Comments
Description
Transcript
Attachment 10
Attachment 10 Non-proprietary Westinghouse Electric Company document WCAP-1 7529-NP, Revision 0, "System Requirements Specification for the Common Q Post Accident Monitoring System," (non-proprietary) dated November 2011 (Letter Item 8) Westinghouse Non-Proprietary Class 3 WCAP-17529-NP Revision 0 Nov ember 2011 System Requirements Specification for the Common Q Post Accident Monitoring System Westinghouse WESTINGHOUSE NON-PROPRIETARY CLASS 3 WCAP-17529-NP Revision 0 System Requirements Specification for the Common Q Post Accident Monitoring System Digish R. Shah* Safety Systems Support & Upgrades November 2011 Reviewer: Shawn M. Downey * Safety Systems Support and Upgrades Approved: Maria E. Assard*, Manager Safety Systems Support and Upgrades *Electronically approved records are authenticated in the electronic document management system. Westinghouse Electric Company LLC 1000 Westinghouse Drive Cranberry Township, PA 16066, USA © 2011 Westinghouse Electric Company LLC All Rights Reserved WCAP-17529-NP.docx-1 10311 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ii RECORD OF REVISIONS Rev. No. Date 0 See EDMS Pages Involved This document is a Prepared By D. R. Shah Reviewed By S. M. Downey Approved By M. E. Assard replica of 00000-ICE30156, Rev.8, and was created for docketing. No revision bars for 00000-ICE-30156, Rev.8, show in this file. WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 iii TABLE OF CONTENTS LIST O F TA BLES ........................................................................................................................................ v LIST O F FIG U RE S ..................................................................................................................................... vi A CRONY M S AN D TRA DEM A RK S ...................................................................................................... vii 2 IN TRO D UCTION ........................................................................................................................ 1.1 SY STEM PURPO SE ....................................................................................................... 1.2 SY STEM SCO PE ............................................................................................................ 1.3 SY STEM O VERV IEW .................................................................................................... 1.3.1 Testing Requirem ents ...................................................................................... 1.3.2 Codes and Standards ........................................................................................ G EN ERA L SY STEM D ESCRIPTION ........................................................................................ 2.1 SY STEM CON TEX T ...................................................................................................... 2.2 SY STEM M O D ES AND STATES .................................................................................. 2.3 M A JO R SY STEM CAPA BILITIES ................................................................................ 2.3.1 ICC D etection Functions ................................................................................. 2.3.2 Backup Safety Param eter D isplay System Functions ...................................... 2.3.3 Test and M aintenance Functions ..................................................................... 2.4 PA M S PRO G RA M STRU CTU RE .................................................................................. 2.5 M A JO R SY STEM CON D ITION S .................................................................................. 2.5.1 Initialization ..................................................................................................... 2.5.2 Interlocks and Perm issives .............................................................................. 2.5.3 A lgorithm Im plem entation .............................................................................. 2.6 PAM S D ISPLAY S ......................................................................................................... 2.6.1 Operator Interface .......................................................................................... 2.6.2 Operator's M odule ......................................................................................... 2.6.3 M aintenance and Test Panel .......................................................................... 2.7 M A JO R SY STEM CON STRA IN TS ............................................................................. 2.8 U SER CHA RA CTERISTICS ........................................................................................ 2.8.1 OM User Characteristics ..................................... 2.8.2 M TP U ser Characteristics .............................................................................. 2.9 PAM S D IA GN O STIC FUN CTIO N S ........................................................................ 2.9.1 Com munications Interface D iagnostics ......................................................... 2.9.2 1/0 D iagn ostics .............................................................................................. 2.9.3 System Load Calculation ............................................................................... 2.10 PA M S D ATA TRAN SFER ............................................................................................ 2.10.1 3 [ ]a,c ........................................................................... 2-55 SYSTEM CAPABILITIES, CONDITIONS, AND CONSTRAINTS .......................................... 3.1 PH Y SICA L ...................................................................................................................... 3.1.1 Construction .................................................................................................... 3.1.2 Single Failure Requirem ents ........................................................................... 3.1.3 Separation Requirem ents ................................................................................. 3.1.4 Signal Isolation ................................................................................................ 3.1.5 Cable Routing .................................................................................................. WCAP-17529-NP 1-1 1-1 1-1 1-2 1-4 1-4 2-1 2-1 2-3 2-3 2-3 2-5 2-7 2-7 2-7 2-7 2-7 2-9 2-31 2-31 2-32 2-49 2-51 2-51 2-51 2-51 2-52 2-52 2-54 2-55 2-55 3-1 3-1 3-1 3-1 3-1 3-2 3-2 November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3.2 iv 3.1.6 System Security ............................................................................................... 3.1.7 Environm ental and Seism ic Q ualification ....................................................... SYSTEM PERFORMANCE CHARACTERISTICS ...................................................... 3.2.1 [ 3.2.2 [. . ....................................................................... 3.2.3 3-2 3-3 3-3 ]a,c .......................................................................... 3-3 . 3-4 P C........................................................... 3-5 SY STEM O PERATION S ................................................................................................ 3.3.1 System Testing, Calibration and M aintenance ................................................ 3.3.2 System Reliability ........................................................................................... 3.3.3 Availability Requirem ents ............................................................................... SY STEM IN TERFA CES .............................................................................................................. 4.1 1 ]7,c ............................................... 4.2 PAM S IN PUT SIGN ALS ................................................................................................ 4.2.1 A nalog Input Signals ....................................................................................... 4.2.2 []7c ................................................................................ 4.3 . . .. . ..................................................................................... 4.3.1 []7c ............................................................................. 3-5 3-5 3-6 3-6 4-1 4-1 4-2 4-2 4-4 4-5 4-5 3.3 4 4.3.2 7 ],c............................................................................. 4-5 4.3.3 4.3.4 []a' 1 4.4.1 ]7,c ................................................................................................................ 4-8 []7c ........................................................................................ 4-8 4.4.2 [ 4.4 4.5 17ac [ ............................................................................. ]a,c ................................................................................................. ]a,c ..................................................................................................... ............................................. 4-7 4-7 4-8 .................................... 4-8 5 REFERENCES ............................................................................................................................. 5-1 APPENDIX A SYSTEM REQUIREMENTS FOR COMMON Q PHASE 3 SINGLE CHANNEL POST A CCID EN T M ON ITO RIN G SY STEM .................................................................... A -1 WCAP-1 7529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 V LIST OF TABLES Table 2-1 [ Table 2-2 Table 2-3 ii Table 2-4 ii Table 2-5 ii ]a,c ................................................................................. ]a' ]a,c II 2 -14 2 -15 ] ,c............................................................................ ] C............................................................................. 2 -2 3 [ Table 2-10 WCAP- 17529-NP 2 -14 ]ja c .................................................................................. Table 2-8 Table 2-12 ]ac ............................................................................. ]a,c ................................................................................................... Table 2-7 Table 2-11 2 -1 1 ]ac .................................................... Table 2-6 Table 2-9 ]a,c ................................................................................................. 2 -2 8 2 -3 0 ........................... 2-35 ................................................... ].. .......................... I...... 2 -2 7 2 -3 7 ................................ 2-43 ]a,c ......................................................................... 2 -4 7 November 2011 Revision 0 vi WESTINGHOUSE NON-PROPRIETARY CLASS 3 LIST OF FIGURES Figure 1-1 Relationship of Individual System s for PAM S ................................................................ 1-3 Figure 2-1 PAM S Block Diagram ..................................................................................................... 2-2 Figure 2-2 [],c Figure 2-3 [ WCAP- 17529-NP ..................................................................................................... 2-20 ]a.c ..................................................................................................... 2-20 November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 vii ACRONYMS AND TRADEMARKS Acronymn Definition A/D ABB ACK ADC ASME CCAS CE CET CETMS CIAS CMMR Cnmt Common CRC ESF ESFAS FAP FE FPD HJTC HJTCS HSL I/O I&C ICC ICCMS IEEE MCB MSIS MTP NIST NSSS OM PAMS PAS PDU PMC PPS psi psia psig Analog/Digital Asea Brown Boveri Acknowledge Analog to Digital Converter American Society of Mechanical Engineers Component Cooling Actuation Signal Combustion Engineering Core Exit Thermocouples Core Exit Thermocouple Monitoring System Containment Isolation Actuation Signal Common Mode Rejection Ratio QTM Containment Common Qualified Platform Cyclic Redundancy Check Engineered Safety Features Engineered Safety Features Actuation System Fuel Alignment Plate Function Enable Flat Panel Display Heated Junction Thermocouple Heated Junction Thermocouple System High Speed Link Input/Output Instrumentation and Control Inadequate Core Cooling Inadequate Core Cooling Monitoring System Institute of Electrical and Electronics Engineers Main Control Board Main Steam Isolation Signal Maintenance and Test Panel National Institute of Standards and Technology Nuclear Steam Supply System Operator's Module Post Accident Monitoring System Plant Annunciator System Plasma Display Unit Plant Monitoring Computer Plant Protection System Pounds Per Square Inch Pounds Per Square Inch (Absolute) Pounds Per Square Inch (Gauge) WCAP-1 7529-NP November 2011 Revision 0 Viii WESTINGHOUSE NON-PROPRIETARY CLASS 3 viii WESTINGHOUSE NON-PROPRIETARY CLASS 3 ACRONYMS AND TRADEMARKS (cont.) Acronymn Definition QSPDS RCP RCS RG RPS RTD RVLMS SG SIAS SLE SMM SPDS SPM T/C UGSSP UJTC VBPSS WDT Qualified Safety Parameter Display System Reactor Coolant Pump Reactor Coolant System Regulatory Guide Reactor Protection System Resistance Temperature Detector Reactor Vessel Level Monitoring System Steam Generator Safety Injection Actuation Signal Software Load Enable Subcooled Margin Monitor Safety Parameter Display System Software Program Manual Thermocouple Upper Guide Structure Support Plate Unheated Junction Thermocouple Vital Bus Power Supply System Watchdog Timer Advant®is a registered trademark of ABB Process Automation Corporation. Common QVM is a trademark or registered trademark, in the United States, of Westinghouse Electric Company LLC, its subsidiaries and/or its affiliates. This mark may also be used and/or registered in other countries throughout the world. All rights reserved. QNXO is a registered trademark of QNX Software Systems GmbH & Co. KG ("QSSKG") and is used under license by QSS. Windows® is registered trademark of Microsoft Corporation in the United States and/or other countries. All other product and corporate names used in this document may be trademarks or registered trademarks of other companies, and are used only for explanation and to the owners' benefit, without intent to infringe. WCAP-17529-NP November 2011 Revision 0 1-1 WESTINGHOUSE NON-PROPRIETARY CLASS 3 1 INTRODUCTION 1.1 SYSTEM PURPOSE The purpose of this document is to define the generic hardware and functional requirements for a Post Accident Monitoring System (PAMS) based on Common Qualified (Q) components. ]aC Appendix A of this document defines the specific requirements for a Phase 3 Common Q PAMS. This document was prepared using IEEE Standard 1233-1996, "IEEE Guide for Developing System Requirements Specifications" (Reference 12) as a guide. 1.2 SYSTEM SCOPE The system described in this document is intended to upgrade equipment presently providing for accident monitoring and inadequate core cooling (ICC). This system is intended to upgrade existing equipment and will continue to provide information and data to the plant monitoring/Safety Parameter Display System (SPDS) computers for use in its control room display. Each PAMS is comprised of two redundant and isolated channels. The instruments used to provide the input signals to PAMS are not included in this document. As part of each PAMS, there is a flat panel display (FPD) for an operator's module (OM) and a maintenance and test panel (MTP). The system requirements specification for the FPD is provided in 00000-ICE-30155, "System Requirements Specification .for the Common Q Generic Flat Panel Display" (Reference 8). A specific PAMS implementation includes one, or more, or a combination of the following subsystems: Heated Junction Thermocouple (HJTC) System/Reactor Vessel Level Monitoring System (RVLMS) * Core Exit Thermocouple Monitoring System (CETMS) Inadequate Core Cooling Monitoring System (ICCMS), which includes a Subcooled Margin Monitor (SMM), CETMS, and HJTC System WCAP-1 7529-NP November 2011 Revision 0 1-2 WESTINGHOUSE NON-PROPRIETARY CLASS 3 0 Qualified Safety Parameter Display System (QSPDS), which typically includes all of the above The PAMS design bases are the same as those in NPROD-ICE-3201, "A Functional Design Description for the Qualified Safety Parameter Display System" (Reference 6), for Combustion Engineering's (CE's) QSPDS and are as follows: 1. Provide safety grade processing and display for ICC instrument signals to detect the approach to, existence of and recovery from ICC conditions per NUREG 0737, II.F.2, "Clarification of TMI Action Plan Requirements" (Reference 21). The primary human factors display is not the PAMS but another system to which the PAMS transmits data. 2. Provide a seismically qualified SPDS as a backup to primary SPDS to which the PAMS transmits data per NUREG 0737, I.D.2 (Reference 21) and NUREG 0696, "Guidelines for Emergency Response Facilities" (Reference 22). 3. Provide safety grade processing and display of accident monitoring instrument signals per Regulatory Guide (RG) 1.97, "Instrumentation for Light Water Cooled Nuclear Power Plants to Assess Plant Conditions During and Following an Accident" (Reference 10). 4. Provide a processing and display system that incorporates human factor engineering techniques to enhance the control room design by displaying essential plant parameters in a systematic and efficient manner per NUREG 0737, I.D. 1 (Reference 21). 5. Provide safety grade isolation of Class 1E inputs to be provided to non-Class 1E monitoring system(s). The PAMS shall be capable of functioning during and after the environmental and seismic design bases event conditions as defined in subsection 3.1.7. 1.3 SYSTEM OVERVIEW PAMS is a Class 1E safety-related alarm and display system. Each PAMS consists of two independent channels of equipment (Channels A & B) which acquire and process two channels of inputs. The two channels of equipment are located in one or more cabinets, depending on the plant. The channels are physically separated and electrically isolated from each other. The details of the PAMS signal transducers are discussed in this document only to the extent necessary to understand the use of their outputs, which are used as inputs to the PAMS data acquisition equipment. Depending on plant-specific implementation, PAMS channel inputs may include plant process signals, core exit thermocouples (CETs), and HJTCs. Also, depending on plant-specific implementation, each PAMS channel may provide HJTC heater power outputs, analog output values for display on meters/recorders, contact outputs for use by the plant annunciator system, isolated data link data for display on an OM, and isolated Ethernet data link data for use by the Plant Monitoring Computer (PMC) or the SPDS. WCAP-17529-NP November 2011 Revision 0 1-3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 The relationship of the individual systems for each PAMS are described below and shown in Figure 1-1: The SMM monitors Reactor Coolant System (RCS)/pressurizer pressure, RCS hot leg temperature, and RCS cold leg temperatures to detect and alarm subcooled margin. The HJTCS/RVLMS monitors eight sensor pairs which comprise a heated and an unheated thermocouple to provide the reactor vessel collapsed liquid level above the core. Some applications utilize a split HJTC probe, in which case a separate level measurement is provided for the upper head and for the plenum. * The CETMS monitors CET temperatures to detect and alarm ICC conditions. The ICCMS monitors CET temperatures, RCS/pressurizer pressure, RCS hot leg temperature, RCS cold leg temperatures, three unheated thermocouple temperatures in the reactor head, and the HJTCS/RVLMS. Saturation margins are calculated for the RCS hot and cold leg temperatures, the reactor vessel head (using the top three unheated thermocouples), and at the core exit (using the CETs). Each channel of the QSPDS provides the combined functions of the ICCMS (i.e., SMM, CETMS, and HJTCS/RVLMS systems). Additional RG 1.97 (Reference 10) safety-related parameters are also monitored, alarmed, and displayed as a backup to the plant SPDS. IQSPDS RG 1.97 Variables HJTCS/ RVLMS SNMCETMS - RCS Press. - RCS Thot Temp. - RCS Tcold Temp. - CET Temps. - Core Reactivity Control - Core Heat Removal - RCS Inventory Control - Cnmt Isolation - etc. depending on plant specific requirements - HJTC Figure 1-1 Relationship of Individual Systems for PAMS WCAP-1 7529-NP November 2011 Revision 0 1-4 WESTINGHOUSE NON-PROPRIETARY CLASS 3 Since the QSPDS functions encompass the ICCMS, SMM, CETMS, and HJTCS/RVLMS functions, the PAMS functional requirements and descriptions provided herein are based on those for the generic CE QSPDS (NPROD-ICE-3201, "A Functional Design Description for the Qualified Safety Parameter Display System" [Reference 6], and NPROD-ICE-3102, "Interface Requirements for Qualified Safety Parameter Display System" [Reference 28]). Plant-specific PAMS designs can be developed from those defined in this document. 1.3.1 Testing Requirements PAMS shall be tested to assure that it meets the following: 1. 2. 3. Software requirements System requirements Functional requirements The PAMS test procedures and results shall be documented to support a subsequent verification and validation program for upgrades to plant systems based on a PAMS prototype design according to WCAP-16096-NP-A, "Software Program Manual for Common Q Systems" (Reference 5). Software, system, and functional testing requirements are specified in the software program manual (SPM) (Reference 5). A PAMS Test Plan shall be developed to provide detailed testing requirements encompassing the above. Hardware Configuration Control shall be in accordance with the latest revision of Westinghouse Policies and Procedures as required by the plant-specific project. 1.3.2 Codes and Standards The codes and standards to be utilized for the PAMS design are as discussed in the individual sections where they apply. These encompass those utilized for the QSPDS and incorporate additional standards endorsed since completion of the QSPDS design. WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2 GENERAL SYSTEM DESCRIPTION 2.1 SYSTEM CONTEXT 2-1 A PAMS block diagram is provided in Figure 2-1. The PAMS design is based on Common Q hardware as discussed in this document. With the exception of the OM and MTP, each aspect of the block diagram is discussed in the following sections. A detailed discussion of the PAMS interface requirements is provided in Section 4. The requirements for the FPD to be used for the PAMS OM and MTP are provided in Reference 8. WCAP-17529-NP WCAP-l 7529-NP November 2011 November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-2 2-2 a,c Figure 2-1 PAMS Block Diagram WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.2 2-3 SYSTEM MODES AND STATES PAMS shall be capable of operation during normal and abnormal environments and plant operating modes as defined in subsection 3.3.3. The testing, calibration, and maintenance requirements of PAMS are described in subsection 3.3.1. 2.3 MAJOR SYSTEM CAPABILITIES The PAMS design bases require that the system provide the following: 2.3.1 ICC Detection Functions The ICC detection function is designed to the following requirements: 1. 2. Provide the operator with an advanced warning of the approach to ICC Cover the full range of ICC from normal operation to complete core uncovery The PAMS ICC detection indication enables the operator to monitor system conditions associated with the approach to and recovery from ICC. The PAMS calculates and displays margin to saturation, reactor vessel collapsed liquid level above the core, and core exit temperatures (which infers fuel cladding temperatures). These three functions are provided in PAMS by combining the respective functions of the SMM, HJTCS, and CETMS. The progression toward and from ICC can be divided into conditions based on physical processes occurring within the reactor pressure vessel. These conditions are as follows: Conditions Associated with the Approach to ICC Condition l a: Loss of fluid subcooling prior to the first occurrence of saturation conditions in the coolant. Condition 2a: Decreasing coolant inventory within the upper plenum (from the top of the vessel to the top of the active fuel). Condition 3a: Increasing core exit temperature produced by uncovery of the core resulting from the drop in level of the mixture of vapor bubbles and liquid below the top of the active fuel. Conditions Associated with Recovery from ICC Condition 3b: Decreasing core exit temperature resulting from the rising of the mixture level within the core. Condition 2b: Increasing inventory above the fuel. Condition lb: Establishment of saturation conditions followed by an increase in fluid subcooling. WCAP-17529-NP November 2011 Revision 0 2-4 WESTINGHOUSE NON-PROPRIETARY CLASS 3 The above conditions encompass all the possible coolant states associated with any ICC event progression. Conditions denoted with an "a" refer to fluid situations that occur during the approach to ICC. Conditions denoted by "b" refer to fluid situations which occur during the recovery from ICC. Thus, the "a" conditions differ from the "b" conditions in the trending (directional behavior) of the associated parameters. In order to provide indication during the entire progression of an event, an ICC instrument system shall consist of instruments which provide at least one appropriate indicator for each of the physical conditions described above. The PAMS variables measured to detect margin to saturation (both subcooling and superheat) are the pressurizer pressure and the RCS coolant, upper head and core exit temperatures. The PAMS variables measured to detect reactor vessel collapsed liquid level above the core are HJTCS temperatures. The PAMS variables measured to infer fuel cladding temperature are the CET temperatures. The following table, reproduced from Reference 6, provides a summary of the ICC variable indications during the ICC progression conditions: a,c ICC variable measurement locations, operating and accident temperature, and pressure ranges are discussed in RG 1.97 (Reference 10). WCAP-17529-NP November 2011 Revision 0 2-5 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.3.2 Backup Safety Parameter Display System Functions The PAMS shall display a minimum set of plant variables from which overall plant safety can be assessed. Variables that are used in the primary display for diversity or speed of assessment are not used in PAMS. Only instrumentation of highest reliability and quality shall be used for PAMS. The PAMS variables may be categorized by the eight critical functions in the primary SPDS (NUREG-0696 [Reference 22] categorization): 1. 2. 3. 4. 5. 6. 7. 8. Core Reactivity Control RCS Inventory Control RCS Pressure Control Core Heat Removal RCS Heat Removal Containment Pressure and Temperature Control Containment Isolation Radiological Emission Control The bases used for selecting the parameters to be displayed for each critical function are (a) Emergency Procedure Guidelines; (b) RG 1.97; and (c) the SPDS design. The Emergency Procedure Guidelines require certain instrumentation to be used for diagnosing events. These key variables are monitored by the operator to determine what event is taking place, in order that he may consult the emergency procedures and take immediate action. The guidelines also call for instrumentation to diagnose the accomplishment of plant safety functions. The operator uses these instruments to assess the safe status of the plant, independent of the existing event or events. RG 1.97 (Reference 10) requires instrumentation to be used to assess plant conditions during and following an accident. Those instruments applicable to PAMS are those used to determine plant safety status and to indicate the integrity of barriers to radioactive release. The SPDS requires instrumentation to monitor plant safety status. Unlike PAMS, the SPDS contains information for diversity and speed of assessment. In addition, the SPDS performs assessments using built-in logic. An actual implementation of PAMS will display a minimum set of parameters for the operator to make the appropriate assessments. An example of PAMS variables, using the method defined above, are listed in the following table. For a Common Q PAMS, these variables may differ depending on individual plant-specific requirements. WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-6 2-6 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WCAP-17529-NP 4 4- 4 4 1 + 4 1 4- 4 4 + 4 4 4 4 I 4 1 4 1 4 a,c -4 4 4 I 4 4 4 4 4 4 4 4 4 4 4 4 + 4 4 4 4 1- 4 1 4 4 1 + November 2011 Revision 0 2-7 WESTINGHOUSE NON-PROPRIETARY CLASS 3 Since an actual PAMS will be used under adverse conditions, only those variables that are of critical importance for operation of the reactor plant will be displayed. This helps the operator by not displaying numerous non-essential parameters which might distract him from those of more importance. If the operator has a need for other information, he still has control room indication available. 2.3.3 Test and Maintenance Functions Maintenance capabilities are provided through the MTP which can be used to download new channel software or to interrogate the error log in the processor. 2.4 PAMS PROGRAM STRUCTURE The PAMS software development, testing, verification and validation will be in accordance with the SPM for Common Q Systems (Reference 5). 2.5 MAJOR SYSTEM CONDITIONS 2.5.1 Initialization PAMS must be capable of initializing to steady-state conditions for any allowable plant operating condition. [ ]a~c The PAMS shall automatically boot up on initial startup or on a manually initiated restart. [ a,c 2.5.2 Interlocks and Permissives I ]ac WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.2.1 2-8 2-8 Function Enable Switch [I Iac WCAP-17529-NP November 2011 Revision 0 2-9 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ]ac When the FE switch is actuated, an OM or MTP display also allows selection of an alarm setpoint value or alarm reset values to replace the current or default value if those values are adjustable. Surveillance testing can be performed only at the MTP when the FE is actuated. FE switch status shall be sent to the PMC over the MTP to the PMC data link. 2.5.2.2 Software Load Enable ac 2.5.3 Algorithm Implementation The algorithms to implement the functions for PAMS are discussed in the following subsections. WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.1 2-10 Analog Input Processing The following provides general requirements for analog input processing. Indication to the operator on the OM or MTP for an alarm or abnormal variable is provided in subsection 2.6.2.4. ]ac WCAP-17529-NP November 2011 Revision 0 2-11 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.2 Saturation Margin Processing The saturation margin function shall utilize THOT, TcOLD, upper head UJTCs, CETs, and pressurizer pressure (or RCS pressure) inputs. The OM and MTP shall display the temperature margin and pressure margin (subcooled and superheat). The saturation margin function has the following typical inputs: Table 2-1 ]a,c 1 a,c t 1-. [ ]a,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-12 ja~c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-13 [ ]a,c WCAP- I17529-NP 17529-NP November 2011 November 2011 Revision 0 2-14 WESTINGHOUSE NON-PROPRIETARY CLASS 3 Table 2-2 1 Iac ac 41~ -II ]ac Table 2-3 [ ]a,c .a.c Ii ]a,c A plant-specific analysis shall be performed to establish the appropriate plant-specific setpoints for these variables. These setpoints can be modified online by using the FE keyswitch in conjunction with the display menus. It is the responsibility of the utility to justify and maintain configuration control of the ]a,c WCAP- 17529-NP November 2011 Revision 0 2-15 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.3 HJTCS Signal Processing The following subsections provide a description of the HJTC signal processing requirements. 2.5.3.3.1 General la,c II ]a,c 2.5.3.3.2 I2,C I ]3,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-16 ]a,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WEST[NGHOUSE NON-PROPRIETARY CLASS 3 2-17 2-17 II Ia~c 17529-NP WCAPWCAP-17529-NP November 2011 November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.3.3 2-18 2-18 Ia,c I ]ac WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-19 2-19 a~c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-20 2-20 WESTINGHOUSE NON-PROPRIETARY CLASS 3 a,c Figure 2-2 [ a,c a,c Figure 2-3 [ WCAP-17529-NP 'as November 2011 Revision 0 2-21 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-21 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.3.4 I.a I Iax WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-22 I a.,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-23 II Tac Table 2-5 WCAP-17529-NP a1 November 2011 Revision 0 2-24 WESTINGHOUSE NON-PROPRIETARY CLASS 3 a,c 4+ F~ I_______________________________ ________________________________ I ]3,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.4 1 2-25 I a.c I ] a,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-26 2-26 I ]a,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 Table 2-6 [ 2-27 2-27 ]a~c ac i i Wac WCAP- 17529-NPNoebr21 November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-28 2-28 [ ]a,c a,c I ]a,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-29 I ]a,c WCAP-1 7529-NP November 2011 Revision 0 2-30 WESTINGHOUSE NON-PROPRIETARY CLASS 3 I ]aTc a~c 1 Table 2-8 4 a,c_ + 4 4 4 4 .4- & t *1- 4 4 .4- & 4 + 4 4 .4- 4 II ]a,c WCAP-17529-NP November 2011 Revision 0 2-31 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.5.3.5 r 1a'c ]ac 2.6 PAMS DISPLAYS PAMS displays are provided on the OM and the MTP. The OM and MTP are described in the following subsections. Specifications for the generic FPD system are provided in Reference 8. 2.6.1 Operator Interface The operator is informed of the status of a PAMS channel by five mechanisms: 1. Digital output alarms to alert the operator that setpoints for minimum subcooled margins, high representative CET temperature, or minimum reactor vessel level are being exceeded, or that PAMS problems/trouble are occurring. 2. Analog outputs provide information on subcooled margins, CET temperatures, and reactor vessel level which can be monitored by the operator. 3. The OM provides human engineered displays of all PAMS information and includes visual alarms and indications. Additional information on the OM displays is provided in subsection 2.6.2.1. 4. The MTP displays duplicate the OM displays and provide a technician interface for maintenance and test functions. The MTP is discussed in subsection 2.6.3. 5. Primary SPDS indications based on information received via Ethernet data link from each PAMS channel (MTP). The primary SPDS indications based on the PAMS data link information are included in the primary SPDS design, which is outside the scope of this document. The PAMS displays shall be adapted from those utilized in the generic QSPDS (Reference 6). Human factors engineering guidelines from NUREG-0700, "Guidelines for Control Room Design Reviews" (Reference 18), NUREG-0814, "Methodology for Evaluation of Emergency Response Facilities" (Reference 19), and NUREG-0835, "Human Factors Acceptance Criteria for the Safety Parameter Display System" (Reference 20) will be used to develop the PAMS displays. WCAP-17529-NP November 2011 Revision 0 2-32 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.6.2 Operator's Module The OM shall be capable of being located in the same physical space in the control room as the existing Plasma Display Unit (PDU) or HJTC display. Provisions shall be made for operator entry to both the OM and MTP from either touch screen or other navigation device. The navigation device can consist of a mouse/pointing device, trackball, or other similar device. Operator entries by either the touch screen or the navigation device shall have the same effect. [. ]a.c The OM hardware shall consist of a subset of the hardware as defined in the System Requirements Specification for the Generic FPD (Reference 8). The OM shall consist of a PC node box and a flat panel monitor. The PC node box is mounted separately from the flat panel monitor. ]a,c 2.6.2.1 Operator's Module Displays Operator's displays are provided for each PAMS channel on the associated OM. All PAMS inputs and calculated variables shall be continuously displayed on demand on the OM. A human factors display evaluation shall be a plant implementation activity. A separate human factors evaluation of the generic PAMS displays shall be performed. WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-33 The PAMS display pages, in addition to the variable display pages, shall contain the following: pac WCAP-17529-NP November 2011 Revision 0 2-34 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ]a,c Visual OM display alarms and specific displays are discussed below. Display alarms are indicative of the digital output alarm indications described in subsection 2.6.2.4. The safety-related digital output alarm indications from each PAMS channel may be optionally used for control room indications, independent of the OM displays. 2.6.2.2 Operator's Module Display Hierarchy The OM displays are provided in a hierarchical order compatible with the emergency procedure guidelines such that the display information is in three levels: 1. 2. 3. Major systems overview pages with inputs displayed by critical functions ICC supporting variable level ICC detailed supporting information level ]ac The PAMS OM shall provide, as a minimum, a high level page or pages, if necessary, for these page groupings. These high level pages shall display the variables defined in Table 2-9 as a minimum. The eight critical functions, with their respective variables and variable ranges, are listed in Table 2-9. WCAP-17529-NP November 2011 Revision 0 2-35 2-35 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 Table 2-9 WCAP-I 7529-NP ]a~c 1- t 1- t 4- ~ 4- ~ a,c November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-36 a,c 1- WCAP-17529-NP t November 2011 Revision 0 2-37 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ]a,c ]ac Table 2-10 __________ WCAP- 17529-NP .1 _____ 1 _____ 1 __ November 2011 November 2011 Revision 0 2-38 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-38 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ac I~ Table 2-11 shows the PAMS display page hierarchy, which is similar to the legacy generic QSPDS. A similar hierarchy shall be used for PAMS. If page marking is used, it may be plant-specific. WCAP-17529-NP November 2011 Revision 0 2-39 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.6.2.2.1 Ia,c I ]a,c 2.6.2.2.2 f Ia,C [ ]ac 2.6.2.2.3 1 1ac I Ia,c 2.6.2.2.4 1 I a.C [ ]ac 2.6.2.2.5 1 I a.C [ ]a°c 2.6.2.2.6 I a,c I ] a,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.6.2.2.7 2-40 2-40 Ia,c 1 I ]ac 2.6.2.2.8 1 Ia,c [ ]a,c 2.6.2.2.9 1 Sa.C I ]ac 2.6.2.2.10 [ ].c [ 2.6.2.2.11 ]a,c [ I ac [ ]a~c 2.6.2.2.12 1 I ac I ]ac Ia,c 2.6.2.2.13 [ ]3,c WCAP-17529-NP November 2011 Revision 0 2-41 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.6.2.2.14 Ia,c [ I ]a,c 2.6.2.2.15 l2,C 1 I 2.6.2.2.16 ]ac [ Ia.c I ] ac 2.6.2.2.17 la,c I ] a,c Iac 2.6.2.2.18 I ]aoc 2.6.2.2.19 [ ] a,c [ Ia.c 2.6.2.2.19.1 [ a.c I ]a.c 17529-NP WCAP- 17529-NP November 2011 November 2011 Revision 0 2-42 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-42 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.6.2.2.19.2 a.c I ]ac 2.6.2.2.19.3 1 Ia.c I ]a,c 2.6.2.2.19.4 Ia,c [ ]a~c 2.6.2.2.19.5 I a.c I Ia,c 2.6.2.2.19.6[ Ia.C I ]ac 17529-NP WCAPWCAP- 17529-NP November 2011 November 2011 Revision 0 2-43 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-43 WESTINGHOUSE NON-PROPRIETARY CLASS 3 Table 2-11 Ia.c 4 + + 4 + .4. I __ _ I __ I 4 4 4 4 4 + I 2.6.2.3 ac __ 4 Display Navigation The access method for displays shall be through a touch screen or other type of navigation device utilizing, for example, pull-down or pop-up menus which allow the operator to select the desired page. Navigation from any display to a desired display shall not require any more than three operations. WCAP-1 7529-NP November 2011 Revision 0 2-44 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.6.2,4 Operator's Module Display Alarm Handling Displays/visual alarms for PAMS are similar to those defined in the QSPDS Functional Design Specification (Reference 6) but also include color change behaviors. Alarms are defined as visual or audible indication that alerts the operator to a change in status. Visual alarms shall be indicated on the PAMS OM and MTP displays. Audible alarms shall be outputs for the plant annunciators. Each audible alarm shall have one or more corresponding PAMS visual alarm(s). Visual alarms or abnormal variable status shall be indicated by unique displays for the variables. [ ]ac WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-45 2-45 WESTINGHOUSE NON-PROPRIETARY CLASS 3 [ ]a,c 7529-NP WCAP-117529-NP WCAP- November 2011 November 2011 Revision 0 2-46 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ]ac WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-47 2-47 Ia,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-48 2-48 a,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-49 SPDS analog and digital inputs to PAMS which are not part of the ICCMS/CETMS/HJTCS inputs may also be in alarm. SPDS analog inputs are alarmed in the same manner as is defined for a "Parameter Field" in Table 2-12. SPDS digital inputs, such as the digital input for indicating Containment Purge Isolation Signal actuation, have their status indicated as "Normal" or "Actuated." "Actuated" is the status and need not be acknowledged, as described in the table. 2.6.2.5 Operator Inputs to the Operator's Module Operator inputs to the OM are expected to be via a touch screen or navigation device. Unless the FE function is actuated, the only OM inputs are for navigating between the display pages and for acknowledging alarms. Setpoint changes and signal bypasses may be performed via the OM when the FE function is actuated by the FE keyswitch. [ Sac 2.6.3 Maintenance and Test Panel The MTP shall be located in the PAMS channel cabinet(s). It is comprised of the same flat panel display FPD hardware as the OM. Mounting of the MTP should be such that touch screen inputs are practical; provisions shall be made for the use of the same type of navigation device used on the OM. axc The cabinet shall contain a keyboard and navigation that shall be connected to the MTP. The navigation device can consist of a mouse/pointing device, trackball, or other similar device. Operator entries are made by either the touch screen or the navigation device. The MTP hardware shall consist of a subset of the hardware as defined by the System Requirements specification for the Generic FPD (Reference 8). The MTP shall consist of a PC node box and a flat panel monitor. [ axc WCAP-I 7529-NP WCAP-17529-NP November 2011 November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-50 ]a,c 2.6.3.1 MTP Displays The MTP displays are the same as those for the OM. As with the OM, the MTP shall have the capability of changing the current alarm setpoints, alarm setpoint reset values, and bypassing signals when the FE function is actuated with its keyswitch. The MTP shall have additional maintenance pages that cannot 2.6.3.2 Operator/Technician Inputs to the MTP Displays, display navigation, and alarm acknowledgement for the MTP shall be the same as the OM. II pc 2.6.3.3 [ ]2,C I ]a,c WCAP-17529-NP November 2011 Revision 0 2-51 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ac 2.7 MAJOR SYSTEM CONSTRAINTS PAMS is intended for use in monitoring ICC parameters and provides the capabilities as defined in this document. The Common Q PAMS is intended to replace and upgrade existing PAMSs and, as such, shall be designed to be installed in the existing cabinets and be capable of interfacing with existing input and output signals and meet the interface requirements specified in Reference 28. The OM shall be designed to be installed in the existing QSPDS, HJTC, or CET OM space. ]aC 2.8 USER CHARACTERISTICS As previously discussed, there are two displays, an OM and MTP, for each channel of PAMS. The OM and MTP user characteristics are discussed in the following subsections. 2.8.1 OM User Characteristics The OM, mounted in the control room, is normally used by the control room operator to monitor the status of the system. Details of the OM displays and capabilities are discussed in subsection 2.6.2. 2.8.2 MTP User Characteristics The MTP, located in the PAMS cabinet, is primarily used by the instrumentation and control (I&C) technicians to diagnose any problems with the system, perform maintenance and surveillance testing, download PAMS software, interrogate the processor buffer, change setpoints, and reset values and bypass signals. The MTP provides the same information as the OM and can be used for operations. Details of the MTP displays and capabilities are discussed in subsection 2.6.3. WCAP-17529-NP November 2011 Revision 0 2-52 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.9 PAMS DIAGNOSTIC FUNCTIONS The PAMS equipment shall perform a variety of diagnostic and supervision functions to continuously monitor the correct operation of the whole system. [ ]ac 2.9.1 Communications Interface Diagnostics The PAMS shall continuously monitor the data transmission from the processor to the OM or MTP and from the OM or MTP to the communications processor. I ]a,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-53 ]a,c WCAP-1 7529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.9.2 2-54 I/O Diagnostics The system software shall automatically check that all I/O modules are operating correctly. In the event of a defective or missing module (e.g., during replacement), the module and associated signals are flagged at the database elements in the application program. ac a,c t I. I ]aC WCAP-17529-NP November 2011 Revision 0 2-55 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2-55 WESTINGHOUSE NON-PROPRIETARY CLASS 3 2.9.3 System Load Calculation I ]a,c 2.10 PAMS DATA TRANSFER I ] a,c 2.10.1 1 Ia,C I ]ac WCAP-1 7529-NP November 2011 Revision 0 3-1 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3 SYSTEM CAPABILITIES, CONDITIONS, AND CONSTRAINTS 3.1 PHYSICAL 3.1.1 Construction The Common Q PAMS is intended as an upgrade/replacement of the existing PAMS and shall be designed to be installed in existing PAMS cabinets. Therefore, the following requirements are provided for infonnational purposes. 3.1. 1.1 The PAMS channel cabinets shall be located in a restricted access and environmentally suitable area such as the main control room. 3.1.1.2 Access to the cabinet is normally required only during system testing, calibration, or maintenance. 3.1.1.3 The PAMS channel cabinet is designed for attaching to floor members by perimeter welding or by imbedded anchor bolts. A PAMS upgrade/replacement shall be designed to be installed in existing cabinets. 3.1.1.4 Fire retardant materials shall be used where practical. Each PAMS channel shall have the capability of monitoring cabinet or chassis temperature and high temperature detection and annunciation. 3.1.2 Single Failure Requirements 3.1.2.1 The PAMS shall consist of two redundant channels for signal processing and PAMS displays, and provide data links to the SPDS. 3.1.3 Separation Requirements 3.1.3.1 The PAMS shall be electrically independent and capable of being physically separated from a redundant PAMS channel in accordance with Regu'latory Guide 1.75, "Physical Independence of Electrical Systems" (Reference 9), and other appropriate standards in Reference 6, up to and including the capability of isolation for the data link to the SPDS. 3.1.3.2 Equipment and circuits of PAMS require two channel separation and mechanical isolation meeting the requirements of Institute of Electrical and Electronics Engineers (IEEE) Standard 384, "Standard Criteria for Independence of Class 1E Equipment and Circuits" (Reference 13), and RG 1.75 (Reference 9). 3.1.3.3 The PAMS is normally designed with two completely separate cabinets that can be placed together in one area or in separated rooms as required. Some existing PAMS installations are installed in a single cabinet with Class IE isolation between the channels. WCAP-17529-NP November 2011 Revision 0 3-2 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3.1.4 Signal Isolation 3.1.4.1 Standard isolation for analog inputs and optical isolation for digital inputs shall be utilized, if available, for the input subsystem portion of PAMS. 3.1.4.2 a,c 3.1.4.3 Data link communications shall be chosen from formats for which optical isolation is available. 3.1.5 Cable Routing 3.1.5.1 The cabinet termination area shall be designed for top or bottom field cable entry. The Common Q PAMS shall be designed to interface with the existing field cabling. 3.1.5.2 Communications cabling from the PAMS channels to the main control board (MCB) and SPDS is routed via fiber-optic cables which provide the isolation and independence requirements. 3.1.5.3 Cables for Class 1E PAMS channel input signals shall be isolated and separated to plant requirements. 3.1.5.4 Cables for Class 1E analog output signals shall be isolated or separated to plant requirements. 3.1.5.5 Digital output signals shall be isolated via physical or solid state relays to plant requirements. 3.1.5.6 [ Pac 3.1.5.7 The Common Q PAMS shall be designed to utilize existing PAMS cabinet wiring, terminations, connectors, etc. as much as practical. 3.1.5.8 ]ac 3.1.6 System Security 3.1.6.1 Equipment located within PAMS cabinets are administratively controlled by door key locks to protect against unauthorized access. 3.1.6.2 [ ]a,c WCAP-17529-NP November 2011 Revision 0 3-3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3.1.6.3 pac 3.1.7 Environmental and Seismic Qualification PAMS shall be environmentally and seismically qualified as described in Reference 2, as follows: * Electromagnetic compatibility per EPRI TR-102323, "Guidelines for Electromagnetic Interference Testing in Power Plants" (Reference 11). * Environmentally qualified to IEEE Standard 323-1983, "Standard for Qualification of Class 1E Equipment for Nuclear Power Generating Stations" (Reference 23) as interpreted by CENPD-255-A, Rev. 03, "Class lE Qualification, Qualification of Class 1E Electrical Equipment" (Reference 24). * Seismically qualified per IEEE Standard 344-1987, "Recommended Practice for Seismic Qualification of Class lE Equipment for Nuclear Power Generating Stations" (Reference 25). Additional qualification requirements may be needed for a specific plant upgrade. 3.2 SYSTEM PERFORMANCE CHARACTERISTICS Accuracy requirements shall be defined for system errors for each type of input, for conversions (input and fluid property calculations), for calculated variables, and for display resolution during normal and abnormal operating conditions. The accuracies and resolution for PAMS are defined in Reference 6 as follows: 3.2.1 1 Ia,c II ]a,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3-4 la,c The accuracies shall be determined with the system operating at its normal scanning rate. It is recommended that ISA-S67.04, "Setpoints for Nuclear Safety-Related Instrumentation" (Reference 27), be used in calculating uncertainties used in determining actual setpoints. 3.2.2 I a,c [ I ]a,c WCAP-1 7529-NP November 2011 Revision 0 3-5 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3.2.3 J Ia,C a,c 3.3 SYSTEM OPERATIONS 3.3.1 System Testing, Calibration and Maintenance 3.3.1.1 PAMS shall at least permit administrative control of access to module calibration. Setpoint changes shall be made through software entries. 3.3.1.2 The design shall permit periodic checking, testing, calibration, and calibration verification. 3.3.1.3[ ]a.c 3.3.1.4 The design shall facilitate the recognition, location, replacement, repair, or adjustment of malfunctioning components and modules during power operation. 3.3.1.5 PAMS processing and display hardware and software shall have surveillance and diagnostic test capabilities. 3.3.1.6 Automatic online surveillance tests shall continuously check for specified hardware and software malfunctions. The malfunctions shall be indicated through the PAMS OM and MTP displays. 3.3.1.7 ]ac 3.3.1.8 User training requirements, such as for hardware and software maintenance personnel and for system users, shall be defined in application-specific plant contracts. WCAP-1 7529-NP WCAP-17529-NP November 2011 November 2011 Revision 0 3-6 WESTINGHOUSE NON-PROPRIETARY CLASS 3 3.3.2 System Reliability 3.3.2,1 PAMS shall consist of two redundant channels for signal processing and PAMS displays, and for providing a data link to the SPDS. 3.3.3 Availability Requirements 3.3.3,1 PAMS shall undergo environmental and seismic qualification testing to be available during normal and abnormal operating conditions as defined in IEEE Standard 603-1991, "Standard Criteria for Safety Systems for Nuclear Power Generating Stations" (Reference 14), or as specified in the Technical Specifications for a specific plant implementation. While the IEEE standard applies to specific automatic Reactor Protection System (RPS) and engineered safety features (ESF) functions, the principles involved shall be used in the PAMS design where possible. 3.3.3.2 ]a,c Since time to repair is an important part of availability, this unavailability goal is valid only if proper spare parts and maintenance support is included. 3.3.3.3 Operability Requirements PAMS shall be capable of operating during the following plant operating modes: 0 S 0 0 S Power Operation Hot Standby Hot Shutdown Start-Up Cold Shutdown WCAP-17529-NP November 2011 Revision 0 4-1 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4 SYSTEM INTERFACES The upgrade/replacement Common Q PAMS is required to interface with the existing plant equipment and signals as defined in the QSPDS Interface Requirements (Reference 28). Therefore, this section is provided for informational purposes. Each PAMS channel cabinet, housing the respective PAMS processor and MTP, typically interfaces with the following equipment: [ ]a~c 4.1 I a,c I Ia,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4.2 4-2 PAMS INPUT SIGNALS The generic PAMS inputs include the inputs required to support the ICC detection function (i.e., the combined CETMS/HJTCS/ICCMS/SMM) and typical inputs as required to support the backup SPDS function. The PAMS shall use the Asea Brown Boveri (ABB) S600 family of I/O modules to handle the various input and output signals described herein. ]a,c 4.2.1 Analog Input Signals 4.2.1.1 The number and type of specific PAMS analog inputs varies from plant to plant. 4.2.1.2 [ ]a,c 1 4 4 4 t 4 4 4 I 4 4 4 1 4 4 4 4.2.1.3[ ]a,c WCAP- 17529-NP November 2011 November 2011 Revision 0 4-3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4.2.1.4 4.2.1.5 ]ac 4.2.1.6 ]a,c 4.2.1.7 4.2.1.8 ]a,c WCAP-17529-NP November 2011 Revision 0 4-4 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4.2.1.9 ]a,c ac 4.2.2 ]a,c 4.2.2.1 ja,c 4.2.2.2 ]ac 4.2.2.3 ]a,c 4.2.2.4 ]a,c 4.2.2.5 ]ac 4.2.2.6 [ ]ac WCAP-17529-NP November 2011 Revision 0 4-5 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4-5 WESTINGHOUSE NON-PROPRIETARY CLASS 3 I a,c 4.3 I la,c Ila,c 4.3.1 ]ac 4.3.1.1 ]f,c 4.3,1.2 [ Ia,c 4.3,1.3 ]a,c 4.331.4 ]a,c 4.3.2 [ j a,c I ]a,c 4.3,2.1[ WCAP-17529-NP ]a,c November 2011 Revision 0 4-6 4-6 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4.3.2.2 la, 4.3.2.3 ]a.c 4.3.2.4[ 3a,c WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 4-7 1a,c 4.3.3 ]a~c 4.3.3.1 ]a,c 4.3.3.2 ]a.e 4.3.3.3[ ]a,c 4.3.3.4 [ 4.3.3.5 [ 4.3.3.6 ]a,c ]a,c [ 4.3.3.7 [ ]a,c ]a,c 4.3.3.8 [ 4.3.3.9 ]a,c 4.3.4 ja~c ]a,] 4.3.4.1[ 4.3.4.2 [ WCAP-17529-NP November 2011 Revision 0 4-8 WESTINGHOUSE NON-PROPRIETARY CLASS 3 ]a; 4.3.4.3 4.4 Ia,c Ia,C 4.4.1 I ]aC 4.4.2 [ Iac I ]a,c I a,c 4.5 4.5.1.1 ]a,c 4.5.1.2 ]a,c Ia; 4.5.1.3 4.5.1.4 ] a,c 4.5.1.5 ]a,c WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 5 5-1 REFERENCES The following is a list of references, codes, standards, and guidelines upon which the PAMS design is based. These documents are applied as referred to in this document. 1. WCAP-16097-P-A, Rev. 0, "Common Qualified Platform Topical Report1 ," Westinghouse Electric Company LLC. 2. WCAP-16097-P-A, Appendix 1, Rev. 0, "Common Qualified Platform Post Accident Monitoring Systems," Westinghouse Electric Company LLC. 3. WCAP-16097-P-A, Appendix 2, Rev. 0, "Common Qualified Platform Core Protection Calculator System 1," Westinghouse Electric Company LLC. 4. DELETED 5. WCAP-16096-NP-A, Rev. 1A, "Software Program Manual for Common Q Systems," Westinghouse Electric Company LLC. 6. NPROD-ICE-3201, Rev. 03, "A Functional Design Description for the Qualified Safety Parameter Display System," Westinghouse Electric Company LLC. 7. PA-99-013-I&C, "Common Q Core Protection Calculator System and Post Accident Monitoring System Phase 3'," ABB, 1999. 8. 00000-ICE-30155, Rev. 05, "System Requirements Specification for the Common Q Generic Flat Panel Display," Westinghouse Electric Company LLC. 9. Regulatory Guide 1.75, "Physical Independence of Electrical Systems," U.S. Nuclear Regulatory Commission, Rev. 02, September 1978. 10. Regulatory Guide 1.97, "Instrumentation for Light Water Cooled Nuclear Power Plants to Assess Plant Conditions During and Following an Accident," U.S. Nuclear Regulatory Commission," Rev. 03, June 1983. 11. EPRI Topical Report EPRI TR-102323, Rev. 1, "Guidelines for Electromagnetic Interference Testing in Power Plants," Electric Power Research Institute, 1997. 12. IEEE Standard 1233-1996, "IEEE Guide for Developing System Requirements Specifications," Institute for Electrical and Electronics Engineers, Inc., 1996. 13. IEEE Standard 384-1992, "Standard Criteria for Independence of Class 1E Equipment and Circuits," Institute for Electrical and Electronics Engineers, Inc., 1992. 1. This reference is not specifically referred to in this document but was initially used in the development of this document. It is retained for historical information only. WCAP-17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 5-2 14. IEEE Standard 603-1991, "Standard Criteria for Safety Systems for Nuclear Power Generating Stations," Institute for Electrical and Electronics Engineers, Inc., 1991. 15. DELETED 16. "The NIST/ASME International Temperature Scale of 1990," National Institute of Standards and Technology/American Society of Mechanical Engineers, 1990. 17. NPROD-ICE-3200, Rev. 03, "A Functional Design Description for the Heated Junction Thermocouple System," Westinghouse Electric Company LLC. 18. NUREG-0700, "Guidelines for Control Room Design Reviews," U.S. Nuclear Regulatory Commission, May 2002. 19. NUREG-0814, "Methodology for Evaluation of Emergency Response Facilities," U.S. Nuclear Regulatory Commission, August 1981. 20. NUREG-0835, "Human Factors Acceptance Criteria for the Safety Parameter Display System," U.S. Nuclear Regulatory Commission, October 1981. 21. NUREG 0737, "Clarification of TMI Action Plan Requirements," U.S. Nuclear Regulatory Commission, 1980. 22. NUREG 0696, "Guidelines for Emergency Response Facilities," U.S. Nuclear Regulatory Commission, February 1981. 23. IEEE Standard 323-1983, "Standard for Qualification of Class IE Equipment for Nuclear Power Generating Stations," Institute for Electrical and Electronics Engineers, Inc., 1983. 24. CENPD-255-A, Rev. 3, "Class 1E Qualification, Qualification of Class IE Electrical Equipment," Westinghouse Electric Company LLC. 25. IEEE 344-1987, "Recommended Practice for Seismic Qualification of Class 1E Equipment for Nuclear Power Generating Stations," Institute for Electrical and Electronics Engineers, Inc., 1987. 26. IAPWS-95, "The IAPWS Formulation 1995 for the Thermodynamic Properties of Ordinary Water Substance for General and Scientific Use," The International Association for the Properties of Water and Steam, September 1996. 27. ISA-$67.04 1994, "Setpoints for Nuclear Safety-Related Instrumentation," International Society of Automation, 1994. 28. NPROD-ICE-3102, Rev. 02, "Interface Requirements for Qualified Safety Parameter Display System." WCAP-17529-NP November 2011 Revision 0 5-3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 29. DELETED 30. 00000-ICE-3453, Rev. 01, "Common Q Power Supply System Technical Manual," Westinghouse Electric Company LLC. 31. CEN-185-P, Supplement 3-P, "Heated Junction Thermocouple Phase III Test Report," Westinghouse Electric Company LLC, 1982. WCAP- 17529-NP November 2011 Revision 0 A-1 WESTINGHOUSE NON-PROPRIETARY CLASS 3 APPENDIX A SYSTEM REQUIREMENTS FOR COMMON Q PHASE 3 SINGLE CHANNEL POST ACCIDENT MONITORING SYSTEM A.1 PURPOSE The main body of this document provided generic requirements for the Common Q PAMS that are intended to be used as the basis for developing a plant-specific PAMS. This document discusses a two-channel PAMS whereas this appendix is applicable to a single channel. This appendix defines specific requirements for a single channel PAMS for the Common Q Phase 3 effort. This appendix will define any specific functions incorporated into the PAMS, as well as the inputs, outputs, and their ranges. Only the requirements that are different from the main body of this document which would be applicable to a plant-specific design are addressed in this appendix. A.2 OVERVIEW The single channel PAMS will consist of the following functions: * * * * Saturation Margin Monitoring HJTCS/RVLMS (using a split probe design) CETMS RG 1.97 Variables A.3 INPUTS AND OUTPUTS The following tables defines the PAMS input and output variables with their respective ranges, values, and units of measure. WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A-2 2ac A.3.1 ]a, ° I a,c Table A-1 ______ I I 4 1 + 4- I t 4 1 4 I- .1- 4- 4 1 I 1 + I I- 4 1 1 + 1 4- 4. I I *I- I 1- 1 I I + 4 4- 4 1 4 4 4 4 4 4 4 4 4- 4 4 WCAP- 17529-NP November 2011 Revision 0 A-3 A-3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 WESTINGHOUSE NON-PROPRIETARY CLASS 3 a,c 4 4 t 4 4 4 4 t 4 4 4 4 4 4 4 4 4 4 fl A L U L A.3.2 [ ± Ia,c I Iac WCAP- 17529-NP November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A.3.3 [ ac A-4 ]a~ c [ aca,c Table A-2 ax A.3.4 [ a,c Table A-3 I [ a,c a'c A.3.5]a~c A.3.5 [ 2011 ]a,c November 2011 WCAP- 17529-NP Revision 0 A-5 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A-5 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A.4 Ic [ I ]O~c A.4.1 [ I I.,c ]a,c a,c WCAP- 17529-NP November 2011 Revision 0 A-6 WESTINGHOUSE NON-PROPRIETARY CLASS 3 a,c I* WCAP- 17529-NP 4 4 November 2011 Revision 0 A-7 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A.4.2 [ ac ]a~c Table A-5 WCAP- 17529-NP l]a,c November 2011 Revision 0 A-8 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A.5 PAMS SETPOINTS AND CONSTANTS The following provides the PAMS setpoints, setpoint reset values, constants, and default values. These values include the SMM, HJTC, and CET and are defined in Section 2.5. A.5.1 a,c [ II 3a,C i + + I1 i t + 4t WCAP- 17529-NP I. November 2011 Revision 0 WESTINGHOUSE NON-PROPRIETARY CLASS 3 A.5.2 A-9 ]alc [ ]ac Table A-6 [ a,c ]a,c 4 + *4. 1 A.5.3 + 4 + 4 + I .4- Il,c I lac WCAP- 17529-NP November 2011 Revision 0 A-10 WESTINGHOUSE NON-PROPRIETARY CLASS 3 a,c Figure A-1 I WCAP-17529-NP Ia,c November 2011 Revision 0