Difference between revisions of "ML021190162"

From kanterella
Jump to navigation Jump to search
(StriderTol Bot insert)
 
(No difference)

Latest revision as of 02:26, 27 March 2020

Ft Calhoun, Amd 208, TS Pages Revising Technical Specifications 2.15(5) and 2.15(6), Instrumentation and Control System
ML021190162
Person / Time
Site: Fort Calhoun Omaha Public Power District icon.png
Issue date: 04/25/2002
From:
Office of Nuclear Reactor Regulation
To:
Shared Package
ML021160626 List:
References
Download: ML021190162 (2)


Text

2.0 LIMITING CONDITIONS FOR OPERATION 2.15 Instrumentation and Control Systems Applicability Applies to plant instrumentation systems.

Objective To delineate the conditions of the plant instrumentation and control systems necessary to assure reactor safety.

Specifications The operability, permissible bypass, and Test Maintenance and Inoperable bypass specifications of the plant instrument and control systems shall be in accordance with Tables 2-2 through 2-5.

(1) In the event the number of channels of a particular system in service falls one below the total number of installed channels, the inoperable channel shall be placed in either the bypassed or tripped condition within one hour if the channel is equipped with a key operated bypass switch, and eight hours if jumpers or blocks must be installed in the control circuitry. The inoperable channel may be bypassed for up to 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> from time of discovering loss of operability; however, if the inoperability is determined to be the result of malfunctioning RTDs or nuclear detectors supplying signals to the high power level, thermal margin/low pressurizer pressure, and axial power distribution channels, these channels may be bypassed for up to 7 days from time of discovering loss of operability. If the inoperable channel is not restored to OPERABLE status after the allowable time for bypass, it shall be placed in the tripped position or, in the case of malfunctioning RTDs or linear power nuclear detectors, the reactor shall be placed in hot shutdown within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. If active maintenance and/or surveillance testing is being performed to return a channel to active service or to establish operability, the channel may be bypassed during the period of active maintenance and/or surveillance testing. This specification applies to the high rate trip-wide range log channel when the plant is at or above 10-4% power and is operating below 15 % of rated power.

(2) In the event the number of channels of a particular system in service falls to the limits given in the column entitled "Minimum Operable Channels," one of the inoperable channels must be placed in the tripped position or low level actuation permissive position for the auxiliary feedwater system within one hour, if the channel is equipped with a bypass switch, and within eight hours if jumpers or blocks are required; however, if minimum operable channel conditions for SIRW tank low signal are reached, both inoperable channels must be placed in the bypassed condition within eight hours from time of discovery of loss of operability.

If at least one inoperable channel has not been restored to OPERABLE status after 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> from time of discovering loss of operability, the reactor shall be placed in a hot shutdown condition within the following 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />; however, operation can continue without containment ventilation isolation signals available if the containment ventilation isolation valves are closed.

2-65 Amendment No. 8,20,54,65,88,108,194,208

2.0 LIMITING CONDITIONS FOR OPERATION 2.15 Instrumentation and Control Systems (Continued)

If after 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from time of initiating a hot shutdown procedure at least one inoperable engineered safety features or isolation functions channel has not been restored to OPERABLE status, the reactor shall be placed in a cold shutdown condition within the following 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. This specification applies to the high rate trip-wide range log channel when the plant is at or above 10-4% power and is operating below 15 % of rated power.

(3) In the event the number of channels on a particular engineered safety features (ESF) or isolation logic subsystem in service falls below the limits given in the columns entitled "Minimum Operable Channels" or "Minimum Degree of Redundancy," except as conditioned by the column entitled "Permissible Bypass Conditions," sufficient channels shall be restored to OPERABLE status within 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> so as to meet the minimum limits or the reactor shall be placed in a hot shutdown condition within the following 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />; however, operation can continue without containment ventilation isolation signals available if the ventilation isolation valves are closed. If after 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from time of initiating a hot shutdown procedure sufficient channels have not been restored to OPERABLE status, the reactor shall be placed in a cold shutdown condition within the following 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />.

(4) In the event the number of channels of those particular systems in service not described in (3) above falls below the limits given in the columns entitled "Minimum Operable Channels" or "Minimum Degree of Redundancy," except as conditioned by the column entitled "Permissible Bypass Conditions," the reactor shall be placed in a hot shutdown condition within 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. If minimum conditions for engineered safety features or isolation functions are not met within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> from time of discovering loss of operability, the reactor shall be placed in a cold shutdown condition within the following 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. If the number of OPERABLE high rate trip-wide range log channels falls below that given in the column entitled "Minimum Operable Channels" in Table 2-2 and the reactor is at or above 10"'% power and at or below 15% of rated power, reactor critical operation shall be discontinued and the plant placed in an operational mode allowing repair of the inoperable channels before startup or reactor critical operation may proceed.

If, during power operation, the rod block function of the secondary CEA position indication system and rod block circuit are inoperable for more than 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, or the plant computer PDIL alarm, CEA group deviation alarm and the CEA sequencing function are inoperable for more than 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br />, the CEAs shall be withdrawn and maintained at fully withdrawn and the control rod drive system mode switch shall be maintained in the off position except when manual motion of CEA Group 4 is required to control axial power distribution.

(5) In the event that the number of operable channels of the listed Alternate Shutdown Panels or the Auxiliary Feedwater Panel instrumentation or control circuits falls below the required number of channels, either restore the required number of channels to OPERABLE status within seven (7) days, or be in hot shutdown (Mode

3) within the next twelve hours. This specification is applicable in Modes 1 and 2.

2-66 Amendment No. 8,20,54,65,88,125,1i57, 1-94,208

2.0 LIMITING CONDITIONS FOR OPERATION 2.15 Instrumentation and Control Systems (Continued)

Function/Instrument Required Number or Control Parameter Location of Channels

1. Reactivity Control
a. Source Range Power AI-212 1
b. Reactor Wide Range AI-212 1 Logarithmic Power
2. Reactor Coolant System Pressure Control
a. Pressurizer Wide Range AI-179 Pressure (0-2500 psia)
3. Decay Heat Removal via Steam Generators
a. Reactor Coolant Hot Leg Al-185 1 (Note 1)

Temperature

b. Reactor Coolant Cold Leg AI-185 1 (Note 1)

Temperature

c. Steam Generator Pressure AI-179 1 per steam generator
d. Steam Generator Narrow Range AI-179 1 per steam generator Level
e. Steam Generator Wide Range AI-179 1 per steam generator Level
4. Reactor Coolant System Inventory Controls
a. Pressurizer Level AI-185 1
b. Volume Control Tank Level AI-185 1
c. Charging Pump CH-1B and its AI-185 1 associated controls
d. Charging Isolation Valve Control Al-185
5. Transfer Functions
a. All Transfer Switches/Lockout AI-185 Relays
b. All Transfer Switches/Lockout AI-179 Relays Note 1: One reactor coolant hot leg temperature indication and one reactor coolant cold leg temperature indication channel must both be operable on the same steam generator (i.e., RC-2A or RC-2B).

2-66a Amendment No. 208

2.0 LIMITING CONDITIONS FOR OPERATION 2.15 Instrumentation and Control Systems (Continued)

Function/Instrument Required Number or Control Parameter Location of Channels

6. Auxiliary Feedwater Controls
a. Steam Generator RC-2A and 2B AI-179 1 Auxiliary Feedwater Isolation Inboard and Outboard Valves Control
b. Steam-Driven Pump FW-10 AI-179 1 Recirculation Valve Control
c. Steam-Driven Pump FW-10 AI-179 1 Steam Isolation Valve Control
d. Steam from Steam Generator AI-179 1 RC-2A and RC-2B to FW-10 Steam Isolation Valve Control Basis During plant operation, the complete instrumentation systems will normally be in service. This specification outlines limiting conditions for operation necessary to preserve the effectiveness of the reactor protective system (RPS) and engineered safety features (ESF) system when one or more of the channels are out of service.

Reactor safety is provided by the RPS, which automatically initiates appropriate action to prevent exceeding established limits. Safety is not compromised, however, by continued operation with certain instrumentation channels out of service since provisions were made for this in the plant design.

The RPS and most engineered safety feature channels are supplied with sufficient redundancy to provide the capability for channel test at power, except for backup channels such as derived circuits in the ESF logic system.

When one of the four channels is taken out of service for maintenance, RPS logic can be changed to a two-out-of-three coincidence for a reactor trip by bypassing the removed channel. If the bypass is not effected, the out-of-service channel (Power Removed) assumes a tripped condition (except high rate-of-change of power, high power level and high pressurizer pressure),(') which results in a one-out-of-three channel logic. If in the 2-out-of-4 logic system of the RPS one channel is bypassed and a second channel manually placed in a tripped condition, the resulting logic is 1-out-of-2. At rated power, the minimum OPERABLE high-power level channel is 3 in order to provide adequate power tilt detection. If only 2 channels are OPERABLE, the reactor power level is reduced to 70% rated power which protects the reactor from possibly exceeding design peaking factors due to undetected flux tilts and from exceeding dropped CEA peaking factors.

2-66b Amendment No. 88,125,152,173,,, ,,208

2.0 LIMITING CONDITIONS FOR OPERATION 2.15 Instrumentation and Control Systems (Continued)

Basis (Continued)

The ESF logic system is a Class 1 protection system designed to satisfy the criteria of IEEE 279, August 1968. Two functionally redundant ESF logic subsystems "A" and "B" are provided to ensure high reliability and effective in-service testing.

These logic subsystems are designed for individual reliability and maximum attainable mutual independence both physically and electrically. Either logic subsystem acting alone can automatically actuate engineered safety features and essential supporting systems.

All engineered safety features are initiated by 2-out-of-4 logic matrices except containment high radiation which operates on a 1-out-of-2 basis. The number of installed channels for Containment Radiation High Signal (CRHS) is two. CRHS isolates the containment pressure relief, air sample and purge system valves.

Entry into Technical Specification 2.15(3) is made when conditions have caused one logic subsystem ("A" or "B") to become inoperable but the redundant logic subsystem remains operable. The loss of a prime initiation relay (which renders all 4 channels of a logic subsystem inoperable) is the condition most likely to cause entry into Technical Specification 2.15(3). In this situation, the remaining ESF logic subsystem still has the capability to automatically actuate engineered safety features equipment and essential supporting systems. The 48-hour completion time is commensurate with the importance of avoiding the vulnerability of a single failure in the remaining ESF logic subsystem. Technical Specification 2.15(3) will not be used upon loss of the common channels that affect both "A" and "B" subsystems prime initiators operability. Upon exiting TS 2.15(3) following the restoration of a prime initiation relay to OPERABLE status, if any channel(s) remain inoperable, the appropriate LCO (TS 2.15(1) or (2)) is applicable with the length of inoperability measured from time of discovery of: 1) prime initiation relay inoperable, or 2) channel inoperability, whichever is longer.

The ESF logic system provides a 2-out-of-4 logic on the signals used to actuate the equipment connected to each of the two emergency diesel generator units.

The rod block system automatically inhibits all CEA motion in the event a Limiting Condition for Operation (LCO) on CEA insertion, CEA deviation, CEA overlap or CEA sequencing is approached. The installation of the rod block system ensures that no single failure in the control element drive control system (other than a dropped CEA) can cause the CEAs to move such that the CEA insertion, deviation, sequencing or overlap limits are exceeded. Accordingly, with the rod block system installed, only the dropped CEA event is considered an AOO and factored into the derivation of the Limiting Safety System Settings and Limiting Conditions for Operation. With the rod block function out-of-service several additional CEA deviation events must be considered as AOOs. Analysis of these incidents indicates that the single CEA withdrawal incident is the most limiting of these events. An analysis of the at-power single CEA withdrawal incident was performed for Fort Calhoun for various initial Group 4 insertions, and it has been concluded that the Limiting Conditions for Operation (LCO) and Limiting Safety System Settings (LSSS) are valid for a Group 4 insertion of less than or equal to 15 %.

2-66c Amendment No. 125,194,208

2.0 LIMITING CONDITIONS FOR OPERATION 2.15 Instrumentation and Control Systems (Continued)

Basis (Continued)

The operability of the Alternate Shutdown Panel (AI-185), including Wide Range Logarithmic Power and Source Range Monitors on AI-212, and Emergency Auxiliary Feedwater Panel (AI-179) instrument and control circuits ensures that sufficient capability is available to permit entry into and maintenance of the Hot Shutdown Mode from locations outside of the Control Room. This capability is required in the event that Control Room habitability is lost due to fire in the cable spreading room or Control Room.

Variances which may exist at startup between the more accurate &T-Power and Nuclear Instrumentation Power (NI-Power) are not significant for enabling of the trip functions. By 15% of rated power as measured by the uncalibrated NI Power, the Axial Power Distribution (APD) and Loss of Load (LOL) trip functions are enabled while the High Rate of Change of Power trip is bypassed.

The APD trip function acts to limit the axial power shape to the range assumed in the setpoint analysis. Significant margins to local power density limits exist at 15 %

power, as well as power levels up to at least 30% (where NI calibration occurs).

The LOL trip function acts as an anticipatory trip for the high pressurizer pressure and high power trips in order to limit the severity of a LOL transient. This trip is not credited in the USAR Chapter 14 Safety Analyses and any variance between

&T-Power and NI-Power has no effect on the safety analysis.

The High Rate of Change of Power trip acts to limit power excursions from low power levels and bypassing of this trip at a high power level is conservative. This trip is not credited in the USAR Chapter 14 Safety Analyses for Mode 1 operation.

Any variance between AT-Power and NI-Power has no effect on the safety analysis.

References (1) USAR, Section 7.2.7.1 2-66d Amendment No. 208 1