ML070800198

From kanterella
Revision as of 17:36, 13 March 2020 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

9100-00003-NP, Rev. 1, Wolf Creek Generating Station Main Steam and Feedwater Isolation System (Msfis) Controls Summary.
ML070800198
Person / Time
Site: Wolf Creek Wolf Creek Nuclear Operating Corporation icon.png
Issue date: 03/13/2007
From:
CS Innovations
To:
Office of Nuclear Reactor Regulation
References
ET 07-0004 9100-00003-NP, Rev 01
Download: ML070800198 (98)


Text

Enclosure II to ET 07-0004 CS Innovations LLC Report 9100-00003-NP, "Wolf Creek Generating Station Main Steam and Feedwater Isolation System (MSFIS) Controls Summary"

ALS Advanced Logic System Wolf Creek Generating Station Main Steam and Feedwater Isolation System (MSFIS) Controls Summary 9100-00003-NP Rev. 1 March 13, 2007 CS Innovations, LLC Scottsdale, AZ CS Innovations LLC 2007 Non-Proprietary Information

WCGS MSFIS Controls Project Summary Table of Content Introduction ....................................................................................................................................................................... 4

1.1 Purpose and Scope

................................................................................................................................................... 4 1.2 Ov erv iew .................................................................................................................................................................. 4 1.3 Document Organization ........................................................................................................................................... 4 1.4 References ................................................................................................................................................................ 4 1.5 Acronym s, Units of Measure and Designations .................................................................................................. 5 1.6 ALS Hardware Components and Definitions ....................................................................................................... 6 2 Existing M SFIS Controls ................................................................................................................................................... 7 2.1 Existing MSFIS Controls Description ............................................................................................................. 7 2.2 Existing M SFIS Controls Overview ............................................................................................................... 7 2.2.1 Board Overview .......................................................................................................................................... 7 2.2.2 Architecture Overview ................................................................................................................................ 8 3 ALS Platform Overview .................................................................................................................................................... 9 3.1 Characteristics of the ALS ....................................................................................................................................... 9 3.2 ALS Architecture Overview .................................................................................................................................. 10 3.3 ALS Board Overview ............................................................................................................................................. 11 3.4 ALS Operation ....................................................................................................................................................... 17 3.5 ALS Technology .................................................................................................................................................... 17 3.6 ALS Benefits .......................................................................................................................................................... 21 4 M SFIS Overview ............................................................................................................................................................. 23 4.1 Scope of ALS-M SFIS Replacement ...................................................................................................................... 23 4.2 System Overview ................................................................................................................................................... 25 4.3 System Inputs/Outputs ........................................................................................................................................... 26 4.3.1 M anual Actuation (ALLCLOSE, CLOSE, OPEN) ............................................................................... 26 4.3.2 Automatic Actuation (ESFAS) .................................................................................................................. 27 4.3.3 Operator Switch (OPERATE) ................................................................................................................... 28 4.3.4 Operator Status inform ation (STATUS, BYPASS, ALARM ) ............................................................ 28 4.3.5 Solenoid Output (A, B, C) ......................................................................................................................... 29 4.3.6 Valve Status Information (VFO/VFC) .................................................................................................. 29 4.4 Valve and Actuator Functional Description ....................................................................................................... 31 4.4.1 Pilot Valve and Solenoid Description ................................................................................................... 32 4.4.2 Actuator Norm al Operating M odes ....................................................................................................... 32 4.4.3 Actuator M aintenance Operating Modes .............................................................................................. 33 4.4.4 Valve Response Time ................................................................................................................................ 33 4.4.5 Valve Essentials ........................................................................................................................................ 33 4 .4 .6 [a,c,e .......................................................................................................................................................... 34 4.5 Separation / Isolation / Independence / Diversity .............................................................................................. 35 4.6 EMI Requirements ................................................................................................................................................. 35 4.7 Seism ic Requirem ents ............................................................................................................................................ 35 4.8 Environmental Requirements ................................................................................................................................. 36 4.9 Life Span and Reliability ....................................................................................................................................... 36 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 2 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 3 of 36

WCGS MSFIS Controls Project Summary Introduction

1.1 Purpose and Scope

This document provides an overview of the Main Steam & Feedwater Isolation System (MSFIS) Controls Replacement Project at Wolf Creek Generating Station. The main purpose of the document is to provide information regarding the proposed replacement controls system. The proposed controls system is based on the Advanced Logic System architecture from the Arizona based company 'CS Innovations, LLC'. Wolf Creek has partnered with CS Innovations to utilize the ALS platform for the replacement MSFIS Controls.

1.2 Overview The purpose of the MSFIS Controls Replacement Project is to replace the existing Consolidated Controls Corporation MSFIS controls system with a controls system based on the ALS. The replacement installation is schedule for Refueling Outage 16, Spring 2008. The MSFIS Controls Replacement Project is one aspect of an overall project at Wolf Creek Generating Station to replace the existing Main Steam Isolation Valve (MSIV) bodies and actuators as well as the Main Feedwater Isolation Valve (MFIV) bodies and actuators.

The existing MSFIS controls do not support the operation of the replacement MSIV and MFIV actuators. A modified or replacement controls system is required to operate the new valve actuators. In addition to the lack of capability, the existing MSFIS controls is based on obsolete technology that has become less reliable as the system ages. The existing MSFIS controls has failed multiple times in the past several years; causing a plant trip in August 2003, and two failures which caused near plant trips in early 2006. Several single points of failure exist in the existing MSFIS controls.

The MSFIS Controls Replacement Project replaces the existing Consolidated Controls system with an ALS. The ALS provides several advantages over the existing system; 1) High reliability and integrity, no single point of failure will cause a false actuation. 2) Testing capabilities of the ALS reduce the manual testing required in the existing system. 3) The ALS is a modular and scalable system, which allows the ALS to target multiple systems from small single rack applications to large multi-rack applications. The system replacements can be implemented in a system by system approach. 4) Eliminates current obsolescence issues and is based on technologies to mitigate future obsolescence. 5) Diagnostics capabilities in the ALS allow for simple maintenance and troubleshooting.

1.3 Document Organization The document is organized into four sections.

Section 1 - provides an introduction of the project as well as references, acronyms, and specific ALS definitions.

Section 2 - provides the reader with a background on the existing Consolidated Control Corporation system, which is currently installed at Wolf Creek for the MSFIS Controls.

Section 3 - provides an overview description of the ALS.

Section 4 - provides a summary of the ALS implementation for MSFIS Controls at Wolf Creek.

1.4 References

[1 ] Specification J- 105A (Q) for Replacement MSFIS System, Wolf Creek Generating Station

[2] ALS Level 1 Specification, CS Innovations, LLC

[3] MSFIS Level 1 Specification, CS Innovations, LLC LLC 2007 Non-Proprietary Information Page 4 of 36 9100-00003-NP CS Innovations CS Innovations LLC 2007 Non-Proprietary Information Page 4 of 36

WCGS MSFIS Controls Project Summary 1.5 Acronyms, Units of Measure and Designations The following table defines pertinent acronyms used in this document.

Acronym Definition ALS Advanced Logic System - the CS Innovation hardware architecture platform

[

[

CRC Cyclic redundancy check (CRC) is a type of hash function used to produce a checksum - a small, fixed number of bits - against a block of data, such as a packet of network traffic or a block of information. The checksum is used to detect errors after transmission or storage. A CRC is computed and appended before transmission or storage, and verified afterwards by recipient to confirm that no changes occurred on transit.

EMC Electro-Magnetic Compatibility EMI Electro-Magnetic Interference I I FPGA Field Programmable Gate Array I I MCB Main Control Board MOV Metal Oxide Varistor MSFIS Main Steam and Feed Water Isolation System

[]

[ I RFI Radio Frequency Interference

[I ]

[I I TVS Transient Voltage Suppressor (Zener diode)

The following table defines pertinent units and measurements used in this document.

LLC 2007 Non-Proprietary Information Page 5 of 36 9100-00003-NP 91 00-00003-NP CS Innovations CS Innovations LLC 2007 Non-Proprietary Information Page 5 of 36

WCGS MSFIS Controls Project Summary 1.6 ALS Hardware Components and Definitions Definition of ALS related terms:

" A board (also knows as circuit boards/cards/modules/PCB) refers to a printed circuit board (PCB). All boards have a front-plate attached on the front-edge and (male) connectors on the back-edge to connect the board to the back-plane.

Each board has 1 FPGA and several support components (resistors, capacitors, inductors, analog and digital ICs such as voltage regulators/voltage supervisors/74xxx drivers/etc, as well as the necessary connectors and LEDs).

o A channel is the term used for the circuit, which independently can measure/detect a field inputs, or control/drive an outputs. A board typically has a number of channels: 4, 8, 16 or 32 channels per board.

" A rack contains a number of boards (also knows as cards/modules/parts/PCB).

o The front of a rack is referred to as the front-panel, and is implemented with a number of customizable and application specific front-plates (also referred to as face-plates). Front-plates are attached to the boards, and when all boards are inserted they will comprise a complete front-panel. Front-plates, not attached to any boards, can be inserted to complete the front-panel. They are referred to as spacers or name-plates. Latching injection/ejection handles mounted on the front-plates provide a locking mechanism to fasten and secure the boards in the racks.

o The external rear of a rack is referred to as the rear-panel. All wiring to and from the rack is done through the rear-panel using rear-panel connectors.

o An application specific back-plane is attached to the rear-panel. The back-plane connects the rear-panel connectors (facing away from the rack) to the board connectors (facing into the rack).

" Rack inputs and outputs are referred to as signals. Typically an input or output signal consist of a 2-wire connection with the signal and its return. The term input and output are always referenced from the ALS rack perspective.

" An Assembly Panel typically contains a number of terminal blocks, fuse blocks, EMI filters, relays as well as all associated wiring.

" Field inputs and outputs are used to specify the signals entering or exiting the cabinet and are typically connected to a terminal-block located in the cabinet. Field inputs/outputs are typically connected directly to the ALS rack, but can also be connected to components located on the assembly panel.

" A cabinet may house multiple racks as well as a number of assembly panels.

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 6 of 36

WCGS MSFIS Controls Project Summary 2 Existing MSFIS Controls This section provides a summary overview of the existing MSFIS Controls. The purpose of this section is to provide the reader with a high level understanding of the system to be replaced.

The existing system is the original controls installed during plant construction. The control system was designed and built by Consolidated Controls Corporation (CCC).

2.1 Existing MSFIS Controls Description The existing system provides outputs to energize or de-energize control solenoids, which operate the plant's Main Steam Isolation Valves (MSIVs) and Feedwater Isolation Valves (MFIVs). The existing system is divided into two actuation channels, which are totally independent. Each of the two independent actuation channels monitor system inputs and, by means of logic matrices, energize or de-energize the required solenoids for the appropriate valve operations. Except for the electro-mechanical relays used as the final output devices, the circuitry is a solid-state design.

The existing system accepts input signals, in the form of contact conditions, from control switches located on the main control board. The system also accepts inputs from rotary switches on the system's test panel, from outputs relays in the Engineered Safety Features Actuation System, and from valve limit switches.

The existing system has a test panel located in the front of each of the cabinets. The test panel provides manual input for placing the system into predefined logic states for the purpose of testing the system.

Each of the two independent actuation channels, Separation Groups I and IV, contain control circuitry for four (4) MSIV's and four (4) MFIV's, 2.2 Existing MSFIS Controls Overview 2.2.1 Board Overview The existing system architecture has three types of boards:

1. Input Buffer Module
2. Valve Control Module
3. Relay Driver Input Buffer Module - The purpose of the input buffer is to accept input signals from field devices. The input buffer module contains three independent circuits. 1) Input circuitry, signal conditioning, which is connected through a cable to remote plant devices. 2) Output circuitry that produces a digital logic signal for output to the valve control module. 3) Isolation circuitry provides the required isolation between the field signal and the digital signal to the valve control module. The input buffer module is built from both analog and digital discrete components. The individual components are soldered onto a PCB.

Valve Control Module - The purpose of the valve control module is to provide the required logic for operating a particular valve based on the data from the input buffer module. The valve control module, which is associated with each valve control loop, is the main logic control element in the loop. The valve control module consists mostly of discrete digital components. The individual components are wire-wrapped onto a perforated board.

Relay Driver Module - The purpose of the relay driver is to energize and de-energize the interposing relays used to control the valve solenoids. The relay driver has three keys functions; 1) receive a logic command and energize or de-energize the interposing relay. 2) Maintain isolation between input circuitry. 3) Current limit the relay driver output when short-circuited, The relay driver is built from both analog and digital discrete components. The individual components are soldered onto a PCB.

LLC 2007 Non-Proprietary Information Page 7 of36 9100-00003-NP CS Innovations CS Innovations LLC 2007 Non-Proprietary Information Page 7 of 36

WCGS MSFIS Controls Project Summary 2.2.2 Architecture Overview The existing system is configured such that there is one valve control module for each actuation channel of each valve.

Therefore, there are a total of 16 valve control modules between both actuation channels. A valve control loop provides the complete set of boards the control of a particular valve for one actuation channel. The valve control loop conists of three input buffer modules, one valve control module, and two relay drivers. In total the existing system contains 48 boards split into 3 racks for each actuation channel. Figure 2 is an excerpt from a WCGS drawing showing the valve control loop for a particular valve.

The drawing also shows the interposing relays as well as the test panel.

The boards are housed in a 19" CCC proprietary rack. There are three racks in each of the individual cabinets. The boards are interconnected by a wire-wrapped "back-plane" in each rack. The interconnection is specific for this particular application.

-- s

-15v 9S A3 33. 3' 3.. , .4 31 1! 3A 22.4

37. x FY.-

1Al 12 Do 41.51111

  • t8
25. 24 ~ C8333 34.4 61, .1 j;. .&

- I If ,2 jj. .1 81 n, IAlj1. A9 DO.86 IA.j;. III IA143.DO I 6q IAIjý 81

-o-141.13. 92 oý 7a 7o

-n. 83 R 6 ". a - . '. '. c.

86 1Al^ M Lý_ 47,111 c IAM. cl 31. 3o

11. ý2 Aj3. c2 110 1-ýB' TE5IF.C. CO~

'Es,'. C. 653 5363.3.35 Figure 1: Excerpt of WCGS Drawing showing a existing MSFIS Controls valve control loop for a particular valve Page 8 of 36 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 8 of 36 CS Innovations LLC 2007 Non-Proprietary Information

WCGS MSFIS Controls Project Summary 3 ALS Platform Overview The Advanced Logic System (ALS) is a new approach to safety critical control systems. The ALS is a universal platform which targets safety critical control systems, where reliability and integrity are of the highest importance. The ALS is a logic based platform which does not utilize a microprocessor or software for operation, but instead relies on a simple hardware platform.

The platform incorporates advanced features to allow for diagnostics, testability, and modularity. The ALS platform is designed to be at the appropriate level of complexity to achieve high reliability and integrity as well as allow enough flexibility to target multiple safety critical applications within a given plant. Diagnostics and testing capabilities are designed into the ALS platform to ensure there is a systematic approach to maintaining and testing the system.

3.1 Characteristics of the ALS

[a,c,e 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 9 of 36

WCGS MSFIS Controls Project Summary 3.2 ALS Architecture Overview

[a,c,e

. I 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 10 of 36

WCGS MSFIS Controls Project Summary 3.3 ALS Board Overview

[a,c,e LLC 2007 Non-Proprietary Information Page 11 of36 9100-00003-NP 9100-00003-NP CS Innovations Cs Innovations LLC 2007 Non-Proprietary Information Page 11 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 12 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 13 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 14 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 15 of 36

WCGS MSFIS Controls Project Summary I

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 16 of 36

WCGS MSFIS Controls Project Summary 3.4 ALS Operation

[a,c,e I

3.5 ALS Technology

[a,c,e 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 17 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 18 of 36

WCGS MSFIS Controls Project Summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 19 of 36

WCGS MSFIS Controls Project Summary I

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 20 of 36

WCGS MSFIS Controls Project Summary 3.6 ALS Benefits

[a,c,e 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 21 of 36

WCGS MSFIS Controls Project Summary I

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 22 of 36

WCGS MSFIS Controls Project Summary 4 MSFIS Overview 4.1 Scope of ALS-MSFIS Replacement The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

[a,c,e I

The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

[a,c,e The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring.

The replacement project will retain without modifications, the existing cabinets including mechanical structures used to mount racks and components, field-wiring and terminal blocks within the cabinets.

The replacement project will modify the functionality of the current MSFIS (per J-105A (Q) Rev. 2 requirements) [1]. This will include changes to the functions by which the Replacement MSFIS controls the replacement MSIVs and MFIVs. These changes account for the differences in the function of the existing and replacement MSIVs and MIFIVs, that is, electro-pneumatic-hydraulic actuators, replaced by system-medium actuators.

The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels; within the MSFIS cabinets. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV / MFIV actuators or any of the field cables.

In summary, the replacement project will provide a complete set of MSFIS controls, which can be installed in existing racks, replacing the existing control system. An overview of the replacement MSFIS can be seen in Figure 1.

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 23 of 36

WCGS MSFIS Controls Project Summary

[a,c,e I

Figure 1: MSFIS Overview 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 24 of 36

WCGS MSFIS Controls Project Summary 4.2 System Overview The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

" MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A - also referred to as train A.

" MSFIS Channel IV (Separation Group 4) located in MSFIS Cabinet SA075B - also referred to as train B.

The MSFIS functionally is divided into 2 independent functions:

  • MSIV control - The MSIV control receives the automatic actuation Steam Line Isolation Signal (SLIS) to close the MSIVs. Main Steam Line Isolation minimizes the uncontrolled cool down of the Reactor Coolant System (RCS) that would result from a main steam line rupture. Input signals pass from the detectors through the Solid State Protection System (SSPS) to the MSFIS cabinet where the output signal is generated to close the valves.
  • MFIV control - The MFIV control receives the automatic actuation Feedwater Isolation Signal (FWIS) to close the MFIVs. The Feedwater isolation minimizes the potential for excessive post-trip cool down of the RCS due to overfilling the steam generators. It also prevents moisture carryover caused by high steam generator levels, and isolates normal Feedwater in the event of a High Energy Line Break inside containment. Input signals pass from the detectors through the Solid State Protection System (SSPS) to the MSFIS cabinet where the output signal is generated to close the valves.

The MSFIS provides the control logic for a total of 8 valve!

M 4 Main Steam Isolation Valves (MSIV#1-4): AB-HV-14, AB-HV-17, AB-HV-20, AB-HV-11.

E 4 Main Feedwater Isolation Valves (MFIV#1-4): AE-FV-39, AE-FV-40, AE-FV-41, AE-FV-42.

Both separation groups actuate the same Main Steam Isolation Valve (MSIV) and Main Feedwater Isolation Valve (MIFIV).

The replacement Main Steam and Feedwater Isolation valves are operated by system-medium. The valve actuators are controlled by pressure from the system-medium, which are in turn controlled by solenoid valves. Each Main Steam and Feedwater isolation valve has one actuator with two separate Class lE electrical systems capable of closing the valve independently of the other system.

MSFIS is provided with operator inputs from Main Control Board (MCB) switches, ESFAS actuation signals from SSPS, valve position switches, and a local operator panel. Figure 2 provides an overview of the inputs and outputs for the MSFIS.

[a,c,e I

Figure 2: MSFIS Input/Output Logical Overview 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 25 of 36

WCGS MSFIS Controls Project Summary 4.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

4.3.1 Manual Actuation (ALLCLOSE, CLOSE, OPEN)

MSIV MFIV ALLCLOSE ALLCLOSE ALLCLOSE ALLCLOSE SA075A SA075B SA075A SA075B AB-HS-80 AB-HS-79 AE-HS-80 AE-HS-81 F6P E PE LiOŽEIEI1 LiCŽEýi LOM-N] FOE EoE7 OPENI RRII~

- - -i - - - -- -- ]

AB-HIS-14 AB-HIS-17 AB-HIS-20 AB-HIS-11 AE-HIS-39 AE-HIS-40 AE-HIS-41 AE-HIS-42 Figure 3: Overview of MSFIS related MCB Switches.

4.3.1.1 Main Steam Line Isolation - Manual initiated The Main Control Board (MCB) has a number of pushbutton hand switches dedicated to MSIV (See Figure 3):

" AB-HS-80 (SA075A) for Train A and AB-HS-79 (SA075B) for Train B.

Momentary PUSH-TO-MAKE style hand switches: Cutler-Hammer (E30-AA with two KLA3 contact blocks).

Two MSIV ALLCLOSE push-button hand switches are used for simultaneous redundant close control of all 4 MSIVs.

One hand switch provides an input signal to the MS-rack in cabinet SA075A (Sep.Grp.1), and the other hand switch provides an input signal to the MS-rack in cabinet SA075B (Sep.Grp.4).

The ALLCLOSE-contacts are Normal Open (NO) contact, which close to cause an actuation.

" AB-HIS-14 (AB-HV-14), AB-HIS-17 (AB-HV-17), AB-HIS-20 (AB-HV-20), AB-HIS-1I (AB-HV-1 1).

Momentary PUSH-TO-MAKE style hand switches: Cutler-Hammer (E30-JY9 with 2 sets of 2 KLA1 contact blocks).

Four MSIV OPEN/CLOSE pushbutton hand switches are used for simultaneous control of both train A and B. Each of the 4 hand switches has 2 independent sets of contacts (all related to the same valve) - 1 CLOSE and 1 OPEN contact wired to Sep.Grp. 1, and 1 CLOSE and 1 OPEN contact wired to Sep.Grp.4.

Both the OPEN- and CLOSE-contacts are Normal Open (NO) contact, which close to cause an actuation.

4.3.1.2 Feedwater Line Isolation - Manual initiated The Main Control Board (MCB) has a number of pushbutton hand switches dedicated to MFIV (See Figure 3):

  • AE-HS-80 (SA075A) for Train A and AE-HS-81 (SA075B) For Train B.

Two MFIV ALLCLOSE push-button hand switches are equivalent to the MSIV ALLCLOSE switches (section 4.3.1.1) and they provide simultaneous redundant close control of all 4 MFIVs.

" AE-HIS-39 (AE-FV-39), AE-HIS-40 (AE-FV-40), AE-HIS-41 (AE-FV-41), AE-HIS-42 (AE-FV-42).

Four MFIV OPEN/CLOSE push-button hand switches are equivalent to the MSIV OPEN/CLOSE switches (section 4.3.1.1) and they provide simultaneous redundant close control of all 4 MIFIVs.

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 26 of 36

WCGS MSFIS Controls Project Summary 4.3.2 Automatic Actuation (ESFAS)

ESFAS 1NIS BYPASS]

E FW!P ISA07 Figure 4: Solid State Protection System The ESFAS command is generated from the Solid State Protection System (SSPS). SSPS provides 4 separate outputs per separation group to MSFIS, using separate slave relay contacts for each train of the MSIVs and each train of the MFIVs.

4.3.2.1 Main Steam Line Isolation - Automatic Actuation The Steam Line Isolation Signal (SLIS) from SSPS is provided to MSFIS by four ESFAS actuation signals per separation group.

The SLIS signals are provided by 2 SSPS slave relays K634 A/B - 1 relay for each MS trains A/B.

~ ABHVII t5( L Il* Vi tAB* 4V14 tt 1-- A'4v.4 AGý4V 17 C~eI5ET TO(.TO.

VEMA S-*P Figure 5: Extract of M-767-00183-W07 (Left side goes to SA075A, right goes to SA075B)

Each slave relay provides 4 independent contacts (each with 1 set of wires). SSPS will (de-)energize the coil-side, and the four independent contacts (wire pairs) will carry the redundant information.

Contact state is 'Normally Closed (NC)' - The contact shall open to cause an actuation.

4.3.2.2 Feedwater Line Isolation - Automatic Actuation The Feedwater Isolation Signal (FWIS) from SSPS is provided to MSFIS by four ESFAS actuation signals per separation group.

The FWIS signals are provided by 2 sets of 3 SSPS slave relays K743, K744, and K745 - 3 relays for each FW trains A/B.

F-.I -t I CaII voili sx7I 4615114 1is 11 A^

FV 3%J UEl FV so 4-*q--7J4f] COit444 FV 40 cO NISF15tI AE FV 41 :ZIIU A6 CONTACT5 2 zz.I. Z IFEDWAT£R

- F IJ Figure 6: Extract of M-767-00187-W09 (Left side goes to SA075A, right goes to SA075B)

Contacts from the 3 slave relays are connected in series (wired in a logic-OR-configuration) and the resulting 4 independent signals carry the redundant information to each of the MSFIS cabinets.

SSPS will (de-)energize the coil-side of the relays with 'Normally Closed (NC)' contacts. Contacts open to cause an actuation.

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 27 of 36

WCGS MSFIS Controls Project Summary 4.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as 'operator-switches' are available on the Rack (ALS-201) front-panel.

Each switch is capable of switching between two-positions: Left position (OPERATE) and right position (BYPASS).

Each BYPASS switch is associated to a specific valve, i.e. BYPASS #1 relates to AB-HV-14(MS) or AE-FV-39(FW).

Bypass is related to the process of forcing the control system into a state, where all inputs to the associated valve are ignored.

This is typically done while testing is being performed during maintenance.

Outputs from the operator switch circuit on the ALS-201 board is 4 OPERATE signals associated to each of the 4 valves controlled by the rack. These signals will be used by the logic module to force the system into OPERATE or BYPASS mode.

4.3.4 Operator Status information (STATUS, BYPASS, ALARM)

STATUS ALARM SA075A (0 0*0*0 0 0 09 SA075B 0 0 00 D 0 0 D0(9 SA075A SA075B MSIV MFIV Figure 7: MCB Status Panel 4.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the MSFIS provides 4 alarm outputs from the 2 cabinets.

External Riley alarm-circuit will combine the 2 alarms (MS and FW alarm signals) from one cabinet into one common alarm per cabinet - referred to as "SA075A TROUBLE" for the SA075A cabinet, and similarly "SA075B TROUBLE" for the SA075B cabinet. Note: The Alarm circuit is not valve or system specific.

The ALARM output is a dry-contact with 125VDC applied across the contacts; the current is < 25mA.

4.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

The STATUS output is a closed contact during normal system operation, the closed contact provides 125VDC, <25mA to Status Panel Relay. The ALS utilizes an NO solid-state relay for interfacing to the Status Panel. The solid-state relay is energized in normal operation.

The 4 MS and 4 FW status outputs generated in SA075A are passed to the SA066A status panel, and the 4 MS and 4 FW status outputs generated in SA075B are passed to the SA066B status panel. The STATUS panel logic use inputs from multiple systems to show the final status of the MSFIS controls for a particular valve. SA066A use the following color code on the status panel lamps:

Lamp indiatio6n MSFIS controls Valve Contact Feedback RED light STATUS De-energized Don't care (The particular valve of the particular train is inoperable).

White light STATUS Energized Valve closed OFF (The particular valve of the particular train is operable). Valve open 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 28 of 36

WCGS MSFIS Controls Project Summary 4.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

The BYPASS contact energizes a relay coil (P&B MDR-66-4) in the Safeguards Test Cabinet (STC) and provides the Safeguards Test Circuit (STC) with a permissive.

STC will apply I l8VAC and the current is expected to be in the 0.38A range, and the power is not expected to exceed 12 watts.

The ALS system will provide a NO-style solid-state-relay, which is de-energized in normal state (and energized in bypass state).

4.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

The MSFIS provides 3 (A, B, C) outputs per valve, per train for both MSIVs and MFIVs.

Actuators are divided into two "sides". Each side is controlled by three pilot valves labeled MV1, MV3, and MV5 for one side, and MV2, MV4, and MV6 for the other side. The three MSFIS outputs associated with each side of each valve are likewise identified as outputs MVI, MV3, and MV5 for one side, and MV2, MV4, and MV6 for the other side. See the relationship between solenoids and pilot valves in Figure 11.

The MSFIS ALS-rack applies the full 125VDC supply voltage to energize the solenoids.

4.3.6 Valve Status Information (VFO/VFC)

Each valve provides 2 types of feedback to the MSFIS:

" Valve Full Open (VFO) contact

" Valve Full Close (VFC) contact One set of valve-indicator-contacts are provided per valve per train. Hence, a total of 16 VFO contacts and 16 VCO contacts provide feedback to the MSFIS cabinets. Each rack (MS or FW) will receive 4 VFO and 4 VFC signals.

Both VFO and VFC contacts are Normal Closed (NC) contacts - a closed VFO contact indicates an open valve, and a closed VFC contact indicates a closed valve.

Both valve indicators can never be closed at the same time, but the valve indicators can be open at the same time while the valve is opening or closing. System logic will assert an alarm in case the indicators provide 'conflicting' information for more than 60 sec.

LLC 2007 Non-Proprietary Information Page 29 of 36 91 00-00003-NP 9100-00003-NP CS Innovations CS Innovations LLC 2007 Non-Proprietary Information Page 29 of 36

WCGS MSFIS Controls Project Summary

[a,c,e I

Figure 8: MSFIS 10 summary 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 30 of 36

WCGS MSFIS Controls Project Summary 4.4 Valve and Actuator Functional Description The valve actuators are of the System Medium operated Actuator (SMA) type made by CCI, AG of Winterthur, Switzerland. The actuators are controlled by 6 solenoid operated pilot valves. The pilot valves are used to pressurize and de-pressurize the Upper and Lower Piston Chambers (UPC and LPC respectively). The solenoids are arranged into two identical separation groups, I and IV. Separation Group I solenoids are designated to pilot valves MV1, MV3, and MV5. Separation Group IV solenoids are designated to pilot valves MV2, MV4, and MV6. Figure 4.1 below illustrates the valve, actuator, and solenoid valves.

M-1 -2 LECEN Figure 9: Valve, Actuator, and Solenoids Valves Figure 10: CCI illustration of the vent-ports LLC 2007 Non-Proprietary Information Page 31 of36 9100-00003-NP 9100-00003-NP CS Innovations CS Innovations LLC 2007 Non-Proprietary Information Page 31 of 36

WCGS MSFIS Controls Project Summary 4.4.1 Pilot Valve and Solenoid Description Solenoids, controlling the MV1 - MV6 pilot valves, are named A, B, and C. The pilot valves have been designed as 2-position, 3-connection valves with ports A, B, and C. They correspond to the pilot valves as follows:

Solenoid- Sep.Grp. 1 Pilot Valves Sep.Grp. 4 Pilot Valves A MV1 MV2 B MV3 MV4 C MV5 MV6 Figure 11: Solenoid and pilot-valve relationship MV 1 and MV2 are normally open (de-energized) pilot valves; MV3 and MV4 are normally open (de-energized) pilot valves with vent port C plugged. MV5 is a normally open (de-energized) pilot valve with vent port C plugged. MV6 is a normally closed (de-energized) pilot valve.

All solenoids are the same type with the same specification. To energize the coil the MSFIS must apply 125VDC across the two terminals. The coil has a very high inductance - approximately 40-60 Henry, depending on state of the solenoid. Coil resistance is approximately 12592 at operation temperature, i.e. the energizing current is approximately 1 ampere.

4.4.2 Actuator Normal Operating Modes When actuating the gate valves for normal operation there are three modes that the valves will assume as they receive inputs from the MSFIS. The three modes are as follows:

" KEEP OPEN

" CLOSING

" KEEP CLOSED These operating modes are caused by energizing and de-energizing solenoids, thus opening and closing the pilot valves.

4.4.2.1 KEEPOPEN The open mode is used to open the main valve and keep it open. Once opened, the main valve will remain open until a close command is received or system pressure drops below the amount needed to keep the valve open.

The initial condition of the valve is closed with the upper and lower piston chambers pressurized to system pressure.

Upon receipt of an open command, the control system causes MV 1, MV2, MV3, and MV4 to be energized, and MV5 and MV6 to be de-energized. MV3 and MV4 then isolate the UPC from the system pressure. MV1 and MV2 vent the UPC through the drain manifold. MV5 and MV6 vent the LPC through the drain manifold.

As UPC pressure decreases the force available to keep the valve closed decreases. (The actuator's net closing force is the difference between the UPC and LPC pressures acting on the piston area.) When the force of the system pressure acting on the valve stem area exceeds the actuator net closing force and friction forces the valve will travel to its open position.

Once the valve has fully opened, the UPC and LPC are kept vented, and the valve will remain open.

The minimum system pressure needed for the valve to open and stay open is approximately 50 psig. However, the actual pressure required can vary somewhat.

4.4.2.2 CLOSING When a close command is received, the control system de-energizes MV 1, MV2, MV3, and MV4. MV5 and MV6 remain de-energized. MV3 and MV4 de-isolate the UPC from system pressure, and MV1 and MV2 direct the system medium to the UPC.

When the force from the UPC is greater than the valve's static friction and the opening force on the valve stem the valve will start to travel closed. When the UPC pressure reaches 41% of system pressure for MSIVs, or 34% of system pressure for MFIVs, the main valve will have traveled fully closed. The UPC pressure will continue to increase to system pressure. The UPC pressure to system pressure ratio is calculated to take into account the friction coefficient and the forces generated by system medium flowing through the valve during closing.

4.4.2.3 KEEP CLOSED After a 1-minute time delay, from entering the Closing mode, MV5 and MV6 are energized. The LPC is connected to the system pressure, so pressure is equalized between the UPC, LPC, and valve body, and leakage past internal seals is minimized. The main valve will remain closed due to the disc to seat friction force and the weight of the discs, stem, and piston.

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 32 of 36

WCGS MSFIS Controls Project Summary 4.4.3 Actuator Maintenance Operating Modes MSIVs and MFIVs can be opened and closed using air or nitrogen instead of system fluid. An auxiliary medium is normally used only when system pressure is too low to operate the main valve (from 0 psig to less than approximately 50 psig). Valve strokes with the auxiliary medium may be done by locally causing the control system to energize or de-energize the solenoid operated pilot valves as required, or by manually positioning (gagging) the solenoid operated pilot valves to the required positions.

4.4.3.1 Opening with Auxiliary Medium The auxiliary medium is connected to the actuator's auxiliary medium connection.

MVI, MV2, MV3, and MV4 are 'opened' (de-energized) and MV5 and MV6 are 'closed' (energized) by the control system.

This line-up vents the UPC and isolates the LPC from the drain manifold. Open the auxiliary medium supply valve to pressurize the LPC and open the main valve. A check valve is located between the valve body and MV6 to prevent auxiliary medium flow into the valve body.

To keep the main valve in the open position, maintain the above line-up.

Auxiliary medium pressure needed to open the main valve may vary due to changes in friction factor (should be < 70psig).

4.4.3.2 Closing with No System Pressure With no system pressure available and the upper and lower piston chambers vented, the main valve will normally go closed due to the weight of the moving parts.

To close the valve with no system pressure, de-energize all solenoid operated pilot valves.

4.4.3.3 Closing with Auxiliary Medium If the main valve does not fully close with its own weight due to increased friction the UPC will need to be pressurized with auxiliary medium. The auxiliary medium source can be connected to the UPC by removing a plug from the cylinder cover and installing an adapter to mate with the auxiliary medium supply hose.

To close the valve with auxiliary medium, MV2 and MV4 have to be closed (energized) and MV I, MV2, MV5 and MV6 opened (de-energized) by the control system. The auxiliary medium isolation valve is opened to pressurize the UPC. When the main valve has reached the closed position the auxiliary medium is disconnected and all solenoid operated pilot valves de-energized.

The pressure required in the UPC depends on the friction of the moving parts, but should be less than 70 psig.

4.4.4 Valve Response Time Valve response time will depend on system medium pressure and other factors, but in general the time delay from command (solenoid change) to valve has completed the transition will be approx 5-15 seconds.

4.4.5 Valve Essentials To OPEN the valve, A- solenoid for pilot valves MVI and MV2, B-solenoid for MV3 and MV4 must be energized, and C-solenoids for MV5 and MV6 must be de-energized. Both sets of Separation Group solenoids are required to OPEN the valve.

To CLOSE the valve A-solenoid for pilot valves MVI and/or MV2) and B-solenoid for MV3 and/or MV4 must be de-energized until the valve is CLOSED. Once the valve is CLOSED C-solenoid for pilot valves MV5 and MV6 can be energized.

It is important to note:

" Both solenoid A and solenoid B, from the same Separation Group, are required to de-energize to CLOSE.

" Train A can close the valve independent of train B (by de-energizing MV1, MV3, MV5), and Train B can close the valve independent of train A (by de-energizing MV2, MV4, MV6),

9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 33 of 36

WCGS MSFIS Controls Project Summary 4.4.6 [a,c,e 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 34 of 36

WCGS MSFIS Controls Project Summary 4.5 Separation / Isolation / Independence / Diversity The MSFIS is divided into two actuation channels - Train A and B. Each of the two independent actuation channels monitors system inputs and, by means of logic matrices, energizes / de-energizes the required solenoids in the required sequence for the appropriate valve operations.

The existing MSFIS design obeys the plant's separation criteria by use of two separate MSFIS Cabinets, one for each Channel.

The MSFIS Cabinets and Channels shall continue adherence to these criteria.

There must be no connection, nor communication of information within the MSFIS between the controls for the two sides of any valve. The states of the outputs for the two sides of a valve must be completely independent of one another. This separation is accomplished by assigning the two "sides" of each valve to opposite Channels MSFIS Cabinets.

The existing MSFIS is contained in two independent cabinets, one cabinet for each separation group. The system design shall not require adjacent mounting of these cabinets.

" Physical separation shall be in accordance with IEEE 384 as modified by Regulatory Guide 1.75.

" Equipment for one actuation channel or one measurement channel shall be separated physically by a barrier from any other actuation channel or measurement channel. The wiring and terminal block arrangement within a given cabinet or isolated compartment shall allow for a minimum physical separation of six inches or use of fireproof barriers. Suitable means to implement IEEE 384 are contained in IEEE 420. Wiring separated by barriers shall maintain a 1-inch separation (or an equivalent of thermal insulation) between the barrier and the wire.

Redundant elements are to be electrically and physically isolated from each other so that events (including faults) affecting one element does not affect the others in any way. Independence is provided between redundant elements to preclude any interaction between channels during maintenance or as a result of channel malfunction.

Where electrical isolation is provided, an application of short circuit, ground, open circuit, or potential to one device shall not cause loss of function of the circuits or devices from which it is isolated. The system shall provide electrical isolation and physical separation to develop the required independence on the replacement MSFIS.

Electrical isolation provided for all ON / OFF signals shall be capable of withstanding the application of 1500 V ac (rms), 60 Hz potential for 60 seconds without showing evidence of arcing or insulation breakdown. Examples of acceptable isolation devices are optocouplers, relays and transformers which meet the above requirements.

Input signals, logic matrix and output signals shall adhere to the requirements of channel independence and separation.

4.6 EMI Requirements

[a,c,e 4.7 Seismic Requirements

[a,c,e 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 35 of 36

WCGS MSFIS Controls Project Summary 4.8 Environmental Requirements The MSFIS design system shall be suitable for the environment of a commercial power generating station and the equipment is required to operate in that environment for its lifetime. The environment at the equipment location is considered MILD with respect to the Equipment Qualification (EQ) program.

MILD ENVIRONMENT Defined by IEEE 323 as: "An environment of normal service conditions where seismic is the only design basic event of consequence". However, IEEE 323-83, Section 6.2 states the following: Aging analysis done on all devices/ components including material make up radiation and higher than normal ambient temperature is factored into aging criteria (Station Black-Out conditions) determine qualified life and replacement/ maintenance schedule to achieve 40 year design life.

The MSFIS cabinets are located in the Control Room equipment cabinet area, which will normally be air conditioned; however, the system shall be designed to function continuously at ambient temperatures ranging from 65'F to 84°F at a relative humidity from 20 to 70 percent.

4.9 Life Span and Reliability

[a,c,e 9100-00003-NP CS Innovations LLC 2007 Non-Proprietary Information Page 36 of 36

Enclosure III to ET 07-0004 CS Innovations LLC letter 9100-00001, "Application for Withholding Proprietary Information from Public Disclosure"

Ref. 9100-00001 CS INNOVATIONS LLC CS INNOVATIONS Direct phone: 480-612-2040 9150 E. DEL CAMINO, SUITE 110 Fax: 623-505-1055 SCOTTSDALE, AZ, 85256 e-mail: steen@cs-innovation.com U.S. Nuclear Regulatory Commission Document Control Desk Washington, DC 20555-0001 Our ref: 9100-00001 March 9t, 2007 APPLICATION FOR WITHHOLDING PROPRIETARY INFORMATION FROM PUBLIC DISCLOSURE

Subject:

9100-00003-P, "Wolf Creek Generating Station Main Steam and Feedwater Isolation System (MSFIS) Controls Summary" dated March 2007 (Proprietary)

The proprietary information for which withholding is being requested in the above referenced report is further identified in Affidavit 9100-00002 signed by the owner of the proprietary information, CS Innovations LLC. The affidavit, which accompanies this letter, sets forth the basis on which the information may be withheld from public disclosure by the Commission and addresses with specificity the considerations listed in paragraph (b)(4) of 10 CFR Section 2.390 of the Commission's regulations.

Accordingly, this letter authorizes the utilization of the accompanying affidavit by the Wolf Creek Nuclear Operating Corporation.

Correspondence with respect to the proprietary aspects of the application for withholding or the CSI affidavit should reference this letter, 9100-0000 1, and should be addressed to Steen D. Sorensen, President & CEO, CS Innovations LLC, 9150 E. Del Camino, Suite 110, Scottsdale, AZ, 85256.

Very truly yours, President & CEO

Ref. 9100-00002 AFFIDAVIT State of Arizona County of Maricopa Before me, the undersigned authority, personally appeared Steen D. Sorensen, who, being by me duly sworn according to law, deposes and says that he is authorized to execute this Affidavit on behalf of CS Innovations LLC (CSI), and that the averments of fact set forth in this Affidavit are true and correct to the best of his knowledge, information, and belief:

St Dl. Sorensen Prsnt & CEO Sworn to and subscribed before me this 12 day of j,(. 2007 NOTARY PUBLIC - ARIZONA MARICOPA COUNTY Notary Public 0 SUSANNE AMORESE My Commission Expires November 15, 2010 Page 1 of 4

Ref: 9100-00002 (1) I am President & CEO, CS Innovations LLC (CSI), and as such, I have been specifically delegated the function of reviewing the proprietary information sought to be withheld from public disclosure in connection with nuclear power plant licensing and rule making proceedings, and am authorized to apply for its withholding on behalf of CSI.

(2) I am making this Affidavit in conformance with the provisions of 10 CFR Section 2.390 of the Commission's regulations and in conjunction with the CSI "Application for Withholding" accompanying this Affidavit.

(3) I have personal knowledge of the criteria and procedures utilized by CSI in designating information as a trade secret, privileged or as confidential commercial or financial information.

(4) Pursuant to the provisions of paragraph (b)(4) of Section 2.390 of the Commission's regulations, the following is furnished for consideration by the Commission in determining the information sought to be withheld from public disclosure should be withheld.

(i) The information sought to be withheld from public disclosure is owned and been held in confidence by CSI.

(ii) The information is of a type customarily held in confidence by CSI and not customarily disclosure to the public. CSI has a rational basis for determining the types of information customarily held in confidence by it and, in that connection, utilizes a system to determining when and whether to hold certain types of information in confidence. The application of that system and substance of that system constitutes CSI policy and provides the rational basis required.

Under that system, information is held in confidence if it falls in one or more of several types, the release of which might result in the loss of an existing or potential competitive advantage, as follows:

(a) The information reveals the distinguishing aspects of a process (or component structure, tool, method, etc.) where prevention of its use by any of CSI's competitors without license from CSI constitutes a competitive economic advantage over other companies.

(b) It consists of supporting data, including test data, relative to a process (or component, structure, tool, method, etc.) the application of which data secures a competitive economic advantage, e.g. by optimization or improved marketability.

Page 2 of 4

Ref. 9100-00002 (c) Its use by a competitor would reduce his expenditure of resources or improve his competitive position in the design, manufacture, shipment, installation, assurance of quality, or licensing a similar product.

(d) It reveals costs or price information, production capacities, budget levels, or commercial strategies of CSI, its customers or suppliers.

(e) It reveals aspects of past, present, or future CSI or customer funded development plans and programs of potential commercial value to CSI.

(f) It contains patentable ideas, for which patent protection may be desirable.

There are sound policy reasons behind the CSI system which include the following:

(a) The use of such information by CSI gives CSI a competitive advantage over its competitors. It is, therefore, withheld from disclosure to protect the CSI competitive position.

(b) It is information that is marketable in many ways. The extent to which such information is available to competitors diminishes the CSI ability to sell products and services involving the use of the information.

(c) Use by our competitor would put CSI at a competitive disadvantage by reducing his expenditure of resources at our expense.

(d) Each component of proprietary information pertinent to a particular competitive advantage is potentially as valuable as the total competitive advantage. If competitors acquire components of proprietary information, any one component may be the key to the entire puzzle, thereby depriving CSI of a competitive advantage.

(e) The CSI capacity to invest corporate assets in research and development depends upon the success in obtaining and maintaining a competitive advantage.

(iii) The information is being transmitted to the Commission in confidence and, under the provisions of 10 CFR Section 2.390, it is to be received in confidence by the Commission.

Page 3 of 4

Ref. 9100-00002 (iv) The information sought to be protected is not available in public sources or available information has not been previously employed in the same original manner or method to the best of our knowledge and belief.

(v) The proprietary information sought to be withheld in this submittal is that which is appropriately marked in 9100-00003-P, "Wolf Creek Generating Station Main Steam and Feedwater Isolation System (MSFIS) Controls Summary" dated March 2007 (Proprietary). The information is provided in support of a submittal to the Commission, being transmitted by the Wolf Creek Nuclear Operating Corporation and Application for Withholding Proprietary Information from Public Disclosure, to the Document Control Desk.

This information is part of that which will enable CSI to:

(a) Provide a replacement MSFIS Controls for Wolf Creek Generating Station.

Further this information has substantial commercial value as follows:

(a) The information requested to be withheld reveals the distinguishing aspects of a methodology which was developed by CSI.

Public disclosure of this proprietary information is likely to cause substantial harm to the competitive position of CSI.

The development of the technology described in part by the information is the result of applying the results of many years of experience in an intensive CSI effort and the expenditure of a considerable sum of money.

In order for competitors of CSI to duplicate this information, similar technical programs would have to be performed and a significant manpower effort, having the requisite talent and experience, would have to be expended.

Further the deponent sayeth not.

Page 4 of 4

Enclosure IV to ET 07-0004 WCGS System Verification and Validation Plan for the Advanced Logic System MSFIS Controls

MAIN STEAM & FEEDWATER ISOLATION SYSTEM (MSFIS)

CONTROLS REPLACEMENT SYSTEM VERIFICATION AND VALIDATION PLAN REVISION 0 Wolf Creek Nuclear Operating Corporation PO Box 411 1550 Oxen Lane, NE Burlington, KS 66839

Table of Contents REVISION 0 .................. 1.......................

Section 1: System Validation and Verification Plan........... 1 1.1 PURPOSE............................................................................. 1 1.2 REFERENCE MATERIAL............................................................ 2 1.3 VERIFICATION AND VALIDATION OVERVIEW.................................. 2 1.3.1 Organization ..................................................................... 2 1.4 V&V RESOURCES

SUMMARY

..................................................... 4 1.4.1 V& VStaffing..................................................................... 4 1.4.2 Tasks and Responsibilities ..................................................... 4 1.4.3 Project Manager Responsibilities .............................................. 5 1.4.4 Verification and Validation Engineer Responsibilities ........................ 5 1.4.5 Qualification Contractor Responsibilities ...................................... 6 1.5 TOOLS, TECHNIQUES AND METHODOLOGY .................................. 6 1.5.1 Tools ............................................................................. 6 1.5.2 Techniques and Methodologies ................................................ 6 1.6 LIFE CYCLE DEFINITION ........................................................... 7 1.7 MANAGEMENT....................................................................... 8 1.7.2 System Requirements Phase .................................................. 8 1.6.3 Hardware Requirements Phase .............................................. 10 1.6.4 Verification and Validation Tasks............................................. 11 1.6.5 Methods and Criteria .......................................................... 12 1.6.6 Inputs/Outputs.................................................................. 12 1.6.7 Resources ...................................................................... 12 1.6.8 Risks and Assumptions........................................................ 13 1.6.9 Roles and Responsibilities.................................................... 13 1.8 DESIGN PHASE..................................................................... 13 1.8.2 Verification and Validation Tasks............................................. 14 1.8.3 Methods and Criteria .......................................................... 15 1.8.4 Inputs/Outputs.................................................................. 15 1.8.5 Resources ...................................................................... 16 1.8.6 Risks and Assumptions........................................................ 16 1.8.7 Roles and Responsibilities .................................................... 16 1.9 IMPLEMENTATION PHASE ....................................................... 16 1.9.2 Verification and Validation Tasks............................................. 17 1.9.3 Methods and Criteria .......................................................... 17 1.9.4 Inputs/Outputs.................................................................. 18 1.9.5 Resources ...................................................................... 19 1.9.6 Risks and Assumptions........................................................ 19 1.9.7 Roles and Responsibilities .................................................... 19 1.10 TESTPHASE........................................................................ 19 1.10.2 Verification and Validation Tasks............................................. 19

1.10.3 Methods and Criteria .......................................................................... 20 1.10 .4 Inputs/O utputs ................................................................................... .. 21 1.10 .5 R eso urces ......................................................................................... . . 21 1.10.6 Risks and Assumptions ........................................................................ 21 1.10.7 R oles and R esponsibilities ....................................................................... 21 1.11 INSTALLATION AND CHECKOUT PHASE ............................................... 21 1.11.2 Verification and Validation Tasks ........................................................ 22 1.11.3 Methods and Criteria .......................................................................... 22 1.11.4 Inputs/O utputs ................................................................................... .. 22 1.1 1.5 R eso u rce s .......................................................................................... . . 23 1.11.6 Risks and Assumptions ........................................................................ 23 1.11.7 R oles and R esponsibilities ....................................................................... 23 1.12 OPERATION AND MAINTENANCE PHASE .............................................. 23 1.13 VERIFICATION AND VALIDATION REPORTING .................................... 23 1.13.2 Appendix: Traceability Matrix ............................................................... 24 1.14 VERIFICATION AND VALIDATION ADMINISTRATIVE PROCEDURES ....... 24 1.14.1 Control Procedures ............................................................................ 24 1.15 STANDARDS, PRACTICES AND CONVENTIONS .................................... 24 1.16 ANOMALY REPORTING AND RESOLUTION ........................................... 25 1.17 TASK ITERATION POLICY ........................................................................ 25 1.18 DEVIATION POLICY ................................................................................. 25 1.19 CONTROL PROCEDURES ........................................................................ 25 1.20 STANDARDS, PRACTICES AND CONVENTIONS ....... ................. 26

Section 1: System Validation and Verification Plan 1.1 PURPOSE 1.1.1 The purpose of the System Verification and Validation Plan (SVVP) is to define the procedures and requirements for a comprehensive evaluation that shall assure that the Advanced Logic System Main Steam and Feedwater Isolation System (ALS MSFIS) controls being developed by Wolf Creek Nuclear Operating Company shall meet the requirements for safety related Class 1E qualified nuclear power plant safety systems. The SVVP provides a plan for producing, evaluating, controlling and maintaining the design for the MSFIS Controls through each phase of the project. Approval of the SVVP will finalize the Verification and Validation concept.

1.1.2 The design, fabrication, and testing of the MSFIS Controls is being performed by CS Innovations (CSI), based upon the requirements specified by Wolf Creek. The logic incorporated in the hardware of the MSFIS Controls shall perform all of the valve control and status functions. Class 1 E qualification of the design (seismic, Electromagnetic Compatibility (EMC), commercial grade item dedication) is being performed by Nutherm International (NI), the Appendix B supplier of record for the MSFIS Controls Replacement Project.

1.1.3 The specific verification and validation responsibilities for each of the interfacing organizations are defined in each section of this SVVP.

The SVVP thus provides the framework of requirements and guidance for the engineering and design personnel who will specify and design the system, and for the independent group that will implement the SVVP and thereby perform the verification and validation. The SWP shall be carried out in parallel with design specification, design development, integration, and testing of the system.

1.1.4 Execution of the SVVP shall assure that the developed system meets the established functional, performance, and interface requirements, and that the development process is performed in a manner that shall ensure predictable results and correct interfaces between the phases of the development cycle. The specific areas addressed by this SWNP are:

System Verification and Validation Plan 1

Rev. 0

1. Ensuring that the system requirements are understood by the system developers and designers.
2. Ensuring that the development process is devised to satisfy specified requirements and identify and eliminate design errors.
3. Ensuring that testing fully addresses hardware integration.
4. Ensuring that the system complies with all applicable specifications.
5. Ensuring verification is performed independently from the system design group.

1.2 REFERENCE MATERIAL 1.2.1 Binding documents applicable to the Verification and Validation Plan for this project are:

1. Wolf Creek Nuclear Operating Company (WCNOC) Specification J-105A
2. AP 05F-001 - Design Verification
3. AP 05-002 - Dispositions and Change Packages
4. AP 05-005 - Design, Implementation & Configuration Control of Modifications 1.3 VERIFICATION AND VALIDATION OVERVIEW 1.3.1 Organization
1. This section describes the organization for design/development and verification and validation of the subject system.

System Verification and Validation Plan 2

Rev. 0

2. The project shall include three independent groups, under the oversight of the ALS MSFIS Project Manager and WCNOC Engineering:
a. WCNOC Engineering - responsible for the design and implementation of modifications at Wolf Creek using established Wolf Creek processes and procedures (AP 05-002, Dispositions and Change Packages). As a part of the established processes and procedures, an independent V&V of the Design Change Package is performed by a qualified Wolf Creek Engineer.
b. Design Contractor - responsible for the design, development and integration of the product. For this project, CSI is providing this function.
c. Qualification Contractor - responsible to provide both oversight and direct actions to ensure that the requirements on qualification of safety related hardware for the Class 1E system, including its performance, integration, and configuration control, and documentation, are satisfied. As the Appendix B supplier, NI is providing this function.
d. V&V Consultant - responsible to provide independent oversight and direct actions to ensure that the V&V requirements for a Class 1E system are satisfied. Baseline Engineering is providing this function.

System Verification and Validation Plan 3

Rev. 0

f Design Change Process WCNOC Engineering F WCNOC ProjectManager j

V& VConsltan (BaslineEngneerng, .C.

£ lI QualificationContractor (Nutherm International) 3 Design Contractor /

I (CS Innovations) I I

FIGURE 1-1: ALS MSFIS PROJECT ORGANIZATION CHART 1.4 V&V RESOURCES

SUMMARY

1.4.1 V& V Staffing

1. V&V Engineer, having broad background and experience in the design, development, test and operation of nuclear power plant instrumentation and control systems, and the standards and practices in this discipline, particularly regarding the experience in applying digital computer technology in these applications. The V&V Engineer shall perform and/or direct the performance of the V&V activities of the project.

1.4.2 Tasks and Responsibilities

1. This section identifies the responsibilities of specific individuals and organizations within the framework of the SVVP.

System Verification and Validation Plan 4

Rev. 0

1.4.3 Project Manager Responsibilities

1. The project manager is responsible either personally, or through the actions of others, for the performance of the entire MSFIS Controls Replacement Project, including all aspects of design, development, manufacture, testing, and shipping. The following elements of V&V related activities are included in these responsibilities:
a. Prepare system specification
b. Prepare project plan
c. Coordinate subcontracted design, qualification and test 1.4.4 Verification and Validation Engineer Responsibilities
1. The V&V engineer is an independent individual that is responsible to supervise and/or perform the V&V plan including the documentation thereof. Responsibilities include:
a. Perform and/or supervise verification and validation activities for each project phase.
b. Prepare the following plans:
1) System V&V Plan (SWP)
2) Configuration Management Procedure (CMP)
c. Prepare the Following Documents:
1) Verification and Validation Report (VVR)
2) Requirements Traceability Matrix (RTM)
3) System Reliability Analysis (SRA)*
4) Failure Modes and Effects Analysis (FMEA)*
  • The SRA and FMEA, although not "traditional" V&V functions, are being performed by the V&V engineer. The reports will be included in the VVR as significant factors in the total system V&V.

System Verification and Validation Plan 5

Rev. 0

1.4.5 Qualification ContractorResponsibilities

1. The Qualification Contractor is responsible for all aspects of the Class 1E qualification of the ALS MSFIS System. The following elements of V&V related activities are included in these responsibilities:
a. Prepare the following plans:
1) Qualification Plan
2) Dedication Plan
b. Prepare the following procedures:
1) Seismic Test Procedure
2) EMI Test Procedure 1.5 TOOLS, TECHNIQUES AND METHODOLOGY 1.5.1 Tools
1. One special tool will be used in the V&V program, as follows:
a. A software tool (IBM Rational Pro) for tracking system requirements from the original specification through the various design documents, and generating the Requirements Traceability Matrix.

1.5.2 Techniques and Methodologies

1. The fundamental methodology will be to verify and document that each phase of the system development life cycle results in a product that satisfies the requirements for that phase. It must be proven that all elements of the design conform to the requirements. Further, it must be demonstrated that the integrated product performs all of the required functions, with no unintended functions.
2. To assure adequacy of the design and to facilitate the performance of the verification and validation process the following steps shall be taken:

System Verification and Validation Plan 6

Rev. 0

a. Detailed, well-defined requirements shall be established and formatted to facilitate verification that each requirement is satisfied, e.g., to facilitate testing and tracking.
b. To the maximum practicable extent, requirements shall be specified in well-defined mathematical language, such as logic diagrams, state tables, or other unambiguous forms.
c. A traceability matrix shall be maintained to facilitate verification that the requirements are being correctly propagated forward through the design, testing and validation steps of the development process, and so that validation at each phase of the development process can be related specifically to these requirements.
d. Testing shall be well defined and derived from the established requirements.
e. Testing results shall be well documented.
f. Configuration management shall be enforced.
g. Changes in requirements shall be controlled through a process of approval, documentation, and verification and validation commensurate with the scope and criticality of the changes.
h. Software that has been procured for use in design and/or testing shall be controlled during all phases of MSFIS controls development.
i. Procedures shall assure configuration control, including verification that the configuration used during testing is the same as that used for the final system.

1.6 LIFE CYCLE DEFINITION 1.6.1 The life cycle used in this project will follow the "waterfall" model and shall include the following phases:

1. System Requirements Phase
2. Hardware Requirements Phase System Verification and Validation Plan 7

Rev. 0

3. Design Phase
4. Implementation Phase
5. Test Phase
6. Installation and Checkout
7. Operation and Maintenance 1.7 MANAGEMENT 1.7.1 The management of the V&V process for this project will entail the close working relationship between the V&V Engineer and the Project Manager, to define the "fine structure" for the V&V work within the framework defined in this document as shown in Figure 1-1. The WR shall be prepared and maintained as a living document during the life of the project by updating and adding material as each phase of the project is completed and any necessary iterations are performed.

1.7.2 System Requirements Phase

1. Verification and Validation Tasks
a. System requirements are established by Wolf Creek in Specification J-1 05A. CSI will use this document to base the preparation of the conceptual design. One verification and validation step shall be taken in this phase:
1) Critical review of J-105A and resolution of comments and questions deriving there from.

System Verification and Validation Plan 8

Rev. 0

2. Methods and Criteria
a. The principal V&V method to be used in this phase is the critical review of the Wolf Creek specification followed by discussions to resolve any comments or questions. The traceability matrix shall be initiated to provide a formalized database that provides item number by item number correlations. Particular attention shall be given to assuring that the requirements are amenable to demonstration by test of the completed system. Approval shall be obtained from the CSI Lead Design Engineer, Qualification Contractor (NI),

V&V Engineer and the Project Manager following resolution of all comments resulting from the System Requirements Verification. The criteria for satisfactory completion of this phase is the agreement by all parties that closure has been achieved on all issues.

3. Inputs/Outputs
a. The input for this phase is the draft J-105A specification.
b. The output for this phase is the issue of the approved J-105A specification.
4. Resources
a. The resources required for this phase are the CSI Lead Design Engineer, the NI Lead Engineer, and the Project Manager.
5. Risks and Assumptions
a. Neither risks nor assumptions have been identified for this phase.
6. Roles and Responsibilities
a. The V&V Engineer is responsible to perform a critical review of the Wolf Creek specification, document any comments or questions deriving from those reviews, to participate in the resolution of such comments, and to provide the Kansas Professional Engineer review and stamp per paragraph 7.0 of J-105A.

System Verification and Validation Plan 9

Rev. 0

b. The CSI Lead Design Engineer shall perform a critical review of the Wolf Creek specification, document any comments or questions deriving from those reviews, to participate in the resolution of such comments.
c. The NI Lead Engineer shall perform a critical review of the Wolf Creek specification, document any comments or questions deriving from those reviews, to participate in the resolution of such comments.
d. The Wolf Creek Project Manager is responsible to review the Wolf Creek specification to assure that it reflects Wolf Creek needs as best as can be determined before significant resources are committed to the project by either party, and to initiate the Project Plan.

1.6.3 HardwareRequirements Phase

1. The hardware requirements phase shall consist of one step:
a. The preparation of the System Requirements Document (SRD) by CSI.
b. The SRD shall provide a structured delineation of the system requirements contained in the J-105A specification that will be satisfied by the design and the manner and structure in which the design will function to satisfy those requirements.

The SRD shall address, as a minimum:

1) Process inputs, including test inputs.
2) System logic required for operation of the MSFIS.
3) Process outputs, including ranges, accuracies, update interval, and human factors considerations of the operator interface.
4) Initialization requirements such as initial values and start-up sequence.
5) Logic for response to detected failures.
6) Operator interfaces such as keyboard inputs, control panels, and displays.

System Verification and Validation Plan 10 Rev. 0

7) In-service test or diagnostic capabilities.
8) Timing requirements for all time dependent events, including overall system requirements.
9) System response time.
10) Security requirements such as passwords.
11) Design features that provide administrative control of all devices capable of changing the content of stored setpoints or logic.
12) Initialization requirements such as power-up and power-down.
13) Design features for the detection of system failure.
14) Manually initiated in-service test or diagnostic capabilities.
15) Human factors engineering design features encompassing operator interfaces associated with operation, maintenance, and testing.
16) Mechanical and electrical interfaces with Wolf Creek's existing systems and structures.
17) Design features necessary to assure satisfaction of the seismic and electromagnetic interference design requirements for the system.
c. The SRD shall include all of the technical requirements of the project in a form that facilitates tracking back to the statements of the J-105A specification, and forward to the succeeding phases of the development program.

1.6.4 Verification and Validation Tasks

1. The verification and validation tasks for the requirements phase consist of independent reviews of the documents prepared in this phase against the customer specifications. All questions, comments or anomalies found during the reviews shall be documented and resolved before proceeding to the next phase (design) of the development program.

System Verification and Validation Plan 11 Rev. 0

1.6.5 Methods and Criteria

1. The RTM shall be expanded to confirm that the complete set of J-105A specification requirements have been covered by the SRD.

In this process the V&V Engineer shall:

a. Trace the requirements to the system requirements.
b. Review identified relationships for correctness, consistency, completeness, and accuracy.
c. Review to assure the requirements are testable.
d. Assess how well system requirements are satisfied, and identify key performance and critical areas of the logic.
2. Approvals of the SRD shall be obtained from the NI Lead Engineer, the V&V Engineer, and the Project Manager, following resolution of comments and questions arising from the reviews of these documents.

1.6.6 Inputs/Outputs

1. Inputs - The input for this phase is the J-105A specification.
2. Outputs - The outputs for this phase are as follows:
3. Approval of the SRD by the NI Lead Engineer, the V&V Engineer, and the Project Manager.
4. Issue of the RTM showing the correspondence between the requirements statements of the SRD and the customer specification.
5. An update of the VVR reflecting the V&V activities delineated above and any iterations necessary in this phase.

1.6.7 Resources

1. The resources required for this phase are the CSI Lead Design Engineer, the NI Lead Engineer, and the Project Manager.

System Verification and Validation Plan 12 Rev. 0

1.6.8 Risks and Assumptions

1. Neither risks nor assumptions have been identified for this task.

1.6.9 Roles and Responsibilities

1. The project design team shall prepare the SRD.
2. The NI Lead Engineer shall review the SRD and provide comments to the Project Manager.
3. The V&V Engineer shall perform the reviews of the SRD against the specifications and prepare the updated issue of the traceability matrix to verify that all requirements are covered and properly transferred forward to the next phase of the development program.
4. The Project Manager shall coordinate the SRD reviews and comment resolutions and provide approval to CSI.

1.8 DESIGN PHASE 1.8.1 The design phase shall consist of preparing and verifying the correctness and completeness of the following design documents:

1. System Design Specifications (SDS) which shall define the detailed design.
2. Board Design Specifications (BDS) which shall define the ALS board designs.
3. FPGA Design Specifications (FDS) which shall define the design details for each FPGA in the system.
4. Test and Verification Specifications (TVS) which shall define the ALS testing methodologies.
5. System Drawings defining the mechanical configuration of the equipment.

System Verification and Validation Plan 13 Rev. 0

1.8.2 Verification and Validation Tasks

1. The V&V tasks for this phase include the following:
a. Critical reviews of the SDS to ensure their completeness and correctness. The document reviews shall consist of comparing the content of the documents against the requirements imposed by the SRD to assure that:
1) The design is technically correct.
2) The design is complete.
3) The design is consistent.
4) The design is implemental.
5) The design is logically structured.
6) The design is testable.
7) The design does not have unintended functions.
8) The design is maintainable and modifiable.
9) The design is traceable.
10) The design is unambiguous.
b. Expansion of the RTM to provide the correlations between the individual elements of the newly prepared documents and those preceding, and ultimately back to the source document, the customer specification.
c. The drawings of the system hardware shall be prepared, reviewed and approved.
d. An Interim Design Review of the completed design (SDS, CDD and drawings) shall be conducted.

System Verification and Validation Plan 14 Rev. 0

1.8.3 Methods and Criteria

1. For the document and drawing reviews, the principal method shall be the critical reading and review of the newly prepared documents and drawings, and, utilizing the RTM, ensuring that each of the requirements of the preceding phase, as documented in the SRD, are satisfied.
2. The TVS shall require demonstrating that the design adequately satisfies the design requirement(s) and supports the system requirements. The objective shall be to test the system under all possible combinations of inputs and system parameters.
3. The calculations for defining the output response to a set of inputs shall be derived from:
a. Hand calculations.
b. Simulation results.
c. Data provided by the J-105A specification.
4. The Interim Design Review shall be conducted at the customer's facilities. The CSI Lead Design Engineer shall be responsible to present the designs and participate in the review with the Project Manager, the V&V Engineer and other Wolf Creek cognizant engineers. The review will assure that the Wolf Creek specification has been correctly implemented in the design.

1.8.4 Inputs/Outputs

1. The input to the V&V effort for this phase consists of the SRD.
2. The outputs of the V&V effort for this phase include the following:
a. Approval of the drawings and the SDS.
b. Approval of the TVS procedure.
c. Updates of the WR and the RTM.
d. The design review report prepared by the V&V Engineer.

System Verification and Validation Plan 15 Rev. 0

1.8.5 Resources

1. The resources required for the V&V of this phase consist of the V&V Engineer in addition to the Project Manager, CSI Design Manager, other Wolf Creek Cognizant Engineer(s) and the Qualification Contractor to participate in the Interim Design Review.

1.8.6 Risks and Assumptions

1. The principal risk in the V&V effort in this phase is the possibility of considerable rework and iteration within this phase to resolve issues that arise in, what for the project, are the first non-verbal product, i.e., the drawings.

1.8.7 Roles and Responsibilities

1. The V&V Engineer shall participate in the critical reviews and provide approvals of the SDS documents and update the VVR and RTM. The V&V Engineer shall also prepare the Interim Design Review Report.

1.9 IMPLEMENTATION PHASE 1.9.1 The implementation phase will consist of the assembly of the first set of hardware, preliminary tests of operability, performance of the Preproduction Test, and performance of the Seismic and EMI tests.

The assembly and testing of the remaining production units shall follow satisfactory completion of the qualification testing.

System Verification and Validation Plan 16 Rev. 0

1.9.2 Verification and Validation Tasks

1. The V&V Engineer shall work closely with the design and qualification teams through this phase to ensure that the project objectives, as defined in the various levels of specifications are being satisfied. The V&V Engineer shall provide verification that anomalies are recognized and resolved in accordance with controlled processes. Task iterations that may affect V&V documentation of previous steps, or the future efforts, notably the Factory Acceptance Test, shall be noted and incorporated into the V&V documentation.

1.9.3 Methods and Criteria

1. The methods of the Configuration Management Plan, notably the Problem Report, Engineering Change Notice, and the Nonconformance Report, shall be employed throughout.
2. The Pre-Production Test (PPT) shall be structured to demonstrate that each requirement is satisfied for all possible feasible combinations of input conditions. The PPT procedure shall specify each test step to be performed in a format that facilitates tracing that step back to the specification via the RTM. It shall demonstrate correct response to inputs, and correct outputs.

Output/system performance shall be compared against required performance determined or calculated independently. The test shall include a plan for programming the FPGA's and checks to assure that the design is properly exercised and shall test the integration of the complete logic design with the associated hardware to assure the final system configuration functions in accordance with intended design. Acceptable results for each step shall be specified in the test procedure document. The test procedure shall specifically address the following:

a. Identification and description of test cases.
b. Relationship of the test cases with the requirements and testing of all logical branches.
c. Expected results of the test cases.
d. Special requirements or conditions for the tests, such as hardware configuration, monitoring hardware, sequencing of tests.

System Verification and Validation Plan 17 Rev. 0

e. The means of simulating plant systems and conditions shall be documented.
f. Description of how test results will be evaluated. For example, results may be compared with results obtained without computer assistance.
g. Procedures to report errors found during testing, and means of retesting these errors subsequent to correction.
3. The calculations for defining the output response to a set of inputs shall be derived from:
a. Hand calculations.
b. Simulation results.
c. Data provided by the customer.
d. FPGA comparison to master file.
4. Care shall be taken to ensure that the predicted results are correct. Any software tools developed for the testing, e.g., for the simulator or predicted results, shall be subjected to verification that the requirements are correct.
5. Criteria for satisfactory performance will be the requirements of the several specifications, including the J-105A specification and the SRD.

1.9.4 InputslOutputs

1. Inputs to the V&V effort for this phase shall be the system design documents, the hardware, the PPT procedure, the Seismic Test Procedure and the EMC Test Procedure.
2. Outputs of the V&V effort for this phase will be any updates to the previously prepared V&V documentation or approvals, or any changes to the PPT procedure required as a result of any iterations initiated in this phase the PPT report and the design review report. Qualification activity outputs are the Seismic Test Report and the EMC Test Report.

System Verification and Validation Plan 18 Rev. 0

1.9.5 Resources

1. The V&V Engineer shall provide surveillance and take V&V actions as might become necessary during this period.
2. The Qualification Team shall prepare and issue for WCNOC approval the Seismic Test Procedure and the EMC Test Procedure.

1.9.6 Risks and Assumptions

1. This phase offers some risk of rework and iteration since it is the first occasion in the project where the complete hardware set is to be operated together as a complete system. Additional design change risk is inherent in the seismic test and the EMC test.

1.9.7 Roles and Responsibilities

1. The design and qualification teams have the principal responsibility to proceed with this phase. The V&V Engineer is responsible to provide oversight and to remain closely involved in the activities to assure that events critical to the V&V process are dealt with promptly and effectively.

1.10 TEST PHASE 1.10.1 The test phase of this project will consist entirely of performing the Factory Acceptance Test (FAT) on each set of equipment.

1.10.2 Verification and Validation Tasks

1. The V&V responsibility for this phase consists of reviewing the FAT procedure and results.

System Verification and Validation Plan 19 Rev. 0

1.10.3 Methods and Criteria

1. Methods:
a. The FAT shall be performed on each set of deliverable system hardware. The test will be structured to assure that each element of the system is exercised and that performance is identical to that obtained in the exhaustive PPT performed on the first set of equipment thus assuring that each requirement is satisfied as was demonstrated in the PPT. It shall demonstrate that each input and output path is intact and providing correct logical response. A simulator will be used to provide the required inputs.

Output/system performance shall be compared against required performance determined or calculated independently. The test will include steps verifying the configuration of the hardware, and for verifying the correct loading of the FPGA's. Acceptable results for each step shall be specified in the test procedure document. The test procedure shall specifically address the following:

b. Exact configuration of hardware.
c. Verification of FPGA loading.
d. Special requirements or conditions for the tests, such as hardware configuration, monitoring hardware or software, sequencing of tests.
e. Identification and description of test cases.
f. Expected results of the test cases.
2. Criteria:
a. Criteria for satisfactory completion of this phase shall be that the performance of each hardware set exactly satisfies the required performance set down in the FAT procedure, and that any anomalies are resolved and that any rework or iterations are completed thoroughly and documented fully.

System Verification and Validation Plan 20 Rev. 0

1.10.4 Inputs/Outputs

1. Inputs:
a. The inputs to this phase consist of the hardware conforming to the controlled configuration, and the Factory Test procedure.
2. Outputs:
a. The output of this phase will consist of the Factory Acceptance Test Report (FATR), approved by the CSI Lead Design Engineer.

1.10.5 Resources

1. Test personnel and facilities are at the discretion of the Design Contractor.

1.10.6 Risks and Assumptions

1. The principal risk in this phase is the discovery of anomalies that may have slipped by the preceding phases' checks and verifications, and resulting rework and iteration. This risk is expected to be small at this stage of the program.

1.10.7 Roles and Responsibilities

1. The CSI Lead Design Engineer shall furnish the design and/or test technician personnel to act as test performer(s), and the hardware to be used as a simulator.

1.11 INSTALLATION AND CHECKOUT PHASE 1.11.1 Installation shall be performed by WCNOC. Testing to confirm system performance when integrated with the plant, shall be performed to WCNOC prepared test procedures. CSI will provide the Field Test, Calibration, and Startup procedure in the Instruction Manual to be furnished by CSI. CSI will provide review and concurrence with the WCNOC prepared procedures to assure proper integration with the power plant system test.

System Verification and Validation Plan 21 Rev. 0

1.11.2 Verification and Validation Tasks

1. The V&V responsibility for this phase consists of reviewing the Field Test, Calibration and Startup procedure in the Instruction Manual, and integrating this procedure with the power plant system test.

1.11.3 Methods and Criteria

1. Methods:
a. The power plant testing will be performed by WCNOC on each set of deliverable system hardware/software after installation in the plant. The test should be structured to assure that each potential power plant scenario is performed or accurately simulated.
2. Criteria:
a. Criterion for satisfactory completion of this phase will be that the performance of each hardware/software set exactly satisfies the required performance set down in the test procedure, and that any anomalies are resolved and that any rework or iterations are completed thoroughly and documented fully.

1.11.4 Inputs/Outputs

1. Inputs:
a. The inputs to this phase consist of the hardware conforming to the controlled configuration, the Field Test, Calibration and Startup procedure in the Instruction Manual, and the power plant test procedure(s).
2. Outputs:
a. The output of this phase shall consist of the power plant test report.

System Verification and Validation Plan 22 Rev. 0

1.11.5 Resources

1. Test facilities shall be provided by WCNOC.

1.11.6 Risks and Assumptions

1. The principal risk in this phase is the discovery of anomalies that may have slipped by the preceding phases' checks and verifications, and resulting rework and iteration. This risk is expected to be small at this stage of the program.

1.11.7 Roles and Responsibilities

1. WCNOC shall provide test and operations personnel as necessary to prepare and perform the test.

1.12 OPERA TION AND MAINTENANCE PHASE 1.12.1 Operation and maintenance of the MSFIS Controls will be performed in accordance with procedures in the Instruction Manual provided by CSI, and WCNOC procedures.

1.13 VERIFICATION AND VALIDATION REPORTING 1.13.1 The WVR will be a living document that is prepared and updated periodically during the course of the project development. Each phase of the project, e.g., System Conceptual Requirements, System Design Requirements, Design, ..., shall be covered by a subsection that documents in detail the V&V efforts during that phase, and the results thereof, including anomalies discovered and their resolution and consequent rework, reverification and revalidation. The documentation that each phase has been completed in full compliance with the requirements of that phase with respect to the specifications shall be included or specifically referenced from among the other required project documentation. The final report will consist of these subsections, together with subsections providing an overview and a summary of the entire V&V effort. The RTM shall be included as an appendix to the WR. The format of the report will generally follow the outline below:

1. Purpose/Applicability/Limits/Exclusions of this VVR.

System Verification and Validation Plan 23 Rev. 0

2. Summary/Overview of the Project V&V effort.
3. System Requirements Phase V&V.
4. Hardware Requirements Phase V&V.
5. Design Phase V&V.
6. Implementation Phase V&V (including PPTR).
7. Test Phase V&V (including FATR).
8. Installation and Checkout Phase V&V.

1.13.2 Appendix: Requirements Traceability Matrix

1. The VVR will supplement the Qualification Test Report (QTR) by providing the details of the qualification of the system.
2. The WR shall be prepared by the V&V Engineer, and approved by the Project Manager.

1.14 VERIFICATION AND VALIDATION ADMINISTRATIVE PROCEDURES 1.14.1 Control Procedures

1. The Configuration Management plan (CMP) defines control procedures for all design elements, including electronic files/programs.

1.15 STANDARDS, PRACTICES AND CONVENTIONS 1.15.1 The Verification and Validation program for the MSFIS Controls Replacement project shall be performed in accordance with the Standards listed in References Section 1.1 (Binding Documents) and this SVVP.

System Verification and Validation Plan 24 Rev. 0

1.16 ANOMALY REPORTING AND RESOLUTION 1.16.1 All anomalies encountered after "baselining" as defined in the Configuration Management Plan within any phase of the life cycle shall be immediately documented on a Problem Report.

1.17 TASK ITERATION POLICY 1.17.1 If resolution of anomalies requires change to the system, or any of the previously baselined documentation, drawings, or programs, such change will be authorized only by the issue of an approved Engineering Change Notice. Any such system changes shall be reviewed by the Project Manager. The Engineering Change Notice shall define any changes required to previously baselined documentation or drawings. If determined to be necessary, a test procedure, commensurate with the magnitude of the change and the criticality of the function involved, shall be prepared by the project design group and approved by the V&V Engineer, and the Project Manager.

1.17.2 Any change during the system development life cycle must be traced throughout the previous phases that were already completed. The project manager shall define the effect of the change on the previous life cycle phases. The V&V engineer shall approve the decision.

1.18 DEVIATION POLICY 1.18.1 Any deviation from approved procedures or specifications shall be clearly identified in writing and approved by the Project Manager, the V&V engineer. Any deviations from the requirements specified in the SRD shall also be approved by WCNOC before implementation.

1.19 CONTROL PROCEDURES 1.19.1 The Configuration Management plan defines control procedures for all design elements, including electronic files/programs.

1.19.2 All procedures and reports shall be reviewed and signed by the Verification and Validation Engineer, and the Project Manager.

System Verification and Validation Plan 25 Rev. 0

1.20 STANDARDS, PRACTICES AND CONVENTIONS 1.20.1 The Verification and Validation program for the MSFIS Controls shall be performed in accordance with the Standards listed in References Section 1.1 (Binding Documents) and this SVVP. Deviations from these requirements, if necessary to improve the product, or facilitate the work of the project will be subject to the same approval requirements as this document.

System Verification and Validation Plan 26 Rev. 0

Enclosure V to ET 07-0004 NUTHERM Qualification Report for CS Innovations Replacement MSFIS System

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 1 of 24 NUTHERM QUALIFICATION REPORT FOR CS INNOVATIONS REPLACEMENT MSFIS SYSTEM WOLF CREEK NUCLEAR OPERATING CORPORATION PURCHASE ORDER NO. 734527 NUTHERM DOCUMENT NUMBER WCN-9715R, REV. 0 Prepared By: Date: 7 Project Engineering Manager Reviewed and Approved By: Date: ~*2//c~ '7 Wayne Weaver EQ Manager 501 South 111 Street PHONE: 618-244-6000 fNUw, thoerm Mt. Vernon IL62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 2 of 24 REVISIONS The revision number is indicated at the top of each page, for all revisions. To delineate the exact location of a given revision, a vertical line is used on the right margin. However, for a complete report rewrite, no vertical lines are used.

REVISION LOG REVISION DATE PAGE SECTION REFERENCE

~NJ I h erm 501 South 1ith Street Mt. Vernon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 3 of 24.

TABLE OF CONTENTS DESCRIPTION PAGE PU RPOSE ........................................................................................................................ .......................... 4 APPLICABLE STANDARDS AND DOCUMENTS ..................................... 4 EQU IPM ENT D ESCRIPTION ................................................................................................................. 5 QU ALIFICATION M ETHO D .................................................................................................................. 5 SAFETY FUN CTION ................................................................................................................................ 6 ENVIRONMENTAL AND SEISMIC REQUIREMENTS ................................. 6 ENVIRONM ENTAL CONDITIONS ......................................................................................... .................. 6 MARGINS ......................................................................................................................................................... 10 TEST SEQU EN CE ........................................................................................................................ ....... 10 PRE-TEST INSPECTION ................................................................................................................................... 10 BASELINE/FUNCTIONAL TEST ............................................................................................................. 1.

EM C TEST ......................................................................................................................................................... 11 BASELINE/FUNCTIONAL TEST ................................................................................................................... 13 CYCLE AGING .................................................................................................................................................. 13 BASELINE/FUNCTIONAL TEST ................................................................................................................... 13 SEISM IC TESTIN G ........................................................................................................................................... 13 BASELINE FUNCTIONAL TEST ........... ................................................................................................... 15 POST-TEST INSPECTION ................................................................................................................................ 15 FPGA VERIFICATION ..................................................................................................................................... 15 POST-TEST INSPECTION ................................................................................................................................ 15 ACCEPTAN CE CRITERIA .................................................................................................................. 15 QUALIFICATION TEST RESULTS ................................................................................................. 16 TEST SPECIM EN .............................................................................................................................................. 16 PRE-TEST INSPECTION .................................................................................................................................. 16 BASELINE TEST ............................................................................................................................................... 16 EM C TEST ......................................................................................................................................................... 16 POST-EM C BASELINE TEST .......................................................................................................................... 17 CYCLE AGING .................................................................................................................................................. 17 POST-CYCLE AGING BASELINE TEST ............................................. 17 SEISM IC TESTING ........................................................................................................................................... 17 POST-SEISM IC BASELINE TEST................................................................................................................... 22 POST-TEST INSPECTION ................................................................................................................................ 22 FPGA VE RIFICATION ..................................................................................................................................... 22 CON CLU SION ....................................................................................................................................... 23 APPENDIX I APPENDIX II APPENDIX III APPENDIX IV APPENDIX V APPENDIX VI 501 South 11 Street PHONE: 618-244-6000 TIONAL, INC. Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 4 of 24 PURPOSE This report is prepared by Nutherm International, Inc. to document the qualification of the CS Innovations replacement Main Steam and Feedwater Isolation System (MSFIS) controls.

The qualification program was designed to establish that the MSFIS controls would provide the required safety function in the specified mild environment and EMI/RFI conditions. The system components were qualified by type testing. The test specimens were of the same manufacturer, part number and design, and have the same functional parameters as the production items. The test specimens adequately represent the production items; therefore, they serve as a basis for qualification of the production items.

This report established that the CS Innovations MSFIS system would provide the required safety function during the mild environment and EMI/RFI conditions. The details of the testing are discussed in this report and the appendices.

APPLICABLE STANDARDS AND DOCUMENTS

  • IEEE 323-1974 -"Standard for Qualifying Class 1E Equipment for Nuclear Power Generating Stations"
  • IEEE 344-1975 - "Recommended Practices for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations"
  • 10CFR50, Appendix B. -"Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants"

" Nutherm International, Inc. Quality Assurance Manual No.: QA-N-10179-5.

" EPRI TR-102323-R2-1997- "Guidelines for Electromagnetic Interference Testing in Power Plants"

" Regulatory Guide 1.180-RI -"Guidelines for Evaluating Electromagnetic and Radio-Frequency Interference in Safety-Related Instrumentation and Control Systems"

  • IEEE 649-1991 - "Standard for Qualifying Class 1E Motor Control Centers for Nuclear Power Generating Stations"
  • Wolf Creek Generating Station Specification J-105A(Q), Rev. 2
  • Nutherm International, Inc. Qualification Plan, WCN-9715P, Rev. I
  • Nutherm International, Inc. Seismic Test Procedure, S-128P, Rev. 2
  • Nutherm International, Inc. EMC Test Procedure, 9715-EMC-01, Rev. 4
  • Nutherm International, Inc. EMC Test Report, WCN-9715ER, Rev. 0 SNkuthe 501 South I Ith Street PHONE: 618-244-6000 NTERNATIONAL, INC. Mt. Vemon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 5 of 24 EPRI TR-100516, "Nuclear Power Plant Equipment Qualification Reference Manual".

EQUIPMENT DESCRIPTION The qualified equipment is the Replacement MSFIS System. The MSFIS System is a logic-controller-based system which performs the control functions to operate the Main Steam Isolation Valves (MSIVs) and Main Feedwater Isolation Valves (MFIVs).

The MSFIS provides 125 VDC output to energize or de-energize control solenoids to operate the plant Main Steam Isolation Valves (MSIVs) and Main Feedwater Isolation Valves (MFIVs).

The current channel separation scheme for the overall plant will be applied to the new system. The MSFIS system will consist of two redundant and separate channels, with the control systems physically located in different cabinets. Each channel control system consists of a panel mounted Feed Rack, a panel mounted Steam Rack, and an Assembly Panel consisting of fuse blocks, a power block, and a terminal block with MOV's and TVS's mounted to an aluminum mounting plate. The test specimens will consist of one Steam Rack and one Assembly Panel. The Feed Rack and Steam Rack contain the same number and type of control boards, with identical electronic components used on the respective boards. Therefore, the Steam Rack and Assembly Panel are representative of the entire system and will serve as the basis for qualification.

QUALIFICATION METHOD Qualification is based on the testing performed on the test specimens. The qualification program is for a mild environment qualification with no aging mechanisms and with seismic being the only Design Basis Event (DBE). Therefore, environmental pre-aging before seismic was not required. Cycle aging of the BYPASS/OPERATE switch has been included in the test program. The test program for mild environment shall consist of electromagnetic compatibility (EMC) testing and cycle aging, followed by a seismic test.

The EMC testing will be performed using the recommendations of EPRI TR-102323-R2, 1997 "Guidelines for Electromagnetic Interference Testing in Power Plants" as modified by Regulatory Guide 1.180, Revision 1 as a basis for testing to verify electromagnetic susceptibility and emissions of the system. The seismic test will verify structural integrity during a seismic event and document any output discontinuities that may develop. The ability of the equipment to operate during and after the seismic event will be supported by pre-seismic baseline testing, seismic monitoring to include an ESFAS all valves close signal during the final SSE test run, and post-seismic baseline test data.

Before and after every qualification test, a baseline test will be performed on the test specimens to verify equipment operation.

501 South 1Ith Street PHONE: 618-244-6000 TERNATIONAL, INC. Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 6 of 24 SAFETY FUNCTION The safety function of the Replacement MSFIS System is divided into 2 independent functions as follows:

  • Steam Line Isolation System (SLIS) - Main Steam Line Isolation minimizes the uncontrolled cool down of the Reactor Coolant System (RCS) that would result from a main steam line rupture. Input signals pass from the detectors through the Solid State Protection System (SSPS) to the MSFIS cabinet where the output signal is generated.

0 Feedwater Isolation System (FWIS) - Feedwater isolation minimizes the potential for excessive post-trip cool down of the RCS due to overfilling the steam generators. It also prevents moisture carryover caused by high steam generator levels, and isolates normal Feedwater in the event of a High Energy Line Break inside containment.

ENVIRONMENTAL AND SEISMIC REQUIREMENTS ENVIRONMENTAL CONDITIONS The MSFIS System is located in the Control Room. The environmental conditions for this location are defined in Specification J-105A(Q) Rev. 2 Section 5.4. The conditions are considered a mild environment, and are listed below.

Parameter Normal Operating Conditions Temperature (*F) 65-84 Pressure ATM Relative Humidity (% RH) 20-70 Radiation (Rads/hr) 0.0005 As stated in EPRI TR-100516, p. 3-11 "Effects of Radiation on Semiconductors."

Most semiconductors can tolerateradiationdoses of & rads and below. MOS devices can be affected by doses as low as 1(9 rads."

Equipment exposure for a 40 year life is less than 2X102 rads TID. This exposure level is well below the minimum dose required to cause degradation in semiconductor performance and therefore radiation aging is not required.

501 South 11th Street PHONE: 618-244-6000 INTEFNATIONAL, INC. Mt. Vemon IL"62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 7 of 24 Seismic Conditions The qualifying Safe Shutdown Earthquake (SSE) random multifrequency test is based on Required Response Spectra (RRS) as specified in Specification No. 10466-J-820 Rev. 1, Fig. 3 Rev. 1 (Attachment D, Wolf Creek Specification J-105A(Q), Rev. 2) as modified by Wolf Creek. The vertical and horizontal RRS are shown in Figures 1 and 2. Tables I and 2 contain the numerical values plus 10% margin. The Operating Basis Earthquake (OBE) shall be 2/3 the SSE test levels.

EMC Conditions The qualifying EMC conditions are based on the recommended levels and test series as described in EPRI TR-102323-R2, 1997 and Reg. Guide 1.180, Rev. 1. The applicable tests are listed in Tables 3, and 4. Test levels and curves are included in Appendix 1.

WHat he 501 South 11 th Street Mt. Vernon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 8 of 24 Figure 1 SSE Horizontal RRS at @ 3% damping with 10% Margin 3- Ng, o.3.00:

Q:

Figure 2 I1lth 10/. Margin ~.....

1090 501 South 11th Street PHONE: 618-244-6000

~NVte Mt. Vernon IL62864* FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 9 of 24 Table 1 SSE Horizontal RRS @ 3% Damping 1 1.13 1.24 1.26 1 48 1-.63:

.1.59 1.94 2.13 2 . 1.94 -2.13 2.52 1.94 2.13 3.17 1.94 2.13 6 6.75 7.42 9 6.75 7.42 16 1.95 2.15 40.3 1.47 1.61 100 1.47 1.61 Table 2 SSE Vertical RRS @ 3% Damping 0.950 0.32 0.35.

3.257 0.81  :.-.0.89 6.468 0.81 "0.89 19.704 0.55 ".0.60 30.235 0.24 0.26 100.000 0.24 0.26.

501 South 11 thStreet ftNuuier Mt. Vernon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 10 of 24 MARGINS The following margins apply for the specified service conditions:

Seismic 10% to the RRS Cycle Aging 10% to number of cycles TEST SEQUENCE The test sequence for the test specimens is dictated by the objective of the qualification program. The environmental conditions of the MSFIS System are considered to be mild.

The postulated incident environmental condition is the same as the normal condition.

The conditions in the mild environment produce no aging mechanisms which will cause significant aging before the design basis event. Therefore, no qualified life is required and seismic becomes the only design basis event of consequence. Cycle aging prior to seismic testing has been included at Wolf Creek's request. The test sequence for the mild qualification test program becomes:

  • Pre-Test Inspection o Baseline Functional Test o EMC Test o Baseline Functional Test
  • Cycle Aging o Baseline Functional Test o Seismic Test o Baseline Functional Test 0 Post-Test Inspection o FPGA Verification The individual steps in the qualification program for the MSFIS System are discussed below.

PRE-TEST INSPECTION At the beginning of the test program, the test specimens will be inspected visually to verify no damage has occurred due to handling or during shipment. The manufacturer 501 South 11 th Street PHONE: 618-244-6000 NTERN ONAL, INC. Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 11 of 24 and part/model number for the test specimens will be recorded and included on all documentation. In addition, a Nutherm Testing Laboratories (NTL) identification number will be established for every test specimen and maintained throughout the test program.

BASELINE/FUNCTIONAL TEST The baseline test verifies the proper operation of the system and is performed in accordance with Nutherm Technical procedures. All functional data, including test instrumentation, shall be recorded. Detailed Nutherm Technical procedures will be developed with input from Wolf Creek and CS Innovations to provide adequate testing of system operation. Baseline testing shall be designed to verify proper output states for "open" and "close" valve actuation.

EMC TEST TEST REQUIREMENTS EMC testing verifies that the susceptibility and emission characteristics of the system make it suitable for use in nuclear power plant safety system applications. The recommendations and test processes discussed in EPRI TR-102323 Rev. 2 as modified by Regulatory Guide 1.180 Rev. 1 shall be used as a basis for developing test and acceptance criteria. EMC testing will be comprised of the following:

" Pre-EMC Testing Inspection and Operability Check

" Qualification Level EMC Emissions Testing

" Qualification Level EMC Susceptibility Testing

" Qualification Level EMC Surge Withstand Capability Testing

" Post-EMC Testing Inspection and Operability Check The EMC testing is summarized below. A detailed test procedure will be generated prior to testing. WCNOC and manufacturer input will be used to develop the test procedure.

EMC EMISSIONS TESTING Both Conducted and Radiated Emissions testing shall be performed. Testing will conform with MIL-STD-461E test methods for conducted and radiated emissions. The four test methods are described in Table 3.

501 South 11j Street PHONE: 618-244-6000 N ATIONAL,'NaMt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM, QUALIFICATION REPORT WCN-9715R, REV. 0 Page 12 of 24 Table 3 MIL-STD-461E Emissions Tests CE101 Low-Frequency Conducted, 30 Hz to 10 kHz CE102 High-Frequency Conducted, 10 kHz to 10 MHz RE101 Radiated Emissions, Magnetic Field, 30 Hz to 100 kHz RE102 Radiated Emissions, Electric Field, 2 MHz to 10 GHz Operating envelopes are included in Appendix I EMC SUSCEPTIBILITY TESTING Both Conducted and Radiated Susceptibility testing shall be performed. Testing will conform with IEC 61000-4 test methods for conducted and radiated susceptibility. In addition to IEC susceptibility tests, two MIL-STD-461E susceptibility tests, CS101 and RS 101, will be performed. The test methods are described in Table 4. At a minimum, all power wires and a representative sample of control and signal wires will be subjected to each test (as applicable). Susceptibility testing includes Surge Withstand Capability Testing as described in Reg. Guide 1.180, Rev. 1.

Table 4 IEC 61000-4 Susceptibility Testing IEC Standards 61000-4-3 Electromagnetic Compatibility - Testing and Measurement Techniques - Radiated, Radio-Frequency, Electromagnetic Field Immunity Test 61000-4-4 Electromagnetic Compatibility- Testing and Measurement Techniques - Electrical Fast Transient/Burst Immunity Test 61000-4-5 Electromagnetic Compatibility - Testing and Measurement Techniques - Surge Immunity Test 61000-4-6 Electromagnetic Compatibility - Testing and Measurement Techniques - Immunity to Conducted Disturbances, Induced by Radio-Frequency Fields 61000-4-9 Electromagnetic Compatibility- Testing and Measurement Techniques - Power Frequency Magnetic Field Immunity Test

.f*tLL7m 501 South 1 Street Mt. Vernon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 13 of 24 61000-4-12 Electromagnetic Compatibility - Testing and Measurement Techniques - Ring Wave Immunity Test 61000-4-16 Electromagnetic Compatibility - Testing and Measurement Techniques - Test for Immunity to Conducted, Common Mode Disturbances in the Frequency Range 0 Hz to 150 kHz MIL-STD-461E CS101 Conducted Susceptibility, Power Leads,30 Hz to 150 kHz RS101 Radiated Susceptibility, Magnetic Field, 30 Hz to 100 kHz Operating envelopes are included in Appendix I. The MSFIS system contains only DC power and signal lines, therefore susceptibility test 61000-4-13 is not applicable and will not be performed.

BASELINE/FUNCTIONAL TEST The initial baseline tests will be repeated to detect any change in performance following the EMC test. All functional data, including test instrumentation, shall be recorded.

CYCLE AGING Cycle aging will be performed on the BYPASS/OPERATE toggle switch located on the ALS-201 board. The toggle switch will be cycled 2475 times, which corresponds to 3 iterations of-five year operationas described in IEEE 649, plus a 10% margin.

BASELINE/FUNCTIONAL TEST The initial baseline tests will be repeated to detect any change in performance following.

the cycle aging. All functional data, including test instrumentation, shall be recorded.

SEISMIC TESTING TEST REQUIREMENTS The seismic. testing will be in accordance with a Nutherm seismic procedure and IEEE 344-1975. The test specimen will be subjected to a resonance search followed by a random Multifrequency (RMF) seismic simulation test program. The seismic testing will be comprised of the following:

" Pre-Seismic Inspection and Operability Check

  • Resonance Search
  • Pre-RMF Inspection and Operability Check 501 South 11 thStreet PHONE: 618-244-6000 W*4Julher Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT

'WCN-9715R, REV. 0 Page 14 of24 Qualification-Level Multifrequency Tests

  • Post-Test Inspection and Operability Check The seismic test program details are summarized below. A detailed seismic test procedure will be generated prior to the seismic test. WCNOC approval of the written procedure is required prior to testing.

RESONANCE SEARCH The test specimens shall be subjected to a resonance search test prior to the RMF test. A low-level (0.2g horizontally and vertically) single-axis sine sweep shall be performed in each of the three orthogonal axes to determine resonant frequencies. The sine sweep shall be performed from 1 to 100 Hz at a sweep rate of one octave per minute.

Transmissibility plots of the specimen-mounted accelerometers shall be included in the test report.

RANDOM MULTI-FREQUENCY TESTS Tri-axial random multi-frequency seismic simulation tests shall be performed. The two

.horizontal axes and the vertical axis shall be excited separately, but simultaneously. The input acceleration level for each of the three axes shall be phase-incoherent during the multifrequency tests.

The test specimen shall be subjected to 30-second duration triaxial multifrequency random motion, which is amplitude-controlled in one-third active bandwidths, spaced one-third octave apart over the frequency range of I to 100 Hz. Three simultaneous, but independent, random signals shall be used as the excitation to produce phase-incoherent motions in the vertical and horizontal axis. The amplitude of each one-third-octave bandwidth shall be indepen*dently adjusted in each of the three axes until the Test Response Spectra (TRS) enveloped the Required Response Spectra (RRS), within the test table limits.

The resulting table motion shalt be analyzed by a response spectrum analyzer at 3%

damping for the Operating Basis Earthquake (OBE) and Safe Shutdown Earthquake (SSE) Test, and plotted at one-sixth octave intervals over the frequency range of I to 100 Hz.

The test specimen shall besubjected to 5 OBE tests prior to the application of an SSE test, per the Required Response Spectra of Figure 1 and Table 1. Approximately 15 seconds into the SSE test an ESFAS all close signal will be initiated and system response observed.

After completing the seismic test, the test specimens will be inspected for any anomalies that occurred *duringthe testing. If any are found, they shall be recorded and presented in the Qualification Report.

501 South 11eno Street - PHONE: 618-244-6000 NTENAIOAL INC Mt. Vernon IL. 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 15 of 24 BASELINE FUNCTIONAL TEST The initial baseline tests will be repeated to detect any change in performance following the seismic test. All functional data, including test instrumentation, shall be recorded.

POST-TEST INSPECTION At the end of the test program, the test specimen will be inspected visually to document the condition of the test specimen after the test.

FPGA VERIFICATION Following the post-test inspection a verification of the FPGA chips on all applicable boards will be performed for information. Manufacturer files from the original logic installation shall be used. Though not part of the qualification program, thistest shall be performed to provide information on any changes which might have occurred within the FPGA chips.

POST-TEST INSPECTION At the end of the test program, the test specimen will be inspected visually to document the condition of the test specimen after the test.

ACCEPTANCE CRITERIA Following are the acceptance criteria of each test for the specified test specimens:

" Baseline Functional Testing - The test specimens are acceptable if the output currents are within specified tolerances for each output state and the alarm indicators illuminate or extinguish as required. In addition, the Assembly Panel and associated Wiring shall be acceptable if it withstands the specified voltage for the specified duration without dielectric breakdown.

" EMC Testing - The acceptance criteria for the susceptibility tests are that no loss of function shall. occur under susceptibility testing. A loss of function could be any of the following:

  • Loss of output, e.g., open or short circuit.
  • Erroneous output, e.g., state change in solenoid control circuits without commaid.
  • An alarm state as indicated by alarm LED illuminating on MSIV Rack front panel occurs and cannot be cleared.
  • Inability to change output state, e.g. cannot change solenoid output from energized to de-energized.
  • Inability to de-energize all solenoid outputs when 2 or more of 4 ESFAS signals are given after alarm reset if one occurs.

SNsuther" 501 South 11 th Street PHONE: 618-244-6000 SNTERNATIONAL INC. Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-971 5R, REV. 0 Page 16 of 24 The acceptance criteria for the emissions tests are that emissions shall not exceed the applicable curve.

Seismic Testing - The test specimens are acceptable if there is no loss of function under OBE/SSE testing. Loss of function would be loss of output, such as open or short circuit, failure of the ESFAS signal to cause a simulated "all close", and/or structural failure such as broken or loosened parts. Contact chatter of 2 milliseconds and higher shall be detected and results included in the Qualification Report.

  • FPGA Verification'- This testing was performed to gather information and therefore has no acceptance criteria.

QUALIFICATION TEST RESULTS TEST SPECIMEN A Test Specimen Work Order (TSWO) was prepared for each test specimen. Test specimen NTL 7430 comprised the complete MSIV rack assembly, and NTL 7431 comprised the complete assembly panel consisting of 26 fuse blocks, a terminal block, and a power block, wired and'mounted to an aluminum mounting plate. A test sequence was established for each test specimen, as identified in the "QUALIFICATION METHOD/TEST SEQUENCE" section.

PRE-TEST INSPECTION At the beginning of the test program, the test specimens were inspected visually to verify no damage had occurred due to handling or during shipment.

The specimen passed the pretest inspection.

BASELINE TEST The test specimens were tested in accordance with the Nutherm Test Procedures, TPS-9059 and TPG-0002, which are included in Appendix II. The test parameters and M&TE accuracy requirements are specified on the "Test Specification" forms attached to the TSWOs. The results of testing are presented on the "Data Sheet" forms. Test Specifications and Test Data Sheets are included in Appendix III.

The test specimens successfully passed the initial baseline test.

EMC TEST The test specimens were tested in accordance with Nutherm Test Procedure 9715-EMC-01, Rev. 4 which is included in EMC Test Report WCN-9715ER, Rev. 0. The EMC Test Report is located in Appendix VI of this report. A detailed description of T

ýn r NL, INC.

501 South 11 th Street Mt. Vemon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 17 of 24 EMC testing along with test data and Record of Anomaly ROA-148 are also contained in WCN-9715ER, Rev. 0.

Some anomalies were noted during EMC testing and are described in detail in Record of Anomaly ROA-148. After the modifications described in WCN-9715ER, Rev. 0 were made these anomalies were confined to alarm indications. These alarms were part of the system design. When the unit detects anomalous inputs, such as voltage surges, it is designed to generate an alarm. The operation of the unit was verified by pre- and post-test operation, as detailed in the test report. In all cases the system performance was satisfactory.

The EMC testing conducted demonstrated that the replacement CS Innovations Main Steam and Feedwater Isolation System logic-based controls, when properly installed, meet the electromagnetic compatibility requirements of EPRI TR-102323-R2-1997 as modified by Reg. Guide 1.180, Rev. I for safety related devices located in a low exposure environment and meet the EMC requirements of Wolf Creek Generating Station Specification J-105(Q), Rev. 2.

POST-EMC BASELINE TEST The test specimens were subjected to baseline tests following the EMC testing to document any change in performance due to EMC testing. Both test specimens passed the post-EMC baseline tests. The test results are included in Appendix III.

Cycle Aging Following the EMC baseline test, the Bypass/Operate toggle switch on the ALS-201 board was cycled 2,475 times under the system circuit load when the system was energized with 125 Vdc. The toggle switch successfully completed the cycle aging. The test results are included in Appendix III.

Post-Cycle Aging Baseline.Test The test specimens were subjected to a system baseline test to verify functionality following cycle aging on the Bypass/Operate toggle switch. The test specimens successfully completed the baseline test. The test results are included in Appendix III.

SEISMIC TESTING TEST REQUIREMENTS.

The test specimens were subjected to a seismic simulation test program in accordance with Seismic Test Procedure S-128P, Rev. 2, which comprised the following:

  • Pre-Seismic Inspection and Operability Check

, Single Axis Resonance Search Test

  • Qualification-Level Multifrequency Tests
  • Post-Test Inspection and Operability Check 501 South 11th Street PHONE: 618-244-6000 NTRTOL, INC. Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 18 of 24 TEST DESCRIPTION" PRE-SEISMIC INSPECTION The specimens were visually examined upon arrival at the test facility to verify that no damage had occurred during shipping and handling. Additionally, an "ON-OFF" type operability check was performed prior to testing. The specimens passed the pre-seismic inspection and operational check.

SEISMIC MOUNTING AND ORIENTATION Prior to seismic, the MSFIS system components were mounted to test fixtures as described in Table I of the Seismic Test Procedure, S-128P, Rev. 2, which is included in Appendix IV. This consisted of mounting the card rack to a test fixture and welding the fuse block panel to a separate test fixture. The test specimen was mounted to simulate the actual in-service configurations.

The test fixtures were mounted to the Triaxial Seismic Simulator Table such that the principal axes of the specimens were collinear with the input excitations of the test table.

Photographs 1 through 4 show the mounted test specimens.

EXCITATION CONTROL AND SPECIMEN RESPONSE Three control accelerometers were mounted on the test table. Three response accelerometers were mounted on the rack assembly, 1FB, 2SS, and 3V, and three were mounted on the fuse block panel, 4FB, 5SS and 6V. Photographs 2 and 3 show the location of the response accelerometers.

A digital data acquisition system was used to record the output of the accelerometers.

The response accelerometer locations were approved by the Wolf Creek representative witnessing the test.

501 South 11 th Street PHONE: 618-244-6000

~Ntherm Mt. Vernon IL62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 19 of 24 Photograph 1 Photograph 2 501 South 11th Street PHONE: 618-244-6000 f*4LL7," Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 20 of 24 Photograph 3 Photograph 4 fl FF,7 501 South 11th Street Mt. Vernon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 21 of 24 ELECTRICAL POWERING AND MONITORING The input and the monitoring points are indicated in Table 1 of the seismic test procedure. The rack and panel assembly were wired together as a single unit and energized with 105Vdc. The specimens were visually monitored for structural integrity and the FET board output contact was electronically monitored for operation and contact chatter.

RESONANCE SEARCH-TEST The MSFIS components were subjected to a resonance search test. A low level (0.2g horizontally and vertically) single-axis sine sweep was performed in each of the three orthogonal axes. The sine sweep was performed from 1 to 100 Hz at a sweep rate of one octave per minute.

No resonance conditions were detected below 33 Hz. The transmissibility plots are included in Appendix IV.

RANDOM MULTIFREQUENCY TESTS Triaxial random multifrequency seismic simulation tests were performed following the resonance search test. Thetwo horizontal axes and the vertical axis were excited separately, but simultaneously. The input acceleration level for each of the three axes was phase-incoherent during the multifrequency tests.

The test specimen was subjected to 30-second duration triaxial multifrequency random motion, which was amplitude-controlled in one-third octave bandwidths, spaced one-third octave apart over the frequency range of I to 100 Hz. Three simultaneous, but independent, random signals were used as the excitation to produce phase-incoherent motions in the vertical and horizontal axis. The amplitude of each one-third-octave bandwidth was independently adjusted in each of the three axes until the Test Response Spectra (TRS) enveloped the Required Response Spectra (RRS), within the test table limits.

The resulting table motion was analyzed.by a response spectrum analyzer at the test damping for the Operating BasisEarthquake (OBE) and Safe Shutdown Earthquake (SSE) Test, and plotted at one-sixth octave intervals over the frequency range of 1 to 100 Hz.

The specimen was subjected to five OBE tests prior to the application of the SSE test.

The test run descriptions are shown in the following table.

501 South 11"t Street PHONE: 618-244-6000 TETONAL, INC. Mt. Vernon IL 62864 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 22 of 24 Test Run Test Level I Sine Sweep Vertical 2 Sine Sweep Side/Side 3 Sine Sweep Front/Back 4 RMF OBE- 1 5 RMF OBE - 2 6 RMF OBE-3 7 RMF OBE-4 8 RMF OBE - 5 9 RMF <SSE I

10. RMF SSE2 TEST RESULTS No structural damage or discontinuity of output was recorded.

Approximately 15 seconds into the SSE test, an ESFAS signal was simulated by simultaneously pressing two of the four pushbuttons on the operator test panel. The appropriate load bank indicator lights were energized.

The test response spectra plots for each run are included in Appendix V. Comparison of the Required Response Spectra (RRS) and the Test Response Spectra (TRS) are shown on pages 22, 27, and 32 of Appendix V for a representative OBE test run and on pages 70, 75, and 80 for a SSE test run.

POST-SEISMIC INSPECTION The test specimens were operated and visually examined at the conclusion of the seismic test. They responded in the appropriate manner to the required inputs and no structural anomalies were observed.

POST-SEISMIC BASELINE TEST After completing seismic testing, the test specimens were baseline tested. The baseline testing was performed as outlined in the previous "BASELINE TEST" paragraph of the "QUALIFICATION METHOD/TEST SEQUENCE" section. The test specimen passed the post-seismic baseline test. The results are included in Appendix II.

POST-TEST INSPECTION The post-test inspection revealed no anomalies for the test specimen.

FPGA VERIFICATION Verification testing was performed on all applicable boards, for information only, to compare them to original manufacturer files. No changes in the FPGA files were noted.

501 South 11th Street MAUI hermv Mt. Vernon IL.62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT WCN-9715R, REV. 0 Page 23 of 24 CONCLUSION The testing performed demonstrates that the CS Innovations replacement MSFIS system listed in the "DEVICE DESCRIPTION" section, when properly installed and maintained, will withstand environmental, EMI-RFI, and seismic loadings enveloped by the test program.

501 South 11 thStreet f*NUther Mt. Vemon IL 62864 PHONE: 618-244-6000 FAX: 618-244-6641

NUTHERM QUALIFICATION REPORT

".WCN-9715R, REV. 0 Page 24 of 24 LIST OF ATTACHMENTS Apliendix I EMC Envelopes Appendix II Nutherm International Technical Procedures TPS-9059, Rev. 0 and Rev. 1 TPG-0002, Rev. 0 Appendix III Test Specimen Work Order Test Specifications and Baseline Test Data Sheets

  • NTL 7430 NTL 7431 Appendix IV Seismic Test Procedure Appendix V Seismic Test Data Test Run TRS Plots TRS Numerical Values for a Representative OBE & SSE Test Acceleration Time History Plots PSD and Coherence Plots Instrumentation Log Sheets Appendix VI EMC Test Report with Data 501 South 11 t Street PHONE: 618-244-6000 NJUL91, Mt. Vemon IL 62864 FAX: 618-244-6641