Text

U8,ITEo STAf tt

/*** ***'yA wuctsAn nEQULATOnY CoalIM8840N was ne.oTom. o.c. seen

....* My 1 g

..t i

MEMORANDUM FOR: Victor Ste110. Chairman Connittee to Review Generic Requireaients FROM: Guy A. Arlotto Director Division of Engineering Technology Office of Nuclear Regulatory Research

SUBJECT:

PROPOSEDREGULATORYGUIDE(!C609-5),"CRITERIAFORPOWER, INSTRUMENTATION, AND CONTROL PORTIONS OF SAFETY SYSTEMS" Enclosed for consideration by the Comittee to Review Generic Requiremen are 15 copies of Proposed Regulatory Guide (!C 609-5), " Criteria for Power, Instrumentation, and Control Portions of Safety Systems," dated April 1, 1985, and the Value/ Impact Assessment which is attached to the guide. Also enclosed are 15 copies of IEEE Std 603-1980, "!EEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations " which is endorsed by the guldet 15 copies of the public coments: 15 copies of the Discussion of Public Connents, 15 copies of the staff coments; and 15 copics of the CRGR Sumary.

This guide is being developed at the request of NRR to provide applicants with the NRC position regarding a national standard. IEEE Std 603 was prepared by lEEE to satisfy the need for a standard that covers the entire safety system, and not just the protection system as does the scope of IEEE Std 279-1971

" Criteria for frotection Systems for Nuclear Power Generating Stations."

Thus, the standard includes, among other equipment the reactor trip and engineered safety features equipment, and the auxtItary supporting features equipment, and not just the initiating circuitry for such equipment. ![EE has, in fact, withdrawn IEEE Std 279 1971 on the trounds that it is superseded by IEEE Std 603 1980. This withdrawal, however, does not remove IEEE Std 219-(1968&1971) versions from the regulations. It is the position of the staff that satisfying the provisions of this guide also satisfies the provisions of IEEE Std 279-(1968&1971).

uy A. Arlotto, Direc or Mh Division of Engineering Technology Office of fluclear Regulatory Research inclosures as stated hMtXf INGO' 6 rM M

TD ._ f2

/# Aptit 1,19A5 g U.S. NUCLEAR REGULATORY C091!SS10N 0FFICE OF NUCLEAR REGULATORY RESEARCH .b _;^ ^, '_" '

\

4M55 REGULATORY GUIDE AND VALUE/!MPACT STATEMENT y,D 'N'j/3

.....  %,, e A. mS. Nint_re . . .(.30.f.l .443.-7860 POKR CRITERIA FOR '9WOWDM, INSTRUPENTATION, AND CONTROL . %

PORTIONS OF SAFETY SYSTEMS

. A. INTRODUCTION Appendix A. " General Design Criteria for Nucle 'o lants," to 10 CFR Part 50, " Domestic Licensing of Production and Utt acilities,"

contains, among other things, reclutrements for s , reliability, .

qualificption and testability of the protec , systems that perform

_ otMec

- _ --- .u_e n lunt tle_ M . .

1 - .- *'--

^ ther syatoes (known ae aust1tary up orting feet res) that re o the operation of the protect s, taken co11ec-A tively, have been designated as safety by the Institute of Electrical and Electronics Engineers (IEEE) t ute the safety systees addressed in this regulatory guide. The fo11 eral Design Criteria are applicable to the JWN , instrumentatto

- _ _ . d ol portions of safety systeest o Criterton 2 " Dest tas for Protection Against Natural Phenomena,"

requires systems important to y to be designed to withstand the effects of natural phenneena without loss of capabt11ty to perform their enfety functions, o Critert tronmental and Missile Design Bases," requires syswas important to e designed to accoasnodate the effects of and to be compatible wt the ivtronmental conditions associated with normal operetton, f maintenanc t and postulated accidents.

i o rion 10. "Meactor Design," requires protection systees to be l

' designed wit rgins to assure that fuel design Itatta are not exceedeo, o Criterton 12. " Suppression of Reactor Power Oscillations," requires l protection systems to be designed to prevent or detect and suppress power

__ose:111stf ont that con result in conditions erteedina fuel _deston Iteits. .m . _ - -

.. z . . . - -

j .

. _ _ m  ;

M

__. ]

.' J _

m . .. ..

_ . . ._. . _ _ _ , .._ _._,i.m._ _ m i--_ . . _ . . . ~

[

A .-nx._ .N t . a i n - - - s' .a.a- -L NlA N,a a _--- - - n m.a L., -n .a

. , " - h ' .".2

^

C'~ . I I '.

^

E ~ .~ . , _ . " ^.N _ l 1 'me s A h ^ - ^- ^

a 4. ._A - ._.u_ s -ii .__.u 2 .t -_A_ i- .- -. - .-

na ._ - an as- -> .- u -

..__..s i-,1

.a.. a__

. ._"._-. :_ . . _ _ _ ,__..i_ 1.

' - . . . ' -_;. e___

L --)

O Criterion 13. CInstrumentation and Contro)," requires that instru-mentation be provided to monitor variables and systems over their anticipated ranges for nomal operation, anticipated operational occurrences, and accidents to assure adequate safety and requires appropriate controls to maintain variables and systems within prescribed operating ranges.

o CtLtetton 15, " Reactor Coolant Systen Design," AtAutres dat he reactor coolant systus and asecchtted autLLlaty, controt, and pottellon systems be desiened mLth suff telent mttgin to aseatc dat oc deslan condLelons of the rtatter coolant pesante bounda%y att not exceeded datin:1 any condLtion of notmat operation, 2ncluding anticipated optAationtt occuttnces.

~

- - o Criterton 17. " Electric Power Systems," requires electric power systems to be provided to pemit functioning of structures, systees, and components

'mportant i to safety, o Criterion 18, " Inspection and Testing of Electric Power Systems,"

requires electric power systems important to safety to be designed to permit periodic inspection and testing of such systems for operability and functional performance, o Criterion 20. " Protection System Functions," requires a protection system to sense anticipated operational occurrences and accidents and initiate operation of appropriate systems to assure that acceptable Ilmits are not exceeded, o Criterion 21, " Protection System Reliability and Testability "

requires the protection system to be designed with high functional reliability and intervice testability. This celterion also requires redundancy and independence to provide protection against single failures and retention of redundancy (except where justified) in the event equipment is removed for service. On-line testing is required.

o Criterion 22. " Protection Systee Independence," requires that the effects of natural phenomena, nomal operation, maintenance, testing, and postulated accident conditions on redundant channels do not result in loss of the protective function, o Criterton 23. " Protection System Failure Modes," requires that the i

protection system be designed to fall into a safe state or into a state demonstrated to be acceptable on some other basis if conditions such as dis-rennection of the system, loss of energy, or postulated adverse environments l are esperienced.

l

- 2 L

e Criterien 24, " Separation.of. Protection and Control Systems," requires separation of p'rotectien and control systems to the extent that failure or removal free service of control equipment or equipment common to protection andcentrol1eavesintactasysteEsatisfyingallreliabliity, redundancy, and independence requirements of the protection system and rewires,that_

safety not be impaired as a result of the interconnection of protect ~ ten and control systems, o Criterion 25. " Protection System Requirements "or Reactivity Control Malfunctions," requires that the protection system be designed to assure that specified acceptable fuel design limits will not be exceeded for any single malfunction of the reactivity control systems.

o Criterion 29, " Protection Against Anticipated Operational Occurrences,"

~

requires that protection systems and reactivity control systems (a protective action system) be designed to be highly reliable in accomplishing their safety functions in the event of anticipated operational occurrences.

o Criteria 34, % sidual Heat Removal." 35, " Emergency Core Cooling,"

30, " Containment Heat Removal," 41, " Containment Atmosphere cleanup," and 44, " Cooling Water," require suitable redundancy, interconnections, and iso-lation capabilities to assure that, for onsite and for offsite electric power I system operation, the protective function of these protective action systems can be accomplishes assuming a single failure, o Criteria 37, " Testing of Emergency Core Cooling System," 40, " Testing of containment Heat Removal System," 43, " Testing of Containment Atmosphere Cleanup Systems," and 44, " Testing of Cooling Water System," require designs to penett periodic functional testing of these systees, the operability and performance of,the active camponents of the system, and the operability of each of these protective action systems as a whole, including the full operational sequence that brings each system into operation, o Criterion 54, " Piping Systems Penetrating Containment," requires redundancy, reliability, and performance that reflect the importance of the isolation systems to safety. Capability for periodic testing is also required.

In addition, t 50.55a, " Codes and Standards," of 10 CFR Part 50 requires in paragraph (h) that protection systems meet the requirements set forth in

" Criteria for Protection Systems for Nuclear Power Generating Stations,"

IEEE Std 279-1971 (also designated AN51 N42.7-1972).

I S0.49 "EnubtenerAat @stlf4^Wn of Ettetric Equipment important to Safety for helaar Power Plant 4," of 10 CFR Part 50 required butt a p4ogram 6e totabilahed 3

O for qualifying saftbj-r*!at*d efte2 tic equlpment and ceAtaln ason-safety-related

. electric equipment.

This guide describes a method acceptable to the NRC staff for complying with the Consnission's regulations with respect to the design, reliability, qual-

)

ification, and testability of the : power.xt' , instrumentation, and centrol portions -

)

of safety systems. This guide applies to all types of nuclear powir plants.

S. DISCUSSION 1

3EEE Std 403-1900 *CDd4arda for Safety Systems for Nuclear Peuer Generat .

i Stati .

pre,.r.d ,5 committ.e e, saf.t ,nei.t.d e t.as. of  :

1EEE Std was

~~ ~

the IEEE Nuclepr Powe Egnygggtee (IFEC).

s W ntly approved by ,,rs.gend my the IEEE Standards " ---'" g on March 13, 1980. -

Power The requirements and recommendations of IEEE Std 603-1980 en the ::::t ':, ,

instrumentation, and controls portions of safety systems incorporate the requirements and recommendations contained in IEEE Std 279-1971,8 e$ose scope is limited to protection systems only. Compliance with the provisions of IEEE Std 603-1980, as sgplemented in Section C, is considered by the patc staff to. satisfy the provisions of IEEE Std 279-1971. (The converse is not true swing to the larger scope of IEEE std 603-1980.)

A brief discussion of the basis for each. regulatory position follows:

1. The paragraph was re-etitten to cortect an error. In the context of WC l

classification, the fire p=atortion system is not classified as a safety-related system.

t. A definition of safety-notated systems is added to make the list of definitions more complete.

5. The terms " safety systent' and " safety-related sustems" have evolved separately, and it is essential in applying IEEE Std 603-1980 tha.t the relationship of the . terms be understood. The essential elements of the definition of the term " safety-related electric equipment", contained in G 50.49 of 10 CFR Part 50, are considered applicable to safety-retated systems as well.

• Copies are available from the Institute of Electrical and Electronics Engir.eers, United Engineering Center, 345 East 47th Street, New York, NY 10017 4

l

4/ Regul ry Guide 1.97 "Instrumentaticn fcr Light-W:ter-cooled Nuclear Power Plants to Assess Plant and Environs Conditienjs Our.ing an#

sautxLa eafinn, Following fn Accident," provides specific recommendagigngold *Acesign, installation, and maintenance of certain instrumentationjw as Type A in that regu1atory guide. The reconnendations 'of Regatatory Gu.ide 1.97, some l of which are at variance with .the requirements of IEEE Std 497-1977,, are accep.t-

' l able for .the identification, design, instattalion, and maintenance cf .the display \

l instuunentation required for the manual ac.tuation of safety fanetions for dich l i

.there is no automatic achation.

,, .__ . . __ c___ _c_- - _ J - _c-

. 7.' ,. ,. ., . . . :. - . .-. - - - - - - .

.c_

_______,_..,___,--r---

7-~'

, ,ree e.2 ,,a_,a,.. m_. <___ __2__ _2 u. . o__..i..__..

r..a m , es.

u.._,___ o_. . . _ oi__. o__.__.,__ l

_, .m , _ _ , _ , _ , , . . _ _ ,_,.__,__ ..

vu. _.,______ u., <__. .ama ,__ .i-_,.7 c.... __ u I

....a ,__aa. .. .. .u y weer c.a ens _,non ___.. __, <-as ..<-- , . .

j

_,.<_._m -'. m_____

__ ,_.. _ _ _ . . _ i_..., v. 1. .u une ...,, __, .,__ .< . .

-r--

_L _ ., J _,__ L _

f____A__A A L. m,

__X,..

- .._ , _ _ . _ , f_ __-,

_Jf__.I__ .X .L. ---' ~ " T

'W

_- _ _ __. - _ , y.'r

_w____, _. ____ _ _ _ . __>__. ,___A _

.._u

__. ,__ - c..___. __

"#r-

_,__A

5. Section 6.5.1(1) of IEEE Std 603-1980 has been changed .to correct a printing u >_ .u uor ...,,___,.,__ .L.. .<_ .,____2.._ _<____, __

error, .. .. . . . _ __ _ _ _ . ,__ ..... . . . _ . ..._ _. .......... . . . . . . . _ , ..

g

- - ,-.2---_..7--_. -

m k. . . , J m. I m d. . .L.

, 2 _1_ _ g a { 1, , __ __{g__f__ Tk{,

gL,g AL- _2 L_..___ m._m. .-J 8.m...__, a8 ma8... ...m.-__

mm

_-m-J

\

.... ---- .. 2 .-__ .I.. .... ... . . ___ __ _ _ _ _ - . __ _ - -

_J ..L__ _.._A__ _ ___J__ X_f,.-__ _._. L. _ ____fJ_ ___J f_ _JJIA I__ .- _ , ,

.g.____-5

---_-_---- _ _E AL_

" " ' ' - ' ' ' " _ _JJL

_1__,_

-...=5--.-.. wr .... ....y.. ....._._ . . _ .

'" **

• 11. _ a. m m. A _ss *A

• AL_A ______q ___.__q s__g,____ _g_,,3; g, we aw a, .,,. ... ,.-,,

7. ,.... . . . _ _ - _ . _ _ . __.,_ .. , _ _ _ _ . __ _ _ _ _ _ . _ __

L =A __ _---tA__a. 2___ _2 L_.L __- __ -_J_ .A .J_ gat 1,.___

l l 5

1

6. Figate 7 of IEEE Std 603-1980 dsich ptovides an interptetation of Section I

6.3.1 is confushg and could be misleading in dat the upper left " diamond' cannot 1

accomoda.te an event ekich, by itself, results in a condition requiring a safety l function white simultaneously causing action by a non-safety system;-- A modified chart has been supplied by 1EEE and is included as Figure 1 of this guide.

-7. "!; :: 1 :' th': ;;id: '- 5:::d :: "';r : e' tt: :^--f:-d cfth t ;r- ' '-d'- ': t':t,-t:- th: ::: c' : :: ::':t; :;:^-  ::r't: '-

___2,.,__ .,_1__

_ _7 . _ _ . 1. . 3_.y __ .. __7.,_1___ _,. 9 _.__2__g - 7,

^ ^'II r l- ?2E?22 ZIIl^II2- II ICT f^^^ S I I('-) ^^ I I I(I)- *

7. Addisinnal 1EEE standards are fid*d in Section 3 of IEEE Std 603-1980 which are referenced in othet sections of he standard. As the WC staff may not have endorsed these other standards, a caution is ptovided regarding their use.

C. REGULATORY POSITION The requirements (indicated by the verb shall) contained in IEEE Std 603-1980 provide a method acceptable to the NRC staff for complying with the Commission's regulations with regard to the design, reliability, qualification, ower and testaollity of the c'p:t ::, instrumentation, and control portions of l

( safety systems as modified and supplemented by the following:

l l

l

1. In lieu of Section 1.'t of TEEE Std 603-1980, the foltoscing should be used: " Application. The criteria established herein are to be applied to aLL power *, instrumentation, and conttot portions of the plant safety system. In applying these criteria, the foltou:ing should be understood to be synonymous t (1) electric portions of the safety systems, (t) Class 1E, and (3) safety-6 l

~^

. nrated electric equipment sa defined in i 50.49 of 10 CFR Part 50. (it should be noted that de scope of de standard 44 64eader dan (!), (1), or (3) above since, e.g., pn*"=atie inatAusunts may be part of de safety system.)"

"*poner Lactades eiectric, pn="--tic, and kf=="'ic." .u.

1. The following deynttien should be added to Section 1 of IEEE Std 605-1980: " safety-peta +=d systems. Thoas systems reiled upon to remain functional du4ing and forrmalag design basia events to ensure -

(i) de integrity of de reactor coolant pressure boundary;

~ *

(Li) de *==nH'lty to shut down de reactor and wi=tain it in a safe shutdown condition; or (iii) de en.a Ntity to p4 event or m4tigate de consequences of ac-cidents nklch could result in ="t*=' int off-site exposates '

coups 4abte to de 10 CFR Part 100 guidelines.'

3. The use of the tern " safety system" throughout 1EEE Std 603-1980, should be understood to be synonymous with the term " safety-nelated systed .

Section 5.8.1 ed TEEE Std 403-1980, d e dian W4 der neoviM ona for "une A imatruments in 4 Forkdiepney e6 manually controlled actions, covered < nJM E

• 1 -

N, Regulatory Guide 1.97 " Instrumentation for Light-Water-Cooled Nuclear Power Plants to Assess Plant and Environs Conditions During and l Following an Accident," should be followed instead of IEEE Std 497-1977.

i 1

, I

. _ . . _ _ . . - _ _ _ _ _ . . . _ _ _ . _ _ _ _ _ _ . . _ _ _ _ _ - . _ _ _ _ _ _ _ _ _ . - . _ _ _ _ . _ . _ _ _ _ . . .__ __ ,__4.__....____

, _ _ . - _ e, -. _. .u.

,1_.

_, .u.

. _ _ _ _ _ - -__ _.________m . -- - ,_i,_ _

_m_..,2 4e weed *

.- . . -_ - , _, _ _. . ,-_-_. _ <- <. ___ , m

- - - __- - - - --_ _. _ _ -- _ _ - _ _ ._ -w g - . - -. - . -

E_ ,, _. .1__ __.L_J_

v__.2__ __ - J_ - __1 1.__ 2 __ . . * -- -

u ,__ ,__ _ _ _, ,__ s __ .- . _. sc _ _ _ _ _ _ .. ___, .

.7

_7 7 .

w - ..g - - . - --

A_ _L__ .L_. .L_ _ ..,___ - .m u. ..._, 81 2 m _-___._u,-

,, - . . . - - .__ ... _,_ r - - -- --

7-

---r --- ---

.r. .

_ r____,____ ..,.m ,2__.,_., __ , ,_,2.. __..,____. .._2__ ,,_,,._

__ ,____. .. u_ - _ , - >

___2, ,__. .,e . ..____ s _ _ _ _ , . . > . .. . u _. .u_. .u.

_7 7 _ . -y - - - - , - . _ .. _ _ ._- _ _

_3- 7

_____._m,_

____7 2 . _ _ , . . . > . ,_ ,s_. .- . ..,__ ,_ .u. #_,,_..,__ __....

,,s ,, . . . _ _ .__.,__ ,_ ____,.2_2 m. . .u_ _u......, . . .. -, .u.

, ,_, _ . _ , , _ ____ ., -- 7 - ___ _, , ,

, . _. . c. .. _ . ... _, .. __.

w. . - _ - - - .

7-.-_.-- w- g . . . _ w --w-

, ,, s s,

2_. _

.L_. _J _.... ,. . . _ _ _ _ . .um ___,i.. ,__7 _, .,__.,__, __J ,___1..,, ._, ,# .u.

, _<- _ m- _ _ _ ._ , _ . _ . _ .. . . ..

7_

-_g .y ____

7_._..-._

e v. _22,.,__ .. .u. ___..,,,___ _, ________m e r , e .u. _..,2_ ..

[

,...1 2. , r, u __,,__..

. . _.c___ ____,

.. . .,___o_..__ o,__. .__.__.,__ e.._.___ u _<_. ,2 <_ __,

S. In Section 6.3.1 of TEEE Std 603-1980, the fiAst sentence in 6.3.1(1) should be changed to read, " Alternate channels not subject to failure resulting from the same single event, shall be provided to limit the consequences of this event to a value specified by the design basis."

8 1

l __ ~ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ . -___ _ _ _

.. .<. ___..,_____ . ,_ __-__ - < c - ,. > 's > - -

, ,_ _,2, m._ ---

.,,__._2 m.____ 2 _m ___i _ < _ . . 2 u ___..,2_2

.m

6. Section 6.3.I of IEEE Std 603-1980 references Figuu 7 id.dat document l

fx a decision chart for applying de requirements of the section. Figure 1 of l i

bis guide should be used in lieu of Figure 7 of IEEE Std 603-1980.

, ,_ _221.,__ ._ .<_ ___..,_______ _, ________, , , , .u .i.___....,_

r - . r .

a____,_ ____..,____._<_..,2 ___. .< ___..,____.__,_______<1 s -

. ,_ ,,_ - .._ -- . . _.____ _. ________< n. , . .<_ , _ , , - . , _ _

shoond he essed:

. ,_,__ _<_.,2 ,__,.2_2 __ . < _ . .<_ ___..,_____., ,_ e , , .;

e, , , ___ u __. ,_ ___,..__. .. m e . s. . u ___..,_____._ _ , , , , , .

_m ___, 4. ,_ _. ,..______ m._...

, ,_ , , _ . _, r,___ , ., .<_ ..__2__2 c,_..__ , _, .<,_ ___..i..__.

_.,2_ _<_.22 u . . _2

7. Section 5 of IEEE Std 603-1920 Lists additional standards which are referenced in oder sections of de standard. Those referenced standards not l - endorsed by a reger!ntary guide for incorporated into de roytations) also 1

l contain valuable infornation and, if used, should be used in a manner consistent Oditk current regulatory Me.

I f

\

l 9

l l

. - n- . - - - - - - , ,n,, .-.

D. ]MPLEMENTATION The purpose of this section is to provide information to applicants and licensees regarding the NRC staff's plans for us,ing this regulatory gaide.

~

'd : - :; ::f , :'f: '-- 5::- - '--- ' '- --- --- ; 7 "- - ';--- -

~

1.  :. 2_..

' ;-- '. ExceptinthosecasesinwhichanapplicantIFlicenwe proposes an acceptable alternative method for complying'with specified portions of the Commission's regulations, the method h described in " dia _

guide _ ' ' ' * ; ; _i" _ - ^ will be used by the NRC staff in its evalua-tionofthedesign, reliability,qualfficationgandtestabilityofthepower e4ee W4e, instrumentation, and control portions of safety systems a h

' ;': : ^::: d:t: ^: i: :;::'-' " - - - ;"- '--'-- ^--- t .

-~

^J.. .t " . ' " ' 2: :::: 5: -- : -- ?:'; 1,1^^1 Jor all construction pejuni.t applications and appfiratinns for modifications to safety-st ated t sustems issued after (issue date of _ quide). Licensees or other applicants mey use 6Ls gylde in discussions saith ne staff as justification for the adequacy of de functional and design criteria for power, instrumentation, and control portions of safety-relat.ed systems for applications cuuentig pending. However, the staff does not intend to recomend be systema. tic aperiratinn of every aspect of this guide to plants cuuently operating or under review.

ro K L -- . _- --

^ ' ^ ^ ^ -

I

~

l POSTULATE A CREDISLE EVENT DOESEVEM NO CAUSE ACTION SY A -

NON.4AFETY SYSTEM 7 CRITBRIA -

- - YES OF DOES ACTION 8.3.UU OF NON. SAFETY No SYSTEM RESULT IN A -

CONDfTION REQUIR8NG AND PROTECTIVE ACT M F 6.3.Hal  !

YES NOT DOES APPkY ORIO4NATW90 EVENT IOR TTS CONSEQUENCESI ALSO PREVENT PROTECTIVE ACTION IN THE NO -

PflOTECTION SYSTEM CHANNELISI DESIGNED '

TO PflOVIDE PRINC8 PAL PROTECTION AGAlpsST THE CONDITION CAUSEO SY THE NON-i SAFETY SYSTEM ACTION 7 YES l

THIS IS A OSSION SASIS EVENT L AND ALL CRITERIA 0F TM48 OOCUMENT SMALL SE MET i i

WffM PARTICULAR ATTENTION TO SECTIONS s.a.un ANo s.a.ilal.

I I

Figurt 1 (REPLACES FIGURE 7 of IEEE Std 603-1980) 11

\ f

.c.

(

'- p.

POSTULATE A CREDISLE EVENT

~

• DOES EVENT SY NO DOES EVENT ITSELF RESULT bel CONDfTION - CAUSE ACTION SY A -

flEQUIRING SAFETY NON. SAFETY -

PUNCTION7 SYSTEM 7 YES CRmR YES OF DOES ACTION

"'3IIII OF NON SAFETY NO l SYSTEM RESULT IN -

CON 0 MON REQUIR G AND PROTECTIVE S.3.1 YES j NOT [

DOES OR I TING EVENT APPLY IOR ON QUENCESIALSO PREVENT OTE VE ACTION IN THE PROTE SYSTEM ANNELISI DESIGNED -

70 IDE PR180C L PROTECTION GAlteST THE NDmON

~

CAUSED BY NON.

SAFETY S

' ACTION 7 1 f y \ f l i

I Thi$ 18 A DESIGN BASl3 EVE AND ALL CRffERIA OF TMI DOCUMENT SNALL SE WTTH PARTICULAR ATTE ON TO SECTIONS SJ.1(1) D

! S.3.1821.

Figur$ 1 INTERPRETATION 6.3.1 OF IEEE Std 603-1980 l

VALUE/ IMPACT ASSESSMENT

1. Background The licensee of a nuclear power plant is required by the Comission's regulations to provide fnr th.e design, reliability, qualification, and testability of the pro-tection systems, systems that perforin protection functions, and other dystems that are essential to the operation of protection systems and the accomplishment of the protection functions. IEEE Std 279-1971, " Criteria for Protection Systems for Nuc-lear Power Generating Stations," is incorporated into the regulations and provides requirements and reconnendations for the protection systems. IEEE Std 603-1980,

~'

" Criteria for Safety Systems for Nuclear Power Generating Stations" provides the same criteria as IEEE Std 279-1971 for protection systems, but is expanded in scope and provides additional guidance by including criteria for protection system actua-tion functions and auxiliary systems. This regulatory guide endorses this additional guidance provided by IEEE Std 603-1980, with appropriate supplementary material.

2. Value/ Impact Assessment 2.1 General The guidance for the design, reliability, qualification, and testability of the power, instrumentation, and control portions of safety systems in IEEE Std 603-1980 is endorsed by this regulatory guide.

2.1.1 Value This action should result in more effective design, nliability, qualification and testability of safety systems, including auxiliary supporting features. It establishes the NRC position on a national consensus standard and therefore reduces uncertainty as to what the staff considers acceptable in the area covered.

It

2.1.2 Impact There should be no impact. IEEE Std 603 was developed with the intent that it eventually supersede IEEE Std 279. Its scope includes the protection system

~

as covered in IEEE Std 279, and is further expanded to include power sources

• Y-and execute features as well as protection systems. In the process of this expansion in scope, no new requirements are imposed than those already in the Code of Federal Regulations as augmented by the Standard Review Plan. The guid-ance given in this expansion in scope is essentially included in guidance pro-vided in existing regulatory guides. For instance. Regulatory Guide 1.32 en,-

dorses IEEE Std 308, which provides similar guidance for power sources. Reg-ulatory Guide 1.53 endorses IEEE Std 379 and provides similar guidance for meet-ing the single failure criterion. Regulatory Guide 1.75 endorses IEEE Std 384 and provides similar guidance for physical independence of redundant systems and equipment.

2.2 Application and Definitions Regulatory Positions 1, 2. and 3, were included to correct the error of citing the fire protection system as an example of a safety-related system and to provide clarification to terms used in the standard.

2.2.1 Value The error should be corrected and the definitions clarified to eliminate the possibility of misunderstanding.

2.2.2 Impact There is no impact since no new requirements are imposed.

13

2.3 Information Displays Regulatory Position 4 was included to replace the guidance of IEEE Std 497-1977 with Regulatory Guide 1.97 as it pertains to display for manually controlled actions. .,'-

2.3.1 Value Regulatory Guide 1.97 was developed to provide the staff's position with re-gard to display for manually controlled actions. The acceptability of all of the guidance of IEEE Std 497-1977 has not yet been determined by the staff, although ,

it is known that some of its provisions are at variance with staff recommendations, i.e., some ways of meeting the single failure criterion.

2.3.2 Impact There is no impact since no new requirements are imposed.

2.4 Interaction Regulatory Position 5 was included to correct a printing error.

t-2.4.1 Value The error should be corrected in order that proper understanding of the stand-ard can be obtained.

2.4.2 Impact There is no impact since no new requirements are imposed.

14

2.5 Interaction Chart Regulatory Position 6 was included to replace a figure that was confusing but which was intended to help in the decision process for applying the require-ments of Section 6.3.1 of IEEE Std 603-1980.

.u.

2.5.1 Value The new figure eliminates the confusion that was in the original figure and accomplishes the intent of aiding the decision making process in applying requirements.

~ '

2.5.2 Impact There is no impact as the new chart was supplied by the writing group who authored IEEE Std 603-1980 and it imposes no new requirements.

2.6 References Regulatory Position 7 was included to provide the staff position regarding the referenced national consensus standards in IEEE Std 603-1980.

2.6.1 Value It provides the user of the standard with information, where applicable, regarding the staff position of using the standards listed as references.

2.6.2 Impact There is no impact since no new requirements are imposed.

t l

15 i

T TDE Y-PUBLIC COPMENTS Regulatory Guide (IC 609-5)

" Criteria for Power. Instrumentation, and Control Portions of Safety Systems"

.