PLA-6012, Proposed License Amendment Numbers 272 and 241, Power Range Neutron Monitor System Digital Upgrade Response to NRC Questions Supplemental Information No. 2, PLA-6012

From kanterella
Revision as of 22:40, 23 November 2019 by StriderTol (talk | contribs) (Created page by program invented by StriderTol)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Proposed License Amendment Numbers 272 and 241, Power Range Neutron Monitor System Digital Upgrade Response to NRC Questions Supplemental Information No. 2, PLA-6012
ML060610184
Person / Time
Site: Susquehanna  Talen Energy icon.png
Issue date: 02/28/2006
From: Mckinney B
Susquehanna
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
PLA-6012
Download: ML060610184 (26)
v  d  e


Text

Britt T. MKbNuly PPL Susquehanna, LLC I I Sr. Vice President & Chief Nuclear Officer 769 Salem Boulevard Berwick, PA 18603 rel. 570.542.3149 Fax 570.542.1504 bbncklnneywpplweb.com U- -

FEB 28 200 U.S. Nuclear Regulatory Commission Attn: Document Control Desk Mail Stop OP1-17 Washington, DC 20555-0001 SUSQUEIIANNA STEAM ELECTRIC STATION PROPOSED LICENSE AMENDMENT NUMBERS 272 FOR UNIT 1 OPERATING LICENSE NO. NPF-14 AND 241 FOR UNIT 2 OPERATING LICENSE NO. NPF-22 POWER RANGE NEUTRON MONITOR SYST`EM DIGITAL UPGRADE RESPONSE TO NRC QUESTIONS SUPPLEMENTAL INFORMATION NO. 2 Docket Nos. 50-387 PLA-601 2 and 50-388

Reference:

1) PLA-5880, B. T McKinney (PPL)to Document ControlDesk (USNRC),

"Susquehanna Steam Electric Station ProposedLicense Amendment No. 2 72for Unit I OperatingLicense No. APF-14 and 241 for Unit 2 OperatingLicenme No. NPF-22PowerRange Neutron Monitor System DigitalUpgrade,"

datedJune 27, 2005.

2) NRC Letter to Bryce L. Shriver, "RequestforAdditionalInformation (RW - Susquehanna Steam Electric Station, Units 1 and 2 (SSES I and 2) - PowerRange Neutrsn MonitorSystem DigitalUpgrade (TAC Nos. MW7486 and MC7487), " datedFebruary 9, 2(206
3) PLA-5983, B. T. McKinney (PPL) to Document ControlDesk (USNRC) "Siusquehanna Steam ElectricStation ProposedLicense Amendment Numbers 272for Unit 1 Operating License No. NPF-14 and 241 fcr Unit 2 OperatingLicense No. NPF-22PowerRange Neutron MonitorSystem Digital UpgradeSupplemental Information, " dated December 1, 2005 The purpose of this letter is to supplement the proposed amendment request, whi ch requested a license amendment to the Susquehanna Steam Electric Station (SSES) Unit I and Unit 2 Technical Specifications to implement a digital upgrade to the Power Range Neutron Monitor System (Reference 1). The supplemental information provided herein documents the information requested by NRC in a letter dated February 9, 2006 (Reference 2).

Teleconferences were held between NRC and PPL Susquehanna, LLC (PPL) on February 1, 2006 and on February 15, 2006. Communication with NRC clarified the level of 1A0o

Document Conlirol Desk PLA-6012 detail requested by NRC in the PPL responses. The supplemental information is in accordance with the NRC clarifications and is provided in the Attachment.

Previous supplemental information, requested during a teleconference on November 2, 2005, was provided in Reference 3.

PPL has reviewed the No Significant Hazards Consideration and the Environmental Consideration submitted with Reference 1 relative to this supplemental information. We have determined that there are no changes required to either of these documents.

PPL respectfully requests that NRC expeditiously complete the review and approval of the proposed Power Range Neutron Monitor Digital Upgrade License Amendment Request, which was originally requested in Reference 1 to be by February 1, 2006. PPL continues to plan to install the digital PRNMS upgrade in the Spring 2006 Outage.

If you have any questions or require additional information, please contact Mr. John Oddo at (610) 774-7596.

I declare under penalty of perjury that the foregoing is true and correct.

Executed on: </M /z eB. T.Kinney Attachments:

Attachment 1 - Supplemental InfonLation cc: NRC Region I Mr. A. J. Blarney, NRC Sr. Resident Inspector Mr. R. V. Guzman, NRC Project Manager Mr. R. Janati, DEP/BRP

l M Attachment 1 to PLA-6012 Supplemental Information l

Attachment I to PLA-6012 Page I of 9

SUBJECT:

PROPOSED LICENSE AMENDMENT REQUEST POWER RANGE NEUTRON MONITOR SYSTEM DIGITAL UPGRADE The supplemental information provided herein documents the information requested by NRC in a letter dated February 9, 2006. Teleconferences were held between NRC and PPL Susquehanna, LLC (PPL) on February 1, 2006 and on February 15, 2006.

Communication with NRC clarified the level of detail requested by NRC in the PPL responses. The supplemental information is in accordance with the NRC clarifications and is provided in this Attachment.

NRC 0QJESTION 1:

Provide the analysis or reference document that links the configuration of the original system designed, tested, and described in the NRC approved GE Licensing Topical Report (LTR) NEDC-324 lOP-A, "Nuclear Measurement Analysis and Control Power Range Neutron Monitor (NUMAC PRNM) Retrofit Plus Option III Stability Trip Function," and its Supplement 1, to the configuration of the systems which will be installed at SSES I and 2. This analysis should include any changes to the hardware, software, or processes used to fabricate the system and the justifications that these changes do not effect the SSES 1 and 2 system capability to meet the original protection system design requirements. For the software-related, process portion of this analysis, the staff plans to focus on any changes, to the following documents, identified in Branch Technical Position (BTP) Instrumentation amd Controls Branch (HICB)-14, "Guidance on Software Reviews for Digital Computer-Based Instrumentation and Control Systems":

Software Management Plan Design Specifications Software Development Plan Software Quality Assurance Plan Software Configuration Management Plan Software Safety Plan Design Safety Analysis Software V&V Plan V&V Change Report Configuration Management Change Report Section 2, "Information to be Reviewed," of BTP HICB-14-7, explains that: "the applicant/licensee need not develop a separate document for each of the topics identified below; however, project documentation should encompass all of the topics." As a consideration for staff review, since the actual documents will not be submitted, please identify the procedure where the topic is found if a procedure, listed above, was not specifically generated.

Attachment 1 to PLA-6012 Page 2 of 9 PPIL Response:

The SSES plant-specific aspects or differences between the SSES-specific NUMAC PRNM system and Ihe system described in the GE LTRs NEDC 324 1OP-A and NEDC 32410P.-A, Supplement 1, including both functional differences and equipment differences as described in the LTRs, are described in the PPL submittal, PLA-5880. The original PRNM equipment design and any subsequent changes thereto, for either generic application or SSES-specific application, were performed in accordance with issued, corporate numbered and controlled software development plans, the latest NRC-reviewed and approved GE and/or PPL quality system, as committed by GE during the original review (ref. NRC SER Section 3.2 included in NEDC 32410P-A). The differences between the SSES-specific NUMAC PRNM system and the system described in the GE LTRs NEDC 32410P-A and NEDC 3241 OP-A, Supplement 1 do not affect the SSES 1 and .2system capability to meet the original protection system design requirements.

Any changes to software required either due to equipment changes,,

problem resolution, or SSES-specific requirements underwent the same level of software V&V as the original design. Records and reports documenting software V&V actions, both generic and SSES-specific, are documented in GE QA records in accordance. with the issued software.

design plans and the GE QA program. A more specific discussion of the software changes since the original PRNM design and the design process applied for SSES in relation to the BTP HICB-14 items is included below.

The original PRNM design was qualified in accordance with the commitments included in the GE LTR NEDC 3241OP-A and reviewed and accepted by the NRC as part of the LTR review. Qualification of SSES-specific equipment, either by showing applicability of the original qualification or by supplemental qualification actions, is evaluated and documented in an SSES-specific Qualification Summary Report, filed in the GE design records and provided to PPL as a project deliverable. This is consistent with other plants implementing the NUMAC PRNMS. The Qualification Summary Report includes a specific evaluation of equipment differences between the SSES-specific equipment and the originally designed and qualified equipment.

Adequacy of the separation and independence of channels of the SSES-specific implementation, including all plant interfaces, is evaluated specifically for compliance with plant-specific separation requirements, including both the equipment aspects specifically discussed in the NUMAC PRNM LTRs and any plant-specific aspects of the implemented systems.

The separation evaluation and conclusions are documented in an LSSES-

Attachment I to PLA-6012 Page 3 of 9 specific PRNM Separation Analysis, which is filed in the GE design records and provided to PPL as a project deliverable. This is consistent with other plants implementing the NUMAC PRNMS.

Software Changes to design aspects are consistent with the GE commitments during the original NRC review of the PRNM LTRs and documented in the NRC SER included in the GE LTR NEDC 3241OP-A; all such changes have undergone V&V actions fully consistent with those applied to the original design. Appendix A provides a list of APRM/OPRM functional software changes by module numbers, description and file date. For SSES l PRNM, the software V&V process was applied and full V&V test was performed to SSES requirements.

Appendix B, NUMAC APRM Firmware Development Process Synopsis, describes how the software is developed for a particular application. The software design starts from the latest (preceding application) firmware stored in the archived library account. This is possible, as the software has been maintained to be "backward" compatible with previous PRNMV projects. The NUMAC plans require that the firmware source and build files be placed in the NUMAC library. Only the Responsible Configuration Control Engineer (RCCE), who has no software design responsibility, has "write" privileges for the library account. Thus a newer version oI an unapproved version cannot be replaced.

Hardware A list of major subcomponents, including their respective part number and revision number (e.g., CPU bDard, memory boards, power supply, display unit etc.), is provided in Appendix C herein. Major subcomponenls are those typically maintained as a spare part by the utility.

All hardware interface or detailed hardware differences between the SSES-specific PRNM equipment anid the original generic equipment, either to implement SSES-specific requirements or to replace obsolete components are accomplished and documented in accordance with the NRC-approved GE design control and design change control program, including design verification against SSES-specific and generic PRNM requirements. The process for determining and accepting how a subcomponent change is analyzed to be acceptable in terms of form, fit and function is dociunented in the GE design control program (EOP 55-2.00 and EOP 55-10, revision dates as applied to the projects).

Attachment 1 tD PLA-6012 Page 4 of 9 PPL has been requested to "identify what significant changes to the hardware have been made, if any, to the original system and the justification that this change cid or did not change the form, fit, and function with the determination that the original protection system requirements are satisfied." Function refers to the function of the module not the function of the system. The criterion for determining significant changes is any modification that would require a change to the schematic drawings of the circuitry, or any physical change which could affect the seismic or environmental qualification of the system. Based on this criterion and the information in Appendix C, PPL has determined that one memory module, the GEDAC Communication Memory Module (228B2722G005) module falls within the definition of "significant change."

The change to the GEDAC Communication Memory Module consisted of replacing the originally used GEDAC Optical Electrical Interface Board (228B2720G004) with GEDAC Optical Electrical Interface Board (148C7608G001). The Optical Electrical Interface Board is a daughter-board installed on the GEDAC RAM Communication Motherboard (228B2714GO03) that was used in the original design. The new Optical Electrical Interface Board eliminated an unused RS-232 electrical output, added three fiber-optic outputs, and changed the fiber-optic connectors to an industry standard type. With the exception of the circuit schematic diagram, there were no changes that required a change to the system fimnnware or any physical change that affected the seismic or environmental qualification of the system. The changes to the schematic diagram. reflect the interfaces to the new Optical Electrical Interface Board and applicable reference document numbers..

Qualification of SSES-specific equipment, either by showing applicability of the original qualification or by supplemental qualification actions, is evaluated and documented in an SSES-specific Qualification Summary Report, filed in the GE design records and provided to PPL as a project deliverable. Evaluation conclusions found that the environmental and EMC qualification levels for the SSES PRNM equipment identified were qualified for the application.

Software Design Process & Process Changes The primary US NRC guideline available at the time the NUMAC design processes were developed was US NRC Reg. Guide 1.152 - 1985, primarily endorsing ANSI/IEEE 7-4.3.2 - 1982. IEEE 7-4.3.2 - 1993 was issued prior to completion ofthe original PRNM design, but was not endorsed by the US NRC until 1996 (via RG 1.152 - 1996). Evaluation of the NUMAC design process against both of those guides is included in

Attachment I t) PLA-6012 Page 5 of 9 NEDC 3241OP-A, Appendix A. In addition, NEDC 32410P-A, Supplement 1, Appendix A, includes an evaluation of the process ANSI NQA2, Part 2.7. A general description of the design process applied to the NUMAC PRNM is included in NEDC 3241OP-A, Chapter 9. Finally, Appendix C in NEDC 32410P-A includes a comparison of the NUNAAC PRNM equipment with NUMAC equipment previously designed and reviewed by the US NRC.

The NUMAC PRNM software design process is documented in three GE corporate numbered plans:

o NUMAC Software Configuration Management Plan o NUMAC Software Management Plan o NUMAC Software Verification and Validation Plan Except for the NUMAC Sofwivare Management Plan, these plans are unchanged from the time of the original NRC review of the PRNM LTRs (1995). In 2000, previously issued outstanding changes to the NUMAC Software Management Plan were incorporated (Revision 2). The first outstanding change, issued in 1998, added a requirement that the Product Performance Specifications shall include identification of hardware adjustments requirements. This change is unrelated to software fuictions, but was included in the Plan because the Plan identifies NUMAC specification requirements. In the NUMAC design process, the Product Performance Specification includes full requirements for the item whether the function is software controlled or hardware controlled. The second outstanding change also issued in 1998, updated references to RG 1.152, rev 1, and IEEE Std 7.4.3.2 - 1993 were added in the NUMAC So:ftware Management Plan after review confirmed that the plan complied with these later revisions.

Since the original PRNM design and NRC review of the NLJMAC PRNM LTRs, the NRC has issued BTP HICP-14. This BTP and most of the US NRC Regulatory Guides listed therein were not issued at the time of the original design of the NUMAC PRNM equipment. The PRNM scope is limited to one sensor system within the Reactor Trip System, and is designed by hardware means to fail-safe (tripped).

The NUMAC PRNM design process satisfies the criteria that were in place at the time of the design and includes basic process steps consistent with recommendations in this BTTF.

Attachment I tD PLA-6012 Page 6 of 9 Appendix D correlates specific software design process documents identified in the BTP with the corresponding or equivalent documents used in the NUMAC PRNM design process.

NRC OUESTION 2:

In Section 3.3, "Plant Process Computer Impact" PPL discusses the data transmission to be: "through a serial fiber-optic link to the new Multi-Vendor Data (acquisition system)

(MVD) interface unit." Essentially, the data transmission path has changed frorm going through hardwire and the Oscillation Powe- Range Monitor (OPRM) module, to all process data going through the MVD module. The MVD will, in turn, transfer the information on an Ethernet bus to the plant process computer. Similarly, plant computer-calculated Local Power Range Monitor (LPRM) gain values and calculated core thermal power (to be used by the Average Power Ramge Monitor (APRM) to adjust the ALPRM gains) are transmitted via the Ethernet bus to the MVD, and onto the PRNMS. The NRC staff requests the following with regards to how the data is used and the transmission method involved:

A. Explain the extent of the operator involvement in the generation, review and use of these new LPRM gain and calculated core thermal power values, which can effect APRM and OFRM setpoints.

B. Show how this communication provision (the two way communications path between the PRNMS system and the plant computer) through the MVD, is consistent with safety system-to-non-safety system separation and the isolation requirements of Institute of Electricel and Electronics Engineers-279 in terms of the data transmission, cyber security, and electrical isolation.

PPL Response:

2A. Operator Involvement The process to generate LPRM gain and core thermal power values is unchanged from the currently established process. The use of these values for updating the calibration and adjustment of the PRNM equipment is changed from a fully manual process to a semi-automatic process.

In the current process, a trained technician, under procedural control, makes physical adjustments (potentiometer adjustments) in the PRNM equipment with meter readouts to implement LPRM and APRM gain adjustments based on data sheets provided by the plant computer followed by a procedurally controlled verification process to assure that the adjustments have been correctly implemented.

Attachment 1 at PLA-6012 Page 7 of 9 With the replacement system, a trained technician still receives a data sheet of LPRM adjustment values, but uses that sheet for verification review only. The technician, under procedural control and after security access, selects the "update" screen and confirms that the latest values have been downloaded. The equipment calculates and displays (but does not use) the adjustments and/or new values that will result from the downloaded data.

The technician reviews the "pending" values based on the plant computer data sheets. If the downloaded values shown on the equipment displays agree with the values from the data sheets, the pending values are accepted, by specific technician action, for use by the equipment. This final step is equivalent to the mechanical adjustment of the gain values in the current system.

For the APRM adjustment, the process is similar except that the Operators perform the adjustment based on computer displays.

It should be noted that each of the individual gains can be adjusted locally without the automatic download feature.

The process is unchanged in that it still requires a manual action to both initiate ,the process and accept and implement the results.

213. Isolation and security GE LTR NEDC-32410P-A, sections 5.3.2.7 & 5.3.5.1, include a discussion of the electrical and data interface isolation methods used, with the understanding that the SSES "'MVD"is the interface to the "plant computer." The data path from the plant computer, via the MVD, to the APRM is over fiber-optic links from the MVD to the RBM, and from the RBM to the APRM, which provide the electrical isolation between the MVD and the APRM.

As further discussed in section 5.3.5.1, the APRM hardware includes data buffering and logic to provide "information isolation" to assure that no signals from the external systems can affect the APRM safety functions.

Although not specifically discussed in section 5.3.5.1, the RBM interface to the MVD also includes similar information isolation to assure that no signals from the MVD can cause adverse operational impact on the RBM.

With the clarification that the MVD is the "plant computer" for SSES for purposes of the discussion in section 5.3.5.1, the discussion fully applies to the SSES-specific PRNM system.

The following non-safety information is sent to APRM via RBM:

o LPRM/APRM gain downloads and CTP,

Attacbment I tD PLA-6012 Page 8 of 9 o LPRM I/V requests, and o time-of-day for time stamping the IN data.

The LPRM/APRM gain downloads and CTP are manually initiated communications utilized for instrument calibration, as discussed above under 2A. The LPRM I/V requests are manually initiated functions that provide an operator (technician) aid for determining in-core detector sensitivity. The time-of-day stamping accompanies the I/V data.

The bidirectional Fiber Direct Data Interface (FDDI) Modules, NEDC-34210P-A section 5.3.3.9 are used to transfer messages from the RBM to the APRM by continually transferring a block of RAM data from the RBM's FDDI Module to the APRM's FDDI Module, a path different than the CPU memory path. Internupts are not employed to receive new messages. Instead, each message type is examined to see if a new message has arrived. A message is determined to be new by examining a count value contained in the message that is incremented each time the RBM sends a new message. The CPU fetches the data only when the conmt changes. The data can only move under CPU control. Therefore, the data cannot propagate beyond the display status.

GE LTR NEDC-32410P-A, section 5.3.6, provides discussion of data validation prior to its use in the NUMAC PRNM system. (This would include data such as Gain Adjustment Factors, Percent Core Thernmal Power, LPRM detector sils, and recirculation flow loop differential pressure signals.) The 3 bullet is the administrative action discussed in the response to RAI 2A. The 4h bullet applies to both the RBM/APRIM and RBMI/MVD communications.. The discussion in section 5.3.6 fully applies to the PRNM system for SSES.

GE LTRNEDC-32410P-A, section 6.4.3.2.1, provides a discussion of the design approaches to mitigate consequences. This section provides a list of approaches that can significantly reduce the risk of an unacceptable consequence of a common cause design problem and allow the individual channels to recover independently. As discussed in that section, a software watchdog timer is employed that will result in an APRM reset and trip if any safety-related task is observed to take more than the allotted time and a hardware watchdog timer will cause an APRM reset and trip if the software watchdog timer is not operating properly. Therefore, it meets the intended fail safe safety function of the PRNMS system.

GE LTR NEDC-324 1OP-A, section 5.3.13, provides a more specific discussion of the security methods that apply to the APRM and LPRM gain adjustments as discussed in the response to RAI 2A. The PRNMS has three levels of security. The first level requires a password only. The second

Attachment I to PLA-6012 Page 9 of 9 level is implemented by the use of a keylock switch on each APRIM and RBM to provide Operate and INOP mode switching. The third level is implemented by requiring a correctly entered password after switching modes with the keylock switch. The discussion in section 5.3.13 expands upon these security levels which fully apply to SSES-specific PRNM system. 6 There are no data-link connections to outside systems from the PRNM except via the MVD and plant computer. The design aspects of thi interface between the APRM channel and the MVD (via an RBBM) assures that no faulty information from the plant computer can spontaneously change any APRM (or RBM) settings or values, regardless of whether the information comes from normal plant computer operations, a malfunctioning plant computer, or some outside source via the plant computer.

APPENDIX A NUMAC APRM/OPILM Firmware Changes The table below identifies changes made to the safety-related APRMIOPRM firm-ware since the original design. The table lists the files containing revised firmware and a description of the change(s). This table does not include changes made to the data files that are changed for each new plant application.

File DescriFon of 9hmaneile Date ANALYZER.C 04/15/99 - Added compile-time enhancement SaveIVAbort Data in 8 .Nov-1999 procedure abortanalyzer to save previous analyzer data on an abort condition.

11/08/99 - Revised procedure permitautobypass to restrict condition under which IV plotting is allo wed. Corrects a reported problem.

ASPSTAB.C 09/07/05 Started with the Detect and Suppress Solution - Confirmation 23-Jan-2006 Density (DSS-CD) version of the OPRM firmware installed at other plants.

1. Main - Revised procedure to execute at 46.08 nis (was 23.04 ms).
2. Initialize, Set_oprmoutputs, and Perform-stabilitycalc - Revised procedures by removing firmware related to ABA and GRBA alarms.
3. Perform stabilitycaic - Revised procedure to require a peak-to-valley difference of 0.0004 or greater for slope' change detection.
4. Calcconfirm period - Revised procedure to use the average time of the confirming periods (wais the previous period's time).

ASP.PLM 05/12/98 - Revised procedure read4aspcal output to prevent against the 21-Jul-1998 possibility of a false refresh enor. Corrects a reported problem.

07/20/98 -Revised procedure set asp cal output to ramp the CAL voltage from last voltage setting to the new voltage setting in 120mV steps in order to be compatible with the Cal/Monitoring panel. Corrects a reported problem BROADCAST.C 06/18/95 - Revised the bcr_xmit diag data structure and the 23-Mar-2005 checkbcr_x-mitstst and testlast rx procedures to enhance the capability to detect an intermititent fiber connection. Corrects a reported problem.

03/23/05 - Revised testlastrx fimction to suppress an error if invalid or no data is received from a non-home APRM channel that is bypassed.

Corrects a reported problem.

Page A - 1

APPENDIX A File Description of Change File Date CALIBRATE PLM 02/24/97 - Revised the procedure CalcExpectedResp to use ASP offset in 19-Sep-2005 16-bit counts to improve accuracy of data collected to better detect D/A and A/D errors. Corrects a reported problem 02/28/97 - Revised procedure DoCalVoltageCheck to apply the A/D offset and gain corrections to tie Analog I/O module since the input analog routine does not apply the calculated calibration corrections. Corrects a reported problem.

07/23/97 - Revised procedures Calc_CalGains, Calc CalOffsets, CalcCalchkPoints, and Calc CalPathRatio to reset CAL output voltage to OV before configuring the LPRM's CAL mode and CHAN mode in order to be compatible with the Cal/Monitoring panel. Corrects a reported problem.

08/10/01 - Corrected improper values of the Flow "Calibration Constant" from being displayed. Correct; a reported problem.

03/22/05 - Revised procedure iniialize-cal to correct for a possible watchdog timeout while entering the calibrate frequency check function.

Corrects a reported problem CHASSIS.PLM 05/30/97 - Added support for Broadcaster output/relay check. lO-Sep- 2 0 05 07/22/97 - Modified procedure ProcessCalcheck Now resets the CAL output to OV before switching lie CAL checkpoints.

03/22/05 - Revised procedure reset-task time log to correct for a possible watchdog timeout while entering the calibrate frequency check function.

Corrects a reported problem.

CPU.PLM 11/12/98 - Removed upper bank NVRAM store on Watchdog Timeout 30-Nov-1998 since it is only needed to store diagnostics on a timeout This prevents a possible false NVRAM initialization error (NUMAC-AP NVRAM write error. Corrects a reported problem.

DSPIN.C 07/14/98 - Added "1-out-of-4" mrode in Trip Check. 14-Jul-1998 DSPOUT.C 06/24/98 - Added compile-time enhancement Dual SlopeEnabled for dual 2 7-Oct-2005 slope operation.

04/15/99 - Added cornpile-time enhancement Save IV AbortData to save previous analyzer data on an abort condition.

06/29/02 - In send_parameterH_mgs changed decision to send F12 based on compile-time enhancement OprnEnabled and not plant type.

06/29/02 - Changed decision to include F12 in format msg to be based on compile-time enhancement OprmEnabled and not plant type.

06/29/02 - Added non-OPRM definition to Param-msglist 06/29/02 - Redefined Aprmntx list and Aprm tisenslist from plant type to compile-time enhancement Oprm0Enabled.

10/27/05 - Revised formatting of displayed OPRM data to accommodate increased resolution.

Page A -2

APPENDIX A File Description of Change File Date FDDI_API.C 05/07/97 - Revised to send "relamp" instead of"amppeak" value for cell 27-Oct-2005 data. Corrects areportedproblem.

09/02/97 - Corrected calculation of LPRM downscale reset point in the AL3 message to correct an alarm setpoint hysteresis problem. Corrects a reported problem.

06/24/98 - Added compile-time epnhancement Dual SlopeEnabled for dual slope operation.

04/29/99 - Corrected problem with LPRM GAF downloads. Corrects a reported problem 10/27/05 - Removed GRBA and ABA Alarm setpoint from message sent to REM when Susquehanna plant flag is True.

FLOW.C 08/25/97 - Corrected problem with flow cal check process using the user 02-Sep-2005 entered current input gain & offset.

06/24/98 - Added compile-time enihancement DualSlopeEnabled for dual slope operation.

08/06/02 - Corrected Flow Cal Check interaction problem. Corrects a reported problem.

09/02/05 - Added compile-time enhancement Allow Neg flow to ignore the lower clamp for flow biased setpoints in single loop operation per Susquehanna requirement IO.C 06/28/02 - Added analog output exception for Nuclenor. 12-Sep-2005 04/20/05 - Added compile-time enihancement Rrcs_PsFault.

09/12/05 - Added analog output configuration for Susqueharma.

MTEST.PLM 10/01/97 - Corrected problem with ODIO Relay Output tests. 19-Sep-2005 11/12/98 - In procedure test cpu, removed checksum test on OPRM parameters and OPRM cell awignments if the unit is not an APRM master unit 07/09/02 - Added plant specific mask for Nuclenor to prevent unwanted Downscale, SRI, and Stability 2/4 Module faults.

03/23/05 - Added generic mask to prevent unwanted Downscale, SRI 2/4 Module faults.

OPRM.C 11/08/04 - Initialization firmware for the Stability module was modified to 19-Sep-2005 only enable the Al 8 Module interrupt if the APRM was the master unit 09/06/05 - GRBA and ABA alarms are not checked per Susquehanna requirement.

Page A - 3

APPENDIX A File Description of Change lFile Date POWER.C 03/17/97 - Corrected an error in AGAF calculation for large plant 20-Apr-2005 configurations. Corrects a rep Drted problem 07/05/01 - Added compile-time enhancement OprmnWithknopJEnabled to procedure build_bcrtripword to set the OPRM trip output from the broadcaster whenever an APRM Instrument Inoperative condition exists.

Corrects a reported problem.

06/26/02 - Added a definition for AprmL alarmrodd_block as OPRM variables are not defined when compile-time enhancement OprmEnabled is false.

06/26/02 - For Nuclenor, the previous STP trip is now based on APRM Flux. STP alarm remains based on STP.

03/23/05 - Added a display alann byte that controls the alarm indication in the display header.

04/20/05 - Added compile-time anhancement RrcsPs_Fault.

SERIAL.PLM 06/28/02 - Procedure senddspinsg was revised to not send a message if 28-Jun-2002 the message length was 0.

SETPARAMS.C 04/29/98 - Added default LPRM initialization in procedure C5-Jan-2006 assign defaultoprm cell to p:revent a possible false NVRAM initialization error. Corrects a reported problem.

04/29/98 - In the procedure Save_nvram_eprorn, removed checksum verification for OPRM parameters and OPRM cell assignments if unit is not an APRM unit or the ORPM is not enabled to prevent a possible false NVRAM initialization error. Corrects a reported problem.

04129/98 - Removed checksum of TOPPS parameters if unit is not configured for KKM to prevent a possible false NVRAM initialization error. Corrects a reported problem.

06/24/98 - Added compile-time enhancement rlualLSlopeEnabled for dual slope operation. Allows independent slope adjustments.

06/26/02 - Prevented assign default opr. cell from accessing variables not accessible when OPRM is not enabled.

STAB-ASP.C 10/27/05 - Removed processing the GRBA and ABA alarm cell status per 27-Oct-2005 Susquehanna requirement.

Pale A -4

APPENDIX B NUMAC APRM Firmware Development Process Synopsis Design Inputs When APRM firmware is developed for a particular PRNM system application, lie Performance Specification is the major input to the design and is used with other referenced Product Performance Definition documents (see LTR NEDC-324 lOP-A, Sec.

9.2.3).

The firmware is developed using the base APRM Performance Specification and the applicable APRM Performance Specification Data Sheet. The base performance specification describes the "generic" APRM performance characteristics, while the data sheet provides additional design input and firther describes exceptions and differences between the base APRM application and the new application. From these documents a base APRM Functional Controller Software Design Specification and the applicable APRM Functional Software Design Specification data sheet are provided.

In most cases, the differences described by these input documents only involve changes to database files. However, if a data sheet requires that a new enhancement be developed, the new firmware will be added and maintained as described below.

Firmware Control The APRM firmware is developed, maintained, and controlled per the NUMAC Software Configuration Management Plan (CMP). Per the CMP, revision control is maintained on an instrument, project, and firmware release basis. As an example, the safety-related firmware for the Susquehanna APRM firmware has been stored in a VAX library directory named NUMACAPRM.FUNCODE.SUSQ.REV0.

After firmware has been validated and is about to be unconditionally released to production inside GE, the NUMAC plans require that the firmware source and build files be placed in the VAX library directory. The Responsible Configuration Control Engineer (RCCE) is directed to move these files along with a Firmware Release Description (FRD) to the appropriate library directory. Only the RCCE has "write" privileges for the VAX library for this instrument family. The RCCE has no software design responsibility, and reports to a manager other than the manager with software design responsibility. Once archived, the FRD is checked by independent review to assure that the documenti correctly describes the process used to rebuild identical EPROMs (checksums). To perform this review, the files are copied from the library directory, a temporary non-controlled directory and then rebuilt. The FRD will become part of the baseline process and the checksums will be used to link the files with the EPROM checksums recorded during the Verification and Validation testing.

Page B - I

APPENDIX B Once the software modules have been stored in the unique VAX library directory for the plant application (and revision), and have been independently reviewed to be the correct files, there is no longer a need to revise, modify, or alter in any manner the archived firmware in this directory. Furthermore, orly the RCCE has knowledge of the library password. This process prevents a controlled software module from being replaced with a newer, but unapproved version. .

When the next APRM project commences, the software design engineers will start from the latest APRM firmware that is stored in the library directory and confirm that the correct set of modules has been retrieved by checking that the checksum matches that maintained in the project's FRD. For the recent Susquehanna project, the firmware from the VAX directory NUMACAPRM.FUNCODE.CHINSHAN.REVO directory was used.

This is possible as the software is maintained to allow use for both new and prior APRM projects.

Firmware History Compatibility is accomplished by the use of compile-time directives in the form of "Project" and "Function Enhancement" flags. These flags are maintained in the various firmware files, i.e., the 'source' and the 'include' files. For example, when KKI (the first in the lineage of PRNMs) was developed, a plant compiler directive for "Plant KKM" was made. All plant specific configuration details (LPRMs per channel, LPRM levels per input, analog outputs, user parameters ranges, etc) were specified in the files to be included only if the "PlantKKIY[" flag was set to True.

As newer projects were designed, additional compile-time directives were added. for these projects. Since the initial KKM project, the project lineage has included plant directives for the following; Hatch 1 & 2, Browns Ferry 2 & 3, Nine Mile Point 2, Fermi 2, Peach Bottom 2 & 3, Limerick 1 & 2, Brunswick 1 & 2, Nuclenor, Laguna Verde 1 & 2, and Chinshan 1 & 2.

Another type of firmware change that may occur is related to new functions that have been added. These have also been designated using compiler directives, called compile-time enhancements. For example, a new function added to Susquehanna was to change the way in which the flow-biased setpoint values are calculated when single loop operation is enabled. So, there now exists a new compile-time enhancement flagy that allows future and prior applications to use either method of calculating the flow-biased setpoint values. Other examples of new functions are Dual Slope Capability, RRCS Trip, and Negative Analog Outputs.

A final type of firmware change that may occur is in response to a reported firmware problem. These are documented in problem reports for problems that have been discovered and/or received from various sources. These sources could be from a problem experienced at an operating plant, or there could be other possible origins. Typically, the Page B -2

APPENDIX B decision to include the correction for a problem is made at the Definition and Plenning phase since the plant licensing and operation personnel is made aware of the change and has an opportunity to evaluate the need. In some cases, correcting a problem could result in an adverse effect on plant documentation, training, and the plant may choose to not incorporate a specific problem correction.

Firmware Testing Once revised, changes to the firmware (i.e., the database and source files) are tested, at various stages, in accordance with the Software Management Plan (SMP). The Verification and Validation Plan (VVP) is used to develop and control the final V&V test. The intent of the V&V test is to test to ensure that all (not just the revised firmware

- although additional test emphasis may be placed on revised firmware) is tested. A V&V test typically takes two to three weeks to complete and is performed on the complete system using equipment that simulates all system inputs as well as monitors all system outputs.

Once the firmware testing process has been completed, the revised software is archived per the CMP and becomes an integral part of the Validation and Software Issue. This provides application configuration management, without question, of the files that are in use at any specific plant.

Future Application If an existing plant requests a new function or firmware the designer would not start with the latest revision for that project. Instead, the designer would start with the files that are in the latest library directory. At this time, that would be the Susquehanna Revision 0 library directory. The designer would first rebuild the firmware in a temporary directory and confirm that the checksums agree with that contained in the FRD. The designer would then proceed to change the compiler directives and flag, add or change the function compiler directives, and build the new set of firmware. If required by the applicable specification data sheets, a new function along with a corresponding compiler directive would be added. In addition, any unincorporated problem correction, ats called out in the Project Plan and thus approved by the utility to incorporate, would also be included. After the various stages of testing, that firmware would be stored by the RCCE, using the CMP process, in a new library for that plant, but with that plant next library revision number.

Summary The PRNMS firmware is developed, maintained, and controlled per the NUMAC Configuration Management Plan.

Page B -3

APPENDIX B In order to maintain software module integrity and fidelity, a uniquely named VAX directory is created for each project revision to store the complete set of required software modules.

Once established and independently verified, these directories are no longer modified, as a later revisions of the firmware will be stored in their own unique VAX directory.

The most recent applicable project is the starting point for the next project. Compile-time directives and plant flags are used to control database and applicable enhancements.

Page B - 4

APPENDIX C NUMAC Hardware Module Change Summary Table, C summarizes the changes to the modules used in the Susquehanna PRNM System since the initial U.S. application at Plant Hatch in 1997.

With the exception of the GEDAC Communication Memory Module (228B2722G005), all changes to the hardware post-Hatch are fully interchangeable with respect to form, fit and function in accordance with GE Nuclear Engineering Operating Procedure 55-10.00. Again, with the exception, the Susquehanna part numbers are identical to those used during the initial application at Plant Hatch in 1997. There were no significant changes that required a change to the circuit schematic diagrams, system firmware or any physical change that affected the seismic or environmental qualification of the system.

The change to the GEDAC Communicalion Memory Module consisted of replacing the originally used GEDAC Optical Electrical Interface Board (228B2720G004) with GEDAC Optical Electrical Interface Board (148C7608G001). The Optical Electrical Interface Board is a daughter-board installed on the GEDAC RAM Communication Motherboard (228B2714G003) that was used in the original design. The new Optical Electrical Interface Board eliminated an unused RS-232 electrical output, added three fiber-optic outputs, and changed the fiber-optic connectors to an industry standard type. With the exception of the circuit schematic diagram, there were no significant changes that required a change to the system firnwame or any physical change that affected the seismic or environmental qualification of the system. The changes to the schematic diagram reflect the interfaces to the new Optical Electrical Interface Board and applicable reference document numbers.

Page C - 1

APPENDIX C Susquhanna Parts Module PartNumiber List Date Description Part umber Rev Change Blectro-Lurinescent display Item 4 and add Front Panel 112D5122G001 11 2/4/OS alternate item 4 to G005. Apply to in-proonss and future.

Front Panel 112D5122G001 10 1/6/03 Add G6. Apply to in-process and fAture.

Front Panel. 112D5122G01 9 4/29/99 Add alternate terminal lug item 030 to GOO30-G005.

Apply to in-process and future.

Add GOO5. Change G004 Front Panel itemr 003 part #.

Front Panel 112D5122G001 8 3/26199 GOO1,G003 delete EL Display Assembly alternate item 004. Apply to in-process and future.

Change cover sheet group description. GO,1G003 Front Panel 112D5122G001 7 12/9/98 add alternate Assembly item 004. Add new(G004.

Apply to in-process and future.

Front Panel 112D5122G001 6 8/8/97 PL document change to delete item 19 - not used.

. Apply In-process and future.

Front Panel 112D5122G001 5 5/27197 Add G003.

Front Panel 112D51220001 4 4/24/97 Document change to correct item 016 part 4 to agree with EMPIS format.

Broadcaster48C64130004 3 8/1/03 Add test procedure item 102 to G002 and (X004.

Module _ Apply to in-process and future.

Broadcaster 148C6413G004 3 12/7/05 Change resistor item403 part# for G004. Applyto Module in-process.

Broadcaster Changed cover sheet description, added G(103 and Module 148C6413G004 2 1018i'98 G004. Updated shipped plants by Field Disposition Instruction (FDI). Apply to in-process and future.

DC-DC Converter 148C6776GO01 2 - No changes post-Hatch.

Relay Logic Card 148C6797G001 3 8/151'05 Add (002.

2/4 Logic Card 148C6803G001 7 3/23,'05 Add alternate PLD item 210 and 211 to GO0 and G002. Apply to in-process and future.

2/4 Logic Card 148C6803G001 6 8/24,'00 Add alternate Peripheral Latch IC item 202 to (3001-G002. Apply in-process and future.

2/4 Logic Card 148C6803G001 6 7/10/01 Add alternate diode array item 301 to G001I-002.

Apply to in-process and future.

2/4 Logic Card 148C6803GO01 5 4/11/00 Add G002.

PL document change - change item 605 quantity to 2/4 Logic Card 148C6803G001 4 9/19197 match actual quantity used. Apply in-process and future.

FDDI Corrm 178B3754GO01 5 4/25/03 Add alternate NVRAM item 208 to 3001. Apply to Module rn-process and future.

FDDI Comn 17BB3754G001 4 7/7/00 Add alternate CMOS IC item 203 to G(00. Apply to Module in-process and future.

Page C - 2

APPENDIX C Susquhanna Parts Module P umber List Date Description Part Number Rev LPRM Module 178B3763G001 9 5/17(04 Add alternate OP AMP item 204 to G001. Apply to in-process and future.

e 178B3763G001 8Add alternate Peripheral Latch IC item 207 to G001.

LPRM Module 171 8 1/02 Apply to in-process and future.

LPRM Module 178B3763G001 8 10/9'02 Correct the Change Description of RMCN01258 Rev 0.

LPRM Module 178B3763G001 7 5/24/'02 Add alternate resistors item 401 and 404 to G001.

Apply to in-process and future.

LPRM Module 178B3763G001 6 3/26/102 Delete alternate resistor item 402 from G002. Apply to in-process and future.

LPRM Module 178B37633001 5 1/18/02 Add alternate resistor item 402 to G0001-G002. Apply to in-process and future.

4 Delete G002. Change solid state relay par: 3 item 301 LPRM Module 178B37630001 4 11/5_01 for G001. Apply to in-process and future.

LPRM Module 178B3763G001 3 10/19/01 Add G002.

ASP Module 178B3765G001 12 5/17/04 Add alternate OP AMP item215 to G001. Apply to rn-process and future.

ASP Module 178B3765G001 11 5/24/02 Add alternate resistors item 403-406 and 415 to G001.

_ Apply to in-process and future.

ASP Module 178B3765G001 10 1/18,/02 Addaltermt resistors item 405 to G001. Apply to in-process and future.

to ASP Module 178B3765G001 9 7/11/'00 Change alternate 0001. Apply item 210 PLD to in-process future. Card and Adapter ASP Module 178B3765T001 8 7/6/00 Add alternate PLD item 210 to G001. Apply to in-process and future.

ASP Module 178B3765G001 7. 5/21199 Correct item 705 quantity.

ASP Module 178133765G0OI 6 10/13/98 Add alternate 16-bit converter IC item 205 to G001.

Apply to in-process and future.

386SX Memory 178B3767G002 5 /50 Add alternate SRAM IC item 203 to 0001 and 0002.

Card Apply to in-process and future.

386SX Memory 178B3767G002 4 1/19/98 Add alternate Marker item 800 to G001 ard G002.

Card Apply to in-process and future.

386SX Processor 178B3769G002 8 7/11/00 Change alternate item 211 PLD Adapter Card to Card 0001-0002. Apply to inpoess and future.

386SX Processor 178B3769G002 7 7/6/00 Add alternate PLD item 211 to G001-0002. Apply to Card in-process and future.

386SX Processor 178B3769G002 6 3/29/00 Add alternate 8274 IC item 206 to G001 and 0002.

Card _ Apply to in-process and future.

Pagle C - 3

APPENDIX C Parts Module Susquat anna List Dale Description Part umber Rev 386SX Prw essor Add alternate microprocessor adapter module item Card 178B3769G002 5 12/10/98 207 to (3001 and G002. Apply to in-process and Card future.

386SX Processor 178T3769G002 5 7/6/9 Add alternate microprocessor IC item 207 lbo G001 Card . and G002. Apply to in-process and future.

386SX Computer 9 Add alternate sealant for Power Fail Indicator pot item Module l7gB3777G002 4 9/17198 010. FDI to all earlier plants. Apply in-process and future.

Display Control 228B2112G001 20 5/19105 Revise document cover sheet 512x256 Diplay Cotrol Change Crystal Oscillator alternate Item 501 part s12x256 228B21 12G001 19 10/27/04 number for (001-G003. Apply to in-process and future.

Display Control 228B21 12GOOI 1 3300 Add alternate Crystal Oscillator item 501 to (3001-512x256 G3003. Apply to in-process and future.

Display Control 228B2112GO01 17 8/16/00 Add alternate resistors for item 400-407 for G001-5 12x256 G003. Apply to in-process and fiture.

Display Control 228B21120001 16 4/"99 Add alternate CMOS IC item 202 to GOO.00-03.

512x256 Apply to in-process and future.

_ Delete EEPROM alternate Item 207 from 0003. Add Display Conrol 228B2112G001 16 3/28/00 alternate EEPROM item 207 to G001-0002. Apply to in-process and future.

Display Control 228B2112G001 15 12/21/98 Add alternateEEPROM item 207 to all groups. Apply 512x256 to in-process and future.

GEDAC RAM Add alternate resistors items 402-404 to G001-0003.

Comm 228B27 140003 12 8/21_00 Apply to in-process and future.

Motherboard GEDAC Module 228B2722G005 11 4/21i99 process Change lock washer item 7 part #. Apply to in-and future.

Add G005. Used for Susquehanna. Eliminated RS-GEDAC Module 228B2722G005 10 3/26()9 232 output, changed fiber-optic cornector lto ST style.

Added three FO outputs.

16 Chan Analog 228B2846G001 8 6/28i05 Add alternate D/A Converter IC item 205 lo G001.

Out Module Apply to in-process and future.

16 Chan Analog 228B2846G001 7 612h05 Add alternate D/A converter item 205 for (3001.

Out Modulei- Apply to in-process and future.

Open Drain IO 239B7054G002 8 10/23/00 Change alternate resistor item 414 part #. Apply to in-Module process and future.

Open Drain 10 239B7054G002 7 8/21,'00 Add alternate resistors Item 410-414 to GO01-G002.

Module Apply to in-process and future.

GEIO Comm 239B7171G001 6 5/24'02 Add alternate resistors item 404408 to G001. Apply Module to rn-process and future.

Page C - 4

APPENDIX C Susquehanna Parts Module SarthNumber List Dale Description Part umber Rev GEIO Comm 239B7171G001 5 1/18/02 Add alternate resistor item 408 to GOOL. Apply to in-Module process and future.

M logdule 239B7507003 5/17/4 Add alternate OP AMP item 205 to G001-43004.

Analog 14 Apply to in-process and fiuture.

Analog Module 239B7507G003 13 11/3/00 Add alternate resistor item 401 to GOO1-G)0O4. Apply to af Analog Module 239B7507G003 12 8/22/00 Add alternate resistors for Item 401-405 to 0001-G004. Apply to in-process and future.

Analog Module 239B7507G003 11 7/1 li 0 0 Change alternate PLD Adapter Card item 209 to 000OI-G004. Apply to in-process and fixture.

Analog Module 239B7507G003 10 7/6/00 Add alternate PLD item 209 to G001-G0004. Apply to rn-process and future.

Analog Module 239B7507G003 9 4/9/1)9 Add alternate 16-bit converter IC item 206 to G001-G004. Apply to in-process and future.

Analog Module 239B7507G003 8 6/16,97 Add alternate 16-bit converter IC Item 206 to G001-G004. Apply to in-process and future.

Morupl DA233A3785P001 2 9/7/99 Add reference dimensions. Apply to in-process and Power Supply DA265A1313P002 7 10/5/04 Add shelf-life extension process. Apply to in-process and future.

Power Supply DA265A1313P002 6 7/10/02 Editorial corrections and added Safety-related finction statement. Apply to in-process and future.

Power Supply DA265A1313P002 5 11/2,'99 Clarify bum-in test requirements. Apply to in-process and future.

Power Supply DA265A1817P002 3 7/21/05 Updated shelf-life process. Apply to in-process and fature.

Power Supply DA265A1817P002 2 8/17/99 Clarify change post bum-in test requirements. Apply to in-process and future.

Pase C - 5

APPENDIX D Correlation of Specific Software Design Process Documents Identified in the BTP BTP-14 Item NUMAC PRNM Item/comment

  • Software Management Plan These plans collectively address the overall design process and
  • Software Development Plan configuration controL For the SSES PRNM project, the
  • Software Quality Assurance Plan corresponding requirements and controls are provided in:
  • Software Configuration
  • Overall GE QA Program (NEDO-I1209-04A Rev. 4)

Management Plan

  • SUMAC Software Configuration Management Plan
  • Software V&V Plan (23A5161 Rev. 1)
  • NUMAC Software Management Plan (23A5162 Rev. 2
  • NUMAC Software Verification and Validation Plan (23A5163Rev 2)
  • Design Specifications The top level SSES PRNM requirements are documented in a generic PRNM System Specification with an SSES-specific Specification Data sheet. Detailed requirements are defined in equipment performance specifications, user's manuals and data sheets. See LTR NEDC 3241OP-A, Appendix A, Table A. l and LTR NEDC 3241OP-A, Supplement 1, Appendix A, Table A.3 for a more detailed listing of documents.
  • V&V Change Report Records of supplemental or plant-specific V&V activities are
  • Configuration Management Change documented in design records (documentation of verifications Report and tests) or with specific change control documenta (record of changes to corporate issued documents). These records are filed in accordance with the requirements in the Plans listed above.
  • Software Safety Plan The NUMAC PRNM design process does not inclule a
  • Design Safety Analysis separate Software Safety Plan, Design Safety Analysis, or software safety organization. Safety-significant aspects of the PRNM system are included in the design requirements and

_ _ ___ confirned as part of the overall design and V&V process.

Page D - 1

Retrieved from "https://kanterella.com/w/index.php?title=PLA-6012,_Proposed_License_Amendment_Numbers_272_and_241,_Power_Range_Neutron_Monitor_System_Digital_Upgrade_Response_to_NRC_Questions_Supplemental_Information_No._2,_PLA-6012&oldid=2195564"