ML17297A915
| ML17297A915 | |
| Person / Time | |
|---|---|
| Site: | Palo Verde  |
| Issue date: | 06/18/1981 |
| From: | ARIZONA PUBLIC SERVICE CO. (FORMERLY ARIZONA NUCLEAR |
| To: | |
| Shared Package | |
| ML17297A913 | List: |
| References | |
| NUDOCS 8110130252 | |
| Download: ML17297A915 (557) | |
Text
INDEPENDENT DESIGN REVXEW of the PALO VERDE NUCLEAR GENERATING STATION INSTRUMENTATION AND CONTROL SYSTEMS Before the XNSTRUMENTATXON
&CONTROL SYSTEMS REVIEW BOARD VOLUME IXI of III A P P E N D I X Phoenix, Arizona June 17-18, 1981 GRUMLEY REPORTERS PHOENIX, ARIZONA effog a 4OOaSZ 81~00m F CK OS000528 F'R PALO VERDE NUCLEAR GENERATING STATION BALANCE OF PLANT IMSTRUMEMTATIOM AND CONTROL SYSTEMS REVIEW BOARD PHOENIX, AZ JUNE 17-18, 1981 0
INSTRUMENTATION AND CONTROLS INDEPENDENT DESIGN REVIEW 6/17 R 18/81 BOARD CONVENES FOR BECHTEL PRESENTATION (MEETING NO, 1)6/25/81 APS LICENSING REVIEWS TRANSCRIPT 7/02/81 7/16/81 FINAL TRANSCRIPT SENT TO NRC, REVIEW BOARD AND BECHTEL BECHTEL'S DRAFT RESPONSE SENT TO APS FOR INFORMAL REVIEW 7/23/81 APS COMMENTS ON DRAFT RESPONSE SENT TO BECHTEL WEEK OF 7/27/81 8/06/81 8/17/81 8/26/81 FOLLOW-UP MEETING WITH NRC (MEETING NO, 2)BECHTEL SUBMITS RESPONSES TO OPEN ITEMS FROM REVIEW MEETING NO, 1 APS SENDS BOARD'S COMMENTS ON RESPONSES TO BECHTEL THOSE BOARD MEMBERS WITH COMMENTS WILL RECONVENE TO MEET WITH BECHTEL" 9/04/81 LETTER TO NRC CLOSING OUT REVIEW WEEK OF 9/07/81 NRC IRC DRAWING REVIEW AND SITE VISIT~'RECONVENING NAY BE FULFILLED NITH CONFERENCE CALL SCHEDULE 1
REVIEW BOARD AGENDA BOP INSTRUMENTATION R CONTROL SYSTEMS 1, INTRODUCTION A, NSSS INTERFACES 2, SYSTEM OVERVIEW A, ENGINEERED SAFETY FEATURE SYSTEMS 1, BOP ESFAS A DESIGN CRITERIA B SYSTEM DESCRIPTION 2, ESF ACTUATED DEVICE LOGIC-TYPICALS 3, ESF LOAD SEQUENCER A DESIGN CRITERIA B SYSTEM DESCRIPTION B, SYSTEMS REQUIRED FOR SAFE SHUTDOWN 1, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY A, DESIGN CRITERIA B SYSTEM DESCRIPTION c, LAYOUT EXHIBIT i REVIEW BOARD AGENDA BOP INSTRUMENTATION R CONTROL SYSTEMS 2.SYS C, D, E, TEM OVERVIEW (CONT'D)SAFETY-RELATED DISPLAY INSTRUMENTATION 1, PROCESS INSTRUf'lENTATION A DESIGN CRITERIA B SYSTEM DESCRIPTION 2, SAFETY EQUIPMENT STATUS SYSTEM (SESS)A DESIGN CRITERIA B SYSTEM DESCRIPTION c, LAYOUT POST ACCIDENT MONITORING (REG GUIDE 1 97 REV 2)A DESIGN CRITERIA B SYSTEM DESCRIPTION ALL OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY 1, CLASS IE ALARM SYSTEf'l A DESIGN CRITERIA B SYSTEM DESCRIPTION 2, SAFETY PARAMETER DISPLAY SYSTEM (SPDS)A, DESIGN CRITERIA B SYSTEM DESCRIPTION CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 1, DESIGN CRITERIA 2, SYSTEM DESCRIPTION EXHIBIT ii 0 0 REVIEW BOARD AGENDA BOP INSTRUMENTATION R CONTROL SYSTEMS 3, COMPLIANCE WITH REGULATORY REQUIREMENTS A, SRP'S B, GDC'S C, REGULATORY GUIDES D, IEEE STANDARDS E, BTP'S F, I E BULLETINS G, NUREG-0737 ADDITIONAL ITEMS OF CONCERN A, INSTRUMENTATION AND CONTROL SYSTEMS BRANCH CONCERNS (NRC LETTER DATED APRIL 16, 1981)5 BACKGROUND INFORMATION EXHIBIT iii INSTRUMENTATION AND CONTROLS~REACTOR TRIP SYSTEM ENGINEERED SAFETY FEATURE SYSTEMS SAFE SHUTDOWN SYSTEMS SAFETY-RELATED DISPLAY INSTRUMENTATION ALL OTHER SAF ETY-RELATED INSTRUMENTATION NDN-SAFETY RELATED CONTROL SYSTEMS I I I I gas~~J I NSSS INTER FACE I BOP BOP BOP BOP BOP NSSS NSSS NSSS NSSS SCOPE OF BOP INSTRUMENTATION AND CONTROLS REVIEW BOARD NSSS NSSS FIGURE 1-1
FUEL BLDG CONTAINMENT BLDG TURBINE BLDG AUX BLDG RAD WASTE BLDG CONTROL BLDG DIESEL GEN BLDG FIGURE 1-2 PVNGS GENERAL PLANT ARRANGEMENT AUXI BUILDING NSSS ANALOG~~B B B S RAD.ON.SYS QA,'B P~A~BQ NSSS CONTROL SYS[iso ESFAS AUX RELAY AUX PROTECTIVE PPS NSSSAN LOG-IE A B C 0 A I B B C i D KITCHEN CORRIDOR BUILDING PPS-CNDS S G.FW-TG AUX OFFICE PANTRY RADWASTE BUILDING BOP ANALOG-IE B+A SESS CVCS 2 0 ESF ELEC MIMIC CONFERENCE ROOM t R o O p I-CC CC mg~CCB Q@~O ggO CB CD CB CABLE RISER SHAFT LI COMPUTER ROOM OFFICE OFFICE OFFICE STORAGE DWN UP DIESEL GENERATOR BUILDING FIGURE 1-3 MAIN CONTROL ROOM ARRANGEMENT
PVNGS CLASSIFICATIONS B, C, QUALITY CLASS Q~FULL COMPLIANCE WITH 10CFR50, APPENDIX Bp PER ANSI N f5 2-1971 (ALL ENGINEERED SAFETY FEATURES[ESFj CONPONENTS ARE Q)QUALITY CLASS"R~SIMILAR TO 10CFR50, APPENDIX Bi BUT REQUIRES LESS.EXTENSIVE DOCUMENTATION QUALITY CLASS'~INDUSTRY STANDARD EQUIPMENT D, SEISMIC CATEGORY I~REMAIN FUNCTIONAL FOR SSE AND OBE QF1-REMAIN FUNCTIONAL BEFORE'URING'ND AFTER SSE QF2-REMAIN FUNCTIONAL BEFORE AND AFTER SSE E, SEISMIC CATEGORY II~COMPONENTS ESSENTIAL TO POWER GENERATION DESIGNED TO NOT MALFUNCTION FOR AN EQUIVALENT STATIC LOAD OF OalZG HORIZONTAL AND OA09G VERTICAL F, SEISMIC CATEGORY III~DESIGNED FOR AN EQUIVALENT STATIC LOAD OF 0,05G OR TO MEET UNIFORM BUILDING CODE FOR SEISMIC ZONE 2 6 i SEI SM I C CATEGORY IX I DESIGN ANALYZED FOR NON-COLLAPSE FOR SSE EXHIBIT 1-1 CESSAR GENERAL INTERFACE REQUIREMENTS
REFERENCE:
CESSAR SECTION 7.1,3 1)~P~VITAL INSTRUMENT POWER REQUIREMENTS FOR THE SAFETY RELATED SYSTEMS ARE DISCUSSED IN CESSAR SECTION 8 3,1, IN CONPLIANCE 2)P c o CESSAR DESIGN SCOPE CLASS 1E EQUIPMENT SHALL BE LOCATED WITHIN THE PLANT SO AS TO ENSURE THE VARIOUS NATURAL PHENOMENA SPECIFIED IN GDC 2 WHICH ARE APPLICABLE TO THE APPLICANT S SITE WILL NOT RESULT IN DEGRADATION OF THAT EQUIPMENT BELOW THE LEVEL REQUIRED TO ALLOW IT TO PERFORM REQUIRED PROTECTIVE ACTION ASSUMING A S I NG LE FA I LURE s IN CONPLIANCE 3)P c P THE LOCATION OF SAFETY-RELATED INSTRUMENTATION AND CONTROL COM-PONENTS SHALL TAKE INTO ACCOUNT THEIR POTENTIAL DAMAGE DUE TO PIPING FAILURES'UCH AS PIPE WHIP>JET IMPINGEMENT'TC>
g FROM HIGH OR MEDIUM ENERGY FLUID SYSTEMS~IN CONPLIANCE EXHIBIT 1A-1 p
I S S CESSAR GENERAL INTERFACE REQUIRENENTS
REFERENCE:
, CESSAR SECTION 7.1,3 EQUI D S THE LOCATION OF THESE COMPONENTS AND THE ROUTING OF 1E AND ASSOCIATED CABLES AND SENSING LINES SHOULD AVOID SUCH HAZARDS-OR SHALL BE PROVIDED WITH ADEQUATE PROTECTION SUCH THAT REQUIRED PROTECTIVE ACTION CAN BE PERFORMED ASSUMING A SINGLE PIPING FAILURES ITS ASSOCIATED EFFECTS>AND A SINGLE FAILURE)0)HISS~THE SAFETY-RELATED EQUIPMENT SHALL BE PROTECTED FROM POTENTIAL MISSILE SOURCES, THE 1E AND ASSOCIATED CABLING AND SENSING LINES SHALL BE HANDLED IN A SIMILAR FASHIONs IN COHPLIANCE 5)~S THE ROUTING OF 1E AND ASSOCIATED CABLING AND SENSING LINES FROM SENSORS BE ARRANGED TO MINIMIZE THE POSSIBILITY OF COMMON MODE FAILURES TH I S REQUIRES THAT THE CABLING FOR THE FOUR SAFETY CHANNELS BE ROUTED SEPARATELY'OWEVERS THE CABLES OF DI FFERENT SAFETY FUNCTIONS WITHIN ONE CHANNEL>MAY BE ROUTED TOGETHER)LOW ENERGY SIGNAL CABLES SHALL BE ROUTED SEPARATELY FROM ALL POWER CABLES s SAFETY RELATED SENSORS SHALL BE SEPARATED THE SEPARAT I ON IN CONPLIANCE EXHIBIT 1A-2
I S CESSAR GENERAL INTERFACE REQUIRENENTS
REFERENCE:
CESSAR SECTION 7,1,3 OF THEIR SAFETY RELATED CABLES REQUIRES THAT THE CABLES BE ROUTED IN SEPARATE CABLE TRAYS~ASSOCIATED CIRCUIT CABLING FROM REDUNDANT CHANNELS SHALL BE SEPARATED>
PROVIDED WITH ISOLATION'NALYZED'R TESTED TO DEMONSTRATE THAT NO SINGLE CREDIBLE FAILURE CAN ADVERSELY AFFECT MORE THAN ONE REDUNDANT CHANNELs NON-CLASS 1E INSTRUMENTATION CIRCUITS AND CABLES (LOW LEVEL)WHICH MAY BE IN PROXIMITY TO ASSOCIATED CIRCUITS AND CABLES'RE TO BE TREATED AS ASSOCIATED CIRCUITS IF ANALYSES OR TESTS DEMONSTRATE THAT CREDIBLE FAILURES THEREIN COULD ADVERSELY AFFECT CLASS 1E CIRCUITS 6)~I CABLING ASSOCIATED WITH REDUNDANT CHANNELS OF SAFETY RELATED CIRCUITS SHALL BE INSTALLED SUCH THAT A SINGLE CREDIBLE EVENT CANNOT CAUSE MULTIPLE CHANNEL MALFUNCTIONS OR INTERACTIONS BETWEEN CHANNELS)IN COMPLIANCE EXHIBIT 1A-3 CESSAR GENERAL INTERFACE REQUIREMENTS
REFERENCE:
CESSAR SECTION 7,1,3 7)THE SAFETY-RELATED EQUIPMENT SHALL BE LOCATED SO AS NOT TO VIOLATE IN COMPLIANCE THE TEMPERATURE AND HUMIDITY LIMITS OF CESSAR SECTION 3,11, 8)O AUXILIARY AND SUPPORTING SYSTEMS FOR THE SAFETY RELATED INSTRUMEN-TATION AND CONTROLS SHALL BE DESIGNED TO CAUSE A SYSTEMS LEVEL BYPASS INDICATIONS WHEN THEY ARE BYPASSED OR DELIBERATELY MADE INOPERABLE, FOR THE SAFETY-RELATED SYSTEM WHICH WOULD BE AFFECTED BY THE BYPASSING OR DELIBERATE INOPERABILITY OF THE AUXILIARY OR SUPPORTING SYSTEMs THE RPS AND ESFAS A~AR~S AND THE~E~OT~PPS AND DNBR/LPD CALCULATOR OPERATOR S MODULES SHALL BE LOCATED IN THE MAIN CONTROL ROON>IN COMPLIANCE EXHIBIT 1A-4
I S U CESSAR GENERAL INTERFACE REQUIRENENTS
REFERENCE:
CESSAR SECTION 7,1,3 QUI E 9)0 THE RPS AND ESFAS MANUAL ACTUATION DEVICES SHALL BE LOCATED IN THE CONTROL ROOMi THE INSTRUMENTATION AND CONTROL COMPONENTS OF THE SAFE SHUTDOWN SYSTEMS ON THE REMOTE SHUTDOWN PANEL OR AT LOCAL LOCATI ONS SHALL BE MANUALLY OPERABLE~IN CONPLIANCE=
10)I s THE PPSg INCLUDING SENSORS'HALL BE CAPABLE OF BEING PERI ODI CALLY TESTED IN ACCORDANCE WITH THE TECHNICAL SPECIFICATIONS OF CHAPTER 16, THOSE PORTIONS WHICH COULD ADVERSELY AFFECT REACTOR OPERATIONS SHALL BE CAPABLE OF BEING TESTED WHEN THE REACTOR IS SHUT DOWN ALL OTHER SAFETY-RELATED INSTRUMENTATION SHALL BE CAPABLE OF BEING TESTED DURING NORMAL OPERATIONs IN CONPLIANCE 11)C s S THE COMPONENTS OF THE SAFETY-RELATED EQUIPMENT SHALL BE LOCATED SO IN CONPLIANCE AS NOT TO EXCEED THE CHEMISTRY LIMITS SPECIFIED IN SECTION 3all EXHIBIT 1A-5 I S CESSAR GENERAL INTERFACE REQUIRENENTS
REFERENCE:
CESSAR SECTION 7,1,3 12)NOT APPLICABLE TO THE SAFETY RELATED INSTRUMENT AND CONTROLS EQUIPMENTs IN CONPLIANCE 13)SY SAFETY-RELATED COMPONENTS SHALL BE LOCATED SO AS TO CONFORM TO THE SEPARATIONS INDEPENDENCE'ND OTHER CRITERIA SPECIFIED IN THIS SECTION, THE SAFETY-RELATED COMPONENTS SHALL BE LOCATED TO PROVIDE ACCESS FOR MAINTENANCE'ESTING AND OPERATION AS REQUIRED'NALOG AND DIGITAL SIGNALS PROVIDED TO THE SAFETY-RELATED COM-PONENTS SHALL NOT SHARE THE SAME MULTICONDUCTOR CABLE>UNLESS SPECI F I CALLY CALLED FOR OR APPROVED BY COMBUST I ON ENG I NEER I NG s IN CONPLIANCE 14)R RADIOLOGICAL WASTE DISCHARGE LINES OR COMPONENTS SHALL NOT BE ROUTED OR LOCATED NEXT TO PROTECTION SYSTEM ELECTRONIC COMPO-NENTS IN A MANNER THAT WILL RESULT IN EXCEEDING THE RADIATION LIMITS SPECIFIED IN SECTION 3,11, EXHIBIT lA-6 IN CONPLIANCE CESSAR GENERAL INTERFACE REQUIREMENTS
REFERENCE:
CESSAR SECTION 7,1,3 QUIR S 15)Ov THE COMPONENTS OF THE SAFETY-RELATED EQUIPMENT SHALL BE LOCATED SO AS NOT TO EXCEED THE PRESSURE LIMITS SPECIFIED IN SEC-TION 3,11, IN COMPLIANCE 16)IlEL!~S~A FIRE PROTECTION SYSTEM SHALL BE PROVIDED TO PROTECT THE SAFETY RELATED EQUIPMENTS INCLUDING SENSORS'ONSISTENT WITH GDC 3, THIS SHALL INCLUDE FACILITIES FOR DETECTION'LARM-ING, AND EXTINGUISHING OF FIRES)FACILITIES AND METHODS FOR MINIMIZING THE PROBABILITY AND EFFECTS OF FIRES'NCLUD-ING FIRE BARRIERS'IRE RESISTANT AND NON-COMBUSTIBLE MATE-RIALS, AND OTHER SUCH ITEMS'HALL BE EMPLOYED WHENEVER POSSIBLEs ADEQUATE DRAINAGE SHALL BE PROVIDED IF WATER IS USED TO EXTINGUISH FIRES s INADVERTENT OPERATION OR RUPTURE OF FIRE PROTECTION SYSTEMS SHALL NOT RESULT IN THE REDUCTION OF THE FUNCTIONAL CAPABILITY OF SAFETY-RELATED SYSTEMS OR COMPONENTS BELOW THAT REQUIRED TO PERFORM THEIR SAFETY FUNCTIONs EXHIBIT 1A-7 IN COMPLIANCE I S U ND S CESSAR GENERAL INTERFACE REQUIRENENTS
REFERENCE:
CESSAR SECTION 7, 1,3 QU DESG E UE~PHYSICAL IDENTIFICATION SHALL BE PROVIDED TO ENABLE PLANT PERSONNEL TO RECOGNIZE THAT PPSi ESFAS AUXILIARY RELAY CABI-NETS'TSSg AND THEIR CABLING ARE SAFETY-RELATED, THE CABI-NETS SHALL BE IDENTIFIED BY NAMEPLATEss A COLOR CODING SCHEME SHALL BE USED TO IDENTIFY THE PHYSICALLY SEPARATED CHANNEL CABLING FROM SENSOR TO THE PPS (REFER TO CESSAR SECTION 7.1,3 5)g THE SAME COLOR CODE SHALL BE USED FOR INTERBAY OR INTERCABINET IDENTIFICATION CABLING OR WIRING WITHIN A BAY AT THE CABINET WHICH IS IN THE CHANNEL OF ITS CIRCUIT CLASSIFICATION SHALL NOT BE COLOR CODED'HE CABINET NAMEPLATES AND CABLING SHALL BE COLOR CODED AS FOLLOWS'N COMPLIANCE PER FSAR SEc-TION 8.3.1.3 (ASSOCIATED CIRCUITS TREATED AS CLAsS lE IDENTIFIED BY THE SEPARATION GROUP COLOR CODEa)C~A~~~~A: CHANNEL B: CHANNEL Cl CHANNEL D: S RED A: GREEN B: YELLOW BLUE S C D RED CHANNEL J: WHITE/RED STRIPE GREEN CHANNEL K.'WHITE/GREEN STRIPE CHANNEL L: WHITE/YELLOW STRIPE CHANNEL N: WHITE/BLUE STRIPE EXHIBIT 1A-8 CESSAR GENERAL INTERFACE REQUIRENENTS
REFERENCE:
CESSAR SECTION 7,1,3 ALL NON-PANEL MOUNTED PROTECTION SYSTEM INSTRUMENTATION AND CONTROL COMPONENTS ARE IDENTIFIED WITH A NAME TAG WHICH PROVIDES THE CHANNEL NUMBER AND THE SUFFIX Ap Bg Cg OR D TO SPECIFICALLY IDENTIFY THE PROTECTION CHANNEL WITH WHICH THE COMPONENT IS I DENT I F I ED s 17)~E ENVIRONMENTAL SUPPORT SYSTEMS SHALL BE PROVIDED TO ENSURE THAT THE ENVIRONMENTAL CONDITIONS OF THE SAFETY RELATED SYSTEMS DO NOT EXCEED THE REQUIREMENTS FOR 1E EQUIPMENT AS DEFINED IN SECTION 3 11 IN CONPLIANCE 18)SEISMIC REQUIREMENTS FOR SAFETY RELATED EQUIPMENT ARE SPECIFIED IN SECTION 3, 10, IN CONPLIANCE EXHIBIT 1A-9 I R CESSAR GENERAL INTERFACE REQUIREMENTS
REFERENCE:
CESSAR SECTION 7,1.3 19)P Mo S THE INPUTS TO THE RPS AND ESFAS CAN BE SENT TO THE PMS FOR TREND-ING'ATA LOGGING AND OTHER HISTOR'ICAL FUNCTIONS BUT ARE NOT USED FOR OTHER CONTROL FUNCTIONS>
THESE INPUTS SHALL HAVE PROPER ISOLATION TO PREVENT ANY FAILURE IN THE PMS FROM ADVERSELY AFFECTING THE RPS OR ESFAS, IN COMPLIANCE EXHIBIT 1A-10 REACTOR PROTECTION SYSTEM SUPPLEMENTARY PROTECTION SYSTEM PROCESS SYSTEMS VARIABLES SENSORS DISPLAYS INDEPENDENT'RESSURIZER PRESSURE SENSOR DISPLAYS PROTECTION
~I MANUAL SYSTEM~CONTROLS LOGIC PROTECTION SYSTEM LOGIC I MANUAL CONTROLS CEDM'S~I MANUAL CONTROLS LOGIC I DROP ROD~DISPLAYS CONTACTS I NSSS-SRP7.2-'~REACTOR PROTECTION SYSTEM (RPS)~SUPPLEMENTARY PROTECTION SYSTEM (SPS)0 REACTOR TRIP SWITCH GEAR REACTOR TRIP SYSTEM REACTOR TRIP SYSTEM ELECTRICAL AND MECHANICAL DEVICES AND CIRCUITRY (FROM SENSORS THROUGH ACTUATION DEVICES)REQUIRED TO INITIATE REACTOR SHUTDOWN FIGURE 1A-1 PZRI SG 1-0 SG'I-8 PZR-0.Q." Qss s x SG I~rg SG SGI-A ELEV.100'sss-ass~s PZR A~.Ss~4~SG2-0 M.S.S.S.sas.s~G'G CNTMT BLDG.0 CNTMT-0 SG2 o o~O@ass U~s CNTMT A CNTMT-C SG 2-B n-Inr-0 ADX.BLDG.SG2 SG 2 SG 2 CNTMT-C"Sn I I s s 8 n o"ll RPS-ESFAS SENSOR LOCATIONS FIGURE 1A-2
ADDITIONAL CESSAR INTERFACE REQU I RENENTS
REFERENCE:
CESSAR SECTION 7,2,3 DESI 1)~S PREAMPLIFIERS FOR THE FISSION CHAMBERS SHALL BE MOUNTED OUTSIDE THE BIOLOGICAL SHIELD BUT INSIDE THE CONTAINMENT BUILDINGs THE PREAMPLIFIERS AND CABLING SHALL BE PROVIDED WITH PHYSICAL AND ELECTRICAL SEPARATIONs IN CONPLIANCE 2)0 R ADMINISTRATIVE PROCEDURES OR OTHER SUITABLE MEANS SHALL BE USED TO CONTROL CHANGES TO CPC CONSTANTS'DJUSTMENTS TO VARIABLE SETPOINTS AND THE BYPASSING OF CHANNELS WHICH COULD AFFECT OPERATIONi IN COMPLIANCE EXHIBIT 1A-11 2, SYSTEN OVERVIOl PROCESS SYST Eh1S VARIABLES NSSS ESFAS SENSORS I DISPLAYS BOP ESFAS SENSORS DISPLAYS NSSS-SRP 7.3-~ESFAS~CONTAINMENT ISOLATION~SAFETY INJECTION CONTAINMENT SPRAY-SRP 7.3-NSSS ACTUATED DEVICES+I I I BOP SUPPORT ACTUATED DEVICES I 4 BOP ACTUATED DEVICES PROTECTION l MANUAL SYSTEM CONTROLS LOGIC+t ACTUATED I MANUAL DEVICE~CONTROLS LOGIC ESF I SYSTEM~DISPLAYS SENSORS I NSSS ESF SYSTEh1S ACTUATED h1ANUAL CONTROLS LOGIC I SUPPORT I SYSTEM~DISPLAYS SENSORS I BOP ESF SUPPORT SYSTEMS ENGINEERED SAFETY FEATURE SYSTEM ELECTRICAL ANO hIECHANICAL DEVICES AND CIRCUITRY IFROM SENSORS THROUGH ACTUATION DEVICES)REQUIRED TO INITIATE PROTECTIVE ACTION.PROTECTION i~CONTROLS MANUAL CONTROLS LOGIC ESF I SYSTEM~DISPLAYS SENSORS BOP ESF SYSTEhIS BOP~BOP ESFAS 5 ESF LOADSEQUENCER
~CONTAINMENT ISOLATION~MAIN STEAM I SO LAT I 0 N~AUXILIARY FEEDWATER~FUEL BLDG ESSENTIAL VENTILATION
~CONTAINMENT PURGE ISOLATION~CONTROL ROOM ESSENTIAL VENTILATION
~CONTAINMENT COh1BUSTIBLE GAS CONTROL (MANUAL)BOP SUPPORT~DIESEL GENERATORS IDG)~DG FUEL OIL STORAGE AND TRANSFER~CLASS IE DC POWER~CLASS IE AC POWER~ESSENTIAL COOLING WATER~ESSENTIAL SPRAY PONDS~ESSENTIAL CHILLEO WATER FIGURE 2A-1 2,A,1,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S 1)THE BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM (BOP ESFAS)SHALL PROVIDE INITIATING SIGNALS FOR BALANCE OF PLANT ENGINEERED SAFETY FEATURE (BOP ESF)SYSTEM COMPONENTS WHICH REuUIRE AUTOMATIC INITIATION FOLLOWING A DESIGN BASIS EVENT, THE BOP ESFAS ACTUATION SIGNALS ARE: FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SIGNAL (FBEVAS)CONTAINMENT PURGE ISOLATION ACTUATION SIGNAL (CPIAS)CONTROL ROOM VENTILATION ISOLATION ACTUATION SIGNAL (CRVIAS)CONTROL ROOM ESSENTIAL FILTRATION ACTUATION SIGNAL (CREFAS)THE AUTOMATICALLY ACTUATED BOP ESF SYSTEMS ARE: FUEL BUILDING ESSENTIAL VENTILATION SYSTEM CONTAINMENT PURGE ISOLATION SYSTEM CONTROL ROOM ESSENTIAL VENTILATION SYSTEM AND THEIR SUPPORT SYSTEMS THE ONE MANUALLY ACTUATED ESF SYSTEM IS: CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM EXHIBIT 2A1-1 2,A, 1, A, BALANCE OF PLANT ENGINEERE SAFETY FEATURES ACTUATION SYSTEM S I 2)SPECIFIC DESIGN CRITERIA FOR THE BOP ESFAS ARE DETAILED IN IEEE 279-1971"CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS," SECTION 3, DETAILED AS FOLLOWS: OP S SIG S S 1)DESIGN BASIS EVENTS 2)MONITORED VARIABLES 3)-NUMBER AND LOCATION OF SENSORS 0)NORMAL OPERATION NOMINAL VARIABLE VALUES 5)NORMAL OPERATION VARIABLE LIMITS 6)ACTUATION SETPOI NTS 7)MARGIN TO ACTUATION 8)QUALIFICATION, REDUNDANCY, FAILURE MODES 9)MINIMUM PERFORMANCE REQUIREMENTS EXHIBIT 2A1-2
BASIS (1): THE DESIGN BASIS EVENTS REQUIRING BOP ESF ACTION ARE: DESIGN BASIS EVENTS LOSS OF REACTOR COOLANT-LARGE BREAK'C,E B,E@v gV y~gi o~+y~o~%+i'cP o+io+iA LOSS OF REACTOR COOLANT-SMALL BREAK FUEL HANDLING ACCIDENT-CONTAINMENT BUILDING G,E B,E'A.FUEL HANDLING ACCIDENT-SPENT FUEL POOL CHLORINE GAS RELEASE FIRE/SMOKE-PLANT VICINITY D A.MANUAL ACTUATION B.ACTUATED BY INITIATION OF CPIAS OR CIAS C.ON SIAS THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM STARTS AND IS ALIGNED TO EXHAUST FROM THE AUXILIARY BUILDING D.CONTROL ROOM ISOLATION AND RECIRCULATION E.ACTUATED BY SIAS OR CIAS: SIAS AND CIAS LOGIC IS PART OF NSSS SCOPE.F.ACTUATED BY FBEVAS.2.A.1.A BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM DESIGN CRITERIA EXHI BIT 2A1-3 BASIS (2): MONITORED VARIABLES INITIATING PROTECTIVE SIGNALS VARIABLE FUEL BUILDING AIRBORNE ACTIVITY CONTROL ROOM VENTILATION INTAKE ACTIVITY CONTROL ROOM VENTILATION INTAKE CHLORINE CONTROL ROOM VENTILATION INTAKE SMOKE(A)CONTAINMENT HYDROGEN PRESSURIZER PRESSURE(B)
CONTAiNMENT PRESSURE(B)
CONTAINMENT AIRBORNE ACTIVITY (A)NON SAFETY RELATED SENSOR (B)PART OF NSSS ESFAS e~e~P~~c~.c~<~e X X X X PROTECTIVE SIGNALS INITIATING PROTECTIVE ACTIONS SIGNAL SIAS CIAS CPIAS CREFAS CRVIAS FBEVAS MANUAL 0 4,'g>+v g'v~+>c<K g'g+v~,'b W~~+0+<<v+g+0<>v+g<O<O g'g EXH I BIT 2A1-4 BASIS (3): THE NUMBER AND LOCATION OF THE SENSORS REQUIRED TO MONITOR THE VARIABLES ARE: MONITORED VARIABLE POWER ACCESS PURGE EXHAUST AREA RADIATION LEVEL TYPE GEIGER-MUELLER NUMBER OF SENSORS LOCATION OUTSIDE CONTAINMENT BETWEEN POWER ACCESS PURGE EXHAUST DUCT AND REFUELING PURGE EXHAUST DUCT FUEL BUILDING EXHAUST DUCT RADIATION LEVEL FUEL POOL AREA RADIATION LEVEL CONTROL ROOM AIR INTAKE ACTIVITY LEVEL CONTROL ROOM AIR INTAKE CHLORINE LEVEL CONTROL ROOM AIR INTAKE SMOKE DETECTOR CONTAINMENT HYDROGEN ANALYZER P-SCINTILLATION GEIGER-MUELLER P-SCINTILLATION CHEMICALLY IMPREG-NATED PAPER TAPE, (COLOR REACTION)IONIZATION (PROD UCTS OF COMBUSTION THERMAL COND U CTI VITY 2 FUEL BUILDING EXHAUST DUCT OVERLOOKING SPENT FUEL POOL CONTROL ROOM OUTSIDE AIR INTAKE DUCT CONTROL ROOM OUTSIDE AIR INTAKE DUCT CONTROL ROOM OUTSIDE AIR INTAKE DUCT 0 UTSI DE CONTAINMENT PERMANENTLY INSTALLED WITH NORMALLY CLOSED INLET AND RETURN VALVES AVAILABLE FOR MANUAL STARTUP FROM CONTROL ROOM EXH I BIT 2A1-5 BASES (4), (5), (6), ANO (7): THE NORMAL OPERATION LIMITS FOR EACH VARIABLE, THE ACTUATION SETPOINTS ANO THE MARGIN BETWEEN THE OPERATION LIMITS ANO ACTUATION SETPOINTS ARE: ACTUATION SIG MAL (FULL POWER)NOMINAL NORMAL OPERATION LIMIT ACTUATION SETPOINT MARGIN TO ACTUATION FBEVAS FUEL BUILDING EXHAUST DUCT HIGH ACTIVITY FUEL POOL HIGH RADIATION LEVEL CPIAS POWER ACCESS PURGE EXHAUST RADIATION LEVEL LESS THAN SENSITIVITY
((10~(XE-133)CM3 0.5-MR H (2 5 MR H LESS THAN SENSITIVITY
((10~(XE-133))
CM 0.5-MR H (2 5 MR H 2x10 CM3 (XE-133)2.5-MR H 2.5-H 1 x10~CM (XE-133)2.0-H NEGLI Gl BLE CREFAS CONTROL ROOM AIR INTAKE HIGH ACTIVITY LEVEL CRVIAS CONTROL ROOM AIR INTAKE HIGH CHLORINE LEVEL CONTROL ROOM AIR INTAKE HIGH SMOKE LEVEL (MANUAL INITIATION OF CRVIAS UPON DETECTION OF SMOKE)LESS THAN SENSITIVITY
((10~(XE-133)CM3 LESS THAN SENSITIVITY LESS THAN SENSITIVITY LESS THAN SENSITIVITY
((10-S~CI (XE 133)CM3 LESS THAN SENSITIVITY LESS THAN SENSITIVITY zx10 CM3 (XE-133)4 PPM (BY VOL)1 25'BSCURATION 1 x10-6 g C CM3 (XE-133)4 PPM (BY VOL)1.2 OBSCURATION EXHIBIT 2A1-6 2.A.1,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM DESIG I E BASIS (8): THE QUALIFICATION, REDUNDANCY AND FAILURE MODE REQUIREMENTS OF THE BOP ESFAS SHALL BE AS FOLLOWS: BOP ESFAS COMPONENTS SHALL BE QUALIFIED TO WITHSTAND, AND REMAIN OPERABLE DURING THE ENVIRONMENTAL CONDITIONS MAINTAINED AT THE EQUIPMENT LOCATIONS BEFORE, DURING, AND AFTER THE SPECIFIED DESIGN BASIS EVENTS.BOP ESFAS COMPONENTS SHALL WITHSTAND, AND REMAIN OPERABLE, DURING AND AFTER A SAFE SHUTDOWN EARTHQUAKE (SSE), A SINGLE FAILURE WITHIN THE BOP ESFAS SHALL NOT PREVENT PROPER PROTECTIVE ACTION AT THE SYSTEM LEVEL, A LOSS OF POWER TO THE BOP ESFAS MEASUREMENT CHANNELS AND/OR TO THE LOGIC SYSTEM CAUSES SYSTEM ACTUATION, EXHIBIT 2A1-7 BASIS (9): THE MINIMUM PERFORMANCE REQUIREMENTS OF THE BOP ESFAS SHALL BE AS FOLLOWS: THE REQUIRED BOP ESFAS RESPONSE TIMES AND ACCURANCIES OF MEASUREMENT CHANNELS ARE PROVIDED BELOW.THE TOTAL BOP ESFAS RESPONSE TIMES REPRESENT THE SUM OF THE MEASUREMENT CHANNEL RESPONSE TIME PLUS THE BOP ESFAS LOGIC RESPONSE TIME.1)CONTAINMENT POWER ACCESS PURGE EXHAUST AREA RADIATION 2)FUEL POOL AREA RADIATION 3)FUEL BUILDING EXHAUST AIR-BORNE ACTIVITY 4)CONTROL ROOM AIR INTAKE AIRBORNE ACTIVITY 5)CONTROL ROOM AIR INTAKE CHLORINE 6)CONTROL ROOM AIR INTAKE SMOKE MEASUREMENT CHANNEL RESPONSE TIME 0.75S (POWER)1.25S REFUELING) 0.5S 0.5S 0.5S 8S 50S BOP ESFAS LOGIC RESPONSE TIME 1.278S 1.278S 1.278S 1.278S 1.278S N.A.(MANUAL INITIATION)
MEASUREMENT CHANNEL ACCURACY+20%+20/+25%+-25/+20%OF THE CHLORINE CON-CENTRATION IN THE MEASURE-MENT POINT+1 0%EX HI BIT 2A1-8 2.A,l,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S 5)ONLY THOSE ESF SYSTEMS THAT, WHEN ACTUATED, DO NOT CAUSE A PLANT CONDITION REQUIRING PROTECTIVE ACTION, OR DISTURB REACTOR OPERATIONS, SHALL BE CONTROLLED BY THE BOP ESFAS, 4)THE AUTOMATICALLY ACTUATED BOP ESF SYSTEMS SHALL USE ONE-OUT-OF-TWO INPUT SIGNAL LOGIC, 5)THE BOP ESFAS LOGIC SHALL BE CONTAINED IN SEPARATE ENCLOSURES ISOLATED FROM THE NSSS TWO-OUT-OF-FOUR ESFAS AND REACTOR PROTECTIVE SYSTEM (RPS)LOGIC, 6)THE ACTUATION SYSTEM CONSISTS OF THE SENSORS, BISTABLES, INITIATION LOGIC, AND ACTUATION LOGIC THAT MONITOR SELECTED PLANT PARAMETERS AND PROVIDE AN ACTUATION SIGNAL TO EACH INDIVIDUAL ACTUATED COMPONENT IN THE ESF SYSTEM IF THE PLANT PARAM-ETERS REACH PRESELECTED SETPOINTS, 7)THE BOP ESFAS SHALL PROVIDE THE LOGIC TO AUTOMATICALLY START AND SEQUENTIALLY LOAD THE DIESEL GENERATORS AND TO SHED ALL 4,16 KV CLASS IE LOADS ON A LOSS OF POWER, EXHIBIT 2A1-9 2.A,l.A.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM 8)THE FOLLOWING CODES AND STANDARDS SHALL BE USED IN THE DESIGN OF THE BOP ESFAS:~lOCFR50, LICENSING OF PRODUCTION AND UTILIZATION FACILITIES, APPENDIX A, GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS, JULY 15, 1973,~INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE)STD 279-197j, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS,~IEEE STD 323-1974, STANDARD FOR QUALIFYING CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS.~IEEE STD 338-1971, TRIAL-USE CRITERIA FOR THE PERIODIC TESTING OF NUCLEAR POWER GENERATING STATION PROTECTION SYSTEMS.~IEEE STD 344-1975, RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE.EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS,~IEEE STD 379-1972, TRIAL-USE GUIDE FOR THE APPLICATION OF THE SINGLE-FAILURE CRITERION TO NUCLEAR POWER GENERATING STATION PROTECTION SYSTEMS.e IEEE STD 384-1974, TRIAL-USE STANDARD CRITERIA FOR SEPARATION OF CLASS IE EQUIPMENT AND CIRCUITS, AS MODIFIED BY NRC REGULATORY GUIDE 1,75, e IEEE STD 420-1973, TRIAL-USE GUIDE FOR CLASS IE CONTROL SWITCHBOARDS FOR NUCLEAR POWER GENERATING STATIONS~EXHIBIT 2Al-10
2,A,l,A, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM 9)THE INITIATING CIRCUITS SHALL CONTINUOUSLY MONITOR KEY PROCESS VARIABLES INDICATING ACCIDENT CONDITIONS AND TRANSMITTING DIGITAL (ON-OFF)SIGNALS TO THE BOP ESFAS I N IT I AT I NG LOGIC, 10)THE BOP ESFAS INITIATING LOGIC SHALL PROVIDE TWO ESFAS INITIATION SIGNALS FOR THE ACTUATION LOGIC, ll)THE SYSTEM SHALL MONITOR THE UNDERVOLTAGE RELAYS ON THE 4,16[<V CLASS IE BUS AND INITIATE A LOGIC SIGNAL ON A TWO-OUT-OF-FOUR COINCIDENCE OF BUS UNDERVOLTAGE, THIS LOGIC SIGNAL WILL BE USED TO SHED ALL CLASS lE 4,16 KV LOADS EXCEPT THE LOAD CENTER TRANSFORMERS, SHED CERTAIN 480V LOADS, START THE DIESEL GENERATOR, START EQUIPMENT REQUIRED AFTER A LOSS OF OFFSITE POWER, AND TRIP THE 4.16 t<V CLASS IE BUS PREFERRED POWER SUPPLY BREAKERS, EXHIBIT 2A1-11 2,A, 1, A, BALANCE OF PLANT ENGINEER SAFETY FEATURES ACTUATION SYSTEM SI E 12)THE SYSTEM SHALL PROVIDE SEQUENCING LOGIC FOR SEQUENTIAL LOADING OF ESF AND FORCED SHUTDOWN LOADS ONTO THE ESF BUS UPON CLOSING OF THE DIESEL GENERATOR BREAKER, A SAFETY INJECTION ACTUATION SIGNAL (SIAS), OR AN AUXILIARY FEEDWATER ACTUATION SIGNAL (AFAS), 13)THE BOP ESFAS SHALL BE DESIGNED TO THE REQUIREMENTS FOR NUCLEAR SAFETY-RELATED SYSTEMS SUCH THAT THE DEVICES MUST MAINTAIN THEIR SAFETY-RELATED FUNCTIONAL CAPA-BILITY UNDER ALL NORMAL AND ABNORMAL PLANT OPERATING CONDITIONS, 14)THE TWO REDUNDANT INITIATING LOGIC SYSTEMS AND THE TWO REDUNDANT ACTUATION LOGIC SYSTEMS SHALL BE SEPARATED AND IDENTIFIED BY APPROPRIATE COLORED NAMEPLATE AND WIRING SEPARATION IDENTIFICATION, 15)POWER FOR EACH INDEPENDENT AND REDUNDANT LOGIC SUBSYSTEM SHALL BE SUPPLIED FROM A SEPARATE CLASS IE 120V-AC VITAL INSTRUMENT AND CLASS IE 125V-DC DISTRIBUTION BUS, 16)THE SYSTEM SHALL ACCEPT POWER INPUT LINE VARIATIONS AND TRANSIENTS WITHOUT PRODUCING FALSE PROTECTIVE ACTUATIONS OR PREVENTING REQUIRED RESPONSE TO ACCIDENT CONDITIONS, EXHIBIT 2Al-12 I
2,A,1,A.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM ESIG E I 17)PROVISIONS FOR TESTING SHALL BE IN ACCORDANCE WITH REGULATORY GUIDE (RG)1,22 AND IEEE 338-1971., 13)INTERLOCKS SHALL PREVENT THE OPERATOR FROM BYPASSING MORE THAN ONE SENSOR CHANNEL AT A TIME FOR ANY ONE TYPE OF TRIP.THIS INTERLOCK SHALL NOT COMPROMISE THE REDUNDANCE AND INDEPENDENCE OF THE CHANNELS, 19)SHOULD ANOTHER ACCIDENT CONDITION OCCUR AFTER THE LOAD SEQUENCER HAS STARTED, THE SEQUENCER SHALL RESET TO ZERO, EQUIPMENT IN OPERATION AT THIS TIME SHALL REMAIN IN OPERATION, IF A LOSS OF OFFSITE POWER (LOP)SIGNAL IS INITIATED AFTER THE LOAD SEQUENCER HAS STARTED, ALL LOADS WILL BE SHED AND RESEQUENCED ON THE DIESEL GENERA-TOR BREAKER CLOSURE, EXHIBIT 2Al-13
~MANUAL INPUT ALARM R-RED LIGHTS G-GREEN W-WHITE OR GATE AND GATE~NOT MEMORY B S S=SET R=RESET SEAS SAFETY EQUIPMENT ACTUATED STATUS SEIS SAFETY EQUIPMENT INOPERABLE STATUS HS HANDSWITCH ON DELAY OFF DELAY (TIMED MEMORY)S.P.H HIGH BISTABLE FIGURE 2A1-1 LOGIC SYMBOLS
2,A,1,B, BALANCE OF PLANT ENGINEE D SAFETY FEATURES ACTUATION SYSTEM S E 1)BOP ESFAS MEASUREMENT CHANNELS A, PROCESS MEASUREMENT CHANNELS ARE USED TO PERFORM THE FOLLOWING FUNCTIONS:
CONTINUOUSLY MONITOR EACH SELECTED GENERATING STATION VARIABLE PROVIDE INDICATION OF OPERATIONAL AVAILABILITY OF EACH SENSOR TO THE OPERATOR TRANSMIT SIGNALS TO BISTABLES WITHIN THE ESFAS INITIATING LOGIC B, PROTECTIVE PARAMETERS ARE MEASURED WITH TWO INDEPENDENT PROCESS MEASUREMENT CHANNELS EXHIBIT 2A1-14 2,A,l,B.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SSEM E RI 0 1)BOP ESFAS MEASUREMENT CHANNELS (CONT'D)C, A MEASUREMENT CHANNEL CONSISTS OF INSTRUMENT SENSING LINES, SENSOR, TRANSMITTER, POWER SUPPLY, ISOLATION DEVICE, INDICATOR, AND INTERCONNECTING WIRING, SIGNAL ISOLATION IS PROVIDED FOR COMPUTER INPUTS AND ANNUNCIATION,-
D.EACH REDUNDANT MEASUREMENT CHANNEL IS SUPPLIED FROM A SEPARATE 120V VITAL AC DISTRIBUTION BUS 2)BOP ESFAS BISTABLE AND INITIATING LOGIC A, THE BOP ESFAS INITIATING LOGICS PERFORM THE FOLLOWING FUNCTIONS:
COMPARES THE SIGNAL RECEIVED FROM THE SENSOR WITH A PREDETERMINED INITIATION SETPOINT IN THE BISTABLE CIRCUIT, PROVIDES CHANNEL AND SIGNAL STATUS INFORMATION TO THE OPERATOR, PROVIDES TWO ESFAS INITIATION SIGNALS FOR THE ACTUATING LOGIC.EXHIBIT 2A1-15 2.A.l.B.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S E S I 0 2)BOP ESFAS BISTABLE AND INITIATING LOGIC (CONT'D)B, THE BOP ESFAS INITIATING LOGIC CONSISTS OF BISTABLES, BISTABLE OUTPUT RELAYS, TRIP OUTPUT SIGNALS, INDICATING LIGHTS, AND INTERCONNECTING WIRING, C.SIGNALS FROM THE PROTECTIVE MEASUREMENT CHANNELS ARE SENT TO COMPARATOR CIRCUITS (BISTABLES)
WHERE THE INPUT SIGNALS ARE COMPARED TO PREDETERMINED SETPOINTS.
WHENEVER A CHANNEL PARAMETER REACHES THE PREDETERMINED SETPOINT, THE CHANNEL BISTABLE DEENERGIZES AN OUTPUT RELAY, D, EACH REDUNDANT CHANNEL BISTABLE RELAY IS SUPPLIED FROM A SEPARATE 120V VITAL AC DISTRIBUTION BUS,'E, THE BISTABLE SETPOINTS ARE ADJUSTABLE FROM THE FRONT OF THE CABINET, ACCESS IS LIMITED, HOWEVER, BY MEANS OF A KEY-OPERATED SWITCH.BISTABLE SETPOINTS ARE CAPABLE OF BEING READ OUT ON A DISPLAY LOCATED ON THE CABINET, F, THE ESFAS INITIATION SIGNALS ARE GENERATED IN TWO CHANNELS DESIGNATED A AND B, A SIGNAL FROM THE BISTABLE OUTPUT RELAY IN EITHER OR BOTH PROTECTIVE MEASURE-MENT CHANNELS GENERATES ESFAS INITIATING SIGNALS TO BOTH ACTUATION CHANNELS.EXHIBIT 241-16 2,A,l,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S I 3)BOP ESFAS ACTUATING LOGIC A, THE BOP ESFAS ACTUATING LOGICS PERFORM THE FOLLOWING FUNCTIONS:
RECEIVE ESFAS SIGNALS FROM THE ESFAS INITIATING LOGIC FORM ONE-OUT-OF-TWO INCIDENCE OF LIKE ESFAS SIGNALS PROVIDE A MEANS FOR REMOTE MANUAL INITIATION-PROVIDE STATUS INFORMATION TO THE OPERATOR B.THE ESFAS ACTUATING LOGIC IS PHYSICALLY LOCATED IN TWO ESFAS CABINETS, ONE CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 1 EQUIPMENT, WHILE THE OTHER CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 2 EQUIPMENT, EXHIBIT 2A1-17 2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEN S S E I C, THE TWO INITIATING SIGNALS (ONE FRON EACH BISTABLE AND INITIATING LOGIC)ARE ARRANGED IN A ONE-OUT-OF-TWO LOGIC IN EACH ACTUATION CHANNEL, ACTUATION OF EITHER SIGNAL DEENERGIZES THE GROUP RELAY ASSOCIATED WITH THAT CHANNEL, AND RESULTS IN AN ACTUATION SIGNAL, D, EACH ACTUATION CHANNEL IS SUPPLIED FRON A SEPARATE 120V AC DISTRIBUTION BUS AND A SEPARATE CLASS IE 125V DC DISTRIBUTION BUS, 4)BOP ESF SYSTEN ACTUATION A, CONPONENTS IN EACH BOP ESF SYSTEN ARE ACTUATED BY GROUP RELAYS, THE GROUP-RELAY CONTACTS ARE IN THE POWER CONTROL CIRCUIT FOR THE ACTUATED CONPONENTS OF EACH ESF SYSTEN, B, THE INITIATING AND ACTUATING LOGIC CAUSES DEENERGIZATION OF THE ACTUATION RELAY WHENEVER THE BISTABLE OUTPUT RELAY IS DEENERGIZED, C, DEENERGIZATION OF THE GROUP RELAY ACTUATES THE ESF SYSTEN CONPONENTS, EXHIBIT 2A1-18 a
2,A, 1,B, BALANCE OF PLANT ENGINE SAFETY FEATURES ACTUATION SYSTEM S S S I 0 5)CHANNEL BYPASSES A, INITIATING LOGIC BYPASSES ARE PROVIDED IN THE BOP ESFAS AND ARE EMPLOYED TO REMOVE THE INITIATING LOGIC FROM SERVICE FOR MAINTENANCE, B, THE ACTUATING LOGIC IS CONVERTED TO A SINGLE ACTIVE CHANNEL FOR THE ESFAS-MONITORED VARIABLE BYPASSED, THE BYPASS TIME INTERVAL FOR MAINTENANCE IS SO SHORT THAT THE PROBABILITY OF FAILURE OF THE REMAINING MEASUREMENT CHANNEL AND INITIATING LOGIC IS ACCEPTABLY LOW DURING MAINTENANCE BYPASS PERIODS, C, OTHER ESFAS-MONITORED VARIABLE INITATING LOGICS THAT HAVE NOT BEEN BYPASSED IN EITHER OF THEIR TWO CHANNELS REMAIN IN A ONE-OUT-OF-TWO ACTUATING LOGIC, D, THE BYPASS IS MANUALLY INITIATED AND MANUALLY REMOVED, E, AN ELECTRICAL INTERLOCK ALLOWS ONLY ONE INITIATING LOGIC FOR ANY ONE ESFAS-MONITORED VARIABLE TO BE BYPASSED AT ONE TIME, F, BYPASSES ARE ANNUNCIATED VISUALLY AND AUDIBLY TO THE OPERATOR, EXHIBIT 2Al-19 2,A,l,B.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S E 6)OPERATING BYPASSES THE BOP ESFAS HAS NO OPERATING BYPASSES, 7)INTERLOCKS ELECTRICAL INTERLOCKS IN THE.BOP ESFAS PREVENT THE OPERATOR FROM BYPASSING MORE THAN ONE INITIATING LOGIC FOR A PARTICULAR ESFAS-MONITORED VARIABLE AT A TIME, DIFFERENT ESFAS-MONITORED VARIABLE INITIATING LOGICS MAY BE BYPASSED SIMULTANEOUSLY, EITHER IN THE SAME CHANNEL OR IN DIFFERENT CHANNELS, EXHIBIT 2A1-20
2,A.l.B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S S SC I IO 8)REDUNDANCY REDUNDANT FEATURES OF THE BOP ESFAS INCLUDE: A.TWO INDEPENDENT CHANNELS, FROM PROCESS SENSOR/TRANSMITTER THROUGH AND INCLUDING BISTABLE OUTPUT RELAYS B, TWO INITIATING LOGIC PATHS ARE PRESENT FOR EACH ACTUATION SIGNAL C, EACH ACTUATION SIGNAL ACTUATES TWO OUTPUT TRAINS SO THAT REDUNDANT SYSTEM COMPONENTS MAY BE ACTUATED FROM SEPARATE TRAINS D, POWER FOR THE SYSTEM PROVIDED FROM TWO SEPARATE BUSES (POWER FOR CONTROL AND OPERATION OF REDUNDANT ACTUATED COMPONENTS COMES FROM SEPARATE BUSES, LOAD GPOUP 1 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 1 BUS AND LOAD GROUP 2 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 2 BUS.)THE RESULT OF THE REDUNDANT FEATURES IS A SYSTEM THAT MEETS THE SINGLE FAILURE CRITERION, EXHIBIT 2Al-21 MEASUREMENT CHANNEL INITIATING LOGIC ACTUATION LOGIC ACTUATED DEVICES SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE INDI CATO R SET POINT Hl BYPASS 1/2 CR MANUAL TO TRAIN A ACTUATED DEVICES SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE INDICATOR SET POINT Hl BYPASS 1/2 CR MANUAL TO TRAIN 8 ACTUATED DEVICES NOTE: SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELECTRICALLY ISOLATEO ANO PHYSICALLY SEPARATED.
TYPICAL BOP ESFAS LOGIC FIGURE 2A1-2 0 0 MEASUREMENT CHANNEL INITIATING LOGIC ACTUATION LOGIC ACTUATED DEVICES SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE INDICATOR SET POINT Hl 1/2" CR MANUAL TO TRAIN A ACTUATED DEVICES SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE I ND I CATO R SET POINT Hl 1/2 CR MANUAL TO TRAIN 8 ACTUATED DEVICES ll NOTE: SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELECTRICALLY ISOLATED ANO PHYSICALLY SEPARATED.
TYPICAL BOP ESFAS LOGIC FIGURE 2A1-2A 2,A,1,8, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM 9)DIVERSITY THE BOP ESFAS IS DESIGNED TO ELIMINATE CREDIBLE DUAL CHANNEL FAILURES ORIGINATING FROM A COMMON CAUSE, THE FAILURE MODES OF REDUNDANT CHANNELS AND THE CONDITIONS OF OPERATION THAT ARE COMMON TO THEM ARE ANALYZED TO ASSURE THAT: A, THE MONITORED VARIABLES PROVIDE ADEQUATE INFORMATION DURING THE ACCIDENTS B, THE EQUIPMENT CAN PERFORM AS REQUIRED C, THE INTERACTIONS OF PROTECTIVE ACTIONS, CONTROL ACTIONS, AND THE ENVIRONMENTAL CHANGES THAT CAUSE, OR ARE CAUSED BY, THE DESIGN BASIS EVENTS DO NOT PREVENT THE MITIGATION OF THE CONSEQUENCES OF THE EVENT, EXHIBIT 2A1-22 0 0 2,A,1,B.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S E D SC IO 9)DIVERSITY (CONT'D)D, THE SYSTEM CANNOT BE MADE INOPERABLE BY THE INADVERTENT ACTIONS OF OPERATING AND MAINTENANCE PERSONNEL IN ADDITION, THE DESIGN IS NOT ENCUMBERED WITH ADDITIONAL COMPONENTS OR CHANNELS WITHOUT REASONABLE ASSURANCE THAT SUCH ADDITIONS ARE BENEFICIAL, 10)TESTING PROVISIONS ARE MADE TO PERMIT PERIODIC TESTING OF THE BOP ESFAS, TESTS COVER THE TRIP ACTIONS FROM SENSOR INPUT THROUGH THE PROTECTION SYSTEM AND THE ACTUATION DEVICES, SYSTEM TEST DOES NOT INTERFERE WITH THE PROTECTIVE FUNCTION OF THE SYSTEM, THE TESTING SYSTEM MEETS THE CRITERIA OF IEEE STANDARD 338-1971 AND OF REGULATORY GUIDE 1,22.EXHIBIT 2A1-23 2,A,l,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM ES 10)TESTING (CONT'D)ACTUATION OF THE ESF SYSTEMS CONTROLLED BY THE ONE-OUT-OF-TWO ESFAS DOES NOT DISTURB NORMAL PLANT OPERATING CONDITIONS, THE ONE-OUT-OF-TWO ESFAS IS TESTED BY COf"IPLETE ACTUATION AS FOLLOWS: A, SENSOR CHECKS, DURING REACTOR OPERATION, THE f'1EASUREMENT CHANNELS PROVIDING AN If'lPUT TO THE ESFAS ARE CHECKED BY COMPARING THE OUTPUTS OF SIMILAR CHANNELS, AND BY CROSS-CHECKING WITH RELATED MEASUREf1ENTS, DURING EXTENDED SHUTDOWN PERIODS OR REFUELING, THESE MEASUREMENT CHANNELS ARE CHECKED AND CALIBRATED AGAINST KNOWN STANDARDS, B, TRIP BISTABLE TEST, TESTING OF THE SYSTEM IS ACCOMPLISHED BY MANUALLY VARYING THE INPUT SIGNAL TO THE TRIP SETPOINT LEVEL ON ONE BISTABLE AT A TIME AND OBSERVING THE TRIP ACTION, EXHIBIT 2A1-24
2,A,1,B, BALANCE OF PLANT ENGINEER D SAFETY FEATURES ACTUATION SYSTEN SYS E S 0 10)TESTING (CONT'D)WHEN THE BISTABLE OF A PROTECTIVE CHANNEL IS IN A TRIPPED CONDITION, THE FOLLOWING CONDITIONS SHOULD EXIST, THE BISTABLE OUTPUT RELAY IS DEENERGIZED, THE GROUP RELAY IN EACH ACTUATION CHANNEL IS DEENERG IZED, THE ESF COMPONENTS ARE IN THE ESFAS ACTUATION POSITION, ACTUATION IS ANNUNCIATED ON THE CONTROL ROON ANNUNCIATOR PANEL, EXHIBIT 2Al-25 2,A,1,B, BALANCE OF PLANT ENGINE D SAFETY FEATURES ACTUATION SYSTEM.S S C P 10)TESTING (CONT'D)PROPER OPERATION MAY BE VERIFIED BY THE FOLLOWING:
CHECKING THE POSITION OF EACH ESF COMPONENT CHECKING THE ACTUATION ANNUNCIATION CHECKING THE ESF COMPONENT STATUS INDICATION THE TEST IS REPEATED FOR THE OTHER BISTABLE, C, RESPONSE TIME TESTS, RESPONSE TIME TESTING WILL BE PERFORMED AT REFUELING INTERVALS, THESE TESTS INCLUDE THE SENSORS FOR EACH ESFAS CHANNEL AND ARE BASED ON THE PREVIOUSLY DEFINED SYSTEM RESPONSE TIME CRITERIA, EXHIBIT 2A1-26 2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S 11)ACTUATED SYSTEMS A, FUEL BUILDING ESSENTIAL VENTILATION SYSTEM~IN THE EVENT OF A FUEL HANDLING ACCIDENT IN THE SPENT FUEL AREA, SENSORS IN THE FUEL BUILDING WILL DETECT THE FISSION PRODUCTS RELEASED FROM THE FUEL,~THE FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SIGNAL (FBEVAS)IS INITIATED BY ONE-OUT-OF-TWO HIGH AIRBORNE ACTIVITY SIGNALS FROM RADIATION MONITORS, ONE OF WHICH IS A GASEOUS MONITOR IN THE FUEL BUILDING NORMAL EXHAUST DUCT, AND THE OTHER OF WHICH IS AN AREA RADIATION MONITOR ON A WALL OVERLOOKING THE FUEL POOL,~THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM IS AUTOMATICALLY ACTUATED BY A FBEVAS FROM THE BOP ESFAS TO REDUCE THE RELEASE OF FISSION PRODUCTS INTO THE ENVIRONMENT, EXHIBIT 2A1-27
2,A,1.B, BALANCE'.OF PLANT ENGINEE D SAFETY FEATURES ACTUATION SYSTEM S E~THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRIC POWER TO ONE-OUT-OF-TWO LIKE CHANNELS IN THE MEASUREMENT CHANNELS, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE FUEL BUILDING ESSENTIAL VENTILA-TION SYSTEM,~MANUAL INITIATION OF THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM IS PROVIDED IN THE CONTROL ROOM,~THE FUEL BUILDING ESSENTIAL VENTILATION SYSTEM IS COMPOSED OF COM-PONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP 1 AND LOAD GROUP 2 THE INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 1 ARE PHYSICALLY AND ELECTRICALLY SEPARATE AND INDEPENDENT OF THE INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 2, INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN EQUIPMENT FUNCTIONAL CAPABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT REQUIRE FUEL BUILDING VENTILATION ISOLATION, EXHIBIT 2A1-28 2,A, l,B, BALANCE OF PLANT ENGINEER SAFETY FEATURES ACTUATION SYSTEN P~THE FBEVAS IS COi"1BINED WITH THE SIAS IN THE DEVICE CONTROL CIRCUITS SO THAT ANY ONE OF THE SIGNALS (LOGICAL OR)ACTIVATE THE REQUIRED DEVICES, DURING SIAS OPERATION, THE FUEL BUILDING/AUXILIARY BUILDING ESSENTIAL VENTILATION SYSTEN IS ALIGNED TO EXHAUST FRON THE AUXILIARY BUILDING, THE SIAS TAKES PRECEDENCE OVER FBEVAS SHOULD BOTI(SIGNALS BE PRESENT AT THE SAI'1E TIf'lE, EXHIBIT 2A1-29 2,A,l,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SS S IP I B, CONTAINMENT PURGE ISOLATION SYSTEM o IN THE EVENT OF A FUEL HANDLING ACCIDENT INSIDE THE CONTAINMENT, SENSORS WILL DETECT THE FISSION PRODUCTS RELEASED FROM THE FUEL,'j~THE CONTAINMENT PURGE ISOLATION ACTUATION SIGNAL (CPIAS)IS INITIATED BY ONE-OUT-OF-Tl40 HIGH AIRBORNE ACTIVITY SIGNALS FROM REDUNDANT RADIATION MONITORS LOCATED IN CLOSE PROXIMITY WITH THE POHER ACCESS PURGE EXHAUST DUCT AND THE REFUELING PURGE EXHAUST DUCT, e THE CONTAINMENT PURGE ISOLATION SYSTEM IS AUTOMATICALLY ACTUATED BY THE CPIAS FROM THE BOP ESFAS TO PROHIBIT RELEASE OF RADIOACTIVE MATERIAL INTO THE ENVIRONMENT, EXHIBIT 2A1-50 MEASUREMENT CHANNEL INITIATING LOGIC ACTUATION LOGIC ACTUATED DEVICES FUEL POOL RA 0 I ATION SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE INDICATOR SET POINT Hl BYPASS CREFAS A 1/2 CR MANUAL TO TRAIN A ACTUATED DEVICES FUEL BUILDING EXHAUST DUCT ACTIVITY SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE IND I CATO R SET POINT Hl BYPASS CREFAS B 1/2 CR MANUAL TO TRAIN 8 ACTUATED DEVICES NOTE: SIGNALS BETWEEN REOUNOANT CHANNELS ARE ELECTRICALLY ISOLATED ANO PHYSICALLY SEPARATEO.
FBEVAS LOGIC FIGURE 2A1-3 0 NORMAL AHU OSA FBEVAS-BOP ESFAS Hl RADIATION TO ATMOSPHERE RU Wp'g Hg FC FC//QRU/NURMAL EXHAUST PLENUM i I/i h l w/FC FC FC~~NORMAL EXHAUST FAN ROOF SPENT FUEL POOL ESSENTIAL AFU FUEL BLDG.SIAS NSSS ESFAS ESSENTIAL AFU EL.100'UX BLDG.FIGURE 2A14 FUEL BUILDING ESSENTIAL VENTILATION SYSTEM SIMPLIFIED DIAGRAM FROM ESF PUMP ROOMS 2.A,1.8.BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SSE D RP I o THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRIC POWER TO ONE-OUT-OF-TWO LIKE CHANNELS IN THE MEASUREMENT CHANNELS, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE CONTAINMENT PURGE ISOLATION SYSTEM, e MANUAL INITIATION OF THE CONTAINMENT PURGE ISOLATION SYSTEM IS PROVIDED IN THE CONTROL ROOM,~THE CONTAINMENT PURGE ISOLATION SYSTEM IS COMPOSED OF COMPONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP 1 AND LOAD GROUP 2, INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 1 ARE PHYSICALLY AND ELECTRICALLY SEPARATE AND INDEPENDENT OF INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 2, INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN EQUIPMENT FUNCTIONAL CAPABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT ARE MITIGATED BY THE CONTAINMENT PURGE ISOLATION SYSTEM, e THE CPIAS IS COMBINED WITH THE CONTAINMENT ISOLATiON ACTUATiON SIGNAL (CIAS)IN THE CONTROL CIRCUITS OF THE ISOLATION VALVES SO THAT EITHER SIGNAL (LOGICAL OR)CAN ACTUATE THESE VALVES.EXHIBIT 2A1-31
802 TO FUEL BLDG DAMPER (CLOSE)TO AUX BLDG HFL-004 DAMPER (OPED)r MCC R r STOP START SIAS START FAN A THIS DWG HFL-003 TO HEATER FROM AUX BLDG (ON)DAMPER (OPEN)HFL-004/CR R/(HS-62)OVERRIDE B02 HS 64 START FUEL B F VAS SEOUENCE ST HS-62 STOP AUX BLDG HS-64 STOP FUEL BLDG ELECTRICAL PROTECTION SEIS STOP FAN A HFL-003 HFL-004 HFL-004 HFL 004 HFL-004 TO ALARM PERMISSIVE FROM FUEL BLDG HFL-004 r MCC 6/FROM AUX BLDG HFL 004 DAMPER (CLOSE)FROM FUEL BLDG DAMPER (CLOSE)DAMPER (OPEN)TO FUEL BLDG DAMPER (OPEN)TO AUX BLDG DAMPER (CLOSE)TO AUX BLDG DAMPER (CLOSE)TO FUEL BLDG DAMPER (CLOSE)rCR R/(HS-64)rCR G I (HS 62)rCR G~I'HS-641 HS-62 TYPE-CMC SPRING RETURN TO NEUTRAL STOP START OVERRIDE HS-64 TYPE-CMC SPRING RETURN TO NEUTRAL FIGURE 2A1-5 FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SYSTEM TYPICAL ACTUATED DEVICE LOGIC MEASUREMENT CHANNEL INITIATING LOGIC ACTUATION LOGIC ACTUATED DEVICES POWER ACCESS PURGE EXHAUST RADIATION SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE INDICATOR SET POINT Hl BYPASS CREFAS A 1/2 CR MANUAL TO TRAIN A ACTUATED DEVICES POWER ACCESS PURGE EXHAUST RADIATION SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE IN D I GATOR SET POINT Hl BYPASS CREFAS B 1/2 MANUAL TO TRAIN B ACTUATED DEVICES NOTE: SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELECTRICALLY ISOLATEO AND PHYSICALLY SEPARATED.
HS-2 OPEN CR~CPIAS I CIAS I HS-2 CLOSE SEIS OPEN INLET ISOLATION VALVE UV.2A OPEN OUTLET ISOLATION VALVE UV-2B CLOSE INLET ISOLATION VALVE UV-2A CLOSE OUTLET ISOLATION VALVE UV-2B SEAS SEAS z MCC R y MCC R/z MCC G j MCC G gCR R iCR G ELECTRICAL PROTECTION TORQUE PROTECTION TORQUE PROTECTION ELECTRICAL PROTECTION STOPS INLET ISOLATION VALVE UV-2A STOPS OUTLET ISOLATION VALVE U V-2B SEIS FIGURE 2A1-7 CONTAINMENT PURGE ISOLATION ACTUATION SYSTEM TYPICAL ACTUATED DEVICE LOGIC 2.A.1.B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SYS E D SC C.CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS~THE CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS ARE THE CONTROL ROOM VENTILATION ISOLATION SYSTEM AND THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM.o THE CONTROL ROOM VENTILATION ISOLATION ACTUATION SIGNAL (CRVIAS)IS INITIATED BY ONE-OUT-OF-TWO CONTROL ROOM OUTSIDE AIR INTAKE HIGH CJILORI NE SIGNALS.~THE CONTROL ROOM VENTILATION ISOLATION SYSTEM IS AUTOMATICALLY ACTUATED BY A CRVIAS FROM THE BOP ESFAS TO ACTIVATE THE CONTROL ROOM ESSENTIAL AHU'S AND ISOLATE THE CONTROL ROOM FROM OUTSIDE AIR,~THE CONTROL ROOM ESSENTIAL FILTRATION ACTUATION SIGNAL (CREFAS)IS INITIATED BY ONE-OUT-OF-THO CONTROL ROOM OUTSIDE AIR INTAKE HIGH AIRBORNE ACTIVITY SIGNALS, A FBEVAS, OR A CPIAS, EXHIBIT 2A1-52
2,4,1.8, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S SC P 0.~THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM IS AUTOMATICALLY ACTUATED BY A CREFAS FROM THE BOP ESFAS TO ACTIVATE THE CONTROL ROOM ESSENTIAL AHU'S AND ROUTE OUTSIDE AIR THROUGH THE ESSENTIAL FILTRATION UNITS TO PRESSURIZE THE CONTROL ROOM AND PREVENT INFILTRATION OF UNTREATED AIR, o THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRIC POWER TO ONE OF THE Tll0 LIKE CHANNELS IN THE MEASUPEMENT CHANNEf.S, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE CONTROL ROOM VENTILATION ISOLATION SYSTEM,~THE SYSTEM IS DESIGNED SO THAT LOSS OF ELECTRICAL POl'IER TO ONE OF THE TWO LIKE CHANNELS IN THE MEASUREMENT CHANNELS, INITIATING LOGIC, OR TO THE ACTUATING LOGIC ACTUATES THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM.~MANUAL INITIATION OF THE CONTROL ROOM VENTILATION ISOLATION SYSTEM AND THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM IS PROVIDED IN THE CONTROL ROOM, EXHIBIT 241-33
2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SYS S R PTIO~BOTH CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS ARE COMPOSED OF COMPONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP 1 AND LOAD GROUP 2.INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 1 ARE PHYSICAL Y AND ELECTRICALLY SEPARATE AND INDEPENDENT OF INSTRUMENTATION AND CONTROLS OF THE COMPONENTS AND EQUIPMENT IN LOAD GROUP 2, INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN CONTROL ROOM HABITABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT REQUIRE THE CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS.~THE CREFAS IS COMBINED MITH THE SIAS IN THE DEVICE CONTROL CIRCUITS SO THAT ANY ONE OF THE SIGNALS (LOGICAL OR)ACTUATES THE REQUIRED DEVICES,~THE CRVIAS IS COMBINED WITH THE SIGNALS THAT ACTUATE THE CONTROL ROOM ESSENTIAL FILTRATION SYSTEM IN THE DEVICE CONTROL CIRCUITS SO THAT-ANY OF THESE SIGNALS (LOGICAL OR)CAN ACTUATE THE ISOLATION VALVING COMMON TO BOTH OF THE CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS, THE CRVIAS TAKES PRECEDENCE OVER CREFAS TO ISOLATE THE CONTROL ROOM SHOULD BOTH SIGNALS BE PRESENT AT THE SAME TIME, EXHIBIT 2Al-34 0
2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM SYS E D SCR P 0 IN ADDITION TO THE AUTOMATIC INITIATING SIGNALS, TWO INDEPENDENT SMOKE DETECTORS ARE PROVIDED IN THE OUTSIDE AIR INTAKE PLENUM, UPON DETECTION OF SMOKE, AN AUDIBLE AND VISIBLE ALARM HILL ALERT THE OPERATOR TO MANUALLY INITIATE THE CONTROL ROOM VENTILATION ISOLATION SYSTEM, EXHIBIT 2A1-35 0,
MEASUREMENT CHANNEL INITIATING LOGIC ACTUATION LOGIC ACTUATED DEVICES CONTROL ROOM AIR INTAKE CHLORINE SENSOR TRANSMITTER POWER SUPPLY ISOLATION Df VICE INDICATOR SET POINT Hl BYPASS 1/2 MANUAL TO TRAIN A ACTUATED DEVICES CONTROL ROOM AIR INTAKE CHLORINE SENSOR TBANSMITTE R POWER SUPPLY ISOLATION DEVICE INDICATOR SET POINT Hl BYPASS S/2 CR MANUAL TO TRAIN B ACTUATED DEVICES NOTE: SIGNALS BETWEEN REOUNOANT CHANNELS ARE ELECTRICALLY ISOLATEO ANO PHYSICALLY SEPARATEO.
CRVIAS LOGIC FIGURE 2A1-8 t
MEASUREMENT CHANNEL INITIATING LOGIC ACTUATION LOGIC ACTUATED DEVICES CONTROL ROOM Al R INTAKE ACTIVITY SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE INDI CATO R SET POINT Hl BYPASS CPIAS A 1/2 MANUAL TO TRAIN A ACTUATED DEVICES FBEVAS A FBEVAS B CONTROL ROOM AIR INTAKE ACTIVITY SENSOR TRANSMITTER POWER SUPPLY ISOLATION DEVICE I N D I CATO 8 SET POINT Hl BYPASS CPIAS B S/2 CR MANUAL TO TRAIN B ACTUATED DEVICES NOTE: SIGNALS BETWEEN REDUNDANT CHANNELS ARE ELE CTRICALLY ISOLATEO ANO PHYSICALLY SEPARATED.
CREFAS LOGIC FIGURE 2A1-9 2,A,1,B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S S M E T D.CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM~THE CONTAINMENT HYDROGEN GAS CONCENTRATION MAY INCREASE TO A COMBUSTIBLE CONCENTRATION FOLLOWING A LOCA.IN THE UNLIKELY EVENT THAT A LOCA DOES OCCUR THE CONTAINMENT HYDROGEN GAS CONCENTRATION IS MAINTAINED LESS THAN THE LOWER COMBUSTIBLE LIMIT BY OPERATION OF THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM,~THE PRINCIPAL PARAMETER MONITORED FOR DETERMINING WHEN THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM IS TO BE PLACED IN SERVICE IS HYDROGEN CONCENTRATION.
THE CONTAINMENT HYDROGEN ANALYZER IS NORMALLY ON STANDBY, FOLLOWING A DESIGN BASIS ACCIDENT (DBA), THE HYDROGEN ANALYZER IS PLACED IN SERVICE WITH CONTROLS MOUNTED IN THE MAIN CONTROL ROOM,~THE CONTAINI'lENT COMBUSTIBLE GAS CONTROL SYSTEM COMPONENTS ARE CONTROLLED MANUALLY FROM CONTROL SWITCHES LOCATED AT LOCAL PANELS, THE LOCAL PANEL(S)WILL BE ACCESSIBLE AFTER A DBA, EXHIBIT 2A1-56
2,A.1.B, BALANCE OF PLANT ENGINEERED SAFETY FEATURES ACTUATION SYSTEM S S E C~A CONTROL SWITCH WITH AN OVERRIDE FEATURE IS PROVIDED FOR EACH OF THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEf j ISOLATION VALVES, THIS CONTROL SWITCH OVERRIDE FEATURE IS FUNCTIONAL ONLY AFTER RECEIPT OF THE CIAS, AND PERMITS CONTROL OF EACH VALVE INDEPENDENT OF THE CIAS, THE OPEN AND CLOSED POSITIONS OF TilESE VALVES, IN ADDITION TO THE OVERRIDE STATUS, ARE INDICATED IN THE CONTROL ROOM.~THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM IS COMPOSED OF COMPONENTS IN REDUNDANT LOAD GROUPS, LOAD GROUP j.AND LOAD GROUP 2, INSTRUMENTATION AND CONTROLS OF COMPONENTS AND EQUIPMENT IN LOAD GROUP j.ARE PHYSICALLY AiND ELECTRICALLY SEPARATE AND INDEPENDENT OF INSTRUMENTATION AND CONTROLS OF COf'1PONENTS AND EQUIPMENT IH LOAD GROUP 2.INDEPENDENCE IS ADEQUATE TO RETAIN THE REDUNDANCY REQUIRED TO MAINTAIN EQUIPMENT FUNCTIONAL CAPABILITY FOLLOWING THOSE DESIGN BASIS EVENTS THAT ARE I'1ITIGATED BY THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM,~THE CONTAINMENT COf'1BUSTIBLE GAS CONTROL SYSTEM TEST PRESSURE IS GREATER THAN THE PEAK CONTAINMENT DESIGN PRESSURE, THIS PRECLUDES SYSTEf'1 OVER-PRESSURIZATION BY THE INADVERTENT OPENING OF THE ISOLATION VALVES, EXHIBIT 2A1-37 0-0-~MANUAL CR BOP ESFAS CRVIAS CREFAS NSSS ESFAS SIAS TO'ATMOSPHERE SMOKE AT C ONTROL ROOM//CLOSES/OAMPERS OPENS OAMPERS//h(h~NORMAL M M NO NO NO NO NORMAL AHU ESSENTIAL AHU ESSENTIAL AHU CH 0 FC FC CH CH FIGURE 2A1-10 CONTROL ROOM ESSENTIAL VENTILATION SYSTEM SIMPLIFIED DIAGRAM HS OPEN LOP SIAS CREFAS CRVIAS HS CLOSE CR L OPEN DAMPER CLOSE DAMPER SEAS SEAS MCC/R CR'll,/R MCC r G CR/'r CLOSE OPEN OVERRIDE CR SPRING RETURN TO NEUTRAL TORQUE PROTECTION ELECTRICAL PROTECTION STOP DAMPER MOVEMENT SEIS CONTROL ROOM ESSENTIAL VENTILATION SYSTEMS TYPICAL ACTUATED DEVICE LOGIC FIGURE 2A1-11
HS CLOSE{MOMENTARY)
CIAS CLOSE VALVE OPEN VALVE HS OPEN (MOMENTARY)
CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM DEVICE CONTROL LOGIC FIGURE 2A1-12
2,A,2.ENGINEERED SAFETY FEATURES SYSTEM ACTUATED DEVICE TYPICAL LOGIC EACH ESF SYSTEM-ACTUATED DEVICE RECEIVES AN ESFAS SIGNAL OR COMBINATION OF ESFAS SIGNALS TO AUTOMATICALLY ACTUATE THE DEVICE TO ITS"SAFE" POSITION AS REQUIRED TO PERFORM THE ESF SYSTEM FUNCTION, AND TO BLOCK INADVERTENT OPERATOR INTERVENTION.
RESET OF THE ESFAS SIGNAL DOES NOT AFFECT THE STATUS OF THE ACTUATED DEVICE: THE DEVICE REMAINS IN ITS"SAFE" MODE OF OPERATION ON RESET OF THE ESFAS SIGNAL, (RESET OF AN ESFAS SIGNAL CAN OCCUR ONLY AFTER THE INITIATING CONDITIONS HAVE CLEARED, AND THE OPERATOR HAS MANUALLY RESET THE ESFAS SIGNAL LOGIC)EACH ESF SYSTEM-ACTUATED DEVICE IS PROVIDED WITH MANUAL CONTROL TO ENABLE THE OPERATOR TO ACTUATE THE DEVICES AS NECESSARY FOR OPERATION AND TESTING, FEEDBACK TO THE OPERATOR IS PROVIDED IN THE FORM OF RED AND GREEN LIGHTS IDENTIFYING THE OPERATIONAL STATUS OF THE DEVICE.ELECTRICAL PROTECTION CIRCUITS ARE PROVIDED TO PRECLUDE PHYSICAL DAMAGE UNDER OVERLOADED CONDITIONS.
IN THE CASE OF MOTOR-OPERATED VALVES, THE THERMAL OVERLOAD PROTECTION IS BYPASSED BY THE ESFAS SIGNAL, ANNUNCIATION OF ELECTRICAL PROTECTION IS PROVIDED, EXHIBIT 2A2-j.
2,A,2, ENGINEERED SAFETY FEATURES SYSTEN ACTUATED DEVICE TYPICAL LOGIC AN ESF SYSTEM-ACTUATED DEVICE IS PROVIDED WITH THE CAPABILITY TO OVERRIDE THE ESFAS SIGNAL TO ALLOW NANUAL CONTROL OF THE ESF SYSTEN, IN GENERAL, OVERRIDE OF THE ESFAS IS PERFORNED AS FOLLOWS: WITH THE ESFAS SIGNAL PRESENT, THE OVERRIDE NODE IS ENABLED BY PLACING THE CONTROL SMITCH IN THE"SAFE" POSITION.FEEDBACK TO THE OPERATOR IS PROVIDED IN THE FORN OF A WHITE LIGHT INDICATING THAT THE OVERRIDE NODE IS ENABLED, THE OVERRIDE MODE IS AUTOHATICALLY RESET WHEN THE ESFAS SIGNAL IS RESET AND NO LONGER PRESENT, THE OVERRIDE FUNCTIONS TO BLOCK THE ESFAS SIGNAL AND TO ENABLE NANUAL CONTROL OF THE ACTUATED DEVICE, THE OVERRIDE ITSELF DOES NOT AFFECT THE STATUS OF THE ACTUATED DEVICE.THE ACTUATED DEVICE CAN THEN BE RETURNED TO THE"NORNAL" NODE OF OPERATION BY PLACING THE CONTROL SWITCH IN THE"NORNAL" POSITION, EXHIBIT 2A2-2 2,A.2, ENGINEERED SAFETY FEATURES SYSTEM ACTUATED DEVICE TYPICAL LOGIC EACH ESF SYSTEM-ACTUATED DEVICE IS MONITORED BY THE SAFETY EQUIPMENT STATUS SYSTEM (SESS)FOR SAFETY EQUIPMENT ACTUATED STATUS (SEAS)WHICH PROVIDES ANNUNCIATION ON"FAILURE TO AUTOMATICALLY ACTUATE" SAFETY EQUIPMENT INOPERABLE STATUS (SEIS)WHICH PROVIDES ANNUNCIATION ON"BYPASS OR INOPERABLE STATUS" INTERFACING, SIGNALS TO ACTUATE SUPPORT SYSTEMS OR DEVICES ARE PROVIDED AS NECESSARY, EXH I BIT 242-5
ENGINEERED SAFETY FEATURE SYSTEM ACTUATED DEVICE TYPICAL LOGIC OO0 STOP START HS-'SAFE" POSITION ESFAS SIGNAL TQ SuPPORT DEVICE ACTUATE'EVICE TO"SAFE" POSITION SPAING AETURN TO CFNTEA HS-"NOAMAL" POSITION TO SUPPORT DEVICE ACTUATE DEVICE TO"NORMAL" POSITION ELECTAICAL PAOTECTION LEIS"SAFE" POSITION AS AEGUIRED TO PEAFOAM ESF SYSTEM FUNCTION"NOAMAL" POSITION IS OPPOSITE FAOM"SAFE" POSITION, NOT!NECESSAAILY THE OPERATING POSITION FIGURE 2A2-1
Ill pa+1l~~g~0 l~;Ng MAIN CONTROL ROOM SLIDE 1
'
e" TRAIN A SWITCHES~~~pic.~JW+h, p~~,~~higrg pic p YOR SE h BOP ESFAS MANUAL INITIATION SWITCHES SLIDE 2
TRAIN B SWITCHES gfrlH~E~f<<~~~~,~<r S v QSS JJYJ'E~S<:.l J,E S?i,'ij E\~~P~',4*<<$S$6<PE<,+t Y~JE/i<~((gE;,".",:;":" E;.Wpt~SST)SSSS~j.;,~i'tA SVS':~I OVS;<SS,SSISSOS@~5j<JES esa~E SV<r<6+~%g E hl~N<S'."'"'"',."..
'"..VAliN..-'.-.X>0"'EÃ: ES'..~f'-':,': 'l jjjggqi,gg)~~.EW,:l>
."",.>'..':;:.'j,~F/ONCE 1RII'YPAQ~~j;","='tg 8'<<(gag~'@'g~gPrF>
<<r<.$j l"Pe'g',,<<OEN~~l HOl~lglVP.~;~1.q
'4'><<!~<>>im;"o~~~<'I E'<rll<BOP ESFAS MANUAL INITIATION SWITCHES>SLIDE 3 I 0
BOP ESFAS., T REACTOR TRIP SYSTEM af fls 5 H th ME55 CH TOO LO th ME55~CH TOV'50 I LVL CN H$4 t LVL Ol TOO I~~0K LN PQ N th PASS Ol%-Qt 5t5 Tf S'I I H 50 I LVL Ol tfE.TOO H 50 2 LVL ME.TOO f'.gP, r,f~')ca Clt CN N a OHT CH TOO LO th MESS Ol TRt I LO$4 I tff 55 Ol lO$0 I l'll CN TRF LO$0 t LIL CH LOOC fLN 50 I CH LEO a LO th MESS Ol ME-THt LO 54 I MESC W LO 50 I LVL~K-TOO I LO$4 2 LVL a tf0.~LO K TLOW$0 I t K&LO OHN CN ME TW ta LIL BOP ESFAS 5 RPS-ANNUNCIATION SLIDE 4 ACTUATION ALARMS CREFAS A HI P1A PRESS CH TtuP'I'<<<<LO PZR PRESS CH TRP BYP FBKVAS B CAEFAS a<<8 PN PRESS CH PRE-TRIP<<<<SPS TEST k'~<~m P~"%$pro$;~A'<<<<<<$.N$0)UL N:".~')8 NTN RAD CH TRP 8 FQ RAD CH CL2 CH CNMF PRESS CH TRIP LOSS I-)PRESS CH lRP g Srk<<~<<~g glp$~~y Jj>(ig, 1 j f'GP ESFAS N TEST BOP ESFAS CH BYP 8 GMNT PRESS.CH PRE"TNP uI SOI PRESS CH'%E-TtuP y'~"~v'v~y~~.
'.L0Nt'ESS CH%-TNP'NSf'N.'f%5F, CHANNEL TRIP ALARMS BOP ESFAS-ANNUNCIATION SLIDE 5
GREEN LIGHTS ILLUMINATED
~e y 8 KNSE, WHITE LIGHT ILLUMINATED'SF DEVICE SWITCHES SLIDE 6 0
GREEN LIGHTS ILLUMINATED RED LIGHT ILLUMINATED A Cr1 1pr'DKIIIOF.WHITE LI GHT ILLUMINATED ESF DEVICE SWITCHES SLIDE 7 Ol GREEN LIGHT ILLUMINATED RED LIGHTS ILLUMINATED
?a P WHITE LIGHTS ILLUMINATED ESF DEVICE SWITCHES SLIDE 8 RED LIGHTS ILLUMINATED
{~4 I I.'!'w1 Il I~eI~WHITE LIGHTS ILLUMINATED ESF DEVICE SWITCHES SLIDE 9
2,A,3,A, ESF LOAD SEQUENCER SYSTEM DES G THE ESF LOAD SEQUENCER SYSTEM IS A SUBSYSTEM OF THE BOP ESFAS AND IS DESIGNED TO THE BOP ESFAS DESIGN CRITERIA.BOP ESFAS DESIGN CRITERIA SPECIFIC TO THE ESF LOAD SEQUENCER SYSTEM ARE: I 1)THE BOP ESFAS SHALL PROVIDE THE LOGIC TO AUTOMATICALLY START AND SEQUENTIALLY LOAD THE DIESEL GENERATORS AND TO SHED ALL 4,16 KV CLASS IE LOADS ON A LOSS OF POWER, 2)THE SYSTEM SHALL MONITOR THE UNDERVOLTAGE RELAYS ON THE 4, 16[<V CLASS IE BUS AND INITIATE A LOGIC SIGNAL ON A TWO-OUT-OF-FOUR COINCIDENCE OF BUS UNDER-VOLTAGE, THIS LOGIC SIGNAL WILL BE USED TO SHED ALL CLASS IE 4,16 KV LOADS EXCEPT THE LOAD CENTER TRANSFORMERS, SHED CERTAIN 480 V LOADS, START THE DIESEL GENERATOR, START EQUIPMENT REQUIRED AFTER A LOSS OF OFFSITE POWER, AND TRIP THE 4.16 vV CLASS IE BUS PREFERRED POWER SUPPLY BREAKERS, THE SYSTEM SHALL PROVIDE SEQUENCING LOGIC FOR SEQUENTIAL LOADING OF ESF AND FORCED SHUTDOWN LOADS ONTO THE ESF BUS UPON CLOSING OF THE DIESEL GENERATOR BREAKER, A SAFETY INJECTION ACTUATION SIGNAL (SIAS), OR AN AUXILIARY FEEDWATER ACTUATION SIGNAL (AFAS), EXHIBIT 2A3-1 2.A.B,A.ESF LOAD SEQUENCER SYSTEN DESIGN C ITE I 4)SHOULD ANOTHER ACCIDENT CONDITION OCCUR AFTER THE LOAD SEQUENCER HAS STARTED, THE SEQUENCER SHALL RESET TO ZERO, EQUIPNENT IN OPERATION AT THIS TINE SHALL REHAIN IN OPERATION.
IF A LOSS OF OFFSITE POWER (LOP)SIGNAL IS INITIATED AFTER THE LOAD SEQUENCER HAS STARTED, ALL LOADS WILL BE SHED AND RESEQUENCED ON THE DIESEL GENERATOR BREAKER CLOSURE, EXHIBIT 2A5-2
2,A,3.B, ESF LOAD SEQUENCER SYSTEM S M ES I 1)EACH REDUNDANT ESF LOAD SEQUENCER SYSTEM PERFORMS LOGIC FUNCTIONS TO GENERATE THE FOLLOll I NG SIGNALS: LOSS OF OFFSITE POWER (LOP)SIGNAL/LOAD SHED SIGNAL DIESEL GENERATOR START SIGNAL (DGSS)LOAD SEQUENCER START AND PERMISSIVE SIGNALS 2)EACH REDUNDANT ESF LOAD SEQUENCER SYSTEM IS SUPPLIED FROM A SEPARATE 120V VITAL AC DISTRIBUTION BUS AND A SEPARATE CLASS IE 125V DC DISTRIBUTION BUS, 3)ESF LOAD SEQUENCER SYSTEM SIGNALS ARE GENERATED FOR TWO LOAD GROUPS DESIGNATED LOAD GROUP 1 AND LOAD GROUP 2, THE LOGIC IS PHYSICALLY LOCATED IN THE TWO BOP ESFAS CABINETS.ONE CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 1 EQUIPMENT, WHILE THE OTHER CABINET CONTAINS THE LOGIC FOR ESF LOAD GROUP 2 EQUIPMENT EXHIBIT 2A3-3
2.A.3.B, ESF LOAD SEQUENCER SYSTEM S S E ESC 4)REDUNDANCY REDUNDANT FEATURES OF THE ESF LOAD SEQUENCER SYSTEM INCLUDE: TWO INDEPENDENT LOGIC PATHS FROM INPUT SIGNALS THROUGH AND INCLUDING OUTPUT RELAYS POHER FOR THE SYSTEM PROVIDED FROM TWO SEPARATE BUSES (POWER FOR CONTROL AND OPERATION OF REDUNDANT ACTUATED COMPONENTS COMES FROM SEPARATE BUSES, LOAD GROUP 1 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 1 BUS AND LOAD GROUP 2 COMPONENTS AND SYSTEMS ARE ENERGIZED ONLY BY THE LOAD GROUP 2 BUS,)5)TESTING PROVISIONS ARE MADE TO PERMIT PERIODIC TESTING OF THE ESF LOAD SEQUENCER SYSTEM, TESTS COVER THE TRIP ACTIONS FROM INPUT SIGNALS THROUGH THE SYSTEM AND THE ACTUATION DEVICES, SYSTEM TEST DOES NOT INTERFERE HITH THE PROTECTIVE FUNCTION OF THE SYSTEM, EXHIBIT 2A3-4
5)TESTING (CONT'D)2,A,3.B.ESF LOAD SEQUENCER SYSTEM SYSTE DE R P I ACTUATION OF THE COMPONENTS CONTROLLED BY THE-ESF LOAD SEQUENCER SYSTEM DOES NOT DISTURB NORMAL PLANT OPERATING CONDITIONS:
THEREFORE THE ESF LOAD SEQUENCER SYSTEM IS TESTED BY COMPLETE ACTUATION.
PROPER OPERATION MAY BE VERIFIED BY THE FOLLOWING:
CHECKING THE POSITION OF EACH ESF COMPONENT CHECKING THE ACTUATION ANNUNCIATION CHECKING THE ESF COMPONENT STATUS INDICATION RESPONSE TIME TESTING MILL BE PERFORMED AT REFUELING INTERVALS.
EXHIBIT 2A3-5
2,A,3,B, ESF LOAD SEQUENCER SYSTEM SYS E DESCRI T 0 6)ESF LOAD SEQUENCER SYSTEM SIGNAL LOGIC A.LOSS OF OFFSITE POWER (LOP)SIGNAL/LOAD SHED SIGNAL EACH LOP SIGNAL/LOAD SHED SIGNAL LOGIC PERFORMS THE FOLLOWING FUNCTIONS:
CONTINUOUSLY MONITOR THE CLASS IE 4.16 t<V BUS FOR AN UNDERVOLTAGE CONDITION USING FOUR UNDERVOLTAGE RELAYS PROVIDE INDICATION AND ANNUNCIATION OF AN UNDERVOLTAGE RELAY TRIP TO THE OPERATOR PROVIDE A LOGIC OUTPUT ON A TWO-OUT-OF-FOUR COINCIDENCE OF UNDERVOLTAGE RELAY TRIP OR MANUAL ACTUATION THIS LOGIC GENERATES LOP SIGNAL TO THE DIESEL GENERATOR START SIGNAL LOGIC LOP SIGNAL (MAINTAINED THROUGH A 60 SECOND OFF DELAY)TO ACTUATE FORCED SHUTDOWN SYSTEM LOADS BY DE-ENERGIZING ACTUATION RELAYS LOAD SHED PULSE (1 SECOND)TO SHED 4,16 KV AND SELECTED 480V LOADS FROM THE CLASS IE 4.16 I<V BUS AND TO TRIP THE 4.16 vV CLASS IE BUS PREFERRED (OFFSITE)POWER SUPPLY BREAKERS BY ENERGIZING ACTUATION RELAYS INDICATION AND ANNUNCIATION TO THE OPERATOR EXHIBIT 2A3-6
4.16 kv CLASS IE BUS UNDER-VOLTAGE 2/4 DGSS 60 SECOND 1 SECOND LOAD SHED AND TRIP PREFERRED SUPPLY BREAKERS MANUAL ACTUATION LOP TG ACTUATE FORCED SHUTDOWN LOADS LOADSEGUENCER LOP SIGNAL/LOAD SHED LOGIC FI GU RE 2A3-1 2.A,3,B, ESF LOAD SEQUENCER SYSTEM SSE SC I I B, DIESEL GENERATOR START SIGNAL (DGSS)LOGIC EACH DGSS LOGIC PERFORMS THE FOLLOWING FUNCTION: COMBINES THE LOP, THE SIAS, THE AFAS AND MANUAL ACTUATION IN A LOGICAL"OR" TO GENERATE A DGSS TO START THE DIESEL GENERATOR, C, LOAD SEQUENCER START AND PERMISSIVE SIGNAL LOGIC EACH LOAD SEQUENCER START AND PERMISSIVE SIGNAL LOGIC PERFORMS THE FOLLOWING FUNCTIONS:
MONITOR INPUT SIGNALS DETERMINE THE APPROPRIATE MODE OF OPERATION GENERATE SEQUENTIALLY-TIMED START AND PERMISSIVE SIGNALS TO ESF AND FORCED SHUTDOWN LOADS AS REQUIRED TO PREVENT INSTABILITY OF THE CLASS IE BUSES.START SIGNALS ACTUATE DEVICES BY DE-ENERGIZING ACTUATION RELAYS: PERMIS-SIVE SIGNALS ALLOW LOADING OF DEVICES BY ENERGIZING ACTUATION RELAYS, EXHIBIT 2A3-7
SIAS AFAS-1 AFAS-2 DGSS TO ACTUATE DIESEL GENERATOR LOP MANUAL ACTUATION DGSS LOGIC FIGURE 2A3-2 2,A,3,B, ESF LOAD SEQUENCER SYSTEM S DSC I 0 THE LOAD SEQUENCER CONTROLS ONLY PUMPS, FANS AND CHILLERS, AND DOES NOT CONTROL ANY VALVES OR DAMPERS, AS SUCH THE LOAD SEQUENCER DOES NOT CAUSE COMPLETE ESF SYSTEM ACTUATION, THE LOAD SEQUENCER IS DESIGNED TO RESPOND TO THE FOLLOWING CONDITIONS:
LOSS OF COOLANT ACCIDENT (LOCA)WITH OFFSITE POWER AVAILABLE LOCA WITHOUT OFFSITE POWER AVAILABLE ACCIDENT OTHER THAN LOCA WITH OFFSITE POWER AVAILABLE ACCIDENT OTHER THAN LOCA WITHOUT OFFSITE POWER AVAILABLE LOSS OF OFFSITE POWER WITH OR WITHOUT AN ACCIDENT OTHER THAN LOCA FOLLOWED AT A LATER TIME BY A LOCA LOCA FOLLOWED AT A LATER TIME BY A LOP EXHIBIT 2A3-8
2,A,3,B, ESF LOAD SEQUENCER SYSTEN S E DESCR ON THE LOAD SEQUENCER HAS A NORNAL NODE (NODE 0)AND FOUR OPERATING NODES j., SIAS/CSAS 1'IITHOUT AN LOP 2, SIAS/CSAS COINCIDENT WITH AN LOP SEQUENCING IS STARTED ON A DIESEL GENERATOR BREAKER CLOSURE SIGNAL 3;LOP WITHOUT AN SIAS/CSAS SEQUENCING IS STARTED ON A DIESEL GENERATOR BREAKER CLOSURE SIGNAL 4.OTHER SIGNALS WITHOUT AN SIAS/CSAS AND WITHOUT AN LOP, THESE S IGNALS ARE A.CRVIAS AND CREFAS CONBINED IN A LOGICAL"OR" a, FBEVAS c, AFAS-j.AND AFAS-2 CONBINED IN A LOGICAL"OR" D, DIESEL GENERATOR RUNN ING EXHIBIT 2A3-9 2.A,3.B.ESF LOAD SEQUENCER SYSTEM S E D RECEIPT OF SUBSEQUENT INPUT SIGNALS REQUIRING A CHANGE OF OPERATING MODE CAUSES THE LOAD SEQUENCER TO RESET, TRANSFER TO THE REQUIRED MODE AND INITIATE SEQUENCING OF THE REQUIRED LOADS, THE DEVICES SEQUENTIALLY ACTUATED THROUGH THE LOAD SEQUENCER RECEIVE LOAD SHED SIGNAL ON BUS UNDERVOLTAGE TO TRIP THE DEVICE LOAD LOAD SEQUENCER START SIGNAL TO START THE DEVICE AT THE APPROPRIATE TIME RESET OF THE LOAD SEQUENCER AND ITS ACTUATION RELAYS DOES NOT STOP OR SHED ACTUATED DEVICES, DEVICES ARE SHED ONLY ON THE LOAD SHED SIGNAL, EXHIBIT 2A3-10 SIAS/CSAS LOP MODE1.ACTUATE LOCA LOADS WITH OFFSITE POWER AVAILABLE DG BREAKER CLOSED MODE 2 ACTUATE LOCA LOADS WITHOUT OFFSITE POWER-AVAILABLE MODE 3 ACTUATE ACCIDENT OTHER THAN LOCA OR FORCED SHUTDOWN LOADS OTHER SIGNALS CRVIAS"OR" CREFAS FBEVAS AFAS-1"OR" A FAS-2 DG RUNNING LOAD SEQUENCER LOGIC FI GURE 2A3-3 MODE 4 ACTUATE ACCIDENT OTHER THAN LOCA LOADS WITH OFFSITE POWER AVAILABLE OOO STOt START HS-START'EOUENCER TD SUPPORT DEVICE START ACTUATED DEVICE SEAS SPRING RETURN TO CENTER HS-STOP TO SUPtORT DEVICE STOt ACTUATED DEVICE LOAD SHED ELECTRICAL tROTECTION SEIS ENGINEERED SAFETY FEATURE SYSTEM SEQUENCER ACTUATED DEVICE TYPICAL LOGIC'IGURE 2A3-4~
SYSTEMS REQUIRED FOR SAFE SHUTDOWN j I PROCESS SYSTEM VARIABLES NSSS SAFE SHUTDOWN DEVICES SENSORS MANUALLY ACTUATED DEVICE LOGIC CONTROL ROOM DISPLAYS REMOTE SHUTDOWN I DISPLAYS CONTROL ROOM I CONTROLS REMOTE SHUTDOWN I CONTROLS NSSS-SRP 7.4-~CHEMICAL AND VOLUME CONTROL BORON ADDITION PORTION~SHUTDOWN COOLING BOPSAFE SHUTDOWN DEVICES SENSORS MANUALLY ACTUATED DEVICE LOGIC CONTROL BOOM DISPLAYS REMOTE SHUTDOWN r----DISPLAYS CONTROL ROOM I CONTROLS REMOTEERUTOOWN CONTROLS BOP-SRP 7.4-~DIESEL GENERATORS (PG)INCLUDING ESF LOAD SEQUENCER 0 DG FUEL OIL STORAGE AND TRANSFER~CLASS IE DC POWER~CLASS IE AC POWER~AUXILIARY FEEDWATER ATMOSPHERIC STEAM DUMP~ESSENTIAL COOLING WATER~ESSENTIAL SPRAY PONDS'ESSENTIAL CHILLED WATER SYSTEMS REQUIRED FOR SAFE SHUTDOWN ELECTRICAL AND MECHANICAL DEVICES AND CIRCUITRY REQUIRED TO ACHIEVE AND MAINTAIN A SAFE SHUTDOWN CONDITION OF THE PLANT.FIGURE 2B-1 2,B, 1,A, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY D S 1)DESIGN FOR MAINTAINING THE PLANT IN A SAFE SHUTDOWN CONDITION WHEN THE MAIN CONTROL ROOM IS INACCESSIBLE SHALL BE IN ACCORDANCE WITH 10CFR50 APPENDIX A, GDC 19,"CONTROL ROOM," SAFE SHUTDOWN REQUIREMENTS COMPRISE: THE CAPABILITY FOR PROMPT HOT SHUTDOWN (REACTOR IS SUBCRITICAL AT NORMAL OPERATING PRESSURE AND TEMPERATURE)
INCLUDING THE NECESSARY INSTRUMENTATION
~AND CONTROLS TO MAINTAIN THE UNIT IN A SAFE CONDITION DURING HOT SHUTDOWN, AND THE POTENTIAL CAPABILITY FOR SUBSEQUENT COLD SHUTDOWN OF THE REACTOR THROUGH THE USE OF SUITABLE PROCEDURES AND CONTROLS AND INSTRUMENTATION OUTSIDE THE CONTROL ROOM, 2)ACCESS BACK INTO THE MAIN CONTROL ROOM WILL GENERALLY BE ACHIEVED PRIOR TO THE INITIATION OF COLD SHUTDOWN: HOWEVER, THE CAPABILITY FOR BRINGING THE REACTOR TO COLD SHUTDOWN CONDITIONS EXISTS OUTSIDE THE CONTROL ROOM THROUGH THE USE OF SUITABLE PROCEDURES AND SECONDARY CONTROLS, 3)CONTROL ROOM EVACUATION IS INITIATED FROM AN"UNDEFINED" CAUSE, FOR EXAMPLE, CONTROL ROOM ENVIRONMENT NOT HABITABLE, EXHIBIT 2B1-1 0
2,B, l,A, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY DE 4)DFSIGN BASIS ACCIDENTS ARE ASSUMED MO TO OCCUR SIMULTANEOUSLY WITH CONTROL ROOM EVACUATION, 5)LOP AND SEISMIC EVENTS (SSE)SHALL NOT JEOPARDIZE THE SAFE SHUTDOWN FUNCTION, 6)SYSTEMS, CONTROLS, AND INDICATIONS ESSENTIAL TO THE RESIDUAL HEAT REMOVAL FUNCTION DURING HOT SHUTDOWN SHALL BE DESIGNED WITH SUITABLE REDUNDANCY IN ACCORDANCE WITH 10CFR50 APPENDIX A, GDC 34,"RESIDUAL HEAT REMOVAL", 7)LOSS OF SAFE SHUTDOWN SYSTEM REDUNDANCY DOES NOT OCCUR AS A RESULT OF THE EVENT (EXCLUDING CONTROL ROOM FIRE)REQUIRING CONTROL ROOM EVACUATION.
8)ALL SEISMICALLY QUALIFIED AUTOMATIC FUNCTIONS PERFORM AS REQUIRED.9)DESIGN OF THE REMOTE SHUTDOWN PANEL, SYSTEM CONTROLS, AND SURVEILLANCE INSTRUMENTA-TION SHALL NOT DEGRADE THE PRIMARY SHUTDOWN CONTROLS LOCATED IN THE MAIN CONTROL ROOM AND SHALL BE DESIGNED IN ACCORDANCE WITH THE APPLICABLE SECTIONS OF IEEE 279-1971,"CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS".
2,B, 1,B, REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY 1)THE FOLLOWING SYSTEMS ARE REQUIRED FOR SAFE SHUTDOWN AUXILIARY FEEDWATER ATMOSPHERIC STEAM DUMP DIESEL GENERATORS INCLUDING ESF LOAD SEQUENCER DG FUEL OIL STORAGE AND TRANSFER ESSENTIAL COOLING WATER FSSENTIAI SPRAY PONDS ESSENTIAL CHILLED WATER CLASS 1E AC POWER CLASS lE DC POWER CHEMICAL AND VOLUME CONTROL, BORON ADDITION PORTION SHUTDOWN COOLING EXHIBIT 281-3 o'
2,8, l,s.REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY S S 1 ESC I T SHOULD THE CONTROL ROOM BECOME INACCESSIBLE, THE REACTOR MAY BE MANUALLY TRIPPED FROM THE CONTROL ROOM, AS IT IS BEING EVACUATED, OR FROM THE REACTOR TRIP SWITCH-GEAR SYSTEM (AUXILIARY BUILDING ELEV.120'), HOT SHUTDOWN CONDITIONS CAN BE MAINTAINED FROM OUTSIDE THE CONTROL ROOM BY CONTROL OF PRESSURIZER PRESSURE AND LEVEL, AUXILIARY FEEDWATER FLOW, AND ATMOSPHERIC STEAM DUMP, INSTRUMENTATION AND CONTROLS ARE AVAILABLE AT THE REMOTE SHUTDOWN PANEL AND ESF SWITCHGEAR (CONTROL BUILDING ELEV, 100')FOR THESE SYSTEMS AND COMPONENTS, THE REMOTE SHUTDOWN PANEL CONSISTS OF THREE PHYSICALLY SEPARATE CABINETS, INSTRU-MENTATION, AND CONTROLS FOR CHANNEL A AND TRAIN A SYSTEMS AND COMPONENTS ARE PROVIBED IN ONE CABINET: INSTRUMENTATION AND CONTROLS FOR CHANNEL B AND TRAIN B SYSTEMS AND COMPONENTS ARE PROVIDED IN A SECOND CABINET: AND NON-SAFETY-RELATED INSTRUMENTATION IS PROVIDED IN THE THIRD CABINET.CONTROLS FOR CHANNEL C ARE PROVIDED IN A SEPARATE SUBSECTION OF THE TRAIN A CABINET AND CONTROLS FOR CHANNEL D ARE PROVIDED IN A SEPARATE SUBSECTION OF THE TRAIN B CABINET.CONTROLS FOR LARGE HORSEPOWER COMPONENTS (480V AND 4,16 KV SWITCHGEAR)
ARE PROVIDED IN THE ADJACENT TRAIN A AND TRAIN B ESF SWITCHGEAR ROOMS, THE TRAIN A REMOTE SHUTDOWN PANEL IS PHYSICALLY SEPARATED FROM THE TRAIN B REMOTE SHUTDOWN PANEL BY A FIRE WALL, DOORS PROVIDE ACCESS TO THE PANELS, EXHIBIT 2B1-4 PN>NSRKik&m~
~PM4@emeg ESF SWITCH GEAR ROOM TRAIN A~wwwNN ESF SWITCH GEAR ROOM TRAIN B KQMN m.~~n~~~o-A$(C)N 8 ID)REMOTE SHUTDOWN PANELS FIGURE 2B1-1 REMOTE SHUTDOWN PANEL LOCATION-CONTROL BLDG 0'
2,B, l.a.REMOTE SHUTDOWN PANEL AND COLD SHUTDOWN CAPABILITY C I 0 5)IN THE EVENT OF A LOP, THE DIESEL GENERATORS WILL AUTOMATICALLY BE STARTED AND SEQUENTIALLY LOADED BY THE ESF LOAD SEQUENCER SYSTEM AND THE DIESEL GENERATOR CONTROL SYSTEMS.CONTROL OUTSIDE OF THE CONTROL ROOM IS PROVIDED AT j.OCAL PANELS IN THE DIESEL GENERATOR BUILDING, 6)COLD SHUTDOWN CAN BE ACHIEVED FROM OUTSIDE THE CONTROL ROOM THROUGH THE USE OF SUITABLE PROCEDURES AND LOCAL CONTROLS.7)PARALLEL CONTROL BETWEEN THE CONTROL ROOM AND THE REMOTE SHUTDOWN PANEL, ESF SWITCHGEAR OR LOCAL CONTROL'IS UTILIZED, TRANSFER OF CONTROL IS USED ONLY FOR ANALOG CONTROL (AUXILIARY FEEDWATER TURBINE SPEED CONTROL), 8)REDUNDANCY REDUNDANT FEATURES INCLUDE:\TWO INDEPENDENT INSTRUMENTATION AND CONTROL CHANNELS FOR SAFE SHUTDOWN SYSTEMS AND COMPONENTS POWER PROVIDED FROM TWO SEPARATE BUSES EXHIBIT 2B1-5
INSTRUMENTATION REMOTE SHUTDOWN PANEL A(C)CABINET B(D)AUXILIARY FW REGULATING VALVE POSITION INDICATOR AUXILIARY FW TURBINE SPEED INDICATOR AUXILIARY FW FLOW NEUTRON POWER LEVEL REACTOR COOLANT HOT LEG TEMPERATURE PRESSURIZER PRESSURE PRESSURIZER LEVEL SAFETY INJECTION TANK PRESSURE STEAM GENERATOR PRESSURE STEAM GENERATOR LEVEL REFUELING WATER TANK LEVEL LETDOWN SYSTEM PRESSURE LETDOWN SYSTEM FLOW LETDOWN SYSTEM TEMPERATURE VOLUME CONTROL TANK LEVEL CHARGING LINE PRESSURE CHARGING LINE FLOW SHUTDOWN COOLING HEAT EXCHANGER TEMPERATURES SHUTDOWN COOLING FLOW CONDENSATE STORAGE TANK LEVEL X(X)X X X X X X X X X X X X X X X X X X X EXHIBIT ZB1-6 Cl CONTROLS REMOTE SHUTDOWN PANEL'A(C)CABINET B(D)SG ATMOSPHERIC DUMP VALVE PERMISSIVE COHTROL AUXILIARY FW REGULATIHG VALVE CONTROL AUXILIARY FW ISOLATION VALVE COHTROL SG ATMOSPHERIC STEAM DUMP MODULATIHG CONTROLLER AUXILIARY FW TURBINE STEAM SUPPLY VALVE CONTROL AUXILIARY FW TURBINE SPEED CONTROL TRANSFER SWITCH AUXILIARY FW TURBIHE SPEED CONTROL POTENTIOMETER AUXILIARY FW TURBINE TRIP VALVE CONTROL AUXILIARY FW TURBIHE TRIP PUSHBUTTON MS IS ACTUATION PUSHBUTTON AUXILIARY PRESSURIZER SPRAY VALVE CONTROL RCP CONTROLLED BLEEDOFF CONTAINMENT ISOLATION VALVE CONTROL RCP CONTROLLED AND BLEEDOFF RELIEF ISOLATIOH VALVE CONTROL LETDOWN ISOLATION VALVE CONTROL BACKUP HEATER GROUPS 1 AND 2 CONTROL SAFETY INJECTION TANK VENT VALVE CONTROL AND POWER DISCONNECT SWITCH SHUTDOWN COOLING PUMPS RECIRCULATIOH VALVE CONTROL STEAM GENERATOR PRESSURE VARIABLE SETPOIHT RESET PRESSURIZER PRESSURE VARIABLE SETPOINT RESET X(x)X(X)X(x)X X X X X X X(x)X X X X X X X X(x)X(x)X(x)X X X X(x)X X X X X X X(x)X(x)EXHIBIT 281-7
AUXILIARY FEEDWATER PUMP ESSENTIAL COOLING HATER PUMP ESSENTIAL SPRAY POND PUMP CHARGING PUMP ESSENTIAL CHILLER LOW PRESSURE SAFETY INJECTION PUMP CONTROL ROOM ESSENTIAL AHU ESF SWITCHGEAR TRAIN A TRAIN B EXHIBIT 2B1-8
LOCAL CONTROLS SIT ISOLATION VALVES LPSI/CS PUMPS CROSS-CONNECT VALVES SHUTDOWN COOLING HEAT EXCHANGER INTAKE AND EXIT VALVES LPSI PUMP SUCTION VALVES LPSI ISOLATION VALVES SHUTDOWN COOLING HEAT EXCHANGER'PRAY BYPASS VALVES SHUTDOWN COOLING HEAT EXCHANGER FLOW CONTROL VALVES SHUTDOWN COOLING WARM-UP BYPASS VALVES SHUTDOWN COOLING SUCTION LINE VALVES SHUTDOWN COOLING HEAT EXCHANGER BYPASS FLOW CONTROL VALVES TRAIN A TRAIN B EXHIBIT 2B1-9 0
HS-START HS-START CR SEQUENCER TO SUPPORT DEVICE START ACTUATED DEVICE CR RS R G SEAS.CR W CR HS-STOP TO SUPPORT DEVICE STOP ACTUATED DEVICE CR RS G G HS-STOP RS LOAD SHED ELECTRICAL PROTECTION SEIS FIGURE 2B1-2 SAFE SHUTDOWN SYSTEM TYPICAL DEVICE LOGIC VENT I RS RS ZI HIC 8 8 I I s I I I I I I s gev 8 I PSV CR IXSL I I I I/P HY 8 VENT 8 L I I gcv FC Pesv Pl PT CR I CR PT RS r-Q I 8 QHY g HY 8 FO FO HV ZSH ZSL ZT 8 TO ATMOSPHERE QFX I CR CR I HIC ZI 8 8 I I I I.I ATM DUMP VALVE ACCUMULATOR INST AIR MAIN STEAM LINE FC TYPICAL FOR I ATMOSPHERIC DUMPVALVE/
MAIN STEAM LINE{2 MAIN STEAM LINES/STEAM GENERATOR)
TYPICAL ATMOSPHERIC DUMP VALVE CONTROL SYSTEM FIGURE 281-3
PROCESS SYSTEM VARIABLES NSSS ESF ESF SUPPORT SAFETY-RELATED DISPLAY INSTRUMENTATION SENSORS~DISPLAYS BOP ESF REACTOR TRIP SAF ETY-RE LATED DISPLAY INSTR U MENTATION DISPLAY INSTRUMENTATION WHICH IS AVAILABLE TO THE OPERATOR TO ALLOW HIM TO MONITOR CONDITIONS SO THAT HE MAY PERFORM MANUAL ACTIONS IMPORTANT TO PLANT SAFETY.-SRP 1.5-~SAFETY-RELATED PLANT PROCESS DISPLAY INSTRUMENTATION
~REACTOR TRIP SYSTEM MONITORING
~ESF SYSTEMS MONITORING
~'CEA POSITION INDICATION
~POST-ACCIDENT MONITORING NSSS BOP-SRP 7.5-~ESF SYSTEMS MONITORING
~POST-ACCIDENT MONITORIN G~AUTOMATIC BYPASS INDICATION-ISAFETY EQUIPMENT STATUS ISYSTEM (SESS)FIGURE 2C-1 0
2,C,l,A PROCESS INSTRUYiENTATION S 1)PIPING AND INSTRUMENT DIAGRAMS 2)DETAILED DESIGN CRITERIA 5)CODES AND STANDARDS'OCFR50, APPENDIX Ai GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS'ut Y 15, 1971 IEEE STD 279-1971>CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS IEEE STD 525-1974>STANDARD FOR QUALIFYING CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS IEEE STD 544-1975/RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS I EEE STD 584-1974'R IAL-USE STANDARD CRITERIA FOR SEPARATION OF CLASS IE EQUIPMENT AND CIRCUITS>AS MODIFIED BY NRC REGULATORY GUIDE 1>75 4)INSTRUMENTS SHALL BE PROVIDED TO OPERATE AT A NOMINAL 115 Y-AC SUPPLIED TO INSTRUMENT CABINETS'ONTROLS AND ANNUNCIATORS SHALL OPERATE AT 120 Y-AC OR 125 V-DC NOMINALa THE MAXIMUM AND MINIMUM VOLTAGE LIMITS FOR THE 120 Y-AC AND 125 V-DC SYSTEMS ARE GIVEN IN THE ELECTRICAL SYSTEMS DESIGN CRITERIA)EXHIBIT 2C1-1
2,C,1,A PROCESS INSTRUYiENTATION 5)RESISTANCE TEMPERATURE DETECTORS (RTD)SHALL UTILIZE A THREE-WIRE CIRCUITs THE RTD SENSORS SHALL HAVE AN RO=100 OHMS (PREFERRED) s EXCEPTIONS WILL BE CONSIDERED ON A CASE BY CASE BASIS s THERMOCOUPLE MATERIALS SHALL BE CHROMEL-ALUMEL>
TYPE Ks 6)ELECTRONIC TRANSMITTER LOOPS SHALL UTILIZE A CURRENT RANGE OF 0 TO 20 MILLI-AMPERES s PNEUMATIC LOOPS SHALL UTILIZE 3 TO 15 PS I G INSTRUMENT AIRs 7)CRITICAL DATA ACQUISITION>
ALARMING>AND PROTECTIVE CONTROLS SHALL BE ENERGIZED FROM A DC-POWER SOURCEs 8)ALL CONTROL SYSTEMS DESIGNS SHALL INCLUDE SHIELDING>
GROUNDING>
AND PHYSICAL-SEPARATION PROVISIONS WHICH WILL MINIMIZE THE EFFECTS OF HIGH VOLTAGE SWITCHING SURGES'NDUCTIVE COUPLING'ND ONSITE RADIO TRANSMISSION SIGNALSs 9)ALUMINUM SHALL NOT BE USED IN OR AROUND EQUIPMENT CONTAINING OR PRODUCING AMMONIAs ALUMINUM AND ZINC SHALL BE EXCLUDED WHEREVER POSSIBLE FROM INSTRUMENT AND CONTROL DEVICE CASINGS WHICH ARE IN THE CONTAINMENT AND COULD BE EXPOSED TO THE CONTAINMENT SPRAY FLUIDs EXPOSED ALUMINUM SHALL NOT BE USED FOR INSTRUMENTS INSTALLED IN THE C'IRCULATING WATER SYSTEM WHERE CONTACT WITH THE CIRCULATING
'WATER I S POSS I BLE s EXHIBIT 2Cl-2
2, C,1,A PROCESS I NSTRUYiENTATIOf1 10)PROVISIONS SHALL BE MADE SUCH THAT RESPONSE TIME TESTING CAN BE PERFORMED ON SAFETY-RELATED CHANNELS<11)NUCLEAR INSTRUMiENTATION AND RADIATION MONITORING INDICATORS AND RECORDERS SHALL HAVE LOG SCALES AND CHARTS>ALL OTHER INDICATING AND RECORDING DEVICES WITH THE EXCEPTION OF MOTOR CURRENT INDICATORS SHALL BE LINEAR DIRECT READING WITH A MINIMUM SCALE LENGTH OF f INCHES<LJHEREVER POSSIBLE>ALARMS SHALL NOT BE INITIATED FROMi INDICATORS OR RECORDER CONTACTS>12)IN LINE PADDLE TYPE FLOW SWITCHES SHALL NOT BE USEDs f'1AGNETIC TYPE FLOW METERS ARE PREFERRED FOR SLUDGE OR SLURRY SERVICEI U)FLOW ELEMENTS SHALL BE SIZED>WHEREVER PRACTICABLE>
FOR 100 IN)h20 AND DESIGN FLOW SHALL BE 85 PERCENT OF RANGE 14)EQUIPMENT CONTROL CIRCUIT STATUS (AUTOMATIC OR MANUAL)SHALL BE INDICATED ON THE CONTROL ROOM CONTROL PANELS ALONG WITH THE EQUIPMENT STATUS (RUNNING OR STOPPED)<15)ALL OVERRIDES OF ENGINEERED SAFETY FEATURES EQUIPMENT SHALL BE INDI CATED s 16)IN GENERALg TIl"1E DELAY RELAYS SHALL NOT BE USED TO BYPASS SHORT TIME NUISANCE ALARl'1S UPON EQUIPMENT STARTUPi NUISANCE ALARMS SHALL BE BYPASSED UPON MANUAL SHUTDOWN OF STANDBY OR REDUNDANT COMPONENTS'XHIBIT 2C1-5
2, C, 1, A PROCESS INSTRUNENTAT ION S 17)NERCURY SHALL NOT BE USED FOR ANY APPLICATION WITHIN THE CONTAINMENT BUILDING, SPENT FUEL POOL AREAR'ORON RECOVERY AREAR'HEMICAL AND VOLUME CONTROL AREAS'R IN THE RADWASTE BUILDINGs SWITCHES USING MERCURY'HETHER ENCAPSULATED OR NOTi-AND MERCURY WETTED RELAYS SHALL NOT BE USED IN SAFETY SYSTEMSs 18)NERCURY SHALL NOT BE USED IN INSTRUMENTS IN DIRECT OR INDIRECT CONTACT WITHE~THE PRIMARY COOLANT SYSTEM~THE FEEDWATER AND CONDENSATE SYSTEMS~SYSTEMS WHICH PROVIDE MAKEUP TO THE PRIMARY'EEDNATERp AND CONDENSATE SYSTEMSs 19)INSTRUMENTS CONTAINING MERCURY FOR LEVELS PRESSURE DIFFERENTIAL PRESSUREg TEMPERATURE, OR FLoW SWITcHES MAY BE usED ouTSIDE oF THE sPECIFIc MERcuRY ExcLusIoN AREAS AND SYSTEMSs ONLY HERMETICALLY-SEALED MERCURY SWITCH ASSEMBLIES CONTAINED WITHIN NATIONAL ELECTRICAL MANUFACTURERS ASSOCIATION (NENA)NENA-4 HOUSINGS SHALL BE USED s CARE SHALL BE TAKEN IN SELECT I NG INSTRUMENTS FOR USE SUCH THAT A BROKEN MERCURY SNITCH CAPSULE SHALL NOT RESULT IN MERCURY ENTERING SUMPSs SWITCHES WHICH WILL CONTAIN THE MERCURY WITHIN THE INSTRUMENT CASE MAY BE USED's Esp NAGNETROL TYPE SNITCHs I EXHIBIT 2Cl-4
2,C,1,A PROCESS INSTRUNENTATION 20)['1ERCURY MANOMETERS SHALL BE RESTRICTED FROM USE IN THE PLANT OPERATING PROCESS INSTRUMENTATION'UT MAY BE USED IN INSTRUMENT SHOPSi 21)ALL SYSTEMS SHALL INCLUDE THE REQUIRED STRAIGHT RUNS FOR FLOW MEASUREMENT NOZZLESs FLOW METERING RUNS SHALL BE IN ACCORDANCE WITH ASf'lE PUBLICATIONS FLUID NETERSg THEIR THEORY AND APPLICATIONS SUPPLEMENT TO ASf'lE PTC-19, EXHIBIT 2C1-5 0
2,C,1,B PROCESS INSTRUNENTATION 1)A TYPICAL PROCESS INSTRUMENTATION LOOP CONSISTS OF: SENSOR PROCESSING ELECTRONICS DISPLAY 2)YARIOUS SENSORS INCLUDE'HERMOCOUPLES AND RTD'S PRESSURE TRANSMITTERS INCLUPING DIFFERENTIAL PRESSURE TRANSMITTERS FOR LEVEL AND FLOW MONITORING RADIATION MONITORS-~SCINTILLATION>(GEIGER-NUELLER ANALYZERS-H2 (THERMAL CONDUCTIVITY)g CL2 (CHEMICALLY IMPREGNATED PAPER TAPE)FLOAT AND DISPLACER TYPE LEVEL INSTRUMENTS 5)PROCESSING ELECTRONICS INCLUDE'IGNAL CONVERTERS (I/Ep E/E INCLUDING ISOLATORS>
SQUARE ROOT)BISTABLES 0)PROCESSING ELECTRONICS ARE HOUSED WITHIN CONTROL ROOM CABINETS 2 SEPARATE CLASS IE CABINETS (A AND B)g AND SEPARATE NON-IE CABINETS EXHIBIT 2C1-6
2, C, 1, B PROCESS INSTRUYiENTATION S 5)DISPLAYS INCLUDE'.INDICATORS RECORDERS INDICATING LIGHTS ANNUNCIATOR EXHIaIT 2C1-7 1,C, l,B PROCESS INSTRUNENTATION ENGINEERED SAFETY.FEATURE SYSTEN HONITORING (SHEET 1 oF 6)PARAMETER TYPE OF READOUT NUMBER OF CHANNELS LOCATION RANGE DISPLAYED ACCURACY FUEL BUILDiNG (FB)ESSENTIAL VENTILATION SYSTEM FB VENTILATION ISOLATION DAMPER POSITION INDICATING LIGHTS 1 VaiR/DAMPER CONTROL ROOM NA FB ESSENTIAL EXHAUST FANS MOTOR STARTER CONTACT POSITION INDICATING LIGHTS 1 PAIR/FAN CONTROL ROOM NA FUEL POOL AREA RADIATION MONITOR INDICATOR CONTROL ROOM 1O-'1O" MR/H+20%FUEL BUILDING EXHAUST GAS ACTIVITY MONITOR INDICATOR EXHIBIT 2C1-8 CONTROL ROOM 10-10~Ci/CM+25%
1, C, 1;B PROCESS INSTRUMENTATION ENGINEERED SAFETY FEATURE SYSTEM MONITORING (SHEET 2 oF 6)PARAMETER TYPE OF READOUT NUMBER OF CHANNELS LOCATION RANGE DISPLAYED ACCURACY FUEL BUILDING AFU CHARCOAL DIFFERENTIAL TEMPERATURE MONITOR INDICATOR CONTROL ROOM 0 To 10F+1 FUEL BUILDING NEGATIVE PRESSURE (DIFF PRES ACROSS INSIDE OF BLDG AND AMBIENT)INDICATOR CONTROL ROOM 0 TO Os5 INi H20 CONTAINMENT PURGE ISOLATION SYSTEM NORMAL PURGE ISOLA INDICATOR T I ON VALVE POSITION LI GHTS 1 PAIR/VALVE CONTROt ROOM EXHIBIT 2C1-9
~)~~I'l)~a~a)a II~I'II L)I I II~g~~~~i~)~0~~I
1,C,1,B PROCESS INSTRUNENTATION S S ENGINEERED SAFETY FEATURE SYSTEt" MONITORING (SHEET 4 oF 6)PARAMETER TYPE OF READOUT NUMBER OF CHANNELS LOCAT ION RANGE DISPLAYED ACCURACY CONTROL ROOM/BUILDING ESSENTIAL FAN MOTOR STARTER CONTACT POSITION INDICATING LIGHTS 1 PAIR/FAN CONTROL ROOM CONTROL ROOM AIR INTAKE GAS ACTIVITY MONITORS I ND I CATOR CONTROL ROOM 10-6 To 10-1 C I/CM+25%CONTROL ROOM AIR INTAKE CHLORINE MON I TOR I ND I CATOR CONTROL ROOM 0 TO 4 PPM+20%oF CONCEN-TRATION CONTROL ROOM TEMPER-ATURE MONITORS INDICATOR CONTROL RooM 0 To 160F.+2%EXHIBIT 2C1-11 0
1, C, 1, B PROCESS INSTRUMENTATION S C I'ENGINEERED SAFETY FEATURE SYSTEM MONITORING (SHEET 5 OF 6)PARAMETER TYPE OF READOUT NUMBER OF CHANNELS LOCAT ION RANGE DISPLAYED ACCURACY CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM CONTAINMENT HYDROGEN INDICATOR CONTROL ROOM 0 To 10%+2,5%HYDROGEN CONTROL CONTAINMENT ISOLATION VALVE POSITION INDICATING LIGHTS 1 PAIR/VALVE CONTROL ROOM AUXILIARY FEEDWATER SYSTEM AUXILIARY F EEDWATER PUMP DISCHARGE PRESSURE INDICATOR 1/PUMr CONTROL ROOM 0 To 2000 PSIG+1,5%EXHIBIT 2C1-12 0
1,C,1,B PROCESS INSTRUNENTATION SS.SC I ENGINEERED SAFETY FEATURE SYSTEN NONITORING (SHEET 6 QF 6)PARAMETER TYPE OF READOUT NUMBER OF CHANNELS LOCAT ION RANGE DISPLAYED ACCURACY AUXILIARY FEEDNATER FLOW INDICATOR 1/AUXILIARY CONTROL FEEDWATER ROOM LINE 0 To 2000 GAL/MIN+2%AUXILIARY FEEDNATER REGULATING VALVES INDICATING LIGHTS 1 PAIR/VALVE CONTROL ROOM AUXILIARY FEEDNATER PUMP TURBINE SPEED INDICATOR CONTROI ROOM 0 To 6000 R/M I N+1,5%AUXILIARY FEEDWATER SUCTION FROM CST I SOLAT ION VALVES INDICATING LIGHTS 1 PAIR/VALVE CONTROL ROOM NA ESF STATUS PANEL SYSTEM AVAILABILITY INDICATING LIGHTS 1 LIGHT/SYSTEM/TRIP CONTROL=ROOM EXHIBIT 2C1-13 0
FIELD DEVICE SIICD,P,<~Xa CZCI~CABLE QB INSTRUMENT CABINET I I Q--1 CONTROL BOARD QNSoM-AISD QP INOICAToR A POI~70 TRANSMITTER POT 70 QA g~~I f ULNISRED DY IIVAC SUD CONTIVCTOIC TB-A I I~IS I X 9'Ig I Q I I I I I I I I I I I I I I A POT-70 MOD 2AI IEV A POSL 10 MOD 2AI4ALM-AR b QI L'eD 2AXt DSI TB-C Kl I K2 QU MOD 2A)4 DSI I-SO/c QXA<PZI CABLE QQ l20 VA C.INSTR PWRLI L'2 MOD 27OIS-P4A I I I I INTERNAL I SPACE 70 ATMOS~CR~CR'T Y pcs TO ANNUNCIATOR LOGIC CABINET VIA 1'SOLATIOI4 CABINET (J SAA-Col)10 RFOB CAB L'E QT n, IY Z,~II ET I FblPUCXBD OT UYAC SCBCoNYBICTOK INSTRUMENT LOOP DIAGRAM HVAC-FUEL BUILDING FIGURE 2C1-1 2,C,2,A SAFETY EQUIPMENT STATUS SYSTEM ES 1)THE SAFETY EQUIPMENT STATUS SYSTEM (SESS)SHALL FUNCTION TO ALERT THE OPERATOR BY-VISUAL AND AUDIBLE MEANS INSOFAR AS PRACTICABLE AT A SYSTEM LEVEL WHEN ANY PIECE OF AUTOMATICALLY-ACTUATED ESF EQUIPMENT HAS BEEN BYPASSED OR RENDERED INOPERABLE AND NOT AVAILABLE FOR USE, 2)THE SESS SHALL ALSO, IN THE EVENT OF AN ESFAS, MONITOR ALL OF THE ESF COMPONENTS AND ALERT THE OPERATOR BY VISUAL AND AUDIBLE MEANS WHEN ANY PIECE OF EQUIPMENT HAS NOT COMPLETED THE TRANSITION TO THE SAFE OPERATING POSITION, 3)THE SAFETY EQUIPMENT STATUS SYSTEM WILL BE DESIGNED IN COMPLIANCE WITH THE FOLLOWING STANDARDS:
AMERICAN NATIONAL STANDARDS INSTITUTE (ANSI), STANDARD C37,90A, SURGE WITHSTAND CAPABILITY INSULATED POWER CABLE ENGINEERS ASSOCIATION (IPCEA), STANDARD S-61-002, SECTION 6.5, FLAME RESISTING TEST NATIONAL ELECTRIC MANUFACTURERS ASSOCIATION (NEMA), STANDARD ICS-1970 PART 1-109, INDUSTRIAL CONTROLS AND SYSTEMS TESTS EXHIBIT 2C2-1 2,C.2,A SAFETY EQUIPMENT STATUS SYSTEM ES G C ER INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE), STANDARD 279, SECTION 4,15, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS NRC REGULATORY GUIDE 1.29, SEISMIC DESIGN CLASSIFICATION NRC REGULATORY GUIDE 1.47, BYPASSED AND INOPERABLE STATUS INDICATION FOR NUCLEAR POWER PLANT SAFETY SYSTEMS NRC REGULATORY GUIDE 1.75, PHYSICAL INDEPENDENCE OF ELECTRIC SYSTEMS 4)THE SYSTEM SHALL CONSIST OF TWO PORTIONS: ONE REPORTING THE STATUS OF SAFETY TRAIN A EQUIPMENT, THE OTHER REPORTING THE STATUS OF SAFETY TRAIN B EQUIPMENT, THE SYSTEM SHALL ACCEPT CHANNELIZED CLASS IE ASSOCIATED INPUTS.THE SYSTEM INPUTS ARE CLASS IE ASSOCIATED, THEREFORE THE SYSTEM SHALL BE POWERED FROM CLASS IE 125V-DC POWER SUPPLIES, 5)STATUS CONTACTS SHALL CONTINUOUSLY MONITOR THE AVAILABILITY OF CONTROL POWER AND THE POSITION OF CIRCUIT BREAKERS OF ALL AUTOMATICALLY ACTUATED ESF DEVICES, A LOSS OF CONTROL POWER OR DELIBERATE RACKING OUT OF A BREAKER SHALL AUTOMATICALLY INDICATE AT THE COMPONENT LEVEL THE DEVICE WHICH HAS BEEN RENDERED INOPERABLE, SIMULTANEOUSLY, A SYSTEM LEVEL INDICATION WITH AUDIBLE ALARM SHALL BE INITIATED, EXHIBIT 2C2-2 2,C,2,A SAFETY EQUIPMENT STATUS SYSTEM DES G C I THE CAPABILITY FOR INITIATING A MANUAL BYPASS INDICATION AND ALARM IS PROVIDED TO INDICATE THE BYPASS CONDITION TO THE OPERATOR FOR THOSE MANUAL VALVES AND OTHER COMPONENTS WHICH ARE NOT AUTOMATICALLY MONITORED, THE INITIATION AND REMOVAL OF MANUAL BYPASS INDICATION WILL BE UNDER ADMINISTRATIVE CONTROL, A SYSTEM OF STATUS CONTACTS SHALL MONITOR THE SAFE OPERATING POSITION OF ALL AUTOMATICALLY ACTUATED ESF DEVICES DURING AN ESFAS, THESE STATljS CONTACTS SHALL AUTOMATICALLY INDICATE AT THE COMPONENT LEVEL THE DEVICE WHICH HAS FAILED TO AUTOMATICALLY COMPLETE THE TRANSITION TO THE SAFE OPERATING POSITION WITHIN A NORMAL TIME PERIOD, SIMULTANEOUSLY, A SYSTEM LEVEL INDICATION WITH AUDIBLE ALARM SHALL BE INITIATED, ALL SYSTEMS AFFECTED BY THE BYPASSING/INOPERABILITY OF A GIVEN COMPONENT WHICH IS SHARED BY MULTIPLE SYSTEMS AUTOMATICALLY GENERATES A BYPASS/INOPERABLE AUDIBLE AND VISUAL ALARM IN EACH SYSTEM AFFECTED, INDICATION AND ANNUNCIATION TEST CAPABILITY IS PROVIDED BY SIMULATING A TROUBLE CONTACT CONDITION WHEN THE TEST BUTTON IS DEPRESSED, THE TEST FEATURE IS INDEPENDENT FOR EACH CHANNEL, A MINIMUM OF TWO LAMPS, CONNECTED IN PARALLEL, SHALL BE FURNISHED FOR EACH ANNUNCIATOR
'WINDOW, INDICATOR WINDOW, AND INDICATOR SWITCH.EXHIBIT 2C2-3 2,C,2,A SAFETY EQUIPMENT STATUS SYSTEM SIG C I I ll)ALL COMPONENTS INCLUDING SOLID-STATE DEVICES, TRANSFORMERS, RESISTORS, AND RELAYS SHALL BE OF A QUALITY, AND SHALL BE USED IN THE SYSTEM IN A WAY THAT WILL ENSURE HIGH RELIABILITY, MINIMUM MAINTENANCE REQUIREMENTS, AND LOW FAILURE RATES, EASE OF MAINTENANCE SHALL BE A PRIMARY CONSIDERATION IN THE EQUIPMENT DESIGN OF ALL COMPONENTS OPERATED BELOW THEIR ELECTRICAL AND THERMAL RATED VALUES, TAKING INTO ACCOUNT ALL POSSIBLE COf'>BINATIONS OF OPERATING ENVIRONMENTS, POWER SOURCE RANGES, AND TRANSIENT CONDITIONS, 12)THE SAFETY EQUIPMENT STATUS SYSTEM SHALL BE LOCATED IN THE CONTP~L ROOM AND SEISMICALLY QUALIFIED TO THE FOLLOWING ACCEPTANCE CRITERIA: STRUCTURAL FAILURE WHICH WOULD CAUSE THE SYSTEM LOGIC CABINETS AND/OR WINDOW DISPLAYS TO DISLODGE FROM THEIR AMOUNTING OR CAUSE ANY PART OF THESE SUBASSEMBLIES TO DETACH AND FALL DURING AN OBE'AND SSE SHALL NOT BE PERf'lITTED, THE EQUIPMENT SHALL NOT CAUSE SHORT CIRCUITS OR SPURIOUS SIGNALS THAT WOL'LD ADVERSELY AFFECT THE CLASS IE EQUIPf'lENT PROVIDING INPUTS TO THIS SYSTEM, EXHIBIT 2C2-I4 2,C,2,a SAFETY EQUIPNENT STATUS SYSTEN S I 1)THE SESS CONSISTS OF TWO PHYSICALLY SEPARATE SYST01S.ONE OF THESE SYSTENS PROVIDES NONITORING AND ANNUNCIATION FOR SAFETY TRAIN A EQUIPNENT, THE OTHER SYSTEN PROVIDES NONITORING AND ANNUNCIATION FOR SAFETY TRAIN B EQUIPNENT.
2)EACH OF THE TRAIN RELATED SYSTENS CONSISTS OF SYSTEf1 LEVEL WINDOW CABINET, CONPONENT LEVEL INDICATOR LIGHT PANEL, SYSTEf1 CONTROL PAiNEL, LOGIC CABINET, AUDIBLE ALARI'1 DEVICES, AND INTERCONNECTING CABLES, EXHIBIT 2C2-5 LOGIC CABINETS SYSTEM ANNUNCIATOR WINOOW CABINET LOGIC SECTION TRAIN A LOAO GROUP I LOGIC SECTION TRAIN B LOAO GROUP 2 SYSTEM ANNUNCIATOR WINOOW CABINET SYSTEM CONTROL PANEL INOICATOR LIGHT PANEL SYSTEM CONTROL PANEL INOICATOR LIGHT PANEL STATUS CONTACT INPUTS TRAIN'A'TATUS CONTACT INPUTS TRAIN'8'25 V-OC IE POWER'A'---ELECTR TONE NO.I~SEIS ELECTR TONE NO.2 SEAS 125 V-OC IE POWER'8'LECTR TONE NO.I SEIS ELECTR TONE NO.2 SEAS SAFETY EQUIPMENT STATUS SYSTEM SYSTEIVI AR RANG EIVIENT FIGURE 2C-1A
2,C.2.a SAFETY EQUIPMENT STATUS SYSTEM 5)EACH OF THE TRAIN RELATED SYSTEMS PERFORMS INDICATION OF SAFETY EQUIPMENT ACTUATED STATUS (SEAS)SAFETY EQUIPMiENT IiNOPERABLE STATUS (SEIS)0)EACH OF THE TRAIN RELATED SYSTEMS IS POWERED FROM A SEPARATE CLASS IE 125V-DC DISTRIBUTION BUS.5)THE ANNUiNCIATION SEQUENCE OF OPERATION AND TESTING FOR SESS ALARMS IS SAME AS THAT FOR THE PLANT ANNUNCIATOR, EXHIBIT 2C2-6 2.C.2,s SAFETY EQUIPf"jENT STATUS SYSTEM 6)SAFETY EQUIPMENT ACTUATED STATUS (SEAS)LOGIC THE SEAS LOGIC~CONTINUOUSLY MONITORS THE OPERATING STATUS OF ESF AND ESF SUPPORT SYSTEM ACTUATED DEVICES, CONTINUOUSLY MONITORS THE STATUS OF ESFAS SIGNALS, PROVIDES"FAILURE TO AUTOMATICALLY ACTUATE" ANNUNCIATION IF ALL ACTUATED DEVICES IN A SYSTEM DO NOT TRANSITION TO THE"SAFE" POSITION REQUIRED TO PERFORM THE ESF SYSTEM FUNCTION AFTER RECEIPT OF AN ESFAS SIGNAL AND AN ALLOWABLE TRANSITION TIME.THIS ANNUNCIATION IS AUDIBLE AND INDICATED ON THE SYSTEM LEVEL WINDOW CABINET,~PROVIDES INDICATION OF COMPOhENTS OR GROUP OF COMPONENTS WHICH FAILED TO TRANSITION TO THE"SAFE" POSITION.THIS INDICATION IS ON THE COf'1PONENT LEVEL INDICATOR LIGHT PANEL.~PROVIDES"FAILURE TO AUTOMATICALLY ACTUATE" ANNUNCIATION IF ALL THE ACTUATED DEVICES IN A SUPPORT SYSTEM DO NOT TRANSITION TO THE"SAFE" POSITION REQUIRED TO PERFORM THE ESF SUPPORT SYSTEM FUNCTION, EXHIBIT 2C2-7 2,C,2,a SAFETY EQUIPMENT STATUS SYSTEM 7)SAFETY EQUIPMENT INOPERABLE STATUS (SEIS)LOGIC THE SEIS LOGIC~CONTINUOUSLY MONITORS THE"AVAILABILITY" OF ESF AND ESF SUPPORT SYSTEM COI'i-PONENTS TO RESPOND TO AND PERFORM THE ESF SYSTEM FUNCTIONS WHEN REQUIRED."AVAILABILITY" CONSISTS OF THE FOLLOWING AS APPROPRIATE AVAILABILITY OF CONTROL POWER TO ACTUATE THE DEVICE CIRCUIT BREAKER IS NOT"RACKED-OUT" MANUALLY OPERATED VALVE INTENDED FOR USE MORE THAN ONCE A YEAR IS PROPERLY ALIGNED~PROVIDES"INOPERABLE STATUS" ANNUNCIATION IF ANY MONITORED COMPONENT IN A SYSTEM IS NOT"AVAILABLE" TO PERFORM ITS REQUIRED FUNCTION, PROVIDES A MEANS TO MANUALLY INITIATE SYSTEMi"INOPERABLE STATUS" IF A MANUAL VALVE INTENDED FOR USE LESS THAN ONCE A YEAR OR OTHER COMPONENT IS REMOVED FROM SERVICE, THIS INITIATION IS UNDER ADMINISTRATIVE CONTROL.~PROVIDES"INOPERABLE STATUS" ANNUNCIATION IF ANY SUPPORT-SYSTEM-MONITORED COMPONENT IS INOPERABLE OR HAS A MANUAL"INOPERABLE STATUS" INITIATION.
EXHIBIT 2C2-8 "SAFE" POSITION"SAFE" POSITION TO SUPPORTED SYSTEM"SAFE" POSITION FROM SUPPORT SYSTEM SYSTEM'"FAIL TO AUTO ACTUATE" ALARM ESFAS SIGNAL(s)TIME DELAY SAFETY EQUIPMENT STATUS SYSTEM (SESS)SAFETY EQUIPMENT ACTUATED STATUS (SEAS)TYPICAL LOGIC FOR AN ESF OR ESF SUPPORT SYSTEM FIGURE 2C-2 MANUAL INITIATION
'COMPONENT"AVAILABLE" TO SUPPORTED SYSTEM COMPONENT"AVAILABLE" SYSTEM"INOPERABLE" COMPONENT"AVAILABLE" FROM SUPPORT SYSTEM SAFETY EQUIPMENT STATUS SYSTEM (SESS)SAFETY EQUIPMENT INOPERABLE STATUS (SEIS)TYPICAL LOGIC FOR AN ESF OR ESF SUPPORT SYSTEM FIGURE 2C-3
CONTAINMENT ISOLATION MAIN STEAM ISOLATION HIGH PRESSURE SAFETY INJECTION R ECIRCULAT ION AUX FW STEAM GEN NO.1 AUX FW STEAM GEN NO.2 LOW PRESSURE SAFETY INJECTION PASSIVE SAFETY INJECTION CONTAiNMENT SPRAY IODINE REMOVAL CONTAINMENT PURGE ISOLATION CONTROL ROOM F ILTRATION&ISOLATION CONTROL BLDG ESSENTIAL ACU'S FUEL BUILDING ESSENTIAL VENT I LAT I ON CONTAINMENT COMBUSTIBLE GAS CONTROL BOP ESFAS NSSS ESFAS ESSENTIAL CHI L LED WATER ESSENTIAL COOLING WATER ESSENTIAL SPRAY POND DIESEL GENERATOR IE LOAD CENTER BREAKERS NON-ESF LOAD SHED SESS ANNUNCIATOR PANEL FIGURE 2C-4 CONTA INMENT ISOLATION MAIN STEAM ISOLATION HIGH PRESSURE SAFETY INJECTION RECIRCULATION AUX FW STEAM GEN NO.1 AUX FW STEAM GEN NO.2 LOW PRESSURE SAFETY INJECTION PASSIVE SAFETY INJECTION CONTAINMENT SPRAY IODINE REMOVAL CONTAINMENT P3JRG E ISOLATION CONTROL ROOM F ILTRATION&ISOLATION CONTROL BLDG ESSENTIAL ACU'S FUEL BUILDING ESSENTIAL VENTILATION CONTAINMENT COMBUSTIBLE GAS CONTROL BOP ESFAS NSSS ESFAS ESSENTIAL CHILLED WATER ESSENTIAL COOLING WATER ESSENTIAL SPRAY POND DIESEL GENERATOR IE LOAD CENTER BREAKERS NON-ESF LOAD SHED MANUAL BYPASS INITIATE ALARM RESET FLASHER RESET LAMP RESET BYPASS/INOP TEST STATUS TEST STATUS DISPLAY SYSTEM RESET AND TEST SESS CONTROL PANEL FIGURE 2C-5
SESS COMPONENT STATUS CONTAINMENT ISOLATION MAIN STEAM ISOLATION H I G H PR ESSUR E SAF ETY IN JECT ION RECIRCULATION AUX FW STM GEN I AUX FW STM GEN2 LOW PRESSURE SAF ETY INJECTION PASSIVE SAFETY IN JECTION CONTAINMENT SPRAY IODINE REMOVAL CONTAINMENT PURGE ISOLATION CONTROL ROOM FILTRATION AND ISOLATION CONTROL BUILDING ESSENTIAL ACUS FUEL BUILDING ESSENTIAL VENTILATION ESSENTIAL CHILLED WATER ESSENTIAL COOLING WATER ESSENTIAL SPRAY POND DIESEL GENERATOR IE LC BREAKERS NON-ESF LOAD SHED FIGURE 2C-6 0, ,m 4~C J<<.'~:.";.~"~-~~l~<<~C4 PI@0 tPI.~Pv'1*Iv r p%.p'kr~J ,P I~I e P I;~IV~,'I<<<<IP a~I III~~~-IW~~<<<<P<<I<<,'r"~~I P<<IPP<<vl+V~Pe~I I r~Iac p V'~~~~'"I t~~'t."".III I<<r:>>rv.y lI,'r~~t r!r N'Ij PP 7z JA: IJÃAIEvk~~\I I~~I~V W%r'1b P V<<PI JI e<<P SESS PANELS SLIDE'10 egg r i~L I I 0%t~i~i~~~~I~i i i i'~~f i~r~~k I I I I I i SESS CONTROL f'ANELS SLIDE 1]
+4~~NN N PRESS SAFETY IHJ RECRC AN FW SG I 8'i'i+'P'N FW SG2 smn NJ~~P~t'h r FILT L 50L rASSIVE SAFETY INJ'NNF BLDG ESS ACU'S CHTMT SPRAY BLDG ESS VENT IODINE REM OllTMT COMBUSTIBLE GAS CONT CNTllT PRG ISOL BOP ESFAS NSSS ESFAS KSS CHW fg~ESS CLG WTR ESS SPRAY POND DG SYS IE LC BKRS NON<SF LOAD SHED SESS ANNUNCIATOR PANEL SLIDE 12 4fdC~~QQ$4ggg'0" 0" 0'J00 C~g a~~4a aa a~0 0 0~~~0~ar~r'~a}tt~,C t a'~at.W~'.:.':-':~.:.,".-~~>'0 ar~0 t~l$fr!.'4 0.Q+glt 01 ,'<a:j~.<<tta)~0 t~a0 A~~IN%..Pl.'r~0$~~~4 04 0+E~00 at SESS COMPONENT STATUS SLIDE 13 t\i y f I p~~.,.(.N%1@"-:-""'::-""'=-i-":
-'~-::-""-"-"-'>-"->" 4 NNC'-'jggf': VLV Q~j'y,g+L.',<%i<+'II<<j>~j T f~~gga, g+Q Ng g Q g+g,,'.j,g'f~>I W le 4+\~I ACC SSCM Wa aceŽw~oOE j'.";.-:;:,-'.,;-'-,=,:::
~A f~~(~<i'iJ'iij':";":.,fuge lwugo)go.;;-:,':
l,':.g".'::.'..'j'.,'."!,".-::;
'., BLUE LIGHTS: "'a@i~: 'f$4I4TIAl, VN,N'8 0 flON,-';:,'..-'".-',-.::,:;.",::::;::-,",::"'=.,:.'-.,:;.'.;:.,:.'=:::.::;=.
+'ESS COMPONENT STATUS SLIDE 14
'jf'S%~h At r WP g j eI I IS h',~h I h Np y g IVI'4 I 4-",.'-..'.:l':-:.'.-
'".::-'-:".'::".'-.",-:::;,=:y,.-.",--".j~",';;-:":,'~.Pjji-".:~',"-~:-'.:;"~'" A$~@5~)(~~'.g)'g:
'y!b~4g~-,g'ksiIIg'vi-'$
I.v~I~.>>fI'Igqsgg'PjgpiI'cy,')
~.(a~,.')(w>
san+I'+q~."~l
'h11 I~'--+1('kit>>~~.-one QN.STSN OL tNMS f IFETY NN FN SOlj NN f N4.y-':.A>reaa'SAFETY P'a FiLT 4 50L Itt h>r t~'I~~:.',".t'ASNt i'5AFffY.i QQ I aoe fII gaa', II'""'iew 5NAY h r tS NN%'tOl SNIIISII III tr,, I.hh~ONlP NO Igl oo KSI'N)C ht IW~1&I~fSS StRAY KSS CHW CLC I'~~~~h'I I Aht I h4 tt~C'I ,~c ALNsl=LANK/
RESP"'@LP t<<t~tt DO.*PS.LANS',:: aeip,;!'lp~.I<<I: I1h g:~".g~t c-'S.p I.SESS CONTROL PANEL SLIDE 15 NS~C"I."::QAWS
';4 r gl";'NOIMN"".LOQ hth~C~S~
WHITE LIGHT ILLUMINATED qn:"-'NNI NfAI 1 j E'N FW 501~Q"jklNK'%OIITNT INAY I NOIR RKli v t'II@ISOL I);.Ve'~4 l.Nl.>~l NSSS KSFAS/~l I M~..~I'I KSS j CLc KN StSAY Ngf., OQ SYS 8NS i.SHQ',~ws'z.oi l.Q pip~I I,~c 4 ag ilg: 'Lgl l.f~~SESS CONTROL PANEL SLIDE 16 , l'g r q I I I.l Cg I~~/~p i'I!r.e'l'XpN iI 4r l~
lll CD'TT Tl 33 CD%I Om ITl+ITl O CD~~0 I~i I jg" T J"so~~I j~'-.'P~:I 4 1
'OST ACCIDENT MONITORING RECORDERS SLIDE 18 2, C,3,A POST ACCIDENT MONITORING ESG I E I POST ACCIDENT MONITORING INSTRUMENTATION SHALL BE PROVIDED IN ACCORDANCE WITH REGULATORY GUIDE 1,97'EVISION 2, INSTRUMENTATION FOR LIGHT-WATER-COOLED NUCLEAR POWER PLANTS TO ACCESS PLANT AND ENVIRONS CONDITIONS DURING AND FOLLOWING AN ACCIDENT 1)THE FOLLOWING DESIGN AND QUALIFICATION CRITERIA CATEGORIES SHALL BE USED.'ATEGORY 1: 0 INSTRUMENTATION SHALL BE QUALIFIED IN ACCORDANCE WITH REGULATORY GUIDE 1,89 (NUREG-0588)
AND REGULATORY GUIDE 1,100~INSTRUMENTATION SHALL BE DESIGNED SO THAT ANY SINGLE FAILURE SHALL NOT RESULT IN LOSS OF THE SURVEILLANCE FUNCTION ON THE SYSTEM LEVEL AFTER AN INCIDENTs REDUNDANT OR DIVERSE CHANNELS SHALL BE ELECTRICALLY INDEPENDENT AND PHYSICALLY SEPARATED IN ACCORDANCE WITH REGULATORY GUIDE la 75~INSTRUMENTATION SHALL BE POWERED FROM CLASS IE POWER~INSTRUMENTATION SHALL Bf AVAILABLE PRIOR TO AN ACCIDENT EXCEPT AS PROVIDED IN IEEE 279 PARAGRAPH 4.11 OR AS SPECIFIED IN TECHNICAL SPECIFICATIONS
~INSTRUMENTATION SHALL BE EQUALITY CLASS 9 EXHIBIT 2C3-1
2.C, 3, A POST ACCIDENT MONITORING
~CONTINUOUS INDICATION SHALL BE PROVIDED~RECORDING SHALL BE PROVIDED (ONE CHANNEL)P TRANSMISSION OF SIGNALS FOR OTHER USE SHALL BE THROUGH ISOLATION DEVICES~TYPES Ag Bg AND C INSTRUMENTS SHALL BE SPECIFICALLY IDENTIFIED ON THE CONTROL PANELS>CATEGORY 2:~SENSORS SHALL BE QUALIFIED IN ACCORDANCE WITH REGULATORY GUIDE'1 89 (NLIREG-0588), SEISMIC QUALIFICATION IN ACCORDANCE WITH REGULATORY GUIDE 1,100 SHALL BE PROVIDED WHEN THE INSTRUMENTATION IS PART OF A SAFETY RELATED SYSTEMa~INSTRUMENTATION SHALL BE POWERED FROM A NON-CLASS IE INSTRUMENT BUS WITH CLASS IE POWER AS BACKUP OR FROM CLASS IE POWER~THE OUT-OF-SERVICE INTERVAL SHALL BE BASED ON NORMAL TFCHNICAL SPECIFICATION REQUIREMENTS ON THE APPLICABLE SYSTEMS~SENSORS SHALL BE QUALITY CLASS Qg (IN SOME CASES'UALITY CLASS R)DISPLAYS SHALL BE QUALITY CLASS R EXHIBIt 2C3-2 I
2.C.3.A POST ACCIDENT MONITORING DE 6 ER 1 DISPLAY SHALL BE ON AN INDIVIDUAL INSTRUMENT OR ON DEMAND ON A CRT~DATA RECORDING SHALL BE PROVIDED FOR EFFLUENT RADIOACTIVITY MONITORS'OREA RADIATION MONITORS>AND METEOROLOGY MONITORS>DEDICATED RECORDERS SHALL BE PROVIDED WHERE DIRECT OR IMMEDIATE TREND OR TRANSIENT INFORMATION IS ESSENTIAL FOR OPERATOR I NFORMAT I ON OR ACTI ON s~TRANSMISSION OF SIGNALS FOR OTHER USE SHALL BE THROUGH ISOLATION DEVICES<~TYPES Ag Bg AND C INSTRUMENTS SHALL BE SPECIFICALLY IDENTIFIED ON THE CONTROL PANELS s CATEGORY 3.'INSTRUMENTATION SHALL BE OF HIGH QUALITY COMMERCIAL GRADE AND SHALL BE SELECTED TO W I THSTAND THE SERV I CE ENVI RONMENT s O DISPLAY SHALL BE ON AN INDIVIDUAL INSTRUMENT OR ON DEMAND ON A CRT>DATA RECORDING SHALL BE PROVIDED FOR EFFLUENT RADIOACTIVITY MONITORS'REA RADIATION MON I TORSg AND METEOROLOGY MONITORS, DEDICATED RECORDERS SHALL BE PROVIDED WHERE DIRECT OR IMMEDIATE TREND OR TRANSIENT INFORMATION IS ESSENTIAL FOR OPERATOR INFORMATION OR ACTION s EXHIBIT 2C3-3
2, C,3,A POST ACCIDENT NGNITORING I 2)SERVICING'ESTING>
AND CALIBRATION PROGRAMS SHALL BE PROVIDED TO MAINTAIN THE CAPABILITY OF THE MONITORING INSTRUMENTATION)
FOR THOSE INSTRUMENTS WHERE THE REQUIRED INTERVAL BETWEEN TESTING WILL BE LESS THAN THE NORMAL TIME INTERVAL BETWEEN GENERATING STATION SHUTDOWNS>
A CAPABILITY FOR TESTING DURING POWER OPERATION SHALL BE PROVIDED s 3)WHENEVER MEANS FOR REMOVING CHANNELS FROM SERVICE ARE INCLUDED IN THE DESIGNS THE DESIGN SHALL FACILITATE ADMINISTRATIVE CONTROL OF THE ACCESS TO SUCH REMOVAL MEANS, 0)THE DESIGN SHALL FACILITATE ADMINISTRATIVE CONTROL OF THE ACCESS TO ALL SETPOINT ADJUSTMENTS g I lODULE CALI BRAT I ON ADJUSTMENTS'ND TEST PO I NTS s 5)THE MONITORING INSTRUMENTATION DESIGN SHALL MINIMIZE THE DEVELOPMENT OF CONDITIONS THAT WOULD CAUSE METERS'NNUNCIATORSg RECORDERS'LARMS'TC s y TO GIVE ANOMALOUS I NDI CAT I ONS POTENT I ALLY CONFUS I NG TO THE OPERATOR~6)THE INSTRUMENTATION SHALL BE DESIGNED TO FACILITATE THE RECOGNITION'OCATIONS REPLACEMENTS REPAIRS OR ADJUSTMENT OF MiALFUNCTIONING COMPONENTS OR MODULES, 7)TO THE EXTENT PRACTICABLE'ONITORING INSTRUMiENTATION INPUTS SHALL BE FROM SENSORS THAT DIRECTLY MiEASURE THE DESIRED VARIABLES'XHIBIT 2C3-0
2, C,B,A POST ACCIDENT YiONITORING 8)TO THE EXTENT PRACTICAL>
THE SAME INSTRUMENTS SHALL BE USED FOR ACCIDENT MONITORING AS ARE USED FOR THE NORMAL OPERATIONS OF THE PLANT TO ENABLE THE OPERATOR TO USERS DURING ACCIDENT SITUATIONS>
INSTRUMENTS WITH WHICH HE IS MOST FAMILIAR'OWEVER, WHERE THE REQUIRED RANGE OF MONITORING INSTRUMENTATION RESULTS IN A LOSS OF INSTRU-MENTATION SENSITIVITY IN THE NORMAL OPERATING RANGE SEPARATE INSTRUMENTS SHALL BE USED')PERIODIC TESTING SHALL BE IN ACCORDANCE WITH THE APPLICABLE PORTIONS OF REGULATORY 6UIDE lsl18 PERTAINING TO TESTING OF INSTRUMENTS CHANNELSs (NOTE'ESPONSE TIME TESTING NOT USUALLY NEEDED>)EXHIBIT 2C5-5 2,C,S,B POST ACCIDENT NONITORING S 1)TYPE A VARIABLES'THOSE VARIABLES TO BE MONITORED THAT PROVIDE THE PRIMARY INFORMATION REQUIRED TO PERMIT.THE CONTROL ROOM OPERATOR TO TAKE SPECIFIC MANUALLY CONTROLLED ACTIONS FOR WHICH NO AUTOMATIC CONTROL IS PROVIDED AND WHICH ARE REQUIRED FOR SAFETY SYSTEMS TO ACCOMPLISH THEIR SAFETY FUNCTION FOR DESIGN BASIS ACCIDENT EVENTS s PRIMARY INFORMATION IS THAT WHICH IS ESSENTIAL FOR THE DIRECT ACCOMPLISHMENT OF THE SPECIFIED SAFETY FUNCTIONS)
IT DOES NOT INCLUDE THOSE VARIABLES WHICH ARE ASSOCIATED WITH CONTINGENCY ACTIONS THAT MAY ALSO BE IDENTIFIED IN WRITTEN PROCEDURES>
A C-E REVIEW OF EMERGENCY GUIDELINES (LOCAL VSLB, SG TUBE RUPTUREg ATHSp REACTOR TRIPg LOSS OF FEED AND LOSS OF FORCED FLOW)IS UNDERWAY TO IDENTIFY FOR EACH EVENTS REQUIRED NANUAL ACTION INSTRUMENT CONSULTED REQUIRED RANGE AND ACCURACY CURRENT QUALIFICATION STATUS COMPLETION IS EXPECTED IN NOVEMBER'981, IN ADDITIONS A REVIEW OF THE EMERGENCY PROCEDURES AFTER THEY ARE DEVELOPED WILL BE PERFORMED TO ENSURE THE REQUIRED VARIABLES HAVE BEEN IDENTIFIED EXHIBIT 2C)-F.
2,C,3,B POST ACCIDENT MONITORING SYSTEM DESCRIPTION 2)TYPE 8 VARIABLES:
THOSE VARIABLES THAT PROVIDE INFORMATION TO INDICATE HHETHER PLANT SAFETY FUNCTI ONS ARE BEING ACCOMPLI SHED s PLANT SAFETY FUNCTI ONS ARE (1)REACTIVITY CONTROLS (2)CORE COOLING'3)
MAINTAINING REACTOR COOLANT SYSTEM I NTEGRITYg AND (4)MAINTAINING CONTAINMENT INTEGRITY (INCLUDING RADIOACTIVE EFFLUENT CONTROL), VARIABLES ARE LISTED WITH DESIGNATED RANGES AND CATEGORY FOR DESIGN AND QUALIFICATION REQUIREMENTS'EY VARIABLES ARE INDICATED BY DESIGN AND QUALIFICATION CATEGORY 1s~CATEGORY 1 VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT SUMP HATER LEVEL-HIDE RANGE BOTTOM OF CONTAINMENT TO 600p000 GALLON EQUIVALENT SENSOR RANGE 11 FTi (+6 IN)ABOVE SUMP TO+6 IN<ABOVE MAXIMUM EXPECTED FLOOD LEVEL)DISPLAY-2 CHANNELS, CLASS IEi RECORDING ON ONE CHANNEL EXHIBIT 2C3-7 TYPE B CATEGORY 1 (CONT'D)2,C,3,B POST ACCIDENT NONITORING SYSTEN DESCRIPTION VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT PRESSURE 0 TO DESIGN PRESSURE (60 PSIG)10 PS I A TO DESIGN PRESSURE (60 PSIG)SENSOR RANGE--5 PS I G TO 180 PS I G DISPLAY-2 CHANNELS, CLASS IEi RECORDING ON ONE CHANNEL CONTAINMENT ISOLATION VALVE POSITION (EXCLUDING CHECK VALVES)CLOSED-NOT CLOSED DISPLAY-VALVE STATUS FOR ALL AUTOMATIC OR REMOTE MANUAL CONTAINMENT ISOLATION VALVES CATEGORY 2 VARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT SUMP HATER LEVEL-NARROW RANGE SUMP SENSOR RANGE+6 IN)ABOVE BOTTOM OF RADWASTE DRAIN SUMP TO+6 IN, ABOVE TOP OF SUMP D I SPLAY-1/SUMP'ENSOR QUALI FIED TO POST LOCA ENVIRONMENTS SEISMIC CATEGORY II EXHIBIT 2C3-8 2,C,5~B POST ACCIDENT MONITORING SYSTEM DESCRIPTION
~TYPE B CATEGORY 5 VARIABLE REQUIREMENT DESIGN FEATURE RCS SOLUBLE BORON CONCENTRATION 0 TO 6000 PPM POST ACCIDENT SAMPLING SYSTEM;RANGE-0 TO 6000 PPMg REMOTE SAMPLE>IN-LINE AUTOMATIC (GRAB SAMPLE BACKUP)EXHIBIT 2C5-9 2,C,3,B POST ACCIDENT NONITORING SYSTEN DESCRIPTION 3)TYPE C YAR IABLES-THOSE VARIABLES THAT PROVIDE INFORMATION TO INDICATE THE POTENTIAL FOR BEING BREACHED OR THE ACTUAL BREACH OF THE BARR I ERS TO F I SS ION PRODUCT RELEASES s THE BARRIERS ARE (1)FUEL CLADDING'2)
PRIMARY COOLANT PRESSURE BOUNDARY'ND (3)CONTAINMENT>
1 CATEGORY 1 ttAR I ABLE REQUIREMENT DESIGN FEATURE RADIOACTIVITY CONCENTRATION OR RADIATION LEVEL IN CIRCULATING PRIMARY COOLANT 1/2 TECH SPEC LIMIT TO 100 TIMES TECH SPEC LIMITS R/HR SENSOR RANGE-1R/HR TO 105R/HR DISPLAY-CRT, NON-CLASS IE, a 2 SAFETY RELATED CHANNEL DISPLAYS AT CABINETS CLASS IEg RECORDING ON ONE CHANNEL CONTAINMENT PRESSURE 10 PSIA TO DESIGN PRESSURE (60 PSIG)10 PSIA TO 3 TIMES DESIGN PRESSURE SENSOR RANGE--5 PSIG TO 180 PSIG DISPLAY-2 CHANNELS, CLASS IEi RECORDING ON ONE CHANNEL EXHIBIT 2C3-10
2,C,),B POST ACCIDENT NONITORING USE~TYPE C CATEGORY 1 (CONT'D)VARIABLE REQUI REMENT DESIGN FEATURE CONTAINMENT SUMP HATER LEVEL-l'lIDE RANGE BOTTOM OF CONTAINMENT TO 600,000 GALLON EQUIVALENT SENSOR RANGE-11 FT (+6 IN, ABOVE SUMP TO+6 IN a ABOVE MAXIMUM EXPECTED FLOOD LEVEL)DISPLAY-2 CHANNELS, CLASS IE, RECORDING ON ONE CHANNEL CONTAINMENT HYDROGEN CONCENTRATION 0 TO 10%(CAPABLE OF OPERATING FROM 10 PSIA TO MAXIMUM DESIGN PRESSURE)SENSOR RANGE 0 TO 10%AVAILABLE 50 MINUTES AFTER INITIATION OF SAFETY INJECTION CAPABLE OF OPERATING FROM 5 PSIG TO 60 PSIG (CONTAINMENT DESIGN PRESSURE)DISPLAY-2 CHANNELS, CLASS IE RECORDING ON ONE CHANNEL EXHIBIT 2C5-11
2, C,3,B POST ACCIDENT YiONITORING
~TYPE C CATEGORY 2 VARIABLE CONTAINMENT SUMP WATER LEVEL-NARROW RANGE REQUIREMENT SUMP DESIGN FEATURE SENSOR RANGE-+6 IN)ABOVE BOTTOM OF RADWASTE DRAIN SUMP TO 6 INI ABOVE TOP OF SUMP DISPLAY-1/SUMP SENSOR QUALIFIED TO POST LOCA ENVIRONMENTS SEISMIC CATEGORY I I CONTAINMENT EFFLUENT RADIOACTIVITY
-NOBLE GASES FROM IDENTIFIED RELEASE POINTS 10~CI/CC To 10 vCI/CC SENSOR RANGE-10 FCI/CC TO 10 2~CI/CC AT PLANT VENT DISPLAY-CRT SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY I I RADIATION EXPOSURE RATE (INSIDE BUI LDINGS OR AREAS WHICH ARE IN DIRECT CONTACT WITH PRIMARY CON-TAINMENT WHERE PENETRATIONS AND HATCHES ARE LOCATED)10 R/HR TO 10 R/HR 13 MONITORS SENSOR RANGE-10 R/HR TO 10 R/HR DisPLAY-CRT SENSORS QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY I I EXHIBIT 2C3-12
2, C,3,B POST ACCIDENT NONITORING
~TYPE C CATEGORY 2 (CONT'D)VARIABLE REQUIREMENT DESIGN FEATURE EFFLUENT RADIOACTIVITY-NOBLE 6ASES (FROM BUILDINGS INDICATED ABOVE)10 vCI/CC To 10 vCI/CC SENSOR RANGE-10 vCI/CC TO 10~vCI/CC AT FUEL BUILDING VENT DISPLAY-CRT SENSOR QUALIFIED TO POST ACCIDENT ENV I RONMENTp SEISMIC CATEGORY I I~CATEGORY 3 VARIABLE REQUIREMENT DESIGN FEATURE ANALYSIS OF PRIMARY COOLANT (6AMMA SPECTRUM)10PCI/GM TO 10 CI/GM QR TID-14844 soURcE TERM IN COOLANT VOLUME POST ACCIDENT SAMPLING SYSTEMS RANGE-10 v CI/CC TO 10 CI/CC REMOTE SAMPLERS I SOTOP I Cg IN LINE AUTOMATIC (GRAB SAMPLE BACKUP)CONTAINMENT AREA RADIATION 1 R/HR TO 10 R/HR SENSOR RANGE-1 R/HR TO 10 R/HR DISPLAY-CRT EXHIBIT 2C3-13 2,C,3,B POST ACCIDENT NONITORING 0~TYPE C CATEGORY 3 (CONT'D)VARIABLE REQUIREMENT DESIGN FEATURE EFFLUENT RADIOACTIVITY-NOBLE GAS EFFLUENT FROM CONDENSER AIR REMOVAL SYSTEM EXHAUST 10 vCI/CC To 10 v CI/cc SENSOR RANGE 10~CI/CC TO 10 3 v CI/cc DISPLAY CRT SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENT 4)TYPE D VARIABLES-THOSE VARIABLES THAT PROVIDE INFORMATION TO INDICATE THE OPERATION OF INDIVIDUAL SAFETY SYSTEMS AND OTHER SYSTEMS IMPORTANT TO SAFETY)THESE VARIABLES ARE TO HELP THE OPERATOR MAKE APPROPRIATE DECISIONS IN USING THE INDIVIDUAL SYSTEMS IMPORT/NT TO SAFETY I N MI TI GATING THE CONSEQUENCES OF AN ACCIDENT i~CATEGORY 1 VARIABLE REQUIREMENT DESIGN FEATURE CONDENSATE STORAGE TANK LEVEL PLANT SPECIFIC SENSOR RANGE-0 TO 50 FT DISPLAY-2 CHANNELS, CLASS IE RECORDING ON ONE CHANNEL EXHIBIT 2C3-14
2, C,3, B POST ACCIDENT MONITORING SYSTEM DESCRIPTION
~TYPE D CATEGORY 2 VARIABLE PRIMARY SYSTEM SAFETY RELIEF VALVE POSITIONS PRESSURIZER HEATER STATUS SAFETY/RELIEF VALVE, POSITIONS OR MAIN STEAM FLOW AUXILIARY FEEDWATER FLoW REQUIREMENT CLOSED-NOT CLOSED ELECTRIC CURRENT CLOSED-NOT CLOSED 0 To 110%DESIGN FLOW DESIGN FEATURE PVNGS WILL COMPLY PVNGS WILL COMPLY PVNGS WILL COMPLY SENSOR RANGE-0 TO 2000 GPM=0 To 228%DISPLAY-2 CHANNELS't ASS IE CONTAINMENT ATMOSPHERE TEMPERATURE CONTAINMENT SUMP WATER TEMPERATURE 40 F To 400 F 50 F To 250 F PVNGS WILL COMPLY DESIGN IMPLEMENTATION IS IN REVIEW EXHIBIT 2C3-15 2,C,3,B POST ACCIDENT NONITORING SSYSTEH DESCRIPTION 1 TYPE D CATEGORY 2 (CONT'D)VARIABLE ESSENTIAL COOLING WATER SYSTEM TEMPERATURE ESSENTIAL COOLING HATER SYSTEM FLOW EMERGENCY VENTILATION DAMPER POSITION STATUS OF STANDBY POWER AND OTHER ENERGY SOURCES REQUIREMENT 32 F To 200 F 0 To 110%DESIGN Ft OW OPEN-CLOSED STATUS VOLTAG ES y CURRENTS'RESSURES DESIGN FEATURE SENSOR RANGE-0 TO 200 F DISPLAY-1/TRA I N p SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY II SENSOR RANGE-0 To 20g000 GPM=0 To 114%DISPLAY-1/TRA I N p SENSOR QUALIFIED To POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY I I DISPLAY-DAMPER STATUS FOR ALL AUTOMATIC OR REMOTE MANUAL EMERGENCY VENTILATION DAMPERS DISPLAY-ESF BUS VOLTAGES AND CURRENTS'LASS IE LOW PRESSURE ALARMS ON NSIVi NFIV AND ATMOSPHERIC DUMP VALVE ACCUMU-LATORS i SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENTS SEISMIC CATEGORY II EXfl I B IT 2C3-16
2,C,3,B POST ACCIDENT NONITORING SYSTEN DESCRIPTION e TYPE D CATEGORY 3 VARIABLE REACTOR COOLANT PUMP STATUS REQUIREMENT NOTOR CURRENT DESIGN FEATURE DISPLAY-PUMP MOTOR CURRENT H I GH-LEVEL RADIOACTIVE LIQUID TANK LEVEL TOP TO BOTTOM DISPLAY-SENSOR RANGE 0-32,000 GPM NAIN CONTROL ROOM ALARM OF RADWASTE SYSTEM TROUBLE RADWASTE SYSTEMS ARE NORMALLY CONTROLLED FROM RADWASTE CONTROL ROOMs NAIN CONTROL ROOM DISPLAY ON DEMAND VIA CRT TERMINALs RADIOACTIVE 6AS HOLDUP TANK PRESSURE 0 To 150%DESIGN PRESSURE DISPLAY-SENSOR RANGE WILL BE PROVIDED TO COMPLY WITH 0 TO 150%DESIGN PRESSUREs NAIN CONTROL ROOM ALARM OF-RADWASTE SYSTEM TROUBLE RADWASTE SYSTEMS ARE NORMALLY CONTROLLED FROM RADWASTE CONTROL ROOMs NAIN CONTROL ROOM DISPLAY ON DEMAND VIA CRT TERMINALa EXHIBIT 2C3-17 2.C,3.B POST ACCIDENT NONITORING S I 5)TYPE E YAR IABLES-THOSE VARIABLES TO BE MONITORED AS REQUIRED FOR USE IN DETERMI N-ING THE MAGNITUDE OF THE RELEASE OF RADIOACTIVE MATERIALS AND CONTINUALLY ASSESSING SUCH RELEASESs CATEGORY 1 YARIABLE REQUIREMENT DESIGN FEATURE CONTAINMENT AREA RADIATION-HIGH RANGE 1 R/HR TO 107R/HR SENSOR RANGE: 1 R/HR TO 107 R/HR DISPLAY: CRT AND 2 SAFETY RATED CHANNEL DISPLAYS AT CABINET, CLASS 1E, RECORDING ON ONE CHANNEL EXHIBIT 2C3-18
2.C,3,B POST ACCIDENT NONITORING S S E DESC I 0~TYPE E CATEGORY 2 VARIABLE REQUIREMENT DESIGN FEATURE RADIATION EXPOSURE RATE (INSIDE BUILDINGS OR AREAS WHERE ACCESS IS REQUIRED TO SERVICE EQUIPMENT IMPORTANT TO SAFETY)10 1 R/HR To 104 R/HR 10 MONITORS SENSOR RANGE-10 R/HR TO 104 R/HR DISPLAY-CRT SENSORS QUALIFIED TO POST ACCIDENT ENVIRONMENT LOCAL DISPLAY AND ANNUNCIATION CONTAINMENT OR PURGE EFFLUENT-NOBLE 6ASES AND VENT FLOW RATE 10 6 v CI/cc To 10~~CI/CC 0 To 110%VENT DESIGN FLOW PLANT VENT MONITORED AS IDENTIFIED BELOW COMMON PLANT VENT-NOBLE 6ASES AND VENT FLOW RATE 10 6 I'CI/CC TO 103~CI/CC 0 To 110%DESIGN FLOW PLANT VENT MONITORED AS IDENTIFIED BELOW EXHIBIT 2C3-19 2.C,3,B POST ACCIDENT NONITORIN6 S S 0~TYPE E CATEGORY 2 (CONT'D)VARIABLE REQUIREMENT DESIGN FEATURE AUXILIARY BUILDING-NOBLE 6ASES AND VENT FLOW RATE CONDENSER AIR REMOVAL SYSTEM EXHAUST-NOBLE 6ASES AND VENT FLOW RATE VENT FROM STEAM 6ENER-ATORS SAFETY RELIEF VALVES OR ATMOSPHERIC DUMP VALVES-NOBLE 6ASES AND VENT FLOW RATE 10-6.CI/CC TO 103 PCI/cc 0 TO 110%VENT DESIGN FLOW 10 6 PCI/CC TO 105 PCI/Cc 0 To 110%VENT DESIGN FLOW 10 1 P CI/cc To 103 v CI/cc (DURATION OF RELEASES IN SECONDS AND NASS OF STEAM PER ONIT TIME)EXHIBIT 2C3-20 SENSOR RANGE-10 9 P CI/CC TO 105 PCI/CC AT PLANT VENT DISPLAY-CRT, NON-CLASS IE SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENT FLOW MEASUREMENT WILL BE PROVIDED SENSOR RANGE-10 6 PCI/CC TO 105 P CI/CC DISPLAY-CRT, NON-CLASS IE SENSOR QUALIFIED TO POST ACCIDENT ENVIRONMENT.
FLOW MEASUREMENT WILL BE PROVIDED[MONITOR/STEAM LINE SENSOR RANGE-10 1 P CI/CC TO 103 PCI/cc DISPLAY-CRT SENSORS QUALIFIED TO POST ACCIDENT ENVIRONMENT 0
2.C,3.B POST ACCIDENT PIONITORING S E DESC I IO~TYPE E CATEGORY 2 (CONT D)VARIABLE REQUIREMENT DESIGN FEATURE FUEL BUILDING VENT-NOBLE 6ASES AND VENT FLOW RATE 10-6 vCI/cc To 102 v CI/cc 0 To 110%VENT DESIGN FLOW SENsoR RANGE-10 6 p CI/cc To 102 v CI/cc DISPLAY-CRT SENSORS QUALIFIED TO POST ACCIDENT ENVIRONMENT FLOW MEASUREMENT WILL BE PROVIDED EXHIBIT 2C3-21 2,C,3.8 POST ACCIDENT NONITORING S E HLm 0 TYPE E CATEGORY 3 VARIABLE REQUIREMENT DESIGN FEATURE PARTICULATES AND HALOGENS AT ALL IDENTIFIED RELEASE POINTS (EXCEPT STEAM GENERATOR SAFETY RELIEF VALVES OR ATMOSPHERIC STEAM 10 3 v.CI/CC To 102 vCI/cc 0 TO 130%VENT DESIGN Ft OW NONITORS AT PLANT VENT FUEL BUILDING VENT NAI N CONDENSER AI R REMOVAL EXHAUST SENSOR RANGE-10 3 FCI/CC TO 102 v.CI/cc FLOW MEASUREMENT WILL BE PROVIDED DUMP VALVES AND CON-DENSOR AIR REMOVAL SYSTEM EXHAUST)SAMPLI NGy WITH ON SITE ANALYSI S CAPA-BILITY EXHIBIT 2C3-22 2,C,3,B POST ACCIDENT MONITORING
~TYPE E CATEGORY 3 (CONT'D)VARIABLE REQUIREMENT DESIGN FEATURE AI RBORN RADIO-HALOGENS AND PARTICULATES (PORTABLE SAMPLING WITH ONSITE ANA-LYSIS CAPABILITY) 10-9 pCI/CC To 10 3 p CI/cc PVNGS WILL COMPLY EXHIBIT 2C3-23 2,C.3.B POST ACCIDENT PlONITORING S S~TYPE E CATEGORY 3 (CONT'D)VAR I ABLE PLANT AND ENVIRONS RADIATION (PORTABLE INSTRU-MENTATION)
REQUIREMENT 10 3 R/HR To 104 R/HRg PHOTONS 10 3 RADS/HR TO 104 RADS/HRr BETA RADIA-TIONS AND LOW-ENERGY PHOTONS DESIGN FEATURE PVNGS WILL COMPLY PLANT AND ENVIRONS RADIOACTIVITY (PORTABLE INSTRU-MENTATION)
NULTICHANNEL GAMMA-RAY SPECTROMETER PVNGS W I LL COMPLY EXHIBIT 2C3-24
2,C,3,B POST ACCIDENT NONITORIN6 SC I~TYPE E CATEGORY 3 (CONT'D)VARIABLE REQUIREMENT DESIGN FEATURE HI ND DIRECTION 0 To 360 (+5 ACCURACY WITH A DEFLECTION OF 15), START I NG SPEED Os45 MPS (1,0 MPH), DAMPING RATIO BETWEEN 0,4 AND 0, 6g D I STANCE CONSTANT 2 METERSs 0 TO 540 (+5 ACCURACY)STARTING THRESHOLD Os75 MPHs'AMPING RATIO Os4i DISTANCE CONSTANT 3 3 FT, ('JIND SPEED 0 TO 30 MPS (67 MPH)+0,22 MPS (0,5 MPH)ACCURACY FOR WIND SPEEDS LESS THAN 11.MPS (25 MPH)WITH A STARTING THRESHOLD OF LESS THAN Os45 MPS (1 s 0 MPH)0 To 50 MPH+1%oR 0,15 MPH OR WHICHEVER IS GREATER p WITH A STARTING THRESHOLD OF 0,6 MPHs EXHIBIT 2C3-25
2,C,3,B POST ACCIDENT NONITORING 0~TYPE E CATEGORY 3 (CONT'D)VARIABLE REaUIREMENT DESIGN FEATURE ESTIMATION OF ATMOS-PHERIC STABILITY BASED ON VERTICAL TEMPERATURE DIFF-ERENCE FROM PRIMARY.SYSTEMS-5CT010C (-9 F To 18 F)AND+0,15 C ACCURACY PER 50 METER INTERVALS (+0s'3 F ACCURACY PER 164-FOOT INTERVALS)
OR ANALOGOUS RANGE FOR ALTERNATIVE STABILITY ESTIMATES BASED ON A VERTICAL DIFFERENCE OF 160 FT,+6 F ANALOG AND D I G ITALO'18 TO-6 F ANALOG ONLY AND+0,18 F ACCURACY, EXH I B IT 2C3-26
2,C,3,B POST ACCIDENT MONITORING 5 C~TYPE E CATEGORY 3 (CONT'D)VARIABLE REQUIREMENT DESIGN FEATURE ACCIDENT SAMPLING CAPABILITY (ANALYSI S CAPABILITY ONSITE)POST ACCIDENT SAMPLING SYSTEM.'(REMOTE SAMPLERS IN-LINE AUTOMATIC GRAB SAMPLE BACKUP)PRIMARY COOLANT R SUMP VIA GRAB SAMPLE~GROSS ACTIVITY~GAMMA SPECTRUM~BORON CONTENT CHLORIDE CONTENT I DISSOLVED HYDROGEN P DISSOLVED OXYGEN o PH GRAB SAMPLE 10 pCI/Ml To 10 CI/Ml (I SOTOP I c'ANALYSIS) 0 To 6000 PPM 0 TO 20 PPM 0 To 2000 cc (STP)/KG 0 TO 20 PPM 1 TO 13 EXHIBIT 2C3-27 RANGES'0 3 p CI/cc To 10 CI/cc ISOTOPIC ANALYSIS 0 To 6000 PPM 0 To 20 ppM 0 TO 2000 cc (STP)/KG 0 TO 20 PPM 1 TQ 13 2.C.3.B POST ACCIDENT NON ITORIN6~TYPE E CATEGORY 3 (CONT'D)YAR I ABLE REQUI REMENT DESIGN FEATURE ACCIDENT SAMPLING CAPABILITY (ANALYSIS CAPABILITY ON-SITE)POST ACCIDENT SAMPLING SYSTEM'REMOTE SAMPLERS IN-LINE AUTOMATIC)
CONTAINMENT AI R P HYDROGEN (,ONTENT 0'OXYGEN CONTENT~6AMMA SPECTRUM 6RAB SAMPLE 0 To 10%0 To 30%(I SOTOP I C ANALYSIS)0 To 10%0 To 30%10-7 vCI/CC To 105 vCI/CC ISOTOPIC ANALYSIS EXHIBIT 2C3-28
ALL OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY I I I I I I I I I I L PROCESS SYSTEM VARIABLES NSSS ACTUATED DEVICES BOP PROCESS SYSTEM VARIABLES SENSORS DISPLAYS LOGIC I I SENSORS~DISPLAYS I NSSS NSSS-SRP 7.6-I~SHUTDOWN COOLING SYSTEM SUCTION LINE VALVE INTERLOCKS I~SAFETY INJECTION TANK ISOLATION VALVE INTERLOCKS BOP ALL OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY INSTRUMENTATION SYSTEMS DESIGNED TO PROTECT OTHER VITAL SYSTEMS FROM POTENTIALLY DAMAGING TRANSIENTS.(EXCLUDES FIRE PROTECTION)
ALARM LOGIC BOP-SRP 7.6-~CLASS IE ALARM SYSTEM~SAFETY PARAMETER DISPLAY SYSTEM (SPDS)FIGURE 2D-1 0
2, D.l.A CLA I E ALARM SYSTEM ES G 1)THE CLASS IE ALARM SYSTEM SHALL BE PROVIDED FOR A LIMITED NUMBER OF OPERATIONAL OCCUR-RENCES FOR WHICH NO SPECIFIC AUTOMATIC ACTUATION OF A SAFETY SYSTEM IS REQUIRED.THE SYSTEf"'j ALERTS THE OPERATOR TO KEEP THE PLANT OPERATING WITHIN TECHNICAL SPECIFI-CATION LIMITS AND AIDS IN PRECLUDING EQUIPMENT DAf'IAGE..
2)THE CLASS IE ALARM SYSTEfl SHALL BE DESIGNED IN COflPLIANCE WITH THE FOLLOWING STAiN-DARDS: 10CFRSO, LICENSING OF PRODUCTION AND UTILIZATION FACILITIES, APPENDIX A, GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS, JULY 15, 1971, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE)STD 279-1971, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR.POWER GENERATING STATIONS, IEEE STD 323-1974, STANDARD FOR QUALIFYING CLASS IE EQUIPMEfuT FOR NUCLEAR POWER GENERATING STATIONS.IEEE STD 338-1971, TRIAL-USE CRITERIA FOR THE PERIODIC TESTING OF NUCLEAR POWER GENERATING STATION PROTECTION SYSTEMS, IEEE STD 344-1975, RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS, EXHIBIT 2D1-1 2.D.l,A CLASS IE ALARM SYSTEM E IG IEEE STD 384-1974, TRIAL-USE STANDARD CRITERIA FOR SEPARATION OF CLASS IE.EQUIPMENT AND CIRCUITS, AS MODIFIED BY NRC REGULATORY GUIDE 1,75.3)POWER FOR EACH REDUNDANT CLASS IE ANNUNCIATOR SHALL BE SUPPLIED FROM A SEPARATE CLASS IE 125V-DC DISTRIBUTION BUS.4)EACH CLASS IE ANNUNCIATOR SHALL BE A UNIT INDEPENDENT FROM THE PLANT ANNUNCIATOR AND SHALL BE WITH INTEGRAL WINDOWS, HORN, POWER SUPPLY, AND LOGIC CARDS, 5)THE ANNUNCIATION SEQUENCE OF OPERATION AND TESTING FOR THE CLASS IE ANNUNCIATORS SHALL BE THE SAME AS THE PLANT ANNUNCIATOR WITH.THE FOLLOWING EXCEPTIONS:
CLASS IE ANNUNCIATOR SHALL HAVE A KEY-LOCKED ALARM ACKNOWLEDGE FUNCTION, AND CLASS IE ANNUNCIATOR DOES NOT REQUIRE A RETURN-TO-NORMAL AUDIBLE.6)THE CLASS IE ALARM SYSTEM SHALL BE DESIGNED TO THE REQUIREMENTS FOR NUCLEAR SAFETY-RELATED SYSTEMS SUCH THAT THE DEVICES MUST MAINTAIN THEIR SAFETY-RELATED FUNCTIONAL CAPABILITY UNDER ALL NORMAL AND ABNORMAL PLANT OPERATING CONDITIONS, EXHIBIT 2D1-2
2,D,l,s CLASS IE ALARN SYSTEN S S 1)CLASS IE ALARNS ARE PROVIDED TO ALERT THE OPERATOR IN THE EVENT OF LOSS OF NUCLEAR COOLING WATER TO THE REACTOR COOLANT PUf'1PS SEAL COOLERS INADEQUATE SAFETY INJECTION TANK PRESSURE HIGH WATER LEVEL IN AN ECCS PUf'1P ROOM, 2)SILENCING OF THE ALARN AUDIBLE IS PROVIDED BY A KEY-LOCKED ALARN ACKNOWLEDGE SWITCH FOR EACH CLASS IE ANNUNCIATOR.
3)FOUR CLASS IE ANNUNCIATORS ARE PROVIDED, TWO IN INSTRUftEi4T CHANNEL A AND TWO IN INSTRUf'lENT CHANNEL B, THE INSTRUNENT CHANi4EL A ANNUNCIATORS ARE PHYSICALLY SEPARATE AND INDEPENDENT OF THE If4STRUNENT CHANNEL B ANf4UNCIATORS.
THE INSTRUNEf4T CHANNEL A ANNUNCIATORS ARE SUPPLIED POWER FRON A CLASS IE 125V-DC DISTRIBUTION BUS (LOAD GROUP 1)SEPARATE FRON THE If4STRUNENT CHANNEL B ANNUNCIATORS (LOAD GROUP B), EXHIBIT 2D1-3 2.D, l,s CLASS IE ALARM SYSTEM S S E DESC IO 4)THE FOUR CLASS IE ANNUNCIATORS ARE: ANNUNCIATOR CHANNEL J-RKA-UA-2C J-RKB-UA-2D J-RKA-UA-4D J-RKB-UA-4E ALARMS PROVIDED INADEQUATE SAFETY INJECTION TANK PRESSURE-SAFETY INJECTION TANKS 3 AND 4 HIGH WATER LEVEL IN ECCS TRAIN A PUMP ROOMS (1 ANNUNCIATOR WINDOW/PUMP ROON)INADEQUATE SAFETY INJECTION TANK PRESSURE-SAFETY INJECTION TANKS 1 AND 2 HIGH WATER LEVEL IN ECCS TRAIN B PUMP ROOMS (1 ANNUNCIATOR WINDOW/PUMP ROON)LOSS OF NUCLEAR COOLING WATER TO THE REACTOR COOLANT PUMPS SEAL COOLERS (1 ANNUNCIATOR WINDOW/PUMP)
LOSS OF NUCLEAR COOLING WATER TO THE REACTOR COOLANT PUMPS SEAL COOLERS (1 ANNUNCIATOR WINDOW/PUMP)
EXHIBIT 2D1-4 2.D.l,s CLASS IE ALARN SYSTPI SSE SC I 0 5)EACH CLASS IE ANNUNCIATOR IS A UNIT WITH INTEGRAL WINDOWS, HORN, POWER SUPPLY AND ANNUNCIATOR LOGIC CARDS NOUNTED IN THE ANNUNCIATOR SECTION OF THE PIAIN CONTROL BOARDS, SEPARATE SWITCHES FOR ALARN ACKNOWLEDGE (SILENCING), FLASHER RESET, LANP RESET, AND TEST ARE LOCATED WITHIN OPERATOR REACH')CLASS IE ALARN FUNCTIONS A)LOSS OF NUCLEAR COOLING MATER TO THE REACTOR COOLANT PUNPS SEAL COOLERS REDUNDANT SAFETY GRADE INSTRUMENT CHANNELS CONTINUOUSLY NONITOR NUCLEAR COOLING WATER FLOW TO THE SEAL COOLERS FOR EACH REACTOR COOLANT PUMP, ANNUNCIATION IS PROVIDED IF THE NUCLEAR COOLING MATER FLOW RATE IS REDUCED BELOW THE NININUM REQUIRED FOR PUNP OPERATION, NONITORING IS AVAILABLE DURING NORNAL OPERATION COINCIDENT WITH LOP, B)INADEQUATE SAFETY INJECTION TANK PRESSURE SAFETY GRADE INSTRUNENT CHANNELS NONITOR THE PRESSURE IN EACH SAFETY INJECTION TANK AND THE PRESSURIZER, ANNUNCIATION IS PROVIDED IF PRESSURE IN A SAFETY INJECTION TANK FALLS BELOW 600 PSIG WHILE PRESSURIZER PRESSURE IS ABOVE 700 PSIG, INDICATING THE UNAVAILABILITY OF THE SAFETY INJECTION TANK TO PERFORN ITS CORE FLOODING FUNCTION IN THE EVENT OF A LOCA, EXHIBIT 2D1-5
2,D.l.a CLASS IE ALARM SYSTEM 5 S E DESCR P IO C)HIGH 1'lATER LEVEL IN AN ECCS PUMP ROOM SAFETY GRADE INSTRUMENT CHANNELS MONITOR LEVEL IN THE DRAIN BASIN IN THE ROOMS FOR THE LOW PRESSURE SAFETY INJECTION PUMPS, HIGH PRESSURE SAFETY INJECTION PUMPS, AND CONTAINMENT SPRAY PUMPS, ANNUNCIATION IS PROVIDED ON A HIGH LEVEL SIGNAI INDICATING LEAKAGE IN A PUMP ROOM, EXHIBIT 2D1-6
2,D,2,A SAFETY PARAMETER DISPLAY SYSTEM 1)THE SAFETY PARAMETER DISPLAY SYSTEM (SPDS)SHALL BE PROVIDED TO ASSIST CONTROL ROOM PERSONNEL IN EVALUATING THE SAFETY STATUS OF THE PLANT.THE PRIMARY FUNCTION OF THE SPDS IS TO AID THE OPERATOR IN THE RAPID DETECTION OF ABNORMAL OPERATING CONDITIONS, 2)THE SPDS SHALL BE DESIGNED TO THE FOLLOWING CODES AND STANDARDS:
A.10 CFR 50, APPENDIX A, GENERAL DESIGN CRITERIA FOR NUCLEAR POWER PLANTS, JULY 15, 1971, B, INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE), STANDARD 344-1975, RECOMMENDED PRACTICES FOR SEISMIC QUALIFICATION OF CLASS IE EQUIPMENT FOR NUCLEAR POWER GENERATING STATIONS, C, NUREG-0696, FUNCTIONAL CRITERIA FOR EMERGENCY RESPONSE FACILITIES, EXHIBIT 2D2-1 2.D,2,A SAFETY PARAMETER DISPLAY SYSTEM 5)THE IMPORTANT PLANT FUNCTIONS RELATED TO THE PRIMARY SPDS DISPLAY WHILE THE PLANT IS GENERATING POWER SHALL INCLUDE BUT:"POT BE LIMITED TO:~REACTIVITY CONTROL~REACTOR CORE COOLING~HEAT REMOVAL FROM THE PRIMARY SYSTEM~REACTOR COOLANT SYSTEf'I INTEGRITY~RADIOACTIVITY CONTROL~CONTAINMENT INTEGRITY 4)THE SPDS FUNCTION IN THE CONTROL ROOM SHALL BE PROVIDED DURIiJG AND FOLLOWING ALL EVENTS EXPECTED TO OCCUR DURING THE LIFE OF THE PLANT, INCLUDING SSE, 5)THE SPDS DISPLAY SHALL TAKE ACCOUNT OF HUMAN FACTORS AND THE MAN-MACHINE INTERFACE.
THE SPDS DISPLAY SHALL BE INCORPORATED INTO THE MAIN CONTROL ROOM WITH A LOCATION THAT WILL ALLOW THE DISPLAYS TO BE EASILY OBSERVED BY THE OPERATIONS STAFF, 6)THE SPDS DISPLAY SHALL REFLECT AND BE CAPABLE OF SUPPORTING ALL OPERATIi'JG MODES.EXHIBIT 2D2-2 0
2.D,2,A SAFETY PARAMETER DISPLAY SYSTEM 7)THE SPDS DISPLAY SHALL ALSO BE AVAILABLE IN THE TSC, SATELLITE TSC, AND EOF, 8)THE SPDS SHALL BE DESIGNED TO AN OPERATIONAL UNAVAILABILITY GOAL AS DEFINED IN NUREG 0696 OF 0,01 FOR THE DATA DISPLAY FUNCTION AT EACH FACILITY WHEN THE REACTOR IS ABOVE COLD SHUTDOWN STATUS, IN ADDITION, THE SPDS DISPLAY FUNCTION IN THE CONTROL ROOM SHALL BE DESIGNED TO AN OPERATIONAL UNAVAILABILITY GOAL OF O,2 FOR COLD SHUTDOWN STATUS INCLUDING THE REFUELING MODE, EXHIBIT 2D2-5 SAFETY PARAMETER DISPLAY SYSTEM j.)THE SPDS CONSISTS OF TWO DISPLAY SYSTEMS LOCATED IN THE CONTROL ROOM.~A FULL-COLOR CRT DISPLAY DRIVEN FROM THE TECHNICAL SUPPORT CENTER (TSC)COMPUTER SYSTEM.~A SEISMICALLY QUALIFIED DISPLAY SYSTEM DRIVEN FROM A SEPARATE CONTROL..ROOM PROCESSOR SYSTEfl, 2)PLANT FUNCTIONS INCLUDED IN THE SPDS DISPLAYS ARE:~REACTIVITY CONTROL~REACTOR CORE COOLING~HEAT REMOVAL FROM THE PRIMARY SYSTEM~REACTOR COOLANT SYSTEM INTEGRITY~RADIOACTIVITY CONTROL~CONTAINMENT INTEGRITY EXHIBIT 2D2-4 0 0 PROCESS SYSTEM VARIABLES SENSORS AUTOMATIC CONTROL DISPLAYS MANUAL CONTROL NSSS (WITHIN CESSAR SCOPE)-SRP 7.7-~STEAM BYPASS CONTROL SYSTEM~FEEDWATER CONTROL SYSTEM (15%-100%)~PRESSURIZER LEVEL CONTROL SYSTEM~PRESSURIZER PRESSURE CONTROL SYSTEM~BORON CONTROL SYSTEM~REACTOR POWER CUTBACK SYSTEM~REACTOR REGULATING SYSTEM~CONTROL ELEMENT DRIVE MECHANISM CONTROL SYSTEM~EX.CORE NEUTRON FLUX MONITORING SYSTEM~IN.CORE NEUTRON FLUX MONITORING SYSTEM~CORE OPERATING LIMIT SUPERVISORY SYSTEM~PLANT MONITORING SYSTEM NSSS (OUTSIDE CESSAR SCOPE)-SRP 7.7-~STEAM BYPASS CONTROL SYSTEM OPTION WITH 2 VALVES TO ATMOSPHERE
~EXTENDED RANGE (0%-15%)FEEDWATER CONTROL SYSTEM PROCESS CONTROL DEVICES.SENSORS DISPLAYS BOP-SRP 7.7-LOOSE PARTS MONITORING SYSTEM CONTROL SYSTEMS NOT REQUIRED FOR SAFETY ELECTRICAL AND MECHANICAL DEVICES AND CIRCUITRY REQUIRED FOR PLANT OPERATION BUT WHOSE FUNCTIONS ARE NOT ESSENTIAL FOR THE SAFETY OF THE PLANT CONTROL SYSTEMS NOT REQUIRED FOR SAFETY FIGURE 2E-1 2E,1 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY D G 1)FEEDWATER CONTROL SYSTEM-EXTENDED RANGE FOR OPERATION BETWEEN 0 AND 15%POWER, THE FEEDWATER CONTROL SYSTEM (FWCS)SHALL AUTOMATICALLY CONTROL THE STEAM GENERATOR DOWNCOMER WATER LEVEL, STEAM GENERATOR LEVEL WILL BE CONTROLLED DURING THE FOLLOWING CONDITIONS (ASSUMING THAT ALL OTHER CONTROL SYSTEMS ARE OPERATING IN AUTOMATIC):
1, STEADY STATE OPERATIONS; 2 1%PER MINUTE TURBINE LOAD RAMPS BETWEEN 0 AND 15%NSSS POWER;3, LOSS OF ONE OF TWO OPERATING FEEDWATER PUMPS;AND 4, LOAD REJECTION OF ANY MAGNITUDE.
EXHIBIT 2E-1 2E,1 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY DESIG CR E 2)STEAM BYPASS CONTROL SYSTEM-OPTION WITH TWO VALVES TO ATMOSPHERE THE CESSAR SYSTEM IS MODIFIED FOR PVNGS TO DUMP STEAM TO ATMOSPHERE THROUGH TWO OF THE TURBINE BYPASS VALVES.THESE VALVES SHALL BE THE LAST TO OPEN AND FIRST TO CLOSE DURING STEAM BYPASS OPERATION, EXHIBIT 2E-2
2E.l CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 9SI C E 5)LOOSE PARTS MONITORING SYSTEM A LOOSE PARTS MONITORING SYSTEM (LPMS)SHALL BE PROVIDED TO DETECT AND RECORD SIGNALS RESULTING FROM IMPACTS OCCURRING WITHIN THE REACTOR COOLANT SYSTEM.EXHIBIT 2E-5 2E.2 CONTROL SYSTENS NOT REQUIRED FOR SAFETY S'1)FEEDWATER CONTROL SYSTEN-EXTENDED RANGE BELOW 15%NSSS POWER, THE FWCS PERFORI'IS DYNANIC CONPENSATION ON THE LEVEL SIGNAL TO GENERATE AN OUTPUT SIGNAL INDICATIVE OF THE REQUIRED FEEDWATER FLO>$, THE OUTPUT SIGNAL IS USED TO GENERATE THE DOWNCOf'iER VALVE POSITION DEMAND SIGNAL, WHEN IN THIS CONTROL f"lODE THE ECONONIZER VALVE WILL BE CLOSED AND THE PUNP SPEED SETPOINT WILL BE AT ITS YiININUN VALUE, EXHIBIT 2E-4 REACTOR POWER TOTAL STEAM TOTAL FLOW FEEDWATER FLOW Z LEVEL F ILTER FILTER COMPARATOR 1 I La~~~~ass PI LEVEL 15%POWER COMPARATOR I+I PRESET VALUE SETPOINT COMPARATOR ZERO T+i MANUAL/AUTO CONTROL STATION TO FWCS 2 FROM HIGH FWG$2 EELECT OOWNCOMER VALVE PROGRAM ECONOMIZER VALVE PROGRAM PUMP PROGRAM MANUAL/AUTO CONTROL STATION MANUAL/AUTO CONTROL STATION MANUAL/AUTO CONTROL STATION TO DOWNCOMER VALVE TO ECONOMIZER VALVE TO F EEDWATER PUMP FEEDWATER CONTROL SYSTEM BLOCK DIAGRAM FIGURE 2E-2 2E,2 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY S S D SC IO 2)STEAM BYPASS CONTROL SYSTEM-OPTION WITH TWO VALVES TO ATMOSPHERE THE CESSAR SYSTEM IS MODIFIED FROM 4 VALVE GROUPS TO 5 VALVE GROUPS, VALVE GROUP 5 CONTAINS THE 7TH AND Bvw STEAM BYPASS VALVES WHICH DISCHARGE TO ATMOSPHERE, VALVE GROUP 5 JS THE LAST GROUP TO SEQUENCE OPEN AND IS NOT INTERLOCKED WITH A LOSS OF CONDENSER VACUUM SIGNAL', EXHIBIT 2E-5 MEASURED MAIN STEAM HEADER PRESSURE AIR SUPPLY ATMOSPHERE STEAM FLOW MAIN STEAM HEADER PRESSURE PROGRAM CONTROLLER ELECTRO/PNEUMATIC CONVERTOR PRESSURIZER PRESSURE PRESSURIZER PRESSURE BIAS PROGRAM CHANGE DETECTOR COMPARATOR THRESHOLD SETTING QUICK OPENING SIGNAL I I I a I I 8 TURBINE I BYPASS VALVES (6 TO I CONDENSER AND 2 TO I, ATMOSPHERE)
I I~I I I I VALVE PERMISSIVE SIGNAL STEAM BYPASS CONTROL SYSTEM BLOCK DIAGRAM FIGURE 2E-3 0'
2E,2 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY S S E DESC I 3)LOOSE PARTS MONITORING SYSTEM EIGHT HIGH TEMPERATURE PIEZOELECTRIC ACCELEROMETERS (TRANSDUCERS)
WILL BE LOCATED IN THE AREAS WHERE LOOSE PARTS ARE MOST LIKELY TO BECOME ENTRAPPED.
THESE ARE: 1, TWO REDUNDANT TRANSDUCERS WILL BE CLAMP MOUNTED ON THE IN-CORE INSTRUMENT GUIDE TUBES ON THE REACTOR VESSEL LOWER HEAD, DIAMETRICALLY OPPOSED 2, TWO REDUNDANT TRANSDUCERS WILL BE STUD MOUNTED ON THE REACTOR VESSEL UPPER HEAD SERVICE STRUCTURE FLANGE, DIAMETRICALLY OPPOSED 3, TWO REDUNDANT TRANSDUCERS ON THE LOWER HEAD REGION OF EACH STEAM GENERA-TOR, ONE TRANSDUCER WILL BE CLAMPED TO THE PRIMARY INLET PIPE AND THE OTHER WILL BE CLAMPED TO THE PRIMARY OUTLET PIPE, EXHIBIT 2E-6 2E,2 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY S ST ESC IPTIO A DATA ACQUISITION PANEL LOCATED IN THE CONTROL ROOM AREA CONTAINS ALARM MODULES THAT CONTINUALLY MONITOR THE INCOMING SIGNALS FROM THE PREAMPLIFIER FOR THE PRESENCE OF IMPACTING, THE OCCURRENCE OF A LOOSE PART IMPACTING ON THE INSIDE OF THE STRUCTURE CAUSES BURSTS OF SIGNALS THAT EXCEED THE ALARM SET POINT AND TRIGGER THE ALARM, THE DATA ACQUISITION PANEL INCLUDES TAPE RECORDERS WITH PLAYBACK AND AN AUDIO MONITOR, EXHIBIT 2E-7
CONPLIANCE WITH REGULATORY REQUI RENENTS EXHIBIT 5-i
REGULATORY REQUIREMENTS STANDARD REVIEW PLANS 7.1 THRU 7.7, REV.1 GENERAL DESIGN CRITERIA REGULATORY GUIDES IEEE STANDARDS AS APPLICABLE PER SRP TABLE 7-1 BRANCH TECHNICAL POSITIONS I I I I I I I I ISE BULLETINS NUREG.0737 FIGURE 3-1
SUMMARY
OF REGULATORY REQUIREMENTS
INSTRUMENTATION AN D CONTROLS STANDARD REVIEW PLAN 7.1, REV.1 TABLE 7-1 REACTOR TRIP SYSTEM SRP 7.2, REV.1 I I I gee~~mal I NSSS INTERFACE I ENGINEERED SAFETY FEATURE SYSTEMS SRP 7.3, REV.1 BOP SAFE SHUTDOWN SYSTEMS SRP 7.4, REV.1 BOP SAFETY-RELATED DISPLAY INSTRUMENTATION SRP,7.5, REV.1 BOP ALL OTHER SAF ETY-RELATED INSTRUMENTATION SRP 7.6, REV.1 BOP NON-SAF ETY RELATED CONTROL SYSTEMS SRP 7.7, REV.1 BOP NSSS NSSS NSSS SCOPE OF BOP INSTRUMENTATION AND CONTROLS REVIEW BOARD FIGURE 3A-1 NSSS NSSS NSSS
SRP SEC THE GENERAL DESIGN CRITERIA AND IEEE STD 279 SET FORTH REQUIREMENTS THAT MUST BE MET BY ALL DESIGNS FOR THE ESFAS IN ADDITION>THESE ARE ALSO USED FOR THE INSTRUMENTATION AND CONTROLS FOR THE ESSENTIAL AUXILIARY SUPPORTING SYSTEMS s IN C011PLIANCE EXHIBIT 5A-1
S C S SC 0 74 1, SY E RE U Y GENERAL DESIGN CRITERIA 26, 33 AND 34, AND IEEE STD 279 SPECIFY THE REQUIREMENTS THAT SYSTEMS REQUIRED FOR SAFE SHUTDOWNS AMONG OTHERS>MUST MEET WITH REGARD TO ALL OPERATING CONDITIONS (SUCH AS LOSS OF OFFSITE POWER)i SO THAT THEY CAN PERFORM THEIR SAFETY FUNCTION ASSUMING A SINGLE FAILURE IF A DETERMINATION IS MADE THAT THE SYSTEMS REQUIRED FOR SAFE SHUTDOWN MEET THE REQUIREMENTS OF THESE CRITERIA'HEY ARE ACCEPTABLE IN THIS REGARDS ELECTRICAL AND PHYSICAL INDEPENDENCE REQUIREMENTS AS DIS-CUSSED IN SRP SECTIONS 7 2 AND 7 3 SHOULD BE MET IN CONPLIANCE 2 CONFORMACEWT S G E UE CRI E 0 I EEE STD 279'EEE STD 379'ND REGULATQRY GUIDE 1, 53 PRO-VIDE RECOMMENDATIONS AND GUIDANCE FOR MEETING THE SINGLE FAILURE CRITERION REGARDING THE APPLICATION OF THE SINGLE FAILURE CRITERION TO THE DESIGN OF MANUALLY CONTROLLED ELECTRICALLY-OPERATED VALVES>THE ACCEPTABILITY OF PROPOSED DESIGNS IS BASED ON BRANCH TECHNICAL POSITION ICSB 18 IN CONPLIANCE EXHIBIT 3A-2 e
S S 0 7, (CONT)3, DE IF I 0 S A S S U THE METHOD USED FOR IDENTIFYING POWER AND SIGNAL CABLES AND CABLE TRAYS AS SAFETY-RELATED EQUIPMENT>
AND THE IDENTIFICA-TION SCHEME USED TO DISTINGUISH BETWEEN REDUNDANT CABLES'ABLE TRAYS'ND INSTRUMENT PANEL'S SHOULD BE IN ACCORDANCE WITH THE RECOMMENDATIONS OF SECTIONS 5.1.2 AND Dc6s3 OF REGULATORY GUIDE 1 75>PHYSICAL INDEPENDENCE OF ELECTRIC SYSTEMS'ND SECTION 4,2 2 OF IEEE STD 279 COLOR CODING IS A PREFERRED METHOD OF IDENTIFICATIONs IN CONPLIANCE 4, VI AL SUPPO G S E S THE INSTRUMENTATION'ONTROLS AND ELECTRIC EQUIPMENT ASSO-CIATED WITH THE AUXILIARY SYSTEMS THAT SUPPORT THE SYSTEMS REQUIRED FOR SAFE SHUTDOWN SHOULD MEET THE SAME ACCEPTANCE CRITERIA AS FOR THE SYSTEMS THEY SUPPORTS IN CONPLIANCE EXHIBIT 3A-3 SRP SEC 0 7 (coNT)$Si SYS E ES I G SS C C GENERAL DESIGN CRITERIA 1 AND 21, IEEE STD 279'EEE STD 336, AND REGULATORY GUIDES 1 22, 1 47 AND 1,68 CONTAIN THE APPLI-CABLE ACCEPTANCE CRITERIA WITH REGARD TO PREOPERATION AND PERIODIC TESTINGS QUALITY ASSURANCES AND DESIGN PROVISIONS FOR INDICATING THE AVAILABILITY OF SYSTEMS REQUIRED FOR-SAFE SHUTDOWN.AND ESSENTIAL AUXILIARY SUPPORTING SYSTEMS<IN COMPLIANCE EXHIBIT 3A-4 0
S SC 75 1 THE SRDI SHOULD COVER APPROPRIATE VARIABLES, CONSISTENT WITH THE ASSUMPTIONS FOR ACCIDENT ANALYSES AND WITH THE INFORMATION NEEDS OF THE OPERATORS IN NORMAL'RANSIENTS AND ACCIDENT CONDITIONS'HE DESIGN OF THE POST-ACCIDENT SRDI SHOULD CONFORM TO THE RECOMMENDATIONS OF REGULATORY GUIDE 1,97, THE ACCURACY AND RANGE OF INDICATING INSTRU-MENTATION SHOULD BE CONSISTENT WITH THE ASSUMPTIONS OF THE ACCIDENT ANALYSES)ANY EXCEPTIONS TO THESE REQUIREMENTS WILL BE REFERRED TO THE APPROPRIATE BRANCH FOR RESOLUTION ON AN INDIVIDUAL CASE BAS IS s IN CONPLIANCE 2, ALL MONITORING CHANNELS SHOULD BE REDUNDANT'O ASSURE THAT WRONG INDICATION DUE TO DEVICE MALFUNCTION WILL NOT CAUSE FALSE ACTION OR INACTION ON THE PART OF THE OPERATORs IDENTIFICATION MALFUNCTIONS CAN BE IDENTIFIED BY CROSS CHECKING BETWEEN REDUNDANT CHANNELS s IN CONPLIANCE EXHIBIT 5A-5
SRP S C IO.5 (coNT)QU T 3 REDUNDANT CHANNELS OF SAFETY-RELATED DISPLAY INSTRUMEN-TATION SHOULD BE ISOLATED PHYSICALLY AND ELECTRICALLY TO ASSURE THAT A SINGLE FAILURE WILL NOT RESULT IN COMPLETE LOSS OF INFORMATION ABOUT A MONITORED VARIABLE SINGLE FAILURES MIGHT INCLUDE SUCH POSSIBLE FAULTS AS SHORTS OR OPEN CIRCUITS OR INTERCONNECTING SIGNAL OR POWER CABLES>IT ALSO INCLUDES SINGLE CREDIBLE MALFUNCTIONS OR EVENTS THAT MIGHT CAUSE A NUMBER OF SUBSEQUENT COMPONENTS MODULE>OR CHANNEL FAILURESs ALL SRDI=SHOULD BE CAPABLE OF OPERAT-ING FROM ONSITE POWER IF SIGNALS FROM THE POST-ACCIDENT MONITORING EQUIPMENT ARE USED FOR CONTROLS THE REQUIRED ISOLATION DEVICES WILL BE CLASSIFIED AS PART OF THE POST-ACCIDENT MONITORING INSTRUMENTATION NO CREDIBLE FAILURE AT THE OUTPUT OF AN ISOLATION DEVICE SHOULD PREVENT THE ASSOCIATED MONITORING CHANNEL FROM MEETING MINIMUM PERFOR-MANCE REQUIREMENTS CONSIDERED IN THE DESIGN BASEST IN CONPLIANCE EXHIBIT 3A-6
SRPSC 0 (CONT)0s CAPABILITY SHOULD BE PROVIDED FOR CHECKING>WITH A HIGH DEGREE OF CONFIDENCE>
THE OPERATIONAL AVAILABILITY OF EACH SYSTEM INPUT SENSOR DURING REACTOR OPERATION AN ACCEPT-ABLE WAY OF ACCOMPLISHING THIS WOULD BE BYl IN COMPLIANCE A PERTURBATING THE MONITORED VARIABLE AND OBSERVING THE RESULTING INDICATIONS i B, INTRODUCING AND VARYING A SUBSTITUTE INPUT TO THE SENSOR OF THE SAME NATURE AS THE MEASURED VARIABLEs C, CROSS CHECKING BETWEEN CHANNELS THAT BEAR A KNOWN RELATIONSHIP TO EACH OTHER AND THAT HAVE READOUTS AVAILABLE i FOR CHANNELS WHICH MONITOR A NORMALLY STATIC PARAMETER>
PROVISIONS SHOULD BE MADE TO ALLOW PERIODIC TESTING IN ACCORDANCE WITH REGULATORY 6U IDE j.22'HEREBY VERIFYING CHANNEL OPERABILITY EXHIBIT 3A-7 SPS ,5 (CONT)5 AN INDICATION SYSTEM SHOULD BE PROVIDED COVERING BYPASSED OR DELIBERATELY INOPERABLE CONDITIONS OF SAFETY SYSTEMS>GUIDELINES FOR THE INDICATION SYSTEM ARE PROVIDED IN REGU-LATORY GUIDE 1 47 AND BRANCH TECHNICAL POSITION ICSB 21 IN COMPLIANCE 6s CABLES>CABLE TRAYS, COMPONENTS'ODULES>
AND INTERCONNECT-ING WIRING SHOULD BE IDENTIFIED>
THE METHOD USED FOR IDENTIFICATION AND THE SCHEME USED TO DISTINGUISH BETWEEN REDUNDANT CABLES'ABLE TRAYS'OMPONENTS'ODULES'ND INTERCONNECTING WIRING ARE ACCEPTABLE IF THEY ARE IN ACCOR-DANCE WITH THE RECOMMENDATIONS OF REGULATORY 6UIDE 1,75, IN COMPLIANCE 7i COMPONENTS AND MODULES SHOULD BE OF A QUALITY CONSISTENT WITH THE RELIABILITY REQUIREMENTS FOR SAFETY-RELATED SYSTEMS<AN ACCEPTABLE QUALITY WOULD BE THAT OF COMPONENTS AND MODULES THAT HAVE BEEN PREVIOUSLY USED IN SIMILAR SERVICE CONDITIONS AND HAVE DEMONSTRATED LOW MAINTENANCE REQUIREMENTS AND FAIL-URE RATES OTHER MEANS TO DEMONSTRATE ACCEPTABLE QUALITY WOULD BE THROUGH ANALYSIS AND TESTING OF COMPONENTS AND MOD-ULES'N ACCORDANCE WITH CRITERIA CITED IN TABLE 7-li IN COMPLIANCE EXHIBIT 3A-8
(CONT)8, IN ORDER TO ASSURE THAT THE REQUIREMENTS OF 6ENERAL DESIGN CRITERION li EQUALITY STANDARDS AND RECORDS>ARE MET IN THE SRDIi THE QUALITY ASSURANCE PROGRAM MUST SATISFY THE REQUIRE-MENTS OF IEEE STD 336, AS AMPLIFIED BY REGULATORY 6UIDE l>30)-IN CONPLIANCE EXHIBIT 3A-9 S P SEC 0.6 EQ 1 SS ED C U GDC 26 AND 33 AND IEEE STD 279 SPECIFY THE REQUIREMENTS THAT OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY'MONG.
OTHERS>MUST MEET WITH REGARD TO ALL OPERATING CONDITIONS (SUCH AS LOSS OF OFFSITE POWER)i SO THAT THEY CAN PERFORM NEEDED SAFETY FUNCTIONS ASSUMING A SINGLE FAILUREs IF A DETERMINATION IS MADE THAT THESE SYSTEMS MEET THE REQUIRE-MENTS OF THESE CRITERIA'HEY ARE ACCEPTABLE WITH REGARD TO REDUNDANCY REQUIREMENTS'N CONPLIANCE EXHIBIT 3A-10
SRP S C IO 6 (CONT)2, 0 0 IEEE STO 279, IEEE STO 379, AND REGULATORY 6UIOE 1.53 PROVIOE THAT SAFETY SYSTEMS SHOULD BE CAPABLE OF PERFORMING NEEDED SAFETY FUNCTIONS AFTER SUSTAINING A SINGLE FAILURES REGARD-ING THE APPLICATION OF THE SINGLE FAILURE CRITERION TO THE DESIGN OF MANUALLY-CONTROLLED ELECTRICALLY-OPERATED VALVES IN SAFETY SYSTEMS>THE ACCEPTABILITY OF PROPOSED DESIGNS IS BASED ON BRANCH TECHNICAL POSITION ICSB 18 (PSB)THIS POSITION STATES THAT IT IS ACCEPTABLE TO DISCONNECT ELECTRIC POWER TO A SAFETY-RELATED VALVE AS A MEANS OF DESIGNING AGAINST AN ACTIVE VALVE MALFUNCTIONS THE REQUIREMENTS FOR TOLERANCE OF SINGLE FAILURES IN FIRE DETECTION SYSTEMS ARE GIVEN IN NFPA 72D, IN CONPLIANCE E C THE METHOD USED FOR IDENTIFYING POWER AND SIGNAL CABLES AND RACEWAYS AS SAFETY RELATED EQUIPMENTS AND THE IDENTIFICATION SCHEME USED TO DI STINGUI SH'BETWEEN REDUNDANT CABLES'ACEWAYS>
AND INSTRUMENT PANELS SHOULD BE IN ACCORDANCE WITH THE RECOM-MENDATIONS OF REGULATORY 6UIDE 1 75 IN CONPLIANCE EXHIBIT 3A-11
(CONT)0 THE INSTRUMENTATION'ONTROLS AND ELECTRIC EQUIPMENT ASSOCIATED WITH AUXILIARY SYSTEMS THAT SUPPORT OTHER SYSTEMS REQUIRED FOR SAFETY SHOULD MEET THE SAME ACCEPTANCE CRITERIA AS THE SYSTEMS THEY SUPPORTS IN COf"lPLIANCE GDC 1 AND 21, IEEE STDS 279, 336, AND 338;AND REGULATORY GUIDES 1,22, 1,47, 1,68, AND 1,118 CONTAIN THE APPLICABLE ACCEPTANCE CRITERIA WITH REGARD TO PREOPERATIONAL AND PERIODIC TESTI NGr QUALITY ASSURANCES AND DESIGN PROVISIONS FOR INDICATING THE AVAILABILITY OF OTHER INSTRUMENTATION SYSTEMS REQUIRED FOR SAFETY s IN CONPLIANCE EXHIBIT 3A-12
S C SRP SEC IO li 0 0 I INSTRUMENTATION SHOULD BE PROVIDED TO MONITOR VARIABLES AND SYSTEMS OVER THEIR ANTICIPATED RANGES FOR NORMAL OPERATION AND FOR ANTICIPATED OPERATIONAL OCCURRENCES AS APPROPRIATE TO MINIMIZE CHALLENGES TO SAFETY SYSTEMS~APPROPRIATE CONTROLS SHOULD BE PROVIDED TO MAINTAIN THESE VARIABLES AND SYSTEMS WITHIN PRESCRIBED OPERATING RANGES>IN CONPLIANCE 2e 0 0 C 0 THE PROTECTION SYSTEM SHALL BE SEPARATED FROM CONTROL SYSTEMS TO THE EXTENT THAT FAILURE OF ANY SINGLE CONTROL SYSTEM COMPONENT OR CHANNEL WHICH IS COMMON TO CONTROL AND PROTECTION SYSTEMS SHALL NOT VIOLATE THE RELIABILITY'EDUNDANCY'ND INDEPENDENCE REQUIREMENTS OF THE PROTECTION SYSTEMs THE INTERCONNECTIONS BETWEEN THE PROTECTION AND CONTROL SYSTEM SHALL BE LIMITED SO AS TO ASSURE THAT SAFETY IS NOT SIGNIFICANTLY IMPAIRED'N CONPLIANCE EXHIBIT 3A-13 SP CC (CONT)0 0 C 0 Po C O Ss THE DIRECT CIRCUIT-TO-CIRCUIT AND FUNCTIONAL INTERACTIONS BETWEEN CONTROL AND PROTECTION SYSTEMS FOR SINGLE RANDOM OR MULTIPLE FAILURES IN THE CONTROL SYSTEM SHALL NOT PREVENT THE PROTECTION SYSTEM CHANNEL FROM MEETING THE MINIMUM PERFORMANCE REQUIREMENTS SPECIFIED IN THE DESIGN BASEST IN CONPLIANCE EXHIBIT 3A-14 0
KEY TO ACCEPTANCE CRITERIA COMPLIANCE STATEMENT C=IN COMPLIANCE NSSS=WITHIN CESSAR SCOPE I=CESSAR INTERFACE REQUIREMENT, IN COMPLIANCE N/A=NOT APPLICABLE PER SRP TABLE 7-1 I/C=CESSAR INTERFACE REQUIREMENT, IN COMPLIANCE FOR NSSS SCOPE/IN COMPLIANCE FOR BOP SCOPE EXHIBIT 3A-15
10 CFR 50.34, CONTENTS OF APPLICATIONS:
TECHNICAL INFORMATION RE UIREMENT ALL APPLICATIONS REQUIRED OF A UTILITY TO LICENSE A NUCLEAR POWER PLANT MUST INCLUDE A PRELIMINARY SAFETY ANALYSIS REPORT (PSAR)AND A FINAL SAFETY ANALYSIS REPORT (FSAR).10 CFR 50.36, TECHNICAL SPECIFICATIONS REEERIRENEIIT EACH APPLICANT SHALL INCLUDE IN THEIR APPLICATION PROPOSED TECHNICAL SPECIFICATIONS.
10 CFR 50.55A, CODES AND STANDARDS REITII ENTNT SRP ACCEPTANCE CRITERIA
REFERENCE:
SRP TABLE 7-1 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN NSSS NSSS 7.5 SAFETY RELATED DISPLAY INSTR U-ME NTATIO N 7.6 ALL OTHER INSTR U-ME NTATI ON SYSTEMS.REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A ALL OPERATING LICENSES AND CONSTRUCTION PERMITS WILL BE SUBJECT TO THE QUALITY STANDARDS AND CODES AND SHALL DEMONSTRATE COMPLIANCE WITH IEEE.279-1971 NSSS EXHIBIT 3A-16 GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 1, QUALITY STANDARDS AND RECORDS REQUIREMENT
7.2 REACTOR
TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY STRUCTURES, SYSTEMS AND COMPONENTS IMPORTANT TO SAFETY SHALL BE DESIGNED, FABRICATED, ERECTED, AND TESTED TO QUALITY STANDARDS COMMENSURATE WITH THE IMPORTANCE OF THE SAFETY FUNCTIONS TO BE PERFORMED.
NSSS I/C I/C I/C I/C N/A GENERAL DESIGN CRITERION 2, DESIGN BASES FOR PROTECTION AGAINST NATURAL PHENOMENA EttU REMENT STRUCTURES, SYSTEMS, AND COMPONENTS IMPORTANT TO SAFETY SHALL BE DESIGNED TO WITHSTAND THE EFFECTS OF NATURAL PHENOMENA SUCH AS EARTHQUAKES, TORNA-DOES, HURRICANES, FLOODS, TSUNAMI, AND SEICHES WITHOUT LOSS OF CAPABILITY TO PERFORM THEIR SAFETY FUNCTIONS.
I/C I/C I/C I/C N/A EXHIBIT 3B-1 0
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 3, FIRE PROTECTION RE UIREHENT 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY STRUCTURES, SYSTEMS, AND COMPONENTS IMPORTANT TO SAFETY SHALL BE DESIGNED AND LOCATED TO MINIMIZE, CONSISTENT WITH OTHER SAFETY REQUIREMENTS, THE PROBABILITY AND EFFECT OF FIRES AND EXPLOSIONS.
I/C I/C I/C I/C N/A GENERAL DESIGN CRITERION 4, ENVIRON-MENTAL AND MISSILE DESIGN BASES RE UIRENENT STRUCTURES, SYSTEMS, AND COMPONENTS IMPORTANT TO SAFETY SHALL BE DESIGNED FOR THE ENVIRONMENTAL CONDITIONS ASSOCIATED WITH NORMAL OPERATION, MAINTENANCE, TESTING, AND POSTULATED ACCIDENTS, INCLUDING LOSS-OF-COOLANT ACCIDENTS'ND PROTECTED AGAINST DYNAMIC EFFECTS, INCLUDING MISSILES, PIPE WHIPP-ING, AND DISCHARGING FLUIDS.I/C EXHIBIT 38-2 I/C I/C I/C N/A
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 5, SHARING OF STRUCTURES, SYSTEMS AND COMPONENTS RE UIREMENT STRUCTURES, SYSTEMS, AND COMPONENTS IMPORTANT TO SAFETY SHALL NOT BE SHARED BETWEEN NUCLEAR POWER UNITS UNLESS IT IS SHOWN THAT SHARING WILL NOT IMPAIR THEIR ABILITY TO PERFORM THEIR SAFETY FUNCTIONS, INCLUDING, IN THE EVENT OF AN ACCIDENT IN ONE UNIT, AN ORDERLY SHUTDOWN AND COOLDOWN OF THE REMAINING UNITS.GENERAL DESIGN CRITERION 10, REACTOR DESIGN REQUIREMENT
7.2 REACTOR
TRIP SYSTEM NSSS 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN C 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A THE REACTOR CORE AND ASSOCIATED COOLANT, CONTROL, AND PROTECTION SYSTEMS SHALL BE DESIGNED WITH APPROPRIATE MARGIN TO ASSURE FUEL DESIGN LIMITS ARE NOT EXCEEDED DURING ANY CONDITION OF NORMAL OPERATION.
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 7.2 GENERAL DESIGN CRITERION 12, SUPPRES-REACTOR SION OF REACTOR POWER OSCILLATIONS SYSTEM RE UIREMENT 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-ME NTATI 0 N 7.6 ALL OTHER INSTRU-MENTATIONON SYSTEMS REQUIRED FOR SAFETY 7.7.CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE REACTOR CORE AND ASSOCIATED COOLANT, CONTROL, AND PROTECTION SYSTEMS SHALL BE DESIGNED TO ASSURE THAT POWER OSCIL-LATIONS WHICH CAN RESULT IN CONDITIONS EXCEEDING FUEL DESIGN LIMITS ARE NOT POSSIBLE OR CAN BE RELIABLY AND READILY DETECTED AND SUPPRESSED.
GENERAL DESIGN CRITERIA REFERENCE'RP TABLE 7-1 GENERAL DESIGN CRITERION 13, INSTRUMEN-TATION AND CONTROL RE UIREMENT INSTRUMENTATION AND CONTROL SHALL BE PROVIDED TO MONITOR VARIABLES AND SYS-TEMS OVER THEIR ANTICIPATED RANGES FOR NORMAL OPERATION, AND FOR ACCIDENT CON-DITIONS TO ASSURE ADEQUATE SAFETY.APPROPRIATE CONTROLS SHALL BE PROVIDED TO MAINTAIN THESE VARIABLES AND SYSTEMS WITHIN PRESCRIBED OPERATING RANGES.7.2 REACTOR TRIP SYSTEM NSSS 7.3 7A ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY C 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY EXHIBIT 3B-5 GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 15, REACTOR COOLANT SYSTEM DESIGN RE UIREMENT 7.2 REACTOR TRIP.SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION N 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE REACTOR COOLANT SYSTEM AND ASSO-CIATED AUXILIARY, CONTROL, AND PROTEC-TION SYSTEMS SHALL BE DESIGNED WITH SUFFICIENT MARGIN TO ASSURE THAT THE DESIGN CONDITIONS OF THE REACTOR COOLANT PRESSURE BOUNDARY ARE NOT EXCEEDED.GENERAL DESIGN CRITERION 19, CONTROL ROOM Rf UIREMENT NSSS SCOPE A CONTROL ROOM SHALL BE PROVIDED FROM WHICH ACTIONS CAN BE TAKEN TO OPERATE THE NUCLEAR POWER UNIT SAFELY UNDER NOR-MAL CONDITIONS AND TO MAINTAIN IT IN A SAFE CONDITION UNDER ACCIDENT CONDITIONS.
EQUIPMENT AT APPROPRIATE LOCATIONS OUT-SIDE THE CONTROL ROOM SHALL BE PROVIDED WITH DESIGN CAPABILITY FOR PROMPT HOT SHUTDOWN, INCLUDING NECESSARY INSTRUMEN-TATION AND CONTROLS, AND POTENTIAL CAPA-BILITY FOR SUBSEQUENT COLD SHUTDOWN.I/C EXHIBIT 3B-6 I/C I/C I/C I/C
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 20, PROTECTION SYSTEM FUNCTIONS RE UIREMENT 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U.MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE PROTECTION SYSTEM SHALL BE DESIGNED (1)TO INITIATE AUTOMATICALLY, TO ASSURE THAT SPECIFIED ACCEPTABLE FUEL DESIGN LIMITS ARE NOT EXCEEDED AND (2)TO SENSE ACCIDENT CONDITIONS AND TO INITIATE THE OPERATION OF SYSTEMS AND COMPONENTS IMPORTANT TO SAFETY.NSSS N/A CLARIFICATION THE CONTAINMENT COMBUSTIBLE GAS CONTROL SYSTEM IS MANUALLY INITIATED.
EXHIBIT 3B-7
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 21, PROTECTION SYSTEM RELIABILITY AND TESTABILITY RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE PROTECTION SYSTEM SHALL BE DESIGNED FOR HIGH FUNCTIONAL RELIABILITY AND INSERVICE TESTABILITY WITH.ADEQUATE SUFFICIENT REDUNDANCY AND INDEPENDENCE.
NSSS N/A CLARIFICATION THE BOP ESFAS"ONE-OUT-OF-TWO" SYSTEMS DO NOT MEET THE SINGLE FAILURE CRITERION DURING CHANNEL BYPASS.THE BYPASS TIME INTERVAL REQUIRED FOR MAINTENANCE IS A SHORT TIME INTERVAL.THE PROBABILITY OF FAILURE OF THE REMAINING CHANNEL IS LOW DURING.SUCH MAINTENANCE PERIODS.EXHIBIT 3B-8 GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 22, PROTECTION SYSTEM INDEPENDENCE RE UIREMENT THE PROTECTION SYSTEM SHALL BE DESIGNED TO ASSURE THAT THE EFFECTS OF NATURAL PHENOMENA, AND OF NORMAL OPERATING, MAIN-TENANCE, TESTING, AND POSTULATED ACCIDEN CONDITIONS DO NOT RESULT IN LOSS OF THE PROTECTION FUNCTION.GENERAL DESIGN CRITERION 23, PROTECTION SYSTEM FAILURE MODES RE UIREMENT THE PROTECTION SYSTEM SHALL BE DESIGNED TO FAIL INTO A SAFE STATE IF CONDITIONS SUCH AS DISCONNECTION OF THE SYSTEM, LOS OF ENERGY, OR POSTULATED ADVERSE ENVIRON-MENTS ARE EXPERIENCED.
7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN NSSS NSSS 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION C~7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A N/A EXHIBIT 3B-9 0
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 24, SEPARATION OF PROTECTION AND CONTROL SYSTEMS RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER-INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE PROTECTION SYSTEM SHALL BE SEPARATED FROM CONTROL SYSTEMS SUCH THAT FAILURE OF ANY SINGLE CONTROL SYSTEM COMPONENT OR CHANNEL, COMMON TO BOTH'LEAVES INTACT A SYSTEM SATISFYING ALL RE(UIREMENTS OF THE PROTECTION SYSTEM.NSSS EXHIBIT 3B-10 GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 25, PROTECTION SYSTEM RE(UIREMENT FOR REACTIVITY CONTROL TRIP MALFUNCTIONS RE UIREMENT 7.3 EN G I NE ER ED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOIVN 7.6 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE PROTECTION SYSTEM SHALL BE DESIGNED TO ASSURE THAT SPECIFIED ACCEPTABLE FUEL DESIGN LIMITS ARE NOT EXCEEDED FOR ANY SINGLE MALFUNCTION OF THE REACTIVITY CONTROL SYSTEMS.GENERAL DESIGN CRITERION 26, REACTIVITY CONTROL SYSTEM REDUNDANCY AND CAPABILITY NSSS SCOPE RE UIREMENT TWO INDEPENDENT REACTIVITY CONTROL SYSTEMS OF DIFFERENT DESIGN PRINCIPLES SHALL BE PROVIDED.NSSS SCOPE EXHIBIT 3B-11 0
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 27, COMBINED.REACTIVITY CONTROL SYSTEMS CAPABILITY RE UIREMENT THE REACTIVITY CONTROL SYSTEMS SHALL BE DESIGNED TO HAVE A COMBINED CAPABILITY, POISON ADDITION AND RELIABILITY CONTROL-LING REACTIVITY CHANGES.GENERAL DESIGN CRITERION 28, REACTIVITY LIMITS 7.2 7.3 7.4 REACTOR ENGINE ERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE'FOR SAFE SYSTEMS SHUTDOlVN NSSS 7.6 SAFETY RELATED DISPLAY INSTR U.MENTATION SCOPE 7.6 ALL OTHER INSTR U-Mf NTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY RE UIREMENT THE REACTIVITY CONTROL SYSTEMS SHALL BE DESIGNED IIITH APPROPRIATE LIMITS ON THE POTENTIAL AMOUNT AND RATE OF REACTIVITY INCREASE.NSSS SCOPE EXHIBIT 3B-12 0
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 29, PROTECTION AGAINST ANTICIPATED OPERATIONAL CHANGES RE UIREMENT 7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-ME NTATI ON SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE PROTECTION AND REACTIVITY CONTROL NSSS SYSTEMS SHALL BE DESIGNED TO ASSURE AN EXTREMELY HIGH PROBABILITY OF ACCOMPLISH-.
ING THEIR SAFETY FUNCTIONS IN THE EVENT OF ANTICIPATED OPERATIONAL OCCURRENCES.
GENERAL DESIGN CRITERION 33, REACTOR COOLANT MAKEUP RE UIREMENT A SYSTEM TO SUPPLY REACTOR COOLANT MAKEUP FOR PROTECTION AGAINST SMALL BREAKS IN THE REACTOR COOLANT PRESSURE BOUNDARY SHALL BE PROVIDED.NSSS SCOPE EXHIBIT 3B-13 GENERAL DESIGN CRITERIA
REFERENCE:
'RP TABLE 7-1 GENERAL DESIGN CRITERION 34, RESIDUAL HEAT REMOVAL RE UIREHENT 7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOINN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATI 0 N SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY A SYSTEM TO REMOVE RESIDUAL HEAT SHALL BE PROVIDED N/A N/A EXHIBIT 3B-14
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 35, EMERGENCY CORE COOLING RE UIREHENT 7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOLVN 7.5 SAFETY RELATED DISPLAY INSTR U.MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY A SYSTEM TO PROVIDE ABUNDANT EMERGENCY CORE COOLING SHALL BE PROVIDED.GENERAL DESIGN CRITERION 37, TESTING OF EMERGENCY CORE COOLING SYSTEM NSSS SCOPE RE UIREHENT THE EMERGENCY CORE COOLING SYSTEM SHALL BE DESIGNED TO PERMIT APPROPRIATE PERI-ODIC PRESSURE AND FUNCTIONAL TESTING.NSSS SCOPE EXHIBIT 3B-15
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 38, CONTAINMENT HEAT REMOVAL RE UIREMENT A SYSTEM TO REMOVE HEAT FROM THE REACTOR CONTAINMENT SHALL BE PROVIDED.GENERAL DESIGN CRITERION 40, TESTING OF CONTAINMENT HEAT REMOVAL SYSTEM*7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN NSSS 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION SCOPE 7.6 ALL OTHER INSTR U-ME NTATI ON SYSTEMS REQUIRED FOR SAFETY-7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY RE UIREMENT THE CONTAINMENT HEAT REMOVAL SYSTEM SHALL BE DESIGNED TO PERMIT APPROPRIATE PERI-ODIC PRESSURE AND FUNCTIONAL TESTING.NSSS SCOPE EXHIBIT 38-16
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 41, CONTAINMENT ATMOSPHERE CLEANUP RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION N 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY SYSTEMS TO CONTROL FISSION PRODUCTS, HYDROGEN, OXYGEN, AND OTHER SUBSTANCES WHICH MAY BE RELEASED INTO THE REACTOR CONTAINMENT SHALL BE PROVIDED AS NECES-.SARY TO REDUCE THE CONCENTRATION AND QUALITY OF FISSION PRODUCTS, RELEASED TO THE ENVIRONMENT FOLLOWING POSTULATED ACCIDENTS.
N/A N/A N/A EXHIBIT 3B-17 0
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 43, TESTING OF CONTAINMENT ATMOSPHERE CLEANUP SYSTEMS RE UIREME NT THE CONTAINMENT ATMOSPHERE CLEANUP SYS-TEMS SHALL BE DESIGNED TO PERMIT APPRO-PRIATE PERIODIC PRESSURE AND FUNCTIONAL TESTING.GENERAL DESIGN CRITERION 44, COOLING WATER 7.2 REACTOR TRIP SYSTEM N/A 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN N/A 7.5 SAFETY RELATED DISPLAY INSTR U-ME NTATI 0 N 7;6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A RE UIREMENT A SYSTEM TO TRANSFER HEAT FROM STRUC-TURES, SYSTEMS, AND COMPONENTS IMPORTANT TO SAFETY, TO AN ULTIMATE HEAT SINK SHALL BE PROVIDED.N/A N/A EXHIBIT 3B-18 S
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 46, TESTING OF COOLING'WATER SYSTEM RE UIREMENT t THE COOLING WATER SYSTEM SHALL BE DESIGNED TO PfRMIT APPROPRIATE PERIODIC PRESSURE AND FUNCTIONAL TESTING.GENERAL DESIGN CRITf RION 50, CONTAINMENT DESIGN BASIS RE UIREMENT THE REACTOR CONTAINMENT STRUCTURE, INCLUDING ACCESS OPENINGS, PENfTRATIONS, AND THE CONTAINMENT HEAT REMOVAL SYSTEM, SHALL BE DESIGNED TO ACCOMMODATE, WITH-OUT fXCEEDING THE DESIGN LEAKAGE RATE AND WITH SUFFICIENT MARGIN, THE CALCU-.LATED PRESSURE Al'ID TEMPERATURE CONDITIONS RESULTING FROM ANY LOSS-OF-COOLANT ACCIDENT.7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS N/A N/A 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN N/A 7.5 SAFETY RELATED DISPLAY INSTR U.MENTATION 7.6 ALL OTHER INSTRU-MENTATIONN SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A N/A EXHIBIT 3B-19 GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 GENERAL DESIGN CRITERION 54, PIPING SYSTEMS PENETRATING CONTAINMENT RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-ME NTATI 0 N 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY PIPING SYSTEMS PENETRATING PRIMARY REACTOR CONTAINMENT SHALL BE PROVIDED WITH LEAK DETECTION, ISOLATION, AND CONTAINMENT CAPABILITIES.
GENERAL DESIGN CRITERION 55, REACTOR COOLANT PRESSURE BOUNDARY PENETRATING CONTAINMENT N/A N/A N/A RE UIREf CENT EACH LINE THAT IS PART OF THE REACTOR COOLANT PRESSURE BOUNDARY AND THAT PENETRATES PRIMARY REACTOR CONTAINMENT SHALL BE PROVIDED WITH CONTAINMENT ISOLATION VALVES.N/A N/A N/A EXHIBIT 3B-20
GENERAL DESIGN CRITERIA
REFERENCE:
SRP TABLE 7-1 I GENERAL DESIGN CRITERION 56, PRIMARY CONTAINMENT ISOLATION RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY EACH LINE THAT CONNECTS DIRECTLY TO THE CONTAINMENT ATMOSPHERE AND PENETRATES PRIMARY REACTOR CONTAINMENT SHALL BE PROVIDED WITH CONTAINMENT ISOLATION VALVES.GENERAL DESIGN CRITERION 57, CLOSED SYSTEM ISOLATION VALVES RE UIREMENT'ACH LINE THAT PENETRATES PRIMARY REACTOR CONTAINMENT AND IS NEITHER PART OF THE REACTOR COOLANT PRESSURE BOUNDARY NOR CONNECTED DIRECTLY TO THE CONTAINMENT ATMOSPHERE SHALL HAVE AT LEAST ONE CON-TAINMENT ISOLATION VALVE WHICH SHALL BE EITHER AUTOMATIC, OR LOCKED CLOSED, OR CAPABLE OF REMOTE MANUAL OPERATION.
N/A N/A N/A N/A N/A N/A EXHIBIT 3B-21 SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.6 (REV.0), INDEPENCENCE BETWEEN REDUNDANT STANDBY POWER SOURCES AND THEIR DISTRIBUTION SYSTEMS RE UIREt1ENT AN ACCEPTABLE DEGREE OF INDEPENDENCE BETMEEN REDUNDANT STANDBY (ONSITE)POWER SOURCES AND BET1IEEN THEIR DISTRIBUTION SYSTEC<S.7.2 REACTOR TRIP SYSTEM N/A 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A REGULATORY GUIDE 1.7 (REV.0), CONTROL OF COMBUSTIBLE GAS CONCENTRATIONS IN CONTAINt1ENT FOLLOWING A LOCA RE UIREMENT COMBUSTIBLE GAS CONTROL SYSTEMS AND THE PROVISIONS FOR MIXING, MEASURING AND SAMPLING SHALL MEET THE RE(UIREMENTS FOR AN ENGINEERED SAFETY FEATURE.N/A N/A N/A N/A EXHIBIT 3C-1 0
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE l.ll{REV.0), INSTRUMENT LINES PENETRATING CONTAINMENT RE UIREMENT INSTRUMENT LINES PENETRATING CONTAINMENT SHALL BE QUALIFIED TO THE SAME LEVEL AS THE SYSTEM OF MHICH THEY ARE PART.CLARIFICATION INSTRUMENT LINES THAT ARE A PART OF CON" TAINMENT PRESSURE BOUNDARY AND A PROTEC-TION SYSTEM ARE PROVIDED WITH ISOLATION CAPABILITY THAT MEETS THE RE(UIREMENTS FOR REDUNDANCY, INDEPENDENCE AND TESTABILITY OF THAT PROTECTION SYSTEM.7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE ,SHUTDOWN 7.5-'SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A EXHIBIT 3C-2 SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.12 (REV.1), INSTRUMENTATION FOR EARTHQUAKES RE UIREMENT 7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOB SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATIONN SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOB SAFETY THE FACILITY SHALL HAVE APPROPRIATE INSTRUMENTATION TO ACCURATELY MONITOR AN EARTH(UAKE AND ASSIST IN POST EVENT ANALYSIS.CLARIFICATION STRONG MOTION ACCELEROI1ETERS (SMA'S)ARE USED INSIDE CONTAINMENT RATHER THAN PEAK RECORDING ACCELEROGRAPHS (PRA')~TIME-HISTORY SMA'S PROVIDE DATA FOR RESPONSE SPECTRA ANALYSIS RATHER THAN RESPONSE SPECTRUM RECORDERS.
THIRTY (30)MINUTE BATTERY'POWER IS PROVIDED FOR CONTINUOUS OPERATION IN THE EVENT OF A LOSS OF EXTERNAL POKIER.SEISMIC MONITORING INSTRUMENTATION HAS A RESPONSE ESSENTIALLY FLAT OR E(UIVALENTLY CORRECTABLE BY COM-PUTATIONAL TECHNI(UES OVER THE RANGE OF 1 to 30 HZ.DAMPING VALUES ARE APPLICABLE TO THE OVERALL SMA.SEISMIC TRIGGERS ARE ADJUSTABLE OVER A MINItiUM RANGE OF 0.01 TO 0.03 G ON THE BASE SLAB.N/A N/A N/A N/A N/A EXHIBIT 3C-3
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.22 (REV.0), PERIODIC TESTING OF PROTECTION SYSTEM ACTUATION FUNCTIONS.
RE UIREHENT THE PROTECTION SYSTEM, INCLUDING ACTUATION DEVICES, SHALL BE TESTED PERIODICALLY TO ASSURE PROPER FUNCTIONING.
7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP-SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN SSS 7.5 SAFETY BELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY C 7.7 CONTROL SYSTEMS NOT REQUIRED FOB SAFETY N/A REGULATORY GUIDE 1.29 (REV.1), SEISMIC DESIGN CLASSIFICATION TIE E ET ALL STRUCTURES, SYSTEMS, AND COMPONENTS DESIGNATED SEISMIC CATEGORY I SHALL'LIITHSTAND EFFECTS OF THE SSE AND REMAIN FUNCTIONAL.
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.30 (REV.0), QUALITY ASSURANCE.REQUIREtfENTS RE UIREtKNT QUALITY ASSURANCE REQUIREtKNTS FOR THE INSTALLATION, INSPECTION, AND TESTING OF INSTRUtKNTATION AND ELECTRICAI EQUIPtKNT SHALL BE tKT.7.2 REACTOR TRIP SYSTEM NSSS 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOB SAFE SYSTEMS SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTRUM-ENTATIONN 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY REGULATORY GUIDE 1.32 (REV.0), CRITERIA FOR SAFETY-RELATED POWER SYSTENS IEEE STANDARD 308 SHALL BE NET IN REGARDS TO CRITERIA, REQUIREtfENTS AND RECOtttKNDATIONS OF SAFETY-RELATED POWER SYSTEtIS.I/C I/C I/C I/C N/A EXHIBIT 3C-5
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.45 (REV.0), RCPB LEAKAGE DETECTION SYSTEM RE UIREMENT SOURCES OF REACTOR COOLANT PRESSURE BOUNDARY LEAKAGE SHOULD BE IDENTIFIABLE AND PROPERLY MONITORED.
7.2 REACTOR
TRIP SYSTEM N/A 7.3 ENGINEERED SAFETY FEATURE SYSTEMS N/A 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN N/A 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY~REGULATORY GUIDE 1.47 (REV.0), BYPASSED AND INOPERABLE STATUS INDICATION
~ET INDICATION MUST BE READILY AVAILABLE IN THE CONTROL ROOM OF INOPERABLE STATUS OF THE PROTECTION SYSTEM, ITS ACTUATED SYSTEMS, AND AUXILIARY OR SUPPORTING SYSTEMS RE(UIRED TO PERFORM ITS FUNCTION.I/C I/C N/A EXHIBIT 3C-6 SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.53 (REV.0), SINGLE FAILURE CRITERION REIEEE T NO SINGLE FAILURE MITHIN THE PROTECTION SYSTEM SHALL PREVENT PROPER PROTECTIVE ACTION AT SYSTEM LEVEL WHEN REQUIRED.7.2 7.3 REACTOR ENGINEERED TRIP SAF ETY SYSTEM FEATURE SYSTEMS NSSS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A REGULATORY GUIDE 1.62 (REV.0), MANUAL INITIATION OF PROTECTIVE ACTIONS Ell E T MANUAL INITIATION OF PROTECTIVE ACTIONS AT THE SYSTEM LEVEL SHALL BE EASILY ACCOMPLISHED FROM THE CONTROL ROOM.NSSS N/A N/A EXHIBIT 3C-7 SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.63 (REV.2), ELECTRIC PENETRATIONS RE UIREHENT ELECTRICAL PENETRATION ASSEMBLIES SHALL WITHSTAND THE MAXIMUM TEMPERATURE AND PRESSURE EXPECTED FROM ANY LOCA WITHOUT EXCEEDING THE DESIGN LEAK RATE.7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS I/C 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN I/C 7.6 SAFETY RELATED DISPLAY INSTR U-MENTATION I/C 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY I/C 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY I/C REGULATORY GUIDE 1.67 (REV.0), OVER-PRESSURE PROTECTION DEVICES RE UIREIIENT ANALYSES SHALL BE DONE TO SHOW PROPER FUNCTIONING OF THE PRESSURE RELIEF VALVES INSTALLED WITH NO ADVERSE EFFECTS ON OTHER PIPING OR VALVES.N/A N/A N/A N/A NSSS N/A EXHIBIT 3C-8 0
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.68 (REV.0), INITIAL TEST PROGRAMS 7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY AN INITIAL TEST PROGRAM SHALL BE CONDUCTED TO DEMONSTRATE THAT THE PLANT CAN BE OPERATED SAFELY, AS DEFINED IN 10CFR50 APPENDIX A.NSSS REGULATORY GUIDE 1.70 (REV.3), STANDARD FORMAT AND CONTENT OF S.A.R.'S~EE THE PROPER FORMAT SHALL BE USED WHEN SUBMITTING THE SAFETY ANALYSIS REPORT TO THE NRC.NSSS EXHIBIT 3C-9
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.75 (REV.1), PHYSICAL INDEPENDENCE OF ELECTRIC SYSTEMS RE UIREMENT ADEQUATE PHYSICAL SEPARATION OF ELECTRICAL SYSTEMS SHALL BE PROVIDED SO THAT A DESIGN BASIS EVENT MILL NOT PREVENT PROPER PROTECTIVE ACTION.7.2 7.3 7A REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN NSSS 7.5 SAFETY RELATED DISPLAY INSTR U.MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY REGULATORY GUIDE 1.78 (REV.0), CONTROL ROOM HABITABILITY fttlREME T THE CONTROL ROOM SHALL BE PROTECTED FROM HAZARDOUS CHEMICALS, NHETHER IT BE FROM EQUIPMENT FAILURE, OPERATOR ERROR, OR EVENTS OUTSIDE THE CONTROL'F THE POWER PLANT.N/A N/A N/A N/A EXHIBIT 3C-10 SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.80 (REV.0), PRE-OP.TESTING OF INSTRUMENT AIR 7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT~REQUIRED FOR SAFETY A SUITABLE PREOPERATIONAL TEST PROGRAM FOR THE INSTRUMENT AIR SYSTEM IS TO BE DEVELOPED WHICH WILL SUPPORT THE VALIDITY OF THE RESULTS.N/A N/A N/A REGULATORY GUIDE 1.89 (REV.0), gUALIFI-CATION OF CLASS IE EQUIPMENT CLASS IE EqUIPMENT SHALL WITHSTAND NORMAL AND ABNORMAL OPERATION, DESIGN BASIS EVENT AND CONTAINMENT TEST CONDITIONS WITH NO LOSS OF FUNCTION.NSSS N/A EXHIBIT 3C-11
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.95 (REV.0), PROTEC-TION AGAINST CHLORINE RELEASE ftt THE CONTROL ROON OPERATORS SHALL BE PROTECTED AGAINST THE ACCIDENTAL RELEASE Of CHLORINE GAS.7.2 REACTOR TRIP SYSTEM N/A 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN N/A 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATIONN 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY N/A 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A REGULATORY GUIDE 1.97 (REV.2), INSTRU-MENTATION USED DURING AND,FOLLOMING AN ACCIDENT RE UIRENENT INSTRUMENTATION USED DURING AND FOLLOWING AN ACCIDENT SHOULD PROVIDE ALL REQUIRED INFORMATION TO PROPERLY ASSESS THE ACCIDENT.CLARIFICATION SEE SEC.2.C.3 N/A I/C I/C I/C I/C I/C EXHIBIT 3C-12 l
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.100 (REV.0), SEISMIC QUALIFICATION OF ELECTRICAL EQUIPMENT~T 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY CLASS IE ELECTRIC EQUIPMENT SHALL MITHSTAND THE EFFECTS Of AN SSE AND NUMEROUS OBE'S.NSSS C N/A REGULATORY GUIDE 1.105 (REV.1), INSTRUI1ENT SETPOINTS RE UIREt1ENT INSTRUMENT SETPOINTS IN SYSTEMS IMPORTANT TO SAFETY INITIALLY ARE MITHIN AND REIIAIN MITHIN THE SPECIFIED LIMITS.NSSS N/A EXHIBIT 3C-13
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.106 (REV.1), THERMAL OVERLOAD PROTECTION ELECTRIC MOTORS ON MOTOR-OPERATED VALVES RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THERMAL OVERLOAD PROTECTION DEVICES THAT ARE NORMALLY IN FORCE DURING PLANT OPERATION SHOULD BE BYPASSED UNDER ACCIDENT CONDITIONS.
N/A N/A N/A N/A EXHIBIT 3C-13A
SRP ACCEPTANCE CRITERIA REGULATORY GUIDE 1.118 (REV.1), PERIODIC TESTING'ttt'"'" PROTECTION SYSTEMS AND SAFETY-RELATED ELECTRICAL SYSTEMS MUST BE TESTED PERIODICALLY TO ENSURE PROPER FUNCTIONING CAPABILITIES.
7.2 REACTOR
TRIP SYSTEM NSSS 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A REGULATORY GUIDE 1.120 (REV.1), FIRE PROTECTION RE UIRENENT PROPER FIRE PROTECTION AND PROTECTION SYSTEM DESIGNS ALONG WITH SUFFICIENT ADMINISTRATIVE PROCEDURES IIUST ENSURE SAFE SHUTDOWN CAPABILITY IN THE EVENT OF A FIRE.EXHIBIT 3C-14 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279-1971, CRITERIA FOR PROTECTION SYSTEMS FOR NUCLEAR POWER GENERATING STATIONS SECTION 4.1 GENERAL FUNCTIONAL 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE PROTECTION SYSTEM SHALL AUTOMATICALLY INITIATE APPROPRIATE PROTECTIVE ACTION WHENEVER A CONDITION MONITORED BY THE SYSTEM REACHES A PRESET LEVEL.NSSS N/A CLARIFICATION INSTRUMENTATION OF THE CONTAINMENT COM-BUSTIBLE GAS CONTROL SYSTEM ALARMS ON HIGH HYDROGEN CONCENTRATION:
MANUAL CONTROLS ALLOW SYSTEM ACTUATION.
EXHIBIT 3D-l SRP ACC ANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.2 SINGLE FAILURE CRITERION ANY SINGLE FAILURE MITHIN THE PROTECTION SYSTEM SHALL NOT PREVENT PROPER PROTEC-TIVE ACTION AT THE SYSTEM LEVEL WHEN REQUIRED.7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN NSSS 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A CLARIFICATION ALTHOUGH NO SINGLE FAILURE IN THE BOP ESFAS MILL DEFEAT MORE THAN ONE Of THE TMO PROTECTIVE CHANNELS, A SINGLE FAILURE MAY CAUSE SPURIOUS ACTUATION.
HOWEVER, THIS SPURIOUS ACTUATION IS ALLOWABLE SINCE IT DOES NOT CREATE PLANT CONDITIONS REQUIRING PROTECTIVE ACTION NOR DOES IT INTERFERE WITH NORMAL REACTOR OPERATIONS.
EXHIBIT 3D-2 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.3 UALITY OF COMPONENTS AND MODULES COMPONENTS AND MODULES SHALL BE OF A QUALITY THAT IS CONSISTENT WITH MINIMUM MAINTENANCE REQUIREMENTS AND LOW FAILURE RATES.7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS NSSS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A SECTION 4.4 E UIPMENT UALIFICATION TEST DATA SHALL BE AVAILABLE TO VERIFY THAT PROTECTION SYSTEM EQUIPMENT SHALL MEET THE PERFORMANCE DETERMINED TO BE NECESSARY.
NSSS N/A SECTION 4.5 CHANNEL INTEGRITY ALL PROTECTION SYSTEM CHANNELS SHALL MAIN-TAIN FUNCTIONAL CAPABILITY UNDER EXTREME CONDITIONS.
I/C I/C I/C I/C N/A EXHIBIT 3D-3 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.6 CHANNfL INDEPENDENCE 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY CHANNELS THAT PROVIDE SIGNAlS FOR THE SAME PROTECTIVE FUNCTION SHALL BE INDE-PENDENT AND PHYSICALLY SfPARATED TO DfCOUPLE EFFECTS OF UNSAFE ENVIRONMENTAL FACTORS, ELECTRIC TRANSIENTS, AND PHYSICAL ACCIDENT CONSEQUENCES DOCUMENTED IN THE DESIGN BASIS, AND TO REDUCE THE LIKELIHOOD OF INTERACTIONS BETWEEN CHANNELS DURING MAINTENANCE OPERATIONS OR IN THE EVENT OF CHANNEL MALFUNCTION.
I/C I/C I/C I/C N/A EXHIBIT 3D-4 0 0 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.7 CONTROL AND PROTECTION SYSTEM INTERACTION
4.7.1 CLASSIFICATION
OF E(UIPMENT.
ANY EQUIPMENT THAT IS USED FOR BOTH PROTECTIVE AND CONTROL FUNCTIONS SHALL BE CLASSIFIED AS PART OF THE PROTECTION SYSTEM AND SHALL MEET ALL THE RE(UIREMENTS OF THIS DOCUMENT.7.2 REACTOR TRIP SYSTEM NSSS 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY C 4.7.2 ISOLATION DEVICES.THE TRANS-MISSION OF SIGNALS FROM PROTECTION SYSTEM EgUIPtIENT FOR CONTROL SYSTEM USE SHALL BE THROUGH ISOLATION DEVICES WHICH SHALL BE CLASSIFIED AS PART OF THE PROTECTION SYS-TEtl AND SHALL MEET ALL THE REQUIREMENTS OF THIS DOCUt1ENT.
NO CREDIBLE FAILURE AT THE OUTPUT OF AN ISOLATION DEVICE SHALL PREVENT THE ASSOCIATED PROTECTION SYSTEM CHANNEL FROM MEETING THE MINIMUM PERFOR-MANCE REIlUIRENENTS SPECIFIED IN THE DESIGN BASES.EXHIBIT 3D-5 0
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.7 (CONTINUED)
Section 4.7.3 SINGLE RANDOM FAILURE.WHERE A SINGLE RANDOM FAILURE CAN CAUSE A CONTROL SYSTEM ACTION THAT REQUIRES PRO-TECTIVE ACTION AND CAN ALSO PREVENT PROPER ACTION OF A PROTECTION SYSTEM CHANNEL DESIGNED TO PROTECT AGAINST THE CONDITION, THE REMAINING REDUNDANT PROTECTION CHANNELS SHALL BE CAPABLE OF PROVIDING THE PROTECTIVE ACTION EVEN llHEN DEGRADED BY A SECOND RANDOM FAILURE.7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOB SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATIONN SYSTEMS REQUIRED FOB SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY EXHIBIT 3D-6
SRP ACCEPTANCE CRITERIA IEf E STANDARD 279 (CONTINUED)
SECTION 4.7.4 MULTIPLE FAILURES RESULTING FROM A CREDIBLE SINGLE fVENT.WHERE A CREDIBLE SINGLf fVENT CAN CAUSE A CONTROL SYSTEM ACTION THAT RESULTS IN A CONDITION Rf(UIRING PROTECTIVE ACTION FROM THOSE PRO-TECTION SYSTEM CHANNELS DESIGNED TO PRO-VIDE PRINCIPAL PROTECTION AGAINST THE CONDITION, ONE OF THE FOLLOWING MUST BE MET.7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY EXHIBIT 3D-7
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.8 DERIVATION OF SYSTEM INPUTS 7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7.CONTROL SYSTEMS NOT REQUIRED FOR SAFETY TO THE EXTENT FEASIBLE AND PRACTICAL, PROTECTON SYSTEM INPUTS SHALL BE DERIVED FROM SIGNALS THAT ARE DIRECT MEASURES OF THE DESIRED VARIABLES.
NSSS SECTION 4.9 CAPABILITY FOR SENSOR CHECKS MEANS SHALL BE PROVIDED FOR CHECKING, WITH A HIGH DEGREE OF CONfIDENCE, THE OPERA-TIONAL AVAILABILITY OF EACH SYSTEM INPUT SENSOR DURING REACTOR OPERATION.
SRP ACCE ANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.10 CAPABILITY FOR TEST AND CALIBRATION CAPABILITY SHALL BE PROVIDED FOR TESTING AND CALIBRATING CHANNELS AND THE DEVICES USED TO DERIVE THE FINAL SYSTEM OUTPUT SIGNAL FROM THE VARIOUS CHANNEL SIGNALS.FOR THOSE PARTS OF THE SYSTEM WHERE THE REQUIRED INTERVAL BETWEEN TESTING WILL BE LESS THAN NORMAL TIME INTERVAL BETWEEN GENERATING STATION SHUTDOWNS, THERE SHALL BE CAPABILITY FOR TESTING DURING POWER OPERATION.
7.2 REACTOR
TRIP SYSTEM NSSS 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7A SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A EXHIBIT 3D-9 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.11 CHANNEL BYPASS OR REMOVAL FROM OPERATION THE SYSTEM SHALL BE DESIGNED TO PERMIT ANY ONE CHANNEL TO BE MAINTAINED, AND WHEN RE(UIRED, TESTED OR CALIBRATED DURING POWER OPERATION WITHOUT INITIATING A PRO-TECTIVE ACTION AT THE SYSTEM LEVEL.DUR-ING SUCH OPERATION AND ACTIVE PARTS OF THE SYSTEM SHALL'OF THEMSELVES CONTINUE TO MEET THE SINGLE FAILURE CRITERION.
7.2 7.3 REACTOR ENGINEERED TRIP SAF ETY SYSTEM FEATURE SYSTEMS NSSS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION N/A 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FDR SAFETY N/A f XCEPTION: "ONE-OUT-OF-TWO" SYSTEMS ARE PERMITTED TO VIOLATE THE SINGLE FAILURE CRITERION DURING CHANNEL BYPASS PROVIDED THAT ACCEPTABLE RELIABILITY OF OPERATION CAN BE OTHERWISE DEMONSTRATED.
FOR EXAMPLE, THE BYPASS TIME INTERVAL RE(UIRED FOR A TEST, CALIBRATION, OR MAINTENANCE OPERATION COULD BE SHOWN TO BE SO SHORT EXHIBIT 30-10
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.11 (CONTINUED)
THAT THE PROBABILITY OF FAILURE OF THE ACTIVE CHANNEL WOULD BE COMMENSURATE WITH THE PROBABILITY OF FAILURE OF THE"ONE-OUT-OF-TWO" SYSTEMS DURING ITS NORMAL INTERVAL BETWEEN TESTS.72 73 7A REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY CLARIFICATION TESTING OF THE BOP ESFAS IS DONE BY CHANNEL ACTUATION.
EITHER ONE OF THE TWO CHANNELS MAY BE CALIBRATED OR REPAIRED WITHOUT DETRIMENTAL EFFECTS ON THE SYSTEM.INDIVIDUAL TRIP CHANNELS MAY BE BYPASSED TO EFFECT A SINGLE CHANNEL LOGIC ON THE ESFAS SIGNAL.MAINTENANCE AND CALIBRATION OF THE BYPASSED CHANNEL CAN BE ACCOM-PLISHED IN A SHORT TIME INTERVAL.PROB-ABILITY OF FAILURE OF THE REMAINING EXHIBIT 3D-11 SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.11 (CONTINUED)
CHANNEL IS ACCEPTABLY LOW DURING SUCH MAINTENANCE PERIODS.7.2 7.3 REACTOR ENGINEERED TRIP SAF ETY SYSTEM F EAT URE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY SECTION 4.12 OPERATING BYPASSES WHERE OPERATING REQUIREMENTS NECESSITATE AUTOMATIC OR MANUAL BYPASS OF A PROTECTIVE FUNCTION, THE DESIGN SHALL BE SUCH THAT THE BYPASS WILL BE REMOVED AUTOMATICALLY WHENEVER PERMISSIVE CONDITIONS ARE NOT MET.DEVICES USED TO ACHIEVE AUTOMATIC REMOVAL OF THE BYPASS OF A PROTECTIVE FUNCTION ARE PART OF THE PROTECTION SYSTEM AND SHALL BE DESIGNED IN ACCORDANCE WITH THESE CRITERIA.NSSS N/A N/A CLARIFICATION THERE ARE NO OPERATING BYPASSES.EXHIBIT 3D-12
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.13 INDICATION OF BYPASSES 7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY IF THE PROTECTIVE ACTION OF SOME PART OF THE SYSTEM HAS BEEN BYPASSED OR DELIBER-ATELY RENDERED INOPERATIVE FOR ANY PUR-POSE, THIS FACT SHALL BE CONTINUOUSLY INDICATED IN THE CONTROL ROOM.NSSS N/A N/A SECTION 4.14 ACCESS TO MEANS FOR BYPASSING THE DESIGN SHALL PERMIT THE ADMINISTRATIVE CONTROL OF THE MEANS FOR MANUALLY BYPASS-ING CHANNELS OR PROTECTIVE FUNCTIONS.
NSSS N/A N/A N/A EXHIBIT 3D-13
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.15 MULTIPLE SET POINTS WHERE IT IS NECESSARY TO CHANGE TO A MORE RESTRICTIVE SET POINT TO PROVIDE ADEQUATE PROTECTION FOR A PARTICULAR MODE OF OPERATION OR SET OF OPERATING CONDITIONS, THE DESIGN SHALL PROVIDE POSITIVE MEANS OF ASSURING THAT THE MORE RESTRICTIVE SET POINT IS USED.THE DEVICES USED TO PREVENT IMPROPER USE OF LESS RESTRICTIVE SET POINTS, SHALL Bf CONSIDERED A PART Of THE PROTECTION SYSTEM AND SHALL BE DESIGNED IN ACCORDANCE WITH THE OTHER PROVISIONS OF THESE CRITERIA REGARDING PERFORMANCE AND RELIABILITY.
7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS NSSS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN N/A 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION N/A 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY N/A 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A EXHIBIT 3D-14
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.16 COMPLETION OF PROTECTIVE ACTION ONCE IT IS INITIATED THE PROTECTION SYSTEM SHALL BE SO DESIGNED THAT, ONCE INITIATED, A PROTECTIVE ACTION AT THE SYSTEM LEVEL SHALL GO TO COMPLE-TION.RETURN TO OPERATION SHALL REQUIRE SUBSEQUENT DELIBERATE OPERATOR ACTION.7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS NSSS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN N/A 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION N/A 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FDR SAFETY N/A 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A SECTION 4.17 MANUAL INITIATION THE PROTECTION SYSTEM SHALL INCLUDE MEANS FOR MANUAL INITIATION OF EACH PROTECTION ACTION AT THE SYSTEM LEVEL.NO SINGLE FAILURE llITHIN THE MANUAL, AUTOMATIC, OR COMMON PORTIONS OF THE PROTECTION SYSTEM SHALL PREVENT INITIATION OF PROTECTIVE ACTION BY MANUAL OR AUTOMATIC MEANS.MANUAL INITIATION SHOULD DEPEND UPON THE OPERATION OF A MINIMUM OF EQUIPMENT.
NSSS N/A N/A N/A EXHIBIT 3D-15
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.18 ACCESS TO SET POINT ADJUSTMENTS, CALIBRATION, AND TEST POINTS 7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY THE DESIGN SHALL PERMIT THE ADMINISTRA-TIVE CONTROL OF ACCESS TO ALL SET POINT ADJUSTMENTS, MODULE CALIBRATION ADJUST-MENTS, AND TEST POINTS.I/C I/C I/C I/C N/A SECTION 4.19 IDENTIFICATION OF PROTEC-TIVE ACTIONS PROTECTIVE ACTIONS SHALL Bf INDICATED AND IDENTIFIED DO>N TO THE CHANNEL LEVEL.NSSS N/A EXHIBIT 3D-16
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 CONTINUED)
SECTION 4.20 INFORMATION READ OUT THE PROTECTIVE SYSTEM SHALL BE DESIGNED TO PROVIDE THE OPERATOR WITH ACCURATE, COMPLETE, AND TIMELY INFORMATION PERTI-NENT TO ITS OWN STATUS AND TO GENERATING STATION SAFETY.THE DESIGN SHALL MINI-MIZE THE DEVELOPMENT OF CONDITIONS WHICH WOULD CAUSE METERS, ANNUNCIATORS, RECORDERS, ALARMS, ETC., TO GIVE ANOMALOUS INDICATIONS CONFUSING TO THE OPERATOR.7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS NSSS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATIONN SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A SECTION 4.21 SYSTEM REPAIR THE SYSTEM SHALL BE DESIGNED TO FACILITATE THE RECOGNITION, LOCATION, REPLACEMENT, REPAIR, OR ADJUSTMENT Of MALFUNCTIONING COMPONENTS OR MODULES.NSSS N/A EXHIBIT 3D-17 P
SRP ACCEPTANCE CRITERIA IEEE STANDARD 279 (CONTINUED)
SECTION 4.22 IDENTIFICATION IN ORDER TO PROVIDE ASSURANCE THAT THE REQUIREMENTS GIVEN IN THIS DOCUMENT CAN BE APPLIED DURING THE DESIGN, CONSTRUC-TION, IQINTENANCE, AND OPERATION OF THE PL'ANT, THE PROTECTION SYSTEM EQUIPMENT (FOR EXAMPLE, INTERCONNECTING WIRING, COMPONENTS, MODULES, ETC.), SHALL BE IDENTIFIED DISTINCTIVELY AS BEING IN THE PROTECTIVE SYSTEM.THIS IDENTIFICATION SHALL DISTINGUISH BETWEEN REDUNDANT POR-TIONS OF THE PROTECTION SYSTEM.IN THE INSTALLED EQUIPMENTS, COMPONENTS, OR MODULES MOUNTED IN ASSEMBLIES THAT ARE CLEARLY IDENTIFIED AS BEING IN THE PRO-TECTION SYSTEM DO NOT THEMSELVES REQUIRE IDENTIFICATION.
7.2 REACTOR
TRIP SYSTEM NSSS 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY Nj'A EXHIBIT 3D-18
(
SRP ACCE ANCE CRITERIA IEEE STANDARD 308-1974, CRITERIA FOR CLASS IE PO>lER SYSTEMS RE UIREMENT THE CLASS IE POWER SYSTEMS SHALL MEET THE FUNCTIONAL REQUIREMENTS TO ENABLE THE SYS-TEM TO FUNCTION UNDER CONDITIONS OF DESIGN BASIS EVENTS.7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS I/C 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN I/C 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION I/C 7.6 ALL OTHER INSTRU-MENTATIONON SYSTEMS REQUIRED FOR SAFETY I/C 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A IEEE STANDARD 317-1972, ELECTRICAL PENETRATING ASSEMBLIES IN CONTAINMENT STRUCTURES RE UIREMENT ELECTRICAL PENETRATION ASSEMBLIES SHALL BE QUALIFIED BY TESTING AND ANALYSIS.I/C I/C I/C I/C I/C EXHIBIT 3D-19
SRP ACCEPTANCE CRITERIA IEEE STANDARD 336-1971, INSTALLATION, INSPECTION AND TESTING REQUIREMENTS FOR INSTRUMENTATION AND ELECTRIC EQUIPMENT DURING CONSTRUCTION RE UIREMENT 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION'SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY MEASURES SHALL BE ESTABLISHED FOR ASSURING PROPER DOCUMENTATION FOR INSTALLATION, INSPECTION AND TESTING OF SYSTEMS.NSSS IEEE STANDARD 338-1971, CRITERIA FOR PERIODIC TESTING OF CLASS IE POWER AND PROTECTION SYSTEMS RE UIREtlENT ASSURE CLASS IE POWER AND PROTECTION SYS-TEMS ARE PERIODICALLY TESTED COMMENSURATE TO THEIR FUNCTION.NSSS N/A EXHIBIT 3D-20
SRP ACCEP ANCE CRITERIA IEEE STANDARD 344-1975, SEISMIC gUALIFI-CATION OF CLASS IE E(UIPMENT RE UIREMENT CLASS IE EQUIPMENT MUST BE SEISMICALLY QUALIFIED TO WITHSTAND THE EFfECTS FROM DESIGN BASIS EVENTS.7.2 7.3 7,4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN NSSS 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A IEEE STANDARD 379-1972, APPLICATION OF SINGLE-FAILURE CRITERIA RE UIREMENT THE PROTECTION SYSTEM SHALL ADHERE TO THE SINGLE-FAILURE CRITERION.
SRP ACCEPTANCE CRITERIA IEEE STANDARD 384-1974, CRITERIA FOR SEPARATION OF CLASS IE EQUIPMENT AND CIRCUITS RE UIREMENT 7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY I PROPER SEPARATION OF CLASS IE EQUIPMENT AND CIRCUITS SHALL BE PROVIDED TO ASSUME REQUIRED FUNCTIONS CAN BE ACCOMPLISHED FOLLOWING A DESIGN BASIS EVENT.I/C I/C I/C I/C I/C EXHIBIT 3D-22 0
SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION ICSB I l.INSTRUMENTATION AND ELECTRIC E(UIPMENT ESSENTIAL TO SAFETY WHICH MUST FUNC-TION IN AN ACCIDENT ENVIRONMENT SHOULD BE ANALYZED OR TESTED TO DEMONSTRATE THIS CAPABILITY.
7.2 REACTOR
TRIP SYSTEM NSSS 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION N/A 7.6 ALL OTHER INSTR U.MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A 2.PROTECTION CIRCUITS ESSENTIAL TO SAFETY SHOULD MEET THE SINGLE FAILURE CRITERION OF SECTION 4.2 OF IEEE 279.3.WHERE D-C POWER IS REQUIRED FOR SAFETY, REDUNDANT 0-C SOURCES SHOULD BE PROVIDED AND THE 0-C CIRCUITS SHOULD MEET THE SINGLE FAILURE CRITERION.
EXHIBIT 3E-l 0
SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL.
POSITION 1 (CONTINUED) 4.FOR REACTOR PLANTS SUPPLYING ELECTRIC POWER TO ELECTRIC UTILITY GRIDS, REDUNDANT SOURCES OF ONSITE A-C POWER SHOULD BE PROVIDED AND THE A-C CIR-CUITS SHOULD NEET THE SINGLE FAILURE CRITERION.
7.2 7.3 REACTOR ENGINEERED TRIP SAFETY SYSTEM FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOB SAFE SHUTDOWN 7.5 SAFETY BELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOB SAFETY 7.7 CONTBO L SYSTEMS NOT REQUIRED FOR SAFETY EXHIBIT 3E-2 0;
SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION ICSB 3 THE FOLLOWING MEASURES SHOULD BE INCOR-PORATED IN DESIGNS OF THE INTERFACES BETWEEN LOW PRESSURE SYSTEMS AND THE HIGH PRESSURE REACTOR COOLANT SYSTEM: 7.2 REACTOR TRIP SYSTEM N/A 7.3 ENGINEERED SAFETY FEATURE SYSTEMS N/A 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTR U-MENTATION N/A 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A 1.AT LEAST TWO VALVES IN SERIES SHOULD BE PROVIDED FOR ISOLATION.
2.WHERE BOTH VALVES ARE MOTOR-OPERATED, THE VALVES SHOULD HAVE INDEPENDENT AND DIVERSE INTERLOCKS.
3.WHERE ONE CHECK VALVE AND ONE MOTOR-OPERATED VALVE ARE PROVIDED, THE MOTOR-OPERATED VALVE SHOULD BE INTERLOCKED TO OPERATE AS ABOVE.EXHIBIT 3E-3
SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION 3 (CONTINUED) 4.SUITABLE VALVE POSITION INDICATION SHOULD BE PROVIDED IN THE CONTROL ROOM FOR THE INTERFACE VALVES.7.2 REACTOR TRIP SYSTEM 7.3 7A ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY BELATED DISPLAY INSTRUM-ENTATIONN 7.6 ALL OTHER INSTR U-MENTATI ON SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 5.FOR THOSE INTERFACES WHERE THE SUB-SYSTEM IS RE(UIRED FOR ECCS OPERATION, THE ABOVE RECOMMENDATIONS NEED NOT BE IMPLEMENTED.
BRANCH TECHNICAL POSITION ICSB 4 (PSB)THE FOLLOWING FEATURES SHOULD BE INCOR-PORATED IN THE DESIGN OF MDIV SYSTEMS FOR SAFETY INJECTION TANKS TO MEET THE INTENT OF IEEE STD 279: N/A N/A N/A N/A l.AUTOMATIC OPENING OF THE VALVES>IHEN EITHER PRIMARY COOLANT SYSTEM PRESSURE EXHIBIT 3E-4 0
SRP ACCEP ANCE CRITERIA BRANCH TECHNICAL POSITION 4 (CONTINUED)
EXCEEDS A PRESELECTED VALUE OR A SAFETY INJECTION SIGNAL IS PRESENT.2.VISUAL INDICATION IN THE CONTROL ROOM OF THE OPEN OR CLOSED STATUS OF THE VALVE.7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 3.AN AUDIBLE AND VISUAL ALARM, INDE-PENDENT OF ITEM (2)ABOVE, THAT IS ACTUATED BY A SENSOR ON THE VALVE 0IHEN THE VALVE IS NOT IN THE FULLY-OPEN POSITION.4.UTILIZATION OF A SAFETY INJECTION SIGNAL TO REMOVE AUTOMATICALLY ANY BYPASS FEATURE THAT MAY BE PROVIDED.EXHIBIT 3E-5 0
SRP ACCEP ANCE CRITERIA BRANCH TECHNICAL POSITION 4 (CONTINUED)
CLARIFICATION A NORMALLY OPEN, LOCKED OPEN MDIV IS USED.THE VALVE OPENS ON SIAS.WHEN RCS PRES-SURE IS 100 PSI ABOVE TANK OPERATING PRESSURE, MOTOR BREAKER IS MANUALLY LOCKED OPEN.POSITION INDICATION AND CLOSED ALARM ARE PROVIDED ON BREAKER.7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY BRANCH TECHNICAL POSITION ICSB 5 THE REQUIREMENT THAT CONTROL ROD DRIVE TRIP BREAKERS ARE TESTED MONTHLY SHOULD BE INCLUDED IN ALL.PLANT TECHNICAL SPECIFICATIONS ISSUED.NSS SCOPE EXHIBIT 3E-6 SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION ICSB 9 7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOM 7.5 SAFETY BELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT'EQUIRED FOR SAFETY THE"DAILY ADJUSTMENT", blHICH DOES NOT FULFILL THE INTENT OF REQUIREMENTS OF A CALIBRATION PROCEDURE, SHOULD REMAIN AS A DAILY REQUIREMENT BUT BE DELETED FROM THE"CHANNEL CALIBRATION" CATEGORY IN THE TECHNICAL SPECIFICATIONS.
I/C I/C I/C I/C N/A BRANCH TECHNICAL POSITION ICSB 12 1.THE CHANGE TO THE I10RE RESTRICTIYE TRIP POINTS SHOULD BE ACCOMPLISHED AUTOMATICALLY WHEN REQUIRED.N/A N/A N/A N/A N/A EXHIBIT 3E-7
SRP ACCE NCE CRITERIA BRANCH TECHNICAL POSITION 12 (CONTINUED) 2.PLANTS MITH DESIGNS NOT IN ACCORDANCE MITH THE ABOVE SHOULD HAVE A REQUIRE-MENT THAT THE REACTOR BE SHUT DOMN PRIOR TO CHANGING THE SET POINTS I IANUALLY.7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U.MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY BRANCH TECHNICAL POSITION ICSB 13 THE AUXILIARY FEEDMATER SYSTEM SHOULD BE CAPABLE OF SATISFYING THE SYSTEM FUNC-TIONAL REOUIREIIENTS AFTER A POSTULATED BREAK IN THE AUXILIARY FEEDMATER PIPING INSIDE CONTAINI1ENT TOGETHER MITH A SINGLE ELECTRICAL FAILURE.N/A N/A N/A EXHIBIT 3E-8
SRP ACCEPTANCE CRITERIA 7.2 REACTOR TRIP SYSTEM 7.3 7A ENGINEERED SYSTEMS.SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY BRANCH TECHNICAL POSITION ICSB 14 APPLICANTS HAVE TO DEMONSTRATE COMPLIANCE WITH THE Rf(UIREHENTS OF GDC 20 TO 25.(SPURIOUS MITHDRAMAL OF SINGLE CONTROL RODS.)NSSS SCOPE EXHIBIT 3E-9
SRP ACCEPTANCE CRITERIA BRANCH TECHNICAL POSITION 16 THE FOLLOWING INTERLOCKS ARE CONSIDERED SAFETY-RELATED AND SHOULD BE DESIGNED TO MEET THE RE'QUIREMENTS OF IEEE STD 279.THE INTERLOCKS ARE INTENDED TO PREYENT THE FOLLOWING ACTIONS: 7.2 7.3 7.4 REACTOR ENGINEERED SYSTEMS TRIP SAFETY REQUIRED SYSTEM FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY l.INSERTION OF SHUTDOWN CEAs BEFORE THE REGULATING CEAs ARE INSERTED.NSSS 2.SIMULTANEOUS WITHDRAWAL OF tlORE THAN TMO GROUPS OF CEAs.3.MITHDRAMAL OF A CEA GROUP OR GROUPS OUT OF PROPER SEQUENCE.CLARIFICATION APPLICABLE TO REACTOR TRIP SYSTEM.EXHIBIT 3f-10
SRP ACCEP CE CRITERIA BRANCH TECHNICAL POSITION ICSB 18 WHERE A SINGLE FAILURE IN AN ELECTRICAL SYSTEM CAN RESULT IN LOSS OF CAPABILITY TO PERFORt1 A SAFETY FUNCTION, THE EFFECT ON PLANT SAFETY MUST BE EVALUATED.
THIS POSITION ESTABLISHES ACCEPTABILITY OF DISCONNECTING POWER TO ELECTRICAL COMPONENTS AS ONE MEANS OF DESIGNING AGAINST A SINGLE FAILURE.7.2 REACTOR TRIP SYSTEM N/A 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION N/A 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY.N/A BRANCH TECHNICAL POSITION ICSB 20 l.A MANUAL INITIATION OF THE TRANSFER TO THE RECIRCULATION MODE IS SUFFI-CIENT AND SATISFIES THE INTENT OF IEEE STD 279 PROVIDED THAT ADE(UATE INSTRUMENTATION, TItlE, AND INFORMATION DISPLAY.ARE AVAILABLE.
N/A N/A N/A EXHIBIT 3E-11
SRP ACCEP CE CRITERIA BRANCH TECHNICAL POSITION 20 (CONTINUED)
7.2 REACTOR
TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY I 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 2.AUTOMATIC TRANSFER TO THE RECIRCULA-TION MODE IS PREFERABLE AND SHOULD BE PROVIDED.NSSS COPE BRANCH TECHNICAL POSITION ICSB 21 1.THE BYPASS INDICATORS SHOULD ENABLE THE OPERATOR TO DETERMINE THE STATUS OF EACH SAFETY SYSTEM AND WHETHER CONTINUED REACTOR OPERATION IS PERMISSIBLE.
I/C I/C I/C I/C N/A EXHIBIT 3E-12 SRP ACCEP 1 CE CRITERIA BRANCH TECHNICAL POSITION 21 (CONTINUED) 2.WHEN A PROTECTIVE FUNCTION OF A SHARED SYSTEM CAN BE BYPASSED, INDI-CATION OF THAT BYPASS CONDITION SHOULD BE PROVIDED IN THE CONTROL ROOM.7.2 REACTOR TRIP SYSTEM 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTRU-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 3.MEANS BY MHICH THE OPERATOR CAN CANCEL ERRONEOUS BYPASS INDICATIONS, IF PRO-VIDED, SHOULD BE JUSTIFIED.
4.THE INDICATION SYSTEM MUST Bf A SAFETY SYSTEM TO PERFORM FUNCTIONS THAT ARE ESSENTIAL TO SAFETY.ADMINISTRATIVE PROCEDURES SHOULD NOT REQUIRE IMMEDIATE OPERATOR ACTION BASED SOLELY ON THE BYPASS INDICATIONS.
EXHIBIT 3E-13 SRP ACCEP ANCE CRITERIA BRANCH TECHNICAL POSITION 21 (CONTINUED) 5.THE INDICATION SYSTEM SHOULD BE DESIGNED AND INSTALLED IN A MANNER WHICH PRECLUDES THE POSSIBILITY OF ADVERSE EFFECTS ON PLANT SAFETY SYSTEMS.7.2 REACTOR TRIP SYSTEM 7.3 7.4 ENGINEERED SYSTEMS SAFETY REQUIRED FEATURE FOR SAFE SYSTEMS SHUTDOWN 7.6 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTR U-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY 6.THE INDICATION SYSTEM SHOULD INLCUDE A CAPABILITY OF ASSURING ITS OPERABLE STATUS DURING NORMAL PLANT OPERATION.
EXHIBIT 3E-14
SRP ACCEP NCE CRITERIA BRANCH TECHNICAL POSITION ICSB 22 ALL POSITIONS OF THE PROTECTION SYSTEMS SHOULD BE DESIGNED IN ACCORDANCE WITH IEEE STD 279.7.2 REACTOR TRIP SYSTEM NSSS 7.3 ENGINEERED SAFETY FEATURE SYSTEMS 7.4 SYSTEMS REQUIRED FOR SAFE SHUTDOWN 7.5 SAFETY RELATED DISPLAY INSTR U-MENTATION 7.6 ALL OTHER INSTRU-MENTATION SYSTEMS REQUIRED FOR SAFETY 7.7 CONTROL SYSTEMS NOT REQUIRED FOR SAFETY N/A BRANCH TECHNICAL POSITION ICSB 25 IN ORDER TO COMPLY>IITH THE RE(UIREHENTS OF GDC 37, ALL ECCS PUI1PS SHOULD BE INCLUDED IN THE SYSTEM TESTS.N/A N/A N/A N/A BRANCH TECHNICAL POSITION ICSB 26 ALL REACTOR TRIPS INCORPORATED IN THE REACTOR PROTECTION SYSTEM SHOULD BE DESIGNED TO MEET THE RE(UIREHENTS OF IEEE STD 279, WITHOUT EXCEPTION.
THIS POSITION APPLIES TO THE ENTIRE TRIP FUNCTION FROM THE SENSOR TO THE FINAL ACTUATED DEVICE.NSS SCOPE EXHIBIT 3E-15 0
3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 78-01 FLAMMABLE CONTACT-ARM RETAINERS IN GE CR120A RELAYS 78-02 TERMINAL BLOCK QUALIFICATION NOT USED IN PVNGS DESIGN QUALIFICATION PER IEEE 323-1974 (NUREG 0588)78-04 ENVIRONMENTAL QUALIFICATION LIMIT SWITCH QUALIFICATION REQUIRED FOR OF CERTAIN STEM MOUNTED CONTAINMENT ISOLATION VALVE INDICATION PER LIMIT SWITCHES INSIDE" R,G, 1,97 TO BE IEEE 323-1974 (NUREG 0588)REACTOR CONTAINMENT 78-05 MALFUNCTIONING OF CIRCUIT BREAKER AUXILIARY CONTACT MECHANISM-GENERAL ELECTRIC MODEL CR105X 78-06 DEFECTIVE CUTLER-HAMMER, TYPE M RELAYS WITH DC COILS NOT USED IN PVNGS DESIGN NOT USED IN PVNGS DESIGN EXHIBIT 3F-1 BU (CONT'D)3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES.79-05 NUCLEAR INCIDENT AT THREE 79-05A MILE ISLAND 79-05B 79-05C 79-06 REVIEW OF OPERATIONAL 79-06A ERRORS AfjD SYSTEM 79-06B f'1ISALIGNMENTS IDENTIFIED 79-06C DURING THE THREE flILE ISLAND INCIDENT ADDRESSED TO NUREG 0737 ADDRESSED TO NUREG 0737 79-09 FAILURES OF GE TYPE AK-2 CIRCUIT BREAKER IN SAFETY RELATED SYSTEMS WILL FOLLOW MANUFACTURER'S SERVICE ADVICE IN PREVENTIVE f'1AINTENANCE 79-11 FAULTY OVERCURRENT TRIP DEVICE IN CIRCUIT BREAKERS FOR ENGINEERED SAFETY SYSTEMS WESTINGHOUSE DB-50 NOT USED IN PVNGS DESIGN EXHIBIT 3F-2 U S (CONT'D)3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 79-25 FAILURE OF WESTINGHOUSE BFD RELAYS IN SAFETY-RELATED SYSTEMS 79-27 LOSS OF NON-CLASS 1E INSTRUf'1ENTATION AND CONTROL POWER BUS DURING OPERATION NOT USED IN PVNGS DESIGN THE DESIGN PROVIDES FOR 2 UNGROUNDED NON-lE INSTRUMENT DISTRIBUTION PANELS AND 4 UNGROUNDED VITAL (CLASS 1E)PANELS, ALL NON 1E INSTRUNENTATION HAS A lE COUNTERPART TO PROVIDE CONTINUOUS CONTROL ROOf'1 READOUT OF SHUTDOWN PARANETERS EVEN WITH A TOTAL LOSS OF ALL NON lE INSTRUNENTATION, 79-28 NALFUNCT ION OF NAI'1CO LIMIT SWITCHES NANCO HAS CORRECTED THE PROBLEM BY THE USE OF A SUITABLE GASKET NATERIAL, ACTION HAS BEEN TAKEN TO ENSURE THAT ALL NANCO SWITCHES ON PVNGS WILL BE INSTALLED WITH SUITABLE GASKET OTERIAL.EXHIBIT 3F-3
BU S (CONT'D)3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 80-06 ENGINEERED SAFETY FEATURES (ESF)RESET CONTROLS 80-12 DECAY HEAT REMOVAL SYSTEM OPERABILITY PVNGS ESF-ACTUATED DEVICES REMAIN IN EMERGENCY MODE ON RESET OF AN ESF ACTUATION SIGNAL WITH THE FOLLOWING CLARIFICATIONS-ACTUATED DEVICES WITH DIFFERENT SAFETY MODES IN RESPONSE TO DIFFERENT ESF ACTUATION SIGNALS BY DESIGN MAY ACTUATE TO A DIFFERENT SAFETY MODE'N RESET OF AN ESF ACTUATION SIGNAL, Tl-IE AUXILIARY FEEDWATER VALVES BY DESIGN CYCLE CLOSED ON AUTOMATIC AFAS RESET, PVNGS DESIGN INCORPORATES FOUR INDEPENDENT POWER CHANNELS FOR ESFAS INITIATION AND TWO FULL CAPACITY, INDEPENDENT SHUTDOWN COOLING TRAINS, THE SERIES OF EVENTS RESULTING IN LOSS OF DECAY HEAT REMOVAL ARE NOT POSSIBLE IN THE PVNGS DESIGN, EXHIBIT 3F-4 0
(CONT'D)3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 80-16 MI SAPPLI CAT ION OF=ROSEMOUNT PRESSURE TRANSMITTERS 80-20 FAILURE OF WESTINGHOUSE W-2 TYPE SPRING SWITCHES 80-23 FAILURES OF SOLENOID VALVES MANUFACTURED BY VALCOR ENGINEERING CORP, PVNGS USE OF THE SUBJECT ROSEf'10UNT PRESSURE TRANSMITTERS HAS BEEN REVIEWED AND THEIR USE IN SAFETY RELATED APPLICATIONS ARE WITHIN THE CALIBRATED RANGE OF THE TRANSMITTER.
WESTINGHOUSE TYPE W-2 CONTROL SWITCHES ARE tlOT USED IN THE PVNGS DESIGN, NO VALCOR SOLENOID VALVES USED IN SAFETY RELATED SERVICE IN THE PVNGS DESIGN, EXHIBIT 3F-5 3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 78-08 ENV I RONMENTAL QUAL IF I CATION OF SAFETY-RELATED ELECTRICAL EQUIPMENT AT NUCLEAR POWER PLANTS 78-19 MANUAL OVERRIDE (BYPASS)OF SAFETY SYSTEMS ACTUATION SIGNALS QUALIFICATION PER IEEE 323-1974 (NUREG 0588)OVERRIDE OF AN ESF ACTUATION SIGNAL IN THE COMPONENT LOGIC PLACES THE COMPONENT UNDER MANUAL CONTROL BLOCKING ANY SUBSEQUENT ESF ACTUATION, OVERRIDE IS AUTOMATICALLY REMOVED ON RESET OF THE ESF ACTUATION SIGNAL, ONCE IN THE OVERRIDE MODE, THE SESS ALARMS AT THE SYSTEM LEVEL EVERY SYSTEM IMPACTED WHEN THE COMPONENT IS RETURNED TO ITS NORMAL (NON-ESF)POSITION, CONTAINMENT PURGE ISOLATION VALVES HAVE SEPARATE OVERRIDE LOGIC FOR CPIAS AND FOR CIAS, EXHIBIT 3F-6 S (CONT'D)3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 80-01 SERVICE ADVISE FOR GE INDUCTION DISC RELAYS 80-12 VALVE SHAFT-TO-ACTUATOR KEY MAY FALL OUT OF PLACE WHEN MOUNTED BELOW HORIZONTAL AXIS 80-16 OPERATIONAL DEFICIENCIES IN ROSEf"lOUNT MODEL 510DU TRIP UNITS AND MODEL 1152 TRANSMITTERS 81-01 DESIGN PROBLEMS INVOLVING INDICATING PUSHBUTTON SWITCHES MANUFACTURED BY HONEYWELL INCORPORATED FIELD INSPECTION TO IDENTIFY AFFECTED RELAYS IN WORK ON PVNGS, LOCTITE ADHESIVE IS USED IN ADDITION TO THE PRESS FIT KEY CONNECTION NOT USED IN PVNGS DESIGN IN WORK EXHIBIT 3F-7 3,F IE BULLETINS, CIRCULARS AND INFORMATION NOTICES 79-22 QUALIFICATION OF CONTROL SYS, 79-29 LOSS OF NONSAFETY-RELATED REACTOR COOLANT SYSTEM INSTRUMENTATION DURING OPERATION ANALYSIS OF HIGH ENERGY LINE BREAK EFFECTS ON CONTROL SYSTEMS RESULTING IN COMPLICATING FAILURES IS IN PROCESS, THE DESIGN PROVIDES FOR 2 UNGROUDED NON-lE INSTRUMENT PANELS AND 0 UNGROUNDED VITAL (CLASS 1E)PANELS TO PROVIDE CONTINUOUS CONTROL ROOM READOUT OF SHUTDOWN PARAMETERS EVEN WITH A TOTAL LOSS OF ALL NON-1E INSTRUMENTATION, 79-30 REPORTING OF DEFECTS AND NON-COMPLIANCE, 10CFR21 80-08 THE STATES COMPANY SLIDING LINK ELECTRICAL TERMINAL BLOCKS IN COMPLIANCE NOT USED IN PVNGS DESIGN 80-10 PARTIAL LOSS OF NON-NUCLEAR INSTRUMENT SYSTEM POWER SUPPLY DURING OPERATION INSTRUMENTATION PROVIDED IS CLASS 1E AND WOULD NOT CAUSE THE OPERATOR TO BE"INSTRUMENT BLIND".EXHIBIT 3F-8
3.F IE BULLETINS, CIRCULARS AND INFORNATION NOTICES (CONT'D)80-13 GE TYPE SBN CONTROL~SWITCHES DEFECTIVE CAM FOLLOWERS 80-20 LOSS OF DECAY HEAT REI'10VAL AT DAVIS BESSE UNIT¹1 WHILE IN REFUELING NODE 80-31 NALOPERAT ION OF GOULD-BROWN BOVERI TYPE 480 VOLT K600S AND K-DON 600S CIRCUIT BREAKERS ALL SBM SWITCHES USED ON PVNGS ARE POST-1976 NANUFACTURE AND NOT SUBJECT TO DEFECTIVE CAN FOLLOWERS, THE SERIES OF EVENTS RESULTING IN THE LOSS OF DECAY HEAT RENOVAL ARE NOT POSSIBLE IN THE PVNGS DESIGN WHICH USES FOUR INDEPENDENT SOURCES OF INSTRUNENT POWER, AND HAS TWO INDEPENDENT, FULL CAPACITY TRAINS FOR SHUTDOWN COOLING WHICH DO NOT ISOLATE ON SPURIOUS ESF ACTUATION SIGNALS, NOT APPLICABLE TO PVNGS SUPPLIED BREAKERS WHICH WERE SUPPLIED AFTER 1977, EXHIBIT 3F-9
5,F IE BULLETINS, CIRCULA AND INFORMATION NOTICES (CONT'D)0 80-40 EXCESSIVE N2 SUPPLY PRESSURE ACTUATES SRV OPERATION TO CAUSE REACTOR DEPRESSURIZATION 81-01 POSSIBLE FAILURE OF GENERAL ELECTRIC TYPE HFA RELAYS 81-05 DEGRADED DC SYSTEM AT PALISADES 81-06 FAILURE OF ITE MODEL K-600 CIRCUIT BREAKER PVHGS DESIGN USES SPRING-LOADED RELIEF VALVES.THE ATMOSPHERIC DUMP VALVES HAVE REDUNDANT SOLENOID VALVES IN PNEUMATIC SUPPLY TO ISOLATE OVER PRESSURE SOURCE.LEAKAGE THROUGH SOLENOID VALVES WOULD BE TO ATMOSPHERE, IN WORK-FIELD INSPECTION REQUIRED TO IDENTIFY AFFECTED RELAYS, BREAKER ALARM IS ANNUNCIATED ON SESS IN WORK EXHIBIT 5F-10 ITEM I,D,l, CONTROL ROOM DESIGN REVIEWS G-O PER NUREG-0660, ALL LICENSEES AND APPLICANTS FOR OPERATING LICENSES WILL BE REQUIRED TO CONDUCT A DETAILED CON-TROL-ROOM DESIGN REVIEW TO IDENTIFY AND CORRECT DESIGN DEFICIENCIES, THE OFFICE OF NUCLEAR REACTOR REGULATION REQUIRES THAT THOSE APPLICANTS FOR OPERATING LICENSES WHO ARE UNABLE TO COMPLETE THIS REVIEW PRIOR TO ISSUANCE OF A LICENSE MAKE PRELIMINARY ASSESSMENTS OF THEIR CONTROL ROOMS TO IDENTIFY SIGNIFICANT HUMAN FACTORS AND INSTRUMENTATION PROBLEMS AND ESTABLISH A SCHEDULE-APPROVED BY NRC FOR CORRECTING DEFICIENCIES, IN COMPLIANCE, APS FORMED A CONTROL ROOI'1 DESIGN REVIEW (CRDR)MANAGEMENT TEAM AND IS PERFORMING A PRELIMINARY ASSESSMENT OF THE PVNGS CONTROL ROOM, THE EARLY PART OF THIS EFFORT WAS DIVIDED INTO THREE PHASES, PHASE I OF THE STUDY DEVELOPED THE GUIDELINES TO BE USED WHILE CONDUCTING THE CRDR, PHASE II CONSISTED OF THE DETAILED DATA-TAKING EFFORT AND THE IDENTIFICATION OF HUMAN FACTORS DEFICIENCIES, THE THREE TASK AREAS ADDRESSED WERE HUMAN FACTORS, SYSTEMS FACTORS, AND OPERATOR PREPAREDNESS FACTORS, THE DEFICIENCIES
.IDENTIFIED WERE ANALYZED FOR PROPER RESOLU-TION AND ASSIGNED PRIORITIES TO ASSIST IN DETERMINING A SCHEDULE FOR IMPLEMENTATION, EXHIBIT 36-1 ITEM I,D,1 (COflT'D)PHASE III, WHICH IS CURRENTLY IN PROGRESS, INCLUDES PREPARATION AND PUBLICATION OF A PRELIMINARY REPORT, THE REVIEW HAS RESULTED IN APS INITIATING IMPLEMENTATION OF THE FOLLOWING TO DATE:~COLOR DEMARCATION
~INSTRUMENT RELOCATION
~ALARM PRIORI TIZAT I ON~ADDITIONAL INSTRUMENTATION WHEN THE CRDR IS COMPLETED, A FINAL REPORT FOR SUBMITTAL TO THE NRC WILL BE PREPARED, THE SUBMITTAL DATE IS TARGETED FOR DECEMBER, 1981, EXHIBIT 36-2 Ol 0 ITEM I,D,2 PLANT SAFETY PARAMETER DISPLAY CONSOLE PER NUREG-0660, EACH APPLICANT AND LICENSEE SHALL INSTALL A SAFETY PARAMETER DISPLAY SYSTEM (SPDS)THAT WILL DISPLAY TO OPERATING PERSONNEL A MIldIMUM SET OF PARAMETERS WHICH DEFINE THE SAFETY STATUS OF THE PLANT, THIS CAN BE ATTAINED THROUGH CONTINUOUS INDICATION OF DIRECT AND DERIVED VARIABLES AS NECESSARY TO ASSESS PLANT-".,SAFETY STATUS.IN COMPLIANCE, A SPDS IS BEING DEVELOPED TO DISPLAY TO OPERATING PERSONNEL A MINIMUM SET OF PARAMETERS WHICH DEFINE THE SAFETY STATUS OF THE PLANT, THE SPDS WILL PROVIDE CON-TINUOUS INDICATION OF DIRECT AND DERIVED VARIABLES, THE REQUIREMENTS OF NUREG-0696 WILL BE UTILIZED IN DEVELOPMENT AND INSTALLATION OF THE SPDS, EXHIBIT 3G-3
ITEM I I,B,3 POST ACCIDENT SAMPLING A DESIGN AND OPERATIONAL REVIEW OF THE RADIOLOGICAL SPECTRUM ANALYSIS FACILITIES SHALL BE PERFORMED TO DETERMINE THE CAPABILITY TO PROMPTLY QUANTIFY (IN LESS TllAN 2 HOURS)CERTAIN RADIONUCLIDES THAT ARE INDICATORS OF THE DEGREE OF CORE DAMAGE, IN ADDITION TO THE RADIOLOGICAL ANALYSES, CERTAIN CHEMICAL ANALYSES ARE NECESSARY FOR f'ION ITORI NG REACTOR CONDITIONS, PROCEDURES SHALL BE PROVIDED TO PERFORM BORON AND CHLORIDE CHEMICAL ANALYSES ASSUMING A HIGHLY RADIOACTIVE INITIAL SAMPLE (RG 1,3 OR 1,4 SOURCE TERN), BOTH ANALYSES SHALL BE CAPABLE OF BEING COMPLETED PROMPTLY (I,ETHE BORON SAMPLE ANALYSIS WITHIN AN HOUR AND THE CHLORIDE SAMPLE ANALYSIS WITHIN A SHIFT), IN COMPLIANCE (SEE SEC, 2,C,3)EXHIBIT 36-4 ITEM II,D,3 DIRECT INDICATION OF RELIEF AND SAFETY-VALVE POSITION REACTOR COOLANT SYSTEM RELIEF AND SAFETY VALVES SHALL BE PROVIDED WITH A POSITIVE INDICATION IN THE CONTROL ROOM DERIVED FROM A RELIABLE VALVE-POSITION DETECTION DEVICE OR A RELIABLE INDICATION OF FLOW IN THE DISCHARGE PIPE, PVNGS WILL COMPLY, PVNGS DOES NOT UTILIZE POWER OPERATED RELIEF VALVES, THE PVNGS PRIMARY CODE SAFETY VALVES, LOCATED AT THE TOP OF THE PRES-SURIZER, ARE HEADERED INTO THE REACTOR DRAIN TANK'(RDT)INSIDE CONTAINMENT, UPSTREAM OF THE COMMON HEADER EACH CODE SAFETY VALVE IS MONITORED FOR SEAL LEAKAGE BY AN IN-LINE RESIST'IVE-TEMPERATURE DEVICE (REFER TO FSAR FIGURE 5,1-1).INDIRECT INDICATION OF CODE SAFETY VALVE LEAKAGE IS PROVIDED BY AN INCREASE OF RDT PRESSURE AND A DECREASE OF PRESSURIZER PRESSURE AND PRESSURIZER LEVEL, MONITORED BY SAFETY-GRADE INSTRUMENTATION, POSITIVE INDICATION OF SAFETY VALVE POSITION WILL BE PROVIDED IN THE CONTROL ROOM, THE INSTRUMENTA-TION WILL BE ENVIRONMENTALLY QUALIFIED IN COMPLIANCE WITH REGULATORY GUIDE 1.89, A PLANT ANNUNCIATOR ALARM WILL BE PROVIDED TO ALARM VALVE OPENING, EXHIBIT 36-5
U G-O ITEM II,E,1.2, SUBPART 2 AUXILIARY FEEDWATER SYSTEM (AFWS)FLOWRATE INDICATION AS PER GDC 13 TO PROVIDE THE CAPABILITY IN THE CONTROL ROOM TO ASCERTAIN THE ACTUAL PERFORMANCE OF THE AFWS WHEN IT IS CALLED TO PERFORM ITS INTENDED FUNCTION, THE FOLLOW-ING REQUIREMENTS SHALL BE IMPLEMENTED:
(1)SAFETY-GRADE INDICATION OF AUXILIARY FEEDWATER FLOW TO EACH STEAM GENERATOR SHALL BE PROVIDED IN THE CONTROL ROOM, (2)THE AUXILIARY FEEDWATER FLOW INSTRUMENT CHANNELS SHALL BE POWERED FROM THE EMERGENCY BUSES CONSISTENT WITH SATISFYING THE EMERGENCY POWER DIVERSITY REQUIREMENTS OF THE AUXILIARY FEEDWATER SYSTEM SET FORTH IN AUXILIARY SYSTEMS BTP 10-1 OF THE SRP, SECTION 10,0,9, IN COMPLIANCE, THE PVNGS DESIGN INCLUDES CLASS IE MONITORING OF AUXILIARY FEEDWATER FLOW TO BOTH STEAM GENERATORS, THESE FLOW INDICATOR CHANNELS ARE DISPLAYED ON THE MAIN CONTROL BOARDS, CLASS IE (SAFETY GRADE)PRESSURE INDICATORS LOCATED UP-STREAM OF THE MANUAL BLOCK VALVES AND CLASS IE STEAM GENERATOR LEVEL INDICATORS ARE ALSO PROVIDED THE SAFETY GRADE PRESSURE, LEVEl, AND FLOW INDICATION CHANNELS ARE POWERED FROM REDUNDANT CLASS IE BUSES, EXHIBIT 36-6
ITEM II,E,3,1 EMERGENCY POWER FOR PRESSURIZER HEATERS THE PRESSURIZER HEATER POWER SUPPLY DESIGN SHALL PROVIDE THE CAPABILITY TO SUPPLY, FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE (WHEN OFFSITE POWER IS NOT AVAILABLE), A PREDETERMINED NUMBER OF PRESSURIZER HEATERS AND ASSO-CIATED CONTROLS NECESSARY TO ESTABLISH AND MAINTAIN NATURAL CIRCULATION AT HOT STANDBY CONDITIONS, THE REQUIRED HEATERS AND THEIR CONTROLS SHALL BE CONNECTED TO THE EMERGENCY BUSES IN A MANNER THAT WILL PROVIDE REDUNDANT POWER SUPPLY CAPABILITY, PRESSURIZER HEATER MOTIVE AND CONTROL POWER INTERFACES WITH THE EMERGENCY BUSES SHALL BE ACCOMPLISHED THROUGH DEVICES THAT HAVE BEEN QUALIFIED IN ACCORDANCE WITH SAFETY-GRADE REQUIREMENTS, THE C-E INTERFACE REQUIREMENTS FOR THE PRESSURIZER HEATERS ARE INCORPORATED INTO THE PVNGS DESIGN, EXHIBIT 36-7
PVNGS PRESSURIZER HEATERS ITEMi II.E,3,1 (CONT'D)NUMBER OF HEATERS CAPACITY (KW)480V BUS IE IE RESET FROM POWER.CONTROLS SIAS TRIP CONTROL ROON 5-3 ELEMENT GROUPS 5-3 ELEMENT GROUPS 1-3 ELEMENT GROUPS 1-3 ELEMENT GROUPS 750 750 150 150 NGN-Lll NGN-L12 PGA-L33 PGB-L32 I NO NO NO NO TRAIN A TRAIN A TRAIN B TRAIN B NO NO YES YES-N/A N/A NO NO EXHIBIT 36-8
U G 0 ITEM I I.E,4,2 CONTAINMENT ISOLATION DEPENDABILITY 1)CONTAINMENT ISOLATION SYSTEM DESIGNS SHALL COMPLY WITH THE RECOMMENDATIONS OF SRP SECTION 6,2.4 (I~ETHAT THERE BE DIVERSITY IN THE PARAMETERS SENSED FOR THE INITIATION OF CONTAINMENT ISOLATION).
" 1)IN COMPLIANCE, A CONTAINMENT ISOLATION SIGNAL IS DIVERSELY GENERATED BY EITHER A HIGH CONTAINMENT PRESSURE SIGNAL (5 PSIG)OR A LOW PRESSURIZER PRESSURE SIGNAL (1685 PSIG), THE POWER ACCESS PURGE AND REFUELING PURGE ARE ADDITIONALLY ISOLATED BY HIGH CONTAINMENT PURGE RADIOACTIVITY, EXHIBIT 5G-9
ITEM II.E,4,2 (CONTINUED) 4)THE DESIGN OF CONTROL SYSTEMS FOR AUTOMATIC CONTAINMENT ISOLATION VALVES SHALL BE SUCH THAT RESETTING THE ISOLATION SIGNAL WILL NOT RESULT IN THE AUTOMATIC REOPENING OF CONTAINMENT ISOLATION VALVES, REOPENING OF CONTAINMENT ISOLATION VALVES SHALL REQUIRE DELIBERATE OPERATOR ACTION, 4)IN COMPLIANCE, OVERRIDE OF A CIAS SIGNAL IS AVAILABLE FOR EACH CONTAIN-MENT ISOLATION VALVE VIA THE CONTROL SWITCH FOR THAT VALVE, RESETTING OF A CIAS DOES NOT RESULT IN THE AUTO-MATIC OPENING OF CONTAINMENT ISOLATION VALVES, REOPENING REQUIRES OPERATOR ACTION FOR EACH VALVE AND DOES NOT COMPROMISE THE CONTAINMENT ISOLATION SIGNAL, 5)THE CONTAINMENT SETPOINT PRESSURE THAT INITIATES CONTAINMENT ISOLA-TIONN FOR NONESSENTIAL PENETRATIONS MUST BE REDUCED TO THE MINIMUM COMPATIBLE WITH NORMAL OPERATING CONDITIONS, IN COMPLIANCE, ITEM 1 ABOVE IDENTIFIES 5 PSIG AS THE CONTAINMENT SETPOINT PRESSURE THAT INITIATES CONTAINMENT ISOLATION, CALCULATIONS ARE IN PROGRESS CONFIRMING THAT THE TRIP SETPOINT REPRESENTS THE MINIMUM VALUE COMPATIBLE WITH NORMAL OPERATING CONDITIONS, EXHIBIT 3G-10
ITEM II,E,4,2 (CONTINUED) 6)CONTAIfJMENT PURGE AND VENT ISOLATION 6)IN COMPLIANCE, BOTH THE POWER ACCESS VALVES MUST CLOSE ON A HIGH PURGE AND THE REFUELING PURGE ISOLATE RADIATION.SIGNAL.ON HIGH CONTAINMENT PURGE RADIOACTIVITY, EXHIBIT 3G-ll 0
ITEM II,F,l ADDITIONAL ACCIDENT-MONITORING INSTRUMENTATION 1)NOBLE GAS EFFLUENT MONITORS SHALL BE INSTALLED WITH AN EXTENDED RANGE DESIGNED TO FUNCTION DURING ACCIDENT CONDITIONS AS WELL AS DURING NORMAL OPERATING CONDITIONS, MULTIPLE MONITORS ARE CONSIDERED NECESSARY TO COVER THE RANGES OF INTEREST, A)NOBLE GAS EFFLUENT MONITORS WITH AN UPPER RANGE CAPACITY OF 10~Ci/cc (XE-133)ARE CONSIDERED TO BE PRACTICAL AND SHOULD BE INSTALLED IN ALL OPERATING PLANTS, B)NOBLE GAS EFFLUENT MONITORING SHALL BE PROVIDED FOR THE TOTAL RANGE OF CONCENTRATION'XTENDING FROM NORMAL CONDITION (AS LOW AS REASONABLY ACHIEVABLE (ALARA))CONCENTRATIONS TO A MAXIMUM OF 105 Cr/cc (XE-133), MULTIPLE MONITORS ARE CONSIDERED TO BE NECESSARY TO COVER THE RANGES OF INTEREST, THE RANGE CAPACITY OF INDIVIDUAL MONITORS SHOULD OyERLAP BY A FACTOR OF TEN.EXH IB IT 3G-12 IN COMPLIANCE (SEE SEC, 2,C,3)I IN COMPLIANCE (SEE SEC, 2,C,3)
ITEM I I,F,1 (CONTINUED)
E 2)BECAUSE IODINE GASEOUS EFFLUENT MONITORS FOR THE ACCIDENT CONDITION ARE NOT CON-SIDERED TO BE PRACTICAL AT.THIS TIME, CAPABILITY FOR EFFLUENT MONITORING OF RADIOIODINES FOR THE ACCIDENT CONDITION SHALL BE PROVIDED WITH SAMPLING CON-DUCTED BY ADSORPTION ON CHARCOAL OR OTHER MEDIA, FOLLOWED BY ONSITE LABORATORY ANALYSIS, 3)IN CONTAINMENT RADIATION-LEVEL MONITORS WITH A MAXIMUM RANGE OF 10 RAD/HR SHALL BE INSTALLED, A f'lINIMUr'l OF TWO SUCH MON-ITORS THAT ARE PHYSICALLY SEPARATED SHALL BE PROVIDED, MONITORS SHALL BE DEVELOPED AND QUALIFIED TO FUNCTION IN AN ACCIDENT ENVIRONMENT, THIS REQUIREMENT WAS REVISED Ill THE OCTOBER 30, 1979 LETTER FROM H,R.DENTON TO ALL OPERATING NUCLEAR POWER PLANTS TO PROVIDE FOR A PHOTON-ONLY MEASUREMENT WITH AN UPPER RANGE OF 107 R/HR, SI IN COMPLIANCE, (SEE SEC, 2,C.3)IN COMPLIANCE, REDUNDANT 107 R/HR MONITORS ARE PROVIDED, (SEE SEC, 2,C,3)EXHIBIT 36-13 ITEM I I,F,1 (CONT'D)4)A CONTINUOUS INDICATION OF CONTAINMENT PRESSURE SHALL BE PROVIDED IN THE CONTROL ROOM OF EACH OPERATING REACTOR, MEASURE-f1ENT AND INDICATION CAPABILITY SHALL INCLUDE THREE TIMES THE DESIGN PRESSURE OF THE COf'lTAINMENT FOR CONCRETE, FOUR TIMES THE DESIGN PRESSURE FOR STEEL, AND-5 PSIG FOR ALL CONTAINMENTS, IN COMPLIANCE, (SEE SEC, 2,C,3,)EXHIBIT 36-14
ITEM I I, F,1 (CONT'D)EQ U G-G 5)A CONTINUOUS INDICATION OF CONTAINMENT WATER LEVEL SHALL BE PROVIDED IN THE CONTROL ROOM FOR ALL PLANTS, A NARROW RANGE INSTRUMENT SHALL BE PROVIDED FOR PWR'S AND COVER THE RANGE FROM THE BOTTOM TO THE TOP OF THE CONTAINMENT SUMP, A WIDE RANGE INSTRUMENT SHALL ALSO BE PROVIDED FOR PWR'S AND SHALL COVER THE RANGE FROM THE BOTTOM OF THE CONTAINMENT TO THE ELEVATION EQUIVALENT TO A 600,000 GALLON CAPACITY, FOR BWR'S, A WIDE RANGE INSTRUMENT SHALL BE PROVIDED AND COVER THE RANGE FROM THE BOTTOM TO 5 FEET ABOVE THE NORMAL WATER LEVEL OF THE SUPPRESSION POOL, IN COMPLIANCE, (SEE SEC, 2,C,3)EXHIBIT 3G-15 ITEM I I,F,1 (CONT'D)U 6)A CONTINUOUS INDICATION OF HYDROGEN IN COMPLIANCE, CONTINUOUS INDICATION OF CONCENTRATION IN THE CONTAINMENT CONTAINMENT ATMOSPHERE HYDROGEN CONCENTRA-ATMOSPHERE SHALL BE PROVIDED IN THE TION IS AVAILABLE IN THE CONTROL ROOM CONTROL ROOM.MEASUREMENT CAPABILITY (INDICATION IS AVAILABLE WITHIN 30 MINUTES SHALL BE PROVIDED OVER THE RANGE OF OF THE INITIATION OF SAFETY INJECTION)., 0 TO 10X HYDROGEN CONCENTRATION UNDER (SEE SEC, 2,C,3)BOTH POSITIVE AND NEGATIVE AMBIENT PRESSURE.EXHIBIT 3G-16 NU G-O II,F,1 INSTRUMENTATION FOR DETECTION OF INADEQUATE CORE COOLING QU SG UR LICENSEES SHALL PROVIDE A DESCRIPTION OF ANY ADDITIONAL INSTRUMENTATION OR CONTROLS (PRIMARY OR BACKUP)PROPOSED FOR THE PLANT TO SUPPLEMENT EXISTING INSTRUMENTATION (INCLUDING PRIMARY COOLANT SATURATION MONI-TORS)IN ORDER TO PROVIDE AN UNAMBIGUOUS, EASY-TO-INTERPRET INDICATION OF INADEQUATE CORE COOLING (ICC), A DESCRIPTION OF THE FUNCTIONAL DESIGN REQUIREMENTS FOR THE SYSTEM SHALL ALSO BE INCLUDED, A DESCRIP-TION OF THE PROCEDURES TO BE USED WITH THE PROPOSED EQUIPMENT, THE ANALYSIS USED IN DEVELOPING THESE PROCEDURES, AND A SCHEDULE FOR INSTALLING THE EQUIPMENT SHALL BE PROVIDED, PVNGS WILL COMPLY, CONTROL ROOM INDICA-TION OF THE FOLLOWING PARAMETERS (SENSORS PROVIDED BY C-E)WILL BE PROVIDED AS INDICATION OF ICC: CORE EXIT THERMOCOUPLES SUBCOOLED MARGIN MONITOR HEATED JUNCTION THERMOCOUPLES (SEE SEC, 2,C,3)EXHIBIT 36-17
U EG-0 3 II,6,1 POWER SUPPl IES FOR PRESSURIZER RELIEF VALVES, BLOCK VALVES AND LEVEL INDICATORS WIR E PER GDC 10, 14, 15, 17, AND 20 FOR THE EVENT OF LOSS-OF-OFFSITE POWER, THE FOLLOWING POSITIONS SHALL BE IMPLEMENTED:
POWER SUPPLY FOR PRESSURIZER RELIEF AND BLOCK VALVES PND PRESSURIZER LEVEL INDICATORS 1)MOTIVE AND CONTROL COMPONENTS OF THE POWER-OPERATED RELIEF VALVES (PORVS)SHALL BE CAPABLE OF BEING SUPPLIED FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE WHEN THE OFFSITE POWER IS NOT AVAILABLE, 2)MOTIVE AND CONTROL COMPONENTS ASSOCIATED WITH THE PORV BLOCK VALVES SHALL BE CAPABLE OF BEING SUPPLIED FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE WHEN THE OFFSITE POWER IS NOT AVAILABLE, PVNGS DOES NOT USE POWER-OPERATED RELIEF VALVES OR BLOCK VALVES EXtl IB IT 36-18
UR G-0 3 II,G,j.(CONTINUED) 9U SIG 3)MOTIVE AND CONTROL POWER CONNECTIONS TO THE EMERGENCY BUSES FOR THE PORVS AND THEIR ASSO CIATED BLOCK VALVES SHALL BE THROUGH DEVICES THAT HAVE BEEN QUALIFIED IN ACCORDANCE WITH SAFETY-GRADE REQUIREMENTS, 4)THE PRESSURIZER LEVEL INDICATION INSTRUMENT CHANNELS SHALL BE POWERED FROM THE VITAL INSTRUMENT BUSES, THE BUSES SHALL HAVE THE CAPABILITY OF BEING SUPPLIED FROM EITHER THE OFFSITE POWER SOURCE OR THE EMERGENCY POWER SOURCE WflEN OFFSITE POWER IS NOT AVAILABLE, IN COMPLIANCE EXHIBIT 3h-l9
[JU G 0 I I I.A,1,2 UPGRADE EMERGENCY SUPPORT FACILITIES EACH OPERATING NUCLEAR POWER PLANT SHALL MAINTAIN AN ONSITE TECHNICAL SUPPORT CENTER (TSC)SEPARATE FROM AND IN CLOSE PROXIMITY TO THE CONTROL ROOM THAT HAS THE CAPABILITY TO DISPLAY AND TRANSMIT PLANT STATUS TO THOSE INDIVIDUALS WHO ARE KNOWLEDGEABLE OF AND RESPONSIBLE FOR ENGINEERING AND MANAGEMENT SUPPORT OF REACTOR OPERATIONS IN THE EVENT OF AN ACCIDENT, THE CENTER SHALL BE HABIT-ABLE TO THE SAME DEGREE AS THE CONTROL ROOM FOR POSTULATED ACCIDENT CONDITIONS, THE LICENSEE SHALL REVISE HIS EMERGENCY PLANS AS NECESSARY TO INCORPORATE THE ROLE AND LOCATION OF THE TSC, RECORDS THAT PERTAIN TO THE AS-BUILT CONDITIONS AND LAYOUT OF STRUCTURES, SYSTEMS, AND COMPONENTS SHALL BE READILY AVAILABLE TO PERSONNEL IN THE TSC, PVNGS WILL COMPLY, DISPLAY OF DATA AT THE TSC AND EOF WILL BE IN ACCORDANCE WITH NUREG 0696, EXHIBIT 3G-20
I I I, A,1,2 (CONTI NUED)AN OPERATIONAL SUPPORT CENTER (OSC)SHALL PVNGS WILL COMPLY (CONT'D)BE ESTABLISHED SEPARATE FROM THE CONTROL ROOM AND OTHER EMERGENCY RESPONSE FACILITIES AS A PLACE WHERE OPERATIONS SUPPORT PERSONNEL CAN ASSEMBLE AND REPORT IN AN EMERGENCY SITUATION TO RECEIVE INSTRUCTIONS FROf1 THE OPERATING STAFF, COMMUNICATIONS SHALL BE PROVIDED BETWEEN THE OSC, TSC, EOF, AND CONTROL ROOM.AN EMERGENCY OPERATING FACILITY (EOF)WILL BE OPERATED BY THE LICENSEE FOR CON-TINUED EVALUATION AND COORDINATION OF ALL LICENSEE ACTIVITIES RELATED TO AN EMERGENCY HAVING OR POTENTIALLY HAVING ENVIRONMENTAL CONSEQUENCES.
EXHIBIT 5G-21 4, ADDITIONAL ITENS OF CONCERN EXHIBIT 4-i
ADDI IO I S 0 CO CS 0 D S G 222,01 oss o No-C s I I s u G 0 0 o (I C o o IF REACTOR CONTROLS AND VITAL INSTRUMENTS DERIVE POWER FROM COMMON ELECTRICAL DISTRIBUTION SYSTEMS'HE FAILURE OF SUCH ELECTRICAL DISTRIBUTION SYSTEMS MAY RESULT IN AN EVENT REQUIRING OPERATOR ACTION CONCURRENT WITH FAILURE OF IMPORTANT INSTRUMENTA-TION UPON WHICH THESE OPERATOR ACTIONS SHOULD BE BAsEDs THIs coNGERN wAs ADDREssED IN IE BuLLETIN 79-27, ON NOYEMBER 30, 1979, IE BuLLETIN 79-27 WAS SENT To OPERATING LICENSE (OL)HOLDERS'HE NEAR TERM OL APPLICANTS (NORTH ANNA 2g DIABLO CANYONS MCGUIRE'ALEM 2g SEQUOYAHg AND ZIMMER)i AND OTHER HOLDERS OF CONSTRUCTION PERMITS (CP)g INCLUDING PALO VERDE, OF THESE RECIPIENTS, THE CP HOLDERS WERE NOT GIVEN EXPLICIT DIRECTION FOR MAKING A SUBMITTAL AS PART OF THE LICENSING REVIEW, HOWEVERS THEY WERE INFORMED THAT THE ISSUE WOULD BE ADDRESSED LATER>COVERED IN AC REVIEW BOARD AS OPEN ITEM No<10s (PROVIDED IN SECTION 5)'HIS RESPONSE WILL BE IN AN FSAR AMENDMENT, EXHIBIT I$-1 6-8-81 0
4, DDI IOJ I S 0 0 ICS C C D SIG LJ 222.01 (CONT D)YOU ARE REQUESTED TO ADDRESS THIS ISSUE BY TAKING IE BULLETIN 79-27 ACTIONS 1 THRU 3 UNDER"ACTIONS To BE TAKEN BY LICENSEES s WITHIN THE RESPONSE TIME CALLED FOR IN THE ATTACHED TRANSMITTAL LETTERS COMPLETE THE REVIEW AND EVALUATION REQUIRED BY ACTIONS 1 THRU 3 AND PROVIDE A WRITTEN RESPONSE DESCRIBING YOUR REVIEWS AND ACTIONS<THIS REPORT SHOULD BE IN THE FORM OF AN AMENDMENT To YOUR FSAR AND SUBMITTED TO THE NRC OFFICE OF NUCLEAR REACTOR REGULATION AS A LICENSING SUBMITTAL<
EXHIBIT 4-2 6-8-81 4, ADDI IO I S 0 CO I S CO D S G U 222,02 G (S s C IF SAFETY EQUIPMENT DOES NOT REMAIN IN ITS EMERGENCY MODE UPON RESET OF AN ENGINEERED SAFEGUARDS ACTUATION SIGNALS SYSTEM MODI F I CATION'ESIGN CHANGE OR OTHER PROTECTIVE ACTION OF THE AFFECTED EQUIPMENT IS NOT COMPROMISED ONCE THE ASSOCIATED ACTUATION SIGNAL IS RESET, THIS ISSUE WAS ADDRESSED IN IE BULLETIN 80-06 (ENCLOSED) s FOR FACILITIES WITH OPERATING LICENSES AS OF NARCH Uy 1980'E BULLETIN 80-06 REQUIRED THAT REVIEWS BE CONDUCTED BY THE LICENSEES TO DETERMINE WHICH'F ANY'AFETY FUNCTIONS MIGHT BE UNAVAILABLE AFTER RESETS AND WHAT CHANGES COULD BE IMPLEMENTED TO CORRECT THE PROBLEM<SEE EXHIBITS 4-5 THRU 4-12 FOR FACILITIES WITH A CONSTRUCTION PERMIT INCLUDING OL APPLICANTS BULLETIN 80-06 WAS ISSUED FOR INFOR-MATION ONLY'XHIBIT 4-5 6-8-81 4, DI 10 L S 0 CO ICSB CO C 222.02 (CONT D)THE NRC STAFF HAS DETERMINED THAT ALL CP HOLDERS, AS A PART OF THE OL REVIEW PROCESS ARE TO BE REQUESTED To ADDRESS THIS ISSUEs ACCORDINGLY>
YOU ARE REQUESTED TO TAKE THE ACTIONS CALLED FOR IN BULLETIN 80-06 ACTIONS 1 THRU 4 UNDER ACTIONS TO BE TAKEN BY LICENSEES, HITHIN THE RESPONSE TIME CALLED FOR IN THE ATTACHED TRANSMITTAL LETTERS COMPLETE THE REVIEW VERIFICATIONS AND DESCRIPTIONS OF CORRECTIVE ACTIONS TAKEN OR PLANNED AS STATED IN ACTION 1 THRU 3 AND SUBMIT THE REPORT CALLED FOR IN ACTIONS ITEM}THE REPORT SHOULD BE SUBMITTED TO THE NRC OFFICE OF NUCLEAR REGULATION AS A LICENSING SUBMITTAL IN THE FORM OF AN FSAR AMENDMENT, EXHIBIT 4-4 6-8-81 ADDI IONA I S 0 CO C N CS CO C S G 222,02 (CoNT D)THE ENGINEERED SAFETY FEATURES (ESF)ACTUATION SIGNALS INCORPORATED IN THE PVNGS DESIGN I'NCLUDEl 1)NSSS ESFAS CONTAINMENT ISOLATION ACTUATION SIGNAL (CIAS)CONTAINMENT SPRAY ACTUATION SIGNAL (CSAS)HAIN STEAM ISOLATION SIGNAL (MSIS)SAFETY INJECTION ACTUATION SIGNAL (SIAS)RECIRCULATION ACTUATION SIGNAL (RAS)AUXILIARY FEEDWATER ACTUATION SIGNALS (AFAS)1 AND 2i 2)AND BOP ESFAS FUEL BUILDING ESSENTIAL VENTILATION ACTUATION SIGNAL (FBEVAS)CONTAINMENT PURGE ISOLATION ACTUATION SIGNAL (CP IAS)CONTROL ROOM VENTILATION ISOLATION ACTUATION SIGNAL (CRVIAS)CONTROL ROOM ESSENTIAL FILTRATION ACTUATION SIGNAL (CREFAS), EXHIBIT 4-5 6-8-81 ADDI IO A I S 0 CO CE D S 6 222.02 (CONT D)MANUAL RESET OF THE ESF ACTUATION SIGNALS IN BOTH THE NSSS AND BOP SYSTEMS DESIGN CAN BE PERFORMED ONLY AFTER THE INITIATING SIGNALS>IsEs LOW PRES-SURIZER PRESSUREg HAVE CLEARED, RESET SWITCHES ARE LOCATED AT THE PPS, ESFAS AUXILIARY RELAYS AND BOP ESFAS CABINETS, PVNGS EQUIPMENT WHICH MAY CHANGE POSITION FROM THE SAFETY OR EMERGENCY STATE ON RESET OF AN ESF ACTU-ATION SIGNAL IS IDENTIFIED IN TABLE 1s THESE ACTUATED DEVICES CAN BE CATEGORIZED AS FOLLOWS'XHIBIT 4-6 6-8-81
4, D IO SO OC DS6 U 222,02 (CONT D)A s CERTAIN ACTUATED DEVICES~I s E s JOG TYPE VALVES OR THE ESF LOAD SEQUENCERp REQUIRE A MAINTAINED ESF SIGNAL THROUGH COMPLETION OF THEIR SAFETY FUNCTION, IF AN ESF ACTUATION SIGNAL IS RESET PRIOR TO COMPLETION OF VALVE STROKE OR COMPLETION OF ESF LOAD SEQUENCING'HE VALVE WILL STOP MID-TRAVEL OR THE SEQUENCER WILL NOT COMPLETE SEQUENCING ON THE REQUIRED EQUIPMENT (EQUIPMENT ALREADY SEQUENCED OR DOES NOT STOP))SINCE COMPLETION OF THESE ACTIONS TAKES NO MORE THAN 60 SECONDS'SF ACTUATION SIGNAL RESET IS NOT CONSIDERED, ESF ACTUATION'OLLOWED BY CLEARING OF THE INITIATING SIGNALS WITH THE REQUIREMENT OF MANUAL RESET AT THE APPROPRIATE CABINET ALL OCCURRING WITHIN A SHORT PERIOD OF TIME (1 MIN)IS NOT CREDIBLE UNDER TRUE ACCIDENT CONDITIONS)
NO MODIFICATION TO THESE EQUIPMENT CONTROL CIRCUITS I S REQUIRED s EXHIBIT 4-7 6-8-81 C 0 C 222,02 (CoNT D)B s AN S IAS IS EMPLOYED IN SOME INSTANCES TO TRIP NON-ESF EQUIPMENT OFF THE IE BUSES)THIS EQUIPMENT IS CONSID-ERED IMPORTANT TO PROTECT OTHER EQUIPMENT SUCH AS CEDN'S, THE DESIGN ALLOWS AUTOMATIC RESTART OF THIS HVAC EQUIPMENT AND THE PRESSURIZER HEATERS ON PROCESS DEMAND AFTER THE SIAS IS RESETs THIS DESIGN RELIEVES THE OPERATOR FROM MANUALLY RESTARTING THIS EQUIPMENT IN THE CASE OF A SPURIOUS SIAS OR A.SMALL BREAK LOCAe THIS WILL MINIMIZE THE POTENTIAL FOR EQUIPMENT DAMAGE LEADING TO REPAI R AND PERSONNEL EXPOSURE)IN THE CASE OF A VALID S IASp RESETTING OF THE SIAS IS NOT REQUIRED IN THE SHORT TERMS AND THE'OPERATOR CAN OVERRIDE THE SIAS TO MANUALLY RESTART THIS EQUIPMENT AS REQUI RED s EXHIBIT 4-8 8-4-81 4, ADDITIONAL ITEMS 0 CO JC CO R DESlh 222,02 (CoNT D)C, CERTAIN ACTUATED DEVICES HAVE DIFFERENT SAFETY MODES IN RESPONSE TO DIFFERENT ESF ACTUATION SIGNALS IN THE EVENT THAT ESF ACTUATION SIGNALS REQUIRING BOTH SAFETY MODES OCCURS ONE SAFETY MODE BY DESIGN WILL HAVE PRIORITY>ON RESET OF THAT PARTICULAR ESF ACTUATION SIGNALS THE ACTUATED DEVICE WILL CHANGE POSITION TO THE SAFETY MODE REQUIRED BY THE REMAINING ESF ACTUATION SIGNALs THIS MEANS OF CONTROL DOES NOT DEFEAT REQUIRED ESF SYSTEM FUNCTIONS'ND NO MODIFICATION IS REQUIRED TO THESE EQUIPMENT CONTROL CIRCUITS s D, THE AFAS 1 AND AFAS 2 SIGNALS TO THE AUXILIARY FEEDWATER VALVES ARE DESIGNED TO CYCLE BASED ON STEAM GENERATOR LEVEL>THIS AUTOMATIC RESETTING OF THE AFAS 1 AND AFAS 2 DOES NOT AFFECT THE AFAS 1 AND AFAS 2 SIGNALS TO OTHER ACTUATED EQUIPMENTs THE AUXILIARY FEEDWATER VALVE CYCLING REPRESENTS THE DESIRED ESF SYSTEM FUNCTION AND NO MODIFICATION IS REQUIRED TO THE EQUIPMENT CONTROL CIRCUITSa EXHIBIT 4-9 6-8-81 IDENTIFICATION OF ACTUATED DEVICES WHICH CHANGE POSITION ON RESET OF ESF ACTUATION SIGNAL ACTUATED DEVICE AUXILIARY FEEDWATER REGULATING VALVES TO SG 1 AUXILIARY FEEDWATER REGULATING VALVES TO SG 2 AUXILIARY FEEDWATE R ISOLATION VALVES TO SG 1 AUXILIARY FEEDWATER ISOLATION VALVES TO SG 2 TAG NO.J-AFB-HV-30 J-AFA-HV-32 J-AFB-HV-31 J-AFC-HV-33 J-AFB-UV-34 J-AFC-UV-36 J-AFB-UV-35 J-AFA-UV-37 ELEMENTARY DIAGRAM 13-E-AFB-003 13-E-AFB-004 13-E-AFB-003 13-E-AFB-006 13-E-AFB-005 13-E-AFB-011 13-E-AFB-005 13-E-AFB-010 ESF ACTUATION SIGNAL AFAS-1 AFAS-2 AFAS-1 AFAS-2 SAFETY MODE OPEN/CLOSE OPEN/CLOSE OPEN/CLOSE OPEN/CLOSE ACTION OF ESF ACTUATION SIGNAL RESET CORRECTIVE ACTION VALVES CYCLE ON AFAS-1 NONE (D)VALVES CYCLE ON AFAS-2 NONE (D)VALVES CYCLE ON AFAS-2 NONE (D)VALVES CYCLE ON AFAS-1 NONE (D)CEDM NORMAL ACU FANS CONTAINMENT NORMAL ACU FANS FUEL BUILDING ESSENTIAL EXHAUST AFU DAMPERS M-HCN-A02A,-A02B,-A02C, 8t A02D M-HCN-AOlA,-Aole,-A01C, 8 AOlD M-HFA-M05 M-HFB-M05 13-E-HCB-001 13-E-HCB-002 13-E-HCB-004 13-E-HCB-005 13-E-HFB-005 SIAS SIAS SIAS FBEVAS STOPS STOPS CLOSES OPENS RETURNS TO AUTO IF NOT IN"PULL-TO-LOCK" RETURNS TO AUTO IF NOT IN"PULL-TO-LOCK" SIAS IS THE PRIORITY MODE.ON RESET OF SIAS, DAMPERS WILL RE-OPEN IF FBEVAS IS PRESENT.NONE (B)NONE (e)NONE (C)EXHIBIT 4-10 6-8-81
IDENTIFICATION OF ACTUATED DEVICES WHICH CHANGE POSITION ON RESET OF ESF ACTUATION SIGNAL ACTUATED DEVICE o AUXILIARY BUILDING ESSENTIAL EXHAUST AFU DAMPERS o CONTROL ROOM ESSENTIAL AHU OSA INTAKE DAMPERS TAG NO.M-HFA-M06 M-HFB-M06 M-HJA-024&-M03 M-HJB-M02 8-M03 ELEMENTARY DIAGRAM 13-E-HFB-011 13-E-HJB-024 ESF ACTUATION SIGNAL SIAS FBEVAS SIAS CREFAS CRVIAS SAFETY MODE OPENS CLOSES OPENS CLOSES ACTION OF ESF ACTUATION SIGNAL RESET SIAS IS THE PRIORITY MODE.ON RESET OF SIAS, DAMPERS WILL RE-OPEN IF FBEVAS IS PRESENT.CRVIAS IS THE PRIORITY MODE.ON RESET OF CRVIAS, DAMPERS WILL RE-OPEN IF SIAS OR CREFAS IS PRESENT.SHEET 2 CORRECTIVE ACTION NONE (C)NONE (C)o PRESSURIZER BACKUP HEATERS M-RCE-A5,-A14,-Bl,-B9,-B10, 8(-B18 13-E-RCB-010 SIAS STOPS RETURNS TO AUTO IF NOT IN"PULL-TO-LOCK" NONE (B)o ESF LOAD SEQUENCERS J-SAA-C02A J-SAB-C02B 13-E-SAB-004 CSAS SIAS AFAS-1 AFAS-2 fBEVAS CRVIAS CREFAS SEQUENTIAL STARTING OF ESF PUMPS AND FANS RESET OF SEQUENCER OUTPUTS DEPENDING ON ESF ACTUATION SIGNALS PRESENT.RESET OF SEQUENCER OUTPUTS DOES NOT RESET ANY ACTUATED EQUIPMENT.
RESET PRIOR TO COMPLETION OF SEQUENCING TERMINATES SEQUENCE.NONE (A)o SG 2 TO AUXILIARY FEEDWATER PUMP A STEAM SUPPLY VALVE J-SGA-UV-138 13-E-SGB-002 AFAS-2 OPENS IF AFAS-1 HAS PRIORITY.AFAS-1 IS ON RESET OF AFAS-1, NOT PRESENT VALVE WILL OPEN If AFAS-2 IS PRESENT.NONE (C)EXHIBIT 4-11 6-8-81' Ol IDENTIFICATION OF ACTUATED DEVICES WHICH CHANGE POSITION ON RESET OF ESF ACTUATION SIGNAL ACTUATED DEVICE TAG NO.ELEMENTARY DIAGRAM ESF ACTUATION SIGNAL SAFETY MODE ACTION OF ESF ACTUATION SIGNAL RESET SHEET 3 CORRECTIVE ACTION~LP SAFETY INJECTION PUMPS~SAFETY INJECTION TANK ISOLATION VALVES~LPSI FLOW CONTROL TO REACTOR COOLANT VALVES~HPSI FLOW CONTROL TO REACTOR COOLANT VALVES~CONTAINMENT SPRAY CONTROL VALVES~NORMAL CHILLER M-S IA-Pol M-S I B-Pol J-S IA-UV-634 8-644 J-S I B-UV-614 5-624 J-SIB-UV-615 5-625 J-S IA-UV-625&-645 J-S IA-UV--617,-627,-637,-647, J-S IB-UV--616,-626,-636,-646 J-SIA-UV-672 J-S IB-UV-671 M-WCN-E01A 13-E-S I B-002 13-E-SIB-005 13-E-S I B-006 13-E-S I 8-007 13-E-S I B-008 13-E-S I B-009 13-E-S I 8-010 13-E-SIB-011 13-E-S I B-012 13-E-S IB-020 I 13-E-WCB-001 SIAS (VIA SEQUENCER)
.RAS SIAS SIAS SIAS CSAS SIAS STARTS STOPS OPENS OPENS OPENS OPENS STOPS RAS IS THE PRIORITY MODE.ON RESET OF RAS, PUMPS WILL RE-START IF SIAS (VIA SEQUENCER)
IS PRESENT.JOG TYPE VALVES MAY STOP MID-TRAVEL.
BREAKERS ARE LOCKED OPEN DURING POWER OPERATION.
JOG TYPE VALVES MAY STOP MID-TRAVEL JOG TYPE VALVES MAY STOP MID-TRAVEL JOG TYPE VALVES MAY STOP MID-TRAVEL RETURNS TO AUTO IF NOT IN"PULL-TO-LOCK" NONE (C)NONE (A)NONE (A)NONE (A)NONE (A)NONE (B)EXHIBIT 4-12 6-8-81
4, S 0 C S h 222,03 c 9-IN REVIEW OPERATING REACTOR LICENSEES WERE INFORMED BY IE INFORMATION NOTICE 79-22'SSUED SEPTEMBER 19'979, THAT CERTAIN NON-SAFETY GRADE OR CONTROL EQUIPMENTS IF SUBJECTED TO THE ADVERSE ENVIRONMENT OF A HIGH ENERGY LINE BREAK>COULD IMPACT THE SAFETY ANALYSES AND THE ADEQUACY OF THE PROTECTION FUNCTIONS PERFORMED BY THE SAFETY GRADE EQUIPMENTs ENCLOSED IS A COPY OF IE INFORMATION NOTICE 79-22, AND REPRINTED COPIES OF AN AUGUST 20'979 HEST INGHOUSE LETTER AND A SEPTEMBER 10, 1979 PUBLIC SERVICE ELECTRIC AND GAS COMPANY LETTER WHICH ADDRESS THIS MATTER s OPERATING REACTOR LICENSEES CONDUCTED REVIEWS TO DETERMINE WHETHER SUCH PROBLEMS COULD EXIST AT OPERATING FAC I LIT I ES i EXHIBIT 4-U 6-8-81
4, 222,05 (CONT'D)NE ARE CONCERNED THAT A SIMILAR POTENTIAL MAY EXIST AT L I GHT WATER FAC I LIT I ES NOW UNDER CONSTRUCT ION s YOU ARE>THEREFORE'EQUESTED TO PERFORM A REVIEW TO DETERMINE WHAT>IF ANY'ESIGN CHANGES OR OPERATOR ACTIONS WOULD BE NECESSARY TO ASSURE THAT HIGH ENERGY LINE BREAKS WILL NOT CAUSE SYSTEM FAILURES TO COMPLI-CATE THE EVENT BEYOND YOUR FSAR ANALYSIS PROVIDE THE RESULTS OF YOUR REVIEWS INCLUDING ALL IDENTIFIED PROBLEMS AND THE MANNER IS WHICH YOU HAVE RESOLVED THEM TO NRR THE SPECIFIC SCENARIOS DI'SCUSSED IN THE ABOVE REFERENCED NESTINGHOUSE LETTER ARE TO BE CONSIDERED AS EXAMPLES OF THE KIND OF INTERACTIONS WHICH MIGHT OCCUR YOUR REVIEW SHOULD INCLUDE THOSE SCENARIOS>
WHERE APPLICABLE'UT SHOULD NOT NECESSARILY BE LIMITED TO THEM APPLICANTS WITH OTHER LHR DESIGNS SHOULD CONSIDER ANALOGOUS INTERACTIONS AS RELEVANT TO THEIR DES IGNS s EXHIBIT 4-14 6-8-81
4, SB C DESlh U E 222,04 THE ANALYSIS REPORTED IN CHAPTER 15 OF THE FSAR ARE INTENDED TO DEMONSTRATE THE ADEQUACY OF SAFETY SYSTEMS IN MITIGATING ANTICIPATED OPERATIONAL OCCURRENCES AND ACC I DENTS s IN REVIEW BASED ON THE CONSERVATIVE ASSUMPTIONS MADE IN DEFINING THESE DESIGN BASIS EVENTS AND THE DETAILED REVIEW OF THE ANALYSES BY THE STAFFS IT IS LIKELY THAT THEY ADEQUATELY BOUND THE CONSEQUENCES OF SINGLE CONTROL SYSTEM FAILURES)TO PROVIDE ASSURANCE THAT THE DESIGN BASIS EVENT ANALYSES ADEQUATELY BOUND OTHER MORE FUNDAMENTAL CREDIBLE FAILURES YOU ARE REQUESTED TO PROVIDE THE FOLLOWING INFORMATION l 1)IDENTIFY THOSE CONTROL SYSTEMS WHOSE FAILURE OR MALFUNCTION COULD SERIOUSLY IMPACT PLANT SAFETY s EXHIBIT 4-15 6-8-81 4, ADDITIONAL I E S 0 CONCF.ICSB CO C DSb UR 222,04 (CONT D)2)INDICATE WHICH'F ANY'F THE CONTROL SYSTEMS IDENTIFIED IN (1)RECEIVE POWER FROM COMMON POWER SOURCES s THE POWER SOURCES CONSIDERED SHOULD INCLUDE ALL POWER SOURCES WHOSE FAILURE OR MALFUNCTION COULD LEAD TO FAILURE OR MAL-FUNCTION OF MORE THAN ONE CONTROL SYSTEM AND SHOULD EXTEND TO THE EFFECTS OF CASCADING POWER LOSSES DUE TO THE FAILURE OF HIGHER LEVEL DISTRIBUTION PANELS AND LOAD CENTERS<IN REVIEW (CONT'D)3)INDICATE WHICH, IF ANY'F THE CONTROL SYSTEMS IDENTIFIED IN (1)RECEIVE INPUT SIGNALS FROM COMMON SENSORSs THE SENSORS CONSIDERED SHOULD INCLUDEg BUT SHOULD NOT NECESSARILY BE LIMITED Top COMMON HYDRAULIC HEADERS OR IMPULSE LINES FEEDING PRESSUREg TEMPERATURE>
LEVEL OR OTHER SIGNALS TO TWO OR MORE CONTROL SYSTEMS s EXHIBIT 4-16 6-8-81
ADDI IO I S 0 CO C S 0 222.04 (CoNT D)4)PROVIDE JUSTIFICATION THAT ANY SIMULTANEOUS MALFUNCTIONS OF THE CONTROL SYSTEMS IDENTIFIED IN (2)AND (3)RESULTING FROM FAILURES OR MALFUNCTIONS OF THE APPLICABLE COMMON POWER SOURCE OR SENSOR ARE BOUNDED BY THE ANALYSES IN CHAPTER 15 AND WOULD NOT REQUIRE ACTION OR RESPONSE BEYOND THE CAPABILITY OF OPERATORS OR SAFETY SYSTEMS)IN REVIEW (CONT D)EXHIBIT 4-17 6-8-81 5.BACI(GROUND I NFORNAT I ON EXHIBIT 5->
PVNGS DESIGN DEVELOPMENT t THE PVNGS DESIGN DEVELOPMENTS REPRESENTED IN FIGURE B-lr IS CENTERED AROUND THE DESIGN CRITERIA>WHICH ACT AS THE HUB OF THE DESIGN THESE CRITERIA ARE REVIEWED AND APPROVED BY THE OWNER AND ESTABLISH THE SCOPE OF THE SYSTEMS THEY ARE ASSEMBLED IN THREE VOLUMES ENTITLED DESIGN CRITERIA MANUAL-PALO VERDE UNITS li 2 AND 3" AND REFLECT ALL THE DESIGN CRITERIA FOR THE PLANTi THIS IS A DYNAMIC DOCUMENT THAT IS UPDATED AS NEW CRITERIA ARE INCORPORATED INTO THE PLANT DESIGNs AS SHOWN IN FIGURE B-lr A SERIES OF DOCUMENTS ESTABLISH THE CRITERIA'NCLUDING UTILITY OR OWNER-APPLICANT S SPECIFIC REQUIRE-MENTS'TANDARD NSSS SYSTEM 80 LICENSING AND BALANCE OF PLANT (BOP)INTERFACE REQUIREMENTS'ND THE ENGINEER S BOP INFORMATION (SCHEDULEg INTERFACES>
LICENSING>
BASIC CR ITER I Ag PRIDS>AND SINGLE LINE DRAW-INGS)i THESE ALL SERVE AS INPUT TO THE DESIGN CRITERIA HUBB WHICH BY AN ITERATIVE PROCESS RESULTS IN APPLICANT LICENSING DOCUMENTS'EVEL-OPMENT OF THE MODULAR PLANT ARRANGEMENT AND THE STANDARD DES IGNIS AND FEEDBACK FROM THE REGULATORS'ROM THIS'ROCUREMENT SPECIFICATIONS' SYSTEM DESCRIPTIONS'CHEDULES'ONSTRUCTION SPECIFICATIONS'EST SPECIFICATIONS'ND THE STATION MANUAL ARE DEVELOPED'HE PLANT ARRANGEMENT IS'ALSO DERIVED FROM THE DESIGN CRITERIA'S REPRESENTED BY A THREE-QUARTER INCH TO THE FOOT SCALE MODEL OF THE PVI'lGS POWER BLOCK>THE MODE L I S USED TO DER I VE DETAI LED CONSTRUCTION DRAW I NGS AND PLANNING PHOTOGRAPHS'N
SUMMARY
>ONE SET OF DOCUMENTS ESTABLISH THE CRITERIA'ROM THIS SETg DESCRIPTIONS ARE PUT INTO LICENSING DOCUMENTS AND KEPT CURRENT BY CONTINUING REVIEWS MULTI-DISCIPLINE REVIEWS ARE CARRIED OUT WHERE DIFFERENT DISCIPLINES GET TOGETHER AT THE MODEL AND ANALYZE THE SYSTEMS'SSESSING THE DESIGNS SAFETY'EPARATION AND ALL CRITERIA'O ENSURE THAT THE SYSTEM MEETS THE ESTABLISHED CRITERIA THIS PROCESS GENERALLY TAKES TWO TO THREE YEARS TO ASSURE THAT THE DESIGN IS CORRECT AND REFLECTS ALL THE REQUIREMENTS'XHIBIT 5-1 STANDARD'NSSS~STANDARD LI C EN SIN G APPROVAL~BOP INTERFACE REOUIREMENTS UTILITY APPLICANT SPECIFIC Rf QUIREMENTS
~DESIGN CRITERIA'TILITY APPLICANT LICENSING DOCUMENTS DEVELOPMENT OF STANDARD DESIGN ENGINEER'S BALANCE OF PLANT INFORMATION
~SCHEDULE~BOP INTERFACE~LICENSING~BASIC CRITERIA~PAID'S~SINGLE LINES PLANT ARRANGEMENT MODULAR CONCEPT DESIGN MODEL~DETAILED CONSTRUCTION DRAWINGS~PLANNING PHOTOGRAPHS
~PROCUREMENT SPECIFICATIONS
~SYSTEM DESCRIPTIONS
~ENGINEERING SCHEDULE~CONSTRUCTION SPECIFICATIONS
~TEST SPECIFICATIONS
~STATION MANUAL PVNGS DESIGN DEVELOPMENT FIGURE 5-1 0
RESPONSE TO IE BULLETIN 79-27 (Ref: Response to Class IE AC Power Systems Design Review Board Open Item 810)ACTION 810 Provide the results of Bechtel's review of NRC IE Bulletin 79-27 relating to the design of PVNGS Has Bechtel looked at conditions brought about by the failure of a non-Class IE bus?(pages 165-175)RESPONSE IE Bulletin 79-27 addressed three review areas'hese were: 1.Revie~the Class 1-E and non-Class 1-E buses supplying power to safety and non-safety related instrumentation and control systems which could affect the ability to achieve a cold shutdown condition using existing procedures or procedures developed under item 2 below.For each bus: a)identify and review the alarm and/or indication provided in the control room to alert the operator to the loss of po~er to the busi b)identify the instrument and control system loads connected to the bus and evaluate the effects of loss of power to these loads including the ability to achieve a cold shutdown condition; c)describe any proposed design modifications resulting from these reviews and evaluations, and your proposed schedule for implementing those modifications
.2.Prepare emergency procedures or review existing ones that will be used by control room operators, including procedures required to achieve a cold shutdown condition, upon loss of power to each Class 1-E and non-Class 1-E bus supplying power to safety and non-safety related instrument and control systems.The emergency procedures should.include: a)the diagnostics/alarms/indicators/symptom resulting from the review and evaluation conducted per item 1 above;Exhibit 5-2 b)the use oi alternate indication and/or coi.ol circuits which may be powered from other non-Class 1-E or Class 1-E instrumentaton and control buses;c)methods for restoring power to the bus.Describe any proposed design modifications or administrative controls to be implemented resulting from these procedures, and your proposed schedule for implementing the changes.3.'e-review IE Circular No.79-02, Failure of 120 Volt Vital AC Po~er Supplies, dated January Il, 1979, to include both Class 1-E and non-Class 1-E safety related power supply inverters.
Based on a review of operating experience and your re-review of IE Circular No.79-02, describe any proposed design modifications or administrative controls to be implemented as a result of the re-review.
EVALUATION OF DESIGN In general, our review has determined that the PVNGS design consists of two ungrounded non-Class IE 120 Vac instrument distribution panels E-NNN-Dll and E-NNN-D12 and four ungrounded vital (Class IE)120 Vac instrument distri-bution panels E-PNA-D25, E-PNB-D26, E-PND-D27, and E>>PND-D28.
Each ungrounded nonClass IE Vac instrument distribution panel is normally supplied from a 480 Vac non-Class IE motor control center through a voltage regulator-'ransformer to a transfer switch~A back-up source is provided from a 480 Vac Class IE motor control center through a Class IE voltage regulator-transformer as an isolation device to the transfer switch.The transfer switch automatically transfers, upon loss of power on the normal source, to the back-up sources Manual transfer is required to return to the normal sources The distribution panel is fed from the transfer switch through a panel feeder breaker.Distribution to the instrument cabinets is through branch circuit breakers.Each ungrounded vital (Class IE)120 Vac instrument distribution panel is normally supplied from a 125 Vdc Class IE control center through an inverter to a manual transfer switch.A back-up source is provided from a 480 Vac non-Class IE motor control center through a voltage regulatortransformer to the manual transfer switch.The distribution panel is fed from the transfer switch through a panel feeder breaker.Our specific response to item l.a is that an alarm for each non-Class IE instrument distribution panel is provided to the operator in the control room.Annunciation will occur on the following:
o Normal source undervoltage o Back-up source undervoltage o Ground detection o Overload tripping of the panel feeder breaker o Overload tripping of any branch circuit breaker Exhibit 5 3
An alarm is provided for each Class IE instrument distribution panel and an alarm for each Class IE inverter and transfer switch.Annunciation will occur on the following:
o Inverter output or input breaker tripped o Overload o Inverter output voltage low or high o Input dc voltage low o Loss of synchronize o Transfer switch not on normal source o Inverter fan failure o Distribution panel undervoltage o Ground detection o Overload tripping of the panel feeder breaker For item 1.b, the instrument and control system loads connected to each instrument distribution panel are provided as noted on Table 1.Those specific instrument parameters and controls detailed in CESSAR 7.4.1.1.10.7 as being required to achieve cold shutdown are listed belo~.Instrument loop displays and controls available to the control room operator and the instrument distribution panel supply are identified
~Exhibit 5-4
TABLE 1 120 VAC UNGROUNDED INSTRUMEHT DISTRIBUTION PANEL INSTRUMENT AND COHTROL SYSTEM LOADS E-PNA-D25 ESFAS hux.Relay o Cab.J-SAA-COl Process Protec-o tive Instr.Cab.h-1 J-SBA-C02A Supplementary o Protect.Sys.J-SBA-C04 Radiation Monitors o J-SQA-RU-29>
31&33 Remote Shutdown o Panel BOP Analog Instr.o Cab.J-ZJA-C02h
&B 0 hux.Prot.Cab.J-SAA-C03 o Plant Prot.Sys.(PPS)J<<SBA-C01 o Process Prot.Instr.Cab.h-2 J-SBA-C02B 0 BOP ESFAS&Load Sequencer J-SAA-C02A 0 MOV Position Indicators 0 Containment Hydrogen Analyzer J-HPA-E01 0 Chlorine Detector J-HJA-E01 E-PNB-D26 ESFAS hux.Relay o Cab.J-SAA-C01 Process Protec-o tive Instr.Cab.B-2 J-SBB-C02B 0 Supplementary Protec.Sys.0 J-SBB-C04 Radiation Monitors o J-SQB-RU-1>>
30>>32,&34 o Remote Shutdown Panel BOP Analog Instr.o Cab.J-ZJB-C02A hux.Prot.Cab.J-SAB-C03 Plant Prot.Sys.(PPS)J-SBB-C01 Process Protec-tive Instr.Cab.B-1 J-SBB-C02A BOP ESFAS 6 Load Sequencer J-SAB-C02B MOV Position Indicators Containment Hydrogen Analyzer J-HPB-E02 Chlorine Detector J-HJB-E01 E-PNC-D27 ESFAS Aux.Relay o Cab.J-SAB-C01 Supplementary o Protect.Sys.J-SBC-C04 CEDMCS Aux.Cab.o C5 J-SFC-Col hux.Prot.Cab.o J-SAC-C03 Plant Prot.Sys.o (PPS)J-SBC-C01 Process Protective o Instr.Cab.C J-SBC-C02A MOV Position o Indicators E-PND-D28 ESFAS hux.Relay Cab.J-SAB-C01 Supplementary Protect.Sys.J-SBD-C04 CEDMCS Aux.Cab.C6 J-SFD-C01 hux.Prot.Cab.J-SAD-C03 Plant Prot.Sys.(PPS)J-SBD-C01 Process Protective Instr.Cab.D J-SBD-C02A MOV Position Indicators E-NNN-Dl 1 RCS-2&CVCS-2 o Process Instr.J-ZJN-COIB&D SIS/RCP-1 Process o Instr.J-ZJN-COlF NSSS Rad.Mon.Cab.J-SQN-C02 (Process&Gas Stripper Eff.o Rad.Mon., Reactor Power Cutback, Boronometer, S/U o S/U&Control Cb, 2)0 BOP Analog Instr.Cab.J-ZJN-C02B&D o BOP Analog Instr.Cab.J-ZJN-C02F o Radwaste Instr.Cab.o J-ZRN-C01&C02 CEDMCS (incl.core mimic)NSSS Control 0 Sys.J-SFN-C03 o (FMCS-I&2&SBCS)MICDS dl Reactor Trip Swgr Current Monitor C Loose Parts&Vibration Mon.Gen.Pyrolysate Collector E-NNH-D12 RCS-1&CVCS-1 Process Instr.J-ZJN-C01A
&C HSSS Rad.Mon.Cab., J SQN"C02 (MICD hmp>CEA Display, S/U 6 Control Ch.1)QVCS-3&SIS/RCP-2 Process Instr.J-ZJN-C01E
&G BOP Analog Instr Cab'J-ZJN-C02A
&C 6-C07 BOP Analog Instr.Cab.J-ZJN-C02E 6 G Fuel Pool Instr.J-PCN-E02 CEDMCS NSSS Control Sys.J-SFN-C03 (RRS, SBCS permissives,&AMI setpoint display)MICDS 82 Reactor Trip Swgr Current Monitor D f
Parameter or Control Class IE Instrument Distribution Panels Non-Class IE Instrument Distribution Panels E-PNA-D25 E-PNB-D26 E-PND-D27 E-PND-D28 E-NNN-D11 E-NNN-D12 tron log power Hot leg temperature J-SEA JI-1A J-RCA-TI-112HA&TR-112HA J<>llOX&LR-1'10X J-RCB-PI-102B J-RCB-LI-1 10Y J-RCC-PI-102C J-RCD-PI-102D J-RCN-LIC-1 10 LR-110&LI-113 J-RCN-PIK-110&PR-100 SG pressure J-SGA-J<<SGB-J-SGC-J-SGD-PI-1013A PI-1013B PI-1013C PI-1013D PI-1023A&PI-1023B&PI-1023C&PI-1023D&PR-1013A SG level J-SGA-LI-1113A&LR-1113A J<<SGB-LI-1113B J-SGC-LI-1113C J-SGD-LI-1113D J-SGN-LR-1111 (narrow range)level J-CHA-J-CHB-JCHC-L I-203A L I-2 03B L I-2 03C&LI-201 J-CHD-LI-203D JWHN-LI-200 Charging flow JWHA-FI-212 Charging pressure SIT pressure J-SIA-PI-331&PI-333 J-CHB-PI-2 1,2 J-S IB-PI-311&PI-313 J-SIN-PI-332 J-SIN-PI-312 LPSI pump flow Shutdown cooling heat exchanger diff.temp~J-S IA-FI-306 J-S IA-TR-3$1&TR-303X J-S IB-FO-307 J-SIB-TR-352&TR-303Y Atmospheric dump valve ontrol J-SGA-J-SGB-HIC-179A HIC-178A&HIC-184A&HIC-185A Exhibit 5-6
- 0)
Motor operated valves, pumps, pressurizer heaters and.lenoids required to achieve cold shutdown are powered from buses other than the instrument distri-bution panels'n response to item 1.c, we have determined that loss of a single instrument distribution panel, Class IE or non-IE, will cause a loss of some of the indicators and recorders available to the control room'perator.
The affected indicators, which employ a gas-discharge display, will extinguish on the loss of the instrument distribution panels This failure mode is distinguishable and will not offer confusing information to the operator.In addition, the instrumentation and control systems lost will generate alarms and actuation of some equipment as the loop output contacts fail to their deenergized states.In the non-IE instrument loops affecting safe shutdown circuits, i.e.pressurizer level control of the pressurizer backup heaters, selector switches are provided on the main control panel to enable the operator to provide control from the unaffected control loop No con-trol action generated by the loss of an instrument distribution panel will prevent the operator from controlling the required safe shutdown equipment or interfere with the safe shutdown functions.
Upon detection of loss of an instrument distribution panel, adequate instrumentation and control functions from the list provided above will be available to the operator to enable the operator to achieve a cold shutdown condition.
No design modifications are proposed.Item 2-Response to be provided by APS IE Circular No.79-02, Failure of 120 Volt Vital AC Power Supplies has been re-reviewed in consideration of item 3 to include both Class IE and non-Class IE instrument distribution panel supplied For the Class IE inverters, the PVNGS design precludes the possibility of a transient causing a failure of a Class IE inverter by utilizing a battery source in parallel with a dc charger.The battery source serves to eliminate any undervoltage transients that the charger may experience.
The non-Class IE instrument distribution panels are not supplied through inverters.
Both the normal and back-up supplies are fed from 480 Vac through a voltage regulator-transformer.
The transfer switch will automatically transfer, upon loss of power on the normal source, to the back-up source-Manual transfer is required to return to the normal source.The switch is also equipped with a mechanical handle which bypasses electric circuitry and can switch to either sources No design modifications are proposed.Exhibit 5-7
- pl~
- )i~i'.')g'Q",Q SYc/o Sod?g OP<4 XCr~N<>.IO i':Su>~((".u'~~>-MVZ~(">>V(U~~:-"Mt'~J 2 co<.tl'ANY conntspoNotttcc TO: Sts.4 John hllen 3003 November 5, 1980 I'VNGS-I 180-ItWK/JGS-51 F Roh1: St.h II E~t.I It.W.Kramcr~>015 G3 1~<sU<3JECT: NttC IE At<lie t in Nl)79-27.l,t>:<s<>I'<>33-(',.I;>ss II', I>>st,rttm<ntaLi<>>l 1<>tl Cut>trol.Power System II>>s l)uring Op<<r;tti>>>>
File: 055-026 The following is in response to item 2 of NRC IE Bulletin 79-27.Fmergency procedures that: wi.ll be used by control room operators, i>>eluding pvoccdures r<<<lt>ir<.<l to achieve a cold sl>utdowtl co>>di.tio>>,<tpon loss of pnwer to each Class IE and non-Class IE lius supplying p<>wer to safety and>>on-s'>fety related instruments an<I control systems will be prepare<1;lnd then r<<viewed at least three months p>'iov t>>tl><<op<.r'<ti<31, li<<c>ls<<..
Tile procedures'will include tltc fol.lowing information.
a.Th<<.dial,nostics/al;>vms/indicators/symtom resulting from the review a>><l cv;>luation cotldt<cted per item 1 of IE Hullcti>>No.79-27.b, Tlte ttse of altel'n;>tc indication and/or control circuits wltich may be powered from ot:hev non-Class IE or Class IF.instr<>ment:ation and control buses.c.Ilethods for restoring power to Lh<<bus.A description of any pvoposed design mo<lifications or administrative
<<<>ntrols to be implemented resulting from these procedures, and the proposed schedule iov implem<nting tile ch;tnges will also be provided.If any fuvther assistance is reqt>ired on this matt:er contact Jerry S<lf at Extension G315.JGS/ir.r:<m<<r, Support Services Han;tgur (A<<'LL>>I;)
PVN(cc: G.C.E.I'.~F.W.W.I'.R.It.hnd<>I;n ini V>n Bvunt I I:>r t.l c y<lu I tin 0 I.1.I'o r.d Exhibit 5-8 if'