ML22240A041

From kanterella
Revision as of 04:44, 16 November 2024 by StriderTol (talk | contribs) (StriderTol Bot change)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Changes Related to AP1000 Gts Subsection 3.3.6, RTS Automatic Trip Logic
ML22240A041
Person / Time
Issue date: 05/01/2015
From:
NRC/NRR/DSS/STSB
To:
Craig Harbuck NRR/DSS 301-415-3140
Shared Package
ML22240A001 List: ... further results
References
Download: ML22240A041 (32)


Text

GTST AP1000- O59-3.3.6, Rev. 1

Advanced Passive 1000 (AP1000)

Generic Technical Specification Traveler (GTST)

Title:

Changes Related to LCO 3.3.6, Reactor Trip System (RTS) Automatic Trip Logic

I. Technical Specifications Task Force (TSTF) Travelers, Approved Since Revision 2 of STS NUREG-1431, and Used to Develop this GTST

TSTF Number and

Title:

TSTF-418-A, Rev 2, RPS and ESFAS Test Times and Completion Times (W CAP-14333)

TSTF-519-T, Rev 0, Increase Standardization in Condition and Required Action Notes

STS NUREGs Affected:

TSTF-418-A, Rev 2: NUREG 1431 TSTF-519-T, Rev 0: NUREG 1430 and 1431

NRC Approval Date:

TSTF-418-A, Rev 2: 02-Apr-03 TSTF-519-T, Rev 0: 16-Oct-09 (TSTF Review)

TSTF Classification:

TSTF-418-A, Rev 2: Technical Change TSTF-519-T, Rev 0: NUREG Only Change

Date report generated:

Friday, May 01, 2015 Page 1 GTST AP1000- O59-3.3.6, Rev. 1

II. Reference Combined License (RCOL) Standard Departures (Std. Dep.), RCOL COL Items, and RCOL Plant -Specific Technical Specifications (PTS) Changes Used to Develop this GTST

RCOL Std. Dep. Number and

Title:

There are no Vogtle Electric Generating Plant Units 3 and 4 (Vogtle or VEGP) departures applicable to GTS 3.3.1.

RCOL COL Item Number and

Title:

There are no Vogtle COL items applicable to GTS 3.3.1.

RCOL PTS Change Number and

Title:

The VEGP License Amendment Request (LAR) proposed the following changes to the initial version of the PTS (referred to as the current TS by the VEGP LAR). These changes include Administrative Changes (A), Detail Removed Changes (D), Less Restrictive Changes (L), and More Restrictive Changes (M). These changes are discussed in Sections VI and VII of this GTST.

VEGP LAR DOC A024: Ref ormat of GTS 3.3.1 into Seven Parts; 3.3.1 through 3.3.7; note that this maps GTS 3.3.1 requirements into interim A024-modified TS (MTS) Subsection 3.3.6, to which the other changes are applied.

VEGP LAR DOC M01: Deletion of Reactor Trip Channel Operational Test (RTCOT) Definition VEGP LAR DOC M02: Provision for Two or More Inoperable Divisions or Channels VEGP LAR DOC L07: Certain TS Required Actions Requiring the Reactor Trip Breakers (RTBs) to be Opened Are Revised into Two Required Actions

Date report generated:

Friday, May 01, 2015 Page 2 GTST AP1000- O59-3.3.6, Rev. 1

III. Comments on Relations Among TSTFs, RCOL Std. Dep., RCOL COL Items, and RCOL PTS Changes

This section discusses the considered changes that are: (1) applicable to operating reactor designs, but not to the AP1000 design; (2) already incorporated in the GTS; or (3) superseded by another change.

TSTF-418-A adjusts the WOG STS (NUREG-1431) required action completion times for the conventional W estinghouse Plant Protection System instrumentation design for which the WOG STS instrumentation requirements are applicable. The changes in TSTF-418 are based on the analysis in W CAP-14333-P, which did not consider the AP1000 protection and safety monitoring system (PMS) instrumentation design. The AP1000 GTS required action completion times (and surveillance frequencies) for the PMS were justified by APP-GW-GSC-020 (W CAP-16787),

which is listed as Reference 6 in the GTS Subsection 3.3.2 Bases. APP-GW-GSC-020 does not reference W CAP-14333-P, but notes, the AP1000 protection and safety monitoring system (PMS) redundancy is as good as or better than that of the conventional Westinghouse Plant Protection System. Although the PMS equipment reliability is considered to be equivalent to or better than that of the conventional W estinghouse Plant Protection System, a common basis for comparison to the digital portion of the PMS is not readily available.

TSTF-519-T has already been incorporated into the AP1000 GTS regarding the Writer's Guide for Improved Standard Technical Specifications (Reference 4) placement of Notes in TS Actions tables.

Date report generated:

Friday, May 01, 2015 Page 3 GTST AP1000- O59-3.3.6, Rev. 1

IV. Additional Changes Proposed as Part of this GTST (modifications proposed by NRC staff and/or clear editorial changes or deviations identified by preparer of GTST)

APOG Recommended Changes to Improve the Bases

For added clarity, revise the opening sentence of the ASA, LCO, and Applicability section of the Bases for STS Subsections 3.3.1 through 3.3.7 to state:

The RTS functions to maintain compliance with the SLs during all AOOs and mitigates the consequences of DBAs in all MODES in which the RTBs are closed.

In the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.5, the fourth paragraph uses the term ESF. ESF - Engineered Saf ety Features - has not been previously def ined. Change ESF to Engineered Safety Features (ESF).

Date report generated:

Friday, May 01, 2015 Page 4 GTST AP1000- O59-3.3.6, Rev. 1

V. Applicability

Affected Generic Technical Specifications and Bases:

Section 3.3.6, Reactor Trip System (RTS) Automatic Trip Logic

Changes to the Generic Technical Specifications and Bases:

GTS 3.3.1, Reactor Trip System (RTS) Instrumentation, is reformatted by VEGP DOC LAR A024 into multiple Specifications including interim A024-modified TS (MTS) 3.3.6, Reactor Trip System (RTS) Automatic Trip Logic. The reformatting relocates GTS 3.3.1 Function 19, Automatic Trip Logic, into MTS 3.3.6 as part of the LCO statement. The MTS format is depicted in Section XI of this GTST as the reference case in the markup of the GTS instrumentation requirements for the automatic trip logic.

MTS 3.3.6 LCO Title GTS 3.3.1 Function

Reactor Trip System (RTS) 19. Automatic Trip Logic Automatic Trip Logic

References 2, 3, and 6 provide details showing the correspondence of GTS 3.3.1 Functions and STS 3.3.1 through 3.3.7 Functions.

GTS 3.3.1 Conditions L and P are reordered and relabeled as AP1000 MTS 3.3.6 Conditions A, B, C, and D. No Function Table is required. (DOC A024)

GTS Table 3.3.1-1 footnote (a), W ith Reactor Trip Breakers (RTBs) closed and Plant Control System capable of rod withdrawal, applies to operation in MODEs 3, 4, and 5 for RTS Automatic Trip Logic. GTS Table 3.3.1-1 footnote (a) is incorporated into the MTS 3.3.6 LCO Applicability statement for MODEs 3, 4, and 5. (DOC A024)

In addition, the Applicability Statement for MODES 3, 4, and 5 (derived from GTS Table 3.3.1-1 footnote (a)) is revised to Plant Control System capable of rod withdrawal or one or more rods not fully inserted. This avoids undesirable plant secondary effects due to interlock actuation.

(DOC L07)

MTS 3.3.6 Conditions B and D are revised by adding a second condition statement for the condition three or more divisions inoperable. Otherwise, LCO 3.0.3 would apply when the LCO is not met and the associated Actions are not met or an associated Action is not provided.

(DOC M02)

The requirement to open RTBs associated with MTS 3.3.6 Condition D is replaced by two Actions to initiate action to fully insert all rods and place the Plant Control System in a condition incapable of rod withdrawal. This provides flexibility to avoid potentially undesirable effects of opening RTBs and initiating certain interlocks. (DOC L07)

GTS SR 3.3.1.7 is retained and renumbered as MTS SR 3.3.6.1. (DOC A024)

MTS SR 3.3.6.1 is revised from Perf orm RTCOT to Perform ACTUATION LOGIC TEST. The definition of RTCOT does not explicitly require adjustments of required alarm, interlock, and trip setpoints required for channel OPERABILITY such that the setpoints are within the necessary

Date report generated:

Friday, May 01, 2015 Page 5 GTST AP1000- O59-3.3.6, Rev. 1

range and accuracy. NUREG-1431 specifies the Actuation Logic Test for similar Functions.

(DOC M01)

The Bases are revised to reflect these changes.

The following tables are provided as an aid to tracking the various changes to GTS 3.3.1 Conditions, Required Actions, Functions, Applicability Footnotes, and Surveillance Requirements that result in interim A024-modified TS (MTS) 3.3.6 and as further changed, STS 3.3.6.

Changes to Conditions

GTS 3.3.1 MTS 3.3.6 STS 3.3.6 Other STS Subsections Additional Condition Condition Condition Addressing the Listed Condition DOC Changes A 3.3.1 ---

B 3.3.5 ---

C 3.3.5 ---

D 3.3.1 ---

E 3.3.1 ---

F 3.3.3 ---

G 3.3.3 ---

H 3.3.3 ---

I 3.3.2 ---

J 3.3.2 ---

K 3.3.1 ---

L A A GTS Condition L split into 2 Conditions ---

L B B 3.3.4 M02 M 3.3.1 ---

N 3.3.7 ---

O 3.3.7 ---

P C C GTS Condition P split into 2 Conditions ---

P D D 3.3.4 M02 L07 Q 3.3.2 ---

R 3.3.2 ---

Changes to Functions


Function [Modes(footnote)] ----------- STS 3.3.6 Other STS Subsections Additional GTS 3.3.1 MTS 3.3.6 STS 3.3.6 Conditions and Additional Changes DOC Changes 19 [1,2] LCO 3.3.6 LCO 3.3.6 A, B --- ---

19 [3(a),4(a),5(a)] LCO 3.3.6 LCO 3.3.6 C, D --- ---

Changes to Applicability Footnotes

GTS 3.3.1 MTS 3.3.6 STS 3.3.6 STS 3.3.6 STS Subsections Also Additional Changes Footnote Footnote Footnote Function Addressing Listed footnote DOC Number a -----LCO Applicability ----- --- 3.3.2, 3.3.4, 3.3.5, 3.3.7 L07

Changes to Surveillance Requirements

GTS 3.3.1 MTS 3.3.6 STS 3.3.6 STS Subsections Also Example Surveillance No.

SR SR SR Addressing the Listed SR Surveillance Description

3.3.1.1 3.3.1, 3.3.2, 3.3.3 3.3.1.1 CHANNEL CHECK

3.3.1.2 3.3.1 3.3.1.2 Compare calorimetric heat balance to NI channel output

3.3.1.3 3.3.1 3.3.1.3 Compare calorimetric heat balance to delta-T power calculation

3.3.1.4 3.3.1 3.3.1.4 Compare incore detector measurement to NI AXIAL FLUX DIFFERENCE

3.3.1.5 3.3.1 3.3.1.5 Calibrate excore channels

Date report generated:

Friday, May 01, 2015 Page 6 GTST AP1000- O59-3.3.6, Rev. 1

GTS 3.3.1 MTS 3.3.6 STS 3.3.6 STS Subsections Also Example Surveillance No.

SR SR SR Addressing the Listed SR Surveillance Description

3.3.1.6 3.3.7 3.3.7.1 Perform TADOT

3.3.1.7 3.3.6.1 3.3.6.1 3.3.4 3.3.4.1 ACTUATION LOGIC TEST

3.3.1.8 3.3.1, 3.3.2 3.3.1.6 Perform COT

3.3.1.9 3.3.1, 3.3.2, 3.3.3 3.3.1.7 Perform COT

3.3.1.10 3.3.1 3.3.1.8 CHANNEL CALIBRATION

3.3.1.11 3.3.1, 3.3.2, 3.3.3 3.3.1.9 CHANNEL CALIBRATION

3.3.1.12 3.3.1, 3.3.5 3.3.1.10 Perform TADOT

3.3.1.13 3.3.1, 3.3.2, 3.3.3 3.3.1.11 Verify RTS RESPONSE TIME within limits

The opening sentence of the ASA, LCO, and Applicability section of the Bases for STS Subsections 3.3.1 through 3.3.7 is revised to provide additional clarity. (APOG Comment)

ESF is defined in the ASA, LCO, and Applicability section of the Bases for clarity. (APOG Comment)

Date report generated:

Friday, May 01, 2015 Page 7 GTST AP1000- O59-3.3.6, Rev. 1

VI. Traveler Information

Description of TSTF changes:

Not Applicable

Rationale for TSTF changes:

Not Applicable

Description of changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes:

The Vogtle Electric Generating Plant Units 3 and 4 (VEGP) technical specifications upgrade (TSU) License Amendment Request (VEGP TSU LAR) (Reference 2) proposed changes to the initial version of the VEGP PTS (referred to as the current TS by the VEGP TSU LAR). As detailed in VEGP TSU LAR Enclosure 1, administrative change number 24 (DOC A024) reformats PTS 3.3.1 into multiple Specifications as follows:

Since PTS 3.3.1, Reactor Trip System (RTS) Instrumentation, is identical to GTS 3.3.1, it is appropriate for this GTST to consider the proposed changes to PTS 3.3.1 as changes to GTS 3.3.1 for incorporation in AP1000 STS 3.3.6. VEGP LAR DOC A024 is extensive, but retains the intention of PTS 3.3.1 while improving operational use of the TS. The numerous Functions, Conditions and extensive bases discussion associated with PTS 3.3.1 are repackaged into seven smaller parts. Therefore, the changes implemented by DOC A024 are presented in the attached Subsection 3.3.6 markup, in Section XI of this GTST, as the clean starting point for this GTST and are identified as interim A024-modified TS (MTS) 3.3.6. The specific details of the reformatting for MTS 3.3.6 can be found in VEGP TSU LAR (Reference 2), in Enclosure 2 (markup) and Enclosure 4 (clean). The NRC staff safety evaluation regarding DOC A024 can be found in Reference 3, VEGP LAR SER. The VEGP TSU LAR was modified in response to NRC staff RAIs in Reference 5 and the Southern Nuclear Operating Company RAI Response in Reference 6.

VEGP LAR DOC M02 addresses the fact that MTS 3.3.6, Reactor Trip System (RTS)

Automatic Trip Logic, does not specify Actions for inoperability of more than two channels. This results in entry into LCO 3.0.3 when three or more channels are inoperable.

VEGP LAR DOC L07 revises the Action to open the RTBs into a two-step process to initiate action to fully insert all rods, and place the Plant Control System in a condition incapable of rod withdrawal.

Date report generated:

Friday, May 01, 2015 Page 8 GTST AP1000- O59-3.3.6, Rev. 1

VEGP LAR DOC M01 revises MTS SR 3.3.6.1 to Perform ACTUATION LOGIC TEST in place of Perform RTCOT.

A more detailed description of the changes by each of the above DOCs can be found in Reference 2, VEGP TSU LAR in Enclosure 1; the NRC staff safety evaluation can be found in Reference 3, VEGP LAR SER. The VEGP TSU LAR was modified in response to NRC staff RAIs (Reference 5) by Southern Nuclear Operating Companys RAI Response in Reference 6.

Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes:

The reformatting per VEGP LAR DOC A024, except where addressed in other DOCs, addresses inconsistencies in formatting and approach between PTS 3.3.1 and PTS 3.3.2, respectively. Simplification and clarification are proposed for each Specification. In breaking down each PTS Specification into specific subsets of the Protection and Safety Monitoring System (PMS) function, improved human factored operator usability results.

These improvements also reflect the general approach currently in use in the Improved Standard Technical Specifications (STS) for Babcock and W ilcox Plants, NUREG-1430, Rev. 4.

That is to separate the functions for [sensor] instrumentation, Manual Actuation, Trip/Actuation Logic, and Trip Actuation Devices (e.g., Reactor Trip Breakers (RTBs)) into separate Specification subsections. Furthermore, the Actions for some ESFAS Functions generally involve a more complex presentation than needed for other Functions, such that simple common Actions are not reasonable. Such Functions are also provided with separate Specification subsections.

When TS instrument function tables are utilized to reference Actions, the generally preferred format of the Actions for an instrumentation Specification in NUREG-1430 is to provide the initial Actions that would be common to all of the specified functions (typically for bypassing and/or tripping one or two inoperable channels), then the default Action would direct consulting the function table for follow-on Actions applicable to the specific affected function. These follow-up Actions generally reflect the actions to exit the Applicability for that function.

This format also allows splitting the default Actions from the initial preferred actions. This general approach is the standard format for other Specifications and for Instrumentation Specifications for other vendors Improved STS.

VEGP LAR DOC M02 directly provides for the default Actions of LCO 3.0.3 without allowing for the additional hour that LCO 3.0.3 permits prior to initiating shutdown. This provides clarity for the operator and is more restrictive than LCO 3.0.3.

When the RTBs are opened, certain other interlocks can be initiated. The initiation of the associated interlocks may have an undesirable secondary effect on the ease of operation of the plant such as the initiation of the P-4 interlock, which, in the event of low Reactor Coolant System (RCS) temperature, can result in isolation of main feedwater to the steam generators.

VEGP LAR DOC L07 provides additional operator flexibility to achieve the same intent as opening the RTBs.

The definition of RTCOT does not explicitly require that the test provide overlap with the actuated device, as does the definition of Actuation Logic Test. Therefore, VEGP LAR DOC M01 replaces the performance of a RTCOT with an ACTUATION LOGIC TEST. This is consistent with similar testing specified in NUREG-1431.

Date report generated:

Friday, May 01, 2015 Page 9 GTST AP1000- O59-3.3.6, Rev. 1

Description of additional changes proposed by NRC staff/preparer of GTST:

The opening sentence of the ASA, LCO, and Applicability section of the Bases for STS Subsections 3.3.1 through 3.3.7 is revised to state:

The RTS functions to maintain compliance with the SLs during all AOOs and mitigates the consequences of DBAs in all MODES in which the RTBs are closed. (APOG Comment)

The fourth paragraph of the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.6 is revised from ESF to Engineered Safety Features (ESF). (APOG Comment)

Rationale for additional changes proposed by NRC staff/preparer of GTST:

The opening sentence of the ASA, LCO, and Applicability section of the Bases for STS Subsections 3.3.1 through 3.3.7 is revised for additional clarity.

The acronym ESF is spelled out for clarity.

Date report generated:

Friday, May 01, 2015 Page 10 GTST AP1000- O59-3.3.6, Rev. 1

VII. GTST Safety Evaluation

Technical Analysis:

AP1000 GTS LCO 3.0.3 is only applicable in MODES 1, 2, 3, and 4, and states:

When an LCO is not met and the associated ACTIONS are not met, an associated ACTION is not provided, or if directed by the associated ACTIONS, the unit shall be placed in a MODE or other specified condition in which the LCO is not applicable. Action shall be initiated within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> to place the unit, as applicable,

a. MODE 3 within 7 hours8.101852e-5 days <br />0.00194 hours <br />1.157407e-5 weeks <br />2.6635e-6 months <br />; and
b. MODE 4 within 13 hours1.50463e-4 days <br />0.00361 hours <br />2.149471e-5 weeks <br />4.9465e-6 months <br />; and
c. MODE 5 within 37 hours4.282407e-4 days <br />0.0103 hours <br />6.117725e-5 weeks <br />1.40785e-5 months <br />.

GTS 3.3.1 and 3.3.2 Functions with applicability statements that include MODE 1, 2, 3, or 4, generally have no Actions specified for addressing a loss of function condition, such as when all required channels are inoperable. Upon discovery of such a condition, LCO 3.0.3 would apply.

The intent of LCO 3.0.3 (as stated in the TS Bases) is to impose time limits for placing the unit in a safe MODE or other specified condition when operation cannot be maintained within the limits for safe operation as defined by the LCO and its ACTIONS.

The Actions for inoperable RTS and ESFAS instrumentation provide restoration time and/or compensatory action allowances (e.g., place the inoperable channel in trip); but only for inoperability of some of the channels (e.g., 1 or 2 out of 4 required channels, typically). If these restoration and/or compensatory actions cannot be met in the required time, default actions are provided, which are designed to place the unit in a safe MODE or other specified condition -

typically, actions that result in exiting the Applicability for that Function.

The shutdown actions of LCO 3.0.3 are typical of default actions throughout the TS that direct plant shutdown to exit the Applicability, with the exception that LCO 3.0.3 includes an additional 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> before the shutdown is required to be initiated.

The revisions described in VEGP LAR DOC M02 address multiple-channel inoperability. The revisions will immediately impose the default Actions for that Function - without allowance for the 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> delay that is provided in LCO 3.0.3. Furthermore, the Function-specific default actions (currently, or proposed to be, specified for some Functions) impose requirements intended to establish safe operation that are not necessarily required by LCO 3.0.3. Since each Function-specific default action is specifically considering that Functions safety-basis, such default actions necessarily result in more appropriate actions than the general default actions of LCO 3.0.3. Specifically, the Actions for each new Condition associated with VEGP LAR DOC M02 for RTS and ESFAS Functions applicable in MODES1, 2, 3, or 4, are compared to LCO 3.0.3, and in each case, the new Actions are equivalent to or more restrictive than the actions of LCO 3.0.3.

STS 3.3.6, Condition B leads to a new default action to be in Mode 3 in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> (from Mode 1 or 2), which is more restrictive than the time allowed by LCO 3.0.3. Further default actions of Condition D require initiating action to fully insert all rods within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> and placing the Plant Control System in a condition incapable of rod withdrawal within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (from MODE 3, 4, or 5),

which are actions not required by LCO 3.0.3.

Date report generated:

Friday, May 01, 2015 Page 11 GTST AP1000- O59-3.3.6, Rev. 1

GTS 3.3.1 and 3.3.2 actions do not specify conditions that explicitly address multiple inoperable channels (that is, more than two inoperable channels or divisions, in most cases), and therefore default to LCO 3.0.3. In each instance, the proposed actions to address these conditions are more restrictive than the LCO 3.0.3 actions because completion times for reaching lower operational modes are shorter by 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. In addition, Function-specific actions, where specified, are more appropriate for the affected Function than the unit -shutdown actions of LCO 3.0.3 alone. Therefore, the changes specified by VEGP LAR DOC M02 do not introduce any adverse impact on public health and safety.

VEGP LAR DOC L07 revises the Action to open the RTBs into a two-step process to initiate action to fully insert all rods, and place the Plant Control System in a condition incapable of rod withdrawal. Each of the PTS 3.3.1 required actions to open the reactor trip breakers (RTBs) is intended to ensure that control rods cannot be withdrawn thereby eliminating the possibility for control rod related positive reactivity additions and associated heat input into the reactor coolant. Additionally, all control rods are inserted by opening the RTBs. Therefore, replacing each required action to open RTBs with the two actions, which require initiating action to fully insert all rods and placing the Plant Control System in a condition incapable of rod withdrawal, maintains the intent of the existing PTS action requirements. VEGP LAR DOC L07 replaces the specific method of precluding rod withdrawal and ensuring all rods are inserted while maintaining the requirement for establishing the plant conditions equivalent to opening the RTBs. The revised actions still ensure rod withdrawal is precluded and all rods are inserted; therefore, the detail to open the RTBs is not required to be in the TS to provide adequate protection of the public health and safety.

To ensure that when the revised required actions are taken the unit is removed from the operational modes or other specified conditions in the Specifications Applicability, conforming revisions to the Applicability statements are made. The equivalent condition to the PTS Applicability statements that include RTBs closed is the condition of Plant Control System capable of rod withdrawal. However, since rods could have been withdrawn prior to making the Plant Control System incapable of rod withdrawal, the revised Specifications include the additional condition of or one or more rods not fully inserted. This change also aligns with the required actions to both fully insert all rods and place the Plant Control System in a condition incapable of rod withdrawal. The equivalent condition to the PTS Applicability statements that include RTBs open is the condition of Plant Control System capable of rod withdrawal and all rods fully inserted.

Removing the specific method of precluding rod withdrawal and establishing all rods inserted, and defining this condition solely in terms of the RTB status, from the TS is acceptable because this type of information is not necessary to be included to provide adequate protection of public health and safety. STS 3.3.5 retains requirements to ensure that control rod withdrawal is prohibited and all rods are inserted, when required.

VEGP LAR DOC M01 revises MTS SR 3.3.6.1 to state Perform ACTUATION LOGIC TEST in place of Perform RTCOT. GTS Section 1.1 defines an RTCOT as A RTCOT shall be the injection of a simulated or actual signal into the reactor trip channel as close to the sensor as practicable to verify OPERABILITY of the required interlock and/or trip functions. The RTCOT may be performed by means of a series of sequential, overlapping, or total channel steps so that the entire channel is tested from the signal conditioner through the trip logic.

The STS Section 1.1 definition for Actuation Logic Test per Reference 2 VEGP LAR DOC A001 and DOC L01, states An ACTUATION LOGIC TEST shall be the application of various simulated or actual input combinations in conjunction with each possible interlock logic state required for OPERABILITY of a logic circuit and the verification of the required logic output. The

Date report generated:

Friday, May 01, 2015 Page 12 GTST AP1000- O59-3.3.6, Rev. 1

ACTUATION LOGIC TEST shall be conducted such that it provides component overlap with the actuated device.

MTS SR 3.3.6.1 requires an RTCOT to be performed on RTS Automatic Trip Logic and on actuation inputs from the Engineered Safety Feature Actuation System. These Functions are logic functions, as described in the associated Bases. However, NUREG-1431 specifies the Actuation Logic Test for similar Functions. In addition, use of Actuation Logic Test is consistent with testing performed on other trip logic in the PTS, such as the ESFAS Actuation Logic (MTS SR 3.3.15.1 and MTS 3.3.16.1). The definition of RTCOT requires testing the channel through the trip logic; however, it does not explicitly require that the test provide overlap with the actuated device, as does the definition of Actuation Logic Test. Therefore, per VEGP LAR DOC M01, reference to RTCOT is replaced with Actuation Logic Test in STS SR 3.3.6.1. This change is more restrictive than the GTS because an Actuation Logic Test explicitly requires overlap with the actuated device.

The remaining changes, including VEGP LAR DOC A024, are editorial, clarifying, grammatical, or otherwise considered administrative. These changes do not affect the technical content, but improve the readability, implementation, and understanding of the requirements, and are therefore acceptable.

Having found that this GTSTs proposed changes to the GTS and Bases are acceptable, the NRC staff concludes that AP1000 STS Subsection 3.3.6 is an acceptable model Specification for the AP1000 standard reactor design.

References to Previous NRC Safety Evaluation Reports (SERs):

None

Date report generated:

Friday, May 01, 2015 Page 13 GTST AP1000- O59-3.3.6, Rev. 1

VIII. Review Information

Evaluator Comments:

None

Randy Belles Oak Ridge National Laboratory 865-574- 0388 bellesrj@ornl.gov

Review Information:

Availability for public review and comment on Revision 0 of this traveler approved by NRC staff on 5/29/2014.

APOG Comments (Ref. 7) and Resolutions:

1. (Internal # 6) The GTST sections often repeat VEGP LAR DOCs, which reference existing and current requirements. The inclusion in the GTST of references to existing and current, are not always valid in the context of the GTS. Each occurrence of existing and current should be revised to be clear and specific to GTS, MTS, or VEGP COL TS (or other), as appropriate. Noted ambiguities are corrected in the GTST body.
2. (Internal # 7)Section VII, GTST Safety Evaluation, inconsistently completes the subsection References to Previous NRC Safety Evaluation Reports (SERs) by citing the associated SE for VEGP 3&4 COL Amendment 13. It is not clear whether there is a substantive intended difference when omitting the SE citation. This is resolved by removing the SE citation in Section VII of the GTST and ensuring that appropriate references to the consistent citation of this reference in Section X of the GTST are made.
3. (Internal # 116) In GTST for Subsection 3.3.6,Section VI, under the heading Rationale for changes in RCOL Std. Dep., RCOL COL Item(s), and RCOL PTS Changes, the f irst paragraph mentions DOC A028. This DOC is for changes to ESFAS TS and does not affect Subsection 3.3.6. Note that it is not mentioned anywhere else in this Subsection. This is also stated in Subsections 3.3.1 through 3.3.5 and Subsection 3.3.7. Change DOCs A024 and A028 to DOC A024 in GTST 3.3.1 through GTST 3.3.7. This is resolved by making the recommended change.
4. (Internal # 126) In the ASA, LCO, and Applicability section of the Bases for STS Subsections 3.3.1 through 3.3.7, revise the opening sentence to state:

The RTS functions to maintain compliance with the SLs during all AOOs and mitigates the consequences of DBAs in all MODES in which the RTBs are closed

This provides additional clarity. This is resolved by making the recommended change.

5. (Internal # 160) In GTST Section VII under the heading GTST Safety Evaluation the sixth paragraph, first se ntence incorrectly cites both Conditio ns B and C. T he correct citation is to only Condition B. The second sentence appropriately deals with Condition D. Also, the second sentence states that the default actions require fully inserting all rods and placing

Date report generated:

Friday, May 01, 2015 Page 14 GTST AP1000- O59-3.3.6, Rev. 1

the Plant Control System in a condition incapable of rod withdrawal must be done in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. The time for these Actions is actually 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. In addition, the first action is not to require fully inserting all rods, but to initiating action to fully insert all rods. Replace the sixth paragraph with the following:

STS 3.3.6, Condition B leads to a new default action to be in Mode 3 in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> (from Mode 1 or 2), which is more restrictive than the time allowed by LCO 3.0.3. Further default actions of Condition D require initiating action to fully insert all rods within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> and placing the Plant Control System in a condition incapable of rod withdrawal within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (from MODE 3, 4, or 5),

which are actions not required by LCO 3.0.3.

This is resolved by making the recommended change.

6. (Internal # 161) In the ASA, LCO, and Applicability section of the Bases for STS Subsection 3.3.6, the fourth paragraph uses the term ESF. ESF - Engineered Saf ety Features - has not been previously def ined. Change ESF to Engineered Safety Features (ESF). This is resolved by making the recommended change.

NRC Final Approval Date: May 1, 2015

NRC

Contact:

C. Craig Harbuck United States Nuclear Regulatory Commission 301-415-3140 Craig.Harbuck@nrc.gov

Date report generated:

Friday, May 01, 2015 Page 15 GTST AP1000- O59-3.3.6, Rev. 1

IX. Evaluator Comments for Consideration in Finalizing Technical Specifications and Bases

None

Date report generated:

Friday, May 01, 2015 Page 16 GTST AP1000- O59-3.3.6, Rev. 1

X. References Used in GTST

1. AP1000 DCD, Revision 19, Section 16, Technical Specifications, June 2011 (ML11171A500).
2. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Technical Specifications Upgrade License Amendment Request, February 24, 2011 (ML12065A057).
3. NRC Safety Evaluation (SE) for Amendment No. 13 to Combined License (COL) No.

NPF-91 for Vogtle Electric Generating Plant (VEGP) Unit 3, and Amendment No. 13 to COL No. NPF-92 for VEGP Unit 4, September 9, 2013, ADAMS Package Accession No.

ML13238A337, which contains:

ML13238A355 Cover Letter - Issuance of License Amendment No. 13 for Vogtle Units 3 and 4 (LAR 12- 002).

ML13238A359 Enclosure 1 - Amendment No. 13 to COL No. NPF-91 ML13239A256 Enclosure 2 - Amendment No. 13 to COL No. NPF-92 ML13239A284 Enclosure 3 - Revised plant-specific TS pages (Attachment to Amendment No. 13)

ML13239A287 Enclosure 4 - Safety Evaluation (SE), and Attachment 1 - Acronyms ML13239A288 SE Attachment 2 - Table A - Administrative Changes ML13239A319 SE Attachment 3 - Table M - More Restrictive Changes ML13239A333 SE Attachment 4 - Table R - Relocated Specifications ML13239A331 SE Attachment 5 - Table D - Detail Removed Changes ML13239A316 SE Attachment 6 - Table L - Less Restrictive Changes

The following documents were subsequently issued to correct an administrative error in Enclosure 3:

ML13277A616 Letter - Correction To The Attachment (Replacement Pages) - Vogtle Electric Generating Plant Units 3 and 4-Issuance of Amendment Re:

Technical Specifications Upgrade (LAR 12- 002) (TAC No. RP9402)

ML13277A637 Enclosure 3 - Revised plant-specific TS pages (Attachment to Amendment No. 13) (corrected)

4. TSTF-GG-05-01, W riter's Guide for Plant-Specific Improved Technical Specifications, June 2005.
5. RAI Letter No. 01 Related to License Amendment Request (LAR) 12- 002 for the Vogtle Electric Generating Plant Units 3 and 4 Combined Licenses, September 7, 2012 (ML12251A355).
6. Southern Nuclear Operating Company, Vogtle Electric Generating Plant, Units 3 and 4, Response to Request for Additional Information Letter No. 01 Related to License Amendment Request LAR 002, ND 2015, October 04, 2012 (ML12286A363 and ML12286A360)

Date report generated:

Friday, May 01, 2015 Page 17 GTST AP1000- O59-3.3.6, Rev. 1

7. APOG-2014- 008, APOG (AP1000 Utilities) Comments on AP1000 Standardized Technical Specifications (STS) Generic Technical Specification Travelers (GTSTs), Docket ID NRC-2014- 0147, September 22, 2014 (ML14265A493).

Date report generated:

Friday, May 01, 2015 Page 18 GTST AP1000- O59-3.3.6, Rev. 1

XI. MARKUP of the Applicable GTS Subsection for Preparation of the STS NUREG

The entire section of the Specifications and the Bases associated with this GTST is presented next.

Changes to the Specifications and Bases are denoted as follows: Deleted portions are marked in strikethrough red font, and inserted portions in bold blue f ont.

Date report generated:

Friday, May 01, 2015 Page 19 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic 3.3.6

3.3 INSTRUMENTATION

3.3.6 Reactor Trip System (RTS) Automatic Trip Logic

LCO 3.3.6 Four divisions of RTS Automatic Trip Logic shall be OPERABLE.

APPLICABILITY: MODES 1 and 2, MODES 3, 4, and 5 with Reactor Trip Breakers (RTBs) closed and Plant Control System capable of rod withdrawal or one or more rods not fully inserted.

ACTIONS

CONDITION REQUIRED ACTION COMPLETION TIME

A. One or two divisions A.1 Restore three of four 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> inoperable in MODE 1 divisions to OPERABLE or 2. status.

B. Required Action and B.1 Be in MODE 3. 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> associated Completion Time of Condition A not met.

OR

Three or more divisions inoperable in MODE 1 or 2.

C. One or two divisions C.1 Restore three of four 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> inoperable in MODE 3, divisions to OPERABLE 4, or 5. status.

OR

C.2 Open RTBs. 49 hours5.671296e-4 days <br />0.0136 hours <br />8.101852e-5 weeks <br />1.86445e-5 months <br />

AP1000 STS 3.3.6-1 Amendment 0Rev. 0 Revision 19 Date report generated:

Friday, May 01, 2015 Page 20 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic 3.3.6

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME

D. Required Action and D.1 Initiate action to fully 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> associated Completion insert all rods.

Time of Condition C not met. AN D

OR D.2 Place the Plant Control 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> System in a condition Three or more incapable of rod divisions inoperable in withdrawal.

MODE 3, 4, or 5.

SURVEILLANCE REQUIREMENTS

SURVEILLANCE FREQUENCY

SR 3.3.6.1 Perform ACTUATION LOGIC TEST RTCOT. 92 days

AP1000 STS 3.3.6-2 Amendment 0Rev. 0 Revision 19 Date report generated:

Friday, May 01, 2015 Page 21 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

B 3.3 INSTRUMENTATION

B 3.3.6 Reactor Trip System (RTS) Automatic Trip Logic

BASES

BACKGROUND A description of the RTS Instrumentation is provided in the Bases for LCO 3.3.1, Reactor Trip System (RTS) Instrumentation.

APPLICABLE The RTS functions to maintain compliance with the SLs during all SAFETY AOOs and mitigates the consequences of DBAs in all MODES in which ANALYSES, LCO, the RTBs are closed.

and APPLICABILITY The RTS Automatic Trip Logic is required to ensure RTS Automatic Functions can provide the necessary protection.

The Automatic Trip Logic ensures that means are provided to interrupt the power to the CRDMs and allow the rods to fall into the reactor core.

The automatic trip logic includes the Engineered Safety Features (ESF) coincidence logic and the voting logic.

The LCO requires four divisions of RTS Automatic Trip Logic to be OPERABLE. Four OPERABLE divisions are provided to ensure that a random failure of a single logic channel will not prevent reactor trip.

The trip Function must be OPERABLE in MODE 1 or 2 and in when the reactor is critical. In MODE 3, 4, or 5, the RTS trip Function must be OPERABLE when the RTBs are closed and the Plant Control System (PLS) is capable of rod withdrawal or one or more rods are not fully inserted.

The RTS Automatic Trip Logic satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

ACTIONS A.1

Condition A addresses the situation where one or two RTS Automatic Trip Logic divisions are inoperable in MODE 1 or 2. W ith one or two divisions inoperable, the Required Action is to restore three of the four divisions to OPERABLE status within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. Restoring all divisions but one to OPERABLE status ensures that a single failure will neither cause

AP1000 STS B 3.3.6-1 Amendment 0Rev. 0 Revision 19 Date report generated:

Friday, May 01, 2015 Page 22 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

BASES

ACTIONS (continued)

nor prevent the protective function. The 6 hour6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> Completion Time is considered reasonable since the protective function will still function.

B.1

Condition B addresses the situation where the Required Action and associated Completion Time of Condition A is not met, or there are three or more divisions inoperable in MODE 1 or 2. Required Action B.1 directs that the plant must be placed in MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />.

The allowed Completion Time is reasonable, based on operating experience, to reach the specified condition from full power conditions in an orderly manner and without challenging plant systems. If Required Actions of Condition A cannot be met within the specified Completion Times, the unit must be placed in a MODE where this Function is no longer required to be OPERABLE. A Completion Time of an additional 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> is allowed to place the unit in MODE 3. The Completion Time is a reasonable time, based on operating experience, to reach MODE 3 from full power in an orderly manner and without challenging plant systems. Allowance of this time interval takes into consideration the redundant capability provided by the remaining two redundant OPERABLE channels/divisions and the low probability of occurrence of an event during this period that may require the protection afforded by this Function.

C.1 and C.2

Condition C addresses the situation where one or two RTS Automatic Trip Logic divisions are inoperable in MODE 3, 4, or 5. W ith one or two divisions inoperable, the Required Action is to restore three of four divisions to OPERABLE status within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />. Restoring all channels but one to OPERABLE ensures that a single failure will neither cause nor prevent the protective function. The 48 hour5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> Completion Time is considered reasonable since the protective function will still function.

If Required Actions described above cannot be met within the specified Completion Times, the unit must be placed in a MODE where this Function is no longer required to be OPERABLE. A Completion Time of an additional 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> is allowed to open the RTBs. With RTBs open, these Functions are no longer required.

AP1000 STS B 3.3.6-2 Amendment 0Rev. 0 Revision 19 Date report generated:

Friday, May 01, 2015 Page 23 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

BASES

ACTIONS (continued)

D.1 and D.2

Condition D addresses the situation where the Required Action and associated Completion Time of Condition C is not met, or three or more RTS Automatic Trip Logic divisions are inoperable in MODE 3, 4, or 5. Required Action D.1 requires that action be initiated to fully insert all control rods within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />, and Required Action D.2 requires that the Plant Control System be placed in a condition incapable of rod withdrawal within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the specified condition in an orderly manner and without challenging plant systems.

SURVEILLANCE SR 3.3.6.1 REQUIREMENTS SR 3.3.1.7 is the performance of an ACTUATION LOGIC TEST REACTOR TRIP CHANNEL OPERATIONAL TEST (RTCOT) every 92 days.

An ACTUATION LOGIC TEST RTCOT is performed on each required channel to provide reasonable assurance that the entire channel will perform the intended Function.

A test subsystem is provided with the protection and safety monitoring system to aid the plant staff in performing the ACTUATION LOGIC TEST RTCOT. The test subsystem is designed to allow for complete functional testing by using a combination of system self checking features, functional testing features, and other testing features. Successful functional testing consists of verifying that the capability of the system to perform the safety function has not failed or degraded.

For hardware functions this would involve verifying that the hardware components and connections have not failed or degraded. Generally this verification includes a comparison of the outputs from two or more redundant subsystems or channels.

Since software does not degrade, software functional testing involves verifying that the software code has not changed and that the software code is executing.

AP1000 STS B 3.3.6-3 Amendment 0Rev. 0 Revision 19 Date report generated:

Friday, May 01, 2015 Page 24 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

BASES

SURVEILLANCE REQUIREMENTS (continued)

To the extent possible, protection and safety monitoring system functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. The ACTUATION LOGIC TEST RTCOT shall include a review of the operation of the test subsystem to verify the completeness and adequacy of the results.

If the ACTUATION LOGIC TEST RTCOT can not be completed using the built-in test subsystem, either because of failures in the test subsystem or failures in redundant channel hardware used for functional testing, the ACTUATION LOGIC TEST RTCOT can be performed using portable test equipment.

This test frequency of 92 days is justified based on Reference 71 (w hich refers to this test as RTCO T ) and the use of continuous diagnostic test features, such as deadman timers, cross-check of redundant channels, memory checks, numeric coprocessor checks, and tests of timers, counters and crystal time bases, which will report a failure within the protection and safety monitoring system cabinets to the operator within 10 minutes of a detectable failure.

During the ACTUATION LOGIC TEST RTCOT, the protection and safety monitoring system cabinets in the division under test may be placed in bypass.

REFERENCES 1. Chapter 15.0, Accident Analysis.

12. APP-GW -GSC-020, Technical Specification Completion Time and Surveillance Frequency Justification.

AP1000 STS B 3.3.6-4 Amendment 0Rev. 0 Revision 19 Date report generated:

Friday, May 01, 2015 Page 25 GTST AP1000- O59-3.3.6, Rev. 1

XII. Applicable STS Subsection After Incorporation of this GTSTs Modifications

The entire subsection of the Specifications and the Bases associated with this GTST, following incorporation of the modifications, is presented next.

Date report generated:

Friday, May 01, 2015 Page 26 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic 3.3.6

3.3 INSTRUMENTATION

3.3.6 Reactor Trip System (RTS) Automatic Trip Logic

LCO 3.3.6 Four divisions of RTS Automatic Trip Logic shall be OPERABLE.

APPLICABILITY: MODES 1 and 2, MODES 3, 4, and 5 with Plant Control System capable of rod withdrawal or one or more rods not fully inserted.

ACTIONS

CONDITION REQUIRED ACTION COMPLETION TIME

A. One or two divisions A.1 Restore three of four 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> inoperable in MODE 1 divisions to OPERABLE or 2. status.

B. Required Action and B.1 Be in MODE 3. 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> associated Completion Time of Condition A not met.

OR

Three or more divisions inoperable in MODE 1 or 2.

C. One or two divisions C.1 Restore three of four 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> inoperable in MODE 3, divisions to OPERABLE 4, or 5. status.

AP1000 STS 3.3.6-1 Rev. 0

Date report generated:

Friday, May 01, 2015 Page 27 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic 3.3.6

ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME

D. Required Action and D.1 Initiate action to fully insert 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> associated Completion all rods.

Time of Condition C not met. AND

OR D.2 Place the Plant Control 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> System in a condition Three or more divisions incapable of rod withdrawal.

inoperable in MODE 3, 4, or 5.

SURVEILLANCE REQUIREMENTS

SURVEILLANCE FREQUENCY

SR 3.3.6.1 Perform ACTUATION LOGIC TEST. 92 days

AP1000 STS 3.3.6-2 Rev. 0

Date report generated:

Friday, May 01, 2015 Page 28 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

B 3.3 INSTRUMENTATION

B 3.3.6 Reactor Trip System (RTS) Automatic Trip Logic

BASES

BACKGROUND A description of the RTS Instrumentation is provided in the Bases for LCO 3.3.1, Reactor Trip System (RTS) Instrumentation.

APPLICABLE The RTS functions to maintain compliance with the SLs during all AOOs SAFETY and mitigates the consequences of DBAs in all MODES in which the ANALYSES, LCO, RTBs are closed.

and APPLICABILITY The RTS Automatic Trip Logic is required to ensure RTS Automatic Functions can provide the necessary protection.

The Automatic Trip Logic ensures that means are provided to interrupt the power to the CRDMs and allow the rods to fall into the reactor core.

The automatic trip logic includes the Engineered Safety Features (ESF) coincidence logic and the voting logic.

The LCO requires four divisions of RTS Automatic Trip Logic to be OPERABLE. Four OPERABLE divisions are provided to ensure that a random failure of a single logic channel will not prevent reactor trip.

The trip Function must be OPERABLE in MODE 1 or 2 and in MODE 3, 4, or 5, when the Plant Control System (PLS) is capable of rod withdrawal or one or more rods are not fully inserted.

The RTS Automatic Trip Logic satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

ACTIONS A.1

Condition A addresses the situation where one or two RTS Automatic Trip Logic divisions are inoperable in MODE 1 or 2. W ith one or two divisions inoperable, the Required Action is to restore three of the four divisions to OPERABLE status within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. Restoring all divisions but one to OPERABLE status ensures that a single failure will neither cause nor prevent the protective function. The 6 hour6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> Completion Time is considered reasonable since the protective function will still function.

AP1000 STS B 3.3.6-1 Rev. 0

Date report generated:

Friday, May 01, 2015 Page 29 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

BASES

ACTIONS (continued)

B.1

Condition B addresses the situation where the Required Action and associated Completion Time of Condition A is not met, or there are three or more divisions inoperable in MODE 1 or 2. Required Action B.1 directs that the plant must be placed in MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />. The allowed Completion Time is reasonable, based on operating experience, to reach the specified condition from full power conditions in an orderly manner and without challenging plant systems.

C.1 Condition C addresses the situation where one or two RTS Automatic Trip Logic divisions are inoperable in MODE 3, 4, or 5. W ith one or two divisions inoperable, the Required Action is to restore three of four divisions to OPERABLE status within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />. Restoring all channels but one to OPERABLE ensures that a single failure will neither cause nor prevent the protective function. The 48 hour5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> Completion Time is considered reasonable since the protective function will still function.

D.1 and D.2

Condition D addresses the situation where the Required Action and associated Completion Time of Condition C is not met, or three or more RTS Automatic Trip Logic divisions are inoperable in MODE 3, 4, or 5.

Required Action D.1 requires that action be initiated to fully insert all control rods within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />, and Required Action D.2 requires that the Plant Control System be placed in a condition incapable of rod withdrawal within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the specified condition in an orderly manner and without challenging plant systems.

SURVEILLANCE SR 3.3.6.1 REQUIREMENTS SR 3.3.1.7 is the performance of an ACTUATION LOGIC TEST every 92 days.

An ACTUATION LOGIC TEST is performed on each required channel to provide reasonable assurance that the entire channel will perform the intended Function.

AP1000 STS B 3.3.6-2 Rev. 0

Date report generated:

Friday, May 01, 2015 Page 30 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

BASES

SURVEILLANCE REQUIREMENTS (continued)

A test subsystem is provided with the protection and safety monitoring system to aid the plant staff in performing the ACTUATION LOGIC TEST. The test subsystem is designed to allow for complete functional testing by using a combination of system self checking features, functional testing features, and other testing features. Successful functional testing consists of verifying that the capability of the system to perform the safety function has not failed or degraded.

For hardware functions this would involve verifying that the hardware components and connections have not failed or degraded. Generally this verification includes a comparison of the outputs from two or more redundant subsystems or channels.

Since software does not degrade, software functional testing involves verifying that the software code has not changed and that the software code is executing.

To the extent possible, protection and safety monitoring system functional testing is accomplished with continuous system self-checking features and the continuous functional testing features. The ACTUATION LOGIC TEST shall include a review of the operation of the test subsystem to verify the completeness and adequacy of the results.

If the ACTUATION LOGIC TEST can not be completed using the built-in test subsystem, either because of failures in the test subsystem or failures in redundant channel hardware used for functional testing, the ACTUATION LOGIC TEST can be performed using portable test equipment.

This test frequency of 92 days is justified based on Reference 1 (which refers to this test as RTCOT ) and the use of continuous diagnostic test features, such as deadman timers, cross-check of redundant channels, memory checks, numeric coprocessor checks, and tests of timers, counters and crystal time bases, which will report a failure within the protection and safety monitoring system cabinets to the operator within 10 minutes of a detectable failure.

During the ACTUATION LOGIC TEST, the protection and safety monitoring system cabinets in the division under test may be placed in bypass.

AP1000 STS B 3.3.6-3 Rev. 0

Date report generated:

Friday, May 01, 2015 Page 31 GTST AP1000- O59-3.3.6, Rev. 1

RTS Automatic Trip Logic B 3.3.6

BASES

REFERENCES 1. APP-GW-GSC-020, Technical Specification Completion Time and Surveillance Frequency Justification.

AP1000 STS B 3.3.6-4 Rev. 0

Date report generated:

Friday, May 01, 2015 Page 32