• Backup: Diverse high neutron flux trips (all ranges)

Diablo Canyon Power Plant Digital RPS Project 33

LOCA Events

• SBLOCA: 15.3.1

• LBLOCA: 15.4.1

- Primary mitigation: PZR Pressure-Low SI

- Backup: Containment Pressure-High SI

" Primary and backup Engineered Safety Features disabled by same DCCF Diablo Canyon Power Plant Digital RPS Project4 34

PZR Pressure-Low SI m RT is initiated at 1950 psig o Does not initiate SI

• SI is initiated at 1850 psig oi Also initiates RT through diverse SSPS

" Eagle 21 Diversity Study credited operator action to mitigate both LOCA events

• WCAP 7306:

ri SI should be initiated within 1.5 minutes of SBLOCA ni More time available on LBLOCA due to passive injection

" Substantially less than allowable time El AOO: 5 minutes ol DBA: 10 minutes

" Provide alternate, independent Sl function o Conservative measure to reduce licensing risk

[] Will improve real safety Diablo Canyon Power Plant Digital RPS Project 35

Steam Generator Water Level High-High P14 (TT, RT above P9, FWI)

• Backup FWM protection in ESFAS o Current Setpoint 75%

m: Prevents water carry-over to Main Steam System o Primary FWM mitigation provided by diverse NI Flux-High and NI Flux Rate-High

• Replacement Steam Generators E New Setpoint 90%

• Provide alternate, independent P14 function Ei Prudent measure to reduce equipment risk Diablo Canyon Power Plant Digital RPS Project 36

I¢ I

TRICON PPS Functional Requirements Alternate Protection Functions Typic~al Protetion, Protection System Analog Inputs Bistable Outputs to Existing SSPS Alternate Inlation RCS FIov S OTDT Turbine Impulse Pressure- ----------- RCS Flow-Low--------

---ressurlzer Pressure -- -_ PZR Pressur4a*ghig -

Pressurizer Level ------ PZR Pres*ure-Low (Note 1 -

Pressurizer Vapor Space Terr.p- I TS -- PZR Pressure Low (Notes 2, 4)---

Nt FlIux-

-RCS Narrow Range Temperatures- - Steam Generator Level Low-Low-------

- RCS Wide Range Temperatures- -Steam Generator Level High-High.14----Iý

- RCS Wide Range Pressure-- --

Cold Log Terr*Low(LTOPS)-- -

- N NR Steam Generator Level- Prceso .- Lop Pressure-High (LTOPS )-- 0. To RNASA

-Loop Pressure-Low (RHR Interlock)).-oJ

- PZR4 Pressure-Low (Note 2)--

--- PZR Pressure-Low P1I (Note 4) - .

- t sieamline Pressure-Steamlinr Pressure-Low---------'

--- Pressurlzer Pressure -

I elceei w-.--Steemli~ne Pressure Rate-High--------e

• - NR Steam Generator Level-

- Steam Generator Level Highi-High P 14----*.

-Containnent Pressure--

- Conitalnnornt Pressure HlglHIh----

Legend:

Altemate channel - -

Existing channel Diablo Canyon Power Plant Digital RPS Project 37

New Digita I TMR Design (Subdivided RTS and ESFAS)

Isnaled noni-1E outputs to Process Controls AMSAC Diablo Canyon Power Plant Digital RPS Project 38

Electrical & Data Independence

• DCCF in RTS or ESFAS cannot cause control system excursion that requires mitigation by the failed echelon o Exception: Loop Tavg (Reactor Control) ri Exception: Loop Hot Leg Temperatures propagate (RVLIS) backward through o Not practical to isolate and maintain Input Subsystem accuracy ol Potential transients are slow and mitigated by diverse NIS

• DCCF in control system cannot impair RTS or ESFAS protective function Isotated noo-1 E outputs t Process controls in DCCF in RTS or ESFAS cannot Am$cC propagate to the other protection echelon

• No equipment shared among echelons

• • No data communication within or among echelons

• No database shared among echelons Diablo Canyon Power Plant Digital RPS Project 39

New Architecture Advantages m Subdivides RPS into independent, redundant RTS and ESFAS processors m Sensors are still shared, BUT:

1:1 Control system signals are electrically isolated before they can be affected by another digital echelon z] RTS and ESFAS processors cannot affect each other's data n Inherent data isolation between RTS and ESFAS is provided by their input subsystems - data cannot propagate backward through the A/D converters n Digital subsystem faults cannot affect the analog signal n RTS and ESFAS do not communicate within or between echelons a No shared database or equipment Diablo Canyon Power Plant Digital RPS Project 40

.Advantages, continued

• DCCF in RTS or ESFAS cannot cause control system excursion that requires mitigation by the failed echelon

• DCCF in control system cannot impair RTS or ESFAS protective function

• DCCF in RTS or ESFAS cannot propagate to the other protection echelon Diablo Canyon Power Plant Digital RPS Project 41

Triconex (Digital TMR)

Process Protection System Process Protection System Rackls 1-16 Field Ingtrurvents i pdependentClass 11Outputs tos

• AMSAC

• Digiat Feadwater Control System Auxiliary Feedwater Pump Runout Protection

• Pressurizer Pressure Control

• Pressurizer Level Control S o.

• Reactor Control (Turbine Power)

. Steam Dump Control 11, *, Hotwelf Level Control

• RVLIS Racks 1-5 Racks 6-10 Racksll 1-3 Racks 14-16 Pro Set I Prot Set I1 Prot Set Ill Prot Set IV RTS ESFAS RTS EsFAS RTS ESFAS RTS ESFAS Hardwired Controls &

k Indications (Typ for all Prot Sets)

Isolated Data Links toPPC (Typ forall Prot Sets)

Isolated Analog Outputs to Non-Criical Controls & indications

• l " )Typ for all Prot Sets)

Reactor Control JTavq)

Diablo Canyon Power Plant Digital RPS Project 42

Critical Control Systems (Digital TMR)

TMR Control .Systems Fleldlnstrunels;

• trm . Part of Rack 18 (Control Set 1)

Rack 26 (ConIlol Set 3)

• l " - * *MDAFWP Inpu~ts fromn PPS En MTCS DFWCS MFPSCS Rurout Col TMR Control T (Tric)

Systems CC3 HMIm (Typical for TMR Systems)

FIV-11110111-11U]

Diablo Canyon Power Plant Digital RPS Project4 43

M Triconex (Digital TMR)

Process Control System New Process Control System Racks 17-32 (Similar for Process Instrument Panels PIAIPIBIPIC and Instrument Rack (RI)

FSAR Section 7,7 Process Controls.

" Pressurizer Pressure

" Pressurizer Level Inputs from PPS to

• Rod Control (Note 1)

NSSS Control

• Rod Speed & Direction Systems * (Reactor Control Note 2)

• Steam Dump Hardwired Controls & 1E Indications .11: MDAFWP Runout Control (Typ for Racks 17--32)

(Racks 18 & 26)

Notes:

1. Rod Control Systemis not part of Racks 17-32 but is assumed to be diverse,

2. Tave will be calculated in RTS and transmitted by hard wire to the control system=

Diablo Canyon Power Plant Digital RPS Project 44

m Process Control Rack Consolidation (Only control functions illustrated)

Control Set I 17 18 19 20 SaDullp (Stea line Ste.m S;,, Header Press, MDAFWP Runotit Protection S FW Header Pressure to OFWVCS (PT-50a) 7 PZR Level PZR Relief Tank Pressure ISteam Generator 1/4 Pressure

____VCT Level Control Set 2 2t 22 23 24 1lE P~(ZR Level adDrcin(e4 S: Tref to Rod Speed and Direction (Set4)

%..: : ,*,:!*: >,:: * .* ; :, ,!*  :  :*.=**;: Turbine Power to Rod Speed Stearn.GanefatorlIM4Pressure and Direction (Set 4)

I;F7l Control Set 3 25 26. 27 MDAFWP Runout Protection II MDAFWP Disrh Press (to Runout Protection)

Refueling WaOer Storage Tank Level .

Control Set 4

.28 29 30 31 Delta T/Tavg to Rod Speed & Direction I7 PZR Lref Atct High Tavg to Steam Dump (Set 1)

Letdown .XOutlet Pressure Letdown HX Outlet Temperature VCT Level Rod Withdraw Limit to Rod Cfrl Logic Cab Compensated Terrperattre Error to Rod Control Rod Control Auct High Tavg to PZR Level, Lref (Set 2)

SIG Wide Range Level to DFWCS Diablo Canyon Power Plant Digital RPS Project 45

• M Keep It Simple

[ Architecture ri Simple compared to adding DAS o Echelons are independent ri Redundantchannels within an echelon are independent

• Function Block Programming (IEC-61131-3)

Ei High level symbolic application development El Simplifies implementation of requirements and testing

[] Functional Specifications can be precisely written to avoid defects ri Protection Logic is very simple El All specified requirements can be tested El Non-specified (unintended) functions can be identified and eliminated Diablo Canyon Power Plant Digital RPS Project 46

U Traditional Software Programming (C++)

(Basis for Current V&V Guidance)

BOOL CWatchdogApp::lnitlnstance0 HWND hWndOid; HWND hWnd;

//Check if an instance is already active. Ifso,make old instance active,

//show it, and bail out..

hWndOId = ::FindWindow(NULL, DOGWINDOWNAME);

if(NULL != hWndOld) hWnd = ::SetActiveWindow(hWndOld);

BOOL bRet = ::ShowWindow(hWndOId, SWSHOWNORMAL);

exit(O);

AfxEnableControlContainero; H Standard initialization

/ If you are not using these features and wish to reduce the size

// of your final executable, you should remove from the following

/the specific initialization routines you do not need.

1. ifdef _AFXDLL Enable3dControls0; H Call this when using MFC in a shared DLL

1. else Enable3dControlsStatico; H Call this when linking to MFC statically

1. endif CWatchdogDIg dig; m.pMainWnd = &dlg; int nResponse = dlg.DoModal0; if (nResponse == IDOK)

// TODO: Place code here to handle when the dialog is

// dismissed with Exit else if (nResponse == IDCANCEL)

H TODO: Place code here to handle when the dialog is I/ dismissed with Cancel H Since the dialog has been closed, return FALSE so that we exit the

// application, rather than start the application's message pump.

return FALSE; Diablo Canyon Power Plant Digital RPS Project 47

Typical Control Program (DFWCS Steam Flow/Feedwater Flow Error Controller)

Diablo Canyon Power Plant Digital RPS Project4 48

Pressurizer Pressure-High/Low Reactor Trip RTS Implementation with TS1 131 Function Blocks PZR Pressure Protection High/Low Pressure Reactor Trips

'1 High Trip -

Bistable Hysteresis = 1%

Output Deenergizes Above Span Se pornt (1250 psi) = 12.5 psi Low Trip.-p Output Deenergizes Below "

Setpoint cPC455C RT

<value>

PZR Pressure Low Prot I RT Outputto SSPS Diablo Canyon Power Plant Digital RPS Project 49

SSPS Implementation Pressurizer Pressure-Low Primary and Alternate Safety Injection Actuation K1131 S503A-5 (A417-15)

$50.39-0 (A417-113)

CR131 10 2 Fundamental SSPS 791011-1

.functional requirements are unaffected:

76G)afre, GR0 R21 K201 10] r2 *S503&-7 (A418.-1)

S503C-5 (A4 17-17')

m] RTS and ESFAS ID L20 2 coincident logic mi Semiautomatic testing 1T 34-1 K34 S5O3&-5 (A417-16) 1034 2 503A-6 (A41771.12)

T6 o

10 `

"i Reactor Trip UV outputs T8.$6 "iESFAS component outputs 9503A-7 (A418-.15)

EfL9 76 'I ar CN4 444 10 2 S5JC.6 (A417.1 111 and safeguards testing E4011 10 "2 w] Monitoring and indication Diablo Canyon Power Plant Digital RPS Project 50

Summary

• Alternate actuations provide functional diversity

" No standalone DAS o Ifa postulated single DCCF disables an echelon, alternate protection functions ensure that FSAR Chapter 15 acceptance criteria continue to be met.

ii The alternate functions will mitigate the event automatically if automatic actuation is credited in the FSAR to mitigate the event, even LBLOCA o RTS and ESFAS functions continue to be performed by the RTS and ESFAS

• Qualified

• Redundant

• Meet all Protection System GDC

" Small requirements change provides sufficient functional diversity to reduce or eliminate DAS scope

• All safety functions are performed by qualified safety-related systems L] All FSAR Chapter 15 accidents and events are mitigated automatically where automatic action is credited in the existing analysis Ei Alternate initiation functions ensure automatic SI when required in presence of DCCF in either RTS or ESFAS concurrent with LOCA M Conservative measures to reduce licensing risk n] No AMSAC impact

• Application software in redundant processors within an echelon is different o Reduces DCCF opportunity

• Real plant safety is enhanced Diablo Canyon Power Plant Digital RPS Project 51

0 Agenda

i. Introduction (15 min)

A. Who's Here B. Industry Issues Discussion (Why are we here?)

c. Meeting Objectives ii. Review March Architecture (20 min) iii. Proposed Architecture (60 min)

A. Discuss Diverse Actuation System (DAS)

B. Identify Vulnerabilities

c. Modify Functional Requirements to Remove Vulnerabilities D. Implement Alternate Initiation Functions

.A..Ident~ify Is uesv..... . ....

B. Interpýt Reguains. Q .

v. Review Objectives vi. Open Discussion and Feedback vii. Closing Remarks Diablo Canyon Power Plant Digital RPS Project 52

TV NUREG-0800 Standard Review Plan

= Appendix 7.1-C cautions:

mA digital computer-based design using shared databases and process equipment can propagate a common-cause failure of redundant equipment o Software programming errors can defeat hardware redundancy Diablo Canyon Power Plant Digital RPS Project 53

Digital Common Cause Failure (DCCF) Basis

• 10 CFR Part 50, Appendix A, GDC 22, requires means to prevent the loss of a safety function due to common-cause failure caused by environmental conditions.

m A single common-cause failure in the software used in redundant channels of digital computer-based I&C system could potentially lead to loss of an entire safety function, similar to environmental causes.

Diablo Canyon Power Plant Digital RPS Project 54

Echelon Interdependencies (Common Cause Failure Opportunities)

" Physical Ei Rack consolidation E Common platform

• Electrical E Shared sensors, power supplies

• Environmental o Temperature, humidity

" Digital

" Operating System

" Shared software

" Shared features (timekeepers)

"l Application Program

• Same functional Requirements Diablo Canyon Power Plant Digital RPS Project 55

Common Cause Failure Concerns (SECY-91-292) m Defined Echelons of Defense:

ni Control System m Prevents process excursions into unsafe operation region rz Reactor Trip System (RTS) m Rapidly reactivity in response to uncontrolled excursion cI Engineered Safety Features Actuation System (ESFAS) m Removes heat and maintains integrity of cladding, vessel and containment Ei Monitoring and Indication m Information that enables operators to respond to events Diablo Canyon Power Plant Digital RPS Project 56

Common Platform Three Echelons of Defense

" Control System E Prevents process excursions into unsafe operation region

" Reactor Trip System (RTS)

El Rapidly reactivity in response to uncontrolled excursion

" Engineered Safety Features Actuation System (ESFAS) o Removes heat and maintains integrity of cladding, vessel and containment

• Monitoring and Indication Eo Information that enables operators to respond to events Diablo Canyon Power Plant Digital RPS Project 57

Potential Echelon Interactions m Control System ol Tricon o] Woodward s Reactor Protection System "i Nuclear Instrumentation (Sense)

"l Direct Inputs (Sense)

Ei Tricon (Sense) ol SSPS (Command) ol DAS c-m Engineered Safety Features Actuation System El Tricon (Sense)

El SSPS (Command) i -DA-S . e-tjco, -r- ;f e:,- ý

• Monitoring and Indication El Tricon ol Sufficient for mitigation/shutdown Diablo Canyon Power Plant Digital RPS Project 58

Manage DCCF

• DCCF is credible o National Research Council Report

• Limit DCCF Opportunities Ew Built-in Quality,

• .Limit DCCF Impact r" Defense-in-Depth

" Diversity Diablo Canyon Power Plant Digital RPS Project 59

0 DCCF Causes m Operating System o Shared software L. Shared features (timekeepers)

. Application Programs Ez Same Functional Requirements Diablo Canyon Power Plant Digital RPS Project 60

Single Failure Criterion (IEEE-603-1998 Section 5.1)

" "The safety systems shall perform all safety functions required for a design basis event in the presence of:

oi Any single detectable failure within the safety systems concurrent with all identifiable but non-detectable failures.

ri All failures caused by the single failure.

ri All failures and spurious system actions that cause or are caused by the design basis event requiring the safety functions.

" The single failure could occur prior to, or at any time during, the design basis event for which the safety system is required to function. The single-failure criterion applies to the safety systems whether control is by automatic or manual means. IEEE Std. 379-1994 provides guidance on the application of the single-failure criterion. IEEE Std. 7-4.3.2-1993 addresses common cause failures for digital computers.

Diablo Canyon Power Plant Digital RPS Project 61

0 Single Failure Criterion Guidance (IEEE-379-2002)

" Section 6.3.2:

ri "A probabilistic assessment shall not be used in lieu of the single-failure analysis. However, reliability analysis, probability assessment, operating experience, engineering judgment, or a combination thereof, may be used to establish a basis for excluding a particular failure from the single-failure analysis. For further guidance in performing reliability analyses and probabilistic assessments, see IEEE Std 352-1987 and IEEE Std 577-1976.

" Allows judgment that the likelihood of a specific, credible common-mode/cause failure is so small as to be negligible Io The judgment must be supported Diablo Canyon Power Plant Digital RPS Project 62

Limit DCOF Opportunities:

TRICON System Quality

.Triple Modular Redundant

" No Single Point of Failure

" Designed from the ground up as an industrial safety and critical control system

" Wide use as safety & critical control across industries oi > 7000 systems in service ol > 410,000,000 hours0 days <br />0 hours <br />0 weeks <br />0 months <br /> without a failure to perform on demand m] Non-safety system same as 1E system

" Full internal diagnostics, self testing and self calibration

" Designed to maintain operation with multiple failures, properly report failures, and allow on-line repairs Diablo Canyon Power Plant Digital RPS Project 63

Limit DCCF Opportunities:

TRICON System Quality, continued m Defensive Measures Inherent in Tricon System ri Deterministic n Software does not alter itself

• Change only through hardware failure or specific human intervention o] Cyclical

• Fixed (non-interruptible) execution sequence ri Focus on safety 0 Avoid unneeded functions oi Avoid generic susceptibilities m Asynchronous processors m Process functions not based on real-time clock m Avoid communication between redundant Tricons Diablo Canyon Power Plant Digital RPS Project 64

Inherent Tricon System Defensive Measures, continued

" Static resource allocation o Avoid software failure due to insufficient resources nz Avoid multitasking

" Modularity Ei Dissociated modules - not affected by failures of other modules

• Self-Surveillance oz Reduce frequency of unsafe failures o Prevent accumulation of undetected failures

" Quality Ei Field-proven hardware and operating system ii Applications software developed using structured process (IEEE Std 1012)

Diablo Canyon Power Plant Digital RPS Project 65

Limit DCCF Opportunities:

TRICON Operating System Quality I TRICON OS not explicitly discussed in SER ol NUREG-6303 Appendix treats DCCF in OS as subset of entire range of DCCF

• Simple

• Failures are related to service demands

• Risk of DCCF in TRICON OS is much less than risk of DCCF in applications (IEEE 379 Section 6.3.2; NUREG/CR-6303 Appendix):

El Simple o1 Cyclic El Non-multitasked E: Independent of process loading/events

• Blind to the process

• Unaffected by service demands El Asynchronous

• Internal - between Tricon processors

• External - between redundant channels

• Triconex Product Advisory Notices (PAN)

El Describe system issues and fixes El Only 14 issued since early 1980's

• >410,000,000 operating hours

• >7,000 systems

• Two (#10, 11) address trapped processor in terms of potential DCCF Source 0 Erratic control program behavior o Discrete outputs freeze - do not go to pre-defined safe state o Caused by bad programming o Corrected by firmware fix Diablo Canyon Power Plant Digital RPS Project 66

Limit DCCF Opportunities:

Application Program Quality

" Generate and install high-integrity software

" High-quality development and implementation processes improve likelihood of a good product but do not guarantee it m] EPRI TR-108831 (Requirements Specifications)

"i IEEE-1012 (Verification & Validation Plan)

"i IEEE-1233 (Requirements Specifications) ri- IEC 61131-3 (Programming Languages)

" BTP HICB- 14, Software Reviews for Digital Computer-Based I&C Systems, System Software and Hardware Development Process.

Diablo Canyon Power Plant Digital RPS Project 67

U ': *!!ii, ~ ~ i~i*h;,:::*

Application Program Quality, continued

- Function Block Programming (IEC-61131-3)

Ei High level symbolic application development rm Ease of writing oi Ease of review o Ease of test

• Ei Formal specification becomes SDD

• Functional Specifications can be precisely written to avoid defects

'z Protection Logic is very simple o All specified requirements can be tested

-ii Non-specified (unintended) functions can be identified and eliminated Diablo Canyon Power Plant Digital RPS Project 68

0 Application Program Quality m PG&E Lifecycle Process (CF2.1D9) rmBased on IEEE-1012 o Required for all in-house software development m Imposed on all software development vendors Diablo Canyon Power Plant Digital RPS Project 69

PG&E Software Lifecycle Design Phase (Design Engineering)

Diablo Canyon Power Plant Digital RPS Project 70

Limit DCCF Impact

• Defense-in-Depth

• Diversity Diablo Canyon Power Plant Digital RPS Project 71

BTP HICB-19 D3 Guidance m Three Objectives:

1. Verify that adequate diversity has been provided in the design to meet the criteria established by the NRC's requirements.

2. Verify that adequate defense-in-depth has been provided in a design to meet the criteria established by the NRC's requirements.

3. Verify that the displays and manual controls for critical safety functions initiated by operator action are diverse from computer systems used in the automatic portion of the Reactor Protection System and ESFAS.

Diablo Canyon Power Plant Digital RPS Project 72

Evaluating Diversity (Regulatory Position)

• NUREG/CR-6303 i Examine architecture to determine extent of postulated failures n Evaluate impact of postulated failures on plant accident analyses

• 10 CFR 100 acceptance limits are relaxed due to low failure likelihood Diablo Canyon Power Plant Digital RPS Project 73

Protection Against Common Design Errors m Design diversity o Different internal design mi Different vendor's equipment E Not effective unless perform different

.functions m Functional diversity D Components perform completely different functions Em More effective than design diversity 74 Diablo Canyon Power Plant Digital RPS Project

U ~~A: _ ~ ---

Requirements Must Be Different mThe system will always fail when a functional design error is challenged if:

mThe flawed requirements are implemented in different equipment w The flawed requirements are implemented differently in the same equipment Diablo Canyon Power Plant Digital RPS Project 75

Analogy

" PC's on the desktop rm Running Windows XP (same OS) m NUREG 6303 Appendix excludes OS as a source of CCSF

• What is the probability of 2 (or more) failing concurrently?

n Y2K type issues m Related to synchronous processes o What else? Applications?

• Asynchronous

- Different applicationsoftware Diablo Canyon Power Plant Digital RPS Project 76

N Summary.-

• Proposed design provides independence between echelons:

ol Independent Control System m] Independent RTS ol Independent ESFAS

" Proposed design provides independence within echelons ol Software in redundant channels is not identical ol Reduces DCCF opportunity in redundant channels

• Monitoring and indication functions associated with intact echelons are not affected by a single failed echelon

" Not affected:

"l Existing AMSAC "l Existing SSPS "l Existing NIS

" Electrical isolation prevents control/protection interaction due to DCCF

" Data isolation prevents DCCF propagation within and among echelons

" Architecture limits impact of echelon interactions

" Architecture limits DCCF propagation Diablo Canyon Power Plant Digital RPS Project 77

How Diverse is Diverse Enough?

m Design - Meets criteria m Equipment - Criteria not met o Defensive measures:

m Limit DCCF Impact m Limit DCCF Opportunity

" Software - Meets criteria

" Functional - Meets criteria m Signal - Meets criteria m Human - Meets criteria Diablo Canyon Power Plant Digital RPS Project 78

U Bottom Line:

mDoes the proposed approach using common platform and operating systems in multiple echelons violate regulations?

Diablo Canyon Power Plant Digital RPS Project 79

I1 Agenda

i. Introduction (15 min)

A. Who's Here B. Industry Issues Discussion (Why are we here?)

c. Meeting Objectives ii. Review March Architecture (20 min) iii. Proposed Architecture (60 min)

A. Discuss Diverse Actuation System (DAS)

B. Identify Vulnerabilities

c. Modify Functional Requirements to Remove Vulnerabilities D. Implement Alternate Initiation Functions iv. Common Platform (30 min)

A. Identify Issues B. Interoret Reaulations Diablo Canyon Power Plant Digital RPS Project 80

A Meeting Objectives

= Present current approach and architecture

= Feedback requested from the NRC

" Does the approach meet NRC Guidance?

. NOT "Can we install it in the plant?"

" Identification of weak points that will require more justification i Issues with the architecture or approach Em Suggestions on format and content (e.g.,

NUREG/CR-6303 Section 5) m Open discussion on any technical issues Diablo Canyon Power Plant Digital RPS Project 81