstrumentation transmitters.
Thus, each of the four redundant protection sets is physically and electrically independent of theother sets.A protective function is the sensing of one or more variables Protective Function associated with a particular generating station condition, signalprocessing, and the initiation and completion of the protective action at values established in the design bases.Tests made on one or more units to verify adequacy of designof that type of unit.Requirement imposed on the Protection System design toensure that required protective actions will occur to protectDiversity and Defense-In-against Anticipated Operational Occurrences and Design BasisDepth (D&D-in-D or D3) Accidents (as described in the FSARU) concurrent with acommon cause failure (usually assumed to be software) thatdisables one or more echelons of defense.Design Class I electrical
: systems, components and equipment Electrical Class 1E perform safety-related functions.
Instrument Class IA and IBCategory 1 devices below are considered to serve Class 1 E[3.2.3] functions.
All other instrument classes are considered to servenon-Class 1E functions.
Instrument Class IA instruments and controls are those thatInstrument Class IA initiate and maintain safe shutdown of the reactor, mitigate the[3.2.4] consequences of an accident, or prevent exceeding 10 CFR100 off-site dose limits.Instrument Class IB instruments and controls are those that areInstrument Class IB required for post-accident monitoring of Category I and 2[3.2.4] variables in accordance with Regulatory Guide 1.97, Revision 3[3.1.21].
Instrument Class II components are Design Class II devicesInstrument Class II with non-safety-related functions.
: However, certain Class II[3.2.4] components are subjected to some graded quality assurance requirements.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 3 of 542 Process Protection System Replacement Concept2.1 EXISTING SYSTEMThe Process Protection System (PPS) monitors plant parameters, compares them against setpoints and provides signals to the Solid State Protection System (SSPS) if the setpoints are exceeded.
The SSPS evaluates the signals and performs Reactor Trip System (RTS) and Engineered SafetyFeature Actuation (ESFAS) functions to mitigate the event that is in progress.
There are four separate PPS rack sets. Separation of redundant process channels begins at theprocess sensors and is maintained in the field wiring, containment penetrations, and processprotection racks to the two redundant trains in the SSPS logic racks. Redundant process channelsare separated by locating the electronics in different PPS rack sets.A process channel is defined as an arrangement of components, modules and software as requiredto generate a single protective action signal when required by a generating station condition.
[FSAR Section 7.1]The original Westinghouse/Hagen 7100 analog protection sets were replaced in 1R6 and 2R6 withthe existing Westinghouse Eagle 21 PPS. A conceptual depiction of the Eagle 21 PPS is providedin Figure 2-1.The functional relationship of Eagle 21 with the other components of the overall Reactor Protection System (RPS) is illustrated in Figure 2-2.Figure 2-1 Existing DCPP Reactor Protection System Concept with Eagle 21 PPSTyp of 2 TrainsSolid State Protection SystemNIS (SSPS)Typ of 4Eagle 21Process Protection System (PPS) Dependent isoed Class Ir-.PW-,,
OrU=A t outputs to control systemsosowtt class Itoutputs to AMSAC Process Protection System Replacement Conceptual Design DocumentRev 4Page 4 of 54Figure 2-2 Simplified Existing PPS Archittecture with Eagle 21ENO* 21 VVM"-OW V4**"-W 40 A*Ano 94%0skosi ow.W ýAIMAC *A*A~hM AMAC -r AdLAIi.-TLAbi Teo T"MA,. TdO.,.A EBYA Process Protection System Replacement Rev 4Conceptual Design Document Page 5 of 542.2 REPLACEMENT SCOPEThe proposed replacement PPS concept shown in Figure 2-3 implements the Diversity andDefense-in-Depth strategy described in Section 2.4 and the PPS Replacement Diversity andDefense in Depth Topical Report [3.2.1].
The project will replace the Westinghouse Eagle 21protection sets currently housed in Protection Racks 1 -16 shown in the shaded portion of Figure2-4.Replacement PPS protective functions will be implemented in four (4) redundant protection sets,each using a software-based Triconex Tricon processor
[Figure 2-5] to mitigate events whereexisting safety analysis
[3.1.18]
has determined that diverse and independent automatic mitigating functions are available to mitigate the effects of postulated Common Cause Failure (CCF)concurrent with FSAR Chapter 15 events. For the events where existing analyses credit manualmitigative action, automatic protective functions will be performed in a diverse safety-related Westinghouse CS Innovations, LLC Advanced Logic System (ALS) [Figure 2-6].Figure 2-3 PPS Replacement Design ConceptTyp of2MS Solid State Protection System Note:S (SSPS) NIS, SSPS and AMSAC areexu systern s y not affected tyy-X fthe Replacement PPS projectit oputattTio I Isolated Independent
,_ _ _ Class 11 PAMBoo unenteton Class I Temperate ESF $WW e Nwnmw PW. 71% TC_ _wd
* Wd e Range Th T"* PZR Va, Space Process Protection System Replacement Conceptual Design DocumentRev 4Page 6 of 54Figure 2-4 Simplified PPS Replacement Architecture Pn~flPMl Be 11 Pý ottrIS- S-R..de TripB-ekeý RTBUV copBypn~B-k B YAUV coo Process Protection System Replacement Conceptual Design DocumentRev 4Page 7 of 54Figure 2-5 Tricon Triple Modular Redundant Architecture InputTermination Figure 2-6 Generic ALS Architecture POWER SUPPLY BOARD Process Protection System Replacement Conceptual Design DocumentRev 4Page 8 of 542.2.1. Replacement PPS Functions Typical replacement PPS Functions are illustrated in the following figure. Input and outputdetails are provided in Section 4. The functions performed by the replacement PPS areidentical to those of the existing Eagle 21 PPS.Figure 2-7 Typical PPS Safety Functions Protection System Analog InputsTurbine Impulse Pressure--
Pressurizer Level-__Pressurizer Vapor Space Temp (from ALS)--NI Flux--RCS Narrow Range Temperatures (from ALS)--RCS Wide Range Temperatures (from ALS)-.RCS Wide Range Pressure~
-NR Steam Generator Level -Steamline Pressure-Pressurizer Pressure
-Pressurizer PressureTypical Protection Set-p.-p.-p.-p.-p.-p.-p.-p.-p.-p.Tricon_ Overpower Delta T RT -p.--Overtemperature Delta T RT----Steam Generator Level High-High P14 ESF-N-o-Steamline Pressure-Low ESF --Steamline Pressure Rate-High ESF-NOPZR Level-High RT -I.-Steam Generator Level Low-Low RT-------
___ Low Turbine Power P13-_ Cold Leg Temp-Low (LTOPS) -N-WR RCS Pressure-High (LTOPS)----
-WR RCS Pressure-Low (RHR Interlock))--.-
-PZR Pressure-High (PORV)-pN-
_ PZR Pressure-High RT-.- -PZR Pressure-Low RT----PZR Pressure Low-Low ESF --PZR Pressure-Low P11 ESF Block----
RCS Flow-Low RT -go-Containment Pressure-High ESF----Containment Pressure High-High ESF-p- --Pressurizer Vapor Space Temp--------.
-RCS Narrow Range Temperatures
-Do-RCS Wide Range Temperatures---
-BistableOutputs toExisting SSPSBistableOutputs toAuxiliary Safeguards Bistable Outputs toExisting SSPS4-20 mA Temperature Outputs to Tricon*RCS Flo v--Containment PressurALS-Pressurizer Vapor Space Temp--RCS Narrow Range Temperatures---
.RCS Wide Range Temperatures-2.2.2. Deleted Process Protection System Replacement Rev 4Conceptual Design Document Page 9 of 542.2.3. Enhancements
: 1. In the existing Eagle 21 PPS, the operator must take manual action to mitigate certainFSARU Chapter 15 events should the event occur with a concurrent Common CauseFailure (CCF). In the replacement PPS, these events will be mitigated automatically.
Refer to Section 2.4 for details.2. The replacement PPS provides a Supervised Digital Output (SDO) that enables the PPSto monitor the external circuit for continuity.
If the external circuit is broken, the PPS willgenerate an alarm.3. The ALS subsystem in the replacement PPS provides built-in diversity by utilizing diverse"A" and "B" logic groups, such that a command output from either logic group will initiatethe safety function.
Additional details are provided in the ALS Topical Report [3.1.30].
: 4. All PPS analog inputs will be provided with a mx+b function to enable on-line rescaling.
Initial values will be m=1.0, b=0.0, unless specified otherwise.
: 5. Analog outputs from the replacement PPS to critical control systems (Main TurbineControl System, Pressurizer Pressure
: Control, Pressurizer Level Control, and DigitalFeedwater Control System) will be isolated at the front end of the replacement PPS[Figure 2-3 and Figure 2-9] to improve diversity as discussed in the D3 Topical Report[3.2.1].
The DFWCS application must be modified to provide the Steam Flow pressurecompensation
[2.3.3.3].
: 6. Analog outputs from the replacement PPS to Reg. Guide 1.97 Post Accident Monitoring recorders and indicators will be independent from the replacement PPS as determined tobe necessary by the D3 evaluation.
Independence will be implemented either (1) bydedicated qualified isolation devices; or (2) by obtaining the signal directly off thetransmitter loop as discussed in the next item.7. Figure 2-3 and Figure 2-9 illustrate the concept in which certain Post Accident Monitoring (PAM) functions obtain their signals directly from the input loop. No isolation is necessary because the input loop is the correct classification.
The signals to which this concept.
isapplicable are listed in Section 4.8. In the existing system, the Thot and Tcold signals are processed in separate racks for theDTTA trip functions and the Steam Generator Low-Low Level Trip Time Delay (TTD)functions.
In the replacement system, the calculation will be performed only once to beutilized for both functions.
: 9. The DCPP RCS contains three thermo-wells in each hot leg that are radially spaced 1200apart. Each thermowell contains two redundant narrow range RTD's. The RTD signalsare processed by the PPS to determine a group average hot leg bulk temperature value(Thot) for the loop. In the existing Eagle 21 PPS, one of the elements in each hot legthermowell is an installed spare. A wiring change is required if the spare RTD is to beused. In the replacement PPS, all six (6) hot leg RTD's in a loop will be permanently wired into the PPS.The Eagle 21 methodology uses streaming factors to normalize the three loop Thot inputvalues to the loop average Thot. The streaming factors are updated manually on aquarterly basis. Following normalization, the Eagle 21PPS calculates the Thot group Process Protection System Replacement Rev 4Conceptual Design Document Page 10 of 54value based on the available number of good input values. Invalid input signals1 areremoved automatically from the group average.
If more than one input signal is invalid,the loop average Thot is considered inoperable.
The sensor validation scheme for Thot RTD sensors will be updated to use both RTD's ineach thermowell to take advantage of the accuracy improvement obtained from usingadditional sensors and to make the Thot determination more fault-tolerant.
Streaming isa manifestation of physical hot-leg stratification, and not an electrical phenomenon; therefore, the streaming factors will continue to be calculated per thermowell and appliedto both "A" and "B" RTD signals in the well. Thus, three streaming factors per RCS loopwill be calculated similarly to the Eagle 21 streaming factors.The "A" and "B" RTD's in each thermowell are processed by the "A" and "B" ALS groupsto provide diverse input processing.
The ALS transmits processed 4-20 mA "A" and "B"temperature information to the protection set Tricons.
The Tricons calculate the averageThotA of the three "A" RTD's in a loop using methodology similar to that used by Eagle21 that automatically identifies and rejects invalid values or values that deviateexcessively from ThotA. The average ThotB of the three "B" RTD's in the loop will becalculated similarly.
The loop average Thot Is the average of valid ThotA and ThotB.The streaming factors will be updated semi-automatically, with manual action required toconfirm that the constants to be updated are correct.
Reduction of maintenance effortand potential for human error during update are minimized by the semi-automatic process.This methodology is more accurate than the existing scheme because it uses moreRTD's to calculate the average.
It is also more fault tolerant than the existing scheme,which allows one failed RTD ina loop. In the proposed scheme, all "B" ("A") RTD's couldfail *(which would cause the ThotB (ThotA) to be automatically removed from the average)in addition to one failed "A" ("B") RTD. The loop Thot would then be based on two valid"A" ("B") RTD signals, equivalent to the existing Eagle 21 scheme.10. Open RTD Detection The ALS will provide down-scale open RTD protection.
If the ALS detects an open orfailed RTD, it will output an analog signal which is less than the Tricon signal failurethreshold.
If the actual temperature is below the low scale value the ALS shall output thelow scale value (4 mA). If the actual temperature is above the high scale value the ALSshall output the high scale value (20 mA).This allows the Tricon to provide an alarm on RTD failure and ensures that the Tricondoes not indicate RTD failure when the temperature is below low scale but stillfunctioning correctly, a condition that exists during plant shutdown.
In the latter case, theactual temperature will be available from the ALS via the Gateway computer.
Thisfeature allows RTD cross-calibration to be performed during startup using data obtaineddirectly from the PPC, without the need to lift leads and connect external instrumentation.
Invalid signals are those (1) that have been disabled; or (2) for which the signal processing electronics has detected a failure; or (3) deviate excessively from the average or from each other.
Process Protection System Replacement Rev 4Conceptual Design Document Page 11 of 5411. Feedwater Flow SignalsThe Feedwater Flow signals and the Steam Flow/Feedwater Flow Mismatch alarms willbe removed from the PPS. The flow signals are non-safety-related and will be input tothe Digital Feedwater System (DFWCS),
which will then generate the SteamFlow/Feedwater Flow Mismatch alarms.2.2.4. Discussed but Omitted from PPS Replacement Scope1. Calculate the average of all six (6) (two per well) Thot RTD's as inputs, eliminating theEagle 21 streaming factors.
This option reduces the maintenance effort required to trackand maintain the streaming factors and the potential for human error when updating thestreaming constants manually.
: However, this arrangement does not automatically remove a deviating input signal from the group average Thot and is thus less fault-tolerant than the existing system.2. Another averaging arrangement was proposed that would input all six values to a singleaveraging/validation algorithm using streaming factors to normalize the input values to theaverage Thot. Invalid or deviating values would be rejected automatically.
Afterdiscussion, this arrangement was not pursued further because the complexity of thealgorithm and the effort required to validate it do not appear to be justified by theadditional degree of fault tolerance to be gained over the proposed configuration.
Process Protection System Replacement Rev 4Conceptual Design Document Page 12 of 542.3 REPLACEMENT SYSTEM DESIGN2.3.1. PPS Rack assignments and electrical location codes are listed below:Protection Set I (Racks 1-5):RNP1A, RNP1B, RNP1C, RNP1D, RNP1EProtection Set II (Racks 6-10):RNP2A, RNP2B, RNP2C, RNP2D, RNP2EProtection Set III (Racks 11-13)RNP3A, RNP3B, RNP3CProtection Set IV (Racks 14-16)RNP4A, RNP4B, RNP4CPhysical equipment will be assigned to specific PPS racks during detailed design.The existing Eagle 21 HMI units are located in Racks 5 (RNP1E),
9 (RNP2D),
12 (RNP3B)and 14 (RNP4A).
These racks are expected to house the replacement PPS Maintenance Workstation and communications equipment:
Figure 2-8 PPS Equipment Rack Assignment ConceptProtection Set 1 Protection Set 2Rack 1 2 3 4 5 Rack 6 7 8 9 10class I class I class IITricon ALS-A MWSTerm TermArea AreaClass I Class I Class 11PRXM ALS-B RRXMclass Iclass I Class 11Tricon ALS-A MWSTerm TermArea AreaclassI classi IClass 1PRXM ALS-B RRXMProtection Set 3 Protection Set 4Rack 11 12 13 Rock 14 15 16Class I CIassi Class I class11 ChmsI Classt ITncon MWS ALS-A MVS Tricon ALS-AChm I ClassII Caoh I Class U ClasI Class1PRM RRXU ALS-8 RRXM PRXM ALS-Note: Equipment distribution subject to change per detailed design Process Protection System Replacement Rev 4Conceptual Design Document Page 13 of 542.3.2. Physical Modifications
: 1. Protection Racks 1-16" Remove all equipment
* Rework structure of existing cabinets to support new Tricon and ALS chasses andfield termination panels and to satisfy the seismic requirements
* Install new protection set electronics and I/O power supplies" Install isolators for signals that require independence from the replacement PPS (SeeSection 2.2.3)* Install network switches, media converters, Net Optics port aggregator network taps,hubs, gateway computers and maintenance terminals/system printers* Install Maintenance Workstation (MWS) in each Protection Set* Remove Main Annunciator System ac/dc converters from PPS alarm outputs.2. PPS Field Wiring0 Remove Feedwater Flow signals from PPS. These signals are non-safety-related and will be input to the Digital Feedwater System (DFWCS) to provide the SteamFlow/Feedwater Flow Mismatch alarms.* Remove Steam Flow/Feedwater Flow Mismatch alarms from PPS. These alarms willbe generated in the non-safety-related DFWCS.* Bistable wiring to SSPS Train A and Train B Input cabinets 1-4 will not be changed.0 120 Vac power wiring to Racks 1-16 will not be changed* Install other 120 Vac power wiring as needed* Install Ethernet Cable from port aggregator media converter to Gateway computernetwork hub3. Operator Interface
* PPS uses existing hardwired devices located on the Main Control Room VerticalBoards and Control Console.0 The PPS will share a Maintenance Workstation (MWS) on CC4 that will be installed by the Process Control System (PCS) replacement project for system healthdisplays.
: 4. Special Tests" During SAT, verify that information flowing between NetOptics port aggregator network tap Ports A and B are copied to Port 1 and that no communications arepermitted to take place from Port 1 to either Port A or Port B.* During PMT, measure as-found and as-left Total Harmonic Distortion (THD) onpower supply at the PPS 120 Vac power supply input terminals before and afterinstallation of equipment powered from the vital busses. Refer to USNRC Reg.Guide 1.180 for guidance
[3.1.26].
Process Protection System Replacement Rev 4Conceptual Design Document Page 14 of 542.3.3. External System Interfaces
: 1. Power Supply* Each PPS Protection Set will be powered from a separate 120 VAC vital bus via aClass 1 E uninterruptible power supply.* Each PPS Protection.
Set will be provided with a 120 VAC control grade (non-vital) utility power source.2. I/O Power Supplies" Each PPS Protection Set will be provided with adjustable redundant loop powersupplies capable of powering all 4-20 mA instrument input loops associated with thatProtection Set. Operating voltage will be selected to power instrument loops withoutexceeding voltage limitations of instrument loop sensors (transmitters) being utilizedfor the higher loop resistances resulting from addition of isolators and input signaltaps." Analog 4-20 mA output loops will be powered by redundant 24 Vdc power supplies.
* All Discrete inputs and outputs will be powered by redundant 24 Vdc power suppliesseparate from those used for analog output loops.* Failure of any power supply will be alarmed3. Digital Feedwater Control System (DFWCS)* The existing PPS provides a pressure-compensated Steam Flow signal to theDFWCS. The replacement PPS will provide an isolated, uncompensated steam flowsignal to the DFWCS directly from the PPS transmitter input loop. The DFWCSapplication must be modified to provide Steam Flow pressure compensation.
: 4. Main Annunciator System Interface
* The Main Annunciator provides non-vital 125 VDC for interrogation of alarm outputcontacts.
* Existing PPS outputs to the MAS will be modified to dry contacts.
The existing ac/dcconverters on the PPS outputs to the MAS will be deleted.* Additional outputs to the MAS will be provided as described in the FRS and IRS5. Operator Interface
* The existing operator interface using control panel mounted switches and indicators will be maintained.
: 6. Maintenance Interface Each safety division is provided with a dedicated non-safety-related Maintenance Workstation (MWS) for this purpose.
Details regarding safety-related/non-safety-related communications are provided in Section 2.3.4.7. Solid State Protection System Interface As determined by the detailed design change process, certain 120 Vac SSPS inputrelays (including, but not limited to Turbine Impulse Pressure Interlock P13 and inputrelays fed from the ALS) may be replaced with 24 VDC devices.
Process Protection System Replacement Rev 4Conceptual Design Document Page 15 of 548. Nuclear Instrumentation System Interface Existing interfaces with the Nuclear Instrumentation System are unaffected by thischange.9. Auxiliary Safeguards Cabinets (RNASA/RNASB)
Interface Existing interfaces with the Auxiliary Safeguards Cabinets are unaffected by this changeexcept that it may be necessary to replace 120 VAC energize to trip relays with 24 VDCdevices for Triconex outputs because Triconex does not provide a 120 VAC supervised digital output (SDO) module.10. Auxiliary Relay Cabinets (RNARA/RNARB)
Interface Existing interfaces with the Auxiliary Relay Cabinets are unaffected by this change.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 16 of 54Figure 2-9 PPS Replacement Architecture ConceptP.* A-kd.4 Mor-* C.*d 6o-d R.odM & W.0-o* SJG L"~.T.W h kW. P-Bf SIL.W.* T.biW. MV~pi P -1..* Wd. fr.Q. P-ALSTRCON ;Nola t: SOPS is w"ira *quipmwnt No* 2- OlaifqM.
isoiatiosi dioc. Is b toed~ Intunnmnt clu m. as shown onlineumst Sch am~No rSewal. Clame 10 PAM ftmonsf obtain thak signals **oty from the Ciess t iVuloop. No isolabon to noose* because 11h vyst lowp Vis ftc~ cleawksibtaon DOWISM mar Prgikda in the IRS.Note 4: The hardwira4 TAB Enabl switchr prwevt the A4S Spin. Vnit lAito) ton(perlonnd in the PPS roplaosamnt MM~d) from cornminicating w* the ALS expelptwhen S. awiklv is I, tivatecl.
Process Protection System Replacement Rev 4Conceptual Design Document Page 17 of 542.3.4. PPS Data Communications USNRC DI&C ISG 4 [3.1.16]
defines interdivisional communications as communications among different safety divisions or between a safety division and a non-safety entity such asthe MWS. Bidirectional communications among safety divisions and between safety andnon-safety equipment is acceptable provided certain restrictions are enforced to ensure thatthere will be no adverse impact on safety systems.Figure 2-13 illustrates a communications architecture that meets the intent of USNRC DI&CISG 4 Staff Position 1, Interdivisional Communications.
When used with the typical functionblock logic in Figure 2-16, the proposed architecture ensures that communications between asafety division and non-safety equipment that resides within the division adhere to theguidance described in the ISG 4 Staff Position.
No data is communicated between redundant safety divisions.
The non-safety-related Maintenance Workstation (MWS) within a redundant safety division communicates only with the safety-related controllers within that division.
The Tricon is isolated from the Gateway computer by the qualified safety-related TriconexCommunications Module (TCM). Fiber optic cable electrically isolates the Tricons fromexternal non-safety-related devices.
An additional data isolation device such as a NetOptics network port aggregator tap permits two-way communications between the Maintenance Workstation belonging to a specific protection set and the Tricon in that protection set, andensures only one-way communication to the Gateway computer.
Additional details areprovided in the Triconex Topical Report [3.1.33].
The NetOptics port aggregator device shown in Figure 2-13 isolates the Gateway computerfrom the Tricon controllers.
The NRC approved the device previously for a similar application in the Oconee RPS [3.1.34].
The device acts as a "data diode" or one-way tap that copies alltraffic between its bidirectional ports to the read-only output port and prevents the flow ofinformation from the output port back to either input ports. The Gateway computer is a serverthat reads the information so copied, reformats it, and makes it available to the PPC.The TxB1 ALS communication channel to the Gateway computer is serial, one-way andisolated by the CLB. It broadcasts data to the non-safety-related Gateway computer, which iscommon to all four protection sets, and does not receive any data, handshaking, orinstructions from the Gateway computer.
The TxB2 communication channel that transmits data to the non-safety-related Maintenance Workstation is also serial, one-way with nohandshaking, and isolated at the CLB. A third serial communications channel enables TestALS Bus (TAB) functions between Auxiliary Service Unit (ASU) maintenance software in theMaintenance Workstation and the ALS controller.
This communication path is normally one-way, with two-way communications permitted only when a hardwired switch is activated tocomplete the communications circuit between the Maintenance Workstation and the ALS-A orALS-B chassis.
Additional details are provided in the ALS Topical Report [3.1.30].
2.3.5. Bypass and Test FeaturesThe Process Protection System will permit any channel to be maintained in a bypassedcondition, and when required, tested during power operation without initiating a protective action at the system level. This is accomplished without lifting electrical leads or installing temporary jumpers.
The PPS will permit periodic testing during reactor power operation without initiating a protective action from the channel under test.
Process Protection System Replacement Rev 4Conceptual Design Document Page 18 of 54External trip switches are provided on PPS trip and actuation outputs per the detailed design.The switches may be used for SSPS input relay testing or to trip or actuate the channelmanually if needed. Activation of the external trip switches is indicated in the control roomthrough the SSPS partial trip indicators.
: 1. Tricon FeaturesOn-line testing is controlled by safety processor logic enabled via an external safety-related hardwired Out of Service (OOS) switch. When the switch is activated, the safety-related function processor allows the associated instrument channel to be taken out of service whilemaintaining the remainder of the safety division operable.
Features to limit inadvertent modification
: include, but are not limited to:" Approved procedures are required to perform testing operations.
* Operation of the hardware switch alone will not place the channel out of service.
At leasttwo specific actions are also required at the Maintenance Workstation to perform themaintenance functions.
In order to perform any test operation from the maintenance workstation, the user must:-Activate the OOS switch for the specific loop to be tested-Log in as a maintenance user on the maintenance workstation
-Open the maintenance screen for the specific loop being tested-On the maintenance screen, request the action to be taken-On the maintenance screen, confirm the requested action (Loop is placed OOS onlyafter the requested action is confirmed)
* Feedback is provided to the user on the maintenance workstation that the hardware OOSswitch for the loop to be tested has been activated.
" Continuous indication is provided in the control room that a loop is OOS.* If the safety-related hardware out of service switch is not activated, non-safety-related actions or failures can not adversely affect the safety-related function.
" An instrument loop is not permitted to be bypassed if external trip switch is in the tripposition.
The user may test in trip in this condition following request and confirmation asdescribed above..The block diagrams in Figure 2-15 through Figure 2-20 illustrate implementation of theTriconex test and bypass features described above.The above methodology may be used to update parameters such as tuning constants thatrequire periodic adjustment.
Refer to Figure 2-21 for an example of the proposed parameter update logic.* The parameter values to be updated are limited by the software application to pre-determined ranges.* The Maintenance Workstation software application will request operator confirmation thatthe parameter update process is complete prior to saving the new tuning constant.
Tricon trip setpoints may be changed following this procedure but with a different login priorityFigure 2-10 illustrates a DO loopback feature implemented in the Triconex portion of the PPSreplacement, which enables the PPS to determine if the external trip switch is open, or if theDO channel is producing an erroneous output.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 19 of 54* A PPS trouble alarm is generated if the comparator output is true (commanding anenergized output) and the de-energize to trip DO loopback is sensed as de-energized unless the instrument loop is OOS.* A PPS failure alarm is generated if the de-energize to trip DO loopback is sensed asenergized and the comparator output is false (commanding a de-energized output),whether or not the instrument loop is OOS.Figure 2-10 Triconex Trip Loopback Concept (Typical for Deenergize to Trip Outputs)Alarm Signals to MAS.,, 1. Trip Switch Open (Outputdeenergized with energizeI~. command)* 2. Bistable Fault (Output energized with deenergize command)PPS SetTrip Output Looipback Li (Tricon Only)SSPS InputRelayDarc -KO 1- RESET~0 0- TRIPManuaI 0TRIPSwitch2. ALS FeaturesALS bypass and test functions are accomplished through ALS Service Unit (ASU) softwareimplemented in the MWS. The Test ALS Bus (TAB) Enable switch shown in Figure 2-13must be activated to allow two-way communications on the TAB between the ALS chassisand the MWS.External bypass switches are provided for the ALS-A and ALS-B partial trip outputs to enableone ALS diversity group to be bypassed for maintenance or testing without initiating a falsetrip or actuation, yet allowing the other ALS diversity group to initiate the trip or actuation if itis required while the other diversity group is bypassed.
The partial trip outputs from the ALS-A and ALS-B chassis are logically OR'd to drive theSSPS input relays. An external Line Sense Module (LSM) is used by the ALS logic toperform continuous error check for detecting the following conditions:
* Failure to Trip on Demand* Trip without Demand" Failure to Bypass* Illegal BypassConfiguration of the LSM for use in an Energize to Trip (ETT) or Deenergize to Trip (DTT)circuit is done through field wiring terminations on the LSM and does not require any Process Protection System Replacement Rev 4Conceptual Design Document Page 20 of 54modification of any electrical properties of the LSM itself. Thus, a single LSM can be used inan ETT or DTT circuit without the need to electrically configure the module for the trip circuittype before use. This allows a single part number to be used to provide spares for both ETTand DTT circuit configurations.
Figure 2-11 illustrates a DTT Configuration concept using LSM, and Figure 2-12 provides anoverview of how the LSM is used in an ETT circuit configuration.
The manual bypass switches allow one ALS diversity Group (ALS-A or ALS-B) to bebypassed and removed from service without tripping the channel.
The manual trip switch isused to trip the channel in the unlikely event that both ALS diversity groups are inoperable.
Figure 2-11 ALS-A and ALS-B Deenergize to Trip OR Configuration ConceptDe-energize-To-Trip Configuration Process Protection System Replacement Conceptual Design DocumentRev 4Page 21 of 54Figure 2-12 ALS-A and ALS-B Energize to Trip OR Configuration ConceptNOTES:1. Nornmally Open, Open to Alarm2 rNormally Open0 Clowe to ActuateSSPSRELAYSNote: Manual Trip switch as required by detailed design2.3.6. System Classification The Plant Protection System is classified as safety-related Instrument Class IA, PG&EDesign Class I, Diablo Canyon Quality Class Q per DCM S-38A [3.2.2] and DCM T-24 [3.2.4].The PPS provides outputs to non-safety-related control systems and indication instruments through qualified isolators to be provided by PG&E. Class IA instruments are analogous toelectrical devices designated as Electrical Class 1E per IEEE-308-1971.
2.3.7. Software Integrity Level (SIL)The replacement PPS application software is assigned Software Integrity Level (SIL) 4 [IEEE1012-1998 Reference 3.1.4] because it is directly associated with nuclear-safety-related Reactor Trip and Engineered Safety Features functions.
2.3.8. Application Software Development and Configuration Management PPS application software will be developed by the subsystem suppliers, Invensys/Triconex and Westinghouse/CSI under their approved QA programs.
Software configuration management during development will be performed according to their approved procedures.
Details are provided in the respective Topical Reports [3.1.30]
and [3.1.31].
2.3.9. Seismic and Environmental Qualification The Triconex Tricon Programmable Logic Controller (PLC) will be qualified per the TopicalReport [3.1.31]
issued in September 2009 that was updated for the Version 10 Tricon as wellas addressing current regulatory issues. The Topical Report is currently under NRC review.
Process Protection System Replacement Rev 4Conceptual Design Document Page 22 of 54The Westinghouse/CSI Advanced Logic System (ALS) will be qualified per the Topical Report[3.1.30],
which describes generic qualification of the ALS for safety-related applications innuclear power plants. The ALS Topical Report is currently under NRC review.PG&E will design the installation to ensure that the response spectra to which the equipment is subjected do not exceed seismic qualification levels.2.3.10. Electromagnetic Compatibility The Tricon and Westinghouse/CSI portions of the replacement PPS will be qualified for theelectromagnetic environment (Emissions and susceptibility, including grounding methods) asdescribed in the respective Topical Reports.2.3.11. Secure Development Environment PPS application software will be developed by the subsystem suppliers, Invensys/Triconex and Westinghouse/CSI under their approved QA programs.
Maintenance of a securedevelopment environment is described in the respective Topical Reports.Safety division software is protected from alteration while the safety division is in operation asdiscussed in the Triconex and ALS Topical Reports.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 23 of 54Figure 2-13 Eagle 21 Replacement PPS Class II Communications Architecture To Control Roorm HMI (CC4)4To PDN/PPC4RS-422 Cu from ALS-----. ./ Prot Set I ALS A"....... / Prot Set 11 ALS"A"...... ./ Prot Set III ALSWA.... --- Prot Set IV ALS -A-...... ./ Prot Set I ALS B'....... ./ Prot Set II ALS-B-......./ Prot Set III ALS "-8...... Prot Set IV ALS WFromProt Set IV Port Tap10OBaseTiProt SetClass 1lRS-422 Cu to Gateway Computer(Typ for ALS A and ALS 'BjTriplicated RS-485IO Bus(Copper)Class IALSLegendProt Set 1Remote RXMTriptroted IOptical Fiber a aJaL d1IIClass IClass etMulti-Mode Optical Fiber............
RS-422/RS-485 Serial or 10OBaseT Copper4-20 mA Analog Copper Process Protection System Replacement Rev 4Conceptual Design Document Page 24 of 542.4 DIVERSITY AND DEFENSE-IN-DEPTH (D3)2.4.1. Diversity
& Defense-in-Depth StrategyThe PPS Replacement Diversity and Defense in Depth Topical Report (TR) [3.2.1]reevaluated DCPP FSAR Chapter 15 events where the Eagle 21 SER took credit for theEagle 21 PPS for both primary and backup protection.
The D3 Topical Report identified sufficient available automatic means to prevent software CCF from adversely affecting themitigation of all concurrent FSAR Chapter 15 accidents or events were identified, with threeexceptions.
These events required manual action by the operator to mitigate the event[3.1.18].
The exceptions are:1. Loss of forced reactor coolant flow in a single loop above P-8 as indicated by two out ofthree (2oo3) reactor coolant flow channels indicating low;2. RCS depressurization, including Steam Generator Tube Rupture (SGTR), Steam LineBreak (SLB) and Loss of Coolant Accident (LOCA) indicated by low Pressurizer pressure; and3. Large Break LOCA and SLB indicated by high containment pressure.
The USNRC position regarding D3 is documented in BTP HICB-19 [3.1.12].
Digital I&C(DI&C) Interim Staff Guidance (ISG) document DI&C-ISG-02
[3.1.151 discusses acceptable methods for implementing diversity and defense-in-depth in digital I&C system designsinvolving the reactor protection system. Staff Position 1 in ISG-02 states that the use ofautomation for protective actions is considered to provide a high-level of licensing certainty, compared to reliance on manual operator actions.For each event that the Eagle 21 SER credited manual operator actions for accidentmitigation in the presence of a concurrent CCF, Table 2-1 identifies the PPS functions thatwill be performed automatically by the ALS subsystem.
The built-in diversity of the ALSsubsystem ensures that the replacement PPS will perform these functions automatically inthe presence of a postulated CCF without an adverse impact on the operator's ability todiagnose the event or perform previously credited manual actuation activities.
Each protection set in the proposed PPS provides two complete and diverse execution paths"A" and "B" comprised of the Core Logic Boards (CLB), input boards and output boardsshown in Figure 2-14. The paths are developed by independent design teams and verifiedand validated by independent V&V teams.The "A" and "B" execution path outputs are combined in hardwired logic as shown in Figure2-14 to ensure that the protective action is taken if directed by either path. A single failedpath cannot prevent a protective action. Either CLB will identify itself as failed and sets itsoutputs to a fail-safe state before halting operation if it detects a mismatch between theoutputs of its diverse logic cores. Refer to the ALS Topical Report [3.1.30]
for additional information.
NRC approved the above approach in the SER for the Diablo Canyon D3 Topical report,[3.1.36].
The SER identifies some additional areas that PG&E should address in its relatedlicense amendment request to support the digital upgrade of the DCPP PPS.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 25 of 54Figure 2-14 ALS Built In Diversity Architecture De-energize to TripConfiguration ALS Chassis A"Energize to TripConfiguration BypsSwitch Note: Manual Trip switch as required by detailed designThe figures above illustrate how the partial trip outputs from the ALS-A and ALS-B chassisare logically OR'd to drive the SSPS input relays. Section 2.3.5 provides information regarding the external Line Sense Module (LSM) used in the ALS subsystem to simplify fieldwiring, perform continuous error checks, and to facilitate maintenance and testing functions.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 26 of 54Table 2-1 Primary Protection System Functions Performed by ALS Sub-System DCPP Event Low PZR High PZR SI/RT High Cont. Cont. Cont. Cont. RCSFSARU Pressure Pressure Pressure SI Isolation Isolation Spray LowSection SI RT (Note 1) A B Flow RT15.2.5 Loss of ForcedRCS Flow X15.2.13 RCSDepressurization X15.3.1 SBLOCA/15.4.1 LBLOCA x x15.4.2.1 Steam LineBreak X X X X15.4.2.2 Main Feed PipeRupture _ ___15.4.3 SG TubeRupture X XNotel: Automatic Reactor Trip occurs on safety injection due to low pressurizer pressure or higqhcontainment pressure2.4.2. Elimination of Potential Protection/Control Interaction The proposed replacement PPS utilizes separate qualified isolation devices that areindependent from the PPS for post-accident monitoring and inputs to the non-safety-related control systems to prevent a common cause failure in the software-based replacement PPSfrom causing a control system excursion that requires mitigation from the failed protection system. Refer to Figure 2-3 and Figure 2-9. These measures improve defense-in-depth andminimize likelihood that failure in one system could affect other systems.The four loop Tavg signals are exceptions to the prohibition against digital processing ofsignals in the replacement PPS prior to their being used in a control system. The Thot andTcold RTD signals are processed by the ALS because Triconex does not supply a qualified RTD input board. The ALS provides self-diagnostic functions as well as more stable andaccurate signal processing than is available with stand-alone signal converter modules.Isolated analog Thot and Tcold signals are transmitted from the ALS to the Tricon by 4-20mAdc analog signals.
The Tricon uses these signals internally for the DTTA trip functions and also distributes them through qualified isolation devices to the reactor control system.In accordance with 10 CFR 50.62 [3.1.19],
inputs to the AMSAC are independent of anydigital signal processing prior to their being used by the AMSAC. When the AMSAC isreplaced, the replacement system will be diverse from the proposed replacement PPS inaccordance with the requirements of 10OCFR50.62
[3.1.19].
Process Protection System Replacement Conceptual Design DocumentRev 4Page 27 of 54Figure 2-15 Out of Service SwitchesNote: The switches shown are for the prototype Process Control System. The switches in the production systems will be provided withprotective covers to prevent inadvertent operation.
Process Protection System Replacement Conceptual Design DocumentRev 4Page 28 of 54Figure 2-16 Typical PPS Replacement Loop Pseudo Function Block Diagram -Loop in Service(Not applicable to ALS subsystem) 1 -RESET0 -TRIPt TRIP' sp InputRelay-400S -out Of SericeQoQt -Out Of RmtgeNote 1: Input I Wicks Output when Input 0 is selected (bunipless transfer to test mode).
Process Protection System Replacement Conceptual Design DocumentRev 4Page 29 of 54Figure 2-17 Loop Out of Service -No Request from MWS(Not applicable to ALS subsystem)
OQS0M 01 w,6WiQQR-Qw*0Rwwp Note 1: Input I "&cs Output when Input 0 is selected (bunpless transfer to test mode)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 30 of 54Figure 2-18 Analog Output in Test from MWS(Not applicable to ALS subsystem)
QOO -Ou Of SerVic00R- ow 01RinNote 1: Input I tracks Output when Input 0 is selected (butrnpess transfer to test mode).
Process Protection System Replacement Conceptual Design DocumentRev 4Page 31 of 54Figure 2-19 Discrete Output Test in Trip from MWS(Not applicable to ALS subsystem) 7-wv00'sQQS-0 Wf 6WiNote 1: Input I traft Output when Input 0 Is selected (bunptess transfer to test mode).
Process Protection System Replacement Conceptual Design DocumentRev 4Page 32 of 54Figure 2-20 Discrete Output Test in Bypass from MWS(Not applicable to ALS subsystem) 006 -01f SWVioeOMI -Oul Of RangeNote 1: Input I tracks Output when Input 0 is selected (burnpless transfer to test mode).
Process Protection System Replacement Conceptual Design DocumentRev 4Page 33 of 54Figure 2-21 Parameter Update from MWS(Not applicable to ALS subsystem) 7-0060e$ -Outofsevinc OQRt-OiOfRehg Note 1: Input I tacks Output when Input 0 is selected (bumpless transfer to test mode).
Process Protection System Replacement Conceptual Design DocumentRev 4Page 34 of 543 References 3.1 INDUSTRY STANDARDS AND REGULATORY GUIDANCE3.1.1. 10 CFR 50 Appendix B3.1.2. IEEE STD 279-19713.1.3. IEEE STD 603-19913.1.4. IEEE STD 1012-1998 3.1.5. IEEE STD 1050-1996 3.1.6. IEEE STD 7-4.3.2-2003 3.1.7. NUREG 08003.1.8.3.1.9.3.1.10.3.1.11.3.1.12.NUREG 0800, HICB-1 1NUREG 0800, HICB-14NUREG 0800, HICB-17,NUREG 0800, HICB-18,NUREG 0800, HICB-19,3.1.13. NUREG 0800, HICB-21,3.1.14. NUREG/CR-6303 3.1.15. NRC DI&C ISG-023.1.16. NRC DI&C ISG-043.1.17. WCAP 73063.1.18. USNRCQuality Assurance Criteria for Nuclear Power Plantsand Fuel Reprocessing PlantsCriteria for Protection Systems for Nuclear PowerGenerating StationsIEEE Standard Criteria for Safety Systems forNuclear Power Generating StationsStandard for Software Verification and Validation Guide for Instrumentation and Control Equipment Grounding in Generating StationsCriteria for Digital Computers in Safety Systems ofNuclear Power Generating StationsAppendix 7.1-C, "Guidance for Evaluation ofConformance to IEEE Std. 603"Isolation DevicesSoftware ReviewsSelf-Test and Surveillance Test Provisions Programmable Logic Controllers "Guidance for Evaluation of Defense-in-Depth andDiversity in Digital Computer-Based Instrumentation and Control Systems"Real-Time Performance Method for Performing Diversity andDefense-in-Depth Analyses of Reactor Protection SystemsUnited States Nuclear Regulatory Commission (USNRC) Digital Instrumentation and Controls TaskWorking Group #2, "Diversity and Defense-in-Depth Issues Interim Staff Guidance,"
(2008).United States Nuclear Regulatory Commission (USNRC) Digital Instrumentation and Controls TaskWorking Group #4, "Highly Integrated Control RoomsDigital Communications Systems (HICRc),
Rev 1,March 2009Westinghouse Electric Corporation, "ReactorProtection System Diversity in Westinghouse Pressurized Reactors,"
(1969) Non-Proprietary Class3Safety Evaluation Report Eagle 21 ReactorProtection System Modification With BypassManifold Elimination, PG&E, Diablo Canyon PowerPlant, (October 7, 1993)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 35 of 543.1.19. 10 CFR 50.623.1.20. USNRC3.1.21. USNRC, Regulatory Guide 1.97, Rev. 33.1.22. EPRI, TR-107330 3.1.23. EPRI, TR-1000799 3.1.24. EPRI, TR-1003114 3.1.25. USNRC, RG 1.1523.1.26. USNRC, RG 1.180, Rev 13.1.27. USNRC, RG 1.1683.1.28. USNRC, RG 1.1693.1.29. USNRC, RG 1.1713.1.30. CS Innovations 3.1.31. Triconex Corporation Requirements for Reduction of Risk from Anticipated Transients without Scram (ATWS) Events for Light-Water-Cooled Nuclear Power PlantsSafety Evaluation Report for Wolf Creek NuclearOperating Company (WCNOC) Main Steam andFeedwater Isolation System (MSFIS),
Accession Number ML090610317 Instrumentation for Light-Water-Cooled NuclearPower Plants to Assess Plant and EnvironsConditions During and Following an AccidentGeneric Requirements Specification for Qualifying aCommercially Available PLC for Safety-Related Applications in Nuclear Power Plants, February 1998Generic Qualification of the Triconex Corporation Tricon Triple Modular Redundant Programmable Logic Control System for Safety-Related Application s in Nuclear Power Plants, November 2000Safety Evaluation Report, issued by NuclearRegulatory Commission to Triconex on the TriconexPlatform, December 12, 2001Criteria for Digital Computers in Safety Systems ofNuclear Power PlantsGuidelines for Evaluating Electromagnetic andRadio-Frequency Interference in Safety-Related Instrumentation and Control SystemsVerification, Validation, Reviews and Audits forDigital Computer Software Used in Safety Systemsof Nuclear Power PlantsConfiguration Management Plans for DigitalComputer Software Used in Safety Systems ofNuclear Power PlantsSoftware Unit Testing for Digital Computer SoftwareUsed in Safety Systems of Nuclear Power Plants6002-00301, CS Innovations ALS Topical Reportand Supporting Documents Submittal, July 29, 2010(ADAMS Accession No. ML102160471)
Topical Reports 7286-545, "Qualification SummaryReport" and 7286-546, "Amendment 1 toQualification Summary Report,"
Revision 1 published as EPRI TR-1 000799, "Generic Qualification of theTriconex Corporation TRICON Triple ModularRedundant Programmable Logic Controller Systemfor Safety-Related Applications in Nuclear PowerPlants,"
November 2000 Process Protection System Replacement Conceptual Design DocumentRev 4Page 36 of 543.1.32. USNRC3.1.33. Invensys/Triconex 3.1.34. USNRC3.1.35. 10 CFR 1003.1.36. USNRCLetter from Stuart A. Richards (NRC) to Troy Martel(Triconex Corporation),
"Review of TriconexCorporation Topical Reports 7286-545, "Qualification Summary Report" and 7286-546, "Amendment 1 toQualification Summary Report,"
Revision 1"December 11, 2001 published as EPRI TR-1003114 ADAMS Accession Number ML013470433 "Nuclear Safety-Related Qualification of the TriconTMR Programmable Logic Controller (PLC) -Updateto Qualification Summary Report Submittal and"Application for withholding Proprietary Information from Public Disclosure,"
September, 2009Oconee, Units 1, 2 & 3, Issuance of Amendment Nos. 366, 368, and 367, Reactor Protective Systemand Engineered Safeguard Protection System DigitalUpgrade.Reactor Site CriteriaDiablo Canyon Power Plant, Unit Nos. 1 and 2 -Safety Evaluation for Topical Report, "ProcessProtection System Replacement Diversity
&Defense-In-Depth Assessment" (TAC Nos. ME4094And ME4095),
dated April 19, 2011 (ADAMSAccession No. ML1 10480845) 3.2 PG&E DOCUMENTS 3.2.1. PG&E Topical Report3.2.2. PG&E DCM S-38A3.2.3. PG&E DCM T-193.2.4. PG&E DCM T-24Process Protection System Replacement Diversity
&Defense-in-Depth Assessment, Rev 1, August, 2010Plant Protection SystemDesign Criteria for Electrical Separation and Isolation Design Criteria for DCPP Instrumentation andControls3.3 PRIMARY (DESIGN BASIS) DRAWING REFERENCES Protection Set IInstr. No.FT-414FT-424FT-434FT-444FT-510FT-512Description Reactor Coolant Flow Loop 1Reactor Coolant Flow Loop 2Reactor Coolant Flow Loop 3Reactor Coolant Flow Loop 4Loop 1 FeedflowLoop 1 Steamflow Existing Unit 1Instr. Schematic 102032-17A 102032-17D 102032-17G 102032-17J 102036-3D 102036-3S Existing Unit 2Instr. Schematic 108032-17A 108032-17D 108032-17G 108032-17J 108036-3D 108036-3S Process Protection System Replacement Conceptual Design DocumentRev 4Page 37 of 54Protection Set IInstr. No.FT-520FT-522FT-530FT-532FT-540FT-542LT-459LT-529LT-539NE-41ANE-41BPT-455PT-505PT-514PT-524PT-534PT-544PT-937TE-410ATE-41 OBTE-410CTE-411ATE-411 B,TE-411CTE-412ATE-412CTE-413ATE-413BTE-423ATE-423BDescription Loop 2 FeedflowLoop 2 Steamflow Loop 3 FeedflowLoop 3 Steamflow Loop4 FeedflowLoop 4 Steamflow PZR LevelS/G 2 LevelS/G 3 LevelDTTA Loop 1 Upper (Neutron)
FluxDTTA Loop 1 Lower (Neutron)
FluxLoop 1 PZR PressureTurbine Impulse PressureLoop 1 Steamline PressureLoop 2 Steamline PressureLoop 3 Steamline PressureLoop 4 Steamline PressureContainment PressureDTTA Loop 1 Thot-lADTTA Loop 1 Tcold-1DTTA Loop 1 Thot-1 BDTTA Loop 1 Thot-2ADTTA Loop 1 Tcold-2DTTA Loop 1 Thot-2BDTTA Loop 1 Thot-3ADTTA Loop 1 Thot-3BWR Temperature Loop 1 Hot LegWR Temperature Loop 1 Cold LegWR Temperature Loop 2 Hot LegWR Temperature Loop 2 Cold LegExisting Unit 1Instr. Schematic 102036-3E 102036-3T 102036-3F 102036-3U 102036-3G 102036-3V 102036-7C 102036-4P 102036-4Q 102036-29G 102036-29G 102036-7102036-4U 102036-3S 102036-3T 102036-3U 102036-3V 102034-12B 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102036-7L 102035-6D 102035-6D (1)102035-6E 102035-6E Existing Unit 2Instr. Schematic 108036-3E 108036-3T 108036-3F 108036-3U 108036-3G 108036-3V 108036-7C 108036-4P 108036-4Q 108036-29G 108036-29G 108036-7108036-4U 108036-3S 108036-3T 108036-3U 108036-3V 108034-12B 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108036-7L 108035-6D 108035-6D 108035-6E 108035-6E Notes:(1)per T-MOD 50229619Protection Set IIInstr. No.FT-415FT-425FT-435FT-445FT-511FT-513Description Reactor Coolant Flow Loop 1Reactor Coolant Flow Loop 2Reactor Coolant Flow Loop 3Reactor Coolant Flow Loop 4Loop 1 FeedflowLoop 1 Steamflow Existing Unit IInstr. Schematic 102032-17B 102032-17E 102032-17H 102032-17K 102036-3H 102036-3W Existing Unit 2Instr. Schematic 108032-17B 108032-17E 108032-17H 108032-17K 108036-31H 108036-3W Process Protection System Replacement Conceptual Design DocumentRev 4Page 38 of 54Protection Set IIInstr. No.FT-521FT-523FT-531FT-533FT-541FT-543LT-460LT-519LT-549NE-42ANE-42BPT-456PT-506PT-515PT-525PT-535PT-545PT-936TE-420ATE-420BTE-420CTE-421ATE-421BTE-421CTE-422ATE-422CTE-433ATE-433BTE-443ATE-443BDescription Loop 2 FeedflowLoop 2 Steamflow Loop 3 FeedflowLoop 3 Steamflow Loop4 FeedflowLoop 4 Steamflow PZR LevelS/G 1 LevelS/G 4 LevelDTTA Loop 2 Upper (Neutron)
FluxDTTA Loop 2 Lower (Neutron)
FluxLoop 2 PZR PressureTurbine Impulse PressureLoop 1 Steamline PressureLoop 2 Steamline PressureLoop 3 Steamline PressureLoop 4 Steamline PressureContainment PressureDTTA Loop 2 Thot-lADTTA Loop 2 Tcold-1DTTA Loop 2 Thot-1 BDTTA Loop 2 Thot-2ADTTA Loop 2 Tcold-2DTTA Loop 2 Thot-2BDTTA Loop 2 Thot-3ADTTA Loop 2 Thot-3BWR Temperature Loop 3 Hot LegWR Temperature Loop 3 Cold LegWR Temperature Loop 4 Hot LegWR Temperature Loop 4 Cold Leget IIIDescription Reactor Coolant Flow Loop 1Reactor Coolant Flow Loop 2Reactor Coolant Flow Loop 3Reactor Coolant Flow Loop 4PZR LevelS/G 1 LevelS/G 2 LevelS/G 3 LevelS/G 4 LevelDTTA Loop 3 Upper (Neutron)
FluxDTTA Loop 3 Lower (Neutron)
FluxExisting Unit 1Instr. Schematic 102036-31 102036-3X 102036-3J 102036-3Y 102036-3K 102036-3Z 102036-7G 102036-40 102036-4R 102036-291 102036-291 102036-7H 102036-4V 102036-3W 102036-3X 102036-3Y 102036-3Z 102034-12C 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102036-7P 102035-6F 102035-6F 102035-6G 102035-6G Existing Unit IInstr. Schematic 102032-17C 102032-17F 102032-171 102032-17L 102036-7J 102036-4102036-4A 102036-4B 102036-4C 102036-29K 102036-29K Existing Unit 2Instr. Schematic 108036-31 108036-3X 108036-3J 108036-3Y 108036-3K 108036-3Z 108036-7G 108036-40 108036-4R 108036-291 108036-291 108036-7H 108036-4V 108036-3W 108036-3X 108036-3Y 108036-3Z 108034-12C 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108036-7P 108035-6F 108035-6F 108035-6G 108035-6G Existing Unit 2Instr. Schematic 108032-17C 108032-17F 108032-171 108032-17L 108036-7J 108036-4108036-4A 108036-4B 108036-4C 108036-29K 108036-29K Protection SiInstr. No.FT-416FT-426FT-436FT-446LT-461LT-518LT-528LT-538LT-548NE-43ANE-43B Process Protection System Replacement Conceptual Design DocumentRev 4Page 39 of 54Protection Set IIIInstr. No.PT-403PT-403APT-457PT-526PT-536PT-935TE-430ATE-430BTE-430CTE-431ATE-431BTE-431CTE-432ATE-432CProtection SiInstr No.LT-517LT-527LT-537LT-547NE-44ANE-44BPT-405PT-405APT-474PT-516PT-546PT-934TE-440ATE-440BTE-440CTE-441ATE-441 BTE-441CTE-442ATE-442CTE-454Description Wide Range Pressure Loop 4Wide Range Pressure Loop 4Loop 3 PZR PressureLoop 2 Steamline PressureLoop 3 Steamline PressureContainment PressureDTTA Loop 3 Thot-lADTTA Loop 3 Tcold-1DTTA Loop 3 Thot-1 BDTTA Loop 3 Thot-2ADTTA Loop 3 Tcold-2DTTA Loop 3 Thot-2BDTTA Loop 3 Thot-3ADTTA Loop 3 Thot-3Bet IVDescription S/G 1 LevelS/G 2 LevelS/G 3 LevelS/G 4 LevelDTTA Loop 4 Upper (Neutron)
FluxDTTA Loop 4 Lower (Neutron)
FluxWide Range Pressure Loop 3Wide Range Pressure Loop 4Loop 4 PZR PressureLoop 1 Steamline PressureLoop 4 Steamline PressureContainment PressureDTTA Loop 4 Thot-lADTTA Loop 4 Tcold-1DTTA Loop 4 Thot-1 BDTTA Loop 4 Thot-2ADTTA Loop 4 Tcold-2DTTA Loop 4 Thot-2BDTTA Loop 4 Thot-3ADTTA Loop 4 Thot-3BPressurizer Vapor Temperature Existing Unit 1Instr. Schematic 102034-7A 102034-7C 102036-71 102036-5F 102036-5G 102034-12D 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T 102036-7T Existing Unit 1Instr Schematic 102036-41 102036-4J 102036-4K 102036-4L 102036-29M 102036-29M 102034-7B 102034-7D 102036-7B 102036-5E 102036-5H 102034-12E 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102036-7X 102035-7B Existing Unit 2Instr. Schematic 108034-7A 108034-7C 108036-71 108036-5F 108036-5G 108034-12D 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T 108036-7T Existing Unit 2Instr Schematic 108036-41 108036-4J 108036-4K 108036-4L 108036-29M 108036-29M 108034-7B 108034-7D 108036-7B 108036-5E 108036-5H 108034-12E 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108036-7X 108035-7B Process Protection System Replacement Rev 4Conceptual Design Document Page 40 of 544 PPS Racks and Channels4.1 TRICON HARDWARE CONFIGURATION ITEMS4.1.1. Safety-Related Triconex Configuration Items1. Main Chassis2. Deleted3. RXM Chassis4. MRXM, Primary Module5. Main Processor Module6. Power Supply Module (120 VDC/1 15 VAC)7. Communications Module (TCM-FO)8. Discrete Input Module 115VAC/DC
: 9. Discrete Input Module 24 VAC/DC10. Discrete Output Module 115 VAC, Unsupervised
: 11. Deleted12. Analog Input Module, Isolated13. Analog Input Module, Differential
: 14. Analog Output Module15. Deleted16. Supervised Discrete Output Module, 24 VDC (Energize to trip outputs only)17. External Termination Panels (ETP) and interconnection cables for above I/O Modules18. AC power line filters4.1.2. Non-Safety-Related Triconex Configuration Items1. RXM Chassis2. MRXM Remote Module3. Power Supply Module (1 20VDC/1 15 VAC)4. Deleted5. Discrete Output Module 115 VAC, Unsupervised
: 6. Deleted7. Analog Output Module8. Relay Output Module9. Discrete Input Module 115VAC/DC
: 10. Discrete Input Module 24 VAC/DC11. External Termination Panels (ETP) for above I/O Modules12. Media converter (TCM output to port aggregator tap)13. AC power line filters Process Protection System Replacement Rev 4Conceptual Design Document Page 41 of 544.2 ALS CONFIGURATION ITEMS4.2.1. Safety-Related ALS Configuration Items (Typical for Logic Path A & B)1. ALS CLB -Core Logic Board2. ALS IPB -Input Board3. ALS OPB -Output Board4. ALS Rack and Cables4.2.2. Non-Safety-Related ALS Configuration Items1. ASU Software4.3 PG&E CONFIGURATION ITEMS1. Maintenance Video Display Unit and Software (Except ASU software provided by ALS)2. Net Optics Port Aggregator Network Taps3. 0OS Toggle Switches4. Manual Trip Toggle Switches5. Bypass Toggle Switches
: 96. Media Converters (except Tricon TCM output to port aggregator tap by IOM)7. Nominal 24 Vdc adjustable power supply for Tricon DI and DO loops8. Nominal 24 Vdc adjustable power supply for Tricon AO loops9. Nominal 40 Vdc adjustable power supply for Tricon Al loops10. Nominal 24 Vdc adjustable 24-45 Vdc I/O power supply for ALS Al loops (exceptPressurizer
: pressure, which is shared with the Tricon and powered by the Tricon loopPS). The ALS loops may use a combination of power supplies such as Items 8 and/or 9as determined by the detailed design.11. 48 Vdc ALS logic power supplies Process Protection System Replacement Conceptual Design DocumentRev 4Page 42 of 544.4 PROTECTION SET I FUNCTIONS AND INSTRUMENT CLASSESTable 4-1 Protection Set I Analog Output Functions PROTECTION SET I ANALOG OUTPUT FUNCTIONS INST.INST. NO. CLASS PROCESSOR DESCRIPTION LT-459 Input IB,A,1 Note (1) PZR Level to LI-459A (VB2), LI-459B (HSP)PT-514 Input IB,A,1 Note (1) LP 1 Steamline Press to PI-514A (VB3), PI-514B (HSP), ERFDS (/B4)PT-524 Input IB,A,1 Note (1) LP 2 Steamline Press to PI-524A (VB3), PI-524B (HSP), ERFDS (VB4)PT-534 Input IB,A,1 Note (1) LP 3 Steamline Press to PI-534A (VB3), PI-534B (HSP), ERFDS (VI/4)PT-544 Input IB,A,1 Note (1) LP 4 Steamline Press to PI-544A (VB3), PI-544B (HSP), ERFDS (VB4)PT-937 Input IB,A,1 Note (1) Containment Pressure to PI-937 0VB10TE-410A IA ALS-A DTTA Loop 1 Thot-lA (to PS I Tricon)TE-410B IA ALS-A DTTA Loop 1 Tcold-1 (to PS I Tricon)TE-411A IA ALS-A DTTA Loop 1 Thot-2A (to PS I Tricon)TE-412A IA ALS-A DTTA Loop 1 Thot-3A (to PS I Tricon)TE-413A IB,A,1 ALS-A Loop 1 Hot Leg Temp (to PS I Tricon)TE-413B IB,A,1 ALS-A Loop 1 Cold Leg Temp (to PS I Tricon)FM-414B II ALS-A Reactor Coolant Flow Loop 1 to FI-414 (VB2)FM-424B II ALS-A Reactor Coolant Flow Loop 2 to FI-424 (VB2)TE-410C IA ALS-B DTTA Loop 1 Thot-1B (to PSI Tricon)TE-41 1 B IA ALS-B DTTA Loop 1 Tcold-2 (to PS I Tricon)TE-41 1 C IA ALS-B DTTA Loop I Thot-2B (to PS I Tricon)TE-412C IA ALS-B DTTA Loop 1 Thot-3B (to PS I Tricon)TE-423A IB,A,1 ALS-B Loop 2 Hot Leg Temp (to PS I Tricon)TE-423B IA ALS-B Loop 2 Cold Leg Temp (to PS I Tricon)FM-434B II ALS-B Reactor Coolant Flow Loop 3 to FI-434 (VB2)FM-444B II ALS-B Reactor Coolant Flow Loop 4 to FI-444 (VB2)FM-512 1 II Isolator Out Loop 1 Steamflow to DFWCSFM-512 2 lB, D, 2 Isolator Out Loop 1 Steamflow to FI-512 (VB3) & ERFDS (VB1)FM-522 1 II Isolator Out Loop 2 Steamflow to DFWCSFM-522 2 IB, D, 2 Isolator Out Loop 2 Steamflow to FI-522 (VB3) & ERFDS (VB1)FM-532 1 II Isolator Out Loop 3 Steamflow to DFWCSFM-532 2 1B, D, 2 Isolator Out Loop 3 Steamflow to FI-532 (VB3) & ERFDS (VB4)FM-542 1 II Isolator Out Loop 4 Steamflow to DFWCSFM-542 2 1B, D, 2 Isolator Out Loop 4 Steamflow to FI-542 (VB3) & ERFDS (VB4)LM-459 1 II Isolator Out PZR Level to PZR Level Control (Control Set 1, Control Set 2)LM-529 1 II Isolator Out S/G 2 Level to LI-529 (VB3), DFWCS, AFWLM-539 1 II Isolator Out S/G 3 Level to LI-539 (VB3), DFWCS, AFWLM-539 2 II Isolator Out S/G 3 Level to AMSACPM-455 1 II Isolator Out PZR Pressure to PZR Pressure Control Set 1, PI-455A (\VB2), PI-455B (HSP)PM-505 1 II Isolator Out Turbine Impulse Pressure to AMSACPM-514 1 II Isolator Out Loop 1 Steamline Pressure to DFWCS Process Protection System Replacement Conceptual Design DocumentRev 4Page 43 of 54PROTECTION SET I ANALOG OUTPUT FUNCTIONS INST.INST. NO. CLASS PROCESSOR DESCRIPTION PM-524 1 II Isolator Out Loop 2 Steamline Pressure to DFWCSPM-534 1 II Isolator Out Loop 3 Steamline Pressure to DFWCSPM-544 1 II Isolator Out Loop 4 Steamline Pressure to DFWCSTM-413A IB,A,1 Tricon Loop 1 Hot Leg Temp to TR-413 (VB2) & RVLIS (PAM4)TM-413B IB,A,1 Tricon Loop 1 Cold Leg Temp to TR-413 (VB2)TM-423A IB,A,1 Tricon Loop 2 Hot Leg Temp to TR-423 (VB2) & RVLIS (PAM4)TM-423B IB,A,1 Tricon Loop 2 Cold Leg Temp to TR-423 (VB2)FM-512D IA Tricon Loop 1 Steamflow to FM-512 2 (Isolator)
FM-522D IA Tricon Loop 2 Steamflow to FM-522 2 (Isolator)
FM-532D IA Tricon Loop 3 Steamflow to FM-532 2 (Isolator)
FM-542D IA Tricon Loop 4 Steamflow to FM-542 2 (Isolator)
PM-505A I Tricon Turbine Impulse Pressure to PI-505 (VB3)TM-41 1 E II Tricon Delta-T to TI-41 1A (VB2) & TM-41 1 Q/R (R31)TM-411F II Tricon Overpower Setpoint to T/411A (CC1) & TI-411B (VB2)TM-411G II Tricon Overtemperature Setpoint to T/411A (CC1) & TI-411C (VB2)TM-412F II Tricon Tavg to TI-412 (VB2) & TM-412G/R, TC-412A-H/R (R31)DeletedDeletedDeletedDeletedNote:(1) From analog sensor input loop, isolation not required
[Section 2.3.3]Table 4-2 Protection Set I Discrete Output Functions PROTECTION SET I DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-414 A IA ALS-A Loop 1 Low Flow Rx Trip (SSPS)FC-424 A IA ALS-A Loop 2 Low Flow Rx Trip (SSPS)FC-434 A IA ALS-A Loop 3 Low Flow Rx Trip (SSPS)FC-444 A IA ALS-A Loop 4 Low Flow Rx Trip (SSPS)PC-455A A IA ALS-A PZR Pressure High Rx Trip (SSPS)PC-455B A IA ALS-A Unblock SI, Pl1 (SSPS)PC-455C A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-455D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-455E A IA ALS-A PZR Pressure High -PORV (RNASA)PC-937B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS1A DIV-A II ALS-A PS I Trouble Alarm (MAS)UY-PS1B DIV-A II ALS-A PS I Channel in Bypass Alarm (MAS)UY-PS1C DIV-A II ALS-A PS I Failure Alarm (MAS)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 44 of 54PROTECTION SET I DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION YC-937 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)FC-414 B IA ALS-B Loop 1 Low Flow Rx Trip (SSPS)FC-424 B IA ALS-B Loop 2 Low Flow Rx Trip (SSPS)FC-434 B IA ALS-B Loop 3 Low Flow Rx Trip (SSPS)FC-444 B IA ALS-B Loop 4 Low Flow Rx Trip (SSPS)PC-455A B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-455B B IA ALS-B Unblock SI, P11 (SSPS)PC-455C B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-455D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-455E B IA ALS-B PZR Pressure High -PORV (RNASA)PC-937B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS1A DIV-B II ALS-B PS I Trouble Alarm (MAS)UY-PS1B DIV-B II ALS-B PS I Channel in Bypass Alarm (MAS)UY-PS1C DIV-B II ALS-B PSI Failure Alarm (MAS)YC-937 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-459A IA Tricon PZR Level High Rx Trip (SSPS)LC-529A IA Tricon S/G 2 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-529B IA Tricon S/G 2 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-539A IA Tricon S/G 3 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-539B IA Tricon S/G 3 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-505A IA Tricon Turbine Impulse Pressure High to P13 (SSPS)PC-514A IA Tricon Loop 1 Low Steamline Press SI & Steamline Isolation (SSPS)PC-514C IA Tricon Loop 1 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-524A IA Tricon Loop 2 Low Steamline Press SI & Steamline Isolation (SSPS)PC-524C IA Tricon Loop 2 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-534A IA Tricon Loop 3 Low Steamline Press SI & Steamline Isolation (SSPS)PC-534C IA Tricon Loop 3 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-544A IA Tricon Loop 4 Low Steamline Press SI & Steamline Isolation (SSPS)PC-544C IA Tricon Loop 4 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-41 1 C IA Tricon OTDT Rx Trip (SSPS)TC-41 1G IA Tricon OPDT Rx Trip (SSPS)TC-412D IA Tricon Tavg Low-Low P12 (SSPS)TC-412G IA Tricon Tavg Low Feedwater Isolation (SSPS)TC-423A IA Tricon Loop 2 Cold Leg Temp. Low -LTOPS (RNASA)DeletedDeletedDeletedDeletedLY-529H II Tricon PS I S/G Low-Low Level TTD Timer Actuated Alarm (MAS)DeletedPC-505C II Tricon Turbine Low Power Interlock C5 (RNARA)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 45 of 54PROTECTION SET I DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TC-41 1 D II Tricon OTDT Interlock C3 (RNARA)TC-411 H II Tricon OPDT Interlock C4 (RNARA)TY-411 TRICON II Tricon PS I DTTA RTD Failure Alarm (MAS)UY-PSIA TRICON II Tricon PS I Trouble Alarm (MAS)UY-PSI B TRICON II Tricon PS I Channel in Bypass Alarm (MAS)UY-PSIC TRICON II Tricon PSI Failure Alarm (MAS)4.5 PROTECTION SET II FUNCTIONS AND INSTRUMENT CLASSESTable 4-3 Protection Set II Analog Output Functions PROTECTION SET II ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION LT-460 Input IB,A,1 Note (1) PZR Level to LI-460A (VB2), LI-460B (HSP)PT-515 Input IB,A,1 Note (1) Loop 1 Steamline Pressure to PI-515 (VB3), ERFDS (VB4)PT-525 Input IB,A,1 Note (1) Loop 2 Steamline Pressure to PI-525 (VB3), ERFDS (VB1)PT-535 Input IB,A,1 Note (1) Loop 3 Steamline Pressure to PI-535 (VB3), ERFDS (VB1)PT-545 Input IB,A,1 Note (1) Loop 4 Steamline Pressure to PI-545 (VB3), ERFDS (VB1)PT-936 Input IB,A,1 Note (1) Containment Pressure to PI-936 (VB1), ERFDS (VB1)TE-420A IA ALS-A DTTA Loop 2 Thot-lA (to PS II Tricon)TE-420B IA ALS-A DTTA Loop 2 Tcold-1 (to PS II Tricon)TE-421A IA ALS-A DTTA Loop 2 Thot-2A (to PS II Tricon)TE-422A IA ALS-A DTTA Loop 2 Thot-3A (to PS II Tricon)TE-433A IB,A,1 ALS-A Loop 3 Hot Leg Temp (to PS II Tricon)TE-433B IA ALS-A Loop 3 Cold Leg Temp (to PS II Tricon)FM-415B II ALS-A Reactor Coolant Flow Loop 1 to FI-415 (VB2)FM-425B II ALS-A Reactor Coolant Flow Loop 2 to FI-425 (VB2)TE-420C IA ALS-B DTTA Loop 2 Thot-1B (to PS II Tricon)TE-421B IA ALS-B DTTA Loop 2 Tcold-2 (to PS II Tricon)TE-421C IA ALS-B DTTA Loop 2 Thot-2B (to PS II Tricon)TE-422C IA ALS-B DTTA Loop 2 Thot-3B (to PS II Tricon)TE-443A IB,A,1 ALS-B Loop 4 Hot Leg Temp (to PS II Tricon)TE-443B IB,A,1 ALS-B Loop 4 Cold Leg Temp (to PS II Tricon)FM-435B II ALS-B Reactor Coolant Flow Loop 3 to FI-435 (VB2)FM-445B II ALS-B Reactor Coolant Flow Loop 4 to FI-445 (VB2)FM-513 1 II Isolator Out Loop 1 Steamflow to DFWCSFM-513 2 lB, D, 2 Isolator Out Loop 1 Steamflow to FI-513 (VB3) & ERFDS (VB1)FM-523 1 II Isolator Out Loop 2 Steamflow to DFWCSFM-523 2 IB, D, 2 Isolator Out Loop 2 Steamflow to FI-523 (VB3) & ERFDS (VB1)FM-533 1 II Isolator Out Loop 3 Steamflow to DFWCSFM-533 2 lB, D, 2 Isolator Out Loop 3 Steamflow to FI-533 (VB3) & ERFDS (VB4)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 46 of 54PROTECTION SET II ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FM-543 1 II Isolator Out Loop 4 Steamflow to DFWCSFM-543 2 IB, D, 2 Isolator Out Loop 4 Steamflow to FI-543 (VB3) & ERFDS (VB4)LM-460 1 II Isolator Out PZR Level to PZR Level Control (Control Set 1, Control Set 2)LM-519 1 II Isolator Out S/G 1 Level to LI-519 (VB3), DFWCS, AFWLM-549 1 II Isolator Out S/G 4 Level to LI-549 (VB3), DFWCS, AFWLM-549 2 II Isolator Out S/G 4 Level to AMSACPM-456 1 II Isolator Out PZR Pressure to PI-456 (VB2), PZR Pressure Control (Control Set 1)PM-506 1 II Isolator Out Turbine Impulse Pressure to AMSACPM-515 1 II Isolator Out Loop 1 Steamline Pressure to DFWCSPM-525 1 II Isolator Out Loop 2 Steamline Pressure to DFWCSPM-535 1 II Isolator Out Loop 3 Steamline Pressure to DFWCSPM-545 1 II Isolator Out Loop 4 Steamline Pressure to DFWCSTM-433A IB,A,1 Tricon Loop 3 Hot Leg Temp to TR-433 (VB2) & RVLIS (PAM3)TM-433B IB,A,1 Tricon Loop 3 Cold Leg Temp to TR-433 (VB2)TM-443A IB,A,1 Tricon Loop 4 Hot Leg Temp to TR-443 (VB2) & RVLIS (PAM3)TM-443B IB,A,1 Tricon Loop 4 Cold Leg Temp to TR-443 (VB2)FM-513D IA Tricon Loop 1 Steamflow to FI-513 2 (Isolator)
FM-523D IA Tricon Loop 2 Steamflow to FI-523 2 (Isolator)
FM-533D IA Tricon Loop 3 Steamflow to FI-533 2 (Isolator)
FM-543D IA Tricon Loop 4 Steamflow to FI-543_2 (Isolator)
PM-506A II Tricon Turbine Impulse Pressure to PI-506 (VB3)TM-421E II Tricon Delta-T to TI-421A (VB2) & TM-41 1Q2/R (R31)TM-421 F II Tricon Overpower Setpoint to T/41 1A (CC1) & TI-421 B (VB2)TM-421G II Tricon Overtemperature Setpoint to T/41 1A (CC1) & TI-421C (VB2)TM-422F II Tricon Tavg to TI-422 (VB2) & TM-422G/R, TC-422A-HIR (R31)DeletedDeletedDeletedDeletedNote:(1) From analog sensor input loop, isolation not required
[Section 2.3.3]Table 4-4 Protection Set II Discrete Output Functions PROTECTION SET II DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-415 A IA ALS-A Loop 1 Low Flow Rx Trip (SSPS)FC-425 A IA ALS-A Loop 2 Low Flow Rx Trip (SSPS)FC-435 A IA ALS-A Loop 3 Low Flow Rx Trip (SSPS)FC-445 A IA ALS-A Loop 4 Low Flow Rx Trip (SSPS)PC-456A A IA ALS-A PZR Pressure High Rx Trip (SSPS)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 47 of 54PROTECTION SET II DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION PC-456B A IA ALS-A Unblock SI, P11 (SSPS)PC-456C A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-456D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-456E A IA ALS-A PZR Pressure High -PORV (RNASA)PC-936A A IA ALS-A Containment Press High SI, Ph A Isolation (SSPS)PC-936B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS2A DIV-A II ALS-A PS II Trouble Alarm (MAS)UY-PS2B DIV-A II ALS-A PS II Channel in Bypass Alarm (MAS)UY-PS2C DIV-A II ALS-A PS II Failure Alarm (MAS)YC-936 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)FC-415 B IA ALS-B Loop 1 Low Flow Rx Trip (SSPS)FC-425 B IA ALS-B Loop 2 Low Flow Rx Trip (SSPS)FC-435 B IA ALS-B Loop 3 Low Flow Rx Trip (SSPS)FC-445 B IA ALS-B Loop 4 Low Flow Rx Trip (SSPS)PC-456A B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-456B B IA ALS-B Unblock SI, P11 (SSPS)PC-456C B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-456D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-456E B IA ALS-B PZR Pressure High -PORV (RNASA)PC-936A B IA ALS-B Containment Press High SI, Ph A Isolation (SSPS)PC-936B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS2A DIV-B II ALS-B PS II Trouble Alarm (MAS)UY-PS2B DIV-B II ALS-B PS II Channel in Bypass Alarm (MAS)UY-PS2C DIV-B II ALS-B PS II Failure Alarm (MAS)YC-936 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-460A IA Tricon PZR Level High Rx Trip (SSPS)LC-519A IA Tricon S/G 1 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-519B IA Tricon S/G 1 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-549A IA Tricon S/G 4 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-549B IA Tricon S/G 4 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-506A IA Tricon Turbine Impulse Pressure High to P13 (SSPS)PC-515A IA Tricon Loop 1 Low Steamline Press SI & Steamline Isolation (SSPS)PC-515C IA Tricon Loop 1 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-525A IA Tricon Loop 2 Low Steamline Press SI & Steamline Isolation (SSPS)PC-525C IA Tricon Loop 2 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-535A IA Tricon Loop 3 Low Steamline Press SI & Steamline Isolation (SSPS)PC-535C IA Tricon Loop 3 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-545A IA Tricon Loop 4 Low Steamline Press SI & Steamline Isolation (SSPS)PC-545C IA Tricon Loop 4 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-421C IA Tricon OTDT Rx Trip (SSPS)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 48 of 54PROTECTION SET II DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TC-421G IA Tricon OPDT Rx Trip (SSPS)TC-422D IA Tricon Tavg Low-Low P12 (SSPS)TC-422G IA Tricon Tavg Low Feedwater Isolation (SSPS)TC-433A IA Tricon Loop 3 Cold Leg Temp. Low -LTOPS (RNASA)DeletedDeletedDeletedDeletedLY-519H 11 Tricon PS II S/G Low-Low Level TTD Timer Actuated Alarm (MAS)DeletedTC-421D II Tricon OTDT Interlock C3 (RNARA)TC-421H II Tricon OPDT Interlock C4 (RNARA)TY-421 TRICON II Tricon PS2 DTTA RTD Failure Alarm (MAS)UY-PS2A TRICON II Tricon PS2 Trouble Alarm (MAS)UY-PS2B TRICON II Tricon PS2 Channel in Bypass Alarm (MAS)UY-PS2C TRICON II Tricon PS2 Failure Alarm (MAS)4.6 PROTECTION SET III FUNCTIONS AND INSTRUMENT CLASSESTable 4-5 Protection Set III Analog Output Functions PROTECTION SET III ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION LT-461 Input IB,A,1 Note (1) PZR Level to LI-461 (VB2)LT-518 Input IB,A,1 Note (1) S/G 1 Level to LI-518 (VB3) & ERFDS (VB1)LT-528 Input IB,A,1 Note (1) S/G 2 Level to LI-528 (VB3) & ERFDS (VB1)LT-538 Input IB,A,1 Note (1) S/G 3 Level to LI-538 (VB3) & ERFDS (VB1)LT-548 Input IB,A,1 Note (1) S/G 4 Level to LI-548 (VB3) & ERFDS (VB1)PT-403 Input IB,A,1 Note (1) Loop 4 WR Press to PR-403 (VB2), RVLIS (PAM 4)PT-526 Input IB,A,1 Note (1) Loop 2 Steamline Pressure to PI-526 (VB3)PT-536 Input IB,A,1 Note (1) Loop 3 Steamline Pressure to PI-536 (VB3)PT-935 Input IB,A,1 Note (1) Containment Pressure to PI-935 (VB1) & ERFDS (VB1)TE-430A IA ALS-A DTTA Loop 3 Thot-lA (to PS III Tricon)TE-430B IA ALS-A DTTA Loop 3 Tcold-1 (to PS III Tricon)TE-431A IA ALS-A DTTA Loop 3 Thot-2A (to PS III Tricon)TE-432A IA ALS-A DTTA Loop 3 Thot-3A (to PS III Tricon)FM-416B II ALS-A Reactor Coolant Flow Loop 1 to FI-416 (VB2)FM-426B II ALS-A Reactor Coolant Flow Loop 2 to FI-426 (VB2)TE-430C IA ALS-B DTTA Loop 3 Thot-lB (to PS Ill Tricon)TE-431B IA ALS-B DTTA Loop 3 Tcold-2 (to PS Ill Tricon)TE-431 C IA ALS-B DTTA Loop 3 Thot-2B (to PS III Tricon)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 49 of 54PROTECTION SET III ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TE-432C IA ALS-B DTTA Loop 3 Thot-3B (to PS III Tricon)FM-436B II ALS-B Reactor Coolant Flow Loop 3 to FI-436 (VB2)FM-446B II ALS-B Reactor Coolant Flow Loop 4 to FI-446 (VB2)LM-461 1 II Isolator Out PZR Level to PZR Level Control (Control Set 1, Control Set 2)LM-518 1 II Isolator Out S/G 1 Level to DFWCS, AFWLM-528 1 II Isolator Out S/G 2 Level to DFWCS, AFWLM-528 2 II Isolator Out S/G 2 Level to AM SACLM-538 1 II Isolator Out S/G 3 Level to DFWCS, AFWLM-548 1 II Isolator Out S/G 4 Level to DFWCS, AFWPM-403A 1 II Isolator Out Loop 4 WR Press to PI-403A (VB2), ERFDS (VB4)PM-457 1 II Isolator Out PZR Pressure to PZR Pressure Control (Control Set 1), PI-457 (VB2)PM-526 1 II Isolator Out Loop 2 Steamline Pressure to DFWCSPM-536 1 II Isolator Out Loop 3 Steamline Pressure to DFWCSTM-431 E II Tricon Delta-T to TI-431A (VB2) & TM-41 1Q3/R (R31)TM-431F II Tricon Overpower Setpoint to T/411A (CC1) & TI-431B (VB2)TM-431G II Tricon Overtemperature Setpoint to T/411A (CC1) & TI-431C (VB2)TM-432F II Tricon Tavg to TI-432 (VB2) & TM-432G/R, TC-432A-H/R (R31)Note:1) From analog sensor input loop, isolation not required
[Section 2.3.3Table 4-6 Protection Set III Discrete Output Functions PROTECTION SET III DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-416 A IA ALS-A Loop 1 Low Flow Rx Trip (SSPS)FC-426 A IA ALS-A Loop 2 Low Flow Rx Trip (SSPS)FC-436 A IA ALS-A Loop 3 Low Flow Rx Trip (SSPS)FC-446 A IA ALS-A Loop 4 Low Flow Rx Trip (SSPS)PC-457A A IA ALS-A PZR Pressure High Rx Trip (SSPS)PC-457B A IA ALS-A Unblock SI, P1l (SSPS)PC-457C A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-457D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-457E A IA ALS-A PZR Pressure High -PORV (RNASA)PC-935A A IA ALS-A Containment Press High SI, Ph A Isolation (SSPS)PC-935B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS3A DIV-A II ALS-A PS III Trouble Alarm (MAS)UY-PS3B DIV-A II ALS-A PS III Channel in Bypass Alarm (MAS)UY-PS3C DIV-A II ALS-A PS IlI Failure Alarm (MAS)YC-935 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)FC-416-B IA ALS-B Loop 1 Low Flow Rx Trip (SSPS)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 50 of 54PPOTFC.TI1N
'~FT III flI~CRFTF 01 JTPI IT F[JNCTI0NS~
INST. NO. INST. CLASS PROCESSOR DESCRIPTION FC-426 B IA ALS-B Loop 2 Low Flow Rx Trip (SSPS)FC-436 B IA ALS-B Loop 3 Low Flow Rx Trip (SSPS)FC-446 B IA ALS-B Loop 4 Low Flow Rx Trip (SSPS)PC-457A B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-457B B IA ALS-B Unblock SI, P1I (SSPS)PC-457C B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-457D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-457E B IA ALS-B PZR Pressure High -PORV (RNASA)PC-935A B IA ALS-B Containment Press High SI, Ph A Isolation (SSPS)PC-935B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS3A DIV-B II ALS-B PS III Trouble Alarm (MAS)UY-PS3B DIV-B II ALS-B PS III Channel in Bypass Alarm (MAS)UY-PS3C DIV-B II ALS-B PS III Failure Alarm (MAS)YC-935 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-461A IA Tricon PZR Level High Rx Trip (SSPS)LC-518A IA Tricon S/G 1 High-High Level Turbine Trip, FW Isoiation P14 (SSPS)LC-518B IA Tricon S/G 1 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-528A IA Tricon S/G 2 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-528B IA Tricon S/G 2 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-538A IA Tricon S/G 3 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-538B IA Tricon S/G 3 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-548A IA Tricon S/G 4 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-548B IA Tricon S/G 4 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-403A IA Tricon Loop 4 WR Pressure Low to RHR V-8702 Open Ckt (RNSIA)PC-403B IA Tricon Loop 4 WR Pressure High to RHR Not Isolated Alarm Ckt (RNSIA)PC-403D IA Tricon Loop 4 WR Pressure High to LTOPS (RNASA)PC-526A IA Tricon Loop 2 Low Steamline Press SI & Steamline Isolation (SSPS)PC-526C IA Tricon Loop 2 Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-536A IA Tricon Loop 3 Low Steamline Press SI & Steamline Isolation (SSPS)PC-536C IA Tricon Loop 3 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-431C IA Tricon OTDT Rx Trip (SSPS)TC-431G IA Tricon OPDT Rx Trip (SSPS)TC-432D IA Tricon Tavg Low-Low P12 (SSPS)TC-432G IA Tricon Tavg Low Feedwater Isolation (SSPS)LY-518H II Tricon PS III S/G Low-Low Level TTD Timer Actuated Alarm (MAS)DeletedDeletedDeletedPC-526B II Tricon Loop 2 Steamline Pressure Low Alarm (MAS)PC-536B II Tricon Loop 3 Steamline Pressure Low Alarm (MAS)TC-431 D II Tricon OTDT Interlock C3 (RNARA)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 51 of 54PROTECTION SET III DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TC-431 H II Tricon OPDT Interlock C4 (RNARA)TY-431 TRICON II Tricon PS III DTTA RTD Failure Alarm (MAS)UY-PS3A TRICON II Tricon PS III Trouble Alarm (MAS)UY-PS3B TRICON II Tricon PS III Channel in Bypass Alarm (MAS)UY-PS3C TRICON II Tricon PS III Failure Alarm (MAS)4.7 PROTECTION SET IV FUNCTIONS AND INSTRUMENT CLASSESTable 4-7 Protection Set IV Analog Output Functions PROTECTION SET IV ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION LT-517 Input IB,A,1 Note (1) S/G 1 Level to LI-517 (VB3), ERFDS (VB4)LT-527 Input IB,A,1 Note (1) S/G 2 Level to LI-527 (VB3), ERFDS (VB4)LT-537 Input IB,A,1 Note (1) S/G 3 Level to LI-537 (VB3), ERFDS (VB4)LT-547 Input IB,A,1 Note (1) S/G 4 Level to LI-547 (VB3), ERFDS (VB4)PT-405 Input IB,A,1 Note (1) Loop 3 WR Press to PI-405 (VB2), ERFDS (VB4), RVLIS (PAM 3)PT-516 Input IB,A,1 Note (1) Loop 1 Steamline Pressure to PI-516 (VB3)PT-546 Input IBA,1 Note (1) Loop 4 Steamline Pressure to PI-546 (VB3)PT-934 Input IB,A,1 Note (1) Containment Pressure to PI-934 (VB1)TE-440A IA ALS-A DTTA Loop 4 Thot-lA (PS IV Tricon)TE-440B IA ALS-A DTTA Loop 4 Tcold-1 (PS IV Tricon)TE-441A IA ALS-A DTTA Loop 4 Thot-2A (PS IV Tricon)TE-442A IA ALS-A DTTA Loop 4 Thot-3A (PS IV Tricon)TE-454 IA ALS-A PZR Vapor Temperature (PS IV Tricon)TE-440C IA ALS-B DTTA Loop 4 Thot-1 B (PS IV Tricon)TE-441 B IA ALS-B DTTA Loop 4 Tcold-2 (PS IV Tricon)TE-441C IA ALS-B DTTA Loop 4 Thot-2B (PS IV Tricon)TE-442C IA ALS-B DTTA Loop 4 Thot-3B (PS IV Tricon)LM-517 1 II Isolator Out S/G 1 Level to DFWCS, AFWLM-517 2 II Isolator Out S/G 1 Level to AMSACLM-527 1 II Isolator Out S/G 2 Level to DFWCS, AFWLM-537 1 II Isolator Out S/G 3 Level to DFWCS, AFWLM-547 1 II Isolator Out S/G 4 Level to DFWCS, AFWPM-405A 1 II Isolator Out Loop 4 WR Press to PI-405A (VB2), ERFDS (VB4)PM-474 1 II Isolator Out PZR Pressure to PI-474 (VB2), PZR Pressure Control (Control Set 1)PM-516 1 II Isolator Out Loop 1 Steamline Pressure to DFWCSPM-546 1 II Isolator Out Loop 4 Steamline Pressure to DFWCSTM-441E II Tricon Delta-T to TI-441A (VB2) & TM-41 1Q4/R (R31)TM-441 F II Tricon Overpower Setpoint to T/41 1A (CC1) & TI-441 B (VB2)TM-441G II Tricon Overtemperature Setpoint to T/41 1A (CC1) & TI-441C (VB2)TM-442F II Tricon Tavg to TI-442 (VB2) & TM-442G/R, TC-442A-H/R (R31)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 52 of 54PROTECTION SET IV ANALOG OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION TM-454A 11,D,3 Tricon PZR Vapor Ternp to TI-454 (VB2) & TC-454/R (Control Set 2)Note:(1) From analog sensor input loop, isolation not required
[Section 2.3.3]Table 4-8 Protection Set IV Discrete Output Functions PROTECTION SET IV DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION PC-474A A IA ALS-A PZR Pressure Low Rx Trip (SSPS)PC-474B A IA ALS-A PZR Pressure High -PORV (RNASA)PC-474C A IA ALS-A PZR Pressure High Rx Trip (SSPS)PC-474D A IA ALS-A PZR Pressure Low-Low SI (SSPS)PC-934A A IA ALS-A Containment Press High SI, Ph A Isolation (SSPS)PC-934B A IA ALS-A Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS4A DIV-A II ALS-A PS IV Trouble Alarm (MAS)UY-PS4B DIV-A II ALS-A PS IV Channel in Bypass Alarm (MAS)UY-PS4C DIV-A II ALS-A PS IV Failure Alarm (MAS)YC-934 A II ALS-A Containment Press High-High Channel in Test Alarm (MAS)PC-474A B IA ALS-B PZR Pressure Low Rx Trip (SSPS)PC-474B B IA ALS-B PZR Pressure High -PORV (RNASA)PC-474C B IA ALS-B PZR Pressure High Rx Trip (SSPS)PC-474D B IA ALS-B PZR Pressure Low-Low SI (SSPS)PC-934A B IA ALS-B Containment Press High SI, Ph A Isolation (SSPS)PC-934B B IA ALS-B Containment Press High-High Containment Spray, Ph B Isolation (SSPS)DeletedUY-PS4A DIV-B II ALS-B PS IV Trouble Alarm (MAS)UY-PS4B DIV-B II ALS-B PS IV Channel in Bypass Alarm (MAS)UY-PS4C DIV-B II ALS-B PS IV Failure Alarm (MAS)YC-934 B II ALS-B Containment Press High-High Channel in Test Alarm (MAS)LC-517A IA Tricon S/G 1 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-517B IA Tricon S/G 1 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-527A IA Tricon S/G 2 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-527B IA Tricon S/G 2 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-537A IA Tricon S/G 3 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-537B IA Tricon S/G 3 Low-Low Level Rx Trip & AFW Pump Start (SSPS)LC-547A IA Tricon S/G 4 High-High Level Turbine Trip, FW Isolation P14 (SSPS)LC-547B IA Tricon S/G 4 Low-Low Level Rx Trip & AFW Pump Start (SSPS)PC-405A IA Tricon Loop 4 WR Pressure Low to RHR V-8701 Open Ckt (SSPS)PC-405B IA Tricon Loop 4 WR Pressure High to RHR Not Isolated Alarm Ckt (RNSIB)PC-405D IA Tricon Loop 4 WR Pressure High to LTOPS (RNASA)PC-516A IA Tricon Loop 1 Low Steamline Press SI & Steamline Isolation (SSPS)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 53 of 54PROTECTION SET IV DISCRETE OUTPUT FUNCTIONS INST. NO. INST. CLASS PROCESSOR DESCRIPTION PC-516C IA Tricon Loop I Steamline Press High Negative Rate Steamline Isolation (SSPS)PC-546A IA Tricon Loop 4 Low Steamline Press SI & Steamline Isolation (SSPS)PC-546C IA Tricon Loop 4 Steamline Press High Negative Rate Steamline Isolation (SSPS)TC-441C IA Tricon OTDT Rx Trip (SSPS)TC-441G IA Tricon OPDT Rx Trip (SSPS)TC-442D IA Tricon Tavg Low-Low P12 (SSPS)TC-442G IA Tricon Tavg Low Feedwater Isolation (SSPS)DeletedLY-517H Tricon PS4 S/G Low-Low Level TTD Timer Actuated Alarm (MAS)DeletedDeletedDeletedPC-516B II Tricon Loop 1 Steamline Pressure Low Alarm (MAS)PC-546B II Tricon Loop 4 Steamline Pressure Low Alarm (MAS)TC-441 D II Tricon OTDT Interlock C3 (RNARA)TC-441 H II Tricon OPDT Interlock C4 (RNARA)TY-441 TRICON II Tricon PS4 DTTA RTD Failure Alarm (MAS)UY-PS4A TRICON II Tricon PS IV Trouble Alarm (MAS)UY-PS4B TRICON II Tricon PS IV Channel in Bypass Alarm (MAS)UY-PS4C TRICON II Tricon PS IV Failure Alarm (MAS)
Process Protection System Replacement Conceptual Design DocumentRev 4Page 54 of 54This page left blank by intent}}

Revision as of 05:58, 9 July 2018

Redirect to:

Retrieved from "https://kanterella.com/w/index.php?title=ML15099A065&oldid=863032"