Rev 1 to Nonproprietary Conceptual Design for Pilgrim Nuclear Power Station Emergency & Plant Info Computer (EPIC) Safety Parameter Display Sys (Spds)

ML20099J715
Person / Time
Site:	Pilgrim
Issue date:	09/30/1984
From:	Benson J GENERAL ELECTRIC CO.
To:
Shared Package
ML20099J701	List: ML20099J699 ML20099J715
References
NEDO-30641A, NEDO-30641A-R01, NEDO-30641A-R1, NUDOCS 8411290184
Download: ML20099J715 (52)
v • d • e

Text

. _ . . . . . . .

. i l NEDO-30641A I REVISION 1 l l

CLASSI '

[ SEPTEMBER 1984 BPM

1. lh l

.I ~. 'y

, i;_ y c,s

, c.. , :

.e CONCEPTUAL DESIGN DESCRIPTION - ,E.6 4

FOR THE PILGRIM NUCLEAR POWER STATION N ;:.

EMERGENCY AND PLANT INFORMATION t.M COMPUTER (EPIC) SAFETY PARAMETER $pfj DISPLAY SYSTEM (SPDS)

-g .g pp,:

o y

• % . p.

,s l 4 . -

, 'i. '

q.,

M ,

1 s

1 l

n 0411290184 8410 f"" ^oo" osoool26?g!

GENER AL h ELECTRIC

NEDO-30641A Class I September 1984 Revision 1 CENERAL ELECTRIC COMPANY CONCEPTUAL DE3IGN DESCRI? TION FOR THE PILCRIM NUCLEAR POWER STATION EMERCENCY AND PLAlff INFORMATION COMPUTER (EPIC)

SAFETY PARAMETER DISPLAY SYSTEM (SPDS)

Prepared hA '

Approved: NM J. E. Benson, Engineer M. A. Ross, Manager l Control Ecom Systems Design Control Room Systema Design -

-O naviewed: 0 b 3 d A N Approved: *4-C. M. Schroder S. J. Stark, Maaager EPIC Project Manager BWR Evaluation Programa NUCLEA81 ENGINE ERING OlVIslON e GENERAL ELaCrRIC COMP AMy SAN JOSE, CALIFORNI A 95129 GENERAL $ ELECTRIC I

b

IMPORTANT NOTICE REGARDING CONTENTS OF THIS REPORT Please Read Carefully The only undertakings of General Electric Company respecting information in this document are contained in the contract between Boston Edison Company and General Electric Company, P.O. 63033 and nothing contained in this document shall be construed as changing the contract. The use of this information by anyone other than the Boston Edison Company or for any purpose other than that for which it is intended, is not authorized; and with respect to any unauthorized use. General Electric Company makes no representation or warranty, and assumes no liability as to the com-pleteness, accuracy, or usefulness of the information contained in this document.

11

NED0-30641A 5

CONTENTS Page

1.0 INTRODUCTION

1 2.0 EPIC SYSTEM DESCRIPTION 2 3.0 DISPLAY BASES 6 3.1 Dlait Characteristics 6 3.2 Emergency Procedure Guidelines 7 3.3 ReqJired Information 10 3.4 SPDS Requirements 13 4.0 DISPLAY DESCRIPTION 16 4.1 RPV Control Display 17 4.2 Containment Control Display 23 4.3 Critical Plant Variables Display 26 4.4 Trend Plot Displays 27 4.5 2D Plot Displays 30 4.6 Validation Status Displays 32 5.0 HUMAN FACTORS ENGINEERING IMPLEMENTATION 34 5.1 General 34 5.2 Definition of Requirements and Analysis of Tasks 36 5.3 Man Machine Interfaces 37 5.4 Training Development 37 5.5 Human Factors Engineering Verification and Validation 38 6.0 VERIFICATION AND VALIDATION (VAV) 41

7.0 CONCLUSION

43

8.0 REFERENCES

44 l

1 111

NE00-30641A TABLES Table Ti tle Page 3-1 Sumary of SPOS Displays with Respect to Intended Users 11 4-1 Trend Plot Limit Tags for RPV Control Display 22 4-2 Containraent Control Display Trend Plot Limits 27 iv

NE00-30641A ILLUSTRATIONS i Fi gure Title Page 2-1 EPIC Hardware Configuration 3 3-1 Emergency Procedure Guideline Structure 8 4-1 RPV Control with Power 18 4-2 RPV Control with Temperature 19 4-3 CNTMT Control, Drywell 24 4-4 CNTNT Control, Suppression Chamber 25 4-5 Critical Plant Variables 28 4-6 Trend Plot - RPV Water Level 29 4-7 20 Plot - Primary CNTNT Design Pressure 31 4-8 Validation Status - Reactor Power Validation 33 5-1 Human Factor / System Integration Plan 35 6-1 Major Milestones of Verification and Validation 42 1

y

NE00-30641A ACRONYMS AND ABBREVIATIONS 2D -

Two-Dimensional APRM -

Average Power Range Monitor BECO - Boston Edison Company BPV -

Bypass Valve BRXR - Breaker BWR - Boiling Water Reactor BWROG - BWR Owners Group Cl -

Contingency for Level Restoration C2 - Contingency for Emergency RPV Depressurization C3 -

Contingency for Steam Cooling C4 - Contingency for Core Cooling without Level Restoration CS - Contingency for Alternate Shutdown Cooling C6 - Contingency for RPV Flooding C7 - Contingency for Level / Power Control CAP - Capacity CMD -

Command CNTMT - Containment CRD -

Control Rod Drive .

CRT - Cathode Ray Tube DA - Data Acquisition DEC -

Digital Equipment Corporation DG -

Diesel Generator DNSCL -

Downscale DW - Drywell EMERG - Emergency E0F - Emergency Offsite Facility E0P - Emergency Operating Procedure EPG - Emergency Procedure Guideline EPIC - Emergency and Plant Infomation Computer ERIS - Emergency Response Infomation System FAC - Facility GDC - Graphics Display Console GE - General Electric Co.

GEDAC - General Electric Data Acquisition GEPAC - General Electric Existing Process Computer System HFE - Human Factors Engineering HI - High HPCI - High Pressure Coolant Injection IOM - Input / Output Module LCO - Limiting Condition for Operation LD -

Load LO - Low LPCI - Low Pressure Coolant Injection LPCS - Low Pressure Core Spray MMI - Man Machine Interface MSIV - Main Steam Isolation Valve NRC - Nuclear Regulatory Commission OPER - Operating vi

NED0-30641A ACRONYMS AND ABBREVIATIONS (Continued)

! PM -

Performance Monitoring PNPS -

Pilgria Huclear Fower Station PR -

Pressure QAP -

Quality Audit Points RCIC -

Reactor Core Isolation Coolant RPV -

Reactor Pressure Vessel RTAD -

Real Time Analysis and Display RWCU -

Reactor dater Clean Up RX -

Reactor SAT -

Saturation SBGT - Standby Gas Treatment SCRM - Scram -,

SLC - Standby Liquid Control SPDS -

Safety Parameter Display System SRV - Safety Relief Valve TAF - Top of Active Fuel TEM - Temperature TRA -

Transient Recording and Analysis TSC - Technical Support Center VAV -

Validation and Verification VAC - Vacuum WW -

Wetwell i

(

A vii

4% ,. _

W b NE00-30641A P

4

/10 INTRODUCTION i

As a result of the accident at Three Mile Island, the Nuclear Regulatory Connission (NRC) has detemined the need for a Safety Parameter Display System (SPDS) which provides a concise display of critical plant operating variables.

Its intended role is to provide vital plant data to aid control room personnel in detemining the safety status of the plant during emergency conditions.

The NRC requirements for the SPDS are contained in Supplement I to NUREG 0737

" Requirements for Emergency Response Capability" (Reference 1).

The SPDS portion of the Pilgrim Nuclear Power Station (PNPS) Emergency i and Plant Infomation Computer (EPIC) meets the NRC requirements for an SPDS, in that, it provides aid to the operator in detemining the safety status of the plant during abnomal or emergency conditions. The graphic displays available to the control roun operator are based on the Emergency Procedure .

Guidelines (EPGs) Revision 2 and are fomatted to give maximum assistance in following the Pilgrim Nuclear Power Station Emergency Operating Procedures (EOPs). Human factors engineering has also been taken into account during 2

development of the Pilgrim SPDS to maximize the operators abilities to readily detemine plant status and to minimize errors by the operator during its use.

The PNPS SPDS is being arided as an aid to plant operators. It is not intended as a substitute for other safety-related equipment or instrumenta-tion, but rather as an adjunct to such equipment. The PNPS SPDS is not essential to the safe operation of the plant, it is not essential to the prevention of events inimical to the public health and safety, nor is it

, essential to the mitigation of the consequences of an accident. Further, PNPS SPDS does not constitute a significaat hazard as defined by the criteria of 10CFR50.92 and as exampled in 48FR14870. This means that the operation of Pilgrim Station after the incorporation of PNPS SPDS will not: (1) involve a significant increase in the probability or consequences of an accident pre-

, viously evaluated; or (2) create the possibility of a new or different kind of accident from any accident previously evaluated; or (3) involve a sipificant reduction in a margin of safety.

[\ This report addresses the requirements of Supplement 1 Section 4, NUREG 4

0737, by including the bases on which the selircted parameters were judged

- to be sufficient to assess the safety status of the Pflgrim Nuclear Power Station (PNPS). As such, this report constitutes the safety analysis report y required by thq NRC to satisfy the SPDS documentation requirements of b Supplement 1 tc)NUREG 0737.

In addition to the basis for parameter selection, this report discusses other aspects of the PNPS SPDS in relation to the NRC requirements. Among these are general descriptions of the system which provides the PNPS SPDS function, general descriptions of the various displays available to the PNPS SPDS users, the bases for those displays, the human factors implementation plan and the verification and validation features used in the development of the PNPS SPDS.

i i 1 4

, _ . . _ - . . _ ,v. m._ . . _ _ . _ .

NED0-30641A

~

2.0 EPIC SYSTEM DESCRIPTION 2.1 GENERAL ,

The Pilgrim Nuclesr Power Station (PNPS) Emergency and Plant Information Computer (EPIC) is a centralized, integrated system which performs the process monitoring and calculations defined as being necessary for the effective evaluation of normal and emergency power plant operation. The EPIC acquires and records process data including temperatures, pressure, flows, and status.

This data is then processed by the EPIC to produce meaningful displays, logs, and plots of current or historical plant performance and presented to plant )

personnel in the plant main control room or other user definable locations. A system hardware diagram is provided as Figure 2-1. This diagram shows Man Machine Interface (MMI) hardware in the various plant locations, as well as a basic hardware configuration.

The major functions of the EPIC Systen are described below:

a. Main Processing Functions - performs functions entailing basic data manipulations and preprocessing.

b. Man Machine Interface - performs the function of interfacing the human with the EPIC system.

c. Data Acquisition Functions - performs data acquisitian and plant process instrumentation interface.

d. Perfomance Monitoring Functions - performs all functions necessary to evaluate the perfomance of the Nuclear Steam Supply System and Balance of Plant.

e. Transient, and Recording and Analysis Functions - performs analysis logging, plotting and recording functions.

4 f. Real-Time Analysis and Display Functions - performs all functions required to produce displays including display building and dynamic disple processing functions.

A brief description of each major function is provided below.

2.2 MAIN PROCESSING FUNCTIONS Main processing functions are those functions which are generic in nature and perfom basic data preparation functions. Included in these functfons are conversions, evaluation, alarming and data definition functions. This fuac-tion of the EPIC performs any generic calculations and processing of data for display or further analysis. These functions include point compositions I

2

_. - _ _l

NEW

_q___________-- PILGRIM q_ PL ANT IN TERF ACEq l g COMPUTER  ! CONTROL l l COLOR ROOM l COPIE R ROOM l rainien VIDEO g l l.

l iEHuiNAt l

l c W ATCH l

l K E v.R T -( EucH l

g display OARD switch ) DisPL AY l l l

I 3

M l I

I l cRr RINMI l l KEYBOARD l l DisnAv PWHER l

I l

vAK _ l l r- 1 l

l iin o g

c,, l l KDas E Y8,0 PHIN T E H l EO P l tAvARD l l l l

l r I l

1 cRr l l l l KEYBOARD PRINT E R g I DisetAv l l I 1

i. _ . ._,_

_p______q__,_ . . _ .L _ _ _ _ ____3 g DEc umaeus MODEMS AND l g ,

i NE ORK COMMUNICATION INTE RF ACES g g l (IMEM -

_F______4 -

p. ._._

_q g l 1 l COLOR PHiNrE RI g OLOH l l car ca' ==*

l KEYBOARD etOrrER KEYBOAHD l l

' I l l l

cOtDa HicH l PHiNi E H, l

g l cRr snED , nOriEH g l KEYSOARD PRINT E R s l

l i!O -

l L_ l l l l I "a 'N " "

I HioH cot cRO, R viD m l

i sPE E D l KEY 80AHD I E N"'h AL g l

l PRIN TE H l B l

l l

g l

l cotoR q ,

l l

PHiNi H l

l CRT l KEYBOARD Q SWITCH l l

VIDEO l l l l PHINi E H T E RMIN AL l

l l COLOH l l cOeiE H g g g l PtLGRIM TSC L_______________J________ L _ _ _ _ PILGRIM EOF J Figure 2-1. EPIC Hardware Configuration

NE00-30641A ~

l (generation of a point from 2 or more other points), limit checking, complex algorithm processing, and engineering unit conversions. In addition many system level functions such as database building and security control (pass-word, key lock, etc.) are a part of this EPIC function. I 2.3 MAN-MACHINE INTERFACE The Man-Machine Interface (MI) perfoms the function of interfacing the EPIC with plant personnel. Using the interface, the user can place demands on '

the system or acknowledge information received by the system. The interface also presents the results of monitoring, calculations, and control actions taken to the user. MI hardware consists of keyboards, function keys, CRT's, printers and typers.

2.4 DATA ACQUISITION (DA)

The Data Acquisition functions will perfom the function of interfacing the EPIC with process variable instrumentation. This interface function is able to acquire real-time analog, digital, and pulse data simultaneously from the process instrumentation and make that data available to the EPIC. The Data Acquisition function has the ability to gather data at specified rates and is capable of accommodating user specific requirements for the gathering and transmitting of that process data.

The Data Acquisition function is provided by a modular set of solid state components. The data acquisition function samples the plant signals at rates of up to 250 samples /second for analog signals and 500 samples /second for digital signals. The data acquisition portion of the EPIC has provisions for checking, signal loop calibration, signal conditioning and self-testing. In addition, incoming data is provided with " time tags" in order to provide Sequence of Events detennination. The data is interfaced with plant sensors via Input / Output modules (IOMs) and transmitted by fibre-optic cable in order to provide a means to isolate the EPIC from existing plant equipment. Trans-mission via wire cable is also provided where isolation is not required.

2.5 PERFORMANCE MONITORING (PM)

The Perfonnance Monitoring (PM) functions provide monitoring of total plant perfomance. The PM, in addition to being an evaluation tool, also aids in providing efficiency of plant operation. Evaluations are perfonned including, but not limited to, thermal power distribution, themal limit margins, energy sunnaries, exposure accumulations, enthalpfes, data summaries, calibration and diagnostics for analysis of the nuclea? steam supply. In addition, provisions are available to include Balance of Plant perfonnance calculation capabilities for turbine cycle, condenser, electrical, and feedwater heater performance analysis.

4

NED0-30641A 2.6 TRANSIENT RECORDING AND ANALYSIS (TRA)

The Transient Recording and Analysis (TRA) functions provide a real-time and historial perspective for the operation of the power plant. The purpose of the TRA functions is to provide high resolution recording capabilities for various plant parameters and means for event monitoring, data archival, plotting, trending, analyses, automatic and on-demand logging.

The TRA portion of the EPIC provides a means of data recording, archiving and analysis in order to support the determination and analysis of plant transients. Data recording and archiving capabilities can record changing plant parameters for up to 2-hours of pre-event data and 12-hours of post-event data. Data is then available for various outputs such as alarm logs, sequence of events report, trending, post trip logs, significant change reporting and plotting. In addition analysis routines are available to provide statistical evaluation (such as means minimums, maximums, standard deviations) and time series analysis.

2.7 REAL-TIME ANALYSIS AND DISPLAY (RTAD)

The Real-Time Analysis and Display (RTAD) functions provide automatic i

reporting and display updating of plant parameters for current user requests.

The RTAD shows critical plant parameters such as water levels, temperatures, pressures, flows, and status of pumps, valves, and other equipment. The RTAD is also capable of showing plant operational parameters.

The Real-Time Analysis and Display (RTAD) function of the EPIC provides real-time color graphic displays to provide a medium for the SPDS requirements of NUREG 0737, Supplement 1. The Real-Time Analysis and Display function pro-vides the capability to display sampled data, status indications, synthesized data and trends. Displays on the RTAD hardware are updated at least every 2 seconds. Trend information can also be provided for up to 60 minutes of data. In addition to display capability, the RTAD function provides display creation functions.

The specific displays which are provided by the Emergency Plant and Information Computer (EPIC) in order to meet the requirements of NUREG 0737, Supplement 1 and the design basis for these displays, are described in more detail in the following sections.

i i

t

! 5 I

m n ~e , , w - - - - - - - , . - - w

. NED0-30641A J

i i

i I

3.0 DISPLAY BASIS The basis for each PNPS SPDS color-graphic display is the display user's emergency response infomation requirements. These requirements are deter-mined by the user's emergency response functions, which are defined by the Pilgrim Nuclear Power Station (PNPS) Emergency Operating Procedures (EOPs)

(Reference 2) as developed from the generic Emergency Procedure Guidelines j (EPGs) (Reference 3).

3.1 PLANT CHARACTERISTICS The direct cycle Boiling Water Reactor (BWR) exhibits a number of features which facilitate emergency operation. Because of the large passive heat sink in the containment and suppression pool, the operator can initially

', concentrate his attention during an emergency on the primary objective of maintaining reactor water level. Following actions to stabilize reactor i parameters, containment control actions are taken. Other features of BWRs include a strong natural circulation combined with low power density so that core coverage assures adequate cooling, diverse and redundant water delivery systems, and complete Reactor Pressure Vessel (RPV) depressurization capa-bility. In addition, operation of a BWR during an emergency has important similarities to nomal operation. These similarities include use of normal plant systems as the first line of defense, and emergency operation with boiling in the reactor core which is familiar to plant operators.

4 The mechanisms by which a BWR may get into a nonsafe condition are by inadequate makeup of coolant to the RPV and inadequate long term heat removal.

Adequate liquid makeup to the RPY may be monitored using RPV water level.

i Water level control is a function of reactor power, since as power varies the boil off rate varies which will influence the amount of water makeup required.

Note that reactor power also impacts the long term heat removal capability. A plant which is isolated from the main condenser, and is putting heat into the containment, could exceed the containment heat capacity within a moderately short time period (less than an hour) if the reactor power is not reduced or the plant shutdown.

PNPS has many diverse and redundant injection systems that operate over 1

various pressure ranges to provide RPV water level makeup. The majority of

. the emergency core cooling systems (spray and injection) operate over low RPY pressure ranges. Hence, reactor pressure control is important to assure that RPV water level can be maintained.

The most effective long term heat removal is provided by the main condenser. However, when the plant is isolated, the suppression pool serves l

both as a heat sink and as ar. emergency water source. The suppression pool's ability to perform both these functions can be monitored using suppression pool temperature and water level.

The primary containment pressure suppression design works to prevent releases of radioactivity to the outside environment which may be caused by primary system leaks or breaks. The pressure suppression function efficiency l

6 i

I i

NEDO-3064iA can be monitored using containment pressure. If the pressure is maintained low, containment integrity is maintained with the associated ability to quench steam discharges from the RPV or containment and to serve as a boundary to protect the public health and safety.

Drywell temperature is another measure of the ability to maintain the plant in a safe stable condition. Equipment in the drywell which is important to maintaining RPV water level (e.g., injection valves, water level monitoring instrument lines, safety / relief valves) may be adversely affected by its environmental temperature. In addition, the containment pressure will be influenced by the airspace temperature. Therefore drywell temperature is another important parameter for monitoring and display.

In sumary, the EPG Control parameters important to plant safety are RPV water level, RPV pressure.

reactor power, suppression pool temperature.

suppression pool water level, containment pressure (drywell and suppression chamber), and drywell temperature.

The operator response in a BWR is basically the same for all events. Sim-plistically, this two-part response consists first of maintaining reactor water level, and second of establishing long-term heat removal after reactor water level is stabilized. The monitoring and control of the above parameters will assure the plant is maintained in a safe stable condition.

! 3.2 EMERGENCY PROCEDURE GUIDELINES (EPG's)

The common operator response to all inventory threatening events facili-I tated the development of generic EPGs which are symptom based as opposed to event based. The operator does not need to diagnose what off-nonnal event is 4 occurring in the plant in order to decide what actions to take. Rather, he observes the symptoms which exist and takes actions based on controlling those symptoms.

The generic symptcaatic EPGs which have been developed (Revision 2) are:

e RPV Control Guideline

e Primary Containment Control Guideline The guideline structure is illustrated in Figure 3-1. The RPV Centrol Guideline provides instructions to maintain adequate core cooling, shut down the reactor, and cool down the RPV to cold shutdown conditions. The entry conditions to the RPV Control Guideline are any of the following

f - RPV water level below the low level scram setpoint RPV pressure above the high pressure scram setpoint i

7

_n-

i . .

NED0-30641A f

(--------------------------,t - -

I I I / T I

- a i

h b5 i

in i-

-e E

e id -

v-

,i l- l3 2 RE U ,

4 l=

i:W :--

E-l_ _m" g i

1. ~ ~" I i

lE jbj _

bm-5 y

8 i- g5S El d- dW i i 1 -EE EE ga g5 l 1 l 5.. .. gg gy= I l

- i \ / = i N i l - -

L-.------------------------

1 f

m l

e p------_--__---,

i I 4

. a i e I

i d i - "h R$

D e l g5w .

l M,*

• g

' l

!. i!!!

8

/ T i =

u w a

, 3 U t G

O I

• m l A g 1 -

D l - $

5 I i N E$ Eg , ..

==

e

.. - m a- 4 WE ' 0 =. .- OEE -

i E 2 -a E

" i E

E t-

_EI53

-2

- -=

'w

-! gs ,

4

=

" i .g--- .

g W

] i "g nsEaN 5- $

g l i j e

E**** .

i

_ e

)

0 l -

' 1 i '

s s  :

! -I 8 I

sd +, :tSE cEs 4

' i a e l =

$- r I "E i ~

g 4 i , .

8 1

l e

i i

-ly=f w

e R

1 I L_-_-_----------

8

NED0-30641A Drywell pressure above the scram setpoint An isolation which requires or initiates reactor scr.1 A condition which requires reactor scram, and reactor power above the APRM downscale trip or reactor power cannot ce detemined.

The RPV Control Guideline provides instructions to control the key parameters of RPV water level, RPV pressure, and reactor power in parallel. The actions specified are designed to maintain the RPY water level in a satisfactory range, assure the reactor is shutdown, control reactor pressure to limit S'afety Relief Valve (SRV) cycling and cooldown the reactor as necessary. Note that reactor power and cooldown rate will not be important at the same time.

During the initial transient, reactor water level, reactor pressure and reactor power will be the key control parameters. Once the reactor is shut-down, RPV water level, pressure, and temperature /cooldown rate will be the key control parameters.

The Primary Containment Control Guideline provides instructions to maintain primary containment integrity and protect equipment in the primary containment. The entry conditions for the Containment Control Guideline are any of the following:

Suppression pool temperature above its nomal operating Limiting Condition for Operation (LCO)

- Suppression pool water level above its maximum LCO

- - Suppression pool water level below its minimum LCO Drywell temperature above its LCO Drywell pressure above the scram setpoint.

This guideline provides instruction to control the key parameters of suppres-sion pool temperature and water level, drywell temperatura, and containment pressure in parallel. The actions are designed to mitigate the containment response to any event and restore and maintain these parameters in their nor- i mal ranges. Since containment response may be impacted by reactor conditions (e.g., cycling SRVs causing pool heatup), this guideline contains separate instructions to scram and depressurize the reactor when the containment control parameters reach specific values.

The EPG also contains seven contingencies as follows C1 - Level Restoration C2 - Emergency RPV Depressurization C3 - Steam Cooling l

I g I

\______.____-__. , , - . . _ . . -_

) NE00-30641A -

1 j C4 - Core Cooling Without Level Restoration (Spray Cooling)

C5 - Alternate Shutdown Cooling I C6 - RPV Flooding C7 - Level / Power Control.

The contingencies all provide instructions to control RPV water level and/or pressure. They are entered from the RPV Control Guideline or from each other whenever conditions defined in the guidelines dictate. For example, if water level is not being restored and maintained above the top-of-active fuel with '

4 the general actions specified in the RPV Control Guideline, the operator shifts to Contingency 1-(Cl) where more explicit instructions are given in water level control. If the symptoms of water level, water level trend, reactor l pressure range, and system availability evaluated in C1 dictate that emergency RPV depressurization is required, then the operator shifts from the pressure l control section of the RPV Control Guideline to C2.

The NRC has written a Nty Evaluation Report (Reference 4) which approves Revision 2 of the generic BWR EPG's for implementation. The Pilgia E0Ps are based upon and consistent with this revision and incorporate all the features of the generic EPGs which apply to the Pilgrim Nuclear Power Station.

The PNPS E0Ps utilize PNPS specific systems, curves, and values. The RPV Control Guideline and Contingencies have been combined as appropriate to integrate the new symptom based E0Ps into the plant procedures.

3.3 REQUIRED INFORMATION The displays given in Table 3-1 are designed to provide the specific i infomation needed by each class of personnel in order for them to fulfill their assigned responsibilities. Though this infomation is generally avail-able throughout the control room for the personnel located there, the SPDS function of the EPIC supplies this infomation accurately and concisely in a unified and centralized display of emergency response infomation. The EPIC is also capable of providing this full range of infomation to personnel in

'the Technical Support Center (TSC) and Emergency Offsite Facility (EOF). The displays listed in Table 3-1 provide sufficient infomation for each member of the emergency response team to perform his specific function. The basis for

the infomation provided on each display is provided in the following j paragraphs.

3.3.1 RPV Control Display This display is based on the RPV Control Guideline and related contin-gencies in the EPGs.

• l l

• General Electric Company Proprietary Information.

10

1 NED0-30641A I

\

l i

i M

M W

M D

Q W

Q 2

W W

2 m

O H

H LJ W

Ch.

- M e W OS E G 2 e-

• 43 85 2 M

(J O

M Q

Q.

M La-O

>=

E I

M i

l i

i 11

NE00-30641A -

i l

3.3.2 Containment Control Display This display is based on the Containment Control Guideline in the EPGs.

3.3.3 Critical Plant Variables Display This display is based on the entry conditions and control parameters in the EPGs. It is the top level safety parameter display.

3.3.4 Two-Dimensional Plots Certain parameter levels and specific limits which indicate the need fo~

action in the PNPS E0Ps are two-dimensional plots (curves) which relate separate control parameters j 12 l

I i -_ _ --__

NED0-30641A l l 3.3.5 Trend Plots l

They are described in detail in 3.3.6 Validation Status Displays e

~

Yalidation Status Displays are described in detail in Section 4.

3.4 SPDS REQUIREMENTS NUREG 0737 Supplement I specifies the requirements for the infomation displayed by SPDS. These requirements are met by providing displays con-sistent with the EPGs/EOPs since the fundamental actions required to restore and maintain the plant in a safe stable condition are defined in the EPGs/EOPs.

The infomation display requirements extracted from NUREG 0737 Supplement 1 and the PNPS 905 implementation which satisfies the requirements follows.

"4.1.a . . . . provide a concise display of critical variables" "4.1. f The minimum irformation to be provided shall be sufficient to provide information to plant operators about:

13

NED0-30641 A

"(f ) - Reactivity control"

'l

"(11) Reactor core cooling and heat removal from the primary system" s.

"(iii) Reactor coolant system integrity"

"(iv) Radioactivity Control" i

14 l

NED0-30641A

"(v) Containment conditions" l

l l

l NUREG 0737 Supplement 1 Section 4.1.d further states that "The selection of specific information that should be provided for a particular plant shall be based on engineering judgment of individual plant licensees, taking into account the importance of prompt implementation." It is the judgment of the Boston Edison Company (BECO) that the displays defined herein provide sufficient information such that the PNPS SPDS together with the upgraded E0Ps will provide a significant enhancement to plant safety.

l 4

15 l 1

NEDO-30641A l

. 4.0 DISPLAY DESCRIPTION The displays presented in this section represent the mechanism through which the Boston Edison Company (BECO) will satisfy the SPDS requirements for the Pilgrim Nuclear Power Station (PNPS). The PNPS SPDS control room displays present the fundamental infonnation needed by nuclear power plant personnel to respond to an emergency. ' Using standard alphanumeric keys, function keys and poke points at the graphic display console (GDC), the user can manually select displays for viewing on the cathode ray tube (CRT).

The displays available at each GDC consist of:

a. Reactor Pressure Vessel (RPV) control displays,

b. Containment control displays,

c. Critical plant variables

d. Two-dimensional (2D) plots

e. Trend plots, and

f. Validation status displays.

These displays provide real time data with emphasis on showing the current

! plant status and recent trend history. RPV control and contairunent control displays are keyed to the appropriate PNPS EOP's as described in Section 3.2.

The critical plant variables display shows all of the PNPS E0P entry condi-tions. Trend plot displays contain real-time digital infonnation, but their overall emphasis is to show the most recent trends. 2D plots present the limits defined in the PNPS E0Ps which are curves showing the relationship between two parameters. Validation status displays supply an evaluation of plant control parameter signals.

Figures 4-1 through 4-8 are black and white copies of representative displays. Each display shows the color gun status, date and time, and the l RPV/ containment alans indications. The status of the three color guns--red, i

blue, and green--are shown next to the plant name in the lower right-hand corner of each display. The current calendar date and time of day (expressed to the nearest second) are shown next to the color gun status indication.

s 4

! l l

16 i

i i

l

NE00-30641A 4.1 RPV CONTROL DISPLAY l

l The display presents information using the criteria listed in

, Section 3.1. RPV Control Displays are shown in Figures 4-1 and 4-2.

l l 4.1.1 System Status As an operator proceeds thrnugh the PNPS E0P's, he is directed to access the status of systems necessary to perform certain actions. These systems are included in the system status section of the display.

The following lists the systems which are included in the system status sectic7:

a. Condensate /Feedwater, CRD, RCIC, HPCI, LPCS, and LPCI

i

b. Reactor Water Clean Up (RWCU):l

c. Turbine Bypass Valves:

17

NEUU-3064iA C

T

-=

" * ' = " "

816 RPV CONTROL--POWER RPV LEVEL W4 IN HAF t q caoSaw IN0iff diVS 58Xf ?U!I I OBlR I ia  ?

WAT t RPU POW PUM) MSL RAD I N TRIP HII 48 E  ?

CR0 AVA PRESS AUAkRL 8" =

. RU) NORMAL RCIC ll0[{ ! plllg hlyf POF"P g g gg g SCRAM LOI 9 E

-189- r HPCI ll0[{! pllgs hlY[

P0M pU l ggP l -150,14 . . (MIN) . . - . . . .9 LPCS RPV PRESS HIII PSIG I POOL LD I1155 E LPCI -

800-HEAT CAPl1299E --

Cb0 H6  ! SHUT 4gg. ( SRU LIFTl1995E RUCU U I I'II 0 -

-14.........8 (MIM) =--

h k$ A O HT RX POWER WJ% h BY AS AUbL A L RORY SUT!

80- -

~

APRM DHSCL 13 E a DRRIHS !AUbLBE RORYfSUT! !R0 $H ,

I SLC l gn'gg{UtDgLE RONk 0FF g '.. ...... E

-19 (MIN) 8 _L PIL6 RIM S 8 0 02-JUN-198413:06:30 y k=

.[

E M .-

Figure 4-1. RPV Control with Power  %

18 T-E 4

4 4

4

. . ~ .-

NED0-30641A 822 RPV CONTROL--TEMP RPU LEVEL Elta IN >TAF CHDS/FWl$hg{f plhgg $0l{f PyPg p g gp g -" IN P A CR0 l$hh{ ! plhgg $0l(( PpH R g l yoggqL l 45-RCIC 180!!! p Ess 10AY'."of,' I I 84H I f,'.

HPCI $n g lNl (.

8,14. . .WIW). . .8 LPCS lng gn RPU PRESS RIII PSIS W U POOL LD 11158 E AU 1950" HEAT CAP 112805 Ch$ 8 V !S T  ! 959 SRU LIFT 11895E RUCU I I AU 850,14. . (MIH)... 4 h!k$f!AbbkL AU!kLADAYfSNfl RPU TEMP EMI T ByfAhlAhkkL A kL A hY YHf -

TEMP RATE D bS lAU bka!E ROhf YNfl R Hl 533- Q F/HR I0 '

SLC lAhAILANE bO!k P\ry ) ,

. o . ,

4cc_

PILERIM S 9 0 02-JUN-198414:00:00 l

Figure 4-2. RPV Control with Temperature 19

)

NED0-30641A

d. Turbine Control Valves:

e. Main Steam Line Drain:

f. Shutdown Cooling:

g. Standby Liquid Control (SLC):

4.1. 2 Event Targets There are six event targets on the RPV Control Display. They give the status of the following " events".

a. Group Isolation:

b. Safety Relief Valve (SRV):

c. Main Steam Isolation Valve (MSIV):

d. Scram:

e. Diesel Generator:

f. Main Steam Line Radiation:

20

NED0-30641A 4.1. 3 Control Parameter Trend Plots Each control parameter, as defined in Section 3, is presented in a trend plot mini-display consisting of a time history data plot, bar graph, and digital readout. Control parameters for the RPV Control Display are RPV water level, pressure, and either reactor power (Figure 4-1) or RPV temperature (Figure 4-2).

All RPV control parameters are validated parameters.

The horizontal scale of the time history data plot for all control parameters is the most recent ten minutes with the exception of RPV tempera- s ture, for which the horizontal scale is the most recent sixty minutes.

4.1. 4 Limit Tags A control parameter may have up to five limit tags associated with it, each corresponding to a process limit identified by the PNPS E0Ps. Table 4-1 lists the limit tags which are associated with each of the trend plots on the RPV Control Display..

21 l

NED0-30641A Table 4-1 TREND PLOT LIMIT TAGS FOR RPV CONTROL DISPLAY Control Parameter Static Limits Dynamic Limits RPV Water Level Trip Hi, Scram Lo, TAF None RPV Pressure SRY Lift,100% BPV* Pool LD, H2at Cap Reactor Power APRM DNSCL None RPV Temperature None None

• Indicates a permissive limit 22

NED0-30641A 4.2 CONTAINMENT CONTROL DISPLAY This top-level display provides control room operators with the primary plant infomation reqdired to execute the PNPS E0P developed from the Containment Control Guideline. The display presents infonnation using the criteria discussed in Section 3.1. Containment control displays are shown in Figures 4-3 and 4-4.

4.2.1 System Status As an operator proceeds through the PNPS E0P's, he is directed to access the status of systems necessary to perform certain actions. These systems are included in the system status section of the display.

The following lists the systems which are included in the system status section:

a. Pool Cooling:

b. Drywell Cooling:

c. Drywell Spray and Suppression Pool Spray: , ,

d. Standby Gas Treatment (SBGT): ,

23 L

M NEDO-30641A L 839 N CONTAIHMENT CONTROL--DW _

DW PRESS SftI PS!8. -

4.0 __

C00 1 RU RH H 3.5- SPRRY I 13.8 E 3.0 N 2, g- OPER HII 2.5 E a, T 1=

. Ytrut .

UPPER DW TEMP 5td I 'F -

3n M RPU SAT 1545 E -

259' W B' E6HIB M W MEi .m . . a= = ' = ' 2 ' -

200-

_ _ k OPER HI I194 E

~

YifWi 'O -

$g r::ha IsliNEI;il':a an20.a U

LOWER DW TEMP BCH 'F 290 RPU snT 1545 E h

150--- -~1 DESIGN 1281E tee-S84T l t@h P0gR Ol f- OPER HI 1155 E =

-:,4'YnfWi's -

P!L8 RIM 0 e 8 32-JUN-199414 00:00 -;

Figure 4-3. CNTNT Control, Drywell 24 --

d

NED0-30641A 8 3 5 ' **" ""a' ' CNTMT CONTROL--SUPPR CH POOL LEVEL M IN C0019 l Abktb80E bhNk RH! lHOThPER! 1 POOL LDI 68 E OPER HIi 149 E lCAU ON ! OPER LOI 128 E 125 b k!Ahbh8E bh R  ! SRU

-18'TNI'NI'8 SUPPR CH PRESS R R) PSIG GROUP MAXIMUM 156.O E l ggg eMDl 40 l s'- "a su""'" "

a p ineat! minh!k! wI 8 I DESIGN 125.0E lSCRAh gO E ! p SPRRY 113.9 E g

-18 (MIH) 0 -

mu T

1. % IWeaf ! &uk 58:1! WI 1;OLTEMP HEAT CAPl148E 75 l

SCRM TEMP 1118 E SB6T l t{lk3jp POWpR gg

-:,s ' YN!'Hi 's PIL6 RIM 0 0 0 92-JUH-199414880:00 Figure 4-4. CNTNT Control, Suppression Chamber 25

NED0-30641A 4.2.2 Event Targets There are five event targets on the Containment Control Display. They give the status of the following " events".

a. Group Isolation (see Section 4.1.2)

b. Safety Relief Valve (SRV) (see Section 4.1.2)

c. Scram (see Section 4.1.2)

d. Diesel Generator (see Section 4.1.2)

e. Radiation:

4.2.3 Control Parameter Trend Plots Control parameters plotted for the drywell containment control display are drywell pressure and upper and lower maximum drywell temperatures. Control parameters for the suppression chamber containment control display are suppression chamber pressure, suppression pool temperature, and suppression -

pool water level. Except for the drywell temperatures, all containment control parameters are validated parameters. The trend plot description is the same as given in Section 4.1.3.

4.2.4 Limit Tags As on the RPV Control Display, limit tags are associated with each of the trend plots on the Containment Control Display. The limit tag description is the same as given in Section 4.1.4. Table 4-2 lists the limit tags which are associated with each of the trend plots on the containment control display.

4.3 CRITICAL PLANT VARIABLES DISPLAY The Critical Plant Variables Display (Figure 4-5) is an image of the plant and presents two types of E0P information: control parameters and their limits, and event indications.

26

NE00-30641A i

Table 4-2 CONTAINMENT CONTROL DISPLAY TREND PLOT LIMITS I

l Control Parameter Static Limits Dynamic Limits DW Pressure Oper Hi Spray Suppression Chamber -- Maximum, Design, Pressure Pressure Suppression, Spray DW Temperatures Design, Oper Hi RPV Sat Suppression Pool Temp. SCRM Temp, Oper Hi Heat Cap Suppression Pool Level Oper Hi, Oper Lo, Vac Brkr Pool LD, Heat Cap 4.4 TREND PLOT DISPLAYS ,

Trend plot displays are available for all control parameters. A typical Pilgrim trend plot display is shown in Figure 4-6.

The horizontal plot scale for all inputs is the most recent thirty minutes except RPV temperature for which the plot scale is the most recent sixty minutes.

Figure 4-6 shows the trend plot display for RPV water l'evel. The trend plot displays include Reactor, Pressure Vessel (RPV) Kater Level Suppression Pool Level Reactor Pressure Yessel (RPV) Pressure Reactor Power Reactor Pressure Yessel (RPV) Temperature 27

NED0-30641d i

""===

814 ==== CRITICAL PLANT VARI ABLES  ;

1. <ptramm l ,sg l% I Eh 'I 4 RPV UPPERTEMP[ l N0YhL !

T f6 U PRESS EEIt) PSI 6 i

U "

y

~

( 100% BPUl 930 )

DRYWELL I

1. hhb 6 LEVEL 3 IN PR PSI 6 M POWER  %

LOWER TEMP 6

@T SUPPRg8IGN p

g i

' LVL EMS IN l ONY !

M /

TEMP M h5 T FIL6 RIM 8 9 9 92-JUN-198413898 00 -

l

\,

Figure 4-5. Critical Plant Variables 28 1

l____- - -

NED0-30641A S

V 062 * " "

RPV WATER LEVEL "a==

( m.13 IN >TRF

-1.'

IN 68 ,

45- TRIP HI I 48 E y SCRRR LO I 9E TRF I -127 E 15-

., s 0 . . .

,3e , gs ,l9 e TIME (MINUTES)

PIL8 RIM 0 8 8 82-JOH-1984 131 Ht08 l,

Figure 4-6. Trend Plot - RPV Water Level l

29 i

f

NED0-30641A Drywell Pressure Suppression Chamber Pressure Suppression Pool Temperature Drywell Temperatures (Upper and Lower) 4.5 2D PLOT DISPLAYS These lower-level displays provide operators in the control room and plant engineers in the control room and TSC with plots of the two-dimensional limits defined in the E0P's. These limits are also presented as limit tags on the RPV and containment control displays.

There are ten dynamic and one static 2D plot displays. A typical PNPS 2D plot is shown in Figure 4-7.

The 2D plot displays include:

Suppression Pool Load Limit (dynamic)

Heat Capacity Level Limit (dynamic)

Heat Capacity Temperature Limit (dynamic)

Primary Containment Pressere Limit (dynamic)

Primary Containment Design Pressure (dynamic)

Pressure Suppression Pressure (dynamic)

Maximum Core Uncovery Time Limit (static)

Average Hot Reference Leg Temperature (dynamic)

Average Cold Reference Leg Temperature (dynamic)

Drywell Spray Initiation Pressure Limit:

Drywell Parameters (dynamic)

Suppression Pool Parameters (dynamic) 30

l HED0-30641A l

852 """"" PRI CONTAINMENT DESIGN PRESS """'"

78-e f

v 68-e 58- m 0 SUP PRESS 48 PSIS E

38- ) B0T B il IN E 18-e a 8 5 l'8 l'5 2'8 2'5 3'8 SUPPRESSION POOL WATER LEVEL (FT)

PILGRIM 8 8 8 82-JUN-1984 11:88:08 l

Figure 4-7. 2D Plot - Primary CNTNT Design Pressure 31

NED0-30641A 4.6 YALIDATION STATUS DISPLAYS I

32

i NED0-30641A Figure 4-8. Validation Status - Reactor Power Validation 33

NED0-30641A' 5.0 HUMAN FACTOR ENGINEERING (HFE) IMPLEMENTATION 5.1 GENERAL A Human Factors Engineering Implementation plan is a part of the design process for the EPIC in order to insure that the EPIC meets its intended objectives and accommodates its intended users. All activities in the HFE implementation plan are iterative in nature. Designs are developed based on Human Factors Engineering principles, then reviewed to assure that those principles have been properly implemented. Results and recomunendations from reviews are then evaluated for impact and action plans are developed for incorporation into the design.

The EPIC HFE plan is an integral part of the design and review of the system as a whole as well as the design and review of the more detailed aspects of the system. The plan generally consists of activities such as definition of HFE requirements, reviews, testing, analysis and verificat. ion activities. These activities can be separated into the following specific major areas:

a. Definition of Functional Requirements and Analysis of Tasks s

b. Man Machine Interface Development and Review

c. Training plan development

d. Verification and Validation Figure 5-1 shows diagransnatically the Human Factors En will be implemented as part of the EPIC design processes. gineering P1an which As shown, the " Definition of Functional Requirements and Analysis of Tasks" are perfomed first. This creates the basis by which all other HFE activity is perfonned. This activity defines the objectives of the system and the tasks which the system must be designed to perfom.

The " Man Machine Interface Development and Review", " Training Plan Development", and certain aspects of the " Verification and Validation" activity are perfonned in a parallel fashion. In these activities, the system is examined to assure that it is properly designed for the intended user, a plan is set into place to train the personnel who are to use the system, and test plans are developed to insure that the requinneents defined in the

" Definition of Requirements" activity are met.

The final stage of the Human Factors Implementation is contained in the concluding activities of the " Verification and Validation". These activities include integrated testing and review of the systes as a whole. These tests verify that the system meets the system functional requirements and is properly implemented for a human user.

34

NEDO-30641A Figure 5-1. Human Factor / System Integration Plan 35

NED0-30641h The following sections describe in more detail the specific tasks which

, are performed in order to provide a comprehensive implementation of the overall HFE plan. Specific tasks consist of both plans for future implemen-tation as well as previously performed activities which can be related specifically to the EPIC.

5.2 DEFINITION OF REQUIREMENTS AND ANALYSIS OF TASKS 5.2.1 System Functional Requirements The first task in the HFE plan is the development of system level requirements. As shown f a Figure 5-1 the system level requirements will be based upon

a. Interfaces to systems outside of the EPIC  !

b. Codes, standards, and regulatory requirements

c. Assumptions and constraints

d. Definition of what the EPIC is to perform and what the user is to perform (functional allocation)

e. Purpose of the EPIC (Mission statement)

The system functional requirements define what the EPIC is to do, what performance is expected and wnat part of the system consists of user interaction.

These requirements provide the basis for comparison of all other activities. Any reviews performed on the EPIC are performed against the fulfillment of the requirements developed in this activity. The system level requirements is issued as a controlled document.

1 36

NED0-30641A l

l t

i 5.3 MAN MACHINE INTERFACES 5.3.1 General The purpose of the man-machine interface portion of the HFE plan is to assure that the hardware used in the EPIC is consistent with the intended purpose and function of the system. This assurance results from the use of HFE principles throughout the design process as well as systematic review procedures. The following specific activities are performed in order to implement this purpose.

5.4 TRAINING DEVELOPMENT 5.4.1 General Training plans, courses and course content are developed parallel to the other HFE activities of " Man Machine Interface Development" and " Validation and Verification". Again, training is developed based on the functional system level requirements and specific tasks with respect to the PNPS l

4 l

37 l

l

NED0-30641A Emergency Operating Procedures.

l 1

l i

5.5 HUMAN FACTORS ENGINEERING VERIFICATION AND VALIDATION 5.5.1 General The " Verification and Validation" activities of the HFE plan are an ongoing part of the entire design process for the EPIC. Some of the activities in verification and validation must be completed in the early stages of the

design process whereas others are completed only in the final stages of the project. The general aspects of the Verification and Validation process for the entire EPIC design are described in Section 6.0. The major features of the HFE portion of Verification and Validation are described below. They include:

a. Test Requirements Development

b. Static HFE Review

c. Dynamic Review

d. Integrated Hardware / Software Validation Test 38

- . - . - . = . -. . - _ .-

NE00-30641A 5.5.2 Test Requirements Generation The system functional requirements are used as the basis for the development of tests and procedures which verify and validate, in general, the EPIC functions, and specifically the PNPS SPDS displays.

5.5.3 Static HFE Review The PNPS SPDS displays are examined in a specific HFE review for comparison to basic human factors principles (such as those defined in NUREG 0700) and a determination of usefulness to the operator by using the tasks from the Control Room-Design Review. This type of review was previously performed on the General Electric generic Emergency Response Information System (ERIS) displays (see reference 6) using the BWROG Emergency Procedures Guidelines.

The results of the generic study were favorable and useful display improve-1 ments are being incorporated into the PNPS SPDS displays. The EPIC static review will be documented in a report form similar to that of reference 6.

5.5.4 Dynamic Review An extensive dynamic review was performed on the General Electric generic i ERIS displays at the BWR/6 simulator in Tulsa, Oklahoma. This review con-sisted of a HFE check using a checklist approach similar to that described in Section 5.5.3, the administration of 12 unique simulated transients, operator / system performance evaluations during the transients using the Perry Nuclear Power Plant E0Ps and data collection for the measurement of the useftir. ass of the ERIS SPDS related displays.

The results of this review are documented in reference 7. In general the ERIS was perceived by the operators as a significant aid in plant control

. during emergencies and was judged as presenting an exceptional source of l synthesized / centralized inforuation with regards to plant performance. In i addition, recommendations from the dynamic review are being incorporated into j the EPIC displays. A report similar to the generic dynamic review report will i

be generated to address the EPIC displays.

5.5.5 Final Integration Testing The final activity in completing the EPIC design is the integration of hardware / software and the user in a final test scenario. This test also called " Factory Acceptance Test", veriffes that the system has been correctly designed for the user and that the EPIC has met its intended purpose. This i

4 39 i

i

NED0-30641A test is based on the functional system requirements and the previously developed test plans and procedures. The results of this test will be fully documented in a report.

The Human Factors Plan for the EPIC is developed to fully consider the user as a part of the system as a whole. By assuring that the individual -

components of the system have been reviewed for HFE considerations and the components have been integrated on the system level, the EPIC will be a functior,a1 and useful system.

40

NED0-30641A 6.0 VERIFICATION AND VALIDATION (V8V)

The methods employed in the VaY procedures ensure that the PNPS SPDS supplies the functions and characteristics that it is required to provide and that the functions perform correctly. The review and testing processes are designed to identify problems or weaknesses in the design requirements, the design, and the implementation of the design, and to correct those problems and weaknesses.

The specific VaY plan identifies quality audit points (QAPs) along the PNPS SPDS development path. These QAPs range from performing specification reviews to code walkthroughs to several levels of software and system testi ng. Heavy emphasis is placed on achieving independent V&V, that is, employing reviewers and testers who have not been directly involved in the design.

Figure 6-1 '-hows the Quality Audit Points throughout the design process of the EPIC system.

By performing the V8V procedures depicted in Figure 6-1 a systematic and structured method is implemented to insure that the correct functions are provided and that the functions provided are correct.

41 l

M8hf 2:>

n o

i t

a d

i l

a V

d n

a n

i o

t a

c i

f i

r e

V f

o s

e n

o t

s e

l i

M r

j o

a M

1 6

e r

u g

i F

A

i NED0-30641A 4

7.0 CONCLUSION

)

The PNPS portion of the Pilgrim Nuclear Power Station (PNPS) Emergency and Plant Infomation Computer represents an integrated data system which provides a concise amount of pertinent plant data sufficient to evaluate the safety status of the plant. In addition, it allows for an evaluation of the response

of the plant to any automatic or operator initiated actions. The PNPS SPDS 1

gathers plant data, stores and processes the data, generates visual human-engir.eed displays, and provides printed records to aid the control room operators during emergency conditions. The PNPS SPDS design is based upon sound design goals and good human factors engineering which are intended to ensure a highly reliable infomation system which will provide consistent and accurate data.

The PNPS SPDS displays are based upon the symptom-based EPGs. The operator uses the PNPS SPDS as an aid in entering and following the PNPS Emergency Operating Procedures. The PNPS SPDS is not meant to be a control device; it is simply a source of significant infomation on plant safety to supplement displays already provided in the control room. The use of the PNPS SPDS assists the control room personnel in performing their emergency response functions.

i

In summary, the PNPS SPDS is a capable and effective data system for improving responses to emergency s

tuations. As demonstrated above, the PNPS SPDS complies with all the NRC requirements for the SPDS as set forth in Supplement I to NUREG-0737 (Requirements for Emergency Response Capability).

l I

.i 43 l

l

NEDO-30641A

8.0 REFERENCES

1) U.S. Nuclear Regulatory Commission, "Requiraments for Emergency Response Capability" Supplement to USNRC Report NUREG 0737, December 1982.

2) Nuclear Operations Dept. Pilgrim Nuclear Power Station (PNPS)

Emergency Operating Procedures, Draft.

3) BWR Owner's Group Emergency Procedure Guidelines, Revision 2 l l

4) " Safety Evaluation Report on the Emegency Procedure Guidelines Revision 2," letter D.G. Eisenhurt, NRC, to T. Dente, Chainnan BWR Owners Group, February 41983

5) U.S. Nuclear Regulatory Comission, " Guidelines for Control Room Design Reviews, USNRC Report NUREG 0700, September 1981.

44 l

(.

O

~

GEN ER AL $ ELECTRIC

._ - - - -