ML080940560

From kanterella
Revision as of 11:39, 22 March 2020 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Advanced Logic System Class 1E Controls, Msfis V & V Report, Rev. 2.1, Enclosure I to ET 08-0014
ML080940560
Person / Time
Site: Wolf Creek Wolf Creek Nuclear Operating Corporation icon.png
Issue date: 02/18/2008
From:
Wolf Creek
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
ET 08-0014
Download: ML080940560 (67)


Text

Enclosure I to ET 08-0014 WCNOC MSFIS V & V Report, Rev. 2.1

ALS Class 1E Controls: MSFIS V&V Report ADVANCED LOGIC SYSTEM (ALS)

CLASS 1E CONTROLS A

MSFIS V & V REPORT REVISION 2.1 PROJECT MANAGER - GREGG CLARKSON MANAGEMENT SPONSOR - PATRICK GUEVEL EXECUTIVE SPONSOR - TERRY GARRETT Wolf Creek Nuclear Operating Corporation PO Box 411 1550 Oxen Lane, NE Burlington, KS 66839 Revision 2.1 2/18/2008 Page I of 24

ALS Class 1E Controls: MSFIS V&V Report Revision Control

~Rev proa ppoa Date <~'Desxriplion of Chaiige(s) 0 GWC 9/16/2006 Requirements Analysis Report 1 GWC 4/6/2007 Design Analysis Report 2 GWC 1/16/2008 Implementation and Test Analysis Report 2.1 GWC 2/18/2008 Move Revision 2 of the report into the same format as the rest of the ALS Class 1E Controls documents.

Revision 2.1 2/18/2008 Page 2 of 24

ALS Class 1E Controls: MSFIS V&V Report Table of Contents REVISIO N 2.1B ........................................................................................................................................................................ 1 1 I Introduction ........................................................................................................................................................................ 4 1.1 Pu rp o se ..................................................................................................................................................................... 4 1.2 Reference M aterial ................................................................................................................................................... 5 1.2.1 Wolf Creek Nuclear Operating Company (WCNOC) Specification J- 105A(Q) ..................................... 5 1.2.2 CMP - Configuration Management Plan for Class 1E Qualified ALS MSFIS ....................................... 5 1.2.3 W CN OC Procedure AP 05F-001 - D esign Verification ......................................................................... 5 1.2.4 W CN OC Procedure AP 05-002 - D ispositions and Change Packages ................................................... 5 1.2.5 WCNOC Procedure AP 05-005 Design, Implementation & Configuration Control of M odifications ............................................................................................................................................... 5 1.2.6 M SFIS V & V Report, CSI docum ent 6101-00200 .................................................................................. 5 1.2.7 Qualification Test Report, Nutherm docum ent W CN -9715R ................................................................. 5 2 V erification & Validation Overview .................................................................................................................................. 6 2.1 Organization ............................................................................................................................................................. 6 2.2 Configuration Managem ent Responsibilites ....................................................................................................... 9 2.2.1 V& V Staffi ng: ............................................................................................................................................. 9 2.3 Tasks and Responsibilities ....................................................................................................................................... 9 2.3.1 Project M anager Responsibilities ........................................................................................................... 9 2.3.2 Verification and V alidation Engineer Responsibilities ........................................................................... 9 2.3.3 Qualification and Quality Oversight Contractor Responsibilities ....................................................... 10 2.4 Tools, Techniques and M ethodology ..................................................................................................................... 11 2 .4 .1 T o o ls .......................................................................................................................................................... 11 2.4.2 Techniques and M ethodologies ............................................................................................................ 11 3 Life Cycle V& V ............................................................................................................................................................... 13 3.1 M anagem ent ........................................................................................................................................................... 13 3.2 System Requirem ents V &V ................................................................................................................... ................ 13 3.2.1 Overview ................................................................................................................................................... 13 3.2.2 Inputs/Outputs ........................................................................................................................................... 14 3.3 HARD W ARE REQU IREM ENTS V& V ............................................................................................................... 14 3.3.1 Verification and V alidation Tasks ............................................................................................................. 15 3.3.2 M ethods and Criteria ................................................................................................................................. 16 3.4 D ESIGN PH A SE V& V .......................................................................................................................................... 16 3.5 IMPLEM EN TATION and TEST PHASE V& V ............................................................................................... 20 3.5.1 Implem entation Phase ............................................................................................................................... 20 3.5.2 Test Phase .................................................................................................................................................. 22 4 V &V Sum mary ................................................................................................................................................................ 24 APPEN D IX A Requirem ents Traceability M atrix .................................................................... Error! Bookm ark not defined.

Revision 2.1 2/18/2008 Page 3 of 24

ALS Class 1E Controls: MSFIS V&V Report 1.1 Purpose The purpose of the MSFIS V&V Report (VVR) is to document the verification and validation processes and procedures that were used by Wolf Creek Nuclear Operating Company (WCNOC) to assure that the Advanced Logic System Main Steam and Feedwater Isolation System (ALS MSFIS) controls being developed meet the requirements for a safety related Class 1E qualified nuclear power plant safety system.

The VVR shall being issued in four (4) phases, as follows:

  • Revision 0 -- Requirements Analysis Report
  • Revision 1 -- Design Analysis Report
  • Revision 2 -- Implementation and Test Analysis Report
  • Revision 3 -- Validation Test Report This is Revision 2, the Implementation and Test Analysis Report.

The VVR is a living document that is prepared and updated periodically during the course of the project development. Each phase of the project, e.g., System Requirements Phase, Hardware Requirements Phase, Design Phase, and others, shall be covered by a subsection that documents in detail the V&V efforts during that phase, and the results thereof, including anomalies discovered and their resolution and consequent rework, reverification and revalidation. The documentation that each phase has been completed in full compliance with the requirements of that phase with respect to the specifications shall be included or specifically referenced from among the other required project documentation. The final report will consist of these subsections, together with subsections providing an overview and a summary of the entire V&V effort. The Requirements Traceability Matrix shall be included as an appendix to the final VVR. The format of the report will generally follow the outline below:

1. Purpose/Applicability/Limits/Exclusions of this VVR
2. Summary/Overview of the Project V&V effort
3. System Requirements Phase V&V Revision 2.1 2/18/2008 Page 4 of 24

ALS Class lE Controls: MSFIS V&V Report

4. Hardware Requirements Phase V&V
5. Design Phase V&V
6. Implementation Phase V&V (including Pre-Production Test Report)
7. Test Phase V&V (including Final Acceptance Test Report)
8. Installation and Checkout Phase V&V The VVR will supplement the Nutherm Qualification Test Report (QTR) by providing the details of the qualification of the system.

The VVR shall be prepared by the V&V Engineer, and approved by the ALS MSFIS Project Manager.

1.2 Reference Material Binding documents applicable to this VVR for this project are:

1.2.1 Wolf Creek Nuclear Operating Company (WCNOC) Specification J-105A(Q) 1.2.2 CMP - Configuration Management Plan for Class 1E Qualified ALS MSFIS 1.2.3 WCNOC Procedure AP 05F-001 - Design Verification 1.2.4 WCNOC Procedure AP 05-002 - Dispositions and Change Packages 1.2.5 WCNOC Procedure AP 05-005 Design, Implementation & Configuration Control of Modifications 1.2.6 MSFIS V&V Report, CSI document 6101-00200 1.2.7 Qualification Test Report, Nutherm document WCN-9715R 2/18/2008 Page 5 of 24 Revision 2.1 Revision 2.1 2/18/2008 Page 5 of 24

ALS Class 1E Controls: MSFIS V&V Report 2.1 Organization This section describes the organization for design/development and V&V of the subject system.

The project includes three independent groups, under the oversight of the ALS MSFIS Project Manager and WCNOC Design Change Process:

1. WCNOC Design Change Process - responsible for the design and implementation of modifications at WCGS using established WCNOC processes and procedures (AP 05-005, Design, Implementation & Configuration Control of Modifications and AP 05-002, Design Change Process). As a part of the established processes and procedures, an independent V&V of the Design Change Package is performed by a qualified WCNOC Engineer. This independent V&V is in addition to the V&V activities performed by the Class 1E Controls Supplier, the Qualification and Quality Oversight Contractor, and the V&V Engineer. A summary of all V&V activities is shown in Figure 1.
2. Class 1E Controls Supplier - responsible for the design, development, integration, and final delivery of the product. For this project, CS Innovations (CSI) is providing this function.
3. Qualification and Quality Oversight Contractor - responsible to provide both oversight and direct actions to independently ensure that the requirements on qualification of safety related hardware for the Class 1E system, including its performance, integration, configuration control, and documentation, are satisfied. Nutherm International (NI) performed this function.
4. V&V Engineer - responsible to provide independent oversight and direct actions to ensure that the V&V requirements for a Class IE system are satisfied. Baseline Engineering is providing this function as staff augmentation to WCNOC Engineering.

The V&V Engineer shall review and credit all underlying V&V activities performed by the Class lE Controls Supplier and/or the Qualification and Quality Oversight Contractor.

Revision 2.1 2/18/2008 Page 6 of 24

ALS Class IE Controls: MSFIS V&V Report OA Raport NuthersV&V Final %WSW" "uRemel Darawing LVMOT~ ReOfts tuns. *n CSI Traveler WVCNOC V&V and Nutlherm ALS Class IE Engineer Review Review Drawing Controls: MSFIS Activities Requirements Review Design Test Tesd Verification Review FAT Final VAV Repori

______ V&V Plan Review Test Plans Reviews Results Results Review Results Perform SAT Perform PIT _____

Resview VAV WOCNOC DeinActivities ID Review FAT ApoeDsg CagDoes Review amd SAT ChangevOelt Procou Y&V Fnl Results Paegehg:

ADSs Oarleablev Review Design DP$1 Figure 1: Summary of V&V Activities for the ALS Class 1E Controls: MSFIS Project 2/18/2008 Page 7 of 24 Revision Revision 2.1 2/18/2008 Page 7 of 24

ALS Class 1E Controls: MSFIS V&V Report Subsequent to the issue of VVR Revision 1 (8/31/07), WCNOC implemented a revised procurement structure for the MSFIS equipment. As noted above, CSI is now the Class 1E supplier, and NI's role for the ALS MSFIS project is to provide environmental qualification (EQ) and supplemental, or "augmented", quality oversight. This results in some duplication of quality efforts on the project. CSI has independently performed some additional EMC testing (informally) and has also performed an additional Factory Acceptance Test (FAT). These activities are documented in the CSI MSFIS V&V Report (ref.

1.2.6).

Prior to implementation of the new procurement structure WCNOC performed a Part 50 Appendix B audit of CSI. This performance based supplier audit focused on the supplier's in-process activities that are needed to reach a conclusion about whether items produced by the supplier's process will perform their intended function. This audit relied, in part, on the confirmatory acceptance testing that was performed by NI. The audit results concluded that the CSI Quality Assurance Program was well implemented and satisfies the requirements of 10 CFR 50 Appendix B. WCNOC's audit of CSI's 10 CFR 50 Appendix B Quality Assurance Program and performance of the independent reviews and qualification testing by NI, combined with WCNOC quality and engineering personnel oversight surveillance activities, provided the basis for the approval of CSI's 10 CFR 50 Appendix B Quality Assurance Program to supply WCNOC with safety related material. Figure 2 provides a timeline depicting the activities associated with the ALS MSFIS controls.

ALS MSFIS Controls - Vendor QA Timeline F - CS INNOVATIONS OA PROGRAM ASPAFR ULII OAO I SI 4SI.11 MISFIS SAT Cs' APID"CYCLE I EUILD ALS j ESIGH JIMPLEMEIIl FAT Activities CSNiON-S.Af'E INNOOVTIONU ryFO P .. Q*)i ?CVATIONS CSTATCOMPLETE E UUIPMETJTREALDY 44144i 6g* ON INST*ll.

fom teb M~~AI

". M.1 av J un, .I 4, ScpI. 0,~ ýIo De 1um Fe MmAp =.JlAu epOc o. Dcla, 2006 20077 2008

' 'J ,VEY AITTIENDED K51550FF MEEFINO INDEPENDENT PRDUCTION Nutherm EQUIPMENT Activities IUTHERM OA PROGRAM [DESIGN REVIEWS AND VENDOR SURVEYS SI-Figure 2: ALS MSFIS Controls - Vendor QA Timeline Revision 2.1 2/18/2008 Page 8 of 24

ALS Class IE Controls: MSFIS V&V Report 2.2 Configuration Management Responsibilites 2.2.1 V&V Staffing:

V&V Engineer, having broad background and experience in the design, development, test and operation of nuclear power plant instrumentation and control systems, and the standards and practices in this discipline, particularly regarding the experience in applying digital computer technology in these applications. The V&V Engineer shall perform and/or direct the performance of the V&V activities of the project.

2.3 Tasks and Responsibilities This section identifies the responsibilities of specific individuals and organizations within the framework of the VVR.

2.3.1 Project Manager Responsibilities{tc \13 "4.3.1 - Project Manager Responsibilities)

The ALS MSFIS Project Manager is responsible either personally, or through the actions of others, for the performance of the entire ALS MSFIS Project, including all aspects of design, development, manufacture, testing, and shipping. The following elements of V&V related activities are included in these responsibilities:

Prepare System Specification Prepare Project Plan Coordinate subcontracted design, qualification and test 2.3.2 Verification and Validation Engineer Responsibilities The V&V Engineer is an independent individual that is responsible to supervise and/or perform the System V&V Plan including the documentation thereof. Responsibilities include:

Perform and/or supervise verification and validation activities for each project phase.

Prepare the following plans:

System V&V Plan MSFIS Configuration Management Plan (CMP)

Revision 2.1 2/18/2008 Page 9 of 24

ALS Class 1E Controls: MSFIS V&V Report Prepare the Following Documents:

MSFIS V&V Report (VVR)

Requirements Traceability Matrix (RTM)

System Reliability Analysis (SRA)*

Failure Modes and Effects Analysis (FMEA)*

  • The SRA and FMEA, although not "traditional" V&V functions, are being performed by the V&V engineer. The reports will be included in the VVR Revision 3 as significant factors in the total system V&V process.

2.3.3 Qualification and Quality Oversight Contractor Responsibilities The following elements of V&V related activities are included in these responsibilities:

Prepare the following plans:

Qualification Plan Dedication Plan (Note: The Qualification and Quality Oversight Contractor (NI) was responsible for all aspects of the Class 1E qualification as the ALS MSFIS Controls procurement was originally structured.

The Design Contractor and Class 1E Controls Supplier (CSI) is now providing the equipment under their own Appendix B program, so some of the dedication activities have been re-iterated.

Reference 1. 1.6 provides details of this.)

Prepare the Following Procedures:

Seismic Test Procedure EMC Test Procedure Revision 2.1 2/18/2008 Page 10 of 24

ALS Class IlE Controls: MSFIS V&V Report 2.4 Tools, Techniques and Methodology 2.4.1 Tools One special tool is used in the V&V process, as follows:

1) A software tool (IBM Rational Pro) for tracking system requirements from the original specification through the various design documents, and generating the Requirements Traceability Matrix.

2.4.2 Techniques and Methodologies The fundamental methodology is to verify and document that each phase of the system development life cycle resulted in a product that satisfies the requirements for that phase. It must be proven that all elements of the design conform to the requirements. Further, it must be demonstrated that the integrated product performs all of the required functions, with no unintended functions.

To assure adequacy of the design and to facilitate the performance of the V&V process the following steps were taken:

a. Detailed, well defined requirements were established and formatted to facilitate verification that each requirement is satisfied, e.g., to facilitate testing and tracking.
b. To the maximum practicable extent, requirements were specified in well defined mathematical language, such as logic diagrams, state tables, or other unambiguous forms.
c. A Requirements Traceability Matrix is maintained to facilitate verification that the requirements were correctly propagated forward through the design, testing and validation steps of the development process, and so that validation at each phase of the development process is related specifically to these requirements.
d. Testing is defined and derived from the established requirements.
e. Testing results are well documented.
f. Configuration management are enforced.

Revision 2.1 2/18/2008 Reviion

.1 I11

/18/008Page of 24

ALS Class IE Controls: MSFIS V&V Report

g. Changes in requirements are controlled through a process of approval, documentation, and verification and validation commensurate with the scope and criticality of the changes.
h. Software that has been procured for use in design and/or testing shall be controlled during all phases of MSFIS development.
i. Procedures assure configuration control, including verification that the configuration used during testing is the same as that used for the final system.

Revision 2.1 2/18/2008 Page 12 of 24

ALS Class 1E Controls: MSFIS V&V Report The life cycle used in this project follows the "waterfall" model and includes the following phases:

1) System Requirements Phase
2) Hardware Requirements Phase
3) Design Phase
4) Implementation Phase
5) Test Phase
6) Installation and Checkout
7) Operation and Maintenance 3.1 Management The management of the V&V process for this project entails a close working relationship between the V&V Engineer and the ALS MSFIS Project Manager, to define the "fine structure" for the V&V work within the framework defined in this document. The V&V report (this document) is prepared and maintained as a living document during the life of the project by updating and adding material as each phase of the project is completed and any necessary iterations are performed.

3.2 System Requirements V&V 3.2.1 Overview System requirements were established by WCNOC in Specification J-105A(Q). CSI used this document to base the preparation of the conceptual design. One V&V step was taken in this phase:

1) Critical review of J-105A(Q) and resolution of comments and questions deriving there from.

2/18/2008 Page 13 of24 Revision 2.1 Revision 2.1 2/18/2008 Page 13 of 24

ALS Class 1E Controls: MSFIS V&V Report The principal V&V method used in this phase was the critical review of the WCNOC specification followed by discussions to resolve any comments or questions. The Requirements Traceability Matrix was initiated to provide a formalized database that provides item number by item number correlations.

Particular attention was given to assuring that the requirements are amenable to demonstration by test of the completed system. Approval was obtained from the CSI Lead Design Engineer, Qualification and Quality Oversight Contractor (NI), V&V Engineer and the Project Manager following resolution of all comments resulting from the System Requirements Verification. The criteria for satisfactory completion of this phase was the agreement by all parties that closure was achieved on all comments and that each individual technical requirement could be demonstrated through either test or analysis.

3.2.2 Inputs/Outputs The inut for this phase was the initial J-105A(Q) specification, Revision 1.

The output for this phase was the resolution of comments and issuance of Revision 2 of the J-105A(Q) specification.

3.3 HARDWARE REQUIREMENTS V&V The hardware requirements phase consisted of one step:

1) The preparation of the System Requirements Document (SRD, CSI Document 6101-00002, "MSFIS System Specification, Wolf Creek Generating Station").

The SRD provides a structured delineation of the system requirements contained in the J-105A(Q) specification that are satisfied by the design, and the manner and structure in which the design will function to satisfy those requirements. The SRD addresses:

a. Process inputs, including test inputs.
b. System logic required for operation of the MSFIS.
c. Process outputs, including ranges, accuracies, update interval, and human factors considerations of the operator interface.
d. Initialization requirements such as initial values and start-up sequence.
e. Logic for response to detected failures.
f. Operator interfaces (control panels, displays).

Revision 2.1 2/18/2008 Page 14 of 24

ALS Class 1E Controls: MSFIS V&V Report

g. Automated in-service test and diagnostic capabilities.
h. Timing requirements for all time dependent events, including overall system requirements.
i. Limitations on processing time.
j. Security requirements such as passwords.
k. Design features that provide administrative control of all devices capable of changing the content of stored setpoints and logic.
1. Initialization requirements such as power-up and power-down.
m. Design features for the detection of system failure.
n. Manually initiated in-service test or diagnostic capabilities.
o. Human factors engineering design features encompassing operator interfaces associated with operation, maintenance, and testing.
p. Mechanical and electrical interfaces with existing systems and structures.
q. Design features necessary to assure satisfaction of the seismic and electromagnetic interference design requirements for the system.

The SRD includes all of the technical requirements of the project in a form that facilitates tracking back to the statements of the J-105A specification, and forward to the succeeding phases of the development program.

3.3.1 Verification and Validation Tasks The V&V tasks for the requirements phase consisted of independent reviews of the documents prepared in this phase against the WCNOC J-105A(Q) specification. All questions, comments or anomalies found during the reviews were documented and resolved before proceeding to the design phase of the development process.

2/18/2008 Page 15 of24 Revision 2.1 Revision 2.1 2/18/2008 Page 15 of 24

ALS Class 1E Controls: MSFIS V&V Report 3.3.2 Methods and Criteria The Requirements Traceability Matrix was updated to confirm that the complete set of J-105A specification requirements were covered by the SRD. This step included:

1. Tracing the requirements to the system requirements.
2. Review of identified relationships for correctness, consistency, completeness, and accuracy.
3. Review to assure the requirements are testable.
4. Assessment of how well system requirements were satisfied, and identification of key performance and critical areas of the design.

3.4 DESIGN PHASE V&V The Tasks for the Verification and Validation of the design phase of the development process for the ALS MSFIS consisted of several activities as follows:

Review, approval, and issue of the CSI Documents 6101-00002, MSFIS System Specification, Wolf Creek Generating Station prepared by the design team to satisfy the requirements of the WCNOC J-105A(Q) Specification. Revision 3 of J-105A(Q) was issued on 6/29/07. This revision resolved several issues that were raised during the design phase and represents the "final" specification version moving forward from the Design Phase.

Preparation and issue by the Design Contractor /Class 1E Controls Supplier of the following documents:

  • ALS Level 2 FPGA Specification 0 6000-00002 - ALS-101 Level 2 Hardware Specification

. 6000-00003 -ALS-201 Level 2 Hardware Specification

  • 6000-00004 -ALS-301 Level 2 Hardware Specification
  • 6000-00005 -ALS-401 Level 2 Hardware Specification
  • 6000-00006 -ALS-411 Level 2 Hardware Specification
  • 6000-00007 -ALS-905 Level 2 Hardware Specification Revision 2.1 2/18/2008 Page 16 of 24

ALS Class 1E Controls: MSFIS V&V Report These specifications were issued by the Design Contractor /Class 1E Controls Supplier and represent the detailed board designs for the ALS MSFIS.

Review, approval, and issue of drawings including:

4101-008 Bill of Materials and Assembly Drawing, ALS Backpanel 4101-007 Schematic, Backpanel, MSFIS 4101-010 Bill of Materials and Assembly Drawing, ALS-101 41.01-009 Schematic, ALS-101 4101-012 Bill of Materials and Assembly Drawing, ALS-201 4101-011 Schematic, ALS-201 4101-018 Bill of Materials and Assembly Drawing, ALS-201 Bypass Switch Board 4101-017 Schematic, ALS-201 Bypass Switch Daughterboard 4101-004 Bill of Materials and Assembly Drawing, ALS-301 4101-003 Schematic, ALS-301 4101-006 Bill of Materials and Assembly Drawing, ALS-401 4101-005 Schematic, ALS-401 4101-002 Bill of Materials and Assembly Drawing, ALS-411 4101-001 Schematic, ALS-411 4101-014 Bill of Materials and Assembly Drawing, ALS-905 4101-013 Schematic, ALS-905 4101-035 Drawing, Assembly Panel, SA075A 4101-036 Bill of Material and Wirelist, Assembly Panel, SA075A 4101-037 Drawing, Assembly Panel, SA075A 4101-038 Bill of Material and Wirelist, Assembly Panel, SA075A 4101-049 Drawing, SA075A, Vendor Wiring 4101-050 Drawing, SA075B, Vendor Wiring 4101-019/4101-021 Drawing, WC-MSFIS Cable, Cxxi (MS/MF) 4101-020/4101-022 Bill of Material and Wirelist, WC-MSFIS Cable, Revision 2.1 2/18/2008 Page 17 of 24

ALS Class 1E Controls: MSFIS V&V Report CxxI 4101-023/4101-025 Drawing, WC-MSFIS Cable, Cxx2 (MS/MF) 4101-024/4101-026 Bill of Material and Wirelist, WC-MSFIS Cable, Cxx2 4101-027/4101-029 Drawing, WC-MSFIS Cable, Cxx3 (MS/MF) 4101-028/4101-030 Bill of Material and Wirelist, WC-MSFIS Cable, Cxx3 4101-031/4101-033 Drawing, WC-MSFIS Cable, Cxx4 (MS/MF) 4101-032/4101-034 Bill of Material and Wirelist, WC-MSFIS Cable, Cxx4 4101-065 Drawing, MSFIS Logic Overview 4101-061 Drawing, SA075A MS One Line Drawing 4101-062 Drawing, SA075A MF One Line Drawing 4101-063 Drawing, SA075B MS One Line Drawing 4101-064 Drawing, SA075B MF One Line Drawing 9715-SA-71294-D Mounting Platform MSFIS Rack Sub-Assembly 9715-OD-71217-D MSFIS Cabinet Outline Dimensional 9715-SA-71216-D MSFIS Cabinet Shop Assembly 9715-PP-71215-D Mounting Platform Piece Parts Preparation of the Test Procedures prepared by the Qualification and Quality Oversight Contractor, needed to accomplish the Implementation and Test Phases of the development process, including the following:

Baseline Test Procedure TPS-9059R1 FPGA Verification Procedure 9715-EI-02 Review and approval of the Final Acceptance Test Procedure by the Qualification and Quality Oversight Contractor, to confirm that all set(s) of the system are identical to the first set and to confirm that the performance requirements are satisfied.

Final Acceptance Test 9715-TPS-9064 Review and approval of the Electromagnetic/Radio Frequency Interference Test Procedure prepared by the Qualification and Quality Oversight Contractor, to confirm that the system will perform satisfactorily Revision 2.1 2/18/2008 Page 18 of 24

ALS Class 1E Controls: MSFIS V&V Report in the EMI environment typical of a power plant control room, and will not affect other equipment installed there.

EMC Test Procedure 9715-EMC-01 Review and approval of the Seismic Test Procedure prepared by the Qualification Contractor, to confirm that the system will remain functional during and after the seismic disturbances specified for the plant site.

Seismic Test Procedure S-128P The Qualification and Quality Oversight Contractor issued the Dedication Plan for WCNOC review and approval. The Dedication Plan defines the ALS MSFIS Critical Characteristics and the applicable processes and standards to be applied in the commercial grade dedication of the equipment, in accordance with EPRI NP-5652. Review comments were incorporated and a final Dedication Plan was issued.

Dedication Plan WCN-9715DP The Qualification and Quality Oversight Contractor completed a number of commercial grade surveys which included review of the Design Contractor /Class 1E Controls Supplier's design process / design architecture and found the controls and process to be adequate. The dates of the surveys are provided on the timeline diagram in Figure 2. The source surveillance and commercial grade survey were based on review of objective evidence of work performed by the Design Contractor /Class lE Controls Supplier on the ALS MSFIS project. The Qualification and Quality Oversight Contractor will include a detailed report of their reviews in the final Dedication Report.

(Note: As discussed in section 2.3.3, the Qualification Contractor (NI) was responsible for all aspects of the Class lE qualification as the ALS MSFIS System procurement was originally structured. The Design Contractor (CSI) is now providing the equipment under their own Appendix B program, so some of the dedication activities have been re-iterated. The dedication activities provided by NI will be utilized at WCNOC as augment quality items and reports.)

The Design Contractor /Class 1E Controls Supplier issued a Safety Assessment of the ALS MSFIS. The Safety Assessment analyzes the Functional Failure Paths of the MSFIS and from this analysis determines the safety assurance levels for major components. The safety assessment provides both a qualitative and quantitative analysis of the ALS MSFIS reliability and availability.

MSFIS Safety Assessment 6101-00006 The Methods employed in the Verification and Validation of the Design Phase consisted principally of visual review of documents and drawings against the preceding phase Outputs and the engineering Revision 2.1 2/18/2008 Page 19 of 24

ALS Class 1E Controls: MSFIS V&V Report experience of the reviewers, and the writing of original documents to cover the required testing. The Criteria for acceptance were the projections of the experienced personnel performing the work that the documents being reviewed and prepared would meet the requirements of the Wolf Creek specification and work properly after installation irrespective of the specification requirements. The Inputs for the Verification and Validation of the Design Phase were the Wolf Creek J-105 specification and the CSI ALS Level-1 System Specification (6000-00000). The Outputs of the Verification and Validation of the Design Phase were the approvals of the several documents and drawings, and the approved test procedures. No Iterations affecting the outputs of previous phases were required, affecting either the Conceptual Design or Requirements Phases.

3.5 IMPLEMENTATION and TEST PHASE V&V 3.5.1 Implementation Phase The implementation phase included the assembly of the first set of hardware, preliminary tests of operability, performance of the Preproduction Test by CSI, and performance of the Seismic and EMC tests by NI. The assembly and testing of the remaining production units was completed following satisfactory completion of the qualification testing.

3.5.1.1 Verification and Validation Tasks The V&V Engineer worked closely with the design and qualification teams throughout this phase to ensure that the project objectives, as defined in the various levels of specifications were satisfied. The V&V Engineer verified that anomalies were being recognized and resolved in accordance with controlled processes.

3.5.1.2 Methods and Criteria The implementation phase consisted of the performance of the following tests:

Seismic Test in accordance with Nutherm Seismic Test Procedure S-128P EMC Test in accordance with Nutherm EMC Test Procedure 9715-EMC-01 Preproduction Test in accordance with CSI ALS Board Test Plan 6000-00008 and MSFIS System Test Plan 6101-00004 Revision 2.1 2/18/2008 Page 20 of 24

ALS Class 1E Controls: MSFIS V&V Report 3.5.1.3 Inputs/Outputs Inputs to the V&V effort for this phase were the system design documents, the hardware, the Pre -

Production Test Procedure, the Seismic Test Procedure, and the EMC Test Procedure.

Outputs of the V&V effort for this phase were updates to the previously prepared V&V documentation, test procedure reviews and approvals, changes to the test procedures required as a result of any iterations initiated in this phase, and the test reports.

Details of the Implementation Phase tests are as follows:

The initial issue of the seismic test procedure was S-128P Rev.0, issued on 11/15/06. S-128P Rev.1 was issued on 12/22/06 for WCNOC review and comment, and S-128P Rev.2 was issued on 1/8/07 to incorporate the approval comments.

The seismic test was performed on 1/11/07 at Wyle Laboratories. The seismic testing was completed successfully as documented in NI Qualification Report WCN-9715R Rev.0.

The initial issue of the EMC test procedure was 9715-EMC-01 Rev.0, 11/26/06. Subsequently, Rev.1 was issued on 11/28/06 to incorporate clarifications and to add a "Safety Function Actuation Test". 9715-EMC-01 Rev.2 was issued on 12/04/06 to include CSI equipment grounding recommendations. Rev.3 was issued on 12/14/06 to add a note regarding the rationale for power lead surge withstand level tests.

The final EMC test procedure revision, 9715-EMC-01 Rev.4 was issued on 12/19/06 to add test levels for the IEC 61000-4-4 Ring Wave Immunity Test, add a re-test of the IEC 61000-4-4 Electrical Fast Transient/Burst Immunity Test, and to add re-test, pre-test, and post-test verification sheets.

CSI conducted several EMC "pre-tests" at a local National Technical Systems subsidiary in Phoenix, AZ from August 2006 through November 2006. These tests were performed to validate the ALS board designs against NRC RGI.180 / EPRI TR-102323 Revision 2 and also EPRI TR-102323 Revision 3, prior to formal testing.

Formal EMC testing was performed 12/07 at Elite Electronic Engineering. Testing was satisfactorily completed, however anomalies that arose during IEC 61000-4-3 (Radiated Immunity, 26MHz to 10Ghz),

IEC 61000-4-4 (Electrical Fast Transients), and IEC 61000-4-5 (Surge Immunity) resulted in minor modifications (grounding arrangement and surge suppression design) to the test specimen to achieve a satisfactory result. These modifications are detailed in the Nutherm EMC Test Report, WCN-9715ER Rev.0, dated 2/16/07 and in the following CSI Engineering Change Notices (ECN's):

ECN 101-0000 - Modification to ALS-411 boards due to MOV early clamping during Surge testing ECN 101-0001 - Modification to ALS-905 boards due to capacitor early clamping during Surge testing ECN 101-0002 - Modification to MSFIS Assembly Panel to avoid fuses blowing during surge testing Revision 2.1 2/18/2008 Page 21 of 24

ALS Class 1E Controls: MSFIS V&V Report The ECN's are listed in Reference 1.1.6.

EMI qualification testing was completed successfully as documented in NI Qualification Report WCN-9715R Rev.0. CSI revised the Bills of Material (BOM's) and equipment drawings to incorporate the surge suppression and grounding changes made during EMI qualification, and these changes were reflected in the production equipment.

The preproduction test was completed satisfactorily on the qualification unit, and the test report is contained in the CSI equipment travelers. Additional details are provided in Reference 1.1.6.

3.5.1.4 Resources The Design Contractor /Class 1E Controls Supplier completed Field Programmable Gate Array (FPGA) programming and V&V activities (refer to Reference 1.1.6), prepared the preproduction unit, completed preproduction testing and completed the production units The Qualification and Quality Oversight Contractor prepared the Seismic Test Procedure and the EMC Test Procedure and completed the seismic and EMI qualification.

3.5.2 Test Phase The test phase of this project consisted entirely of performing the Factory Acceptance Test (FAT) on each set of deliverable equipment.

3.5.2.1 Verification and Validation Tasks The V&V responsibility for this phase consisted of reviewing the FAT procedure and the FAT results.

3.5.2.2 Methods and Criteria The Test Phase consisted entirely of performance of the FAT. Criteria for satisfactory completion of this phase were that the performance of each hardware set exactly satisfied the required performance set down in the FAT procedure, and that any anomalies were resolved, and that any rework or iterations were completed thoroughly and documented fully.

3.5.2.3 Inputs/Outputs The test was performed in accordance with CSI procedure 6101-00004 "MSFIS System Test Plan". Rev.0 of the FAT procedure was issued on 10/13/06. Subsequent revisions were issued to incorporate additional system features and changes to the test equipment. Revision 0.98 was issued 8/28/07, and the production equipment testing was completed on 9/7/07.

Revision 2.1 2/18/2008 Page 22 of 24

ALS Class IE Controls: MSFIS V&V Report The FAT was completed successfully on all of the deliverable equipment.

The test results are documented in the CSI equipment travelers, which contain the complete build configuration and testing history. CSI utilizes travelers to track each ALS board, backplane, chassis/rack, assembly panel, and cable assembly. They contain the associated drawings, schematics, Bill of Material's, material traceability, assembly procedures, configuration information (FPGA loading and setpoints), and test reports. CSI performs a V&V review of the travelers at each stage of manufacturing and test, prior to release for the next stage. Additional details of this system are contained in the Reference 1.1.6 3.5.2.4 Resources The Design Contractor /Class 1E Controls Supplier prepared the FAT procedure, and completed the FAT testing on the deliverable equipment.

2/18/2008 Page 23 of 24 Revision 2.1 Revision 2/18/2008 Page 23 of 24

ALS Class lE Controls: MSFIS V&V Report The Verification and Validation of the implementation and test phase of the development program for the ALS MSFIS was successfully completed.

Open work items remaining include the following:

0 Validation Test This VVR will be updated by revision to reflect the completion of each phase.

Revision 2.1 2/18/2008 Page 24 of 24

APPENDIX A REQUIREMENTS TRACEABILITY MATRIX (RTM)

RTM Key:

wC Wolf Creek J-105A(Q) Rev 3 CS CSI ALS MSFIS System Specification 6101-00002 Rev 0.98 ACC Nutherm Factory Acceptance Test Procedure 9715 TPS-9064 Rev 0 EMC Nutherm EMC Test Procedure 9715 EMC-01 Rev 4 SEIS Nutherm Seismic Test Procedure S-128P Rev 2 Revision 2.1 2/15/2008 1 of 42

E E-->WC1: 1.1.1 The Controls Seller's scope of work focuses on selection and production of new items for replacement of existing items, the Controls Seller is also responsible for system selection to perform the required system functions. The Qualification Seller is responsible for factors such as seismic qualification, etc., applied to the final integrated system and cabinet configuration.

!*CSI: 2.1-1 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

E] C> WCl.I: 1.1.2 Replacement of the existing MSFIS system components in the form of circuit cards. The existing system includes input buffer cards, valve controller module cards, and relay driver cards. These components shall be replaced by a logic-controller-based system which performs the required functions of the replacement MSIVs and MFIVs. Replacement of the racks which contain and support these circuit cards is included if required by i CS3: 2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

S CS4:2.1-4 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen in [2].

L7 C> WC1.2: 1.1.3 Appropriate test capability for the replacement system. The existing system's Manual Test Panel may be re-used as is, modified as appropriate, or completely replaced as required by the replacement system configuration.

i CS43: 4-2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

> WC1.3: 1.1.4 Cj Provide an output dry contact or equivalent in each MSFIS Cabinet for a new summary trouble alarm.

C....I S12: 2.3.4.1 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the S[=-WCl.4: 1.1.5 Replacement of the existing system power supply modules with redundant hot-swappable power supply modules.

CS44:

C 4.3.9

4.3.9 ALS-905

Power Supply Board E-] C> WC1.5:1.1.6 Replacement of output relays and bases and supply of new surge suppressors.

.... CS3: 2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP. sEts, CS, STRQ, TERM, WC) 2 of 42

.I3 CS15: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

I3r>cs45: 6.5 6.5 Surge Protection

  • ->- WC1.6: 1.1.7 Mounting hardware and wiring devices as necessary to mount the replacement components and interconnect them to each other and existing circuits.

SCS2:2.1-2 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand).

The distributed control is achieved by having multiple autonomous boards in the system each controlling a part of the system. Each..

[ CS3: 2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

i CS7: 2.1-7 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV / MFIV actuators or any of the field cables.

[]D- WC1.7: 1.1.8 Required new portable test equipment.

t2 CS43:4-2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

  • E-]>- W01.8: 1.1.9 Initial stock of repair parts for twenty years' use.

i{CS41: 10 10 Appendix B: Spare Parts ED D- WC2: 5.2.1 a.

The MSFIS provides 125 Volt DC outputs to energize or de-energize control solenoids to operate and test the plant MSIVs and MFIVs.

i !i CS3:2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

> WC3: 5.2.1 b The MSFIS is divided into two actuation channels. Each of the two independent actuation channels monitors system inputs and, by means of logic matrices, energizes / de-energizes the required solenoids in the required sequence for the appropriate valve operations.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 3 of 42

L3[CS3: 2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

- [> WC4: 5.2.1 c The MSFIS System is comprised of solid-state components.

- CSI: 2.1-1 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

- I*CS3:2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

L1 CS4: 2.1-4 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen in [2].

LI CS7: 2.1-7 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV / MFIV actuators or any of the field cables.

S-.> WC5: 5.2.1 d -1 The Replacement MSFIS System shall not involve software such as an application program for a digital computer in the hardware in place during plant operation.

  • - CS1:2.1-1 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

0CS2:2.1-2 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand).

The distributed control is achieved by having multiple autonomous boards in the system each controlling a part of the system. Each..

>" WC5.1: 5.2.1 d -2 However, software is permitted in portable test equipment which is completely disconnected from the Replacement MSFIS System at the conclusion of testing i CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

E-[ WC6: 5.2.1 e The Controls Seller shall configure the MSFIS control logic matrices to develop output states and output sequences in accordance with Appendix C and Sections 5.2.5 and 5.2.6 of this specification.

. [ CS46: 2.4.6 2.4.6 Valve State Diagram Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 4 of 42

B Eý- WC7:5.2.2 Modular Design S CS47:4 4 ALS Rack S[f=- WC7.1: 5.2.2 Interchangeability shall be provided and demonstrated for all similar modules or components.

- i ACCl: Nutherm Procedure 9715 TPS-9064 E > WC7.2:5.2.2 Items designed to be removable from the equipment, such as assemblies, subassemblies, electrical parts, modules, and hardware, shall be replaceable physically and electrically with corresponding items without drilling, bending, filing, fabricating, or using undue force i ACC1: Nutherm Procedure 9715 TPS-9064 DC>- WC7.3: 5.2.2 Hot swap capability shall be included for the logic-controller-based system circuit cards i CS24: 4.1 4.1 ALS Rack Physical r*[;-wc7.3.11:5.2.2 Hot swap capability includes the requirement that the controlled equipment shall not cause a plant transient i ACCl: Nutherm Procedure 9715 TPS-9064 E >- WC7.3.2: 5.2.2 The replacement of parts, when accomplished in a manner prescribed by the Controls Seller, shall not cause the equipment to depart from the original specified performance.

S ACC1: Nutherm Procedure 9715 TPS-9064 w8: C>-5.2.3 Response Time Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 5 of 42

i CS34: 5.6 5.6 MSFIS Input-to-Output Response Time

[>WC8.1: 5.2.3 The overall response time of the Replacement MSFIS System specified herein shall be less than or equal to 100 milliseconds for an input signal step change. The Replacement MSFIS System is contained within the cabinets SA075A and SA075B, from field terminal block input to field terminal block output.

0S34:5.6 C

5.6 MSFIS Input-to-Output Response Time

-j C> WC9: 5.2.4 System Functional equirements c(CS48: 2.1 -1 2.2 System Overview C>[2=

WC9.11:5.2.4 System Input Signals

[ C.S9: 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

E- C> WC9.2: 5.2.4 The Controls Seller shall determine the voltage and current ratings of the buffer input circuits based on the power supplies as required under Section 5.6.3 and also subject to the maximums of NEMA ICS-5 P300 ratings and the minimums required to keep the contacts clean and function in a nuclear plant instrument cabinet room with unshielded cables connecting the remotely located input contacts to the system.

. CS9: 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

  • -* [- WC9.3: 5.2.4 b System Logic Matrices

. CS8:2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

E-C> WC9.3.1: 5.2.4 b The logic matrices shall adhere to the requirements of channel independence and separation required by Appendix A.

. CS17: 2.5 2.5 Separation / Isolation / Independence / Diversity Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 6 of 42

E[ E> WC9.4: 5.2.4 c System Output Signals I3>CS9:2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

¶[ WC9.4.1: 5.2.4 c 1 Actuation Outputs

-  ! CS15: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

[E-j>WC9.4.1.1: 5.2.4 c 1 The MSFIS shall energize / de-energize the MSIV and MFIV actuator solenoids in accordance with the logic requirements of Sections 5.2.5 and 5.2.6.

(I> CS15: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

i CS29: 5.2 5.2 Valve-Logic S CS30:5.2.2 5.2.2 Valve FSM Outputs S*> WC9.4.1.2: 5.2.4 c 1 The output signals shall adhere to the requirements of channel independence and separation required by Appendix A.

L CS8:2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

i CS17: 2.5 2.5 Separation / Isolation / Independence / Diversity

[> WC9.4.1.3: 5.2.4 c 1 The outputs shall provide sufficient voltage to energize the actuator solenoids. The specifications for the actuator solenoids are as follows.

SCS1i5: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 7 of 42

0- > WC9.5: 5.2.4 c 2 Status Outputs C3 0S13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

... CS31:5.3 5.3 STATUS and BYPASS Logic S CS32: 5.3.1 5.3.1 STATUS Output

.>- WC9.5.1: 5.2.4 c2 In addition to the actuation outputs, one status output shall be provided for each actuation train for each valve.

! CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

- CS31: 5.3 5.3 STATUS and BYPASS Logic

. CS32: 5.3.1 5.3.1 STATUS Output

[> WC9.5.2: 5.2.4 c 2 The MSFIS System status output will supply 125 Volt DC power to an input relay at the Status Panel if both of the following are true: a) 125 Volt DC power is available downstream of the individual power supply fuses for solenoid MV1 (2), and b) there is no test in progress in the MSFIS System logic

~ 0CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

C 0S31: 5.3 5.3 STATUS and BYPASS Logic

- CS32: 5.3.1 5.3.1 STATUS Output i CS33: 5.3.2 5.3.2 BYPASS Output Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 8 of 42

[-jE- WC9.5.3: 5.2.4 c 2 The output to the Status Panel shall be able to handle a 125VDC, <25mA load.

[ CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

L* CS31: 5.3 5.3 STATUS and BYPASS Logic

- L. CS32: 5.3.1 5.3.1 STATUS Output I>- WC9.6: 5.2.4 c 3 Annunciator

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the E> WC9.6.1: 5.2.4 c 3

((

The MSFIS shall provide outputs to the plant Annunciator system as described in section 5.6.7 L *CS12: 2.3.4.1 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the D >- WC9.6.2: 5.2.4 c 3 The annunciator outputs shall be able to handle a 125VAC, <25mA load.

S![ CS12: 2.3.4.1 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the E WC9.7: 5.2.4 c 4 ESFAS Test Circuits L* CS 14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

.. CS31: 5.3 5.3 STATUS and BYPASS Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 9 of 42

. I..CS33: 5.3.2 5.3.2 BYPASS Output

[] > WC9.7.1: 5.2.4 c4 The MSFIS shall provide one output for each actuation train for each valve to the ESFAS test circuitry, as described in section 5.2.6.

. II CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

. CS31: 5.3 5.3 STATUS and BYPASS Logic C.

0S33: 5.3.2 5.3.2 BYPASS Output E [- WC9.7.2: 5.2.4 c 4 These outputs shall be able to handle an 11 8VAC,

<500mA load.

.. CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

t[0S31:5.3 C

5.3 STATUS and BYPASS Logic

. CS33: 5.3.2 5.3.2 BYPASS Output

--> WC1O: 5.2.4 a The MSFIS shall accept input signals (in the form of contact conditions) from control switches located on the Main Control Board and from output relays in the Engineered Safety Features Actuation System. Appendix A tabulates the inputs for each subsystem of the MSFIS 12> CS9: 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

L-1[C WC1 1: 5.2.4 a 1 The existing MSFIS System configuration obeys the plant's separation criteria by use of two separate MSFIS Cabinets, one for each Channel. The Controls Seller shall use the existing MSFIS Cabinets and Channels to continue adherence to these criteria. Incoming signal Channel assignments are specified in Appendix A.

S* *0CS8:2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRO, TERM, WC) 10 of 42

[ CS17:2.5 2.5 Separation / Isolation / Independence / Diversity i >- WC12: 5.2.4 a 1

2) The System inputs from the control switches will all be momentary (>10OmS), and shall be sealed-in as necessary inside the Replacement MSFIS System logic circuits.

- CS9: 2.3-1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

[->-WC 13: 5.2.4 a 1

3) The contacts from ESFAS will be normally closed, and will open to cause an operation.

i CS9:2.3-1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

B >- WC14: 5.2.5 System Operation i CS29: 5.2 5.2 Valve-Logic

[ >- WC14.1: 5.2.5 The Replacement MSFIS System shall measure actual System outputs, compare the outputs to the required output states, and alarm any discrepancies.

  • !CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

] [= WC14.2: 5.2.5 There must be no connection nor communication of information within the MSFIS between the controls for the two sides of any valve.

S ~CS8:2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A - also referred to as train A.

i CS1 7: 2.5 2.5 Separation / Isolation / Independence / Diversity

> WC14.3: 5.2.5 The states of the outputs for the two sides of a valve must be completely independent of one another.

Root Ouery: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 11 of 42

= ' CS8: 2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

1 CS17: 2.5 2.5 Separation / Isolation / Independence / Diversity

  • ->- WC14.4: 5.2.5 This separation is accomplished by assigning the two "sides" of each valve to opposite Channels MSFIS Cabinets.

-_ ! CS8: 2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

% CS17: 2.5 2.5 Separation / Isolation / Independence / Diversity L-j [*=> WC14.5: 5.2.5 a Output States and Commands

. CS9: 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

i CS15: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

H.[ WC14.5.1: 5.2.5 a 1 Output States There are three output states for each valve actuator; 1) CLOSE, 2) KEEP CLOSED, and 3)

S CS15: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

C3i 5.2.2 0S30:

5.2.2 Valve FSM Outputs L-1C> WC14.5.2: 5.2.5 a 2 Commands

  • CS29: 5.2 5.2 Valve-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 12 of 42

C3i CS30: 5.2.2 5.2.2 Valve FSM Outputs

] [> WC14.5.2.1: 5.2.5 a 2 There are four commands; 1) All Close, 2) ESFAS, 3) Close, and 4) Open.

.!* CS29: 5.2 5.2 Valve-Logic

- I_ CS30: 5.2.2 5.2.2 Valve FSM Outputs E C- WC14.5.2.2: 5.2.5 a 2 The output state shall remain CLOSE for 60sec +/- 1sec after All Close command was initiated. After the 60sec time delay the output shall be changed to KEEP CLOSED.

CS29:

C 5.2 5.2 Valve-Logic C

0S30: 5.2.2 5.2.2 Valve FSM Outputs S>- WC14.5.2.3: 5.2.5 a 2 The ESFAS command is generated from the Solid State Protection System. The Solid State Protection System provides the inputs to the MSFIS from a separate slave relay for each the MSIVs and MFIVs. Each slave relay provides four contacts into the MSFIS, one contact for each valve. The four contacts from a particular slave relay for either the MSIVs or MFIVs shall be evaluated using 2-out-of-4-voting. The 2-out-of-4 vote shall be required for a valid ESFAS command

  • i CS27:5 5 MSFIS Core Logic

.. CS28: 5.1 5.1 ESFAS-Voter-Logic C[> WC14.5.2.4: 5.2.5 a 2 The ESFAS command shall place the CLOSE output state on all four valves of the particular system MSIV or MFIV.

[ 3 CS27:5 5 MSFIS Core Logic 1* CS28: 5.1 5.1 ESFAS-Voter-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP. SEIS, CS, STRO, TERM, WC) 13 of 42

0- WC14.5.2.5:5.2.5 a 2 The output state shall remain CLOSE for 60sec +1- isec after the ESFAS command was initiated.

CS28: 5.1 C2 5.1 ESFAS-Voter-Logic i CS29: 5.2 5.2 Valve-Logic

! !_ CS30: 5.2.2 5.2.2 Valve FSM Outputs E] C> WC14.5.2.6: 5.2.5 a 2 After the 60sec time delay the output shall be changed to KEEP CLOSED.

i- CS28: 5.1 5.1 ESFAS-Voter-Logic L CS29: 5.2 5.2 Valve-Logic C

0S30: 5.2.2 5.2.2 Valve FSM Outputs C>- WC14.5.2.7: 5.2.5 a 2 The Close command is defined as a close signal to one valve, MSIV or MFIV, initiated by the valve's assigned individual NORMAL-CLOSE-OPEN pushbutton hand switch on the Main Control Board CS9:

C 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

C>- WC14.5.2.7.1: 5.2.5 a 2 The Close command shall place the CLOSE output state for the particular valve associated with the NORMAL-CLOSE-OPEN pushbutton hand switch that was actuated

...*CS9: 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

[ CS29: 5.2 5.2 Valve-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 14 of 42

CI 0S30:5.2.2 5.2.2 Valve FSM Outputs SC> WC14.5.2.7.2: 5.2.5 a 2 The output state shall remain CLOSE for 60 sec +1-1 sec after the Close command was initiated.

! CS29: 5.2 5.2 Valve-Logic

- CS30: 5.2.2 5.2.2 Valve FSM Outputs C[>- WC14.5.2.7.3: 5.2.5 a 2 After the 60sec time delay the output shall be changed to KEEP CLOSED.

CS29: 5.2 5.2 Valve-Logic i CS30: 5.2.2 5.2.2 Valve FSM Outputs S>- WC14.5.2.8: 5.2.5 a 2 The Open command is defined as an open signal to one valve, MSIV or MFIV, initiated by the valve's assigned individual NORMAL-CLOSE-OPEN pushbutton hand switch on the Main Control Board. The Open command shall place the OPEN output state for the particular valve associated with the NORMAL-CLOSE-OPEN pushbutton hand switch that was 12> CS9: 2.3 -1 2.3 System Inputs/Outputs This section provides the description of the MSFIS Inputs/Outputs.

,*>- WC14.5.2.9: 5.2.5 b Command Priorities

[ CS29: 5.2 5.2 Valve-Logic

>- WC14.5.2.9.1: 5.2.5 b 1 The command priorities are as follows when the MSFIS system is in OPERATE mode (see section 5.2.6 for OPERATE mode).

S.......L CS29: 5.2 5.2 Valve-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRO, TERM, WC) 15 of 42

12 CS30: 5.2.2 5.2.2 Valve FSM Outputs E- C> WC14.5.2.9.1.1: 5.2.5 b 1 All Close, Close, and ESFAS have equal priority.

E2> CS29: 5.2 5.2 Valve-Logic

- i CS30: 5.2.2 5.2.2 Valve FSM Outputs

> WC14.5.2.9.1.2: 5.2.5 b 1

[E-The Open command will be ignored while the All Close, Close, or ESFAS command(s) are present.

... CS29: 5.2 5.2 Valve-Logic 12- CS30: 5.2.2 5.2.2 Valve FSM Outputs

[>- WC14.5.2.9.1.3: 5.2.5 b 1 Further the Open command will be ignored until the CLOSE to KEEP CLOSE time delay has expired.

. 12 CS29: 5.2 5.2 Valve-Logic 12> CS30:5.2.2 5.2.2 Valve FSM Outputs E C> WC14.5.2.9.2: 5.2.5 b 2 The command priorities are as follows when the MSFIS system is in BYPASS mode (see section 5.2.6 for BYPASS mode).

...... > CS29: 5.2 5.2 Valve-Logic I2 CS30: 5.2.2 5.2.2 Valve FSM Outputs Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 16 of 42

I*CS31:5.3 5.3 STATUS and BYPASS Logic I CS33: 5.3.2 5.3.2 BYPASS Output C>- WC14.5.2.9.2.1: 5.2.5 b 2 All Close, Close, ESFAS, and Open commands shall not cause a change in system outputs while the system is in BYPASS mode.

- CS29: 5.2 5.2 Valve-Logic

  • ! CS3O: 5.2.2 5.2.2 Valve FSM Outputs

. CS31: 5.3 5.3 STATUS and BYPASS Logic i C 33: 5.3.2 5.3.2 BYPASS Output H =-WC15: 5.2.6 Provisions for System Test of the Safety Function S CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

C>- WC15.1: 5.2.6 The existing MSFIS System includes provision to permit complete testing of the safety function (ESFAS command) of each actuation train for each valve. The Replacement MSFIS System shall also have such provision for complete testing of the safety function of each actuation train for each valve.

S CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

H] [> WC15.2: 5.2.6 It shall be possible to conduct all tests during plant operation

. CS29: 5.2 5.2 Valve-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 17 of 42

(2> CS30:5.2.2 5.2.2 Valve FSM Outputs L > WC15.3: 5.2.6 Performance of fully automatic systemtests shall not interfere with the system's operation during presence of any actuation input.

l2>CS2:2.1-2 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand).

The distributed control is achieved by having multiple autonomous boards in the system each controlling a part of the system. Each..

c543:4-2 CS>

The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

> WC15.4: 5.2.6 3 a

[E-BYPASS I OPERATE Mode Selection 2> CS25:4.2 4.2 MSFIS Rack Configuration cs27:5 Si>

5 MSFIS Core Logic i i CS31: 5.3 5.3 STATUS and BYPASS Logic 22> CS33: 5.3.2 5.3.2 BYPASS Output

[. W0115.4.11:5.2.6 3 a 1 Selection Means shall be provided to select BYPASS or OPERATE mode for each actuation train for each valve i > CS25:4.2 4.2 MSFIS Rack Configuration L CS27:5 5 MSFIS Core Logic

>- WC15.4.1.1: 5.2.6 3 a 1 The selection of BYPASS shall maintain the valve in the as found condition and shall not cause a change in system outputs Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 18 of 42

(2 CS30: 5.2.2 5.2.2 Valve FSM Outputs

2>CS31: 5.3 5.3 STATUS and BYPASS Logic

- i CS33: 5.3.2 5.3.2 BYPASS Output

- C> WC15.4.1.2: 5.2.6 3 a 1 The selection of BYPASS shall only impact the particular actuation train and particular valve for which the BYPASS is selected.

i > CS17: 2.5 2.5 Separation / Isolation / Independence/ Diversity E- C> WC15.4.1.3: 5.2.6 3 a 1

  • Except as indicated in the following paragraph, each change in mode shall require a positive manual action such as pushinga button, flipping a switch, or turning a switch (releasing a pushbutton or switch is not considered to be positive action, and shall cause no change in mode).

2CS1 1: 2.3.3 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as 'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions: Left position (OPERATE) and right position (BYPASS).

Each BYPASS switch is associated to a specific valve, i.e. BYPASS #1 relates to AB-HV-14(MS) orAE-FV-39(FW).

E > WC15.4.2:5.2.6 3 a 2 Indication

  • i-. CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

C2> 5.3.2 CS33:

5.3.2 BYPASS Output SC>- WC15.4.3:5.2.6 3 a 3 BYPASS Mode Initiation i [i CSl 1: 2.3.3 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as 'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions: Left position (OPERATE) and right position (BYPASS).

Each BYPASS switch is associated to a specific valve, i.e. BYPASS #1 relates to AB-HV-14(MS) or AE-FV-39(FW).

CS31: 5.3 5.3 STATUS and BYPASS Logic Root Query: WC traced-to (ACC, DP, EMC. MSPT, NONE, OP. SEIS, CS, STRQ, TERM, WC) 19 of 42

C 0S33: 5.3.2 5.3.2 BYPASS Output

>- WC15.4.4:5.2.6 3 a 4 C

Return to OPERATE Mode

. I2>CS11:2.3.3 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as 'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions: Left position (OPERATE) and right position (BYPASS).

Each BYPASS switch is associated to a specific valve, i.e. BYPASS #1 relates to AB-HV-14(MS) or AE-FV-39(FW).

i > CS31: 5.3 5.3 STATUS and BYPASS Logic

( CS33: 5.3.2 5.3.2 BYPASS Output

[ > WC15.5: 5.2.6 3 b b.DTesting of Replacement MSFIS System

( CS43: 4-2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

E >-WC15.5.1:5.2.6 3 b 1 1)nControls Seller may modify or replace the existing Manual Test Panel as necessary to effectively interface with the Replacement MSFIS System logic-controller-based system and meet all specified requirements.

[2>0S7:2.1-7 C

The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV / MFIV actuators or any of the field cables.

i > CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

[] > WC15.5.2: 5.2.6 3 b 2 2)DProvisions for testing of the Replacement MSFIS may include portable test equipment and capability to temporarily connect the portable test equipment to the Replacement MSFIS System during performance of testing.

2> CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

C> WC16: 5.2.6 Controls Seller shall provide three test types or detection capabilities to verify the proper operation of the Replacement MSFIS System to perform the intended safety function.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 20 of 42

CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

El > WC16.1: 5.2.6 1 Manual System Test:

a.0Ability to manually test required inputs and/or outputs required to perform the safety function

ýCS43:4-2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

E -[> WC16.2: 5.2.6 2 Manually Initiated Automatic Test:

a.[lAbility to manually initiate automatic test(s) and/or detection capabilities which monitor or test the ability of the system to perform the required safety function.

[ CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

[ >- WC16.3: 5.2.6 3 Automatic Exception Detection:

a.flThe system shall be designed such that the system is fully deterministic and shall automatically detect improper operation of the system's ability to perform the required safety function.

L.. CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

][>- WC17: 5.2.6 3 The MSFIS test circuits shall provide one contact set for each actuation train for each valve.

L CS33: 5.3.2 5.3.2 BYPASS Output E- C- WC 17.1: 5.2.6 3 The contacts shall be open for normal operation and shall close at the appropriate test step as described below.

. CS1:2.1-1 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

. CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

  • i CS31:5.3

.5.3 STATUS and BYPASS Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 21 of 42

I* CS32: 5.3.1 5.3.1 STATUS Output S CS33: 5.3.2 5.3.2 BYPASS Output

-*-> WC17.2:5.2.6 3 These contacts will be used to enable test circuits in the Safeguards Test Cabinets to verify proper transmission and to verify the response to the ESFAS command.

- CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

E- E-- WC18:5.2.6 3 a 1 The actuation train for a particular side of a particular valve shall enter BYPASS mode upon command.

. CS1 1: 2.3.3 2.3.3 Operator Switch (OPERATE)

Four dual-action SPDT toggle-switches referred to as 'operator-switches' are available on the Rack (ALS-201) front-panel. Each switch is capable of switching between two-positions: Left position (OPERATE) and right position (BYPASS).

Each BYPASS switch is associated to a specific valve, i.e. BYPASS #1 relates to AB-HV-14(MS) or AE-FV-39(FW).

. CS31: 5.3 5.3 STATUS and BYPASS Logic i CS32: 5.3.1 5.3.1 STATUS Output lIC CS33: 5.3.2 5.3.2 BYPASS Output 0- C> WC18.1:5.2.6 3 a 1 There shall be one exception to this, which is the situation where the output state is CLOSE and the 60 sec delay is active, in this situation the CLOSE state must be completed and the 60 sec time complete prior to entering the BYPASS mode.

f3- CS29: 5.2 5.2 Valve-Logic

. CS3O: 5.2.2 5.2.2 Valve FSM Outputs

. CS31: 5.3 5.3 STATUS and BYPASS Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 22 of 42

-*f>-WC19:5.2.63 a 2 An indicating light / LED shall be provided for each actuation train for each valve.

CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

E-[> WC19.1: 5.2.6 3 a 2 This light/ LED shall be "ON" whenever BYPASS mode is in effect.

I_ CS13:2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

[] > WC20: 5.2.6 3 a 3 Upon initiation of BYPASS mode for a particular actuation train for a particular valve, the following must be accomplished:

. [ CS29: 5.2 5.2 Valve-Logic i CS30: 5.2.2 5.2.2 Valve FSM Outputs i CS31: 5.3 5.3 STATUS and BYPASS Logic 21C7>- WC20.1: 5.2.6 3 a 3 a)DLatch the actuation outputs to the as found state.

i CS31: 5.3 5.3 STATUS and BYPASS Logic S>"WC20.2: 5.2.6 3 a 3 b)DDe-energize the status output.

, CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

S CS29: 5.2 5.2 Valve-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 23 of 42

... CS30: 5.2.2 5.2.2 Valve FSM Outputs

!I CS31: 5.3 5.3 STATUS and BYPASS Logic

-- CS32: 5.3.1 5.3.1 STATUS Output

-- [ CS33: 5.3.2 5.3.2 BYPASS Output E > WC20.3: 5.2.6 3 a 3 c)tLight the BYPASS mode indicator light / LED L3. CS13: 2.3.4.2 2.3.4.2 Status Information Output (STATUS)

Status Outputs - one status output shall be provided for each actuation train for each valve. The MSFIS status output will supply 125 Volt DC power to an input relay in the SA066A Status Panel cabinet. (See Chapter 4- ALS Rack) Since there are eight valves in the system and 2 trains (A&B), the MSFIS will provide a total of 16 status outputs.

- CS31:5.3 5.3 STATUS and BYPASS Logic S0CS33: 5.3.2 5.3.2 BYPASS Output El> WC20.4: 5.2.6 3 a 3 d)0Close the test contacts described in Section 5.2.6 to enable the test circuits in ESFAS.

  • i 3CS1:2.1-1 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

i CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

! CS29: 5.2 5.2 Valve-Logic C?3* 5.2.2 0S30:

5.2.2 Valve FSM Outputs Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 24 of 42

H WC20.5: 5.2.6 3 a 3 To prevent accidental valve operation, "a" must occur prior to "d."

S CS29: 5.2 5.2 Valve-Logic

- [CS31:5.3 5.3 STATUS and BYPASS Logic

- CS32: 5.3.1 5.3.1 STATUS Output i CS33: 5.3.2 5.3.2 BYPASS Output E-] >- WC21:5.2.6 3 a 4 Upon return to OPERATE mode, the following must be accomplished:

  • . CS1:2.1-1 The scope of the MSFIS project is to replace the existing MSFIS controls, with a control system based on the Advanced Logic System (ALS) technology.

S CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

C 0S29: 5.2 5.2 Valve-Logic

  • i![CS30: 5.2.2 5.2.2 Valve FSM Outputs

. CS31: 5.3 5.3 STATUS and BYPASS Logic S*C>- WC21.1:5.2.6 3 a 4 a)0Open the test contacts (see Section 5.2.6).

S CS14: 2.3.4.3 2.3.4.3 SSPS Testing Output (BYPASS)

To support the SSPS slave relay testing, a NO dry-contact relay output - labeled BYPASS is provided. The relay provides a dry-contact to the SSPS test circuitry used during slave relay testing. There are a total of 16 outputs from MSFIS to SSPS.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 25 of 42

-[-C> WC21.2: 5.2.6 3 a 4 b)DUnlatch the actuation outputs, extinguish the BYPASS mode indicating lightILED, and release the status output S CS31: 5.3 5.3 STATUS and BYPASS Logic CS32:

C 5.3.1 5.3.1 STATUS Output

-- CS33: 5.3.2 5.3.2 BYPASS Output E > WC22: 5.2.7 b b.Replacement MSFIS System Configuration CS2:

C 2.1-2 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand).

The distributed control is achieved by having multiple autonomous boards in the system each controlling a part of the system. Each..

[C:>- WC22.1: 5.2.7 b The replacement MSFIS System shall be an advanced-hardware-based solid-state control system which will receive defined inputs and develop defined outputs as specified to control the valves E3 CS2:2.1-2 The primary concept behind ALS is to provide a high integrity safety actuation system to ensure the plant system's safety function is always available on demand. The ALS achieves this by implementing distributed control where no single failure will result in an untimely actuation, which in most cases results in a plant trip, or fail to perform the safety function (fail to actuate on-demand).

The distributed control is achieved by having multiple autonomous boards in the system each controlling a part of the system. Each..

->WC22.2: 5.2.7 b The Replacement MSFIS System shall include the overall electronic functions of input buffers, system logic, and then output relay drivers.

032.1-3 CSf...I*

The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

CS4: 2.1-4 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen in [2].

  • . > WC22.3: 5.2.7 b However, the Controls Seller shall configure the system, logic elements, circuit cards, and interconnections to perform the required
  • system functions and meet all requirements such as sufficient drive capacity for the actuator solenoids.

S cs3: 2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 26 of 42

i CS4:2.14 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen in [2].

S[ CS6:2.1-6 The replacement project will modify the functionality of the current MSFIS (per J-105A (Q) Rev. 2 requirements) [1]. This will include changes to the functions by which the Replacement MSFIS controls the replacement MSIVs and MFIVs. These changes account for the differences in the function of the existing and replacement MSIVs and MFIVs, that is, electro-pneumatic-hydraulic actuators, replaced by system-medium actuators.

SCS1i5: 2.3.5 2.3.5 Solenoid Output (A, B, C)

MSFIS provide output signals to control the valve actuator solenoids. There are three primary signals for controlling a particular actuator; A, B, and C.

[] >- WC22.4: 5.2.7 b Controls Seller may choose to re-use the existing card racks and interconnecting wiring to any extent feasible or to replace it all.

S...... CS7: 2.1-7 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV I MFIV actuators or any of the field cables.

I*[>- WC22.5: 5.2.7 b In each Cabinet, Controls Seller shall place the operating logic for the four MSIVs on a separate system from the system where the MFIV logic is placed.

. ....... CS3:2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SAO75B. After replacement, each cabinet will contain the following components:

> - WC23:5.4 5.4 Environmental Requirements L. CS20: 2.8 2.8 Environmental Requirements E-].[> WC23.11:5.4 The MSFIS cabinets are located in the Control Room equipment cabinet area, which will normally be air conditioned; however, the system and components shall be selected to function continuously at ambient temperatures ranging from 65?F to 84?F at a relative humidity from 20 to 70 percent.

S CS20: 2.8 2.8 Environmental Requirements EL > WC24: 5.5.2 5.5.2 Seismic Requirements 1, CS19: 2.7 2.7 Seismic Requirements Root Query: WC traced-to (ACC, DP. EMC, MSPT, NONE, QP, SEIS, CS, STRO. TERM. WC) 27 of 42

[-j [>- WC25:5.6.1 5.6.10Noise Rejection and Tolerance The Replacement MSFIS System shall comply with the EMI / RFI requirements of EPRI TR-102323 as EMCI: Nutherm EMC Test Procedure EI EJ-C> WC26:5.6.2 5.6.20Electrical Wiring

- I* CS38: 6.6 6.6 Assembly Panel wiring

[- C> WC26.1: 5.6.2 a Wiring within the cabinet enclosure shall be suitable for a general-purpose, non-hazardous location.

S CS38::6.6 6.6 Assembly Panel wiring E- C> WC26.2: 5.6.2 b Wiring shall be so arranged that instruments or devices may be removed and / or serviced without undue disturbance.

. CS38: 6.6 6.6 Assembly Panel wiring C> WC26.3:5.6.2 c No wiring shall be routed across the face or rear of an instrument, junction box, or other device in a manner that will prevent or hinder the opening of covers or obstruct access to leads, terminals, devices, or instruments.

iIL CS38: 6.6 6.6 Assembly Panel wiring E D- WC26.4: 5.6.2 e All wiring to field terminal blocks, except coaxial and triaxial, shall be made with solder-less ring-tongue, compression-type connectors with insulated ferrules.

C2I 6.6 0S38:

6.6 Assembly Panel wiring

>WC26.5: 5.6.2 f Where wiring must cross sharp metal edges, protection in the form of grommets or similar devices shall be provided.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 28 of 42

I CS38: 6.6 6.6 Assembly Panel wiring E] *> WC26.6: 5.6.2 f Wires shall be grouped in bundles and secured with nonflammable, nonmetallic tie bands.

L2* CS38: 6.6 6.6 Assembly Panel wiring

-[-J>WC26.7: 5.6.2 g Wiring shall not cross a panel door opening or be fixed to a panel door.

. C S38: 6.6 6.6 Assembly Panel wiring E C> WC26.8: 5.6.2 h Internal wiring shall be identified with the Controls Seller's wire number at each termination to field terminal blocks by means of a plastic sleeve or similar permanent-type marker.

S CS38: 6.6 6.6 Assembly Panel wiring D D> WC27: 5.6.2 d Wiring shall be installed as shown on the Controls Seller's wiring diagrams.

. CS4:2.1-4 The replacement project will implement new digital control systems, new power supplies, new assembly panels and new vendor wiring. The full component list related to the MSFIS replacement project can be seen in [2].

. CS17: 2.5 2.5 Separation / Isolation / Independence / Diversity

, CS22: 3.1 3.1 Existing MSFIS Cabinet

3. CS35:6 6 MSFIS Assembly Panel E - WC28:5.6.3 5.6.3 Power Supply Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 29 of 42

CS44:4.3.9

4.3.9 ALS-905

Power Supply Board Ii!I CS49:13.10 13.10 ALS-905: Power Supply Unit Board G-- WC28.1: 5.6.3 a a.DSources

- l2¢CS8:2.1-2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

Eý,E> WC28.1.1: 5.6.3 a The incoming voltage level on all power supply modules will be a nominal 125 Volts DC, normally operated at 135 Volts DC. The designed operating range of the existing 125 Volt DC System is 140 Volts DC to 105 Volts DC.

C3i 4.3.9 0S44:

4.3.9 ALS-905

Power Supply Board E - WC28.2: 5.6.3 b b.DReplacement Power Supply Modules CS44: 4.3.9

4.3.9 ALS-905

Power Supply Board

  • :- WC28.2.1: 5.6.3 b For the Replacement MSFIS System, the Controls Seller shall provide replacement power supply modules rated at DC voltage level(s) appropriate to feed all of the electrical loads in the Replacement MSFIS System plus any components retained from the existing design C

0S44: 4.3.9

4.3.9 ALS-905

Power Supply Board

] [> WC28.2.2: 5.6.3 b The replacement power supplies shall have an input voltage operating range of 105VDC - 140VDC.

i CS44:4.3.9

4.3.9 ALS-905

Power Supply Board

, WC28.2.3: 5.6.3 b The Controls Seller shall also determine whether any separate supplies are required at a given voltage level to separate electronic circuits from the effects of high-current switched loads.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 30 of 42

i > CS44:4.3.9

4.3.9 ALS-905

Power Supply Board 0- >C WC28.2.4: 5.6.3 b The existing 125 Volt DC System has the capability to deliver a short circuit current of 11,070 Amperes. All electrical protective devices provided by the Controls Seller shall be capable of clearing this short circuit current CS37:

C 6.3 6.3 Fuses and Fuseholders

.... CS50: 6.3.2 6.3.2 Fuses C> WC28.2.5: 5.6.3 b Each voltage level in each cabinet shall have a pair of redundant and parallel power supply modules and capability to shift all load to one module in case of failure of the other one C3* 4.3.9 0S44:

4.3.9 ALS-905

Power Supply Board

[*>- WC28.2.6: 5.6.3 b Each pair of redundant power supply modules shall have provision for hot replacement "swapping" of one module while the other continues in service.

i i CS44: 4.3.9

4.3.9 ALS-905

Power Supply Board C ,- WC28.2.7: 5.6.3 b Hot replacement by front-pull-out is preferred, but other configurations may be considered

  • CS44:4.3.9

4.3.9 ALS-905

Power Supply Board

[C> WC28.2.8: 5.6.3 b

  • Controls Seller may choose to modify or totally replace the existing power supply rack. Final configuration of the power supply rack land final configuration of the provisions for hot replacement are subject to Buyer's approval
  • CS7:2.1-7 The replacement project will not re-use existing electronic boards, sub-racks, interconnecting wiring/cables, fuse blocks, circuit breakers, test panel, switches, indicators, power supplies, actuation relays, assembly panels etc. Nor will the replacement project include the actual installation of the replacement MSFIS components in the MSFIS Cabinets, the new system-medium MSIV / MFIV actuators or any of the field cables.

CS44: 4.3.9

4.3.9 ALS-905

Power Supply Board Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 31 of 42

Et > WC28.2.9: 5.6.3 b Each replacement power supply module shall have sufficient capacity to supply all assigned loads with 15% spare capacity while the redundant power supply module is out of service 0S44: 4.3.9 C

4.3.9 ALS-905

Power Supply Board EI-*> WC28.2.10: 5.6.3 b The system shall have the capability ("health") to detect loss of each power supply module's capability to assume the full load assigned to the redundant pair.

- CS26: 5.4 5.4 Alarm-Logic E D- WC28.2.11: 5.6.3 b Loss of any power supply module's capability ("health") shall be one of the inputs to the Replacement MSFIS System's new summary trouble alarm circuit.

S CS26: 5.4 5.4 Alarm-Logic E C> WC28.2.12: 5.6.3 b Each pair of redundant power supply modules shall have provision for load sharing whenever both are in service and both have no failure detected.

i CS44:4.3.9

4.3.9 ALS-905

Power Supply Board S*> WC28.3:5.6.3 c c.DOutputs The system outputs shall be fused as shown in Appendix B.

C3_ 6.3 0S37:

6.3 Fuses and Fuseholders E WC28.4: 5.6.3 d d.DOperation

-

  • ACCI: Nutherm Procedure 9715 TPS-9064 E- D WC28.4.1: 5.6.3 d The MSFIS shall operate as required with the stated power supply without producing spurious actuation or failure to produce a required response to accident conditions.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 32 of 42

ý> ACCI: Nutherm Procedure 9715 TPS-9064 E E WC29:5.6.4 Controls Seller shall provide wiring harnesses as required to interconnect all equipment provided.

C 0S38: 6.6 6.6 Assembly Panel wiring

>WC30: 5.6.4 Wrap-type terminals are not permitted on new connectors / wiring harnesses.

CS38: 6.6 6.6 Assembly Panel wiring

>- WC31: 5.6.4 E

If Controls Seller uses new connectors, the connectors shall be a type which will meet seismic and noise requirements as specified elsewhere in the specification.

- CS38: 6.6 6.6 Assembly Panel wiring E:> WC32: 5.6.7 5.6.7 Trouble Alarm

.. CS12: 2.3.4.1 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the

. CS26:5.4 5.4 Alarm-Logic E][> WC32.1: 5.6.7 a Controls Seller shall develop a summary trouble alarm in each system cabinet.

CS12: 2.3.4.1 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

  • Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the C2 0S26: 5.4 5.4 Alarm-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 33 of 42

E**C> WC32.2: 5.6.7 a The alarm shall provide a normally-open, open-to-alarm dry contact or equivalent.

cs2: 2.3.4.1 CS 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the i CS26:5.4 5.4 Alarm-Logic S>- WC32.3: 5.6.7 a The alarm shall be wired to spare points on an existing terminal block in each cabinet.

i*[*CS112:2.3.4.11 2.3.4.1 Annunciator Output (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the

[* f:'- WC32.4: 5.6.7 b The following items are suggested as a minimum list of conditions which should be alarmed:

! CS26: 5.4 5.4 Alarm-Logic

[ >- WC32.4.1: 5.6.7 b Any DC power supply module loss of capability i CS26:5.4 5.4 Alarm-Logic

[- E>- WC32.4.2: 5.6.7 b Any circuit card removed CS26: 5.4 5.4 Alarm-Logic E-] WC32.4.3: 5.6.7 b Any external test apparatus is connected to the system

.CS26:5.4 5.4 Alarm-Logic Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 34 of 42

ED.*> WC32.4.4:5.6.7 b Any output sequence incomplete S CS26: 5.4 5.4 Alarm-Logic

. CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

E -C> WC32.5: 5.6.7 c The trouble alarm logic shall include a means to indicate which trouble condition caused the alarm.

  • CS26:5.4 5.4 Alarm-Logic E-> WC33: 5.6.7 c The indication shall be displayed at the MSFIS Cabinet.

i *CS1 2: 2.3.4.1 2.3.4.1 AnnunciatorOutput (ALARM)

The ALARM output, also referred to as 'annunciator output' or 'trouble alarm' is implemented with an NO dry-contact.

During normal operation the contact will be energized (to close) and will be de-energized to open to indicate an alarm condition.

Each cabinet has two separate trouble alarm outputs - one alarm from the MS-rack and one alarm from the FW-rack. In total the E >- WC34: 5.6.8 5.6.8 Fuses and Fuse Blocks

CS3: 2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

CI 0S36: 6.2 6.2 Power Distribution Blocks CS37:

C 6.3 6.3 Fuses and Fuseholders Cl= 6.3.2 0S50:

6.3.2 Fuses l >WC34.1: 5.6.8 Distribution of 125 Volt DC power to the output solenoid valves is shown in Appendix B. The distribution scheme includes separate assigned fuses for each output solenoid valve in the field. Additional nominal 3.2 ampere fuses and fuse blocks are required to meet this requirement Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, OP, SEIS, CS, STRQ, TERM, WC) 35 of 42

3 CS37:6.3 6.3 Fuses and Fuseholders

! CS50:6.3.2 6.3.2 Fuses

((- WC34.2: 5.6.8 The scope of work includes procurement, location, seismic qualification, and all other pertinent factors for the additional fuses and fuse blocks.

- CS3:2.1-3 The replacement system will replace the existing hardware in both MSFIS cabinets, SA075A and SA075B. After replacement, each cabinet will contain the following components:

L CS36: 6.2 6.2 Power Distribution Blocks

... CS37: 6.3 6.3 Fuses and Fuseholders I* CS50: 6.3.2 6.3.2 Fuses El C- WC35: 5.6.9 5.6.9 EMI / RFI Requirements

[ CS18: 2.6 2.6 EMI Requirements

[] > WC35.1: 5.6.9 The Replacement MSFIS System shall comply with the EMI / RFI requirements of EPRI TR-102323 as modified by Regulatory Guide 1.180 i CS18:2.6 2.6 EMI Requirements

] >[- WC35.2: 5.6.9 The Controls Seller's scope of work includes any required corrective action i CS18: 2.6 2.6 EMI Requirements Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 36 of 42

- C> WC36:5.9 5.9 Redundancy, Separation, and Diversity IŽ CS8: 2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

- CS17:2.5 2.5 Separation / Isolation / Independence / Diversity I* > WC36.1: 5.9.1 5.9.1 ]1lndependence i CS8:l2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

  • S1C 7:2.5 2.5 Separation / Isolation / Independence / Diversity C[> WC36.1.1: 5.9.1 Separation Groups (trains) are be electrically and physically isolated from each other so that events (including faults) affecting one element do not affect the others in any way
  • CS8:2.1-2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

I> CS17: 2.5 2.5 Separation / Isolation I Independence / Diversity

[] > WC36.1.2: 5.9.1 The Controls Seller shall provide electrical isolation and physical separation to develop the required independence on the Replacement MSFIS System

- CS17: 2.5 2.5 Separation / Isolation / Independence / Diversity

> WC37: 10.0 10.0 TESTING SACCi1: Nutherm Procedure 9715 TPS-9064 Root Ouery: WC traced-to (ACC, OP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 37 of 42

EMC1: Nutherm EMC Test Procedure SC> WC37.1: 10.0 Prior to shipment, the assembled and wired equipment shall be tested at the factory in the presence of the Buyer.

- i ACC1: Nutherm Procedure 9715 TPS-9064 S>- WC37.2: 10.1 10.1nSeismic Required seismic tests are specified in Section 5.5.2 and the Attachments. Test documentation is specified in Section 13.6.

S SEIS34: 1.1flEach test specimen shall be subjected to a seismic simulation test program as described in the following paragraphs.

[H1C> WC37.3:10.3 10.30Components

. ACCi: Nutherm Procedure 9715 TPS-9064 C> WC37.3.1: 10.3.1 10.3.1DReplacement MSFIS System components shall be tested in accordance with the Controls Seller's and Qualification Seller's standard test procedure.

-. ACC1: Nutherm Procedure 9715 TPS-9064

>WC37.3.2:10.3.2 10.3.2[AII Controls Seller wiring outside of the card rack shall be given a dielectric test in accordance with NEMA Standard Publication ICS-1-2000

. ACCl: Nutherm Procedure 9715 TPS-9064 L > W037.3.3:10.3.2 The dielectric testing shall be performed by the Qualification Seller.

S ACCi: Nutherm Procedure 9715 TPS-9064 Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 38 of 42

H r:>- WC37.3.4:10.3.3 10.3.3[Wiring tests shall include point-to-point continuity tests.

i ACCl: Nutherm Procedure 9715 TPS-9064 H > WC37.3.5: 10.3.4 10.3.4DThe Controls Seller shall be responsible for proper preparation of instruments and devices that may be damaged by high-voltage tests i ACC1: Nutherm Procedure 9715 TPS-9064 H* > WC37.4: 10.4 10.4flActuation i ACCI: Nutherm Procedure 9715 TPS-9064 0 r-* WC37.4.1: 10.4.1 10.4.19The Qualification Seller shall submit, for Buyer's approval, the proposed factory acceptance test procedures to demonstrate compliance with the functional requirements of this Specification i ACCI: Nutherm Procedure 9715 TPS-9064 r**>- WC37.4.2: 10.4.1 The procedures shall be approved by Buyer prior to the completion of system fabrication and assembly.

- ACC 1: Nutherm Procedure 9715 TPS-9064 E E- WC37.4.3:10.4.2 10.4.2liThe MSFIS equipment shall undergo a complete functional test that shall prove the correct performance according to the specification of each individual module of the sensor and actuation channels.

. ACCi: Nutherm Procedure 9715 TPS-9064 WC37.4.4:10.4.2 Tests shall be initiated in manual mode, applying simulated signals at the input terminals.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 39 of 42

1] ACC1: Nutherm Procedure 9715 TPS-9064 H >- WC37.4.5:10.4.3 10.4.3llThe MSFIS equipment shall be tested at the input terminals by applying all possible trip combinations as input signals for all possible system states E3[ACC1: Nutherm Procedure 9715 TPS-9064 I>-D WC37.4.6:10.4.4 10.4.4DEach actuation interface shall be individually tested through manual inputs and through the relative actuation logic.

ACCI: Nutherm Procedure 9715 TPS-9064 S[>- WC37.5:10.7 10.70EMI I RFI Testing EMCI: Nutherrn EMC Test Procedure EII ED >- WC37.5.1: 10.7 Testing shall be conducted to demonstrate compliance with the EMII RFI requirements of EPRI TR-102323 as modified by Regulatory Guide 1.180.

I EMC1: Nutherm EMC Test Procedure E E WC38: App A Appendix A- Input Signals and Sources

. CS40:8 8 Field-wire Termination

... CS42: 12 12 Appendix D: Input Signals H C> WC39:5.9.3 5.9.3nSeparatiorl Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 40 of 42

CS8: 2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

E > WC40: 5.9.3 a a.DPhysical separation shall be in accordance with IEEE 384 as modified by Regulatory Guide 1.75.

. CS8: 2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

W WC41: 5.9.3 b b.0Equipment for one actuation channel or one measurement channel shall be separated physically by a barrier from any other actuation channel or measurement channel.

CS8: 2.1 -2 C

The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

  • [*~-WC42: 5.9.3 b The wiring and terminal block arrangement within a given cabinet or isolated compartment shall allow for a minimum physical separation of six inches or use of fireproof barriers. Suitable means to implement IEEE 384 are contained in IEEE 420. Wiring separated by barriers shall maintain a 1-inch separation (or an equivalent of thermal insulation) between the barrier and the wire.

S CS8: 2.1 -2 The current.channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I. (Separation Group 1) located in MSFIS Cabinet SA075A - also referred to as train A.

C> WC43:5.9.3 c c*ciring of any separation group shall be separated from any other group except as permitted by IEEE Standard 384 and except that Group 5 and Group 6 wiring do not have to be separated from each other, but must be separated from the other groups.

[3 CS8: 2.1 -2 The current channel separation scheme applied to the overall plant design will be maintained. The two redundant and equivalent MSFIS subsystems will be located in separate cabinets:

? MSFIS Channel I (Separation Group 1) located in MSFIS Cabinet SA075A- also referred to as train A.

[ >- WC44: 6.1.1 a Due to the specialized nature of the equipment supplied under this Specification, the following provisions are required:

a.UPer Section 1.1 item 9, the initial stock of spare parts included in the basic scope shall be the quantity of each item reasonably estimated as necessary for twenty years' consumption. The initial stock of spare parts is the responsibility of the Controls Seller.

CS41: 10 10 Appendix B: Spare Parts D - WC45: 6.1.1 b b.0Controls Seller shall maintain the documentation, tooling, personnel expertise, access to materials, and any other necessary factor to enable the Controls Seller to produce additional spare parts items, within a reasonable lead time and at a reasonable price. Parts shall be provided as Commercial Grade items. Controls Seller shall maintain this capability for the foreseeable future.

. CS41: 10 10 Appendix B: Spare Parts Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRQ, TERM, WC) 41 of 42

[. C> WC46:6.1.2 6.1.2OList

>CS41: 10 10 Appendix B: Spare Parts j-[> WC47: 6.2.1 6.2.1]Test Regime

. CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

D[>- WC48: 6.2.2 6.2.2BOther Special Tools CS43:4 -2 The ALS system has an advanced self test capability. All boards within the rack have the capability to perform autonomously self test. Single event errors will be detected with the use of redundant logic, BIST engines and CRC-protected and redundant communication links.

Root Query: WC traced-to (ACC, DP, EMC, MSPT, NONE, QP, SEIS, CS, STRO, TERM, WC) 42 of 42