ML17347B713

From kanterella
Revision as of 12:58, 8 March 2020 by StriderTol (talk | contribs) (StriderTol Bot insert)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
LLC Response to NRC Request for Additional Information No. 262 (Erai No. 8847) on the NuScale Design Certification Application
ML17347B713
Person / Time
Site: NuScale
Issue date: 12/13/2017
From: Wike J
NuScale
To:
Document Control Desk, Office of New Reactors
Shared Package
ML17347B712 List:
References
RAIO-1217-57654
Download: ML17347B713 (29)
v  d  e


Text

RAIO-1217-57654 December 13, 2017 Docket No.52-048 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk One White Flint North 11555 Rockville Pike Rockville, MD 20852-2738

SUBJECT:

NuScale Power, LLC Response to NRC Request for Additional Information No.

262 (eRAI No. 8847) on the NuScale Design Certification Application

REFERENCE:

U.S. Nuclear Regulatory Commission, "Request for Additional Information No.

262 (eRAI No. 8847)," dated October 14, 2017 The purpose of this letter is to provide the NuScale Power, LLC (NuScale) response to the referenced NRC Request for Additional Information (RAI).

The Enclosures to this letter contain NuScale's response to the following RAI Questions from NRC eRAI No. 8847:

18-6 18-7 is the proprietary version of the NuScale Response to NRC RAI No. 262 (eRAI No.

8847). NuScale requests that the proprietary version be withheld from public disclosure in

accordance with the requirements of 10 CFR § 2.390. The enclosed affidavit (Enclosure 3)

supports this request. Enclosure 2 is the nonproprietary version of the NuScale response.

7KH+XPDQ)DFWRUV(QJLQHHULQJ+XPDQ6\VWHP,QWHUIDFH'HVLJQ5HVXOWV6XPPDU\5HSRUW

53DQG+XPDQ6\VWHP,QWHUIDFH6W\OH*XLGH(6FRQWDLQHGH[SRUW

FRQWUROOHGLQIRUPDWLRQ7KHPDUNXSSDJHVLQWKHHQFORVHG5$,UHVSRQVHIRU53DQG

(6DUHWKHUHIRUHODEHOHG([SRUW&RQWUROOHGDOWKRXJKWKHVHPDUNXSSDJHVGRQRW

FRQWDLQDQ\H[SRUWFRQWUROOHGLQIRUPDWLRQ

This letter and the enclosed responses make no new regulatory commitments and no revisions

to any existing regulatory commitments.

If you have any questions on this response, please contact Steven Mirsky at 240-833-3001 orat smirsky@nuscalepower.com.

Sincerely, Jennie Wike Manager, Licensing NuScale Power, LLC NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-1217-57654 Distribution: Gregory Cranston, NRC, OWFN-8G9A Samuel Lee, NRC, OWFN-8G9A Demetrius Murray, NRC, OWFN-8G9A : NuScale Response to NRC Request for Additional Information eRAI No. 8847, proprietary : NuScale Response to NRC Request for Additional Information eRAI No. 8847, nonproprietary : Affidavit of Zackary W. Rad, AF-1217-57663 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-1217-57654 :

NuScale Response to NRC Request for Additional Information eRAI No. 8847, proprietary NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

RAIO-1217-57654 :

NuScale Response to NRC Request for Additional Information eRAI No. 8847, nonproprietary NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

Response to Request for Additional Information Docket No.52-048 eRAI No.: 8847 Date of RAI Issue: 10/14/2017 NRC Question No.: 18-6 This regulatory basis applies to all questions in this request for additional information (RAI).

Title 10 of the Code of Federal Regulations (10 CFR) Section 52.47(a)(8) requires an applicant for a design certification to provide a final safety analysis report (FSAR) that must include the information necessary to demonstrate compliance with any technically relevant portions of the Three Mile Island requirements set forth in 10 CFR 50.34(f), except paragraphs (f)(1)(xii),

(f)(2)(ix), and (f)(3)(v). Specifically, 10 CFR 50.34(f)(2)(iv) requires an applicant to "Provide a plant safety parameter display console that will display to operators a minimum set of parameters defining the safety status of the plant, capable of displaying a full range of important plant parameters and data trends on demand, and capable of indicating when process limits are being approached or exceeded."

Chapter 18, "Human Factors Engineering," of NUREG-0800, "Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition," lists NUREG-0711, "Human Factors Engineering Program Review Model," and NUREG-0700, "Human-System Interface Design Review Guidelines," as the sources of acceptance criteria the staff uses to evaluate whether an applicant meets the regulation. Specifically, NUREG-0711, Criterion 8.4.4.2(1), and NUREG-0700, Section 5, "Safety Function and Parameter Monitoring System,"

provide guidance for the design of the plant safety parameter display.

The applicant stated in the FSAR, Tier 2, Section 18.0, "Human Factors Engineering -

Overview," that its human factors engineering (HFE) program incorporates accepted HFE standards and guidelines including the applicable guidance provided in NUREG-0711, Revision

3. The applicant stated in the FSAR, Tier 2, Section 18.7.2.1.3, "Regulatory and Other Requirements," that the NuScale design also incorporates the guidance in NUREG-0700, Revision 2.

Question 1 The Human Factors Engineering Interface Style Guide (HSI Style Guide), ES-0304-1381-P, Revision 1, Volume II, Section 3.3.2, "Requirements and Guidelines," contains the guidance from NUREG-0700, Section 5, Criteria 5.1-7, 5.1-8, 5.1-9, 5.1-10, 5.2-1, 5.2-2, 5.3-2, 5.3-3 and 5.4-3; however, the NuScale application does not explain how these criteria have been applied to the design of the Safety Display and Indication System (SDI). Specifically, the HSI Style NuScale Nonproprietary

Guide incorporates the NUREG-0700, Section 5 criteria as SDI design "guidelines," which are defined as suggestions for an interface versus "requirements," which are defined as user interface specifications that must be implemented in the design. Also, the "HSI Design Criteria" listed below these guidelines do not contain information about how or whether the SDI conforms to the guidelines.

The Human-System Interface Design Results Summary Report (HSI Design RSR),

RP-0316-17619, Revision 0, Section 4.6.2.1, "Safety Display and Indication Console," states, "The NuScale HSI design addresses the 10 CFR 50.34(f)(2)(iv) requirement to provide a plant safety SDI [Safety Display and Indication] console that will display to operators a minimum set of parameters defining the safety status of the plant, capable of displaying a full range of important plant parameters and data trends on demand, and capable of indicating when process limits are being approached or exceeded as discussed below." The staff observed that the "discussion below" appears to be missing from the HSI Design RSR, Section 4.6.2.1, and the HSI Style Guide, Appendix F, "Safety Display and Indication System."

For the SDI display, revise the application to explain how: (1) it will allow users to comprehend changes in status, (2) the sampling rate for each critical variable will be consistent with user needs, (3) critical variables will be displayed with sufficient accuracy for the user, (4) critical plant variable magnitudes and trends will be displayed, (5) it will assist users in monitoring critical parameters and alerting them when values are out of range, (6) the system provides cues to alert personnel to abnormal conditions that may warrant corrective actions, (7) data is validated in real time, (8) data validation status is displayed to the operator, and (9) display devices are labeled and distinguished from other devices.

Also, revise the application to explain how the guidelines in the HSI Style Guide, Section 3.3, have been implemented into the SDI design.

NuScale Response:

The HFE Human-Systems Interface (HSI) Design Results Summary Report (RSR),

RP-0316-17619, Section 4.6.2, and the HSI Style Guide, ES-0304-1381-P, Appendix F, have been revised to include discussion of how the NuScale HSI design addresses the 10 CFR 50.34(f)(2)(iv) requirement.

The HSI Style Guide, ES-0304-1381-P, Section 3.3.2, has been revised to further define how the nine guidelines cited in NUREG-0700, Section 5 have been specified in the safety display and indication (SDI) design.

Changes to the HSI Style Guide and HSI Design RSR are attached. Conforming changes to FSAR Section 18.7.4 are attached.

NuScale Nonproprietary

Impact on DCA:

FSAR Section 18.7.4, ES-0304-1381, Human Systems Interface Style Guide, and RP-0316-17619, HFE Human-System Interface Design RSR, have been revised as described in the response above and as shown in the markup provided with this response.

NuScale Nonproprietary

Response to Request for Additional Information Docket No.52-048 eRAI No.: 8847 Date of RAI Issue: 10/14/2017 NRC Question No.: 18-7 This regulatory basis applies to all questions in this request for additional information (RAI).

Title 10 of the Code of Federal Regulations (10 CFR) Section 52.47(a)(8) requires an applicant for a design certification to provide a final safety analysis report (FSAR) that must include the information necessary to demonstrate compliance with any technically relevant portions of the Three Mile Island requirements set forth in 10 CFR 50.34(f), except paragraphs (f)(1)(xii),

(f)(2)(ix), and (f)(3)(v). Specifically, 10 CFR 50.34(f)(2)(iv) requires an applicant to "Provide a plant safety parameter display console that will display to operators a minimum set of parameters defining the safety status of the plant, capable of displaying a full range of important plant parameters and data trends on demand, and capable of indicating when process limits are being approached or exceeded."

Chapter 18, "Human Factors Engineering," of NUREG-0800, "Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition," lists NUREG-0711, "Human Factors Engineering Program Review Model," and NUREG-0700, "Human-System Interface Design Review Guidelines," as the sources of acceptance criteria the staff uses to evaluate whether an applicant meets the regulation. Specifically, NUREG-0711, Criterion 8.4.4.2(1), and NUREG-0700, Section 5, "Safety Function and Parameter Monitoring System,"

provide guidance for the design of the plant safety parameter display.

The applicant stated in the FSAR, Tier 2, Section 18.0, "Human Factors Engineering -

Overview," that its human factors engineering (HFE) program incorporates accepted HFE standards and guidelines including the applicable guidance provided in NUREG-0711, Revision

3. The applicant stated in the FSAR, Tier 2, Section 18.7.2.1.3, "Regulatory and Other Requirements," that the NuScale design also incorporates the guidance in NUREG-0700, Revision 2.

Question 2 NUREG-0700, Criterion 5.1-12, states that where plant operating modes impose different demands, separate display pages should be provided for each mode. The HSI Style Guide includes requirements and guidelines for the SDI in Section 3.3.2, Guideline No. 3.3.2.1.12, "Separate Display Pages for Plant Modes, HSI Design Criteria" states that the NuScale SDI will provide only one display page that covers all modes of operation. However, it is not clear to the NuScale Nonproprietary

staff whether different unit modes of operation will impose different demands such that separate display pages should be provided for each mode on each units SDI.

For the SDI display, please explain whether unit operating modes impose different demands or explain how the display may change for different unit modes.

NuScale Response:

The Human-Systems Interface (HSI) Design Criteria, Guideline 3.3.2.1.12, in the HSI Style Guide ES-0304-1381, has been revised to clarify whether unit operating modes impose different demands or explain how the display may change for different unit modes.

Changes to the HSI Style Guide are attached.

Impact on DCA:

ES-0304-1381, Human-Systems Interface Style Guide, has been revised as described in the response above and as shown in the markup provided with this response.

NuScale Nonproprietary

NuScale Final Safety Analysis Report Human-System Interface Design The results of the HSI design analysis, including details of the resulting MCR configuration, are documented in Reference 18.7-2.

The HSI tests and evaluations activities are part of the HSI design analysis, and include HSI inventory and characterization, HSI task support verification, and HSI design verification.

These activities will continue during the detailed design and integration phase to capture the HSI design as it evolves through the verification and validation HFE element.

18.7.4 References RAI 18-6, RAI 18-7, RAI 18-8 18.7-1 NuScale Power, LLC, Human Factors Engineering Human-System Interface Style Guide, ES-0304-1381, Revision 12.

RAI 18-6, RAI 18-7, RAI 18-8 18.7-2 NuScale Power, LLC, Human-System Interface Design Results Summary Report, RP-0316-17619, Revision 01.

Tier 2 18.7-12 Draft Revision 1

Human Factors Engineering Human-System Interface Design Results Summary Report RP-0316-17619-NP Rev. 10 2.0 Implementation 2.1 Human-System Interface Design Process Overview The analyses performed in the early stages of the HFE program are important steps in establishing the inputs to the design requirements for the NuScale HSIs. The HSI design inputs that are analyzed and/or developed include the following:

  • operating experience review (OER)
  • functional requirements analysis and function allocation (FRA/FA)
  • task analysis (TA)
  • staffing and qualifications (S&Q)
  • treatment of important human actions (IHAs)
  • concept of operations
  • l&C systems design
  • alarm management
  • system requirements
  • HSI Style Guide Once the inputs are established, the design effort follows the NuScale HSI process steps listed below when designing the MCR, conceptual workstations, and screen-based HSIs needed to complete the design effort.
1. Follow the appropriate chapters of the NuScale HSI Style Guide needed to establish a safe, user-friendly workplace location.
2. Follow the appropriate chapters of the NuScale HSI Style Guide needed to establish safe, user-friendly workstations.
3. Design and develop the HSI needed to accomplish safe and reliable operation of the plant.
4. Test and evaluate the HFE/HSI design of the simulator and products developed to support SPV testing The HSI design products are the physical HSI screens, the embedded procedure functionality, and the plant notification functionality maintained within the simulator control room hardware and software. Examples and illustrations of these results are provided in Section 4.0 of this report.

© Copyright 20176 by NuScale Power, LLC 7

Human Factors Engineering Human-System Interface Design Results Summary Report RP-0316-17619-NP Rev. 10 4.6.1.5 Human Performance/Fatigue The NuScale HSI is designed to enhance human performance by reducing fatigue.

Automation of plant functions reduces repetitive tasks. Reduced navigation between individual screens is accomplished by simplified plant design. The arrangement or hierarchy of individual HSI screens is based on job analysis, the frequency and sequence of use, and operator roles to increase the simplicity of navigation. Task-based displays are incorporated to reduce navigation steps during procedure use. VDUs are designed for pointing device (e.g., mouse) operation.

In addition, the detailed design conducted during the HSI design element optimizes MCR facility attributes that are known to affect fatigue, such as lighting, ergonomics, and overall physical layout.

4.6.1.6 Environmental Conditions MCR environmental conditions comply with Regulatory Guide 1.196 with regard to temperature, humidity, air quality, and radiation protection. Auxiliary systems such as heating, ventilation, air conditioning, and lighting systems are designed by other engineering disciplines with input from the HFE design team.

4.6.1.7 Human-System Interface Updates of Plant Modifications

((2(a),(c) 4.6.2 Main Control Room The HFE design team ensured that the HSI process and the resulting products addressed the following important MCR considerations:

1. Safety Display and Indication Console The NuScale HSI design addresses the 10 CFR 50.34(f)(2)(iv) requirement to provide a plant safety SDI console that will display to operators a minimum set of parameters defining the safety status of the plant, capable of displaying a full range of important plant parameters and data trends on demand, and capable of indicating when process limits are being approached or exceeded as discussed below.

The NuScale PRA, Safety Analysis, and Plant Operations groups considering the guidance of NUREG-1342 determined the critical safety functions. The selection of the © Copyright 20176 by NuScale Power, LLC 93

Human Factors Engineering Human-System Interface Design Results Summary Report RP-0316-17619-NP Rev. 10 variable type (A, B, C, D, or E) was performed. The minimum set of parameters chosen for display are available on the SDCV SDI display panel for each unit in the MCR. An SDI Display page example is shown in Section 7.0. Note: There are no Type A variables in the NuScale plant design or E variables shown on the SDI HSI. The NuScale HSI design addresses the 10 CFR 50.34(f)(2)(iv) requirement to provide a plant safety SDI console that will display to operators a minimum set of parameters defining the safety status of the plant, capable of displaying a full range of important plant parameters and data trends on demand, and capable of indicating when process limits are being approached or exceeded as discussed below. The SDI bank of SDCV video display units provides redundant, highly reliable indications of plant conditions provided by the MPS and PPS networks. Operators rely on these indications to give them the status of the plant during normal operations and for 72 hours after a loss of normal power. Additionally, the MPS and PPS provide information to the MCS and PCS, respectively, via unidirectional communication paths. The PCS and MCS communicate with each other via bi-directional communication paths. Each SDI VDU will provide one display page that covers all five modes of operation. This is appropriate based on the plants simple, passive design where all required information can be displayed on a single HSI page. This approach allows for a more simplistic SDI implementation and provides the operators with consistent display page behavior across all SDI VDUs. The organization of information (e.g., grouping) of related data is important for supporting prompt recognition and comprehension of plant status. The information presented by the SDI includes parameters and indications of functions important to plant safety. Important presentation characteristics include the conciseness of the display format, the arrangement of information, the range of conditions displayed, the display system's response to transient and accident conditions, the data sampling rate, the display's accuracy, the continuous presentation of information, the visibility of displayed data, limit marks for variables, and the indication of magnitudes and trends for variables. Some of the more important SDI display page requirements are listed below:

  • The SDI display page parameters accuracy and update sampling rates will be consistent with the MPS/PPS system that drives them.
  • The SDI display page will provide visual cues for the initiation and completion of a safety function by highlighting a reserved area on the display page indicating the current status of that function. Each safety function has its own status area reserved on the display page.

© Copyright 20176 by NuScale Power, LLC 94

Human Factors Engineering Human-System Interface Design Results Summary Report RP-0316-17619-NP Rev. 10

  • The SDI display page will utilize the trending feature to a set of predetermined parameters to help the operators maintain attention to slow and rapidly changing variables.
  • The SDI display page trends will be appropriately scaled to the magnitudes of the variables in 5-10 divisions based on the parameter(s) being displayed. The trends will be designed to provide the adequate space for scaling. All trend areas will have a 30 min data display requirement with no auto-ranging capability.
        *    ((
                                                             }}2(a),(c)

© Copyright 20176 by NuScale Power, LLC 95

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 3.3.2.1.6 Display Response to Transient and Accident Sequences ES-0304-1381-10958 Guideline: The display's respond to transient and accident sequences should keep the user informed of the current plant status. HSI Design Criteria The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 3.3.2.1.7 Rapid and Reliable Recognition of Safety Status Change ES-0304-1381-10960 Guideline: Critical safety function displays should allow users to comprehend a change in safety status in a matter of seconds. Additional Information: These displays should incorporate accepted HFE principles to ensure user performance. For example, display formats containing patterns or visual coding that depict relationships between variables may support rapid comprehension. Patterns may be used that noticeably distort when an unsafe conditions is approached. HSI Design Criteria The SDI display page will provide visual cues for the initiation and completion of a safety function by highlighting a reserved area on the display page indicating the current status of that function. Each safety function has its own status area reserved on the display pagebe arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 © Copyright 20176 by NuScale Power, LLC 186

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 3.3.2.1.8 Data Sampling Rate ES-0304-1381-10962 Guideline: The sampling rate for each critical plant variable should be consistent with the users' needs for performing tasks. Additional Information: There should be no meaningful loss of information in the presented data. The time delay from when the sensor signal is sampled to when it is displayed should be consistent with other displays of the HSI. HSI Design Criteria The update frequency shall be fast enough to avoid the potential of misleading the operator with respect to plant conditions. It is considered prudent that this update period is less than or equal to two seconds. The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 3.3.2.1.9 Display Accuracy ES-0304-1381-10964 Guideline: Each critical variable should be displayed with sufficient accuracy for the user to discriminate between normal conditions and those affecting plant safety status. HSI Design Criteria The SDI HSI display page parameters accuracies are provided in Chapter 7 of the Final Safety Analysis Report and shall be established based on the assigned function. The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 3.3.2.1.10 Magnitudes and Trends of Critical Variables ES-0304-1381-10966 Guideline: The display should provide magnitudes and trends for critical plant variables or derived variables. Additional Information: Trends should be displayed with sufficient resolution in time and magnitude to ensure that rapidly changing variables can be observed and accurately © Copyright 20176 by NuScale Power, LLC 187

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 interpreted. The time history should cover enough time and be accurate enough to depict the onset and development of conditions that vary from preceding normal operating conditions. HSI Design Criteria The SDI trends will be appropriately scaled to the magnitudes of the variables in 5-10 divisions based on the parameter(s) being displayed. The trends will be designed to trend like variables such that the scaling will provide the adequate space for observation. All trend areas will have a 30 min data display requirement with no auto-ranging capabilitydisplay page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 3.3.2.1.11 Continuous Display ES-0304-1381-10968 Guideline: Displays for monitoring safety parameters and functions should continuously display this information. Additional Information: The display system may be considered continuous even though all critical variables cannot be seen at one time. An example is a hierarchical network of displays from which the user can access specific displays for assessing the safety status of the plant. HSI Design Criteria The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.1 3.3.2.1.12 Separate Display Pages for Plant Modes ES-0304-1381-10970 Guideline: Where plant operating modes impose different demands, separate display pages should be provided for each mode. Additional Information: Some typical modes of plant operation are power operation, startup, hot standby, and hot shutdown. For each mode, the displays should contain at least the minimum set of data needed to assess the safety status of the plant. One © Copyright 20176 by NuScale Power, LLC 188

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 means for accommodating the plant modes is to have a top-level display that is independent of plant mode and a set of mode-dependent subordinate display pages. HSI Design Criteria NuScale will provide only one display page that covers all five modes of operation. This is appropriate based on the plants simple, passive design where all required information can be displayed on a single HSI page. This approach allows for a more simplistic SDI panel coding platform and provides the operators with consistent display page behavior across all SDI VDUs.modes of operation.

Reference:

NUREG-0700-5.1 3.3.2.2 User-System Integration 3.3.2.2.1 Critical Parameter Monitoring Support ES-0304-1381-10972 Guideline: The system should assist the user in monitoring critical parameters, especially parameters that change very rapidly or very slowly, by alerting the user when values are out of range. Additional Information: The user may not be able to maintain attention on the slow-changing indication due to competing task demands and, thus, may not be aware that the parameter is out of range. For rapidly changing parameters, the unacceptable range might be reached before the user is able to begin monitoring the parameter. Setpoints used to indicate a change in status should be chosen to provide users with sufficient time to respond appropriately. HSI Design Criteria The SDI display page will utilize the trending feature to help the operators maintain attention to slow and rapidly changing parametersbe arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.2 3.3.2.2.2 Alerts for Abnormal Conditions ES-0304-1381-10974 Guideline: Where feasible, the system should provide perceptual (audible or visual) cues to alert personnel to abnormal operation conditions that potentially warrant corrective action. © Copyright 20176 by NuScale Power, LLC 189

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 HSI Design Criteria The SDI display page will provide visual cues for the initiation and completion of a safety system actuation. Due to the limitations of the MPS and PPS I&C system no alarm or caution icons and their associated behaviors (flashing) as well as audible cues will be given at the SDI panelbe arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions. No The abnormal operational condition behaviors (both visual and audible) of important parameters will be provided in the MCR by the MCS/PCS HSIaudible cues will be given for the SDI panel.

Reference:

NUREG-0700-5.2 3.3.2.2.3 Alert to Higher Level Displays ES-0304-1381-10976 Guideline: While viewing secondary (lower-level) displays, a perceptual (audible or visual) cue should be provided by the safety parameter or function monitoring system to alert the user to return to the primary (higher- level) display format if significant information in that display requires user attention. HSI Design Criteria The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions. No audible cues will be provided by the SDI panel.

Reference:

NUREG-0700-5.2 3.3.2.2.4 Ease of Interaction ES-0304-1381-10978 Guideline: User interactions with the display system should be within the skill capability of the control room crew and should not significantly increase personnel workload. Additional Information: No additional operating staff beyond the normal control room operating crew should be needed to operate the display during normal and abnormal © Copyright 20176 by NuScale Power, LLC 190

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 plant operation. Interactions with the display system should not impose workload demands that detract from other tasks performed by control room personnel during normal and abnormal plant operations. HSI Design Criteria The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.2 3.3.2.3 Display Indication Features 3.3.2.3.1 Display Reliability ES-0304-1381-10980 Guideline: The display should not give false indications of plant status. Additional Information: Both the processing of display information and the display device should be highly reliable. The operating and failed states should be indicated to users as described in ES-0304-1381-7961. HSI Design Criteria The SDI display page will be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions. SDI panel hardware will be highly reliable.

Reference:

NUREG-0700-5.3 3.3.2.3.2 Data Reliability/Validation for Critical Plant Variables ES-0304-1381-10982 Guideline: Critical plant variables should be reliable and should be validated in real time. Additional Information: There are several methods of ensuring that critical variables are reliably presented to the operators. These methods should be used as appropriate to achieve a high data quality and veracity. Lack of data validation places the burden of identifying valid readings on the operator. One method of achieving this would be to have an estimate of data quality and a data quality indicator associated with each critical variable, including derived synthetic variables. Other recommended methods include: range checks for failed instruments; comparison of redundant sensors; and analytical redundancy. Range checks for failed instruments can ensure that failed instruments are © Copyright 20176 by NuScale Power, LLC 191

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 identified and that they are not averaged with other, valid readings, possibly masking the failed instrument. Comparing and possible averaging redundant instruments can improve the quality and reliability of data. Analytical redundancy refers to the intercomparison of measured variables, through the use of mathematical models based upon known physical relationships among variables to determine whether there are inconsistencies in the values of the measured variables. For example, 'reactor power,' 

        'reactor coolant temperature rise through the reactor core,' and 'reactor coolant flow rate' are interrelated variables based upon the physical principles of heat transfer. A measured value for coolant flow should be consistent with the analytically calculated value for coolant flow derived mathematically from the corresponding measured values of reactor power and coolant temperature rise.

HSI Design Criteria The SDI display page will contain a display refresh icon that is updated by the control system clock. When active the operator can have confidence that the data on the display page is to most recent value. A frozen refresh icon indicates to the operator that all of the active data on that display page is unreliablewill be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.3 3.3.2.3.3 Display of Data Reliability/Validation for Critical Plant Variables ES-0304-1381-10984 Guideline: The status of the data should be displayed to the operator with an appropriate data quality indicator (e.g., valid, invalid, or unvalidated; or a derived numerical estimate). Additional Information: Operators should also have available (e.g., on a separate display page) the individual sensor readings, so they can pinpoint an indicated problem, if the validation fails. HSI Design Criteria The SDI display page parameters and components will change from their respective valid colors (On/Off, Open/Closed, etc.) to a pure white indication in the event that the control system senses a failure of that component. This color change will indicate to the operator that data point is no longer reliablewill be arranged in a concise consistent format that contains all the information the operators will need to safely monitor the plant under all conditions.

Reference:

NUREG-0700-5.3 © Copyright 20176 by NuScale Power, LLC 192

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 3.3.2.3.4 Operator Information to Support Plant Safety ES-0304-1381-7947 Requirement: Plant parameters and variables important to safety shall be displayed in a way that is convenient and readily accessible to the operator. HSI Design Criteria Separate panels will be provided in the main control room to display plant safety parameters. The SDI system information is provided to the control room via a separate control system. All NuScale HSI will be built with a common theme using the aAppendices A through H . The appendices will provide the common themed design criteria strivethat will to make ALLall plant parameters being displayed convenient and readily accessible to the users of the NuScale HSI.

Reference:

NUREG-0700-1.1 3.3.2.4 Integration with other HSI Elements 3.3.2.4.1 Interference with Crew Movement ES-0304-1381-10986 Guideline: The location of displays for monitoring safety parameters and functions should not interfere with the normal movement of the control room crew. HSI Design Criteria The SDI display location will not interfere with normal crew movements with in the MCR.

Reference:

NUREG-0700-5.4 3.3.2.4.2 Visual Interference with Other Controls and Displays ES-0304-1381-10988 Guideline: The display system should not interfere with visual access to other control room operating systems or with displays that are important to safe operation of the plant. HSI Design Criteria © Copyright 20176 by NuScale Power, LLC 193

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 The SDI display location will not interfere with other equipment with in the MCR.

Reference:

NUREG-0700-5.4 3.3.2.4.3 Labeling ES-0304-1381-10990 Guideline: Display devices for monitoring safety parameters and functions should be labeled and readily distinguished from other devices. HSI Design Criteria SDI Each SDI VDU will be uniquely labeled with the unit and division number. Each critical section Containment, Reactivity and Core Heat Removal will be clearly outlined within the confines of the page. All other components, parameters or trends will have clear labeling that will be placed in a consistent location that will distinguish the display page items from one anotherpanels will be labeled. Control room indication of Type B and Type C variables will be uniquely identified as accident monitoring variables with a characteristic designation so that the operator can easily discern information intended for use under accident conditions. On a multi-variable video display, accident monitoring variables will be specifically identified.

Reference:

NUREG-0700-5.4 © Copyright 20176 by NuScale Power, LLC 194

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 The HFE design team ensured that the HSI process and the resulting products addressed the following important MCR considerations:

1. Safety Display and Indication Console The NuScale PRA, Safety Analysis, and Plant Operations groups considering the guidance of NUREG-1342 determined the critical safety functions. The selection of the variable type (A, B, C, D, or E) was performed. The minimum set of parameters chosen for display are available on the SDCV SDI display panel for each unit in the MCR.

Note: There are no Type A variables in the NuScale plant design or E variables shown on the SDI HSI. The NuScale HSI design addresses the 10 CFR 50.34(f)(2)(iv) requirement to provide a plant safety SDI console that will display to operators a minimum set of parameters defining the safety status of the plant, capable of displaying a full range of important plant parameters and data trends on demand, and capable of indicating when process limits are being approached or exceeded as discussed below. The SDI bank of SDCV video display units provides redundant, highly reliable indications of plant conditions provided by the MPS and PPS networks. Operators rely on these indications to give them the status of the plant during normal operations and for 72 hours after a loss of normal power. Additionally, the MPS and PPS provide information to the MCS and PCS, respectively, via unidirectional communication paths. The PCS and MCS communicate with each other via bi-directional communication paths. Each SDI VDU will provide one display page that covers all five modes of operation. This is appropriate based on the plants simple, passive design where all required information can be displayed on a single HSI page. This approach allows for a more simplistic SDI implementation and provides the operators with consistent display page behavior across all SDI VDUs. The organization of information (e.g., grouping) of related data is important for supporting prompt recognition and comprehension of plant status. The information presented by the SDI includes parameters and indications of functions important to plant safety. Important presentation characteristics include the conciseness of the display format, the arrangement of information, the range of conditions displayed, the display system's response to transient and accident conditions, the data sampling rate, the display's accuracy, the continuous presentation of information, the visibility of displayed data, limit marks for variables, and the indication of magnitudes and trends for variables. Some of the more important SDI display page requirements are listed below:

  • The SDI display page parameters accuracy and update sampling rates will be consistent with the MPS/PPS system that drives them.

© Copyright 20176 by NuScale Power, LLC 589

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21

  • The SDI display page will provide visual cues for the initiation and completion of a safety function by highlighting a reserved area on the display page indicating the current status of that function. Each safety function has its own status area reserved on the display page.
  • The SDI display page will utilize the trending feature to a set of predetermined parameters to help the operators maintain attention to slow and rapidly changing variables.
  • The SDI display page trends will be appropriately scaled to the magnitudes of the variables in 5-10 divisions based on the parameter(s) being displayed. The trends will be designed to provide the adequate space for scaling. All trend areas will have a 30 min data display requirement with no auto-ranging capability.
        *    ((
                                                        }}2(a),(c)

© Copyright 20176 by NuScale Power, LLC 590

Human-System Interface Style Guide ES-0304-1381-NP Rev. 21 (( 

                                                                  }}2(a),(c)

Figure F-2. SDI Panel © Copyright 20176 by NuScale Power, LLC 591

RAIO-1217-57654 : Affidavit of Zackary W. Rad, AF-1217-57663 NuScale Power, LLC 1100 NE Circle Blvd., Suite 200 Corvalis, Oregon 97330, Office: 541.360.0500, Fax: 541.207.3928 www.nuscalepower.com

NuScale Power, LLC AFFIDAVIT of Zackary W. Rad I, Zackary W. Rad, state as follows:

1. I am the Director, Regulatory Affairs of NuScale Power, LLC (NuScale), and as such, I have been specifically delegated the function of reviewing the information described in this Affidavit that NuScale seeks to have withheld from public disclosure, and am authorized to apply for its withholding on behalf of NuScale.
2. I am knowledgeable of the criteria and procedures used by NuScale in designating information as a trade secret, privileged, or as confidential commercial or financial information. This request to withhold information from public disclosure is driven by one or more of the following:
a. The information requested to be withheld reveals distinguishing aspects of a process (or component, structure, tool, method, etc.) whose use by NuScale competitors, without a license from NuScale, would constitute a competitive economic disadvantage to NuScale.
b. The information requested to be withheld consists of supporting data, including test data, relative to a process (or component, structure, tool, method, etc.), and the application of the data secures a competitive economic advantage, as described more fully in paragraph 3 of this Affidavit.
c. Use by a competitor of the information requested to be withheld would reduce the competitor's expenditure of resources, or improve its competitive position, in the design, manufacture, shipment, installation, assurance of quality, or licensing of a similar product.
d. The information requested to be withheld reveals cost or price information, production capabilities, budget levels, or commercial strategies of NuScale.
e. The information requested to be withheld consists of patentable ideas.
3. Public disclosure of the information sought to be withheld is likely to cause substantial harm to NuScale's competitive position and foreclose or reduce the availability of profit-making opportunities. The accompanying Request for Additional Information response reveals distinguishing aspects about the methods by which NuScale develops its human-systems interface design.

NuScale has performed significant research and evaluation to develop a basis for this methods and has invested significant resources, including the expenditure of a considerable sum of money. The precise financial value of the information is difficult to quantify, but it is a key element of the design basis for a NuScale plant and, therefore, has substantial value to NuScale. If the information were disclosed to the public, NuScale's competitors would have access to the information without purchasing the right to use it or having been required to undertake a similar expenditure of resources. Such disclosure would constitute a misappropriation of NuScale's intellectual property, and would deprive NuScale of the opportunity to exercise its competitive advantage to seek an adequate return on its investment. AF-1217-57663

4. The information sought to be withheld is in the enclosed response to NRC Request for Additional Information No. 262, eRAI No, 8847. The enclosure contains the designation "Proprietary" at the top of each page containing proprietary information. The information considered by NuScale to be proprietary is identified within double braces, "(( }}" in the document.
5. The basis for proposing that the information be withheld is that NuScale treats the information as a trade secret, privileged, or as confidential commercial or financial information. NuScale relies upon the exemption from disclosure set forth in the Freedom of Information Act ("FOIA"), 5 USC § 552(b)(4), as well as exemptions applicable to the NRC under 10 CFR §§ 2.390(a)(4) and 9.17(a)(4).
6. Pursuant to the provisions set forth in 10 CFR § 2.390(b)(4), the following is provided for consideration by the Commission in determining whether the information sought to be withheld from public disclosure should be withheld:
a. The information sought to be withheld is owned and has been held in confidence by NuScale.
b. The information is of a sort customarily held in confidence by NuScale and, to the best of my knowledge and belief, consistently has been held in confidence by NuScale.

The procedure for approval of external release of such information typically requires review by the staff manager, project manager, chief technology officer or other equivalent authority, or the manager of the cognizant marketing function (or his delegate), for technical content, competitive effect, and determination of the accuracy of the proprietary designation. Disclosures outside NuScale are limited to regulatory bodies, customers and potential customers and their agents, suppliers, licensees, and others with a legitimate need for the information, and then only in accordance with appropriate regulatory provisions or contractual agreements to maintain confidentiality.

c. The information is being transmitted to and received by the NRC in confidence.
d. No public disclosure of the information has been made, and it is not available in public sources. All disclosures to third parties, including any required transmittals to NRC, have been made, or must be made, pursuant to regulatory provisions or contractual agreements that provide for maintenance of the information in confidence.
e. Public disclosure of the information is likely to cause substantial harm to the competitive position of NuScale, taking into account the value of the information to NuScale, the amount of effort and money expended by NuScale in developing the information, and the difficulty others would have in acquiring or duplicating the information. The information sought to be withheld is part of NuScale's technology that provides NuScale with a competitive advantage over other firms in the industry.

NuScale has invested significant human and financial capital in developing this technology and NuScale believes it would be difficult for others to duplicate the technology without access to the information sought to be withheld. I declare under penalty of perjury that the foregoing is true and correct. Executed on 12/13/2017. Zackary W. Rad AF-1217-57663}}

Retrieved from "https://kanterella.com/w/index.php?title=ML17347B713&oldid=2537768"