License Amendment Request: Addition of RCS Tcold Engineered Safety Feature Actuation System (ESFAS) Instrumentation Function

ML25045A166
Person / Time
Site:	Vogtle
Issue date:	02/14/2025
From:	Coleman J Southern Nuclear Operating Co
To:	Office of Nuclear Reactor Regulation, Document Control Desk
References
NL-25-0030
Download: ML25045A166 (1)
v • d • e

Text

Regulatory Affairs 3535 Colonnade Parkway Birmingham, AL 35243 205 992 5000 February 14, 2025 Docket Nos.: 52-025 NL-25-0030 52-026 10 CFR 50.90 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D. C. 20555-0001 Southern Nuclear Operating Company Vogtle Electric Generating Plant - Units 3 and 4 License Amendment Request: Addition of RCS Tcold Engineered Safety Feature Actuation System (ESFAS) Instrumentation Function Pursuant to 10 CFR 52.98(c) and in accordance with 10 CFR 50.90, Southern Nuclear Operating Company (SNC) requests an amendment to the Combined License (COL) for Vogtle Electric Generating Plant (VEGP) Units 3 and 4 (License Numbers NPF-91 and NPF-92, respectively). The license amendment request (LAR) proposes to revise COL Appendix A, Technical Specifications (TS) 3.3.8, Engineered Safety Feature Actuation System (ESFAS)

Instrumentation, Table 3.3.8-1, to add a new Function 11.b, Reactor Coolant System (RCS)

Cold Leg Temperature (Tcold) - High.

These changes were previously discussed with the NRC Staff on a public conference call meeting on October 15, 2024 [ADAMS Accession Number ML24275A131]. SNC has incorporated information into the request to address topics discussed during the call as presented in the meeting summary [ADAMS Accession Number ML24290A158].

The Enclosure to this letter provides the description, technical evaluation, regulatory evaluation (including the Significant Hazards Consideration), and environmental considerations for the proposed changes.

This letter contains no regulatory commitments. This letter has been reviewed and determined not to contain security-related information.

SNC requests NRC staff review and approval of this LAR by August 29, 2025 to support planned implementation during the VEGP Unit 4 refueling outage. SNC expects to implement the proposed amendment on VEGP Unit 4 prior to startup from the Fall 2025 refueling outage and on VEGP Unit 3 prior to startup from the Spring 2026 refueling outage.

In accordance with 10 CFR 50.91, SNC is notifying the State of Georgia by transmitting a copy of this letter and its enclosure to the designated State Official.

If you have any questions, please contact Ryan Joyce at (205) 992-6468.

U. S. Nuclear Regulatory Commission NL-25-0030 Page 2 I declare under penalty of perjury that the foregoing is true and correct. Executed on the 14th of February, 2025.

Respectfully submitted, Jamie M. Coleman Director, Regulatory Affairs Southern Nuclear Operating Company

Enclosure:

Evaluation of Proposed Changes cc:

NRC Regional Administrator, Region ll NRR Project Manager - Vogtle 3 & 4 Senior Resident Inspector - Vogtle 3 & 4 Director, Environmental Protection Division - State of Georgia Document Services RTYPE: VND.LI.L00

Enclosure to NL-25-0030 Evaluation of Proposed Changes

1.

SUMMARY

DESCRIPTION

2.

DETAILED DESCRIPTION 2.1 System Design and Operation 2.2 Current Requirements 2.3 Reason for Proposed Change 2.4 Description of Proposed Change

3.

TECHNICAL EVALUATION

4.

REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 4.2 Precedent 4.3 Significant Hazards Consideration 4.4 Conclusions

5.

ENVIRONMENTAL CONSIDERATION

6.

REFERENCES Attachments:

1.

Technical Specification Changes Marked-up Pages

2.

Updated Final Safety Analysis Report Changes Marked-up Pages

3.

Revised Technical Specification Pages

4.

Technical Specification Bases Marked-up Pages (for information only)

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-1

1.

SUMMARY

DESCRIPTION The proposed change would revise the Combined License (COLs) for Vogtle Electric Generating Plant (VEGP) Units 3 and 4 by revising COL Appendix A Technical Specification (TS) 3.3.8, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, Table 3.3.8-1, to add a new Function 11.b, Reactor Coolant System (RCS) Cold Leg Temperature (Tcold) - High. The new function impacts the Protection and Safety Monitoring System (PMS) actuation logic for the Passive Residual Heat Removal (PRHR) Heat Exchanger (HX). The logic for one of the PRHR HX actuation signals that currently requires Low-2 steam generator (SG) narrow range water level coincident with Low-2 startup feedwater flow in any SG is being modified to require Low-2 SG narrow range water level coincident with Low-2 startup feedwater flow in both SGs coincident with the new Tcold -

High in either RCS loop.

2. DETAILED DESCRIPTION 2.1 System Design and Operation PRHR HX The PRHR HX is part of the Passive Core Cooling System (PXS) and aids the PXS in core cooling during design basis events involving increases and decreases in secondary side heat removal and decreases in reactor coolant, as described in Updated Final Safety Analysis Report (UFSAR) subsection 6.3.2. The PRHR HX is also designed to perform a nonsafety related function to cool the reactor coolant system within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> to 420F and maintain the RCS in the long-term safe shutdown condition of 420°F for greater than 14 days in a closed-loop mode of operation as described in UFSAR subsection 6.3.1.2.1.

PRHR HX is actuated by conditions listed in UFSAR subsection 7.3.1.2.7. The Condition 4 actuation (i.e., Low-2 steam generator narrow range water level after a preset time delay coincident with Low-2 startup feedwater flow) is impacted by this amendment request. The Condition 4 PRHR actuation is identified in the safety analysis sequence of events shown in UFSAR Table 15.2-1 for the II.A loss of ac power to the plant auxiliaries accident and the III.A loss of normal feedwater flow accident. These accident analyses are discussed in UFSAR subsections 15.2.6 and 15.2.7, respectively.

Protection and Safety Monitoring System (PMS)

As described in further detail in WCAP-16675 (ML21179A098), AP1000 Protection and Safety Monitoring System Architecture Technical Report, PMS provides detection of off-nominal conditions and actuation of appropriate safety-related functions necessary to achieve and maintain the plant in a safe shutdown condition as described in UFSAR subsection 7.1.1. The PMS is actuated when safety system setpoints are reached for selected plant parameters. Once the required logic combination is generated, PMS sends the signal to actuate appropriate engineered safety features components as described in UFSAR subsection 7.3.1, including PRHR HX actuation as described above.

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-2 RCS Cold Leg Temperature As described in UFSAR subsection 5.1.2 the RCS is provided with two loops, each with a single hot leg and two cold legs. As described in UFSAR Chapter 7, each cold leg contains resistance temperature detectors (RTDs) providing a Tcold signal input to PMS for actuation of Steam Line Isolation and Startup Feedwater Isolation.

2.2 Current Requirements The current PRHR HX actuation logic, as presented in UFSAR subsection 7.3.1.2.7, Condition 4, and shown in UFSAR Figure 7.2-1 Sheet 8, is met by the coincidence of two of the four divisions of SG narrow range water level below the Low-2 setpoint (required by TS Table 3.3.8-1 Function 20) after a preset time delay coincident with a Low-2 startup feedwater flow (required by TS 3.3.11) occurring in one SG. The actuation occurs on either of the two SGs meeting the logic.

There currently is no RCS Cold Leg Temperature (Tcold) - High function.

2.3 Reason for Proposed Change The PMS PRHR HX actuation logic changes are being implemented to address lessons learned from the AP1000 Haiyang Unit 2 (HY2) event on October 17, 2018. The HY2 plant responded to an unplanned reactor trip while undergoing startup testing that led to an actuation of PRHR HX. The combined effects of low reactor decay heat during initial startup and full PRHR HX flow caused the RCS Tcold to drop below the Low-2 setting and the resultant generation of a Safeguards actuation. For this event, the PRHR HX was not required to cool the RCS and its unnecessary actuation resulted in an RCS overcooling event as well as the Safeguards actuation. An unnecessary Safeguards actuation is highly undesirable because of the stress it places on the plant and the significant recovery effort required.

The planned PMS modification will minimize unnecessary PRHR HX actuations by requiring both SGs indicating loss of heat removal capability and a coincident indication that RCS cold leg temperature is rising (i.e., that SG heat removal capability may be lost and that there is a need for PRHR HX heat removal).

The addition of a new safety related ESFAS instrumentation function that is assumed to function in the safety analysis is required to be included in TS to meet 10 CFR 50.36(c)(ii)(C), Criterion 3:

A structure, system, or component that is part of the primary success path and which functions or actuates to mitigate a design basis accident or transient that either assumes the failure of or presents a challenge to the integrity of a fission product barrier.

As such, an amendment to the COL Appendix A, Technical Specifications, is required and in accordance with 10 CFR 50.90, Application for amendment of license, construction permit, or early site permit, requires this application for an amendment.

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-3 2.4 Description of Proposed Change The current PRHR HX actuation logic is provided by the coincidence of two of the four divisions of SG narrow range water level below the Low-2 setpoint after a preset 1 time delay and a coincident Low-2 startup feedwater flow in either steam generator.

The proposed PRHR HX actuation logic (with change emphasis added) is provided by the coincidence of two of the four divisions of SG narrow range water level below the Low-2 setpoint after a preset time delay, a coincident Low-2 startup feedwater flow in both SGs, and coincident with two of the four divisions of Tcold - High.

These PMS logic changes are shown in revisions to the UFSAR. The new RCS Tcold - High ESFAS Function is added to TS Table 3.3.8-1 as Function 11.b (current Function 11 is renumbered as 11.a).

Markups showing the TS and UFSAR changes are provided in Attachment 1. The revised TS pages are shown in Attachment 2. Conforming TS Bases changes are provided in for information only.

3. TECHNICAL EVALUATION Currently the PRHR HX is actuated when one-out-of-two steam generators are at Low-2 narrow range level for a preset time delay coincident with one-out-of-two steam generators at Low-2 startup feedwater flow. The logic change requires SG Low-2 narrow range level and startup feedwater flow Low-2 in both steam generators, which avoids PRHR actuation due to a loss of inventory from only one steam generator while the other steam generator remains available as a heat sink. The logic change also requires the coincidence of the new RCS Tcold - High function. The RCS Tcold - High actuation was selected such that it is high enough to be below the turbine bypass valve pressure control mode setpoint. This allows the anticipatory safety-related PRHR actuation to prevent the SG power operated relief valves or turbine bypass valves from depleting the SG inventory if startup feedwater flow is lost.

This logic change remains single-failure proof because the SG narrow range Low-2 signal continues to be generated from 2 out of 4 divisions for each steam generator, the startup feedwater flow Low-2 signal continues to be generated from 1 out of 2 divisions for each steam generator and the new RCS Tcold - High (using the existing Tcold RTDs) is generated from 2 out of 4 divisions for either RCS loop.

Additionally, PRHR HX is actuated on SG wide range level Low-2 and remains unaffected by the planned modification. The SG wide range level Low-2 is also single failure proof and generates a signal to actuate PRHR HX on 2 out of 4 divisions in either steam generator.

The addition of the new Tcold - High does not require any physical modification. The RCS Tcold hardware and temperature input into PMS currently exists as required by TS Table 3.3.8-1, Function 11, Tcold - Low-2. The modification to implement a new Tcold - High Function will utilize the existing safety related PMS RTDs for RCS Tcold. As such, PMS continues to meet the functional requirements for PMS system architecture as described in WCAP-16675-P (Reference 1). The setpoint for the new Tcold - High function will be

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-4 developed, implemented, and documented in accordance with the requirements of TS 5.5.8, Setpoint Program.

The PRHR HX aligns from any of the following conditions per UFSAR subsection 7.3.1.2.7:

(1) core makeup tank actuation, (2) first stage automatic depressurization system actuation, (3) Low-2 SG wide range water level, (4) Low-2 narrow range SG level coincident with Low-2 startup feedwater flow (which is being revised by this request), (5) High-3 pressurizer water level, and (6) manual initiation. The safety analysis events that credit PRHR actuation on Low-2 narrow range SG level coincident with Low-2 startup feedwater flow (i.e.,

Condition 4) are as follows:

The loss of alternating current (LOAC) accident as described in UFSAR subsection 15.2.6, The loss of normal feedwater flow (LONF) accident as described in UFSAR subsection 15.2.7, and The LOAC with a LONF accident as described in UFSAR subsection 15.2.7.

The LOAC and LONF events (which includes LONF with consequential LOAC) are analyzed in the safety analysis with the LOFTRAN computer code and the results are compared to acceptance criteria for each event, which includes pressurizer volume maximum value and minimum departure from nucleate boiling ratio (DNBR). For the three events potentially actuating on a SG narrow range water level the limiting case (LONF with consequential LOAC) was reanalyzed with the Tcold - High logic modeled. The results of the limiting case showed that the Tcold - High setpoint was reached 16.4 seconds after the SG narrow range water level signal was generated. Due to the existing proprietary preset time delay (which is significantly longer than 16.4 seconds) applied after the SG narrow range level is generated, the 16.4 second delay in reaching RCS Tcold signal has no impact on the most limiting case.

Additionally, the new logic was reviewed for its impact on a partial LONF (loss of normal feedwater in one of the two SGs). A complete LONF in both SGs is more limiting than a LONF in only one SG because cooling would still be provided by the unaffected SG. With the planned modification to PRHR actuation logic that includes requiring both SG to reach narrow range low level, a partial LONF (a LONF in one SG) will not actuate PRHR upon a SG narrow range water level in only one SG. In the LONF in one SG scenario, PRHR actuation would continue to be provided by the unchanged Low-2 SG wide range water level signal in either SG. The LONF-in-one-SG scenario was evaluated using two cases; a LONF in loop 1 and a LONF in loop 2, which demonstrated that the loss of feedwater in both loops remains limiting.

Results of the LOFTRAN cases show that for each of the three events pressurizer volume and DNBR remain bounded by the most limiting cases presented in the UFSAR. Therefore, there are no changes to any safety analyses. The UFSAR Chapter 15 changes reflect only the logic changes.

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-5 There is no current TS to require the operability of a Tcold - High function. Given the new Tcold - High is part of the revised actuation logic for PRHR HX actuation presumed in the safety analysis, it is required to be included in TS per 10 CFR 50.36(c)(2)(ii) Criterion 3 A structure, system, or component that is part of the primary success path and which functions or actuates to mitigate a design basis accident or transient that either assumes the failure of or presents a challenge to the integrity of a fission product barrier.

The new Tcold - High function is added as new TS Table 3.3.8-1 Function 11.b (with current Function 11 being renumbered as Function 11.a) with 4 channels per loop required. The proposed Applicability for new Function 11.b is Modes 1, 2, and 3, and Mode 4 with the RCS not being cooled by the Normal Residual Heat Removal System (RNS). The proposed default Condition referenced in Table 3.3.8-1 for new Function 11b is Condition F, which requires actions to be in Mode 3 in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and Mode 4 with RCS cooling provided by RNS in 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. Both the Applicability and the Condition referenced are the same Applicability and Condition required for the other existing portion of the actuation logic; SG Narrow Range Water Level - Low 2 (TS Table 3.3.8-1, Function 20) and Startup Feedwater Flow -

Low 2 (TS 3.3.11).

Previous VEGP Units 3 and 4 Amendments 90 and 89, respectively, (Safety Evaluation, ADAMS Accession No. ML17241A109) reflect an applicable precedent (refer to Section 4.2). These Amendments also added a new ESFAS function to TS Table 3.3.8-1 (i.e., Function 1.a, Containment Pressure - Low).

During a public conference-call meeting on October 15, 2024 [ADAMS Accession Number ML24275A131] the NRC Staff questioned whether the LAR would follow the guidance of DI&C-ISG-06, Digital Instrumentation and Controls Licensing Process (refer to the meeting summary published on October 24, 2024 [ADAMS Accession Number ML24290A158]). The software changes necessary for implementation of the proposed amendment are currently being developed. Those changes will follow the NRC approved WCAP-16096, Software Program Manual for Common Q' Systems (Reference 2), as modified by WCAP-15927, Design Process for AP1000 Common Q Safety Systems (Reference 3), as specified in UFSAR Chapter 7.SNC has determined that the guidance of DI&C-ISG-06 is not applicable for this SNC request, consistent with the cited precedent above.

Conclusion The proposed change to TS Table 3.3.8-1, Engineered Safeguards Actuation System Instrumentation, to include a new Tcold - High, and its application to the PRHR HX coincidence logic, continues to support the operation of PRHR HX such that sufficient core cooling occurs during design basis events. Analysis has shown that for each event crediting PRHR HX actuation, PRHR HX continues to perform its safety function and support meeting acceptance criteria. The proposed change has no adverse effect on the UFSAR accident analysis and will continue to meet functional capability or performance levels of equipment required for safe operation of the facility and the protection of public health and safety.

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-6 4

REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria In conformance with 10 CFR 50.36(c)(2) the VEGP Units 3 and 4 Combined License (COL)

Appendix A Technical Specifications (TS) provides a Limiting Condition for Operation (LCO) for actuation signals that form part of the primary success path and which functions or actuates to mitigate a design basis accident. The addition of the new Tcold - High function meets this criterion. Thus, the proposed changes are consistent with the requirements of 10 CFR 50.36.

10 CFR Part 50, Appendix A, General Design Criterion (GDC) 13 "Instrumentation and Control," requires that instrumentation be provided to monitor variables and systems over their anticipated ranges for normal operation, anticipated operational occurrences, and accident conditions to assure adequate safety. Appropriate controls must be provided to maintain variables and systems within prescribed operating ranges. The proposed addition of the new Tcold - High function meets this criterion. Thus, the proposed changes are consistent with the requirements of 10 CFR 50, Appendix A, GDC 13.

10 CFR Part 50, Appendix A, GDC 20, "Protection System Functions," requires a protection system to sense accident conditions and initiate operation of systems important to safety to ensure that acceptable fuel design limits are not exceeded. The proposed addition of the new Tcold - High function meets this criterion. Thus, the proposed changes are consistent with the requirements of 10 CFR 50, Appendix A, GDC 20.

10 CFR Part 50, Appendix A, GDC 34, Residual heat removal, requires a safety system to transfer fission product decay heat and other residual heat from the reactor core at a rate such that specified acceptable fuel design limits and the design conditions of the reactor coolant pressure boundary are not exceeded. PRHR HX safety analyses show that specified acceptable fuel design limits and the design conditions of the reactor coolant pressure boundary continue to be met with the proposed addition of the new Tcold - High.

Thus, the proposed changes are consistent with the requirements of 10 CFR 50, Appendix A, GDC 34.

4.2 Precedent Letter from Jordan Hoellman (NRC) to Brian H. Whitley (SNC), dated October 12, 2017, Vogtle Electric Generating Plant, Units 3 and 4 Issuance of Amendments RE: Engineered Safety Features Actuation Changes for Containment Vacuum Relief (ADAMS Accession No. ML17241A109).

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-7 4.3 Significant Hazards Consideration Southern Nuclear Operating Company (SNC) is requesting an amendment to Combined License (COL) Nos. NPF-91 and NPF-92 for Vogtle Electric Generating Plant (VEGP)

Units 3 and 4, respectively. The license amendment request (LAR) proposes to revise the Combined License (COL) Appendix A, Technical Specification (TS), 3.3.8, Engineered Safety Feature Actuation System (ESFAS) Instrumentation, Table 3.3.8-1, to add a new Function 11.b, Reactor Coolant System (RCS) Cold Leg Temperature (Tcold) - High. The new function impacts the Protection and Safety Monitoring (PMS) Passive Residual Heat Removal (PRHR) Heat Exchanger (HX) actuation logic.

An evaluation to determine whether or not a significant hazards consideration is involved with the proposed amendment was completed by focusing on the three standards set forth in 10 CFR 50.92(c), Issuance of amendment, as discussed below.

1. Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No The proposed changes do not affect the previously evaluated accident probability because the UFSAR Chapter 15 initiating events for analyzed accidents does not change. The proposed changes do not adversely affect accident initiators or precursors, and do not alter the design assumptions, conditions, or configuration of the plant or the manner in which the plant is operated or maintained. The proposed changes ensure that the ESFAS functions will perform their design basis function.

Therefore, the proposed changes do not result in any increase in probability of an analyzed accident occurring.

The proposed changes were evaluated and the limiting cases described in the UFSAR were found to remain bounding for the new cases analyzed as a result of this activity. Thus, the consequences of the accidents previously evaluated are not adversely affected.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No The proposed changes do not involve the installation of any new or different type of equipment or a change to the methods governing normal plant operation. The proposed changes continue to provide the required functional capability, including single-failure protection, of the safety systems for previously evaluated accidents and anticipated operational occurrences. The proposed changes do not adversely impact the function of any related systems, and thus, the changes do not introduce a

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-8 new failure mode, malfunction, or sequence of events that could adversely affect safety or safety-related equipment Therefore, the proposed change will not create the possibility of a new or different kind of accident from any accident previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

The proposed change continues to provide the required functional capability of the safety systems for previously evaluated accidents and anticipated operational occurrences. The proposed change does not change the function of the related systems. The proposed change was evaluated and demonstrated that the safety analyses specified acceptable fuel design limits and the design conditions of the reactor coolant pressure boundary continue to be met with the proposed addition of the new Tcold - High. Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, it is concluded that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and, accordingly, a finding of no significant hazards consideration is justified.

4.4 Conclusions Based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. Therefore, it is concluded that the requested amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and, accordingly, a finding of no significant hazards consideration is justified.

5 ENVIRONMENTAL CONSIDERATION The proposed changes to the Technical Specifications (TS) are described in Section 2 of this Enclosure, which require a license amendment. SNC has evaluated this license amendment request against the criteria for identification of licensing and regulatory actions requiring environmental assessment in accordance with 10 CFR 51.21.

The requested amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(9), in that the amendment would not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure.

Enclosure to NL-25-0030 Evaluation of Proposed Changes E-9 Accordingly, the proposed amendment meets the eligibility criteria for categorical exclusion set forth in 10 CFR 51.22(c)(9). Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.

6 REFERENCES

1. WCAP-16675-P (Proprietary) and WCAP-16675-NP (Non-Proprietary), AP1000 Protection and Safety Monitoring System Architecture Technical Report, Revision 10, September 2020.

2. WCAP-16097-P-A (Proprietary) and WCAP-16097-NP-A (Non-Proprietary), Revision 3, Common Qualified Platform Topical Report, February 2013.

3. WCAP-15927-P (Proprietary) and WCAP-15927-NP (Non-Proprietary), Revision 8, Design Process for AP1000 Common Q Safety Systems, September 2020.

Technical Specification Changes Marked-up Pages Technical Specification Changes Marked-up Pages Insertions Denoted by underlined Blue text and Deletions by Red Strikethrough Omitted text is identified by three asterisks ( * * * )

Technical Specifications ESFAS Instrumentation 3.3.8 VEGP Units 3 and 4 3.3.8 - 7 Amendment No. ___190 (Unit 3)

Amendment No. ___147 (Unit 4)

Table 3.3.8-1 (page 1 of 32)

Engineered Safeguards Actuation System Instrumentation FUNCTION APPLICABLE MODES OR OTHER SPECIFIED CONDITIONS REQUIRED CHANNELS CONDITIONS

1.

Containment Pressure

a. - Low 1,2,3,4,5(a),6(a) 4 P

b. - Low 2 1,2,3,4,5(a),6(a) 4 P

2.

Containment Pressure - High 2 1,2,3,4 4

H

3.

Containment Radioactivity - High 1,2,3,4(b) 4 l

4.

Containment Radioactivity - High 2 1,2,3 4

l

5.

Pressurizer Pressure - Low 3 1,2,3(c)(l) 4 E

6.

Pressurizer Water Level - Low 1,2 4

D

7.

Pressurizer Water Level - Low 2 1,2,3,4(b) 4 F

4(d),5(e) 4 J

8.

Pressurizer Water Level - High 1,2,3 4

l

9.

Pressurizer Water Level - High 2 1,2,3,4(f) 4 l

10.

Pressurizer Water Level - High 3 1,2,3,4(f) 4 Q

11.

RCS Cold Leg Temperature (Tcold)

a. - Low 2 1,2,3(c)(l) 4 per loop E

b. - High 1,2,3,4(b) 4 per loop F

12.

Reactor Coolant Average Temperature (Tavg)

- Low 1,2 4

D

13.

Reactor Coolant Average Temperature (Tavg)

- Low 2 1,2 4

D (a) Without an open containment air flow path 6 inches in diameter.

(b) With the RCS not being cooled by the Normal Residual Heat Removal System (RNS).

(c) Above the P-11 (Pressurizer Pressure) interlock.

(d) With the RCS being cooled by the RNS.

(e) With RCS not VENTED and CMT actuation on Pressurizer Water Level - Low 2 not blocked.

(f) With all four cold leg temperatures > 275°F.

(g) With upper internals in place.

(l) Below the P-11 (Pressurizer Pressure) interlock and RCS boron concentration is less than that necessary to meet the SDM requirements at an RCS temperature of 200°F.

Technical Specifications ESFAS Instrumentation 3.3.8 VEGP Units 3 and 4 3.3.8 - 8 Amendment No. ___190 (Unit 3)

Amendment No. ___147 (Unit 4)

Table 3.3.8-1 (page 2 of 32)

Engineered Safeguards Actuation System Instrumentation FUNCTION APPLICABLE MODES OR OTHER SPECIFIED CONDITIONS REQUIRED CHANNELS CONDITIONS

14. RCS Wide Range Pressure - Low 1,2,3,4 4

H 5(n) 4 K

6(g)(n) 4 L

15. Core Makeup Tank (CMT) Level - Low 3 1,2,3,4(b) 4 per tank F

4(d),5(h) 4 per OPERABLE tank J

16. CMT Level - Low 6 1,2,3,4(b) 4 per tank F

4(d),5(h)(n) 4 per OPERABLE tank J

17. Source Range Neutron Flux Doubling 2(i),3(i),4(j) 4 I

5(j) 4 I

18. IRWST Lower Narrow Range Level - Low 3 1,2,3,4(b) 4 F

4(d),5(n) 4 M

6(g)(n) 4 N

19. Reactor Coolant Pump Bearing Water Temperature - High 2 1,2,3,4 4 per RCP O

20. SG Narrow Range Water Level - Low 2 1,2,3,4(b) 4 per SG F

21. SG Wide Range Water Level - Low 2 1,2,3,4(b) 4 per SG F

22. SG Narrow Range Water Level High 1,2,3,4 4 per SG I

23. SG Narrow Range Water Level - High 3 1,2 4 per SG D

3,4 4 per SG I

(b) With the RCS not being cooled by the Normal Residual Heat Removal System (RNS).

(d) With the RCS being cooled by the RNS.

(g) With upper internals in place.

(h) With RCS not VENTED.

(i) With unborated water source flow paths not isolated except when critical or except during intentional approach to criticality.

(j) With unborated water source flow paths not isolated.

(n) For Unit 3 only, not required to be OPERABLE prior to initial criticality.

Technical Specifications ESFAS Instrumentation 3.3.8 VEGP Units 3 and 4 3.3.8 - 9 Amendment No. ___190 (Unit 3)

Amendment No. ___147 (Unit 4)

Table 3.3.8-1 (page 3 of 32)

Engineered Safeguards Actuation System Instrumentation FUNCTION APPLICABLE MODES OR OTHER SPECIFIED CONDITIONS REQUIRED CHANNELS CONDITIONS

24. Steam Line Pressure - Low 2 1,2,3(c)(l)(m) 4 per steam line G

25. Steam Line Pressure - Negative Rate - High 3(k) 4 per steam line I

(c) Above the P-11 (Pressurizer Pressure) interlock.

(k) Below the P-11 (Pressurizer Pressure) interlock when Steam Line Pressure - Low 2 is blocked.

(l) Below the P-11 (Pressurizer Pressure) interlock and RCS boron concentration is less than that necessary to meet the SDM requirements at an RCS temperature of 200°F.

(m) Below the P-11 (Pressurizer Pressure) interlock when Steam Line Pressure - Low 2 is not blocked.

Revised Technical Specification Pages Updated Final Safety Analysis Report Changes Marked-up Pages Insertions Denoted by underlined Purple text and Deletions by Red Strikethrough Omitted text is identified by three asterisks ( * * * )

6.3-32 Revision 12 VEGP 3&4 - UFSAR 1.

Inadvertent opening of a steam generator power-operated atmospheric steam relief or safety valve 2.

Steam system piping failure B. Decrease in heat removal by the secondary system 1.

Loss of Main Feedwater Flow 2.

Feedwater system piping failure C. Decrease in reactor coolant system inventory 1.

Steam generator tube rupture 2.

Loss of coolant accident from a spectrum of postulated reactor coolant system piping failures 3.

Loss of coolant due to a rod cluster control assembly ejection accident (This event is enveloped by the reactor coolant system piping failures.)

D. Shutdown Events (Chapter 19) 1.

Loss of Startup Feedwater 2.

Loss of normal residual heat removal system with reactor coolant system pressure boundary intact 3.

Loss of normal residual heat removal system during mid-loop operation 4.

Loss of normal residual heat removal system with refueling cavity flooded The events listed in groups A and B are non-LOCA events where the primary protection is provided by the passive core cooling system passive residual heat removal heat exchanger. For these events, the passive residual heat removal heat exchanger is actuated by the protection and monitoring system for the following conditions:

z Low-2 steam generator narrow range water level, coincident with startup feedwater Low-2 flow z

Low-2 steam generator wide range water level z

Core makeup tank actuation z

Automatic depressurization actuation z

Pressurizer water level - High 3 z

Manual actuation The events listed in group C above are events involving the loss of reactor coolant where the primary protection is by the core makeup tanks and accumulators. For these events the core makeup tanks are actuated by the protection and monitoring system for the following conditions:

coincident with Tcold - High UFSAR 6.3.3

7.2-32 Revision 10 VEGP 3&4 - UFSAR Figure 7.2-1 (Sheet 8 of 21)

Functional Diagram Loss of Heat Sink Protection MANUAL PRHR ACTUATION (TWO CONTROLS)

(NOTE 1)

LOW-2 STEAM GENERATOR 1 WATER LEVEL (NARROW RANGE)

LOW-2 STEAM GENERATOR 1 STARTUP FEEDWATER FLOW LOW-2 STEAM GENERATOR 1 WATER LEVEL (WIDE RANGE)

FIRST STAGE AUTOMATIC DEPRESSURIZATION SYSTEM ACTUATION OPEN PRHR DISCHARGE VALVES FB D

B B

D FB FEEDWATER FLOW STARTUP LOW-2 STEAM GENERATOR 2 (NARROW RANGE)

WATER LEVEL LOW-2 STEAM GENERATOR 2 CMT ACTUATION CLOSE STEAM GENERATOR 1 BLOWDOWN VALVES VALVES BLOWDOWN GENERATOR 2 CLOSE STEAM (NOTE 2)

(WIDE RANGE)

WATER LEVEL LOW-2 STEAM GENERATOR 2 (NOTE 2)

(NOTE 2)

WATER LEVEL PRESSURIZER HIGH-3 GUTTER ISOLATION AND CLOSE IRWST VALVES (APP PMS J1 107)

(APP PMS J1 107)

(APP PMS J1 107)

(APP PMS J1 107)

(APP PMS J1 115)

(APP PMS J1 112)

(APP PMS J1 106)

L R

S R

MOMENTARY RESET (NOTE 3)

PRHR RESET CONTROL

1. TWO MOMENTARY CONTROLS OPERATING EITHER CONTROL WILL ACTUATE ALL APPLICABLE DIVISIONS.

2. COMPONENTS ARE ALL INDIVIDUALLY SEALED IN (LATCHED), SO THAT LOSS OF THE ACTUATION SIGNAL WILL NOT CAUSE THESE COMPONENTS TO RETURN TO THE CONDITION HELD PRIOR TO THE ADVENT OF THE ACTUATION SIGNAL.

3. SEPARATE MOMENTARY CONTROLS, ONE FOR EACH APPLICABLE DIVISION.

CONFIRMATORY OPEN SIGNAL TO PRHR HL ISOLATION VALVE L

R RESET AUTO STEAM GENERATOR BLOWDOWN ISOLATION (NOTE 3)

L R

MANUAL CONTAINMENT ISOLATION SIGNAL (APP PMS J1 113)

AUTO CONTAINMENT ISOLATION SIGNAL (APP PMS J1 113)

(NOTE 2)

Tcold - High (APP-PMS-J1-109)

7.2-33 Revision 10 VEGP 3&4 - UFSAR Figure 7.2-1 (Sheet 9 of 21)

Functional Diagram Steam Line Isolation 2/4 BYP PB A

A PB LOOP 1 LOOP 2 HIGH STEAM PRESSURE NEGATIVE RATE (RATE-LAG COMPENSATED)

BLOCK MOMENTARY RESET MOMENTARY (NOTE 5)

STEAMLINE / FEEDWATER ISOLATION AND SAFEGUARDS BLOCK CONTROL P-11A (LEAD-LAG COMPENSATED)

LOW-2 STEAMLINE PRESSURE LOOP 2 LOOP 1 PB A

PB BYP 2/4 2/4 BYP TO FEEDWATER ISOLATION A

TB LOOP 2 LOW-2 MANUAL STEAMLINE ISOLATION (TWO CONTROLS)

(NOTE 1)

HIGH-2 CONTAINMENT SAFEGUARDS ACTUATION ISOLATION STEAMLINE (NOTE 3)

COLD T

FEEDWATER ISOLATE STARTUP 2/4 BYP CLOSE STEAM GENERATOR "1" PORV AND PORV B

C D

B C

D B

C D

B C

D A

(NOTE 3)

CONTROL ROOM ISOLATION FROM MANUAL STEAMLINE RELIEF ISOLATION FROM CONTROL ROOM (TWO CONTROLS)

RELIEF ISOLATION MANUAL SG MANUAL STEAM GENERATOR (NOTE 1)

BLOCK VALVE GENERATOR "2" BLOCK VALVE PORV AND PORV CLOSE STEAM (NOTE 3)

(APP PMS J1 111)

(APP PMS J1 110)

(APP PMS J1 111)

(APP PMS J1 110)

(APP PMS J1 111) 2.

DELETED.

NOTES:

4.

DELETED.

5.

SEPARATE MOMENTARY CONTROLS, ONE FOR EACH APPLICABLE DIVISION.

S R L R S R L R RESET SG1 RELIEF ISOLATION (NOTE 5)

S R L R PRESSURE RESET STEAMLINE ISOLATION (NOTE 5)

RESET SG2 RELIEF ISOLATION (NOTE 5)

B C

D B

C D

2/4 BYP 2/4 BYP A

TB LOOP 1 LOW-2 COLD T

1.

TWO MOMENTARY CONTROLS OPERATING EITHER CONTROL WILL ACTIVATE ALL APPLICABLE DIVISIONS.

3.

COMPONENTS ARE ALL INDIVIDUALLY SEALED IN (LATCHED), SO THAT LOSS OF THE ACTUATION SIGNAL WILL NOT CAUSE THESE COMPONENTS TO RETURN TO THE CONDITION HELD PRIOR TO THE ADVENT OF THE ACTUATION SIGNAL.

2/4 BYP TB cold T -High LOOP 1 A

C D

B B

C TB D

T -High LOOP 2 A

cold 2/4 BYP PRHR (APP-PMS-J1-108)

7.3-9 Revision 9 VEGP 3&4 - UFSAR 3.

High-3 steam generator narrow range water level 4.

Low-1 reactor coolant system average temperature coincident with P-4 permissive 5.

Low-2 reactor coolant system average temperature coincident with P-4 permissive Conditions 1, 2, and 3 isolate the main feedwater supply by tripping the main feedwater pumps and closing the main feedwater control, isolation and crossover valves. These conditions also initiate a turbine trip.

Condition 2 consists of two momentary controls. Manual actuation of either of the two controls will trip the turbine and isolate the main feedwater supply. This action also initiates isolation of startup feedwater (Subsection 7.3.1.2.13).

Condition 3 is derived from a coincidence of two of the four divisions of narrow range steam generator water level above the High-3 setpoint for either steam generator. In addition to tripping the turbine and isolating the main feedwater supply, condition 3 also initiates a reactor trip, isolates the startup feedwater supply (Subsection 7.3.1.2.13), and isolates the chemical and volume control system. The functions of turbine trip, main feedwater supply isolation, startup feedwater supply isolation, and chemical volume control system isolation can be manually blocked when the reactor coolant system average temperature is below the P-9 permissive setpoint. This function is automatically unblocked when the reactor coolant system average temperature is above the P-9 permissive setpoint.

Condition 4 results from a coincidence of two of the four divisions of reactor loop average temperature (Tavg) below the Low-1 setpoint coincident with the P-4 permissive (reactor trip). This condition results in the closure of the main feedwater control valves. The feedwater isolation resulting from this condition may be manually blocked when the pressurizer pressure is below the P-11 setpoint. The block is automatically removed when the pressurizer pressure is above the P-11 setpoint.

Condition 5 results from a coincidence of two of the four divisions of reactor loop average temperature (Tavg) below the Low-2 setpoint coincident with the P-4 permissive (reactor trip). This condition results in the tripping of the main feedwater pumps and closure of the main feedwater isolation and crossover valves. The feedwater isolation resulting from this condition may be manually blocked when the pressurizer pressure is below the P-11 setpoint. The block is automatically removed when the pressurizer pressure is above the P-11 setpoint.

The functional logic relating to the isolation of the main feedwater is illustrated in Figure 7.2-1, sheet 10.

7.3.1.2.7 Passive Residual Heat Removal Heat Exchanger Alignment A signal to align the passive heat removal heat exchanger to passively remove core heat is generated from any of the following conditions:

1.

Core makeup tank injection alignment signal (Subsection 7.3.1.2.3) 2.

First stage automatic depressurization system actuation (Subsection 7.3.1.2.4) 3.

Low-2 steam generator wide range water level 4.

Low-2 steam generator narrow range water level coincident with Low-2 startup feedwater flow 5.

High-3 pressurizer water level 6.

Manual initiation Each of these conditions opens the passive residual heat removal discharge isolation valves, closes the in-containment refueling water storage tank gutter isolation valves, and provides a confirmatory coincident with High cold leg temperature (Tcold -

High)

7.3-10 Revision 9 VEGP 3&4 - UFSAR open signal to the inlet isolation valve. The inlet isolation valve is normally open but can be closed by the operator. These conditions override any closure signal to this valve and also close the blowdown isolation valves in both steam generators.

Condition 3 results from the coincidence of two of the four divisions of steam generator wide range water level below the Low-2 setpoint in either of the two steam generators. Low-2 steam generator wide range water level can be manually blocked when the reactor coolant system average temperature is below the P-9 permissive setpoint, and is automatically unblocked when the reactor coolant average temperature is above the P-9 permissive.

Condition 4 results from the coincidence of two of the four divisions of steam generator narrow range water level below the Low-2 setpoint, after a preset time delay, coincident with a Low-2 startup feedwater flow in a particular steam generator. This function is provided for each of the two steam generators. The Low-2 steam generator narrow range water level also isolates blowdown in the affected steam generator. Low-2 steam generator narrow range water level can be manually blocked when the reactor coolant system average temperature is below the P-9 permissive setpoint, and is automatically unblocked when the reactor coolant average temperature is above the P-9 permissive.

Condition 5 results from the coincidence of pressurizer level above the High-3 setpoint in any two of four divisions. This function can be manually blocked when the reactor coolant system pressure is below the P-19 permissive setpoint to permit pressurizer water solid conditions with the plant cold.

This function is automatically unblocked when reactor coolant system pressure is above the P-19 setpoint. In addition to actuating the passive residual heat removal heat exchanger, condition 5 initiates a block of the pressurizer heaters.

Condition 6 consists of two momentary controls. Manual actuation of either of the two controls will align the passive residual heat removal heat exchanger initiating heat removal by this path.

The functional logic relating to alignment of the passive residual heat removal heat exchanger is illustrated in Figure 7.2-1, sheet 8. The development of the P-9 permissive is shown on Figure 7.2-1, sheet 7.

7.3.1.2.8 Turbine Trip A signal to initiate turbine trip is generated from any of the following conditions:

1.

Reactor trip (Table 7.3-2, interlock P-4) 2.

High-3 steam generator narrow-range water level 3.

Manual feedwater isolation (Subsection 7.3.1.2.6)

Each of these conditions initiates a turbine trip to prevent or terminate an excessive cooldown of the reactor or minimizes the potential for equipment damage caused by loss of steam supply to the turbine.

Condition 2 results from a coincidence of two of the four divisions of narrow range steam generator water level above the High-3 setpoint for either steam generator. This function can be manually blocked when the reactor coolant system average temperature is below the P-9 permissive setpoint.

This function is automatically unblocked when the reactor coolant system average temperature is above the P-9 permissive setpoint.

The functional logic relating to the tripping of the turbine is illustrated in Figure 7.2-1, sheet 14.

for both steam generators coincident with High cold leg temperature (Tcold - High) in either loop.

7.3-30 Revision 9 VEGP 3&4 - UFSAR

11. Startup Feedwater Isolation (Figure 7.2-1, Sheets 9 and 10) a.

Low-2 cold leg temperature (Low-2 Tcold) 4/loop 2/4-BYP1 either loop6 Manual block permitted below P-11 Automatically unblocked above P-11 b.

High-3 steam generator narrow range water level 4/steam generator 2/4-BYP1 in either steam generator Manual block permitted below P-9 Automatically unblocked above P-9 c.

Manual initiation of main feedwater isolation (See item 4b) d.

High10 steam generator narrow range level coincident with 4/steam generator 2/4-BYP1 in either steam generator Manual block permitted below P-9 Automatically unblocked above P-9 Reactor trip (P-4) 1/division 2/4 None

12. Passive Residual Heat Removal (Figure 7.2-1, Sheet 8) a.

Manual initiation 2 controls 1/2 controls None b.

Low-2 steam generator narrow range water level coincident with 4/steam generator 2/4-BYP1 in either steam generator Manual block permitted below P-9 Automatically unblocked above P-9 Low-2 startup feedwater flow 2/feedwater line 1/21 in either feedwater line None c.

Low-2 steam generator wide range water level 4/steam generator 2/4-BYP1 in either steam generator Manual block permitted below P-9 Automatically unblocked above P-9 d.

Core makeup tank injection (See Items 6a through 6e) e.

Automatic reactor coolant system depressurization (first stage)

(See items 3a through 3c) f.

High-3 pressurizer level 4

2/4-BYP1 Manual block permitted below P-19 Automatically unblocked above P-19

13. Block of Boron Dilution (Figure 7.2-1, Sheets 3 and 15) a.

Flux doubling calculation 4

2/4-BYP1 Manual block permitted above P-6 and above P-8 Automatically unblocked below P-6 or below P-8 Manual block permitted below P-8; demineralized water system isolation valves signaled closed when blocked below P-8 b.

Undervoltage to Class 1E battery chargers(8) 2/charger 2/2 per charger and 2/4 chargers5 None c.

Reactor trip (P-4) 1/division 2/4 None Table 7.3-1 (Sheet 5 of 9)

Engineered Safety Features Actuation Signals Actuation Signal No. of Divisions/

Controls Actuation Logic Permissives and Interlocks High cold leg temperature 4/loop 2/4 BYP1 None (Tcold - High) either loop6 both s

10.4-44 Revision 11.1 VEGP 3&4 - UFSAR 10.4.9.4.3 Preoperational System Testing Preoperational testing of the startup feedwater system is performed as described in Chapter 14.

Tests described in Subsection 14.2.9.1.7, under item c) of General Test Method and Acceptance Criteria satisfy BTP (AS) 10-2. Additional testing of the startup feedwater system is conducted during startup testing as described in Subsection 14.2.10.4.18.

10.4.9.4.4 Inservice Inspections The performance and structural and leaktight integrity of the startup feedwater system components are demonstrated by normal operation.

The inservice inspection program for ASME Section III Class 2 and 3 components is described in Section 6.6. The inservice testing program, including testing for the startup feedwater isolation valve and startup feedwater control valve, is described in Subsection 3.9.6.

10.4.9.5 Instrumentation Applications The startup feedwater system instrumentation is designed to facilitate automatic operation, remote control, and continuous indication of system parameters.

The startup feedwater flow is controlled by a steam generator level demand signal modulating the startup feedwater control valve. The control valve may either be in manual or automatic control. Refer to Section 7.7. The startup feedwater flow transmitters also provide redundant indication of startup feedwater and automatic safeguards actuation input on Low-2 flow coincident with Low-2 steam generator narrow range water level. See Section 7.3.

10.4.10 Auxiliary Steam System The auxiliary steam system (ASS) provides the steam required for plant use during startup, shutdown, and normal operation. Steam is supplied from either the auxiliary boiler or the main steam system. During a loss of normal ac power, a temporary boiler can be used for investment protection.

10.4.10.1 Design Basis 10.4.10.1.1 Safety Design Basis The auxiliary steam system serves no safety-related function and therefore has no nuclear safety design basis.

10.4.10.1.2 Power Generation Design Basis The auxiliary steam system supplies steam required by the unit for a cold start of the main steam system and turbine-generator. Additionally, the auxiliary steam system provides steam for hot water heating. Main steam supplements the auxiliary steam header during startup and supplies the auxiliary steam header during normal operation. The auxiliary boiler provides steam to the header during plant shutdown.

10.4.10.2

System Description

10.4.10.2.1 General Description The auxiliary boiler is located in the turbine building. The system consists of steam generation equipment and distribution headers.

in both SGs, coincident with High Tcold in either loop PRHR HX

15.0-22 Revision 6 VEGP 3&4 - UFSAR Notes:

1.

In addition to the response time given, a 4.0 second lag time is used in the accident analysis for this function to account for the associated RTDs. For automatic safeguards actuation, the 4.0 second lag time is only used for the temperature inputs.

S signal, power operated relief valve isolation, and steam line isolation on Low-2 steam line pressure 405 psia (with an adverse environment assumed) 535 psia (without an adverse environment assumed) 2.0 S signal on Low-3 pressurizer pressure 1700 psia 2.0 Reactor trip on PRHR discharge valves not closed Valve not closed 1.25 S signal and steamline isolation on high-2 containment pressure 6.7 psig 2.0 Reactor coolant pump trip following S 5.0 5.3 (LBLOCA)

PRHR actuation on high-3 pressurizer water level 76% of span 2.0 (plus 15.0-second timer delay)

Chemical and volume control system isolation on high-2 pressurizer water level 63.5% of span 2.0 Chemical and volume control system isolation on high-1 pressurizer water level coincident with S signal 33% of span 2.0(1)

Boron dilution block on source range flux doubling 3 over 50 minutes 80.0 ADS Stage 1 actuation on core makeup tank Low-3 level signal 67.5% of tank volume 32.0 seconds for control valve to begin to open)

ADS Stage 4 actuation on core makeup tank Low-6 level signal 20% of tank volume 2.0 seconds for squib valve to begin to open)

CMT actuation on pressurizer low-2 water level 0% of span 2.0 PRHR heat exchanger actuation on Low-2 SG narrow range water level coincident with Low-2 startup feedwater flow 0% of span (Low-2 SG narrow range water level) 100 gpm (Low-2 startup feedwater flow) 2.0 DWS isolation on reactor trip 2.0 Main control room isolation, air supply initiation, and electrical load de-energization on High-2 control room radioactivity Iodine: 2.00E-7 Ci/m3 Particulate: 2.00E-08 Ci/m3 200.0 Table 15.0-4a (Sheet 2 of 2)

Protection and Safety Monitoring System Setpoints and Time Delay Assumed in Accident Analyses Function Limiting Setpoint Assumed in Analyses Time Delays (seconds) coincident with Tcold - High

15.2-10 Revision 6 VEGP 3&4 - UFSAR z

The PRHR heat exchanger is actuated by the Low-2 steam generator narrow range water level (coincident with Low-2 start up feed water flow).

z For the loss of ac power to the station auxiliaries and following reactor trip, the main safety function required is core decay heat removal. That is accomplished by the secondary steam relief through the steam generator safety valves and the PRHR heat exchanger. One of two parallel valves in the PRHR outlet line is assumed to fail to open. This is the worst single failure.

z The pressurizer safety valves are assumed to function.

Plant characteristics and initial conditions are further discussed in Subsection 15.0.3.

Plant systems and equipment necessary to mitigate the effects of a loss of ac power to the station auxiliaries are discussed in Subsection 15.0.8 and listed in Table 15.0-6. Normal reactor control systems are not required to function. The protection and safety monitoring system is required to function following a loss of ac power. The PRHR heat exchanger is required to function with an overall minimum capability to extract heat from the reactor coolant system. No single active failure prevents operation of any system required to function.

Parameters used in the analysis are selected to maximize the pressurizer water volume. Input parameters are not selected to maximize the transient primary side and secondary side pressure.

Transient primary side and secondary side pressures during a loss of ac power to station auxiliaries are bounded by those calculated for the turbine trip analyses presented in Subsection 15.2.3.

With respect to DNB concerns, the loss of ac power to station auxiliaries event is bounded by the loss of ac power case analyzed for the turbine trip event presented in Subsection 15.2.3. The consequences of a loss of ac power to station auxiliaries that results in CMT actuation are bounded by the analysis of the Inadvertent Operation of the Core Makeup Tanks During Power Operation event described in Subsection 15.5.1.

15.2.6.2.2 Results The transient response of the reactor coolant system following a loss of ac power to the plant auxiliaries is shown in Figures 15.2.6-1 through 15.2.6-12. The calculated sequence of events for this event is listed in Table 15.2-1.

The loss of ac power event results in a pressurizer water volume increase until the actuation of the steam generator safety valves. Actuation of the steam generator safety valves attenuates the pressurizer water volume until actuation of the PRHR which turns around the pressurizer water volume increase. PRHR heat extraction and steam generator safety valve relief results in a consequential decrease in the water volume until the safety valve relief stops. After the steam generator safety valve flow stops the pressurizer water volume begins a slight increase until the PRHR heat extraction matches and then exceeds the decay heat addition resulting in a reduction in the pressurizer water volume.

15.2.6.3 Conclusions Results of the analysis show that for the loss of ac power to plant auxiliaries event, all safety criteria are met. The heat extraction provided by the steam relief capacity of the steam generator safety valves and the operation of the PRHR is sufficient to prevent water relief through the pressurizer safety valves.

coincident with two-out-of-four Tcold - High in either loop.

UFSAR subsection 15.2.6.2.1

15.2-11 Revision 6 VEGP 3&4 - UFSAR The analysis demonstrates that sufficient long-term reactor coolant system heat removal capability exists, via the steam generator safety valves, natural circulation and the PRHR heat exchanger, following reactor coolant pump coastdown to prevent fuel or cladding damage and reactor coolant system overpressure.

15.2.7 Loss of Normal Feedwater Flow 15.2.7.1 Identification of Causes and Accident Description A loss of normal feedwater (from pump failures, valve malfunctions, or loss of ac power sources) results in a reduction in the capability of the secondary system to remove the heat generated in the reactor core. If startup feedwater is not available, the safety-related PRHR heat exchanger is automatically aligned by the protection and safety monitoring system to remove decay heat.

A small secondary system break can affect normal feedwater flow control, causing low steam generator levels prior to protective actions for the break. This scenario is addressed by the assumptions made for the feedwater system pipe break (see Subsection 15.2.8).

The following occurs upon loss of normal feedwater (assuming main feedwater pump fails or valve malfunctions):

z The steam generator water inventory decreases as a consequence of the continuous steam supply to the turbine. The mismatch between the steam flow to the turbine and the feedwater flow leads to the reactor trip on a Low-2 steam generator narrow range water level signal.

The same signal also actuates the startup feedwater system (see Subsection 15.2.6.1).

z As the steam system pressure rises following the trip, the steam generator power-operated relief valves are automatically opened to the atmosphere. The condenser is assumed to be unavailable for turbine bypass. If the steam flow path through the power-operated relief valves is not available, the steam generator safety valves may lift to dissipate the sensible heat of the fuel and coolant plus the residual decay heat produced in the reactor.

z As the no-load temperature is approached, the steam generator power-operated relief valves (or safety valves, if the power-operated relief valves are not available) are used to dissipate the decay heat and to maintain the plant at the hot shutdown condition, if the startup feedwater is used to supply water to the steam generator.

z If startup feedwater is not available, the PRHR heat exchanger is actuated on either a Low-2 steam generator narrow range water level, coincident with a Low-2 startup feedwater flow rate signal or a Low-2 steam generator wide range water level signal.

z The PRHR heat exchanger extracts heat from the reactor coolant system and can lead to an S signal on a Low-2 Tcold signal. This would actuate the core makeup tanks. Note that in order to confirm the capability of the PRHR heat exchanger to remove decay heat, CMT actuation is not modeled. CMT actuation results in a significant primary side cooldown, and transitions the event from a decrease in heat removal event to an inventory increase event.

The consequences of a loss of normal feedwater flow event that results in CMT actuation are bounded by the analysis of the Inadvertent Operation of the Core Makeup Tanks During Power Operation event described in Subsection 15.5.1.

A loss-of-normal-feedwater event is classified as a Condition II event, a fault of moderate frequency.

and coincident with Tcold - High

15.2-12 Revision 6 VEGP 3&4 - UFSAR 15.2.7.2 Analysis of Effects and Consequences The analysis is performed to demonstrate the adequacy of the protection and safety monitoring system and the capability of the PRHR heat exchanger in removing long-term (approximately 36,000 seconds) decay heat following a loss of normal feedwater. This analysis also demonstrates the adequacy of these systems in preventing excessive heatup of the reactor coolant system with possible reactor coolant system overpressurization or loss of reactor coolant system water.

15.2.7.2.1 Method of Analysis An analysis using a modified version of the LOFTRAN code (Reference 2), described in WCAP-15644 (Reference 6), is performed to obtain the plant transient following a loss of normal feedwater. The simulation describes the neutron kinetics, reactor coolant system (including the natural circulation), pressurizer, and steam generators. The program computes pertinent variables, including the steam generator level, pressurizer water level, and reactor coolant average temperature.

Two cases are analyzed. One case assumes a consequential loss of ac power to the plant auxiliaries resulting from the turbine trip after reactor trip. The loss of ac power results in a coast down of the reactor coolant pumps. A second case does not assume the consequential loss of ac power, which maintains the reactor coolant pumps at normal speed until automatically tripped when an S signal is generated.

The assumptions used in the analysis are as follows:

z The plant is initially operating at 101 percent of the design power rating.

z Reactor trip occurs on Low-2 steam generator narrow range water level.

z The principle safety function required after reactor trip is the core decay heat removal. That function is carried out by the PRHR heat exchanger. The worst single failure is assumed to occur in the PRHR heat exchanger. The actuation of the PRHR heat exchanger requires the opening of one of the two fail-open valves arranged in parallel at the PRHR heat exchanger discharge. Because no single failure can be assumed that impairs the opening of both valves, the failure of a single valve is assumed.

The PRHR heat exchanger is actuated by the Low-2 steam generator narrow range water level signal, coincident with Low-2 start up feedwater flow or by the Low-2 steam generator wide range water level signal.

z Secondary system steam relief is achieved through the steam generator safety valves.

z The initial reactor coolant average temperature is 8°F lower than the nominal value, and initial pressurizer pressure is 50 psi lower than nominal for the case with ac power available.

The initial reactor coolant average temperature is 8°F higher than the nominal value, and initial pressurizer pressure is 50 psi higher than nominal for the case without ac power available.

The loss of normal feedwater analyses are performed to demonstrate the adequacy of the protection and safety monitoring system and the PRHR heat exchanger in removing long-term decay heat.

Such decay heat removal prevents excessive heatup of the reactor coolant system with possible resultant reactor coolant system overpressurization or loss of reactor coolant system water. The assumptions used in this analysis minimize the energy removal capability of the system, and maximize the coolant system expansion.

and coincident with High Tcold

15.2-23 Revision 6 VEGP 3&4 - UFSAR II.A.

Loss of ac power to the plant auxiliaries Offsite ac power is lost, feedwater is lost, RCPs begin to coast down, turbine trip occurs (transient initiation) 10.0 RCP Low-2 speed reactor trip set point is reached 10.5 Rods begin to drop 11.2 Pressurizer safety valves first open

~80.0 Steam generator safety valves first open 99.2 Low steam generator narrow range water level reactor trip setpoint reached 454.8 PRHR heat exchanger actuation on Low-2 steam generator narrow range water level (coincident with Low-2 start up flow rate) 637.0 Maximum long term pressurizer water volume reached 17,100 PRHR heat exchanger heat removal matches decay heat

~17,700 Table 15.2-1 (Sheet 5 of 8)

Time Sequence of Events for Incidents Which Result in a Decrease in Heat Removal By the Secondary System Accident Event Time (seconds) coincident with Tcold -

High

15.2-24 Revision 6 VEGP 3&4 - UFSAR IIIA.

Loss of normal feedwater flow Feedwater is lost (transient initiation) 10.0 Low-2 steam generator narrow range water level reactor trip reached 61.1 Rods begin to drop 63.1 Minimum DNBR is reached 64.0 Steam generator safety valves first open 94.5 PRHR heat exchanger actuation on Low-2 steam generator narrow range water level (coincident with Low-2 start up feeedwater flow rate) 243.1 Cold leg temperature reaches Low-2 Tcold setpoint 1455.6 Reactor coolant pump trip on Low-2 Tcold S signal 1455.6 Steam line isolation on Low-2 Tcold S signal 1467.6 Core makeup tank actuation on Low-2 Tcold S signal 1587.9 Pressurizer safety valves first open

~2500 PRHR heat exchanger heat removal matches decay heat addition

~15,500 Maximum long term pressurizer water volume reached 16,500 Table 15.2-1 (Sheet 6 of 8)

Time Sequence of Events for Incidents Which Result in a Decrease in Heat Removal By the Secondary System Accident Event Time (seconds) coincident with Tcold -

High Revised Technical Specification Pages Revised Technical Specification Pages

Technical Specifications ESFAS Instrumentation 3.3.8 VEGP Units 3 and 4 3.3.8 - 7 Amendment No. ___ (Unit 3)

Amendment No. ___ (Unit 4)

Table 3.3.8-1 (page 1 of 3)

Engineered Safeguards Actuation System Instrumentation FUNCTION APPLICABLE MODES OR OTHER SPECIFIED CONDITIONS REQUIRED CHANNELS CONDITIONS

1.

Containment Pressure

a. - Low 1,2,3,4,5(a),6(a) 4 P

b. - Low 2 1,2,3,4,5(a),6(a) 4 P

2.

Containment Pressure - High 2 1,2,3,4 4

H

3.

Containment Radioactivity - High 1,2,3,4(b) 4 l

4.

Containment Radioactivity - High 2 1,2,3 4

l

5.

Pressurizer Pressure - Low 3 1,2,3(c)(l) 4 E

6.

Pressurizer Water Level - Low 1,2 4

D

7.

Pressurizer Water Level - Low 2 1,2,3,4(b) 4 F

4(d),5(e) 4 J

8.

Pressurizer Water Level - High 1,2,3 4

l

9.

Pressurizer Water Level - High 2 1,2,3,4(f) 4 l

10.

Pressurizer Water Level - High 3 1,2,3,4(f) 4 Q

11.

RCS Cold Leg Temperature (Tcold)

a. - Low 2 1,2,3(c)(l) 4 per loop E

b. - High 1,2,3,4(b) 4 per loop F

12.

Reactor Coolant Average Temperature (Tavg)

- Low 1,2 4

D

13.

Reactor Coolant Average Temperature (Tavg)

- Low 2 1,2 4

D (a) Without an open containment air flow path 6 inches in diameter.

(b) With the RCS not being cooled by the Normal Residual Heat Removal System (RNS).

(c) Above the P-11 (Pressurizer Pressure) interlock.

(d) With the RCS being cooled by the RNS.

(e) With RCS not VENTED and CMT actuation on Pressurizer Water Level - Low 2 not blocked.

(f) With all four cold leg temperatures > 275°F.

(g) With upper internals in place.

(l) Below the P-11 (Pressurizer Pressure) interlock and RCS boron concentration is less than that necessary to meet the SDM requirements at an RCS temperature of 200°F.

Technical Specifications ESFAS Instrumentation 3.3.8 VEGP Units 3 and 4 3.3.8 - 8 Amendment No. ___ (Unit 3)

Amendment No. ___ (Unit 4)

Table 3.3.8-1 (page 2 of 3)

Engineered Safeguards Actuation System Instrumentation FUNCTION APPLICABLE MODES OR OTHER SPECIFIED CONDITIONS REQUIRED CHANNELS CONDITIONS

14. RCS Wide Range Pressure - Low 1,2,3,4 4

H 5(n) 4 K

6(g)(n) 4 L

15. Core Makeup Tank (CMT) Level - Low 3 1,2,3,4(b) 4 per tank F

4(d),5(h) 4 per OPERABLE tank J

16. CMT Level - Low 6 1,2,3,4(b) 4 per tank F

4(d),5(h)(n) 4 per OPERABLE tank J

17. Source Range Neutron Flux Doubling 2(i),3(i),4(j) 4 I

5(j) 4 I

18. IRWST Lower Narrow Range Level - Low 3 1,2,3,4(b) 4 F

4(d),5(n) 4 M

6(g)(n) 4 N

19. Reactor Coolant Pump Bearing Water Temperature - High 2 1,2,3,4 4 per RCP O

20. SG Narrow Range Water Level - Low 2 1,2,3,4(b) 4 per SG F

21. SG Wide Range Water Level - Low 2 1,2,3,4(b) 4 per SG F

22. SG Narrow Range Water Level High 1,2,3,4 4 per SG I

23. SG Narrow Range Water Level - High 3 1,2 4 per SG D

3,4 4 per SG I

(b) With the RCS not being cooled by the Normal Residual Heat Removal System (RNS).

(d) With the RCS being cooled by the RNS.

(g) With upper internals in place.

(h) With RCS not VENTED.

(i) With unborated water source flow paths not isolated except when critical or except during intentional approach to criticality.

(j) With unborated water source flow paths not isolated.

(n) For Unit 3 only, not required to be OPERABLE prior to initial criticality.

Technical Specifications ESFAS Instrumentation 3.3.8 VEGP Units 3 and 4 3.3.8 - 9 Amendment No. ___ (Unit 3)

Amendment No. ___ (Unit 4)

Table 3.3.8-1 (page 3 of 3)

Engineered Safeguards Actuation System Instrumentation FUNCTION APPLICABLE MODES OR OTHER SPECIFIED CONDITIONS REQUIRED CHANNELS CONDITIONS

24. Steam Line Pressure - Low 2 1,2,3(c)(l)(m) 4 per steam line G

25. Steam Line Pressure - Negative Rate - High 3(k) 4 per steam line I

(c) Above the P-11 (Pressurizer Pressure) interlock.

(k) Below the P-11 (Pressurizer Pressure) interlock when Steam Line Pressure - Low 2 is blocked.

(l) Below the P-11 (Pressurizer Pressure) interlock and RCS boron concentration is less than that necessary to meet the SDM requirements at an RCS temperature of 200°F.

(m) Below the P-11 (Pressurizer Pressure) interlock when Steam Line Pressure - Low 2 is not blocked.

Technical Specification Bases Marked-up Pages (For Information Only)

Technical Specification Bases Marked-up Pages (For Information Only)

Insertions Denoted by underlined Blue text and Deletions by Red Strikethrough Omitted text is identified by three asterisks ( * * * )

Technical Specifications Bases ESFAS Instrumentation B 3.3.8 VEGP Units 3 and 4 B 3.3.8 - 7 Revision __77 BASES BACKGROUND (continued)

ESF Coincidence Logic (Local Coincidence Logic (LCL) System)

Each PMS division contains two identical and redundant LCL subsystems receiving the same input signals and performing the same logic. The LCL subsystems perform the logic to combine the partial actuation signals from the BPL subsystems, along with permissives, blocks, and resets, and generate an actuation output signal to the ESF Actuation Subsystem Logic (Integrated Logic Cabinet (ILC)).

Eight LCL subsystems are provided in the PMS architecture. Each of the LCL subsystems receives partial ESF actuation signals and status signals from each of the eight BPL subsystems. In normal operation, the LCL logic is programmed to assume that a partial actuation signal in either BPL subsystem in a given division is equivalent to a partial actuation signal.

In the event of a single BPL processor or associated datalink failure in a division is detected by diagnostics, the LCL logic will reject the input from the failed component and use the input from the other BPL subsystem from the affected division as the source of actuation information. This allows the function logic to remain in a 2oo4 logic configuration.

LCL processors will only permit bypass of both BPL inputs of a given function from one division (such as due to a failed sensor). In the event of a division bypass, the LCL reverts to 2oo3 logic in the affected function.

The LCL subsystems act to initiate an ESF actuation when the required number of divisions reaches a partial actuation state (e.g., 2oo4, 1oo2).

The LCL also provides for the bypass of actuation functions to accommodate periodic tests and maintenance. During LCL subsystem testing, each LCL subsystem is tested individually. During testing, the redundant LCL subsystem is available to provide output signals to the ILCs. For the CMT Actuation function only, both LCL processors in each division must be capable of functioning to maintain a single failure proof design, because the same two divisions of PMS are required to actuate both outlet valves for a given CMT. Therefore, if one of the two redundant PMS LCLs in a division is taken out of service or has no output or a bad quality signal, the CMT outlet valve component interface modules (CIMs) in the affected division must be locally placed in an actuate condition. This ensures CMT actuation will occur on a valid actuation signal in the event of a subsequent single failure of an LCL. This permits the division being tested to remain OPERABLE while the testing is being conducted. In combination with manual tests required by Surveillance Requirements, the LCLs are tested via continuous system self-checking features.

Technical Specifications Bases ESFAS Instrumentation B 3.3.8 VEGP Units 3 and 4 B 3.3.8 - 26 Revision __77 BASES APPLICABLE SAFETY ANALYSES, LCOs, and APPLICABILITY (continued)

A Passive Containment Cooling Actuation signal initiates water flow by gravity by opening the isolation valves. The water flows onto the containment dome, wetting the outer surface. The path for natural circulation of air along the outside walls of the containment structure is always open.

Passive Containment Cooling is actuated on the following signals:

Containment Pressure - High 2; and Passive Containment Cooling Actuation - Manual Initiation.

Passive Residual Heat Removal (PRHR) Heat Exchanger Actuation The PRHR Heat Exchanger (HX) provides emergency core decay heat removal when the Startup Feedwater System is not available to provide a heat sink.

PRHR is actuated on the following signals:

SG Narrow Range Water Level - Low 2 coincident with Startup Feedwater Flow - Low 2 coincident with Tcold - High; SG Wide Range Water Level - Low 2; ADS Stages 1, 2, & 3 Actuation; CMT Actuation; Pressurizer Water Level - High 3; and PRHR Heat Exchanger Actuation - Manual Initiation.

Boron Dilution Block The block of boron dilution is accomplished by closing the CVS makeup line isolation valves or closing the demineralized water system isolation valves to the CVS.

Boron Dilution Block is actuated on the following signals:

Source Range Neutron Flux Doubling; and Reactor Trip Signal (P-4).

Technical Specifications Bases ESFAS Instrumentation B 3.3.8 VEGP Units 3 and 4 B 3.3.8 - 37 Revision __77 BASES APPLICABLE SAFETY ANALYSES, LCOs, and APPLICABILITY (continued)

This Function is required to be OPERABLE in MODES 1, 2, and 3 and in MODE 4 when all four cold leg temperatures are > 275°F.

This Function is not required to be OPERABLE in MODE 4 with at least one cold leg temperature 275°F or MODES 5 and 6 because it is not required to mitigate a DBA in these MODES.

10. Pressurizer Water Level - High 3 PRHR is actuated and the pressurizer heaters are tripped when the pressurizer water level reaches its High 3 setpoint. This signal provides protection against a pressurizer overfill following an inadvertent core makeup tank actuation with consequential loss of offsite power. This Function is automatically unblocked when RCS pressure is above the P-19 (RCS pressure) setpoint. Each water level signal is compensated using pressurizer reference leg temperature, pressurizer pressure and RCS wide range pressure.

The ESFAS protective functions actuated by Pressurizer Water Level

- High 3 are:

PRHR Heat Exchanger Actuation; and Pressurizer Heater Trip.

This Function is required to be OPERABLE in MODES 1, 2, and 3, and in MODE 4 when all four cold leg temperatures are > 275°F.

This Function is not required to be OPERABLE in MODE 4 with at least one cold leg temperature 275°F or in MODES 5 and 6 because it is not required to mitigate DBA in these MODES.

11.a RCS Cold Leg Temperature (Tcold) - Low 2 This signal provides protection against the following accidents:

SLB; Feed line break; and Inadvertent opening of an SG relief or an SG safety valve.

Technical Specifications Bases ESFAS Instrumentation B 3.3.8 VEGP Units 3 and 4 B 3.3.8 - 38 Revision __77 BASES APPLICABLE SAFETY ANALYSES, LCOs, and APPLICABILITY (continued)

The ESFAS protective functions actuated by RCS Cold Leg Temperature (Tcold) - Low 2 are:

Safeguards Actuation; Steam Line Isolation; and Startup Feedwater Isolation.

This Function provides closure of the MSIVs during a SLB or inadvertent opening of a SG relief or a safety valve to maintain at least one unfaulted SG as a heat sink for the reactor and to limit the mass and energy release to containment. This Function also closes the startup feedwater control and isolation valves and trips the startup feedwater pumps if reactor coolant system cold leg temperature is below the Tcold setpoint in any loop.

The LCO requires four channels of Tcold - Low 2 to be OPERABLE in MODES 1 and 2. Additionally, they are required to be OPERABLE in MODE 3 above P-11 or in a condition below P-11 where the RCS boron concentration is below that necessary to meet the SDM requirements at an RCS temperature of 200°F. At these conditions, a secondary side break or stuck open valve could result in the rapid cooldown of the primary side. Four channels are provided in each loop to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. In MODES 4, 5, and 6, this Function is not needed for accident detection and mitigation because the cold leg temperature is reduced below the actuation setpoint.

11.b RCS Cold Leg Ternperature (Tcold) High PRHR is actuated when the Tcold reaches its High setpoint in either loop coincident with SG Narrow Range Water Levels indicating Low 2 coincident with Startup Feedwater Flows indicating Low 2 in both SGs. The Tcold - High Function requires four channels per loop to be OPERABLE to satisfy the requirements with a two-out-of-four logic in either loop.

Technical Specifications Bases ESFAS Instrumentation B 3.3.8 VEGP Units 3 and 4 B 3.3.8 - 39 Revision __77 BASES APPLICABLE SAFETY ANALYSES, LCOs, and APPLICABILITY (continued)

Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this Function. The Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide protection for an event that results in a harsh environment.

The ESFAS protective function actuated by Tcold - High is:

PRHR Heat Exchanger Actuation.

The Tcold - High Function is required to be OPERABLE in MODES 1, 2, and 3 and in MODE 4 when the RCS is not being cooled by the RNS. This ensures that the PRHR can be actuated in the event of a loss of the normal heat removal systems. In MODE 4 when the RCS is being cooled by the RNS, and in MODES 5 and 6, the PRHR is not required to provide the normal RCS heat sink.

12. Tavg Low This signal provides protection against excessive feedwater flow by closing the main feedwater control valves. This signal results from a coincidence of two of the four divisions of reactor loop average temperature below the Low setpoint coincident with the P-4 permissive. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure that no single random failure will disable this trip Function.

The Main Feedwater Control Valve Isolation ESFAS protective function is actuated by Tavg Low.

Closing the Main Feedwater Control Valves on Tavg Low coincident with Reactor Trip (P-4) is required to be OPERABLE in MODES 1 and 2. Failure to close the main feedwater control valves following a SLB or FLB can lead to additional mass and energy being delivered to the steam generators, resulting in excessive cooldown and additional mass and energy release in containment.

13. Tavg Low-2 This signal provides protection against excessive feedwater flow by closing the main feedwater isolation and crossover leg valves, and tripping of the main feedwater pumps. This signal results from a coincidence of two out of four divisions of reactor loop average temperature below the Low 2 setpoint coincident with the P-4 permissive.

Technical Specifications Bases ESFAS Instrumentation B 3.3.8 VEGP Units 3 and 4 B 3.3.8 - 44 Revision __77 BASES APPLICABLE SAFETY ANALYSES, LCOs, and APPLICABILITY (continued)

20. SG Narrow Range Water Level - Low 2 PRHR is actuated when the SG Narrow Range Water Level reaches its Low 2 setpoint coincident with an indication of Low 2 Startup Feedwater Flows in both SGs, coincident with an indication of Tcold -

High in either loop. The LCO requires four channels per steam generator to be OPERABLE to satisfy the requirements with a two-out-of-four logic in each steam generator. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function.

Each water level signal is compensated using steam line pressure.

The Setpoint reflects both steady state and adverse environmental instrument uncertainties as the detectors provide protection for an event that results in a harsh environment.

The ESFAS protective functions actuated by SG Narrow Range Water Level - Low 2 are:

PRHR Heat Exchanger Actuation; and SG Blowdown Isolation The SG Narrow Range Water Level - Low 2 Function is required to be OPERABLE in MODES 1, 2, and 3 and in MODE 4 when the RCS is not being cooled by the Normal Residual Heat Removal System (RNS). This ensures that PRHR can be actuated in the event of a loss of the normal heat removal systems. In MODE 4 when the RCS is being cooled by the RNS, and in MODES 5 and 6, the SGs are not required to provide the normal RCS heat sink.

Therefore, startup feedwater flow is not required, and PRHR actuation on Low 2 steam generator narrow range water level is not required. This ESFAS function can be manually blocked by the main control room operator when below the P-9 setpoint (Tavg interlock) and is automatically unblocked when above the P-9 setpoint. This block is necessary to permit routine maintenance without PRHR heat exchanger actuation or SG blowdown isolation.

21. SG Wide Range Water Level - Low 2 PRHR is also actuated when the SG Wide Range Water Level reaches its Low 2 Setpoint. There are four wide range level channels for each steam generator and a two-out-of-four logic is used. Four channels are provided to permit one channel to be in trip or bypass indefinitely and still ensure no single random failure will disable this trip Function. Each water level signal is compensated

Technical Specifications Bases ESFAS Startup Feedwater Flow Instrumentation B 3.3.11 VEGP Units 3 and 4 B 3.3.11 - 1 Revision __71 3.3 INSTRUMENTATION B 3.3.11 Engineered Safety Feature Actuation System (ESFAS) Startup Feedwater Flow Instrumentation BASES BACKGROUND A description of the ESFAS Instrumentation is provided in the Bases for LCO 3.3.8, "Engineered Safety Feature Actuation System (ESFAS)

Instrumentation."

APPLICABLE SAFETY ANALYSES, LCOs, and APPLICABILITY The required channels of ESFAS instrumentation provide plant protection in the event of any of the analyzed accidents ESFAS protective functions include PRHR Heat Exchanger Actuation.

PRHR is actuated when the Steam Generator Narrow Range Water Level reaches its Low 2 setpoint coincident with an indications of Low 2 Startup Feedwater Flows for both SGs coincident with Tcold - High in either loop.

Startup Feedwater Flow - Low 2 uses a one-out-of-two logic on each of the two startup feedwater lines. These two startup feedwater line Functions are required to be OPERABLE in MODES 1, 2, and 3, and in MODE 4 when the Reactor Coolant System (RCS) is not being cooled by the Normal Residual Heat Removal System (RNS). This ensures that PRHR can be actuated in the event of a loss of the normal heat removal systems. In MODE 4 when the RCS is being cooled by the RNS, and in MODES 5 and 6, the steam generators (SGs) are not required to provide the normal RCS heat sink. Therefore, startup feedwater flow is not required, and PRHR actuation on Low 2 startup feedwater flow is not required.

ESFAS Instrumentation Startup Feedwater Flow satisfies Criterion 3 of 10 CFR 50.36(c)(2)(ii).

ACTIONS A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this specification may be entered independently for each startup feedwater line Function. The Completion Time(s) of the inoperable equipment of each startup feedwater line Function will be tracked separately starting from the time the Condition was entered for that Function. Because the Required Channels are specified on a per startup feedwater line basis, separate Condition entry is allowed for each startup feedwater line.