ML16256A324

From kanterella
Jump to navigation Jump to search
09 to Final Safety Analysis Report, Chapter 7, Instrumentation and Controls, Section 7.6
ML16256A324
Person / Time
Site: Waterford Entergy icon.png
Issue date: 08/25/2016
From:
Entergy Operations
To:
Office of Nuclear Reactor Regulation
Shared Package
ML16256A115 List: ... further results
References
W3F1-2016-0053
Download: ML16256A324 (11)
v  d  e


Text

WSES-FSAR-UNIT-3 7.6-1 Revision 305 (11/11) 7.6 ALL OTHER INSTRUMENTATION SYSTEMS REOUIRED FOR SAFETY 7.

6.1 DESCRIPTION

This section includes a description of those instrumentation systems required for safety which have not been discussed in Sections 7.2 through 7.5.

These systems include instrumentation to prevent overpressurization of low pressure systems.

7.6.1.1 Shutdown Cooling System Interlocks 7.6.1.1.1 Description Cooling of the Reactor Coolant System (RCS) is accomplished by heat removal via the steam generators down to approximately 350F and by the Shutdown Cooling System (SDCS) below this temperature.

(EC-935, R302; EC-14765, R305)

The SDCS described in Subsection 9.3.6 is not designed to accept RCS operating pressure since it is a low pressure system. It is put into operation only at reduced temperature and pressure conditions.

Overpressure protection is assured by providing two motor-operated isolation valves (one in each line) and two pneumatic operated isolation valves (one in each line) installed in series in the two shutdown cooling suction lines inside the containment vessel. Each of the two pneumatic operated valves has a solenoid operated bypass fill valve used to reduce potential voids in the downstream piping. Each line is also provided with a motor operated isolation valve outside the containment with manual control (no automatic operation) at the main control room. The SDCS instrumentation and controls are discussed in Section 7.4. To assure proper operation and hence prevent inadvertent pressurization of the low pressure portion of the SDCS, each of the valves inside the containment is interlocked by one of four independent pressurizer pressure measurement channels to prevent opening when RCS pressure exceeds 377 psig.

The pressure setpoint for the interlocks (at CP-25, CP-26, CP-27, CP-28) is selected such that the design pressure of the SDCS is not exceeded.

(EC-935, R302)

Each measurement channel provides a permissive signal to one of the four main and two bypass fill isolation valves to allow opening that valve when the pressurizer pressure is below 377 psig. An alarm is sounded in the main control room in case the RCS pressure higher than 392 psia, and its associated valve is not fully closed. The alarm is used to indicate an LTOP transient or possible lifting of the shutdown cooling relief valves. The design of the interlock is such that loss of electric power to a permissive channel would leave the valves in its set position and would render inoperative the open permissive feature. However, if the valve is open, it can be manually closed, but if the valve is closed, it cannot be manually opened. Keylocked switches are provided in the control room (RTGB-CP8) to allow opening of the isolation valves (V1501B with bypass fill valve, V1502B, V1503A with bypass fill valve, V1504A) when the permissive signal is present.

Four independent power sources (two 480V ac and two 125V dc) are provided to keep the four main and two bypass fill isolation valves, in two shutdown lines, operable. A single failure of any power source will adversely affect only one shutdown line.

(EC-14765, R305)

For a list of control wiring diagrams see Section 1.7.

WSES-FSAR-UNIT-3 7.6-2 Revision 10 (10/99) 7.6.1.1.2 Design Basis Information The design basis for the shutdown cooling interlocks is to prevent an equipment fault or an operator action from producing an unsafe condition. The interlocks have no protective function as defined in IEEE Standard 279-1971. However, using Section 3 of IEEE Standard 279-1971 as a guideline, the following paragraphs respond to the provisions identified in IEEE Standard 279-1971 Section 3 insofar as they are applicable:

Item 1 The interlocks shall function to prevent opening the shutdown cooling line isolation valves whenever pressurizer pressure exceeds a preset value.

Item 2 Pressurizer pressure shall be monitored to provide the required function.



Item 3 Four separate, physically independent sensors located on separate pressurizer nozzles are provided. Each of these sensors provide interlock/permissive signals to a separate isolation valve. A maximum of three out of four of these sensors need to operate to perform the required system function.



Item 4 Operating procedures, administrative controls, and the interlocks all serve to ensure that, the isolation valves are not open when pressure in the RCS is greater than the design pressure of the shutdown cool suction lines.



7.6.1.2 Safety Injection Tank (SIT) Isolation Valve Interlocks



7.6.1.2.1 Description



Four SITs are used to flood the reactor core with borated water following RCS depressurization as a result of a LOCA. During normal plant operation, each SIT is isolated from the RCS by a check valve. The SITs automatically discharge their contents into the RCS, if RCS pressure decreases below the SIT pressure during power opemtion.



Safety injection tank motor-operated isolation valves are provided to allow isolation of the SITs when RCS pressure is below 400 psig. The isolation valves are normally open and interlocked with pressurizer pressure measurement channels (PIC-103, -104). The SIT motor-operated isolation valves are provided with the following interlocks:



a)

The SIT isolation valves cannot be shut unfil RCS pmasure is 400 psig. Section 6.3 described procedures for depressurizing the RCS.

b)

The valves will open automatically when the RCS pressure is > 500 psig. This interlock assures the availability of the fluid in the tanks after the SDCS isolation valves have been closed during plant heatup.

Since it is essential that the isolation valves on the safety injection tanks be open whenever the RCS is at pressure, the fail-as-is valves are locked open and the valve motor circuit breaker handle is padlocked in the open position. A safety injection actuation signal (SIAS) "open" signal is provided to each valve, even though the valves are locked open and the breakers padlocked. Position indicating lights are provided in the main control room for each valve. An audible alarm is actuated whenever the RCS pressure is >500 psig and the valve is not fully open and whenever the RCS pressure is < 400 psig and the



WSES-FSAR-UNIT-3 7.6-3 Revision 10 (10/99) valve is not fully closed. The position indication and audible alarm are independent of the motor control center power.

For a list of control wiring diagrams see Section 1.7.

7.6.1.2.2 Design Basis Information The design basis for the SIT isolation valve pressure interlocks is to provide a means of assuring that the safety injection tanks are not isolated from the RCS when the system pressure exceeds a preset value.

The interlocks have no protective function as defined in IEEE Standard 2791971. However, using Section 3 of IEEE Standard 279-1971 as a guideline, the following discussion responds to the provisions identified in Section 3, insofar as they are applicable.

IEEE Standard 279-1971, Section 3 Discussion Item 1 The pressure interlocks shall function to open the SIT isolation valves whenever pressurizer pressure exceeds a preset value.

Item 2 Pressurizer pressure shall be monitored to provide the required function.

Item 3 Two separate, physically independent sensors on separate pressurizer nozzles are provided, either of which will perform the required function.

Item 4 Operating procedures, administrative controls and the interlocks all serve to ensure that the isolation valves are open when pressure in the RCS is greater than a preset value.

Item 5 No protective action is required. When system pressure exceeds the setpoint, the interlock functions to open the valves.

The design of the control circuits for the SIT isolation valves incorporates the following features:

a)

Automatic opening of the valves when either the RCS pressure exceeds a preselected value or a safety injection signal has been initiated. Both signals are provided to the valves.



b)

In the event of loss of power supply, pressurizer pressure measurement channel output relays and also the SIAS group relays fail to the "safe" position generating a "valve open" command signal.



c)

Visible indication of the open or closed status of the valves, actuated by sensors on the valve is provided in the control room. The indication is independent of the valve power supply on 120V AC.

d)

An audible and visible alarm is provided, actuated by a sensor on the valves when the valves are not in the fully open position and pressurizer pressure is > 500 psig.

WSES-FSAR-UNIT-3 7.6-4 Revision 10 (10/99) e)

A SIAS is provided to open the valves. There are no overrides or bypasses that would inhibit the SIAS and prevent the valves from opening when required.

7.6.1.3 Refueling Interlocks Refueling interlocks which are non-safety are described in Section 9.1.

7.6.1.4 Spent Fuel Pool Cooling and Cleanup System Spent fuel pool cooling and cleanup are described in Subsection 9.1.3.

7.6.1.5 Containment Purge Isolation Signal 7.6.1.5.1 Description



The Containment Purge System and its isolation valves are described in Subsection 9.4.5. The Containment Purge Isolation Signal (CPIS) is generated by the use of three local radiation monitors in each of the safety channels A & B. The signal is generated separately and independently from the engineered safety actuation signals. The analog signal from the radiation monitors are fed into bistables located in the radiation monitor panels. One out-of-three logic in each channel provides the purge isolation signal, which acts as a permissive input for manual opening and automatic closing of the valves.

Control switches for the isolation valves as well as provisions for testing the circuit operation are located in the main control room. Testing will be performed periodically as outlined in the Technical Specifications.



For a list of control wiring diagrams see Section 1.7.

7.6.1.5.2 Design Basis Information The CPIS as described above, acts as a permissive to allow manual opening of the valves when radiation levels are acceptable. Removal of the permissive signal at any state of operation will cause the valves to shut automatically. This condition is alarmed in the main control room. Closing of the valves will prevent purging the containment when radiation levels are unacceptable. The CPIS has no protective function as defined in IEEE Standard 279-1971. However, using Section 3 of IEEE Standard 279-1971 as a guideline, the following discussion responds to the provisions identified in Section 3, insofar as they are applicable.

IEEE Standard 279-1971 Section 3 Discussion Item 1 The CPIS shall function to prevent opening or shut if open the containment purge isolation valves whenever containment radiation exceeds a preset value.

Item 2 Containment and plant stack radiation shall be monitored to provide the required function.

WSES-FSAR-UNIT-3 7.6-5 Revision 10 (10/99)



Item 3 Three separate, physically independent sensors for each of the safety channels (A & B), shall be provided. Each of these sensors provides the permissive signal by a one-out-of-three logic to operate the isolation valves.

Item 4 Operating procedures, administrative controls, and the permissive signal from the radiation monitoring panel will ensure that the isolation valves are closed when purging is not permitted.



Item 5 Protective action is required during containment purge. When radiation levels exceeds the setpoint, the signal functions to shut the valves.

7.6.1.6 Reactor Coolant System Leak Detection System The RCS Leak Detection System and its instrumentation is described in Subsection 5.2.5.

7.6.1.7 Area and Process Radiation Monitoring, Area radiation monitoring is described in Section 12.3. The process radiation monitoring is described in Section 11.5.

7.6.1.8 Contaimment Vacuum Relief System The Containment Vacuum Relief System and its instrumentation is described as part of the containment functional design in Subsection 3.8.2.3.



7.6.1.9 Low Temperature Overpressure Protection (LTOP)

LTOP provides narrow range (100-750 psia) pressure indication from four channels. It is used during heatup, cooldown and cold shutdown in conjunction with the Shutdown Cooling System (SDCS) interlocks discussed in Subsection 7.6.1.1.



Low temperature overpressure protection during heatup, cooldown and cold shutdown is addressed in Appendix 5.2B.

7.6.2 ANALYSIS 7.6.2.1 Shutdown Cooling System Interlocks There are no specific NRC Regulatory Guides or General Design Criteria which apply to these interlocks.



The requirements of Standard 279-1971 are written expressly for protection systems, and as such, they are not directly applicable to these interlocks. A discussion of the extent to which these interlocks apply to this Standard is provided below.



WSES-FSAR-UNIT-3 7.6-6 Revision 305 (11/11)

The following discussion refers to the requirements set forth in the respective items of Section 4 of IEEE Standard 279-1971:

IEEE Standard 279-1971 Section 4 Discussion Item 1 The interlocks are designed to meet the requirements of quality, seismic and environmental Class 1E electrical equipment as described in Sections 3.10 and 3.11.

(EC-14756, R305)

Item 2 Single failure criteria are met in that no single interlock failure in the six valve arrangement can remove the pressure boundary between the RCS and the Shutdown Cooling System nor prevent SDCS operating when inquired.

(EC-14765, R305)

Item 3 The sensors for these interlocks meet the same quality requirements that are imposed on protective system instrumentation.

Item 4 Type tests are performed on the instrumentation that will ensure their operation during expected conditions of seismic activity.

Item 5 The interlocks are designed to maintain functional capability in the normal plant operating environment and to maintain functional capability under accident conditions including the design bases LOCA or MSLB-Item 6 The pressure transmitters are located on separate pressurizer nozzles and separation is between channels.

Item 8 Direct measurement of pressurizer pressure is used as the signal for these interlocks.

Item 9 The operational availability of the four pressure sensing channels can be determined by comparing their outputs.

Item 10 Testing will be performed during normal plant shutdown periods using standard test devices and approved procedures.

Item 11 Not applicable.

(EC-23616, R305; EC-14765, R305)

Item 12 Bypass switches are installed for SI-401B, SI-405B and SI-4052B allowing the plant through 14 operator to override the RCS pressure interlock and open the valves during an Appendix R fire event. Adequate RCS pressure is administratively verified prior to opening the valves.

(EC-23616, R305; EC-14765, R305)

Item 15 Multiple setpoints are not used.

WSES-FSAR-UNIT-3 7.6-7 Revision 10 (10/99)

Item 17 A key-locked control switch is provided in the control room which enables the operator to close the isolation valves at any time, or to open the isolation valves if permissive conditions are met.

Item 18 Administrative controls are provided for access to setpoint adjustment and calibration controls.

Item 19 Completion of the isolation function is identified by the valve position indication.

Item 20 The readout consists of four pressure indicators and position indication for each of the valves. This provides the operator with clear concise information.

Item 21 The components are accessible for repair. Removal of one channel out of service will result in isolation of the associated shutdown line.

Item 22 The instrumentation and cables associated with the SDCS interlocks are not uniquely identified as such. The channels are identified to distinguish between redundant channels.

7.6.2.2 Safety Injection Tank Isolation Valve Interlocks There are no specific NRC Regulatory Guides or General Design Criteria which apply to these interlocks.



The requirements of IEEE Standard 279-1971 are written expressly for protection systems and, as such, they are not directly applicable to these interlocks. However, a discussion of the extent to which this IEEE standard applies to these interlocks is provided below.



The following discussion refers to the requirements set forth in the respective items of Section 4 of IEEE Standard 279-1971:

IEEE Standard 279-1971 Section 4 Discussion Item 1 The interlocks are designed to meet all requirements of Quality, Seismic and Environmental Class 1E electrical equipment described in Sections 3.10, and 3.11.

Item 2 No single failure of an interlock channel can prevent system operation when it is required.

Item 3 The sensors for these interlocks meet the same quality requirements that are imposed on protection system instrumentation.

Item 4 Type tests as described in Sections 3.10 and 3.11 are performed on the instrumentation to ensure their operation during expected conditions of seismic activity.

WSES-FSAR-UNIT-3 7.6-8 Revision 305 (11/11)

Item 5 The interlocks are designed to maintain functional capability in the normal plant operating environment. They serve no protective function during abnormal or accident situations.

Item 6 The pressure transmitters are located on separate pressurizer nozzles, and separation is maintained between channels.

Item 7 The interlocks automatically open the valves when RCS pressure increases to 500 psig.

Item 8 Direct measurement of pressurizer pressure is used as the signal for these interlocks.

Item 9 The operational availability of the pressure sensing channels can be determined by comparing their outputs.

Item 10 Testing will be performed during normal plant shutdown periods using standard test devices and approved procedures.

Item 11 Removal of one channel for test does not compromise system reliability.

Failure of the remaining channels during a test outage would not create an unacceptable situation, since administrative controls (key locks) effectively preclude inadvertent closing of the valves by the operator.

(EC-23616, R305)

Item 12 Bypass switches are installed for Safety Injection Tank Isolation Valves allowing the plant through 14 operator to override the SIAS and RCS pressure interlock for closing of the valves during an Appendix R fire event. Adequate RCS pressure is administratively verified prior to closing the valves.

(EC-23616, R305)

Item 15 Multiple setpoints are not used.

Item 16 See item 7.

Item 17 A key-locked switch is provided to enable the operator to open the valves if required.

Item 18 Administrative controls are provided for access to setpoint adjustment and calibration controls.

Item 19 Correct functioning of the interlocks is indicated by the valve position indicators.

Item 20 The readout consists of pressure indicators and position indication for each of the valves. This provides the operator with clear concise information.

WSES-FSAR-UNIT-3 7.6-9 Item 21 The components are accessible for repair. Removal of one channel from service will leave two SI tanks isolation valves in the open position.

Item 22 The instrumentation and cables associated with the SIT isolation valve interlocks are not uniquely identified as such. The channels are identified to distinguish between redundant channels.

7.6.2.3 Refueling Interlocks Refueling interlocks analaysis is included in Section 9.1.

7.6.2.4 Spent Fuel Pool Cooling and Cleanup System Spent fuel pool cooling and cleanup system analysis is included in Subsection 9.1.3.

7.6.2.5 Containment Purge Isolation Signal The requirements of IEEE Standard 279-1971 are written expressly for protection system. Containment purge isolation signal is not applicable to the requirements of IEEE Standard 279-1971. However, a discussion of Section 4 of IEEE Standard 279-1971 shall be applied.

The following discussion refers to the requirements set forth in the respective items of Section 4 of IEEE Standard 279-1971:

IEEE Standard 279-1971 Section 4 Discussion Item 1 The permissive signals are designed to meet all the requirements of quality, seismic and environmental Class 1E electrical equipment described in Sections 3.10, and 3.11.

Item 2 No single failure of an CPIS can prevent system operation when it is required.

Item 3 The sensors for these radiation monitors meet the same quality requirements that are imposed on protection system instrumentation.

Item 4 Type tests as described, in Sections 3.10 and 3.11 are performed on the instrumentation to ensure their operation during expected conditions of seismic activity.

Item 5 The permissive signals are designed to maintain functional capability in the normal plant operating and shutdown environment. CPIS protects against Fuel Handling accidents.

Item 6 The radiation sensors are located in separate areas and separation is maintained between channels.

Item 7 The lack of permissive signal will automatically shut the valves.

WSES-FSAR-UNIT-3 7.6-10 Revision 10 (10/99)

Item 8 Direct measurement of containment radiation is used to develop the logic for the CPIS, along with two inputs from the plant stack vent.

Item 9 The operational availability of the radiation sensing detectors can be determined by comparing their outputs at the radiation monitors.

Item 10 Testing will be performed during normal plant shutdown periods using standard test devices and approved procedures.

Item 11 Testing at one channel will not compromise system reliability. Failure of the remaining channel during a test would not create an unacceptable situation.

Items 12 There are no bypasses.

through 14



Item 15 Each area and stack radiation monitor alarm/trip comes from the ODCM or some factor above the normal (background) level of radiation the detector can sense accurately.



Item 16 Valves are automatically closed when containment radiation exceeds setpoints established by Technical Specifications.

Item 17 Control switches are provided in the control room to enable the operator to open the valves if permissive conditions are met.

Item 18 Administrative controls are provided for setpoint adjustment and calibration controls.

Item 19 Correct functioning of the permissive signal is indicated by the valve position indicators.

Item 20 The readout consists of position indication for each of the valves. This provides the operator with clear concise information.

Item 21 The components are accessible for repair.

Item 22 The instrumentation and cables associated with the CPIS are not uniquely identified as such. The channels are identified to distinguish between redundant channels.

7.6.2.6 Reactor Coolant System Leak Detection System The RCS Leak Detection System and its instrumentation analysis is included in Subsection 5.2.5.

WSES-FSAR-UNIT-3 7.6-11 Revision 10 (10/99) 7.6.2.7 Area and Process Radiation Monitoring Area radiation monitoring analysis is included in Section 12.3. Process radiation monitoring analysis is included in Section 11.5.

7.6.2.8 Containment Vacuum Relief System



Containment Vacuum Relief System analysis is included in Subsection 6.5.3.



7.6.2.9 Low Temperature Overpressure Protection Analysis for low temperature overpressure protection during heatup, cooldown and cold shutdown is addressed in Appendix 5.2B.

Retrieved from "https://kanterella.com/w/index.php?title=ML16256A324&oldid=5164519"