| title = Technical Specification Bases, Revisions 36 and 37, B 3.3, Instrumentation

{{#Wiki_filter:RPS Instrumentation-Operating B 3.3.1 B 3.3 INSTRUMENTATION B 3.3.1 Reactor Protective System (RPS) Instrumentation-Operating BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-1 Revision 2 BACKGROUND The RPS initiates a reactor trip to protect against violating the core specified acceptable fuel design limits and breaching the reactor coolant pressure boundary during anticipated operational occurrences (AOOs). By tripping the reactor, the RPS also assists the Engineered Safety Features (ESF) systems in mitigating accidents.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-2 Revision 2 The RPS is segmented into four interconnected modules.

Measurement channels; Bistable trip units; RPS logic; and Reactor trip circuit breakers (RTCBs).

This LCO addresses measurement channels and bistable trip units. It also addresses the automatic bypass removal channel for those trips with operating bypasses. The RPS logic and RTCBs are addressed in LCO 3.3.3.

An instrument channel consists of the measurement channel and bistable trip unit for one channel of one Function.

The role of each of these modules in the RPS, including those associated with the logic and RTCBs, is discussed below.

Measurement Channels Measurement channels, consisting of field transmitters or process sensors and associated instrumentation, provide a measurable electronic signal based upon the physical characteristics of the parameter being measured.

The Power Range excore nuclear instrumentation drawers, Thermal Margin/Low Pressure (TM/LP) trip calculators, and Axial Power Distribution (APD) trip calculators, are considered components in the measurement channels. The power range nuclear instruments (NIs) provide average power and subchannel deviation signals. The wide range NIs provide a Rate of Change of Power-High trip. Two decades of overlap are provided between the power range NIs and the wide range NIs. Three RPS trip functions use a power level designated as Q power as an input. Q power is the higher of NI power and primary calorimetric power (T power) based on RCS hot leg and cold leg temperatures. Trip functions using Q power as an input include the Power Level-High, TM/LP, and the APD trips.  

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-3 Revision 2 The TM/LP and APD trip calculators provide the complex signal processing necessary to calculate the TM/LP trip setpoint, Asymmetric Steam Generator Transient (ASGT) trip setpoint, APD trip setpoint, Power Level-High trip setpoint, and Q power calculation.

When a measurement channel monitoring a parameter exceeds a predetermined setpoint, indicating an unsafe condition, the bistable in the bistable trip unit monitoring the parameter in that measurement channel will trip. Tripping two or more bistable trip units monitoring the same parameter de-energizes matrix logic, which in turn de-energizes the trip path logic. This causes all eight RTCBs to open, interrupting power to the control element assemblies (CEAs),

Three of the four instrument channels are necessary to meet the redundancy and testability as described in Reference 1, Appendix 1C. The fourth channel provides additional flexibility by allowing one channel to be removed from service (trip bypass) for maintenance or testing, while still maintaining a minimum two-out-of-three logic. Thus, even with a channel inoperable, no single additional failure in the RPS can either cause an inadvertent trip or prevent a required trip from occurring.

On power increases, the trip setpoint remains fixed unless manually reset, at which point the trip setpoint increases to the new setpoint, which is a fixed increment above Q power at the time of reset, and the trip setpoint is subject to a maximum value. Thus, during power escalation, the trip setpoint must be repeatedly reset to avoid a reactor trip.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-5 Revision 2 inputs and represents a minimum acceptable RCS pressure to be compared to actual RCS pressure in the TM/LP trip unit.

Steam generator pressure is also an indirect input to the TM/LP trip via the ASGT. This Function provides a reactor trip when the secondary pressure in either steam generator exceeds that of the other generator by greater than a fixed amount. The trip is implemented by biasing the TM/LP trip setpoint upward so as to ensure TM/LP trip if an ASGT is detected.

APD-High Trip Q power and subchannel deviation are inputs to the APD trip. The APD trip setpoint is a function of Q power, being more restrictive at higher power levels. It provides a reactor trip if actual ASI exceeds the APD trip setpoint.

Bistable Trip Units Bistable trip units, mounted in the RPS cabinet, receive an analog input from the measurement channels, compare the analog input to trip setpoints, and provide contact output to the matrix logic. They also provide local trip indication and remote annunciation.

There are four channels of bistable trip units, designated A through D, for each RPS Function, one for each measurement channel. Bistable output relays de-energize when a trip occurs.

Some of the RPS measurement channels provide contact outputs to the RPS, so the comparison of an analog input to a trip setpoint is not necessary. In these cases, the bistable trip unit is replaced with an auxiliary trip unit. The auxiliary trip units provide contact multiplication so the  

All RPS trips, with the exception of the Loss of Load trip, generate a pretrip alarm as the trip setpoint is approached.

The trip setpoints used in the bistable trip units are based on the analytical limits stated in Reference 1, Chapter 14, except for the APD and Loss of Load Functions, which are not credited in safety analyses. The selection of these trip setpoints is such that adequate protection is provided when all sensor and processing time delays are taken into account in the respective analytical limits. To allow for calibration tolerances, instrumentation uncertainties, instrument channel drift, and severe environment errors (for those RPS channels that must function in harsh environments, as defined by Reference 2, 10 CFR 50.49) RPS trip setpoints are conservatively adjusted with respect to the analytical limits. In the case of the TM/LP trip, there is also an additional adjustment for cold leg temperature differences.

A detailed description of the methodology used to calculate the trip setpoints, including their explicit uncertainties, is provided in Reference 4. The nominal trip setpoint entered into the bistable is more conservative than that specified by the Allowable Value. A channel is inoperable if its actual setpoint is not within its required Allowable Value.

RPS Logic The RPS logic, addressed in LCO 3.3.3, consists of both matrix and trip path logic and employs a scheme that provides a reactor trip when bistables in any two of the four channels sense the same input parameter trip signal.

The logic matrix relay contacts are arranged into trip paths, with one of the four matrix relays in each matrix opening contacts in one of the four trip paths. Each trip path provides power to one of the four normally energized RTCB control relays (K1, K2, K3, and K4). Thus, the trip paths each have six contacts in series, one from each matrix, performing a logical OR function by opening the RTCBs if any one or more of the six logic matrices indicate a coincidence condition.

Each trip path is responsible for opening one set of two of the eight RTCBs. When de-energized, the RTCB control relays (K-relays) interrupt power to the breaker undervoltage trip coils and simultaneously apply power to the shunt trip coils on each of the two breakers. Actuation of either the undervoltage or shunt trip coil is sufficient to open the RTCB and interrupt power from the motor generator (MG) sets to the control element drive mechanisms (CEDMs).

It is possible to change the two-out-of-four RPS logic to a two-out-of-three logic for a given input parameter, in one channel at a time, by trip bypassing select portions of the matrix logic. Trip bypassing a bistable trip unit effectively shorts the bistable relay contacts in the three matrices associated with that instrument channel. Thus, the bistables will function normally, producing normal trip indication and annunciation, but a reactor trip will not occur unless two additional instrument channels indicate a trip condition. Trip bypassing can be simultaneously performed on any number of parameters in any number of Functions, providing each parameter is bypassed in only one instrument channel per function at a time. Administrative controls prevent simultaneous trip bypassing of the same parameter in more than one instrument channel. Trip bypassing is normally employed during maintenance or testing.

In addition to the trip bypasses, there are also operating bypasses on select RPS trips. Some of these operating bypasses are enabled manually, others automatically, in all four RPS instrument channels for a Function when plant conditions do not warrant the specific trip function protection. All operating bypasses are automatically  

The two RTCBs within a trip path are actuated by separate trip paths.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-10 Revision 12 When a manual trip is initiated using the control room push buttons, the RPS trip paths and K-relays are bypassed, and the RTCB undervoltage and shunt trip coils are actuated independent of the RPS.

Uncontrolled CEA withdrawal event; Excess load; and CEA ejection event.  

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-11 Revision 31 The first two events are AOOs, and fuel integrity is maintained. The third is an accident, and limited fuel damage may occur.

Rate of Change of Power-High Trip The Rate of Change of Power-High trip is used to trip the reactor when excore logarithmic power, measured by the wide range logarithmic neutron flux monitors, indicates an excessive rate of change. The Rate of Change of Power-High trip Function minimizes transients for events such as a born dilution event, continuous CEA withdrawal, or CEA ejection from subcritical conditions. Because of this Function, such events are assured of having much less severe consequences than events initiated from critical conditions. The trip is automatically bypassed when NUCLEAR INSTRUMENT POWER is

> 12% RTP, where other RPS trips provide protection from these events. The automatic bypass removal feature ensures that the Rate of Change of Power-High trip is enabled when reactor power is between 1E-4% and 12% RTP. With the RTCBs open, the Rate of Change of Power-High trip is not required to be OPERABLE; however, at least two wide range logarithmic neutron flux monitor channels are required by LCO 3.3.12 to be OPERABLE. Limiting Condition for Operation 3.3.12 ensures the wide range logarithmic neutron flux monitor channels are available to detect and alert the operator to a boron dilution event.

Reactor Coolant Flow-Low Trip The Reactor Coolant Flow-Low trip provides protection during the following events:

Loss of RCS flow; Loss of non-emergency AC power; and Reactor coolant pump (RCP) seized rotor.

Containment Pressure-High Trip The Containment Pressure-High trip prevents exceeding the containment design pressure during certain loss of coolant accidents (LOCAs) or FWLB accidents. It ensures a reactor trip prior to, or concurrent with, a LOCA, thus assisting the ESFAS in the event of a LOCA or Main Steam Line Break (MSLB). Since these are accidents, SLs may be violated. However, the consequences of the accident will be acceptable.

Steam Generator Pressure-Low Trip The Steam Generator Pressure-Low trip provides protection against an excessive rate of heat extraction from the steam generators, which would result in a rapid uncontrolled cooldown of the RCS. This trip is needed to shut down the reactor and assist the ESFAS in the event of an MSLB. Since these are accidents, SLs may be violated. However, the consequences of the accident will be acceptable.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-13 Revision 31 the Feedwater System pipe break accident will be acceptable.

APD-High Trip The APD-High trip ensures that excessive axial peaking, such as that due to axial xenon oscillations, will not cause fuel damage. It ensures that neither a DNBR less than the SL, nor a peak linear heat rate that corresponds to the temperature for fuel centerline melting, will occur. This trip is the primary protection against fuel centerline melting. While no event specifically credits the Axial Flux Offset trip, the ASI limits established by this trip provide ASI limits for safety and setpoint analyses.

RCS depressurization (inadvertent safety or power-operated relief valves opening);

The first event is an AOOs, and fuel integrity is maintained. The second and third events are accidents, and limited fuel damage may occur, although only the LOCA is expected to result in fuel damage. The trip is initiated whenever the RCS pressure signal drops below a minimum value (Pmin) or a computed value (Pvar) as described below, whichever is higher. The setpoint is a Function of Q power, ASI, and reactor inlet (cold leg) temperature.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-14 Revision 31 trip signal. In addition, CEA group sequencing in accordance with LCO 3.1.7 is assumed. Finally, the maximum insertion of CEA banks that can occur during any AOO prior to a Power Level-High trip is assumed.

The most limiting event is closure of a single main steam isolation valve (MSIV). Asymmetric Steam Generator Transient is provided by comparing the secondary pressure in both steam generators in the TM/LP trip calculator. If the pressure in either exceeds that in the other by the trip setpoint, a TM/LP trip will result.

: 10. Loss of Load The Loss of Load trip causes a trip when operating above 15% of RTP. This trip provides turbine protection, reduces the severity of the ensuing transient, and helps avoid the lifting of the main steam safety valves during the ensuing transient, thus extending the service life of these valves. No credit was taken in the accident analyses for operation of this trip. Its functional capability is required to enhance overall plant equipment service life and reliability.

Power rate of change bypass removal The Rate of Change of Power-High trip is automatically bypassed at < 1E-4% RTP, as sensed by the wide range NI Level 1 bistable, and at

> 12% RTP by the linear range NI Level 1 bistable, mounted in their respective NI drawers (Reference 5). Automatic bypass removal is also effected by these bistables when conditions are no longer satisfied. The automatic bypass removal feature ensures that the Rate of Change of Power-High trip is enabled when reactor power is between 1E-4% and 12% RTP.

Steam Generator Pressure-Low trip bypass removal. The Steam Generator Pressure-Low trip is manually enabled below the pretrip setpoint. The permissive signal is removed, and the bypass automatically removed, when the Steam Generator Pressure-Low trip is above the pretrip setpoint.

The RPS instrumentation satisfies 10 CFR 50.36(c)(2)(ii),

Criterion 3.

LCO The LCO requires all instrumentation performing an RPS Function to be OPERABLE. Failure of any required portion of the instrument channel renders the affected channel(s) inoperable and reduces the reliability of the affected Functions. The specific criteria for determining channel OPERABILITY differ slightly between Functions. These

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-16 Revision 31 criteria are discussed on a Function-by-Function basis below.

Actions allow trip channel bypass of individual instrument channels, but administrative controls prevent operation with a second channel in the same Function bypassed. Plants are restricted to 48 hours in a trip bypass condition before either restoring the Function to four channel operation (two-out-of-four logic) or placing the channel in trip (one-out-of-three logic).

Only the Allowable Values are specified for each RPS trip Function in the LCO. Nominal trip setpoints are established for the Functions via the plant-specific procedures. The nominal setpoints are selected to ensure the plant parameters do not exceed the Allowable Value if the bistable trip unit is performing as required. Operation with a trip setpoint less conservative than the nominal trip setpoint, but within its Allowable Value, is acceptable, provided that operation and testing are consistent with the assumptions of the plant-specific setpoint calculations. Each nominal trip setpoint is more conservative than the analytical limit assumed in the safety analysis in order to account for instrument channel uncertainties appropriate to the trip Function. These uncertainties are defined in Reference 4.

The nominal trip setpoint entered into a bistable is more conservative than that specified by the Allowable Value. A channel is inoperable if its actual setpoint is not within its required Allowable Value.

Power Level-High Trip This LCO requires all four instrument channels of the Power Level-High trip to be OPERABLE in MODEs 1 and 2.

The Allowable Value is high enough to provide an operating envelope that prevents unnecessary Power Level-High trips during normal plant operations. The Allowable Value is low enough for the system to

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-17 Revision 34 maintain a margin to unacceptable fuel cladding damage should a CEA ejection accident occur.

The Power Level-High trip setpoint is operator adjustable and can be set at a fixed increment above the indicated THERMAL POWER level. Operator action is required to increase the trip setpoint as THERMAL POWER is increased. The trip setpoint is automatically decreased as THERMAL POWER decreases.

The trip setpoint has a maximum and a minimum setpoint.

Adding to this maximum value the possible variation in trip setpoint due to calibration and instrument errors, the maximum actual steady state THERMAL POWER level at which a trip would be actuated is 109% RTP, which is the value used in the safety analyses.

To account for these errors, the safety analysis minimum value is 40% RTP. The 10% step increase in trip setpoint is a maximum value assumed in the safety analysis. There is no uncertainty applied to the step in the safety analyses.

: 2.

Rate of Change of Power-High Trip This LCO requires four instrument channels of Rate of Change of Power-High trip to be OPERABLE in MODEs 1 and 2.

The high power rate of change trip serves as a backup to the administratively-enforced startup rate limit.

The accident analyses implicitly credit the trip as justification for not explicitly analyzing certain events initiated from subcritical conditions. For events initiated from critical conditions, the trip is not credited in the accident analyses.

: 3.

Reactor Coolant Flow-Low Trip This LCO requires four instrument channels of Reactor Coolant Flow-Low trip to be OPERABLE in MODEs 1 and 2.  

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-18 Revision 34 The trip may be manually bypassed when NUCLEAR INSTRUMENT POWER falls below 1E-4% RTP. This operating bypass is part of the ZPMB circuitry, which also bypasses the TM/LP trip and provides a T power block signal to the Q power select logic. The ZPMB allows low power physics testing at reduced RCS temperatures and pressures. It also allows heatup and cooldown with shutdown CEAs withdrawn.

This trip is set high enough to maintain fuel integrity during a loss of flow condition. The setting is low enough to allow for normal operating fluctuations from offsite power. Reactor Coolant System flow is maintained above design flow by LCO 3.4.1.

The Allowable Value is set high enough to allow for pressure increases in the RCS during normal operation (i.e., plant transients) not indicative of an abnormal condition. The setting is below the lift setpoint of the pressurizer safety valves and low enough to initiate a reactor trip when an abnormal condition is indicated. The analysis setpoint includes allowance for harsh environment, where appropriate.

Containment Pressure-High Trip This LCO requires four instrument channels of Containment Pressure-High trip to be OPERABLE in MODEs 1 and 2.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-19 Revision 34 normal operation (i.e., plant heatup) that are not indicative of an abnormal condition. The setting is low enough to initiate a reactor trip to prevent containment pressure from exceeding design pressure following a DBA.

: 6.

Steam Generator Pressure-Low Trip This LCO requires four instrument channels of Steam Generator Pressure-Low trip per steam generator to be OPERABLE in MODEs 1 and 2.

The Allowable Value is sufficiently below the full load operating value for steam pressure so as not to interfere with normal plant operation, but still high enough to provide the required protection in the event of excessive steam demand. Since excessive steam demand causes the RCS to cool down, resulting in positive reactivity addition to the core in the presence of a negative moderator temperature coefficient, a reactor trip is required to offset that effect.

The Function may be manually bypassed as steam generator pressure is reduced during controlled plant shutdowns. This operating bypass is permitted at a preset steam generator pressure. The bypass, in conjunction with the ZPMB, allows testing at low temperatures and pressures, and heatup and cooldown with the shutdown CEAs withdrawn. From a bypass condition, the trip will be automatically reinstated as steam generator pressure increases above the preset pressure.

Steam Generator Level-Low Trip This LCO requires four instrument channels of Steam Generator Level - Low per steam generator to be OPERABLE in MODEs 1 and 2.  

< 15% RTP, as measured by the NIs, where it is not required for reactor protection (Reference 5).

: 9.

Thermal Margin

: a.

TM/LP Trip This LCO requires four instrument channels of TM/LP trip to be OPERABLE in MODEs 1 and 2.

The Allowable Value includes allowances for equipment response time, measurement uncertainties, processing error, and a further allowance to compensate for the time delay associated with providing effective termination of the occurrence that exhibits the most rapid decrease in margin to the SLs.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-21 Revision 34 This trip may be manually bypassed when NUCLEAR INSTRUMENT POWER falls below 1E-4% RTP. This operating bypass is part of the ZPMB circuitry, which also bypasses the Reactor Coolant Flow-Low trip and provides a T power block signal to the Q power select logic (Reference 5). The ZPMB allows low power physics testing at reduced RCS temperatures and pressures. It also allows heatup and cooldown with shutdown CEAs withdrawn.

The Allowable Value is high enough to avoid trips caused by normal operation and minor transients, but ensures DNBR protection in the event of DBAs. The difference between the Allowable Value and the analysis setpoint allows for instrument uncertainty.

The trip may be manually bypassed when NUCLEAR INSTRUMENT POWER falls below 1E-4% RTP as part of the ZPMB circuitry operating bypass. The Steam Generator Pressure Difference is subject to the ZPMB, since it is an input to the TM/LP trip and is not required for protection at low power levels (Reference 5).

The Loss of Load trip is automatically bypassed when NUCLEAR INSTRUMENT POWER falls below 15%, as measured by NIs, to allow loading the turbine.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-22 Revision 34 Bypasses The LCO on automatic bypass removal features requires that the automatic bypass removal feature of all four operating bypass channels be OPERABLE for each RPS Function with an operating bypass in the MODEs addressed in the specific LCO for each Function. All four automatic bypass removal features must be OPERABLE to ensure that none of the four RPS instrument channels are inadvertently bypassed.

The LCO applies to the automatic bypass removal feature only. If the bypass channel is failed so as to prevent entering a bypass condition, operation may continue.

Most RPS trip functions are required to be OPERABLE in MODEs 1 and 2 because the reactor is critical in these MODEs. The trips are designed to take the reactor subcritical, maintaining the SLs during AOOs and assisting the ESFAS in providing acceptable consequences during accidents. Exceptions are addressed in footnotes to the table. Exceptions to this APPLICABILITY are:

The APD-High and Loss-of-Load trips are only applicable in MODE 1, NUCLEAR INSTRUMENT POWER 15% RTP because they are automatically bypassed at < 15% RTP, as measured by NIs, where they are no longer needed.

The Rate of Change of Power-High trip, RPS logic, RTCBs, and manual trip are also required in MODEs 3, 4, and 5, with the RTCBs closed, to provide protection for boron dilution and CEA withdrawal events. The Rate of Change of Power-High trip in these lower MODEs is addressed in LCO 3.3.2. The RPS logic in MODEs 1, 2, 3, 4, and 5 is addressed in LCO 3.3.3.

Most trip functions are not required to be OPERABLE in MODEs 3, 4, and 5. In MODEs 3, 4, and 5, the emphasis is placed on return to power events. The reactor is protected in these MODEs by ensuring adequate SHUTDOWN MARGIN (SDM).

ACTIONS The most common causes of instrument channel inoperability are outright failure or drift of the bistable trip unit or measurement channel sufficient to exceed the tolerance allowed by Reference 4. Typically, the drift is found to be  

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-23 Revision 34 small which, at worst, results in a delay of actuation rather than a total loss of Function. This determination is generally made during the performance of a CHANNEL CALIBRATION when the process instrument is set up for adjustment to bring it to within specification. Sensor Drift could also be identified during the CHANNEL CHECKS.

If the trip setpoint is less conservative than the Allowable Value in Table 3.3.1-1, the instrument channel is declared inoperable immediately, and the appropriate Condition(s) must be entered immediately.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-24 Revision 34 to continue, providing the inoperable bistable trip unit is placed in bypass or trip within 1 hour (Required Action A.1).

The Completion Time of 48 hours is based on operating experience, which has demonstrated that a random failure of a second instrument channel occurring during the 48-hour period is a low probability event.

B.1 and B.2 Condition B applies to the failure of two instrument channels in any RPS automatic trip Function.

Required Action B.1 provides for placing one inoperable channel in bypass and the other channel in trip within the Completion Time of 1 hour. This Completion Time is sufficient to allow the operator to take all appropriate actions for the failed channels, while ensuring that the risk involved in operating with the failed channels is acceptable. With one channel of protective instrumentation bypassed, the RPS Function is in a two-out-of-three logic; but with another channel failed, the RPS Function may be operating in a two-out-of-two logic. This is outside the assumptions made in the analyses and should be corrected.

One instrument channel should be restored to OPERABLE status within 48 hours for reasons similar to those stated under Condition A. After one channel is restored to OPERABLE status, the provisions of Condition A still apply to the remaining inoperable channel. Therefore, the channel that is still inoperable after completion of Required Action B.2 must be placed in trip if more than 48 hours have elapsed since the initial channel failure.

C.1 and C.2 The excore detectors are used to generate the internal ASI used as an input to the TM/LP and APD-High trips. Incore detectors provide a more accurate measurement of ASI. If one or more excore channels cannot be calibrated to match incore detectors, power is restricted or reduced during subsequent operations because of increased uncertainty associated with using uncalibrated excore channels.

The Completion Time of 24 hours is adequate to perform the Surveillance Requirement (SR) while minimizing the risk of operating in an unsafe condition.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-26 Revision 34 not in effect. Otherwise, the affected RPS channels must be declared inoperable, as in Condition B, and the bypasses either removed or the automatic bypass removal features repaired. Also, Required Action E.2.2 provides for the restoration of the one affected RPS channel to OPERABLE status within the rules of Completion Time specified under Condition B. Completion Times are consistent with Condition B.

F.1 Condition F is entered when the Required Action and associated Completion Time of Condition A, B, C, D, or E are not met for the APD-High trip and Loss-of-Load trip Functions.

If the Required Actions associated with these Conditions cannot be completed within the required Completion Times, the reactor must be brought to a MODE in which the Required Actions do not apply. The allowed Completion Time of 6 hours to be in MODE 3 is reasonable, based on operating experience, for reaching the required MODE from full power conditions in an orderly manner and without challenging plant systems.  

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-27 Revision 34 SURVEILLANCE The SRs for any particular RPS Function are found in the SR REQUIREMENTS column of Table 3.3.1-1 for that Function. Most Functions are subject to CHANNEL CHECK, CHANNEL FUNCTIONAL TEST, and CHANNEL CALIBRATION.

SR 3.3.1.1 Performance of the CHANNEL CHECK once every 12 hours ensures that gross failure of instrumentation has not occurred. A CHANNEL CHECK is normally a comparison of the parameter indicated on one instrument channel to a similar parameter on other channels. It is based on the assumption that instrument channels monitoring the same parameter should read approximately the same value. Significant deviations between the two instrument channels could be an indication of excessive instrument channel drift in one of the channels or of something even more serious. CHANNEL CHECK will detect gross channel failure; thus, it is key to verifying that the instrumentation continues to operate properly between each CHANNEL CALIBRATION.

Agreement criteria are determined by the plant staff based on a qualitative assessment of the instrument channel combined with the instrument channel uncertainties, including indication and readability. If a channel is outside the criteria, it may be an indication that the transmitter or the signal processing equipment has drifted outside its limits. CHANNEL CHECKS are performed on the wide range logarithmic neutron flux monitor for the Rate of Change of Power-High trip Function.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-28 Revision 34 SR 3.3.1.2 A daily calibration (heat balance) is performed when THERMAL POWER is 15%. The daily calibration shall consist of adjusting the nuclear power calibrate potentiometers to agree with the calorimetric calculation if the absolute difference is > 1.5%. The T power calibrate potentiometers are then used to null the nuclear power -T power indicators on the RPS Calibration and Indication Panel. Performance of the daily calibration ensures that the two inputs to the Q power measurement are indicating accurately with respect to the much more accurate secondary calorimetric calculation. The heat balance addresses overall gain of the instruments and does not include ASI.

< 20% RTP. The Completion Time of 12 hours allows time for plant stabilization, data-taking, and instrument calibration. The Frequency requires the SR be performed every 31 days after the initial performance prior to operation above 90% RTP. Requiring the SR prior to operations above 90% RTP is because of the increased uncertainties associated with using uncalibrated excore detectors. If the excore channels are not properly calibrated to agree with the incore detectors, power is restricted during subsequent operations because of increased uncertainty associated with using uncalibrated excore channels. The 31-day Frequency is adequate, based on operating experience of the excore linear amplifiers and the slow burnup of the detectors. The excore readings are a strong function of the power produced in the peripheral fuel bundles and do not represent an integrated reading across the core. Slow changes in neutron flux during the fuel cycle can also be detected at this Frequency.

SR 3.3.1.4 A CHANNEL FUNCTIONAL TEST is performed on each RPS instrument channel, except Loss of Load and Rate of Change of Power, every 92 days to ensure the entire channel will perform its intended function when needed. A successful test of the required contact(s) of a channel relay may be performed by the verification of the change of state of a single contact of the relay. This clarifies what is an acceptable CHANNEL FUNCTIONAL TEST of a relay. This is acceptable because all of the other required contacts of the relay are verified by other Technical Specification tests at least once per refueling interval with applicable extensions.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-30 Revision 36 consistent with the assumptions of Reference 4. As-found values must also be recorded and reviewed for consistency with the assumptions of the frequency extension analysis.

This is done with the affected RPS channel bistable trip unit bypassed. Any setpoint adjustment shall be consistent with the assumptions of Reference 4.

Matrix Logic Tests Matrix logic tests are addressed in LCO 3.3.3. This test is performed one matrix at a time. It verifies that a coincidence in the two instrument channels for each Function removes power from the matrix relays. During testing, power is applied to the matrix relay test coils and prevents the matrix relay contacts from assuming their de-energized state. This test will detect any short circuits around the bistable contacts in the coincidence logic, such as may be caused by faulty bistable relay or trip bypass contacts.

SR 3.3.1.6 A CHANNEL FUNCTIONAL TEST on the Loss of Load, and Rate of Change of Power channels is performed prior to a reactor startup to ensure the entire channel will perform its intended function if required. A successful test of the required contact(s) of a channel relay may be performed by the verification of the change of state of a single contact of the relay. This clarifies what is an acceptable CHANNEL FUNCTIONAL TEST of a relay. This is acceptable because all of the other required contacts of the relay are verified by other Technical Specification tests at least once per refueling interval with applicable extensions. The Loss of Load sensor cannot be tested during reactor operation without causing reactor trip. The Power Rate of Change-High trip Function is required during startup operation and is bypassed when shut down or > 12% RTP.

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-32 Revision 36 SR 3.3.1.7 Surveillance Requirement 3.3.1.7 is a CHANNEL FUNCTIONAL TEST similar to SR 3.3.1.4, except SR 3.3.1.7 is applicable only to Functions with automatic bypass removal features. A successful test of the required contact(s) of a channel relay may be performed by the verification of the change of state of a single contact of the relay. This clarifies what is an acceptable CHANNEL FUNCTIONAL TEST of a relay. This is acceptable because all of the other required contacts of the relay are verified by other Technical Specification tests at least once per refueling interval with applicable extensions. Proper operation of operating bypasses are critical during plant startup because the bypasses must be in place to allow startup operation and must be removed at the appropriate points during power ascent to enable certain reactor trips. A 24-month SR Frequency is adequate to ensure proper automatic bypass removal feature operation as described in Reference 5. Once the operating bypasses are removed, the bypasses must not fail in such a way that the associated trip Function gets inadvertently bypassed. This feature is verified by the trip Function CHANNEL FUNCTIONAL TEST, SR 3.3.1.4. Therefore, further testing of the automatic bypass removal feature after startup is unnecessary.

CHANNEL CALIBRATION is a check of the instrument channel, including the sensor. The SR verifies that the channel responds to a measured parameter within the necessary range and accuracy. CHANNEL CALIBRATION leaves the channel adjusted to account for instrument channel drift between successive calibrations to ensure that the channel remains operational between successive tests. CHANNEL CALIBRATIONS must be performed consistent with Reference 4.

The as-found and as-left values must also be recorded and reviewed for consistency with the assumptions of the frequency extension analysis. The requirements for this review are outlined in Reference 6.

The SR is modified by a Note to indicate that the neutron detectors are excluded from CHANNEL CALIBRATION because they are passive devices with minimal drift, and because of the difficulty of simulating a meaningful signal. Slow changes in detector sensitivity are compensated for by performing the daily calorimetric calibration (SR 3.3.1.2) and the monthly linear subchannel gain check (SR 3.3.1.3).

SR 3.3.1.9 This SR ensures that the RPS RESPONSE TIMES are verified to be less than or equal to the maximum values assumed in the safety analysis. Individual component response times are not modeled in the analyses. The analyses model the overall or total elapsed time from the point at which the parameter exceeds the trip setpoint value at the sensor to the point at which the RTCBs open. Response times are conducted on a 24-month STAGGERED TEST BASIS. Response time testing acceptance criteria are included in Reference 1, Section 7.2. This results in the interval between successive SRs of a given channel of n x 24 months, where n is the number of channels in the function. The Frequency of 24 months is based upon operating experience, which has shown that random failures of instrumentation components causing serious response time degradation, but not channel failure, are infrequent occurrences. Also, response times cannot be determined at power since equipment operation is required. Testing may be performed in one measurement or in overlapping segments, with verification that all components are tested.

Response time may be verified by any series of sequential, overlapping or total channel measurements, including allocated sensor response time, such that the response time is verified. Allocations for sensor response times may be obtained from records of test results, vendor test data, or vendor engineering specifications. Reference 9 provides the basis and methodology for using allocated sensor response times in the overall verification of the channel response

RPS Instrumentation-Operating B 3.3.1 BASES CALVERT CLIFFS - UNITS 1 & 2 B 3.3.1-34 Revision 36 time for specific sensors identified in the reference.

Response time verification for other sensor types must be demonstrated by test. The allocation of sensor response times must be verified prior to placing a new component in operation and reverified after maintenance that may adversely affect the sensor response time.

Instrument loop or test cables and wiring add an insignificant response time and can be ignored.

A Note is added to indicate that the neutron detectors are excluded from RPS RESPONSE TIME testing because they are passive devices with minimum drift, and because of the difficulty of simulating a meaningful signal. Slow changes in detector sensitivity are compensated for by performing the daily calorimetric calibration (SR 3.3.1.3).

REFERENCES

: 1.

Updated Final Safety Analysis Report

: 2.

Title 10 Code of Federal Regulations

: 3.

Institute of Electrical and Electronic Engineers (IEEE)

No. 279, Proposed IEEE Criteria for Nuclear Power Plant Protection Systems, August 1968

: 4.

CCNPP Setpoint File

: 5.

Letter from Mr. R. E. Denton (BGE) to NRC Document Control Desk, dated June 5, 1995, Response to NRC Request for Review & Comment on Review of Preliminary Accident Precursor Analysis of Trip; Loss of 13.8 kV Bus; Short-Term Saltwater Cooling System Unavailability, CCNPP Unit 2

: 6.

Combustion Engineering Topical Report CEN-327, RPS/ESFAS Extended Test Interval Evaluation dated June 2, 1986, including Supplement 1, March 3, 1989

: 7.

Letter from Mr. D. G. McDonald (NRC) to Mr. R. E. Denton (BGE), dated October 19, 1995, Issuance of Amendments for Calvert Cliffs Nuclear Power Plant, Unit No. 1 (TAC No. M92479) and Unit No. 2 (TAC No. M92480)

: 8.

Calvert Cliffs Procedure EN-4-104, Surveillance Testing