Text

Technical Specification Bases Changes
	ML16053A239
Person / Time
Site:	Catawba
Issue date:	02/18/2016
From:	Henderson K; Duke Energy Carolinas
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	CNS-16-015
	Download: ML16053A239 (89)
	v • d • e

Kelvin Henderson

('DUKE Vice President ENERGY Catawba Nuclear Station Duke Energy CNOIVP I 4800 Concord Road York, SC 29745 0: 803.701.4251 CNS-16-015 f: 803.701.3221 February 18, 2016 U.S. Nuclear Regulatory Commission Document Control Desk Washington, DC 20555-0001

Subject:

Duke Energy Carolinas, LLC Catawba Nuclear Station, Units 1 and 2 Docket Nos. 50-413 and 50A414 Technical Specification Bases. Changes Pursuant to 10OCER 50.4, please find attached changes to the Catawba Nuclear Station Technical Specification Bases. These Bases changes were made according to the provisions of Technical Specification 5.5.14, "Technical Specifications (TS) Bases Control Program."~

Any questions regarding this information should be directed to Larry Rudy, Regulatory Affairs, at

(803) 701--3084.

I certify that I am a duly authorized officer of Duke Energy Carolinas, LLC, and that the information contained herein accura~~tel ersnscags aet h

ehia Specification Bases since the previous submittal.

Kelvin Henderson Vice President, Catawba Nuclear Station Attachment www.duke-energy.com

U.S. Nuclear Regulatory Commission February 18, 2016 Page 2 xc: C. Haney, Regional Administrator U. S. Nuclear Regulatory Commission, Region II Marquis One Tower 245 Peachtree Center Ave., NE Suite 1200 Atlanta, GA 30303-1257 Mr. J.A. Whited NRC Project Manager (CNS)

U.S. Nuclear Regulatory Commission One White Flint North, Mail Stop O-8B1A 11555 Rockville Pike Rockville, MD 20852-2746 G. A. Hutto, Senior Resident Inspector catawba Nuclear Station

Catawba Nuclear Station DUKE ENERGY Duke Energy 4800 Concord Rd.

York, SC 29745 February 18, 2016 Re:

Catawba Nuclear Station Technical Specificati~ns (TS) Manual Amendmenlts 277/273 On December 18, 2015, the NRC issued Amendments 277/273 to the Facility Operating Licenses NPF-35 & NPF-52 for the Catawba Nuclear Station; Unit 1 and Unit 2, respectively.

The amendments revise the TSs to correct non-conservative setpoints. Specifically, the Allowable Value and Nominal Trip'Setpoint for the Auxiliary Feedwater loss of Offsite Power (Function 6.d) is modified. Additionally, the values in the associated Surveillance Requirement 3.3.5.2 are modified to the same values. As part of the change, the amendment also adds the applicable footnotes in accordance with TSTF-493, Revision 14, "Clarify Application of Setpoint Methodology for LSSS Functions."

REMOVE THESE PAGES INSERT THESE PAGES Page 4 FACILITY OPERATING LICENSE UNIT 1 TAB FACILITY OPERATING LICENSE UNIT 2 TAB Page 4 Page 4 Page 4 LIST OF EFFECTIVE PAGES Pages 1-19 Pages 1-19 TECHNICAL SPECIFICATIONS TAB 3.3.2 3.3.2-13 thru 3.3.2-17 3.3.2-13 thru 3.3.2-18 TAB 3.3.5 3.3.5-1 thru 3.3.5-2 3.3.5-1 thru 3.3.5-2 www.duke-energy.com

Catawba Nuclear Station Technical Specifications Manual Amendments February 18, 2016 Page 2 BAS ES TAB 3.3.2 B 3.3.2-1 thru B 3.3.2-49 Revision 11 B 3.3.2-1 thru B 3.3.2-50 Revision 12 TAB 3.3.5 B 3.3.5-1 thru B 3.3.5-6 Revision 2 B 3.3.5-1 thru B 3.3.5-6 Revision 3 If you have any questions concerning the contents of this Technical Specification update, please contact Kristi Byers at (803),01-3758.

Cecil A. Fletcher, II Manager, Regulatory Affairs (2) 'Technical Sp~ecifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 277, which are attached hereto, are hereby incorporated into this renewed operating license. Duke Energy Carolinas, LLC shall operate the facility' in accordance with the Technical Specifications.

(3)

Up~dated Final Safety Analysis Report The Updated Final Safety Analysis Report supplement submitted pursuant to 10 CFR 54.21 (d), as revised on December 16, 2002, describes certain future activities to be completed before the period of extended operation. Duke shall complete these activities no later than December 6, 2024, and shall notify the NRC in writing when implementation of these activities is complete and can be verified by NRC inspection.

The Updated Final Safety Analysis Report supplement as revised on December 16, 2002, described above, shall be included in thenext scheduled update to the Updated Final Safety Analysis Report required by 10 CFR 50.71 (e)(4), following issuance of this renewed operating license. Until that update is complete, Duke may make changes to the programs described in such supplement without prior Commission approval, provided that Duke evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.

(4)

Antitrust Conditions Duke EneIrgy Carolinas, LLC shall comply with the antitrust conditions delineated in Appendix C to this renewed operating license.

(5)

Fire Protection Proqram (Section 9.5.1, SER, SSER #2, SSER #3, SSER #4, SSER #5)*

Duke Energy Carolinas, LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report, as amended, for the facility and as approved in the SER through Supplement 5, subject to the following provision:

The licensee may make changes to the~approvedifire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

- The parenthetical notation following the title of this renewed operating license condition denotes the section of the Safety Evaluation Report and/or its supplement wherein this renewed license condition is discussed.

Renewed License No. NPF-35 Amendment No. 277 S

(2)

Technical S pecifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 273, which are attached hereto, are herebY incorporated into.

this renewed operating license. Duke Energy Carolinas, LLC shall operate the" facility in accordance with the Technical Specifications.

(3)

Updated Final Safety Analysis Report The Updated.Final Safety Analysis Report supplement submitted pursuant to 10 CFR 54.21(d), as revised on December 16, 2002, describes certain future activities 16 be completed before the period of extended operation. Duke shall complete these activities no later than December 6, 2024, and shall notify the NRC in writing when implementation of these activities is complete~and can be verified by NRC inspection.

The Updated Final Safety Analysis Report supplement as revised on December 16, 2002,-described above, shall be included in the next scheduled update to the Updated Final Safety Analysis Report required by 10 CFR 50.71(e)(4), following issuance of'this renewed operating license. Until that update is complete, Duke may make changes to the programs described in such supplement without prior Commission approval, provided that Duke evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59' O

~and otherwise complies with the requiremerits in that section.

(4)

Antitrust Conditions Duke Energy Carolinas, LLC shall comply with the antitrust conditions delineated in Appendix C to this renewed operating license.

-(5)

Fire Protection Proqram (Section 9.5.1, SER, SSER #2, SSER #3, SSER #4, SSER #5)*

.Duke Energy Carolinas,. LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report, as amended, for the facility and as approved in the SER through Supplement 5, subject to the following provision:

The.licensee may make changes.to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

The parenthetical notation following the title of this renewed operating license condition denotes the section of the Safety Evaluation Report and/or its supplement wherein this renewed license condition is discussed.

D Renewed License No. NPF-52 Amendment No. 273

Catawba Nuclear Station Technical Specifications List of Effective Pages Page Number ii iii iv 1.1-1 1.1-2 1.1-3 1.1-4 1.1-5 1.1-6 1.1.7 1.2-1 1.2-2 1.2-3 1.3-1 1.3-2 1.3-3 1.3-4 1.3-5 1.3-6 1.3-7 1.3-8 1.3-9 1.3-10 1.3-11 1.3-12 1.3-13 1.4-1 1.4-2 1.4-3 Amendments 177/169 219/214 215/209 173/1165 173/165 268/264 268/264 268/264 2681264 268/264 179/171 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/165 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 173/1 65 Revision Date 4/08/99 3/01/05 6/21/04 9/30/98 9/30/98 6/25/12 6/25/12 6/25/12 6/25/12 6/25/12 8/13/99 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/30/98 9/3 0/9 8 9/30/98 9/30/98 Catawba Units 1 and 2Pae10166 Page 1 02/16/16

0 1.4-4 2.0-1 3.0-1 3.0-2 3.0,-3 3.0-4 3.0-5 3.0-6 3.1.1-1 3.1.2-1 3.1.2-2 3.1.3-1 3.1.3-2 3.1.3-3 3.1.4-1 3.1.4-2 3.1.4-3 3.1.4-4 3.1.5-1 3.1.5-2 3.1.6-1 3.1.6-2 3.1.6-3 3.1.7-1 3.1.7-2 3.1.8-1 3.1.8-2 3.2.1-1 3.2.1-2 3.2.1-3 3.2.1-4 3.2.1-5 3.2.2-1 3.2.2-2 173/1 65 210/204 235/231 235/231 235/231 235(231 235/231 235/231 263/259 173/1 65 263/259 173/1 65 275/271 173/1 65 173/1 65 173/1 65 263/259 263/259 173/1 65 263/259 173/1 65 173/1 65 263/259 173/1 65 173/1 65 173/1 65 26 3/2 59 173/165 173/1 65 263/259 263/259 263/259 173/1 65 173/1 65 9/30/98 12/19/03 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/29/11 9/30/98 3/29/11 9/30/98 04/14/15 9/30/98 9/30/98 9/30/98 3/29/11 3/29/11 9/30/98 3/29/11 9/30/98 9/30/98 3/29/11 9/3 0/9 8 9/30/98 9/30/98 3/29/11 9/30/98 9/30/98 3/29/11 3/29/11 3/29/11 9/30/98 9/30/98 Catawba Units 1 and 2Pae20/61 Page 2 02/16/16

3.2.2-3 3.2.2-4 3.2.3-1 3.2.4-1 3.2.4-2 3.2.4-3 3.2.4-4 3.3.1-1 3.3.1-2 3.3.1-3 3.3.1-4 3.3.1-5 3.3.1-6 3.3.1-7 3.3.1-8 3.3.1-9 3.3. 1-10 3.3. 1-11 3.3. 1-12 3.3. 1-13 3.3. 1-14 3.3. 1-15 3.3. 1-16 3.3. 1-17 3.3.1-18 3.3.1-19 3.3. 1-20 3.3.1-21 3.3. 1-22 3.3.2-1 3.3.2-2 3.3.2-3 3.3.2-4 3.3.2-5 263/259 263/259 263/259 173/165 173/1 65 173/165 263/259 173/1 65 247/240 247/240 207/201 247/240 247/240 247/240 173/1 65 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 263/259 173/1 65 247/240 247/240 247/240 264/260 Page 3 3/29/11 3/29/11 3/29/11 9/30/98 9/30/98 9/30/98 3/29/11 9/30/98 12/30/08 12/30/08 7/29/03 12/30/08 12/30/08 12/30/08 9/30/98 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/111 3/29/11 3/29/11 3/29/11 3/29/11 9/30/98 12/30/08 12/30/08 12/30/08 6/13/11 Catawba Units 1 and 2 0/61 02/16/16

3.3.2-6 264/260 6/13/11 O3.3.2-7 249/243 4/2/09 3.3.2-8 249/243 4/2/09 3.3.2-9 249/243 4/2/09 3.3.2-10 263/259 3/29/11 3.3.2-11 263/259 3/29/11 3.3.2-12 263/259 3/29/11 3.3.2-13 277/273 12/18/15 3.3.2-14 277/273 12/18/15 3.3.2-15 277/273 12/18/15 3.3.2-16 277/273 12/18/15 3.3.2-17 277/273 12/18/15 3.3.2-18 (new) 277/273 12/18/15 3.3.3-1 219/214 3/1/05 3.3.3-2 219/214 3/1/05 3.3.3-3 263/259 3/29/11 3.3.3-4 219/214 3/1/05 O3.3.4-1 213/207 4/29/04 3.3.4-2 263/259 3/29/11 3.3.4-3 272/268 2/27/14 3.3.5-1 173/1 65 9/30/98 3.3.5-2 277/273 12/18/15I 3.3.6-1 196/189 3/20/02 3.3.6-2 263/259 3/29/11 3.3.6-3 196/189 3/20/02 3.3.9-1 207/201 7/29/03 3.3.9-2 207/201 7/29/03 3.3.9-3 263/259 3/29/11 3.3.9-4 263/259 3/29/11 3.4.1-1 210/204 12/19/03 3.4.1-2 210/204 12/19/03 3.4.1-3 263/259 3/29/11 3.4.1-4 210/204 12/19/03 ah 3.4.1-5 (deleted) 184/1 76 3/01/00 Catawba Units 1 and 2Pae40/61 Page 4 02/16/16

3.4.1-6 (deleted) 184/176 3/01/00 03.4.2-1 173/165 9/30/98 3.4.3-1 173/165 9/30/98 3.4.3-2 263/259 3/29/11 3.4.3-3 21 2/206 3/4/04 3.4.3-4 212/206 3/4/04 3.4.3-5 212/206 3/4/04 3.4.3-6 212/206 3/4/04 3.4.4-1 263/259 3/29/11 3.4.5-1 207/201 7/29/03 3.4.5-2 207/201 7/29/03 3.4.5-3 263/259 3/29/11 3.4.6-1 212/206 3/4/04 3.4.6-2 263/259 3/29/11 3.4.6-3 263/259 3/29/11 3.4.7-1 21 2/206 3/4/04 3.4.7-2 263/259 3/29/11 3.4.7-3 263/2593/91 3.4.8-1 207/201 7/29/03 3.4.8-2 263/259 3/29/11 3.4.9-1 173/1 65 9/30/98 3.4.9-2 263/259 3/29/11 3.4.10-1 212/206 3/4/04 3.4.10-2 173/165 9/30/98 3.4-11-1 213/207 4/29/04 3.4.11-2 173/165 9/30/98 3.4.11-3 263/259 3/29/11 3.4.11-4 263/259 3/29/11 3.4.12-1 212/206 3/4/04 3.4.12-2 213/207 4/29/04 3.4.12-3 212/206 3/4/04 3.4.12-4 212/206 3/4/04 3.4.12-5 263/259 3/29/11 bl 3.4.12-6 263/259 3/29/11 Catawba Units 1 and 2Pae50/61 Page 5 02/16/16

3.4.12-7 263/259 3/29/11 03.4.12-8 263/259 3/29/11 3.4.13-1 267/263 3/12/12 3.4.13-2 267/263 3/12/12 3.4.14-1 173/165 9/30/98 3.4.14-2 173/165 9/30/98 3.4.14-3 263/259 3/29/11 3.4.14-4 263/259 3/29/11 3.4.15-1 234/230 9/30/06 3.4.15-2 234/230 9/30/06 3.4.15-3 234/230 9/30/06 3.4.15-4 263/259 3/29/11 3.4. 16-1 268/264 6/25/12 3.4.16-2 268/264 6/25/12 3.4.16-3(deleted) 268/264 6/25/12 3.4.16-4(deleted) 268/264 6/25/12 3.4.17-1 263/259 3/29/111 3.4.18-1 218/212 1/13/05 3.4.18-2 218/212 1/13/05 3.5.1-1 21 1/205 12/23/03 3.5.1-2 263/259 3/29/11 3.5.1-3 263/259 3/29/11 3.5.2-1 253/248 10/30/09 3.5.2-2 263/259 3/29/11 3.5.2-3 263/259 3/29/111 3.5.3-1 213/207 4/29/04 3.5.3-2 173/165 9/30/98 3.5.4-1 173/1 65 9/30/98 3.5.4-2 2691265 7/25/12 3.5.5-1 173/165 9/30/98 3.5.5-2 263/259 3/29/111 3.6.1-1 173/165 9/30/98 3.6.1-2 192/184 7/31/01 bL 3.6.2-1 173/165 9/30/98 Catawba Units 1 and 2Pae60//1 Page 6 02/16/16

0 3.6.2-2 3.6.2-3 3.6.2-4 3.6.2-5 3.6.3-1 3.6.3-2 3.6.3-3 3.6.3-4 3.6.3-5 3.6.3-6 3.6.3-7 3.6.4-1 3.6.5-1 3.6.5-2 3.6.6-1 3.6.6-2 3.6.8-1 3.6.8-2 3.6.9-1 3.6.9-2 3.6.10-1 3.6.10-2 3.6.11-1 3.6.11-2 3.6.12-1 3.6.12-2 3.6.12-3 3.6.13-1 3.6.13-2 3.6.13-3 3.6.14-1 3.6.14-2 3.6.14-3 3.6.15-1 173/1 65 173/1 65 173/1 65 263/259 173/1 65 173/1 65 173/1 65 173/1 65 263/259 263/259 192/1 84 263/259 173/1 65 263/259 269/265 269/265 2 13/207 263/259 253/248 263/259 173/1 65 263/259 26 3/25 9 263/259 263/259 263/259 263/259 256/251 263/259 263/259 173/1 65 263/259 270/266 173/165 9/30/98 9/30/98 9/30/98 3/29/11 9/30/98 9/30/98 9/30/98 9/30/98 3/29/11 3/29/11 7/31/01 3/29/11 9/30/98 3/29/11 7/25/12 7/25/12 4/29/04 3/29/11 10/30/09 3/29/11 9/30/98 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 6/28/10 3/29/11 3/29/11 9/30/98 3/29/11 8/6/13 9/30/98 Catawba Units 1 and 2Pae70166 Page 7 02/16/16

0 3.6.15-2 3.6.16-1 3.6.16-2 3.6.17-1 3.7.1-1 3.7.1-2 3.7.1-3 3.7.2-1 3.7.2-2 3.7.3-1 3.7.3-2 3.7.4-1 3.7.4-2 3.7.5-1 3.7.5-2 3.7.5-3 3.7.5-4 3.7.6-1 3.7.6-2 3.7.7-1 3.7.7-2 3.7.8-1 3.7.8-2 3.7.8-3 3.7.8-4 3.7.9-1 3.7.9-2

3. 7.10-1 3.7.10-2 3.7.10-3 3.7.11-1

3. 7. 11-2 3.7.12-1 3.7.12-2 26 3/2 59 263/259 263/259 253/248 173/1 65 173/1 65 173/1 65 173/1 65 244/238 173/1 65 244/238 213/207 263/259 253/248 173/1 65 263/259 263/259 173/1 65 263/259 253/248 263/259 271/267 271/267 271/267 271/267 263/259 263/259 250/245 26 0/25 5 263/259 198/1 91 263/259 253/248 263/259 Page 8 3/29/11 3/29/11 3/29/11 10/30/09 9/30/98 9/30/98 9/30/98 9/30/98 9/08/08 9/30/98 9/08/08 4/29/04 3/29/11 10/30/09 9/30/98 3/29/11 3/29/11 9/30/98 3/29/11 10/30/09 3/29/11 08/09/13 08/09/13 08/09/13 08/09/13 3/29/11 3/29/11 7/30/09 8/9/10 3/29/11 4/23/02 3/29/11 10/30/09 3/29/11 Catawba Units 1 and 2 0/61 02/16/16

3. 7.13-1

3. 7.13-2 3.7.14-1 3.7.15-1

3. 7.16-1 3.7.16-2 3.7. 16-3 3.7.17-1 3.8.1-1 3.8.1-2 3.8.1-3 3.8.1-4 3.8.1-5 3.8.1-6 3.8.1-7 3.8.1-8 3.8.1-9

3. 8. 1-10 3.8.1-11 3.8. 1-12 3.8.1-13

3. 8.1-14

3. 8.1-15 3.8.2-1 3.8.2-2 3.8.2-3 3.8.3-1 3.8.3-2 3.8.3-3 3.8.4-1 3.8.4-2 3.8.4-3 3.8.4-4 3.8.4-5 198/19 1 263/259 263/259 263/259 233/229 233/229 233/229 263/259 253/248 173/165 253/248 173/1 65 263/259 263/259 263/259 263/259 263/259 26 3/2 59 2 63/2 59 263/259 263/259 263/259 263/259 173/1 65 207/201 173/1 65 175/1 67 263/259 263/259 173/1 65 263/259 263/259 263/259 262/258 4/23/02 3/29/11 3/29/11 3/29/11 9/27/06 9/27/06 9/27/06 3/29/11 10/30/09 9/30/98 10/30/09 9/30/98 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 3/29/11 9/30/98 7/29/03 9/30/98 1/15/99 3/29/11 3/29/11 9/30/98 3/29/11 3/29/11 3/29/11 12/20/10 Catawba Units 1 and 2Pae90166 Page 9 02/16/16

3.8.5-1 3.8.5-2 3.8.6-1 3.8.6-2 3.8.6-3 3.8.6-4 3.8.6-5 3.8.7-1 3.8.7-2 3.8.8-1 3.8.8-2 3.8.9-1 3.8.9-2 3.8.9-3

3. 8.10-1 3.8.10-2 3.9.1-1 3.9.2-1 3.9.2-2 3.9.3-1 3.9.3-2 3.9.4-1 3.9.4-2 3.9.5-1 3.9.5-2 3.9.6-1 3.9.7-1 4.0-1 4.0-2 5.1-1 5.2-1 5.2-2 5.2-3 5.3-1 173/165 207/201 253/248 253/248 253/248 263/259 223/218 173/165 263/259 173/165 26 3/25 9 173/1 65 173/1 65 263/259 207/20 1 263/259 263/259 215/209 263/259 227/222 263/259 207/20 1 263/259 207/201 263/259 263/259 263/259 220/215 23 3/22 9 273/269 273/269 2 73/26 9 Deleted 273/269 Page 10 9/30/98 7/29/03 10/30/09 10/30/09 10/30/09 3/29/11 4/27/05 9/30/98 3/29/11 9/30/98 3/29/11 9/30/98 9/30/98 3/29/11 7/29/03 3/29/11 3/29/11 6/21/04 3/29/11 9/30/05 3/29/11 7/29/03 3/29/11 7/29/03 3/29/11 3/29/11 3/29/1 1 3/03/05 9/27/06 2/12/15 2/12/15 2/12/15 9/21/09 2/12/15 Catawba Units 1 and 2 0/61 02/16/16

5.4-1 5.5-1 5.5-2 5.5-3 5.5-4 5.5-5 5.5-6 5.5-7 5.5-7a 5.5-8 5.5-9 5.5-10 5.5-11 5.5-12 5.5-13 5.5-14 5.5-15 5.5-16 5.6-1 5.6-2 5.6-3 5.6-4 5.6-5 5.6-6 5.7-1 5.7-2 173/165 273/269 205/1 98 173/165 173/165 21 6/210 252/247 21 8/212 267/263 267/263 218/212 227/222 227/222 218/212 218/212 218/212 26 3/2 59 263/259 222/217 25 3/2 48 222/217 275/271 275/271 275/271 273/269 173/165 9/30/98 2/12/15 3/12/03 9/30/98 9/30/98 8/5/04 10/30/09 1/13/05 3/12/12 3/12/12 1/13/05 9/30/05 9/30/05 1/13/05 1/13/05 1/13/05 3/29/11 3/29/11 3/31/05 10/30/09 3/31/05 4/14/15 4/14/15 4/14/15 2/12/15 9/30/98 Catawba Units 1 and 2 Pg 10/61 Page 11 02/16/16

ii iii Bi.11-B 2.1.1-2 B 2.1.1-3 B 2.1.21-B 2.1.2-2 B 2.1.2-3 B 3.012-B 3.0-2 B 3.0-3 B 3.0-4 B 3.0-5 B 3.0-6 B 3.0-7 B 3.0-8 B 3.0-9 B 3.0-10 B 3.0-11 B 3.0-12 B 3.0-13 B 3.0-14 B 3.0-15 B 3.0-16 B 3.0-17 B 3.0-17 B 3.0-18 B 3.1.1-1 thru B 3.1.1-6 B 3.1.2-1 thru B 3.1.2-5 BASES Revision 1 Revision 2 Revision 1 Revision 0 Revision 1 Revision 1 Revision 0 Revision 0 Revision 0 Revision 1 Revision 1 Revision 2 Revision 3 Revision 3 Revision 2 Revision 2 Revision 3 Revision 2 Revision 3 Revision 3 Revision 3 Revision 3 Revision 3 Revision I Revision 1 Revision 0 Revision 0 Revision 0 Revision 3 Revision 2 4/08/99 3/01/05 6/21/04 9/30/98 12/19/03 12/19/03 9/30/98 9/30/98 9/30/98 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3119/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 3/19/07 5/05/11 5/05/11 Catawba Units 1 and 2 Pg 20/61 Page 12 02/16/16

0 B 3.1.3-1 thru B 3.1.3-6 B 3.1.4-1 thru B 3.1.4-9 B 3.1.5-1 thru B 3.1.5-4 B 3.1.6-1 thru B 3.1.6-6 B 3.1.7-1 B 3.1.7-2 B 3.1.7-3 B 3.1.7-4 B 3.1.7-5 B 3.1.7-6 B 3.1.8-1 thru B 3.1.8-6 B 3.2.1-1 thru B 3.2.1.-il B 3.2.2-1 thru B 3.2.2-10 B 3.2.3-1 thru B 3.2.3-4 B 3.2.4-1 thru B 3.2.4-7 B 3.3.1-1 thru B.3.3. 1-55 B 3.3.2-1 thru B 3.3.2-50 B 3.3.3-1 thru B.3.3.3-1 6 B 3.3.4-1 thru B 3.3.4-5 B 3.3.5-1 thru B 3.3.5-6 Revision 2 Revision 1 Revision 2 Revision 1 Revision 0 Revision 2 Revision 2 Revision 2 Revision 2 Revision 2 Revision 2 Revision 4 Revision 3 Revision 2 Revision 2 Revision 7 Revision 12 Revision 6 Revision 2 Revision 3 4/14/15 5/05/11 5/05/11 5/05/11 9/30/98 1/08/04 1/08/04 1/08/04 1/08/04 1/08/04 5/05/11 5/05/11 5/05/11 5/05/11 5/05/11 11/15/11 12/18/15 4/11/14 5/05/11 12/18/15 Catawba Units 1 and 2 Pg 30/61 Page 13 02/16/16

0 B 3.3.6-1 thru B 3.3.6-5 B 3.3.9-1 thru B 3.3.9-5 B 3.4.1-1 thru B 3.4.1-5 B 3.4.2-1 B 3.4.2-2 B 3.4.2-3 B 3.4.3-1 thru B 3.4.3-6 B 3.4.4-1 thru B 3.4.4-3 B 3.4.5-1 thru B 3.4.5-6 B 3.4.6-1 thru B 3.4.6-5 B 3.4.7-1 thru B 3.4.7-5 B 3.4.8-1 thru B 3.4.8-3 B 3.4.9-1 thru B 3.4.9-5 B 3.4.10-1 B 3.4.10-2 B] 3.4.10-3 B 3.4.10-4 B] 3.4.11-1 thru B] 3.4.11-7 B 3.4.12-1 thru B 3.4.12-14 B] 3.4.13-1 thru B 3.4.13-7 Revision 6 Revision 3 Revision 3 Revision 0 Revision 0 Revision 0 Revision 2 Revision 2 Revision 3 Revision 4 Revision 6 Revision 3 Revision 3 Revision 1 Revision 0 Revision 1 Revision 2 Revision 4 Revision 5 Revision 7 08/02/12 06/02/14 5/05/11 9/30/98 9/30198 9/30198 5/05/11 5/05/11 5/05/11 5/05/11 2/10/15 5/05/11 08/02/12 3/4/04 9/30/98 3/4/04 10/30/09 5/05/11 8/19/15 3/15/12 Catawba Units I and 2 Pg 40/61 Page 14 02/16/16

0 B 3.4.14-1 thru B 3.4.14-6 B 3.4.15-1 thru B 3.4.15-10 B 3.4.16-1 thru B 3.4.16-5 B 3.4.17-1 thru B 3.4.17-3 B 3.4.18-1 B] 3.4.18-2 B] 3.4.18-3 B] 3.4.18-4 B] 3.4.18-5 B 3.4.18-6 B] 3.4.18-7 B] 3.4.18-8 B] 3.5.1-1 thru B] 3.5.1-8 B] 3.5.2-1 thru B] 3.5.2-10 B 3.5.3-1 B] 3.5.3-2 B 3.5.3-3 B] 3.5.4-1 thru B.3.5.4-5 B 3.5.5-1 thru B] 3.5.5-4 B 3.6.1-1 B 3.6.1-2 B] 3.6.1-3 B] 3.6.1-4 B] 3.6.1-5 B 3.6.2-1 thru B] 3.6.2-8 Revision 3 Revision 6 Revision 4 Revision 2 Revision 0 Revision 0 Revision 1 Revision 0 Revision 0 Revision 0 Revision 0 Revision 1 Revision 3 Revision 3 Revision 0 Revision 1 Revision 1 Revision 5 Revision 1 Revision 1 Revision 1 Revision 1 Revision 1 Revision 1 Revision 2 5/05/11 5/05/11 10/23/12 5/05/11 1/13/05 1/13/05 3/18/08 1/13/05 1/13/05 1/13/05 1/13/05 3/18/08 5/05/11 5/05/11 9/30/98 4/29/04 4/2 9/0 4 4/11/14 5/05/11 7/31/01 7/3 1/0 1 7/31/01 7/31/01 7/31/01 5/05/11 Catawba Units 1 and 2 Pg 50/61 Page 15 02/16/16

0 B 3.6.3-1 thru B 3.6.3-14 B 3.6.4-1 thru B 3.6.4-4 B 3.6.5-1 thru B 3.6.5-4 B 3.6.6-1 thru B 3.6.6-7 B 3.6.8-1 thru B 3.6.8-5 B 3.6.9-1 thru B 3.6.9-5 Revision 4 Revision 2 Revision 3 Revision 6 Revision 3 Revision 6 5/05/11 5/05/11 07/27/13 5/05/11 5/05/11 5/05/11 B 3.6.10-1 thru B 3.6.10-6 B 3.6.11-1 thru B 3.6.11-6 B 3.6.12-1 thru B 3.6.12-11 B 3.6.13-1 thru B 3.6.13-9 B 3.6.14-1 thru B 3.6.14-5 B 3.6.15-1 thru B 3.6.15-4 B 3.6.16-1 thru B 3.6.16-4 B 3.6.17-1 B 3.6.17-2 B 3.6.17-3 B 3.6.17-4 B 3.6.17-5 B 3.7.1-1 B 3.7.1-2 Revision 2 Revision 5 Revision 5 Revision 4 Revision 2 Revision 1 Revision 3 Revision 1 Revision 0 Revision 0 Revision 0 Revision 1 Revision 0 Revision 0 5/05/11 5/05/11 5/05/11 5/05/11 4/11/14 5/05/11 5/05/11 3/13/08 9/30/98 9/30/98 9/30/98 3/13/08 9/30/98 9/30/98 Catawba Units 1 and 2 Pg 60/61 Page 16 02/16/16

0 B 3.7.1-3 B 3.7.1-4 B 3.7.1-5 B 3.7.2-1 B 3.7.2-2 B 3.7.2-3 B 3.7.2-4 B 3.7.2-5 B 3.7.3-1 B 3.7.3-2 B 3.7.3-3 B 3.7.3-4 B 3.7.3-5 B 3.7.3-6 B 3.7.4-1 thru B 3.7.4-4 B 3.7.5-1 thru B 3.7.5-9 B 3.7.6-1 thru B 3.7.6-3 B 3.7.7-1 thru B 3.7.7-5 B 3.7.8-1 thru B 3.7.8-8 B 3.7.9-1 thru B 3.7.9-4 B 3.7.10-1 thru B 3.7.10-9 B 3.7.11-1 thru B 3.7.11-4 B 3.7.12-1 thru B] 3.7.12-7 B] 3.7.13-1 thru B 3.7.13-5 Revision 0 Revision 1 Revision 1 Revision 0 Revision 0 Revision 2 Revision 1 Revision 3 Revision 0 Revision 0 Revision 0 Revision 0 Revision 1 Revision 2 Revision 2 Revision 3 Revision 4 Revision 2 Revision 5 Revision 3 Revision 10 Revision 3 Revision 6 Revision 4 9/30/98 10/30/09 10/30/09 9/30/98 9/30/98 6/23/10 9/08/08 10/30/09 9/30/98 9/30/98 9/30/98 9/30/98 9/08/08 10/30/09 5/05/11 5/05/11 08/02/12 5/05/11 08/09/13 5/05/11 10/24/11 10/24/11 1/09/13 5/05/11 Catawba Units 1 and 2 Pg 70/61 Page 17 02/16/16

B 3.7.14-1 thru B 3.7.14-3 B 3.7.15-1 thru B 3.7.15-4 B 3.7.16-1 B 3.7.16-2 B 3.7.16-3 B 3.7.16-4 B 3.7.17-1 thru B 3.7.17-3 B 3.8.1-1 thru B. 3.8. 1-29 B 3.8.2-1 B 3.8.2-2 B 3.8.2-3 B 3.8.2-4 B 3.8.2-5 B 3.8.2-6 B 3.8.3-1 thru B 3.8.3-8 B 3.8.4-1 thru B3.8.4.10 B 3.8.5-1 B 3.8.5-2 B 3.8.5-3 B 3.8.6-1 thru B 3.8.6-7 B 3.8.7-1 thru B 3.8.7-4 B 3.8.8-1 thru B 3.8.8-4 B 3.8.9-1 thru B 3.8.9-10 Revision 2 Revision 2 Revision 2 Revision 2 Revision 2 Revision 0 Revision 2 Revision 5 Revision 0 Revision 0 Revision 0 Revision 1 Revision 2 Revision 1 Revision 4 Revision 10 5/05/11 5/05/11 9/27/06 9/27/06 9/27/06 9/27/06 5/05/11 07/27/13 9/30/98 9/30/98 9/3 0/9 8 5/10/05 5/10/05 5/10/05 5/05/11 5/05/11 9/30/98 7/29/03 7/29/03 5/05/11 5/05/11 5/05/11 5/05/11 Revision Revision Revision Revision 0

2 1

4 Revision 3 Revision 3 Revision 2 Catawba Units 1 and 2 Pg 80/61 Page 18 02/16/16

B 3.8.10-1 thru B 3.8.10-4 B 3.9.1-1 thru B 3.9.1-4 B 3.9.2-1 thru B 3.9.2.4 B 3.9.3-1 thru B 3.9.3-5 B 3.9.4-1 thru B 3.9.4-4 B 3.9.5-1 thru B 3.9.5-4 B 3.9.6-1 thru B 3.9.6-3 B 3.9.7-1 thru B 3.9.7-3 Revision 3 Revision 3 Revision 4 Revision 4 Revision 4 Revision 3 Revision 2 Revision 1 5/05/11 5/05/11 5/05/11 5/05/11 5/05/11 5/05/11 5/05/ 11 5/05/11 Catawba Units 1 and 2 Pg 90/61 Page 19 02/16/16

ESFAS instrumentation 3.3.2 Table 3.3.2-1 (page 1 of 6)

.Engineered Safety Feature Actuation System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED sURVEILLANCE.

ALLOWABLE.

TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS

VALUE SETPOINT Safety Injection(b)

a.

Manual initiation

b.

Automatic Actuation Logic and Actuation Relays

c.

Containment Pressure - High 1,2,3,4 1,2,3,4 2

2 trains 1,2,3 3

4 B

SR 3.3.2.8 C

SR 3.3.2.2 SR 3.3.2.4 SR 3.3.2.6 0

SR 3.3.2.1 SR 3.3.2.5 SR 3.3.2.9 SR 3.3.2.10 D

SR 3.3.2.1

SR 3.3.2.5 SR 3.3.2.9 SR 3.3.2.10 NA NA NA NA

<_ 1.4 psig 1.2 psig

_>l139 psig 18l45 psig Pressure - Low

2.

Deleted.

3.

Containment lsolation(bJ

a.

Phase A Isolation (1) Manual Initiation (2) Automatic Actuation Logic and Actuation Relays (3) Safety Injection 1,2,3,4 1,2,3,4 2

2 trains B

SR

.3.2.

C SR 3.3.2.2 C

SR 3.3.2.4 SR 3.3.2.6 NA NA NA NA Refer to Function 1 (Safety Injection) for all initiation functions and requirements.

(continued)

(a) Above the P-il (Pressurizer Pressure) interlock.

(b) The requirements of this Function are not applicable to Containment Purge Ventilation System and Hydrogen Pu~rge System components,.

since the system containment isolation valves are sealed closed in MODES 1, 2, 3, and 4.

Catawba Units 1 and 2 3.3.2-13 Cataba nitsI ad 2.3.-13Amendment Nos. 277, 273

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 2 of 6)

Engineered Safety Feature Actuation System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION' CONDITIONS CHANNELS CONDITIONS

REQUIREMENTS VALUE SETPOINT -

3.

Contairiment Isolation (continued)

b.

Phase B Isolation (1) Manual Initiation.

(2) Automatic Actuation Logic and Actuation Relays (3) Containment Pressure -

High High 1,2,3,4 1,23,4 1 per train, 2 trains 2 trains" B

SR 3.3.2.8 C

SR 3.3.2.2 SR 3.3.2.4 SR 3.3.2.6 E

SR 3.3'.2.1 SR 3.3.2.5

'SR 3.3.2.9 SR 3.3.2.10 NA NA NA NA 1,2,3

3.2 psig 3.0 psig

4.

Steam Line Isolation

a.

Manual Initiation (1) System (2) Individual

b.

Automatic Actuation Logic and Actuation Relays

c.

Containment Pressure - High High 1,(

) ( )

2 trains I per tine 2 trains F

SR 3.3.2.8.

NA NA 0

G SR 3.3.2.8 NA NA H

SR 3.3.2.2 SR 3.3.2.4 SR 3.3.2.6 E

SR 3.3.2.1 SR 3.3.2.5 SR 3.3.2.9 SR 3.3.2.10 NA

< 3.2 psig NA 3.0 psig

d.

Steam Line Pressure (1) Low 1,2(b), 3(a)(b) 3 per steam line D

SR 3.3.2.1 SR 3.3.2.5 SR 3.3.2.9 SR 3.3.2.10

Ž 744ps (co76ntigud (continued)

(a)Above the P-li (Pressurizer Pressure) interlock.

(b) Except when all MSIVs are closed and de-activated.

Catawba Units 1 and 2 3.3:2-14 Cataba nitsI ad 2.3:-14Amendment Nos. 277;273

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 3 of 6)

Engineered Safety Feature Actuation System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUN'CTION

.CONDITIONS CHANNELS CONDITIONS REQUIREMENTS" VALUE SETPOINT

4. Steam Line Isolation (continued)

(2) Negative Rate -High

5.

Turbine Trip and Feedwater Isolation

a.

Turbine Trip (1) Automatic Actuation Logic and Actuation Relays (2) SG Water

Level-Hig h-High (P-14) 3(b)(c) '

3 per steam line" D

SR 3.3.2.1 SR 3.3.2.5 SR 3.3.2.9 SR 3.3.2.10

_< 22,8(d)'

psi 1o0(d) ps 1,2 2 trains 1,2 4 per SG I

SR 3.3.2.2 SR 3.3.2.4 SR 3.3.2.6 J

SR 3.3.2.1 SR 3.3.2.2 SR 3.3.2.4 SR 3.3,2.5 SR 3.3.2.6 SR 3.3.2.9 SR 3.3.2.10 NA

85.6%

(Unit 1)

< 78.9%

(Unit 2)

NA 83.9%

(Unit 1) 77.1%

(Unit 2)

(3)

Safety Injection

b.

Feedwater Isolation (1) Automatic Actuation Logic and Actuation Relays Refer to Function 1 (Safety Injection) for all initiation functions and requirements. See Item 5.a.(l) for Applicable MODES.

2 trains H

SR 3.3.2.2 SR 3.3.2.4 SR 3.3.2.6 NA NA (continued)

(b) Except when all MSIVs are closed and de-activated.

(c) Trip function automatically blocked above P-li (Pressurizer Pressure) interlock and may be blocked below P-il when Steam Line Isolation Steam Line Pressure - Low is not blocked.

(d) Time constant utilized in the rate/lag controller is > 50 seconds.

(e) Except when all MFIVs, MFCVs, and associated bypass valves are closed and de-activated or isolated by a closed manual valve.

Catawba Units 1 and 2 3.3.2-15 Cataba nit 1 ad 23.3-15Amendment Nos. 277, 273

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 4 of 6)

Engineered Safety F~eature Actuation System Instrumentation "APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SE'TPOINT (2)

SG Water 1 2 (e) 3(e) 4 per SG D

SR 3.3.2.1 g 85.6%

83.9%

Level-High SR 3.3.2.2 (Unit 1)

(Unit 1)

High (P-14)

SR 3.3.2.4

<78.9%

77.1%

SIR 3.3.2.5 (Unit 2)

(Unit 2)

SR 3.3.2.6 SR 3.3.2.9 SR 3.3.2.10 (3) Safety Refer to Function 1 (Safety Injection) for all initiation functions and requirements. See Injection Item 5.b.(1) for Applicable MODES.

(4)

Tavg-Low 1,2(e) 4

.J SR 3.3.2.1

> 561°F 564W" SR 3.3.2.5 SR 3.3.2.9 coincident with Refer to Function 8.a (Reactor Trip, P-4) for all initiation functions and requirements.

Reactor Trip, P-4 (5) Doghouse 1,2(e/

3per train L

SR 3.3,.2.8

< 12 inches 11 inches WaterLevel -

per SR 3.3.2.9 above 577 ft above 577 Iligh High doghouse SR 3.3.2.12 floor level ft floor level (continued)

(e)

Except when all MFIVs, MFCVs, and associated bypass valves are closed and de-activated or isolated by a closed manual valve.

0 Catawba Units 1 and 2 3:3.2-16 CatwbaUnis 1and2 33.216Amendment Nos.

277, 27.3

ESFAS Instrumentation 3.3.2.

Table 3.3.2-1 (page 5 of 6)

Engineered Safety Feature Actuation System Instrumentation APPLICABLE MODES OR OTHER NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS VALUE SETPOINT

6.

Auxiliary Feedwater a.Automatic 1,2,3 2 trains H

SR 3.3.2.2 NA NA

'Actuation Logic SR 3.3.2.4 anid Actuation SR 3.3.2.6 Relays

b.

SG Water Level 1,2,3 4,per SG D

SR 3.3.2.1

>Ž9% "

10.7%

- Low Low SR 3.3.2.5 (Unit 1)

(Unit 1)

SR 3.3.2.9

>Ž35.1%

36.6%

SR 3.3..2.10 (Unit 2)

(Unit 2)

c.

Safety Injection Refer to Function 1 (Safety Injection) for all initiation functions and requir'ements.

d.

Loss of Offsite 1,2,3

3 per bus D

SR 3.3.2.3(W)ra)

>_.3396 V 3450 V Power SR 3.3.2.9(oc)C~

SR 3.3.2.10

e.

Trip of all Main 1.2 3 per pump K

SR 3.3.2.8 NA NA Feedwater SR 3.3.2.10 Pumps

f. Auxiliary 1,2,3 3 per train M

SR 3.3.2.8 A) Ž_9.5 psig A) 10.5 Feedwater Pump SR 3.3.2.1f0 psig Train A and Train B Suction B) >_ 5.2 psi9 B) 6.2 psig Transfer on (Unit 1)

(Unit 1)

Suction

> 5.0 psig 6.0 psig Pressure -Low (Unit 2)

(Unit 2)

(continued)

(f) If the as-found channel setpoint is outside its predefined as-found tolerance, then the channel shall be evaluated to verify that it is functioning as required before returning the channel to service.

(g)The instrument channel setpoint shall be reset to a value that is within the as-left tolerance around the Nominal Trip Setpoint (NTSP) at the completion of the surveillance; otherwise, the channel shall be declared inoperable. Setpoints more conservative than the NTSP ;are acceptable provided that the as-found and as-left tolerances apply to the actual setpoint implemented in the Surveillance procedures (field setting) to confirm.channel performance. The methodologies used to determine the as-found and the as-left tolerances are specified in the UFSAR.

i Catawba Units 1 and 2 3,3.2-17 CatwbaUnis 1and2 33.217Amendment Nos.

277, 273

ESFAS Instrumentation 3.3.2 Table 3.3.2-1 (page 6 of 6)

Engineered Safety Feature Actuation System Instrumentation APPLtCABLE.,

MODES OR OTHER

NOMINAL SPECIFIED REQUIRED SURVEILLANCE ALLOWABLE TRIP FUNCTION CONDITIONS CHANNELS CONDITIONS REQUIREMENTS

.VALUE SETPOiNT

7.

Automatic Switchover to Containment Sump

a.

Automatic 1,2,3,4 2 trains C

SR 3.3.2.2 NA NA Actuation Logic

.SR 3.3.2.4 and Actuation SR 3.3.2.6 Relays

b.

Refueling Water 1,2,3,4 4

N SR 3.3.2.1

Ž>91.9 inches 95 inches Storage Tank SR 3.3.2.7(a)(b)

(RWST) Level -

SR 3.3.2.9{allb}

Low SR 3.3.2.10 Coincident with Refer to Function 1 (Safety Injection) for all initiation functions and requirements.

Safety Injection*

8.ESFAS Interlocks

a.

Reactor Trip, P-4 1,2,3 1 per train, F

SR 3.3.2.8

NA NA 2 trains

b.

Pressurizer 1,2,3 3

0 SR 3.3.2.5

Ž 1944 and 1955 psig Pressure, P-11 SR 3.3.2.9

1966 psig

c.

Toy5 - Low Low, 1,2,3 1 per loop 0

SR 3.3.2.5

>_Ž 550OF

553°F P-12 SR 3.3.2.9 9.Containment Pressure Control System

a.

Start Permissive 1,2,3,4 4 per train P

SR 3.3.2.1

_<1.0 psid 0.9 pSid SR 3.3.2.7 SR 3.3.2.9

b.

Termination 1,2,3,4 4 per train P

SR 3.3.2.1

Ž 0,25 psid 0.35 psid SR 3.3.2.7 SR 3.3.2.9

10. Nuclear Service 1,2,3,4 3 per pit Q,R SR 3.3.2.1

> El. 555.4 It

.El.

557.5 ft Water Suction SR 3.3.2.9 Transfer - Low Pit SR 3.3.2.11.

Level SR 3.3.2.12 (a) If the as-found channel setpoint is outside its predefined as-found tolerance, then the channel shall be evaluated to verify that it is functioning as required boefore returning the channel to service.

(b) The instrument channel setpoint shall be reset to a value that is within the as-left tolerance around the Nominal Trip Setpoint (NTSP) at the completion of the s'urveillance; otherwvise, the channel shall be declared inoperable. Setpoints more conservative than the NTSP are acceptable provided that the as-found and as-left tolerances apply to the actual setpoint implemented in the Surveillance procedures (field setting) to confirm channel performance. The methodologies used to determine the as-found and the as-left tolerances are specified in.

the UFSAR.

Catawba Units 1 and 2 3.3.2-*18 Cataba nits1 ad 2.3.-18Amendment Nos. 277, 273

LOP DG Start Instrumentation 3.3.5 3.3 INSTRUMENTATION 3.3.5 Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation

@9 LCO 3.3.5 APPLICABILITY:

Three channels per bus of the loss of voltage Function and three channels per bus of the degraded voltage Function shall be OPERABLE.

MODES 1,2, 3, and 4, When associated DG is required to be OPERABLE by LCO 3.8.2, "AC Sources-- Shutdown."

ACTIONS NO*TE.

Separate Condition entry is allowed for each Function.

CONDITION REQUIRED ACTION COMPLETION TIME A.

One or more Functions A.1 Place channel in trip.

6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months with one channel per bus inoperable.

B.

One or more Functions B.1 Restore all but one channel 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months with two or more to OPERABLE status.

channels per bus inoperable.

C.

Required Action and C.1 Enter applicable Immediately associated Completion Condition(s) and Required Time not met.

Action(s) for the associated DG made inoperable by LOP DG start instrumentation.

Catawba Units 1 and 2 3.3.5-1 Cataba Uits and2 3..5-1Amendment Nos. 173/1 65

LOP DG Start Instrumentation 3.3.5 SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.3.5.1 NOTE-------- --------

Testing shall consist of voltage sensor relay testing excluding actuation of load shedding diesel start, and time delay times.

Perform TADOT.

In accordance with the Surveillance Frequency Control Program

+

Perform CHANNEL CALIBRATION with NOMINAL TRIP SR 3.3.5.2 SETPOINT and Allowable Value as follows:

a.

Loss of voltage Allowable Value > 3396 V.

Loss of voltage NOMINAL TRIP SETPOINT =

3450 V..

b.

Degraded voltage Allowable Value>_ 3738 V.

Degraded voltage NOMINAL TRIP SETPOINT =

3766 V.

In accordance with the Surveillance Frequency Control Program I

I Amendment Nos.*-" 7 7,

273 Catawba Units 1 and 2335-3.3.5-2

ESFAS Instrumentation B 3.3.2 B 3.3 INSTRUMENTATION B 3.3.2 Engineered Safety Feature Actuation System (ESFAS) Instrumentation BASES BACKGROUND The ESFAS initiates necessary safety systems, based on the values of selected unit parameters, to protect against violating core design limits and the Reactor Coolant System (RCS) pressure boundary, and to mitigate accidents.

The ESFAS instrumentation is segmented into three distinct but interconnected modules as identified below:

Field transmitters or process sensors and instrumentation: provide a measurable electronic signal based on the physical characteristics of the parameter being measured;

Signal processing equipment including analog protection system, field contacts, and protection channel sets: provide signal conditioning, bistable setpoint comparison, process algorithm actuation, compatible electrical signal output to protection system devices, and control board/control room/miscellaneous indications; and

Solid State Protection System (SSPS) including input, logic, and output bays: initiates the proper unit shutdown or engineered safety feature (ES F) actuation in accordance with the defined logic and based on the bistable outputs from the signal process control and protection system.

Field Transmitters or Sensors To meet the design demands for redundancy and reliability, more than one, and often as many as four, field transmitters or sensors are used to measure unit parameters. In many cases, field transmitters or sensors that input to the ESFAS are shared with the Reactor Trip System (RTS).

In some cases, the same channels also provide control system inputs.

To account for calibration tolerances and instrument drift, which is assumed to occur between calibrations, statistical allowances are Catawba Units 1 and 2B3321ReionN.2 B3.3.2-1 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES BACKGROUND (continued) provided in the NOMINAL TRIP SETPOINT. The OPERABILITY of each transmitter or sensor can be evaluated when its "as found" calibration data are compared against its documented acceptance criteria.

Sicirnal Proeessincj Equipment Generally, three or four channels of process control equipment are used for the signal processing of unit parameters measured by the field instruments. The process control equipment provides signal conditioning, comparable output signals for instruments located on the main control board, and comparison of measured input signals with setpoints established by safety analyses. These setpoints are defined in UFSAR, Chapter 6 (Ref. 1), Chapter 7 (Ref. 2), and Chapter 15 (Ref. 3). If the measured value of a unit parameter exceeds the predetermined setpoint, an output from a bistable is forwarded to the SSPS for decision logic processing. Channel separation is maintained up to and through the input bays. However, not all unit parameters require four channels of sensor measurement and signal processing. Some unit parameters provide input only to the SSPS, while others provide input to the SSPS, the main control board, the unit computer, and one or more control systems.

Generally, if a parameter is used only for input to the protection circuits, three channels with a two-out-of-three logic are sufficient to provide the required reliability and redundancy. If one channel fails in a direction that would not result in a partial Function trip, the Function is still OPERABLE with a two-out-of-two logic. If one channel fails such that a partial Function trip occurs, a trip will not occur and the Function is still OPERABLE with a one-out-of-two logic.

Generally, if a parameter is used for input to the SSPS and a control function, four channels with a two-out-of-four logic are sufficient to provide the required reliability and redundancy. The circuit must be able to withstand both an input failure to the control system, which may then require the protection function actuation, and a single failure in the other channels providing the protection function actuation. Again, a single failure will neither cause nor prevent the protection function actuation.

These requirements are described in IEEE-279-1 971 (Ref. 4). The actual number of channels required for each unit parameter is specified in the UFSAR.

Catawba Units 1 and 2B3322ReionN.1 B 3.3.2-2 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES BACKGROUND (continued)

Trip Setpoints and Allowable Values The NOMINAL TRIP SETPOINTS are the nominal values at which the bistables are set. Any bistable is considered to be properly adjusted when the "as left" value is within the band for CHANNEL CALIBRATION tolerance.

The NOMINAL TRIP SETFOINTS used in the bistables are based on the analytical limits (Ref. 1, 2, and 3). The selection of these NOMINAL TRIP SETPOINTS is such that adequate protection is provided when all sensor and processing time delays, calibration tolerances, instrumentation uncertainties, instrument drift, and severe environment errors for those ESFAS channels that must function in harsh environments as defined by 10 CFR 50.49 (Ref. 5) are taken into account. The actual as-left setpoint of the bistable assures that the actual trip occurs before the Allowable Value is reached. The Allowable Value accounts for changes in random measurement errors detectable by a COT. One example of such a change in measurement error is drift during the surveillance interval. If the point at which the loop trips does not exceed the Allowable Value, the loop is considered OPERABLE.

A trip within the Allowable Value ensures that the consequences of Design Basis Accidents (DBAs) will be acceptable, providing the unit is operated from within the LCOs at the onset of the DBA and the equipment functions as designed.

Each channel can be tested on line to verify that the signal processing equipment and setpoint accuracy is within the specified allowance requirements. Once a designated channel is taken out of service for testing, a simulated signal is injected in place of the field instrument signal. The process equipment for the channel in test is then tested, verified, and calibrated. SRs for the channels are specified in the SR section.

The determination of the NOMINAL TRIP SETPOINTS and Allowable Values listed in Table 3.3.2-1 incorporates all of the known uncertainties applicable for each channel. The magnitudes of these uncertainties are factored into the determination of each NOMINAL TRIP SETPOINT. All field sensors and signal processing equipment for these channels are assumed to operate within the allowances of these uncertainty magnitudes.

Catawba Units 1 and 2B332-ReionN.1 B 3.3.2-3 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES BACKGROUND (continued) 0 Solid State Protection System The SSPS equipment is used for the decision logic processing of outputs from the signal processing equipment bistables. To meet the redundancy requirements, two trains of SSPS, each performing the same functions, are provided. If one train is taken out of service for maintenance or test purposes, the second train will provide ESE actuation for the unit. If both trains are taken out of service or placed in test, a reactor trip will result.

Each train is packaged in its own cabinet for physical and electrical separation to satisfy separation and independence requirements.

The SSPS performs the decision logic for most ESF equipment actuation; generates the electrical output signals that initiate the required actuation; and provides the status, permissive, and annunciator output signals to the main control room of the unit.

The bistable outputs from the signal processing equipment are sensed by the SSPS equipment and combined into logic matrices that represent combinations indicative of various transients. If a required logic matrix combination is completed, the system will send actuation signals via master and slave relays to those components whose aggregate Function best serves to alleviate the condition and restore the unit to a safe condition. Examples are given in the Applicable Safety Analyses, LCO, and Applicability sections of this Bases.

Each SSPS train has a built in testing device that can test the decision logic matrix functions and the actuation devices while the unit is at power.

When any one train is taken out of service for testing, the other train is capable of providing unit monitoring and protection until the testing has been completed. The testing device is semiautomatic to minimize testing time.

The actuation of ESE components is accomplished through master and slave relays. The SSPS energizes the master relays appropriate for the condition of the unit. Each master relay then energizes one or more slave relays, which then cause actuation of the end devices. The master and slave relays are routinely tested to ensure operation. The test of the master relays energizes the relay, which then operates the contacts and applies a low voltage to the associated slave relays. The low voltage is not sufficient to actuate the slave relays but only demonstrates signal Catawba Units 1 and 2B3324ReionN.1 B 3.3.2-4 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES BACKGROUND (continued) path continuity. The SLAVE RELAY TEST actuates the devices if their operation will not interfere with continued unit operation. For the latter case, actual component operation is prevented by the SLAVE RELAY TEST circuit, and slave relay contact operation is verified by a continuity check of the circuit containing the slave relay.

APPLICABLE Each of the analyzed accidents can be detected by one or SAFETY ANALYSES, more ESFAS Functions. One of the ESFAS Functions is the LCO, AND primary actuation signal for that accident. An ESFAS Function APPLICABILITY may be the primary actuation signal for more than one type of accident.

An ESFAS Function may also be a secondary, or backup, actuation signal for one or more other accidents. For example, Pressurizer Pressure--Low is a primary actuation signal for small loss of coolant accidents (LOCAs) and a backup actuation signal for steam line breaks (SLBs) outside containment. Functions such as manual initiation, not specifically credited in the accident safety analysis, are qualitatively credited in the safety analysis and the NRC staff approved licensing basis for the unit. These Functions may provide protection for conditions that do not require dynamic transient analysis to demonstrate Function performance. These Functions may also serve as backups to Functions that were credited in the accident analysis (Ref. 3).

The LCO requires all instrumentation performing an ESFAS Function to be OPERABLE. Failure of any instrument renders the affected channel(s) inoperable and reduces the reliability of the affected Functions.

The LCO generally requires OPERABILITY of three or four channels in each instrumentation function and two channels in each logic and manual initiation function. The two-out-of-three and the two-out-of-four configurations allow one channel to be tripped during maintenance or testing without causing an ESFAS initiation. Two logic or manual initiation channels are required to ensure no single random failure disables the ESFAS.

The required channels of ESFAS instrumentation provide unit protection in the event of any of the analyzed accidents. ESFAS protection functions are as follows:

Catawba Units 1 and 2B33.5ReionN.1 B3.3.2-5 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

1.

Safety Injection Safety Injection (SI) provides two primary functions:

1.

Primary side water addition to ensure maintenance or recovery of reactor vessel water level (coverage of the active fuel for heat removal, clad integrity, and for limiting peak clad temperature to < 2200°F); and

2.

Boration to ensure recovery and maintenance of SDM (kerr < 1.0).

These functions are necessary to mitigate the effects of high energy line breaks (HELBs) both inside and outside of containment. The SI signal is also used to initiate other Functions such as:

Phase A Isolation; Containment Purge and Exhaust Isolation; Reactor Trip; Turbine Trip; Feedwater Isolation; Start of motor driven auxiliary feedwater (AFW) pumps; Start of control room area ventilation filtration trains; Enabling automatic switchover of Emergency Core Cooling Systems (ECOS) suction to containment sump; Start of annulus ventilation system filtration trains; Start of auxiliary building filtered ventilation exhaust system trains; Start of diesel generators Catawba Units 1 and 2B3326ReionN.1 B 3.3.2-6 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Start of nuclear service water system pumps; and Start of component cooling water system pumps.

These other functions ensure:

Isolation of nonessential systems through containment penetrations; Trip of the turbine and reactor to limit power generation;

Isolation of main feedwater (MEW) to limit secondary side mass losses;

Start of AFW to ensure secondary side cooling capability;

Filtration of the control room to ensure habitability;

Enabling ECCS suction from the refueling water storage tank (RWST) switchover on low RWST level to ensure continued cooling via use of the containment sump;

Starting of annulus ventilation and auxiliary building filtered ventilation to limit offsite releases;

Starting of diesel generators for loss of offsite power considerations; and

Starting of component cooling water and nuclear service water systems for heat removal.

a.

Safety Iniection-Manual Initiation The LCO requires two channels to be OPERABLE. The operator can initiate SI at any time by using either of two switches in the control room. This action will cause actuation of all components in the same manner as any of the automatic actuation signals.

The LCO for the Manual Initiation Function ensures the proper amount of redundancy is maintained in the manual ESFAS actuation circuitry to ensure the operator has manual ESFAS initiation capability.

Catawba Units 1 and 2B33.-ReionN.1 B 3.3.2-7 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Each train consists of one push button and the interconnecting wiring to the actuation logic cabinet. This configuration does not allow testing at power.

b.

Safety Iniection-Automatic Actuation Logqic and Actuation Relays This LCO requires two trains to be OPERABLE. Actuation logic consists of all circuitry housed within the actuation subsystems, including the initiating relay contacts responsible for actuating the ESE equipment.

Manual and automatic initiation of SI must be OPERABLE in MODES 1, 2, and 3. In these MODES, there is sufficient energy in the primary and secondary systems to warrant automatic initiation of ESF systems. In MODE 4, adequate time is available to manually actuate required components in the event of a DBA, but because of the large number of components actuated on a SI, actuation is simplified by the use of the manual actuation push buttons. Automatic actuation logic and actuation relays must be OPERABLE in MODE 4 to support system level manual initiation.

These Functions are not required to be OPERABLE in MODES 5 and 6 because there is adequate time for the operator to evaluate unit conditions and respond by manually starting individual systems, pumps, and other equipment to mitigate the consequences of an abnormal condition or accident. Unit pressure and temperature are very low and many ESF components are administratively locked out or otherwise prevented from actuating to prevent inadvertent overpressurization of unit systems.

c.

Safety Iniection-Containment Pressure-Higqh This signal provides protection against the following accidents:

SLB inside containment; LOCA; and

Feed line break inside containment.

Catawba Units 1 and 2B3.28ReionN.1 B3.3.2-8 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Containment Pressure-High provides no input to any control functions. Thus, three OPERABLE channels are sufficient to satisfy protective requirements with a two-out-of-three logic.

Containment Pressure-High must be OPERABLE in MODES 1, 2, and 3 when there is sufficient energy in the primary and secondary systems to pressurize the containment following a pipe break. In MODES 4, 5, and 6, there is insufficient energy in the primary or secondary systems to pressurize the containment.

d.

Safety Injection-Pressurizer Pressure-Low This signal provides protection against the following accidents:

Inadvertent opening of a steam generator (SG) relief or safety valve; SLB; o

A spectrum of rod cluster control assembly ejection accidents (rod ejection);

Inadvertent opening of a pressurizer relief or safety valve; LOCAs; and SG Tube Rupture.

Pressurizer pressure provides both control and protection functions: input to the Pressurizer Pressure Control System, reactor trip, and SI. Therefore, the actuation logic must be able to withstand both an input failure to control system, which may then require the protection function actuation, and a single failure in the other channels providing the protection function actuation. Thus, four OPERABLE channels are required to satisfy the requirements with a two-out-of-four logic.

Catawba Units 1 and 2B332-ReionN.1 B3.3.2-9 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

This Function must be OPERABLE in MODES 1, 2, and 3 (above P-i11) to mitigate the consequences of an HELB inside containment. This signal may be manually blocked by the operator below the P-I11 setpoint. Automatic SI actuation below this pressure setpoint is then performed by the Containment Pressure-High signal.

This Function is not required to be OPERABLE in MODE 3 below the P-I11 setpoint. Other ESF functions are used to detect accident conditions and actuate the ESF systems in this MODE. In MODES 4, 5, and 6, this Function is not needed for accident detection and mitigation.

2.

Deleted.

3.

Containment Isolation Containment Isolation provides isolation of the containment atmosphere, and all process systems that penetrate containment, from the environment. This Function is necessary to prevent or limit the release of radioactivity to the environment in the event of a large break LOCA.

There are two separate Containment Isolation signals, Phase A and Phase B. Phase A isolation isolates all automatically isolable process lines, except component cooling water (CCW) and nuclear service water system (NSWS), at a relatively low containment pressure indicative of primary or secondary system leaks. For these types of events, forced circulation cooling using the reactor coolant pumps (RCPs) and SGs is the preferred (but not required) method of decay heat removal. Since CCW and NSWS are required to support RCP operation, not isolating CCW and NSWS on the low pressure Phase A signal enhances unit safety by allowing operators to use forced RCS circulation to cool the unit.

Isolating CCW and NSWS on the low pressure signal may force the use of feed and bleed cooling, which could prove more difficult to control.

Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-10 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES O APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Phase A containment isolation is actuated automatically by SI, or manually via the actuation circuitry. All process lines penetrating containment, with the exception of CCW and NSWS, are isolated.

CCW is not isolated at this time to permit continued operation of the RCPs with cooling water flow to the thermal barrier heat exchangers and air or oil coolers. All process lines not equipped with remote operated isolation valves are manually closed, or otherwise isolated, prior to reaching MODE 4.

Manual Phase A Containment Isolation is accomplished by either of two switches in the control room. Either switch actuates its associated train.

The Phase B signal isolates CCW and NSWS. This occurs at a relatively high containment pressure that is indicative of a large break LOCA or an SLB. For these events, forced circulation using the RCPs is no longer desirable. Isolating the CCW and NSWS at the higher pressure does not pose a challenge to the containment boundary because the CCW System and NSWS are closed loops inside containment. Although some system components do not O

meet all of the ASME Code requirements applied to the S

containment itself, the systems are continuously pressurized to a pressure greater than the Phase B setpoint. Thus, routine operation demonstrates the integrity of the system pressure boundary for pressures exceeding the Phase B setpoint.

Furthermore, because system pressure exceeds the Phase B setpoint, any system leakage prior to initiation of Phase B isolation would be into containment. Therefore, the combination of CCW System and NSWS design and Phase B isolation ensures there is not a potential path for radioactive release from containment.

Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-11 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Phase B containment isolation is actuated by Containment Pressure-High High, or manually, via the automatic actuation logic, as previously discussed. For containment pressure to reach a value high enough to actuate Containment Pressure--High High, a large break LOCA or SLB must have occurred. RCP operation will no longer be required and CCW to the RCPs and NSWS to the ROP motor coolers are, therefore, no longer necessary. The RCPs can be operated with seal injection flow alone and without CCW flow to the thermal barrier heat exchanger.

Manual Phase B Containment Isolation is accomplished by pushbuttons on the main control board. In addition to manually initiating a Phase B Containment Isolation, the pushbuttons also isolate the containment ventilation system.

a.

Containment Isolation-Phase A Isolation (1)

Phase A Isolation-Manual Initiation Manual Phase A Containment Isolation is actuated by either of two switches in the control room. Each switch actuates its respective train.

(2)

Phase A Isolation-Automatic Actuation Logic and Actuation Relays Automatic Actuation Logic and Actuation Relays consist of the same features and operate in the same manner as described for ESFAS Function 1.b.

Manual and automatic initiation of Phase A Containment Isolation must be OPERABLE in MODES 1, 2, and 3, when there is a potential for an accident to occur. In MODE 4, adequate time is available to manually actuate required components in the event of a DBA, but because of the large number of components actuated on a Phase A Containment Isolation, actuation is simplified by the use of.the manual actuation push buttons. Automatic actuation logic and actuation relays must be OPERABLE in MODE 4 to support Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-12 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) system level manual initiation. In MODES 5 and 6, there is insufficient energy in the primary or secondary systems to pressurize the containment to require Phase A Containment Isolation. There also is adequate time for the operator to evaluate unit conditions and manually actuate individual isolation valves in response to abnormal or accident conditions.

(3)

Phase A Isolation-Safety Iniection Phase A Containment Isolation is also initiated by all Functions that initiate SI. The Phase A Containment Isolation requirements for these Functions are the same as the requirements for their SI function.

Therefore, the requirements are not repeated in Table 3.3.2-1. Instead, Function 1, SI, is referenced for all initiating Functions and requirements.

b.

Containment Isolation-Phase B Isolation Phase B Containment Isolation is accomplished by manual Initiation, Automatic Actuation Logic and Actuation Relays, and by Containment Pressure channels. The Containment Pressure trip of Phase B Containment Isolation is energized to trip in order to minimize the potential of spurious trips that may damage the RCPs.

(1)

Phase B Isolation-Manual Initiation (2)

Phase B Isolation-Automatic Actuation Logic and Actuation Relays Manual and automatic initiation of Phase B containment isolation must be OPERABLE in MODES 1, 2, and 3, when there is a potential for an accident to occur. In MODE 4, adequate time is available to manually actuate required components in the event of a DBA. However, because of the large number of components actuated on a Phase B Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-13 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LOO, and APPLICABILITY (continued) containment isolation, actuation is simplified by the use of the manual actuation push buttons. Automatic actuation logic and actuation relays must be OPERABLE in MODE 4 to support system level manual initiation. In MODES 5 and 6, there is insufficient energy in the primary or secondary systems to pressurize the containment to require Phase B containment isolation. There also is adequate time for the operator to evaluate unit conditions and manually actuate individual isolation valves in response to abnormal or accident conditions.

(3)

Phase B Isolation-Containment Pressure -

Hicqh-Higqh Containment Pressure - High-High uses four channels in a two-out-of-four logic configuration.

Since containment pressure is not used for control, this arrangement exceeds the minimum redundancy requirements. Additional redundancy is warranted because this Function is energize to trip.

Containment Pressure - High-High must be OPERABLE in MODES 1, 2, and 3 when there is sufficient energy in the primary and secondary sides to pressurize the containment following a pipe break.

In MODES 4, 5, and 6, there is insufficient energy in the primary and secondary sides to pressurize the containment and reach the Containment Pressure -

High-High setpoints.

4.

Steam Line Isolation Isolation of the main steam lines provides protection in the event of an SLB inside or outside containment. Rapid isolation of the steam lines will limit the steam break accident to the blowdown from one SG, at most. For an SLB upstream of the main steam isolation valves (MSIVs), inside or outside of containment, closure of the MSIVs limits the accident to the blowdown from only the affected SG. For an SLB downstream of the MSl Vs, closure of the MSlVs terminates the accident as soon as the steam lines depressurize.

Steam Line Isolation also mitigates the effects of a feed line break and ensures a source of steam for the turbine driven AFW pump during a feed line break.

Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-14 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

a.

Steam Line Isolation-Manual Initiation Manual initiation of Steam Line Isolation can be accomplished from the control room. There are two system level switches in the control room and either switch can initiate action to immediately close all MSiVs. The LCO requires two channels to be OPERABLE. Individual valves may also be closed using individual hand switches in the control room. The LCO requires four individual channels to be OPERABLE.

b.

Steam Line Isolation-Automatic Actuation Looic and Actuation Relays Automatic actuation logic and actuation relays consist of the same features and operate in the same manner as described for ESFAS Function 1.b.

Manual and automatic initiation of steam line isolation must be OPERABLE in MODES 1, 2, and 3 when there is sufficient energy in the ROS and SGs to have an SLB or other accident. This could result in the release of significant quantities of energy and cause a cooldown of the primary system. The Steam Line Isolation Function is required in MODES 2 and 3 unless all MSIVs are closed and de-activated. In MODES 4, 5, and 6, there is insufficient energy in the ROS and SGs to experience an SLB or other accident releasing significant quantities of energy.

c.

Steam Line Isolation-Containment Pressure-Hiqh Higqh This Function actuates closure of the MSlVs in the event of a LOCA or an SLB inside containment to maintain three unfaulted SGs as a heat sink for the reactor, and to limit the mass and energy release to containment. Containment Pressure-High High uses four channels in a two-out-of-four logic configuration. Since containment pressure is not used for control, this arrangement exceeds the minimum redundancy requirements. Additional redundancy is warranted because this Function is energize to trip.

Containment Pressure-High High must be OPERABLE in MODES 1, 2, and 3, when there is sufficient energy in the primary and secondary side to pressurize the containment following a pipe break. This would cause a significant increase in the containment pressure, thus allowing detection Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-15 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) and closure of the MSIVs. The Steam Line Isolation Function remains OPERABLE in MODES 2 and 3 unless all MSIVs are closed and de-activated. In MODES 4, 5, and 6, there is not enough energy in the primary and secondary sides to pressurize the containment to the Containment Pressure-High High setpoint.

d.

Steam Line Isolation-Steam Line Pressure Steam Line Pressure channels provide both protection and control functions. The protection functions include: Steam Line Pressure-Low and Steam Line Pressure-Negative Rate functions. The control functions include: Digital Feedwater Control System (DFCS) which controls SG level.

(1)

Steam Line Pressure-Low Steam Line Pressure--Low provides closure of the MSIVs in the event of an SLB to maintain three unfaulted SGs as a heat sink for the reactor, and to limit the mass and energy release to containment.

This Function provides closure of the MSIVs in the 1

event of a feed line break to ensure a supply of steam for the turbine driven AEW pump.

DECS receives steam pressure inputs from three separate protection channels for each SG. The three inputs are median selected for each SG, with the resultant output being used by the automatic control algorithm. The median select feature prevents the failure of an input signal from affecting the control system. A loss of two or more input signals will place the control system in manual and alert the operator.

DFCS will maintain a steady control function during the switch to manual operation; therefore, a failure of one or more input signals will not cause a control system action that would result in a condition requiring protective actions. Thus, three OPERABLE channels on each steam line, with a two-out-of-three logic on each steam line, are sufficient to satisfy protective requirements.

Steam Line Pressure-Low Function must be OPERABLE in MODES 1, 2, and 3 (above P-11), with any main steam valve open, when a secondary side Catawba Units 1 and 2B3321ReionN.2 B 3.3.2-16 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) break or stuck open valve could result in the rapid depressurization of the steam lines. This signal may be manually blocked by the operator below the P-i11 setpoint. Below P-I11, an inside containment SLB will be terminated by automatic actuation via Containment Pressure-High High. Stuck valve transients and outside containment SLBs will be terminated by the Steam Line Pressure-Negative Rate-High signal for Steam Line Isolation below P-I1I when SI has been manually blocked. The Steam Line Isolation Function is required in MODES 2 and 3 unless all MSlVs are closed and de-activated. This Function is not required to be OPERABLE in MODES 4, 5, and 6 because there is insufficient energy in the secondary side of the unit to have an accident.

(2)

Steam Line Pressure-Negative Rate-High Steam Line Pressure-Negative Rate-High provides closure of the MSIVs for an SLB when less than the P-11I setpoint, to maintain at least one unfaulted SG as a heat sink for the reactor, and to limit the mass and energy release to containment. When the operator manually blocks the Steam Line Pressure-Low main steam isolation signal when less than the P-li setpoint, the Steam Line Pressure-Negative Rate-High signal is automatically enabled. DECS receives steam pressure inputs from three separate protection channels for each SG. The three inputs are median selected for each SG, with the resultant output being used by the automatic control algorithm.

The median select feature prevents the failure of an input signal from affecting the control system. A loss of two or more input signals will place the control system in manual and alert the operator. DFCS will maintain a steady control function during the switch to manual operation; therefore, a failure of one or more input signals will not cause a control system action that would result in a condition requiring protective actions. Thus, three OPERABLE channels on each steam line, with a two-out-of-three logic on each steam line, are sufficient to satisfy protective requirements.

Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-17 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Steam Line Pressure-Negative Rate-High must be OPERABLE in MODE 3 when less than the P-i11 setpoint, when a secondary side break or stuck open valve could result in the rapid depressurization of the steam line(s). In MODES 1 and 2, and in MODE 3, when above the P-ilI setpoint, this signal is automatically disabled and the Steam Line Pressure-Low signal is automatically enabled. The Steam Line Isolation Function is required to be OPERABLE in MODES 2 and 3 unless all MSIVs are closed and de-activated. In MODES 4, 5, and 6, there is insufficient energy in the primary and secondary sides to have an SLB or other accident that would result in a release of significant enough quantities of energy to cause a cooldown of the RCS.

5.

Turbine Trip and Feedwater Isolation The primary functions of the Turbine Trip and Feedwater isolation signals are to prevent damage to the turbine due to water in the steam lines, stop the excessive flow of feedwater into the SGs, and to limit the energy released into containment. These Functions are necessary to mitigate the effects of a high water level in the SGs, which could result in carryover of water into the steam lines and excessive cooldown of the primary system. The SG high water level is due to excessive feedwater flows. Feedwater Isolation serves to limit the energy released into containment upon a feedwater line or steam line break inside containment.

The Functions are actuated when the level in any SG exceeds the high high setpoint, and performs the following functions:

Trips the main turbine; Trips the MEW pumps; Initiates feedwater isolation; and

Shuts the MEW regulating valves and the bypass feedwater regulating valves.

Turbine Trip and Feedwater Isolation signals are both actuated by SG Water Level-High High, or by an SI signal. The RTS also initiates a turbine trip signal whenever a reactor trip (P-4) is generated. A Feedwater Isolation signal is also generated by a Catawba Units 1 and 2 B3321 eiinN.1 B 3.3.2-18 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) reactor trip (P-4) coincident with Tavg-Low and on a high water level in the reactor building doghouse. The MEW System is also taken out of operation and the AFW System is automatically started. The SI signal was discussed previously.

a.

Turbine Trip (1)

Turbine Trip-Automatic Actuation Logqic and Actuation Relays Automatic Actuation Logic and Actuation Relays consist of the same features and operate in the same manner as described for ESFAS Function 1.b.

(2)

Turbine Trip-Steam Generator Water Level-High Higqh This signal prevents damage to the turbine due to water in the steam lines. The ESFAS SG water level instruments provide input to the SG Water Level Control System. Therefore, the actuation logic must be able to withstand both an input failure to the control system (which may then require the protection function actuation) and a single failure in the other channels providing the protection function actuation.

Thus, four OPERABLE channels are required to satisfy the requirements with a two-out-of-four logic.

The setpoints are based on percent of narrow range instrument span.

(3)

Turbine Trip-Safety Iniection Turbine Trip is also initiated by all Functions that initiate SI. Therefore, the requirements are not repeated in Table 3.3.2-1. Instead Function 1, SI, is referenced for all initiating functions and requirements.

Item 5.a.(1) is referenced for the applicable MODES.

The Turbine Trip Function must be OPERABLE in MODES 1 and 2. In lower MODES, the turbine generator is not in service and this Function is not required to be OPERABLE.

b.

Feedwater Isolation Catawba Units 1 and 2 B3321 eiinN.1 B3.3.2-19 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

(1)

Feedwater Isolation-Automatic Actuation Loqic and Actuation Relays Automatic Actuation Logic and Actuation Relays consist of the same features and operate in the same manner as described for ESFAS Function 1.b.

(2)

Feedwater Isolation-Steam Generator Water Level-Higqh Higqh (P-14)

This signal provides protection against excessive feedwater flow. The ESFAS SG water level instruments provide input to the SG Water Level Control System. Therefore, the actuation logic must be able to withstand both an input failure to the control system (which may then require the protection function actuation) and a single failure in the other channels providing the protection function actuation.

Thus, four OPERABLE channels are required to satisfy the requirements with a two-out-of-four logic.

The setpoints are based on percent of narrow range instrument span.

(3)

Feedwater Isolation-Safety Iniection Feedwater Isolation is also initiated by all Functions that initiate SI. The Feedwater Isolation Function requirements for these Functions are the same as the requirements for their SI function. Therefore, the requirements are not repeated in Table 3.3.2-1.

Instead Function 1, SI, is referenced for all initiating functions and requirements. Item 5.b.(1) is referenced for the applicable MODES.

(4)

Feedwater Isolation - RCS Tav_.p Low coincident with Reactor Trip (P-4)

This signal provides protection against excessive cooldown, which could subsequently introduce a positive reactivity excursion after a plant trip. There are four channels of RCS Tavg - Low (one per loop),

with a two-out-of-four logic required coincident with a reactor trip signal (P-4) to initiate a feedwater isolation. The P-4 interlock is discussed in Function 8.a.

Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-20 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES O APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

(5)

Feedwater Isolation - Doqihouse Water Level - Higih This signal initiates a Feedwater Isolation. The signal terminates forward feedwater flow in the event of a postulated pipe break in the main feedwater piping in the doghouses to prevent flooding safety related equipment essential to the safe shutdown of the plant. Each doghouse contains two trains of level instrumentation. The level instrumentation consists of six level switches (three per train) in each of the two reactor building doghouses. A high-high level detected by two-out-of-three switches, in either the inboard or outboard doghouse, will initiate a doghouse isolation. This signal initiates Feedwater Isolation for the specific doghouse where the High-High level is detected and trips both main feedwater pumps thus causing a main turbine trip.

The Feedwater Isolation Function must be OPERABLE in MODES 1 and 2 and also in MODE 3 (except for the I

functions listed in Table 3.3.2-1)

Feedwater Isolation is not required OPERABLE when all MFlIVs, MFCVs, and associated bypass valves are closed and de-activated or isolated by a closed manual valve. In lower MODES, the MEW System is not in service and this Function is not required to be OPERABLE.

6.

Auxiliary Feedwater The AFW System is designed to provide a secondary side heat sink for the reactor in the event that the MEW System is not available. The system has two motor driven pumps and a turbine driven pump, making it available during normal and accident operation. The normal source of water for the AFW System is the condensate storage system (not safety related). A low suction pressure to the AFW pumps will automatically realign the pump suctions to the Nuclear Service Water System (NSWS)(safety related). The AEW System is aligned so that upon a pump start, flow is initiated to the respective SGs immediately.

a.

Auxiliary Feedwater-Automatic Actuation Loqic and Actuation Relays h

Automatic actuation logic and actuation relays consist of the Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-21 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) same features and operate in the same manner as described for ESFAS Function l.b.

b.

Auxiliary Feedwater-Steam Generator Water Level-Low Low SG Water Level-Low Low provides protection against a loss of heat sink. A feed line break, inside or outside of containment, or a loss of MFW, would result in a loss of SG water level. SG Water Level-Low Low provides input to the SG Level Control System. Therefore, the actuation logic must be able to withstand both an input failure to the control system which may then require a protection function actuation and a single failure in the other channels providing the protection function actuation. Thus, four OPERABLE channels are required to satisfy the requirements with two-out-of-four logic. The setpoints are based on percent of narrow range instrument span.

SG Water Level--Low Low in any operating SG will cause the motor driven AFW pumps to start. The system is aligned so that upon a start of the pump, water immediately begins to flow to the S~s. SG Water Level--Low Low in any two operating S~s will cause the turbine driven pumps to start.

c.

Auxiliary Feedwater--Safety Injection An SI signal starts the motor driven AFW pumps. The AFW initiation functions are the same as the requirements for their SI function. Therefore, the requirements are not repeated in Table 3.3.2-1. Instead, Function 1, SI, is referenced for all initiating functions and requirements.

d.

Auxiliary Feedwater-Loss of Offsite Power A loss of offsite power to the service buses will be accompanied by a loss of reactor coolant pumping power and the subsequent need for some method of decay heat removal. The loss of offsite power is detected by a voltage drop on each essential service bus. Loss of power to either essential service bus will start the turbine driven and motor driven AFW pumps to ensure that at least two S~s contain enough water to serve as the heat sink for reactor decay heat and sensible heat removal following the reactor trip.

Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-22 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES O

APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

Functions 6.a through 6.d must be OPERABLE in MODES 1, 2, and 3 to ensure that the SGs remain the heat sink for the reactor.

These Functions do not have to be OPERABLE in MODES 5 and 6 because there is not enough heat being generated in the reactor to require the SGs as a heat sink. In MODE 4, AFW actuation does not need to be OPERABLE because either AFW or residual heat removal (RHR) wili already be in operation to remove decay heat or sufficient time is available to manually place either system in operation.

e.

Auxiliary Feedwater-Trip of All Main Feedwater Pumps A Trip of all MFW pumps is an indication of a loss of MFW and the subsequent need for some method of decay heat and sensible heat removal to bring the reactor back to no load temperature and pressure. Each turbine driven MFW pump is equipped with three pressure switches on the trip oil system. A low pressure signal from two-out-of-three of these pressure switches indicates a trip of that pump. Three OPERABLE channels per pump satisfy redundancy requirements with two-out-of-three logic. A trip of all MEW pupsstarts the motor driven AFW pmsto enuethat at least two SGs are available with water to act as the heat sink for the reactor. This function must be OPERABLE in MODES 1 and 2. This ensures that at least two SGs are provided with water to serve as the heat sink to remove reactor decay heat and sensible heat in the event of an accident. In MODES 3, 4, and 5, the MEW pumps may be normally shut down, and thus neither pump trip is indicative of a condition requiring automatic AEW initiation.

f. Auxiliary Feedwater-Pump Suction Transfer on Suction Pressure-Low A low pressure signal in the AEW pump suction line protects the AFW pumps against a loss of the normal supply of water for the pumps, the condensate storage system. Three pressure switches per train are located on the AFW pump suction line from the condensate storage system. A low pressure signal sensed by two-out-of-three switches will align their train related motor driven AFW pump and the turbine driven AEW pump to the assured water supply (NSWS). The NSWS (safety grade) is then lined up to supply the AFW pumps to ensure an adequate supply of water for the AFW Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-23 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

System to maintain at least two of the SGs as the heat sink for reactor decay heat and sensible heat removal.

This Function must be OPERABLE in MODES 1, 2, and 3 to ensure a safety grade supply of water for the AFW System to maintain the SGs as the heat sink for the reactor. This Function does not have to be OPERABLE in MODES 5 and 6 because there is not enough heat being generated in the reactor to require the SGs as a heat sink. In MODE 4, AFW automatic suction transfer does not need to be OPERABLE because RHR will already be in operation, or sufficient time is available to place RHR in operation, to remove decay heat.

7.

Automatic Switchover to Containment Sump At the end of the injection phase of a LOCA, the RWST will be nearly empty. Continued cooling must be provided by the ECCS to remove decay heat. The source of water for the ECCS pumps is automatically switched to the containment recirculation sump. The low head residual heat removal (RHR) pumps and containment spray pumps draw the water from the containment recirculation sump, the RHR pumps pump the water through the RHR heat exchanger, inject the water back into the RCS, and supply the cooled water to the other ECCS pumps. Switchover from the RWST to the containment sump must occur before the RWST empties to prevent damage to the RHR pumps and a loss of core cooling capability.

a.

Automatic Switchover to Containment Sump-Automatic Actuation Loq~ic and Actuation Relays Automatic actuation logic and actuation relays consist of the same features and operate in the same manner as described for ESFAS Function 1.b.

b.

Automatic Switchover to Containment Sumpo-Refuelinq Water Storagie Tank (RWST')

Level-Low Coincident With Safety Iniection During the injection phase of a LOCA, the RWST is the source of water for all ECCS pumps. A low level in the RWST coincident with an SI signal provides protection against a loss of water for the ECCS pumps and indicates the end of the injection phase of the LOCA. The RWST is equipped with four level transmitters. These transmitters Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-24 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) provide no control functions. Since an inadvertent switchover to the containment sump could have a significant safety impact, this instrumentation is placed in a bypass condition for testing. Therefore, four channels are supplied such that, during testing, the remaining three channels could perform the intendead function, and no single failure could result in either a failure to accomplish the intended function, or in an inadvertent switchover to the containment sump.

Automatic switchover occurs only if the RWST low level signal is coincident with SI. This prevents accidental switchover during normal operation. Accidental switchover could damage ECCS pumps if they are attempting to take suction from an empty sum p. The automatic switchover Function requirements for the SI Functions are the same as the requirements for their SI function. Therefore, the requirements are not repeated in Table 3.3.2-1. Instead, Function 1, SI, is referenced for all initiating Functions and requirements.

These Functions must be OPERABLE in MODES 1, 2, 3, and 4 when there is a potential for a LOCA to occur, to ensure a continued supply of water for the ECCS pumps.

These Functions are not required to be OPERABLE in MODES 5 and 6 because there is adequate time for the operator to evaluate unit conditions and respond by manually starting systems, pumps, and other equipment to mitigate the consequences of an abnormal condition or accident. System pressure and temperature are very low and many ESF components are administratively locked out or otherwise prevented from actuating to prevent inadvertent overpressurization of unit systems.

8.

Engineered Safety Feature Actuation System Interlocks To allow some flexibility in unit operations, several interlocks are included as part of the ESFAS. These interlocks permit the operator to block some signals, automatically enable other signals, prevent some actions from occurring, and cause other actions to occur. The interlock Functions back up manual actions to ensure bypassable functions are in operation under the conditions assumed in the safety analyses.

Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-25 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued)

a.

Enqineered Safety Feature Actuation System Interlocks--Reactor Trip. P-4 The P-4 interlock is enabled when a reactor trip breaker (RTB) and its associated bypass breaker is open. Operators are able to reset Si 60 seconds after initiation. If a P-4 is present when SI is reset, subsequent automatic SI initiations will be blocked until the RTBs have been manually closed.

This Function allows operators to take manual control of SI systems after the initial phase of injection is complete while avoiding multiple SI initiations. The functions of the P-4 interlock are:

Trip the main turbine; Isolate MFW with coincident low Tavg; Prevent reactuation of SI after a manual reset of SI; Transfer the steam dump from the load rejection controller to the unit trip controller; and Prevent opening of the MFW isolation valves if they were closed on SI or SG Water Level--High High.

Each of the above Functions is interlocked with P-4 to avert or reduce the continued cooldown of the RCS following a reactor trip. An excessive cooldown of the RCS following a reactor trip could cause an insertion of positive reactivity with a subsequent increase in generated power. To avoid such a situation, the noted Functions have been interlocked with P-4 as part of the design of the unit control and protection system.

None of the noted Functions serves a mitigation function in the unit licensing basis safety analyses. Only the turbine trip Function is explicitly assumed since it is an immediate consequence of the reactor trip Function. Neither turbine trip, nor any of the other four Functions associated with the reactor trip signal, is required to show that the unit licensing basis safety analysis acceptance criteria are not exceeded.

The RTB position switches that provide input to the P-4 interlock only function to energize or de-energize or open or close contacts. Therefore, this Function has no adjustable Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-26 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCo, and APPLICABILITY (continued) trip setpoint with which to associate a Trip Setpoint and Allowable Value.

This Function must be OPERABLE in MODES 1, 2, and 3 when the reactor may be critical or approaching criticality.

This Function does not have to be OPERABLE inl MODE 4, 5, or 6 because the main turbine, the MFW System, and the Steam Dump System are not in operation.

b.

Engqineered Safety Feature Actuation System Interlocks-Pressurizer Pressure, P-I11 The P-I11 interlock permits a normal unit cooldown and depressurization without actuation of SI or main steam line isolation. With two-out-of-three pressurizer pressure channels (discussed previously) less than the P-11I setpoint, the operator can manually block the Pressurizer Pressure-Low SI signal and the Steam Line Pressure-Low steam line isolation signal (previously discussed). When the Steam Line Pressure-Low steam line isolation signal is manually blocked, a main steam isolation signal on Steam Line D

Pressure-Negative Rate-High is enabled. This provides protection for an SLB by closure of the MSlVs. With two-out-of-three pressurizer pressure channels above the P-i11 setpoint, the Pressurizer Pressure-Low SI signal and the Steam Line Pressure-Low steam line isolation signal are automatically enabled. The operator can also enable these trips by use of the respective manual reset buttons. When the Steam Line Pressure-Low steam line isolation signal is enabled, the main steam isolation on Steam Line Pressure-Negative Rate--High is disabled.

This Function must be OPERABLE in MODES 1, 2, and 3 to allow an orderly cooldown and depressurization of the unit without the actuation of SI or main steam isolation. This Function does not have to be OPERABLE in MODE 4, 5, or 6 because system pressure must already be below the P-i11 setpoint for the requirements of the heatup and cooldown curves to be met.

c.

Engineered Safety Feature Actuation System Interlocks-T~av__-Low Low, P-i12 On increasing reactor coolant temperature, the P-12 interlock D

provides an arming signal to the Steam Dump System. On a Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-27 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) decreasing temperature, the P-12 interlock removes the arming signal to the Steam Dump System to prevent an excessive cooldown of the RCS due to a malfunctioning Steam Dump System.

Since Tavg is used as an indication or bulk RCS temper~ature, this Function meets redundancy requirements with one OPERABLE channel in each loop. These channels are used in two-out-of-four logic. This Function must be OPERABLE in MODES 1, 2, and 3 when a secondary side break or stuck open valve could result in the rapid depressurization of the steam lines. This Function does not have to be OPERABLE in MODE 4, 5, or 6 because there is insufficient energy in the secondary side of the unit to have an accident.

9.

Containment Pressure Control System Permissives The Containment Pressure Control System (CPCS) protects the Containment Building from excessive depressurization by preventing inadvertent actuation or continuous operation of the Containment Spray and Containment Air Return Systems when containment pressure is at or less than the CPCS permissive setpoint. The control scheme of CPCS is comprised of eight independent control circuits (4 per train), each having a separate and independent pressure transmitter and current alarm module.

Each pressure transmitter monitors the containment pressure and provides input to its respective current alarm. The current alarms are set to inhibit or terminate containment spray and containment air return systems when containment pressure falls to or below 0.25 psid. The alarm modules switch back to the permissive state (allowing the systems to operate) when containment pressure is greater than or equal to 1.0 psid.

This function must be OPERABLE in MODES 1, 2, 3, and 4 when there is sufficient energy in the primary and secondary sides to pressurize containment following a pipe break. In MODES 5 and 6, there is insufficient energy in the primary and secondary sides to significantly pressurize the containment.

10.

Nuclear Service Water System Suction Transfer - Low Pit Level Upon an emergency low pit level signal from either NSWS pit, interlocks isolate the NSWS from Lake Wylie, align NSWS to the standby nuclear service water pond, close particular crossover Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-28 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES APPLICABLE SAFETY ANALYSES, LCO, and APPLICABILITY (continued) valves, and start the NSWS pumps. This function is initiated on a two-out-of-three logic from either NSWS pump pit.

This function must be OPERABLE in MODES 1, 2, 3, and 4 to ensure cooling water remains available to essential components during a DBA. in MODES 5 and 6, the sufficient time exists for manual operator action to realign the NSWS pump suction, if required.

Unlike other shared NSWS equipment, the pit level interlocks do not require both normal and emergency power for OPERABILITY.

This is because unlike mechanical components such as pumps and valves, the interlocks are designed to fail safe upon a loss of power, initiating a transfer from Lake Wylie to the standby nuclear service water pond. The definition of OPERABILITY, which requires either normal or emergency power, provides sufficient power supply requirements and these interlocks can be considered OPERABLE provided they are powered from either an inverter or regulated power.

The ESFAS instrumentation satisfies Criterion 3 of 10 CFR 50.36 (Ref.

6).

ACTIONS A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this Specification may be entered independently for each Function listed on Table 3.3.2-1. When the Required Channels in Table 3.3.2-1 are specified (e.g., on a per steam line, per loop, per SG, etc., basis), then the Condition may be entered separately for each steam line, loop, SG, etc., as appropriate.

A channel shall be OPERABLE if the point at which the channel trips is found more conservative than the Allowable Value. In the event a channel's trip setpoint is found Jess conservative than the Allowable Value, or the transmitter, instrument loop, signal processing electronics, or bistable is found inoperable, then all affected Functions provided by that channel must be declared inoperable and the LCO Condition(s) entered for the protection Function(s) affected. If plant conditions warrant, the trip setpoint may be set outside the NOMINAL TRIP SETPOINT calibration tolerance band as long as the trip setpoint is conservative with respect to the NOMINAL TRIP SETPOINT. If the trip setpoint is found outside of the NOMINAL TRIP SETPOINT calibration tolerance band and non-conservative with respect to the NOMINAL TRIP SETPOINT, the setpoint shall be re-adjusted.

Catawba Units 1 and 2 B3322 eiinN.1 B 3.3.2-29 Revision No. 12

ESFAS Instrumentation B3.3.2 BASES ACTIONS (continued) 0 When the number of inoperable channels in a trip function exceed those specified in one or other related Conditions associated with a trip function, then the unit is outside the safety analysis. Therefore, LCO 3.0.3 should be immediately entered if applicable in the current MODE of operation.

A.1.

Condition A applies to all ESFAS protection functions.

Condition A addresses the situation where one or more channels or trains for one or more Functions are inoperable at the same time. The Required Action is to refer to Table 3.3.2-1 and to take the Required Actions for the protection functions affected. The Completion Times are those from the referenced Conditions and Required Actions.

8.1, 8.2.1 and B.2.2 Condition B applies to manual initiation of:

SI;

Containment Spray;

Phase A Isolation; and Phase B Isolation.

This action addresses the train orientation of the SSPS for the functions listed above. If a channel or train is inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to return it to an OPERABLE status. Note that for containment spray and Phase B isolation, failure of one or both channels in one train renders the train inoperable. Condition B, therefore, encompasses both situations.

The specified Completion Time is reasonable considering that there are two automatic actuation trains and another manual initiation train OPERABLE for each Function, and the low probability of an event occurring during this interval. If the train cannot be restored to OPERABLE status, the unit must be placed in a MODE in which the LCO does not apply. This is done by placing the unit in at least MODE 3 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (54 hours6.25e-4 days 0.015 hours 8.928571e-5 weeks 2.0547e-5 months total time) and in MODE 5 within an additional 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months (84 hours9.722222e-4 days 0.0233 hours 1.388889e-4 weeks 3.1962e-5 months total time). The allowable Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-30 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES O ACTIONS (continued) 0.1, 0.2.1 and C.2.2 Condition C applies to the automatic actuation logic and actuation relays for the following functions:

SI; Phase A Isolation; Phase B Isolation; and Automatic Switchover to Containment Sump.

This action addresses the train orientation of the SSPS and the master and slave relays. If one train is inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status. The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed for restoring the inoperable train to OPERABLE status is justified in Reference 13. The specified Completion Time is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. If the train cannot be restored to D

OPERABLE status, the unit must be placed in a MODE in which the LCO does not apply. This is done by placing the unit in at least MODE 3 within an additional 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months (30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months total time) and in MODE 5 within an additional 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months (60 hours6.944444e-4 days 0.0167 hours 9.920635e-5 weeks 2.283e-5 months total time). The Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems.

The Required Actions are modified by a Note that allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing, provided the other train is OPERABLE. The Required Actions are not required to be met during this time, unless the train is discovered inoperable during the testing. This allowance is based on the reliability analysis assumption of WCAP-1 0271-P-A (Ref. 7) that 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is the average time required to perform train surveillance.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-31 Revision No. 12

ESFAS Instrumentation B3.3.2 BASES ACTIONS (continued) 0 D.1, D.2.1. and D.2.2 Condition D applies to:

Containment Pressure-High; Pressurizer Pressure-Low; Steam Line Pressure-Low;

Steam Line Pressure-Negative Rate-High;

Loss of offsite power (refer to Condition D footnote);

SG Water level--Low Low; and

SG Water level--High High (P-i14) for the Feedwater Isolation Function.

If one channel is inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to restore the channel to OPERABLE status or to place it in the tripped condition. Generally this Condition applies to functions that operate on two-out-of-three logic.

Therefore, failure of one channel places the Function in a two-out-of-two configuration. One channel must be tripped to place the Function in a one-out-of-two configuration that satisfies redundancy requirements. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to restore the channel to OPERABLE status or to place it in the tripped.condition is justified in Reference 13.

Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months requires the unit be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 4, these Functions are no longer required OPERABLE.

The Required Actions are modified by a Note that allows the inoperable channel to be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels. The 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months allowed for testing is justified in Reference 13.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-32 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)

E.1, E.2.1. and E.2.2 Condition E applies to:

Containmen~t Phase B Isolation Containment Pressure-High High; and Steam Line Isolation Containment Pressure - High High.

Neither of these signals has input to a control function. Thus, two-out-of-three logic is necessary to meet acceptable protective requirements.

However, a two-out-of-three design would require tripping a failed channel. This is undesirable because a single failure would then cause spurious isolation initiation. Therefore, these channels are designed with two-out-of-four logic so that a failed channel may be bypassed rather than tripped. Note that one channel may be bypassed and still satisfy the single failure criterion. Furthermore, with one channel bypassed, a single instrumentation channel failure will not spuriously initiate isolation.

To avoid the inadvertent actuation of Phase B containment isolation, the inoperable channel should not be placed in the tripped condition. Instead it is bypassed. Restoring the channel to OPERABLE status, or placing the inoperable channel in the bypass condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , is sufficient to assure that the Function remains OPERABLE and minimizes the time that the Function may be in a partial trip condition (assuming the inoperable channel has failed high). The Completion Time is further justified based on the low probability of an event occurring during this interval. Failure to restore the inoperable channel to OPERABLE status, or place it in the bypassed condition within 72. hours, requires the unit be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 4, these Functions are no longer required OPERABLE.

The Required Actions are modified by a Note that allows one additional channel to be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing.

Placing a second channel in the bypass condition for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for testing purposes is acceptable based on the results of Reference 13.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-33 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued) 0 F.1, F.2.1. and F.2.2 Condition F applies to:

Manual initiation of Steam Line isolation; and P-4 Interlock.

For the Manual Initiation and the P-4 Interlock Functions, this action addresses the train orientation of the SSPS. If a train or channel is inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to return it to OPERABLE status. The specified Completion Time is reasonable considering the nature of these Functions, the available redundancy, and the low probability of an event occurring during this interval. If the Function cannot be returned to OPERABLE status, the unit must be placed in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power in an orderly manner and without challenging unit systems. In MODE 4, the unit does not have any analyzed transients or conditions that require the explicit use of the protection functions noted above.

G.1 and G.2 Condition G applies to manual initiation of Steam Line Isolation.

This action addresses the operability of the manual steam line isolation function for each individual main steam isolation valve. If a channel is inoperable, 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is allowed to return it to an OPERABLE status. If the train cannot be restored to OPERABLE status, the Conditions and Required Actions of LCO 3.7.2, "Main Steam Isolation Valves," must be entered for the associated inoperable valve. The specified Completion Time is reasonable considering that there is a system level manual initiation train for this Function and the low probability of an event occurring during this interval.

0 Catawba Units 1 and 2 B 3.3.2-34 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)

H.1. H.2.1 and H.2.2 Condition H applies to the automatic actuation logic and actuation relays for the Steam Line Isolation, Feedwater Isolation, and AFW actuation FURctIONS.

The action addresses the train orientation of the SSPS and the master and slave relays for these functions. If one train is inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status. The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed for restoring the inoperable train to OPERABLE status is justified in Reference 13. The Completion Time for restoring a train to OPERABLE status is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. If the train cannot be returned to OPERABLE status, the unit must be brought to MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. Placing the unit in MODE 4 removes all requirements for OPERABILITY of the protection channels and actuation functions. In this MODE, the unit does not have analyzed transients or conditions that require the explicit use of the protection functions noted above.

The Required Actions are modified by a Note that allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE. This allowance is based on the reliability analysis (Ref. 7) assumption that 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is the average time required to perform channel surveillance.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-35 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued) 1.1 and 1.2 Condition I applies to the automatic actuation logic and actuation relays for the Turbine Trip Function.

This action addresses the train orientation of the SSPS and the master and slave relays for this Function. If one train is inoperable, 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months are allowed to restore the train to OPERABLE status or the unit must be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months allowed for restoring the inoperable train to OPERABLE status is justified in Reference 13. The Completion Time for restoring a train to OPERABLE status is reasonable considering that there is another train OPERABLE, and the low probability of an event occurring during this interval. The allowed Completion Time of 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. These Functions are no longer required in MODE 3. Placing the unit in MODE 3 removes all requirements for OPERABILITY of the protection channels and actuation functions. In this MODE, the unit does not have analyzed transients or conditions that require the explicit use of the protection functions noted above.

The Required Actions are modified by a Note that allows one train to be bypassed for up to 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months for surveillance testing provided the other train is OPERABLE. This allowance is based on the reliability analysis (Ref. 7) assumption that 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months is the average time required to perform channel surveillance.

J.1 and J.2 Condition J applies to:

SG Water Level--High High (P-14) for the Turbine Trip Function; and Tavg-LOw.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-36 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)

If one channel is inoperable, 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months are allowed to restore one channel to OPERABLE status or to place it in the tripped condition. If placed in the tripped condition, the Function is then in a partial trip condition where one-out-of-three logic will result in actuation. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to restore the channel to OPERABLE status or place it in the tripped condition is justified in Reference 13. Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months requires the unit to be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Time of 78 hours9.027778e-4 days 0.0217 hours 1.289683e-4 weeks 2.9679e-5 months is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. In MODE 3, these Functions are no longer required OPERABLE.

The Required Actions are modified by a Note that allows the inoperable channel to be bypassed for up to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months for surveillance testing of other channels. The 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months allowed to place the inoperable channel in the tripped condition, and the 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months allowed for a second channel to be in the bypassed condition for testing, are justified in Reference 13.

K.1 and K.2 Condition K applies to the AFW pump start on trip of all MFW pumps.

This action addresses the auto start function of the AFW System on loss of all MFW pumps. The OPERABILITY of the AFW System must be assured by allowing automatic start of the AFW System pumps. If a channel is inoperable, 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months is allowed to return it to an OPERABLE status or to place the channel in trip. If the function cannot be returned to an OPERABLE status or placed in a trip condition, 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months are allowed to place the unit in MODE 3. The allowed Completion Time of 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is reasonable, based on operating experience, to reach MODE 3 from full power conditions in an orderly manner and without challenging unit systems. In MODE 3, the unit does not have any analyzed transients or conditions that require the explicit use of the protection function noted above.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-37 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)

L.1 and L.2 Condition L applies to the Doghouse Water Level - High High.

If one channel is inoperable, 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months are allowed to restore the channel to OPERABLE status or to place it hi the tripped condition. Therefore, failure of one channel places the Function in a two-out-of-two configuration. One channel must be tripped to place the Function in a one-out-of-two configuration that satisfies redundancy requirements.

Alternatively, if the inoperable channel is not restored to OPERABLE status or placed in the tripped condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , the unit must be placed in MODE 3 within 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months .

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 3, this Function is no longer required OPERABLE.

Required Action L.1 is modified by a Note that allows the inoperable channel to be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing of other channels.

M.1. M.2.1 and M.2.2 Condition M applies to the Auxiliary Feedwater Pumps Suction Transfer on Suction Pressure Low.

If one channel is inoperable, 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months is allowed to restore the channel to OPERABLE status or to place it in the tripped condition. The failure of one channel places the Function in a two-out-of-two configuration. One channel must be tripped to place the Function in a one-out-of-three configuration that satisfies redundancy requirements.

Failure to restore the inoperable channel to OPERABLE status or place it in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months requires the unit to be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-38 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 4, this Function is no longer required OPERABLE.

N.1, N.2.1 and N.2.2 Condition N applies to:

RWST Level--Low Coincident with Safety Injection.

RWST Level-Low Coincident With SI provides actuation of switchover to the containment sump. Note that this Function requires the bistables to energize to perform their required action. The failure of up to two channels will not prevent the operation of this Function. However, placing a failed channel in the tripped condition could result in a premature switchover to the sump, prior to the injection of the minimum volume from the RWST. Placing the inoperable channel in bypass results in a two-out-of-three logic configuration, which satisfies the requirement to allow another failure without disabling actuation of the switchover when required. Restoring the channel to OPERABLE status or placing the inoperable channel in the bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months is sufficient to ensure that the Function remains OPERABLE, and minimizes the time that the Function may be in a partial trip condition (assuming the inoperable channel has failed high). The 6 hour6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months Completion Time is justified in Reference 7. If the channel cannot be returned to OPERABLE status or placed in the bypass condition within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , the unit must be brought to MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 5 within the next 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 5, the unit does not have any analyzed transients or conditions that require the explicit use of the protection functions noted above.

The Required Actions are modified by a Note that allows placing a second channel in the bypass condition for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing. The total of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months to reach MODE 3 and 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for a second channel to be bypassed is acceptable based on the results of Reference 7.

Catawba Units 1 and 2 B3323 eiinN.1 B 3.3.2-39 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued) 0.1. 0.2.1 and 0.2.2 Condition 0 applies to the P-li and P-12 interlocks.

With one channel inoperable, the operator must verify that the interlock is in the required state for the existing unit condition. This action manually accomplishes the function of the interlock. Determination must be made within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . The 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months Completion Time is equal to the time allowed by LCO 3.0.3 to initiate shutdown actions in the event of a complete loss of ESFAS function. If the interlock is not in the required state (or placed in the required state) for the existing unit condition, the unit must be placed in MODE 3 within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 4 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. Placing the unit in MODE 4 removes all requirements for OPERABILITY of these interlocks.

P.1 Condition P applies to the Containment Pressure Control System Start and Terminate Permissives.

With one or more channels inoperable, the affected containment spray and containment air return systems components must be declared inoperable immediately. The supported system LCOs provide the appropriate Required Actions and Completion Times for the equipment made inoperable by the inoperable channel. The immediate Completion Time is appropriate since the inoperable channel could prevent the supported equipment from starting when required. Additionally, protection from an inadvertent actuation may not be provided if the terminate function is not OPERABLE.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-40 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES ACTIONS (continued)

Q.1. Q.2. Q.3.1. and Q.3.2 With one channel of NSWS Suction Transfer - Low Pit Level inoperable in one or more NSWS pits, 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months are allowed to place it in the tripped condition or align the NSWS to the Standby NSWS Pond. The failure of one channel places the Function in a two-out-of-two configuration. The failed channel must either be tripped to place the Function in a one-out-of-two configuration that satisfies redundancy requirements, or the NSWS realigned to fulfill the safety function.

Failure to place the channel in the tripped condition or to realign the NSWS suction and discharge within 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months requires the unit be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 5 within the next 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months .

The requirement to align the NSWS to the Standby NSWS Pond only applies to OPERABLE trains of the system.

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 5, this Function is no longer required OPERABLE.

R.1, R.2.1. and R.2.2 With two or more channels of NSWS Suction Transfer - Low Pit Level inoperable in one or more pits, the NSWS must be aligned to the Standby NSWS Pond within 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months . Failure to accomplish the realignment within 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months requires the unit be placed in MODE 3 within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and MODE 5 within the next 30 hours3.472222e-4 days 0.00833 hours 4.960317e-5 weeks 1.1415e-5 months .

The requirement to align the NSWS to the Standby NSWS Pond only applies to OPERABLE trains of the system.

The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 5, this Function is no longer required OPERABLE.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-41 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE The SRs for each ESFAS Function are identified by the SRs column0 REQUIREMENTS of Table 3.3.2-1.

A Note has been added to the SR Table to clarify that Table 3.3.2-1 determines which SRs apply to which ESFAS Functions.

Note that each channel of process protection supplies both trains of the ESFAS. When testing channel I, train A and train B must be examined.

Similarly, train A and train B must be examined when testing channel II, channel Ill, and channel IV (if applicable). The CHANNEL CALIBRATION and COTs are performed in a manner that is consistent with the assumptions used in analytically calculating the required channel accuracies.

SR 3.3.2.1 Performance of the CHANNEL CHECK ensures that a gross failure of instrumentation has not occurred. A CHANNEL CHECK is normally a comparison of the parameter indicated on one channel to a similar parameter on other channels. It is based on the assumption that instrument channels monitoring the same parameter should read approximately the same value. Significant deviations between the two instrument channels could be an indication of excessive instrument drift in one of the channels or of something even more serious. A CHANNEL

!I CHECK will detect gross channel failure; thus, it is key to verifying the instrumentation continues to operate properly between each CHANNEL CALIBRATION.

Agreement criteria are determined by the unit staff, based on a combination of the channel instrument uncertainties, including indication and reliability. If a channel is outside the criteria, it may be an indication that the sensor or the signal processing equipment has drifted outside its limit.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.3.2.2 SR 3.3.2.2 is the performance of an ACTUATION LOGIC TEST. The SSPS is tested using the semiautomatic tester. The train being tested is placed in the bypass condition, thus preventing inadvertent actuation.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-42 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued)

Through the semiautomatic tester, all possible logic combinations, with and without applicable permissives, are tested for each protection function. In addition, the master relay coil is pulse tested for continuity.

This verifies that the logic modules are OPERABLE and that there is an intact voltage signal path to the master relay coils. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.3.2.3 SR 3.3.2.3 is the performance of a TADOT. This test is a check of the Loss of Offsite Power Function. Each Function is tested up to, and including, the master transfer relay coils.

This test also includes trip devices that provide actuation signals directly to the SSPS. The SR is modified by a Note that excludes final actuation of pumps and valves to minimize plant upsets that would occur. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

For Functions for which TSTF-493, "Clarify Application of Setpoint Methodology for LSSS Functions" has been implemented, this SR is modified by two Notes as identified in Table 3.3.2-1. The first Note requires evaluation of channel performance for the condition where the as-found setting for the channel setpoint is outside its as-found tolerance but conservative with respect to the Allowable Value. Evaluation of channel performance will verify that the channel will continue to behave in accordance with safety analysis assumptions and the channel performance assumptions in the setpoint methodology. The purpose of the assessment is to ensure confidence in the channel performance prior to returning the channel to service. For channels determined to be OPERABLE but degraded, after returning the channel to service the performance of these channels will be evaluated under the plant Corrective Action Program. Entry into the Corrective Action Program will ensure required review and documentation of the condition. The second Note requires that the as-left setting for the channel be returned to within the as-left tolerance of the NOMINAL TRIP SETPOINT (NTSP). Where a setpoint more conservative than the NTSP is used in the plant surveillance procedures (field setting), the as-left and as-found tolerances, as applicable, will be applied to the surveillance procedure setpoint. This will ensure that sufficient margin to the Safety Limit and/or Analytical Limit is maintained. If the as-left channel setting cannot be Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-43 Revision No. 12

ESFAS Instrumentation B3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued) 0)

returned to a setting within the as-left tolerance of the NTSP, then the channel shall be declared inoperable. The second Note also requires that the methodologies for calculating the as-left and the as-found tolerances be in the UFSAR.

SR 3.3.2.4 SR 3.3.2.4 is the performance of a MASTER RELAY TEST. The MASTER RELAY TEST is the energizing of the master relay, verifying contact operation and a low voltage continuity check of the slave relay coil. Upon master relay contact operation, a low voltage is injected to the slave relay coil. This voltage is insufficient to pick up the slave relay, but large enough to demonstrate signal path continuity. The time allowed for the testing (4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months ) is justified in Reference 7. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.3.2.5 SR 3.3.2.5 is the performance of a COT.0 A COT is performed on each required channel to ensure the channel will perform the intended Function. The tested portion of the loop must trip within the Allowable Values specified in Table 3.3.2-1.

The setpoint shall be left set consistent with the assumptions of the setpoint methodology.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

Catawba Units 1 and 2 B324 eiinN.1 B 3.3.2-44 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.2.6 SR 3.3.2.6 is the performance of a SLAVE RELAY TEST. The SLAVE RELAY TEST is the energizing of the slave relays. Contact operation is verified in one of two ways. Actuation equipment that may be operated in the design mitigation MODE is either allowed to function, or is placed inl a condition where the relay contact operation can be verified without operation of the equipment. Actuation equipment that may not be operated in the design mitigation MODE is prevented from operation by the SLAVE RELAY TEST circuit. For this latter case, contact operation is verified by a continuity check of the circuit containing the slave relay. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

For slave relays or any auxiliary relays in the ESFAS circuit that are of the type Westinghouse AR or Potter & Brumfield MDR, the SLAVE RELAY TEST Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

SR 3.3.2.7 SR 3.3.2.7 is the performance of a COT on the RWST level and Containment Pressure Control Start and Terminate Permissives.

A COT is performed on each required channel to ensure the entire channel will perform the intended Function. Setpoints must be found conservative with respect to the Allowable Values specified in Table 3.3.2-1. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-45 Revision No. 12

ESFAS Instrumentation

B 3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued)

For Functions for which TSTF-493, "Clarify Application of Setpoint Methodology for LSSS Functions" has been implemented, this SR is modified by two Notes as identified in Table 3.3.2-1. The first Note requires evaluation of channel performance for the condition where the as-found setting for the channel setpoint is outside its as-found tolerance but co nser-vative with respect to the Allowable Value. Evaluation of channel performance will verify that the channel will continue to behave in accordance with safety analysis assumptions and the channel performance assumptions in the setpoint methodology. The purpose of the assessment is to ensure confidence in the channel performance prior to returning the channel to service. For channels determined to be OPERABLE but degraded, after returning the channel to service the performance of these channels will be evaluated under the plant Corrective Action Program. Entry into the Corrective Action Program will ensure required review and documentation of the condition. The second Note requires that the as-left setting for the channel be returned to within the as-left tolerance of the NOMINAL TRIP SETPOINT (NTSP). Where a setpoint more conservative than the NTSP is used in the plant surveillance procedures (field setting), the as-left and as-found tolerances, as applicable, will be applied to the surveillance procedure setpoint. This will ensure that sufficient margin to the Safety Limit and/or Analytical Limit is maintained. If the as-left channel setting cannot be returned to a setting within the as-left tolerance of the NTSP, then the channel shall be declared inoperable. The second Note also requires that the methodologies for calculating the as-left and the as-found tolerances be in the UFSAR.

SR 3.3.2.8 SR 3.3.2.8 is the performance of a TADOT. This test is a check of the Manual Actuation Functions, AFW pump start on trip of all MEW pumps, AFW low suction pressure, Reactor Trip (P-4) Interlock, and Doghouse Water Level - High High Feedwater Isolation. Each Manual Actuation Function is tested up to, and including, the master relay coils. In some instances, the test includes actuation of the end device (i.e., pump starts, valve cycles, etc.). The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. The SR is modified by a Note that excludes verification of setpoints during the TADOT for manual initiation Functions. The manual initiation Functions have no associated setpoints.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-46 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.2.9 SR 3.3.2.9 is the performance of a CHANNEL CALIBRATION.

CHANNEL CALIBRATION is a complete check of the instrument loop, including the sensor. The test verifies that the channel responds to measured parameter within the necessary range and accuracy.

CHANNEL CALIBRATIONS must be performed consistent with the assumptions of the unit specific setpoint methodology.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note stating that this test should include verification that the time constants are adjusted to the prescribed values where applicable. The applicable time constants are shown in Table 3.3.2-1.

For Functions for which TSTF-493, "Clarify Application of Setpoint Methodology for LSSS Functions" has been implemented, this SR is modified by two Notes as identified in Table 3.3.2-1. The first Note requires evaluation of channel performance for the condition where the as-found setting for the channel setpoint is outside its as-found tolerance but conservative with respect to the Allowable Value. Evaluation of channel performance will verify that the channel will continue to behave in accordance with safety analysis assumptions and the channel performance assumptions in the setpoint methodology. The purpose of the assessment is to ensure confidence in the channel performance prior to returning the channel to service. For channels determined to be OPERABLE but degraded, after returning the channel to service the performance of these channels will be evaluated under the plant Corrective Action Program. Entry into the Corrective Action Program will ensure required review and documentation of the condition. The second Note requires that the as-left setting for the channel be returned to within the as-left tolerance of the NOMINAL TRIP SETPOINT (NTSP). Where a setpoint more conservative than the NTSP is used in the plant surveillance procedures (field setting), the as-left and as-found tolerances, as applicable, will be applied to the surveillance procedure setpoint. This will ensure that sufficient margin to the Safety Limit and/or Analytical Limit is maintained. If the as-left channel setting cannot be returned to a setting within the as-left tolerance of the NTSP, then the

channel shall be declared inoperable. The second Note also requires that the methodologies for calculating the as-left and the as-found Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-47 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued) tolerances be in the UFSAR.

SR 3.3.2.10 This SR ensures the individual channel ESF RESPONSE TIMES are less than or equal to the maximum values assumed in the accident analysis.

Response Time testing acceptance criteria are included in the UFSAR (Ref. 2). Individual component response times are not modeled in the analyses. The analyses model the overall or total elapsed time, from the point at which the parameter exceeds the Trip Setpoint value at the sensor, to the point at which the equipment in both trains reaches the required functional state (e.g., pumps at rated discharge pressure, valves in full open or closed position).

For channels that include dynamic transfer functions (e.g., lag, lead/lag, rate/lag, etc.), the response time test may be performed with the transfer functions set to one with the resulting measured response time compared to the appropriate UFSAR response time. Alternately, the response time test can be performed with the time constants set to their nominal value provided the required response time is analytically calculated assuming the time constants are set at their nominal values. The response time may be measured by a series of overlapping tests such that the entire response time is measured.

Response time may be verified by actual response time tests in any series of sequential, overlapping or total channel measurements, or by the summation of allocated sensor, signal processing and actuation logic response times with actual response time tests on the remainder of the channel. Allocations for sensor response times may be obtained from:

(1) historical records based on acceptable response time tests (hydraulic, noise, or power interrupt tests), (2) inplace, onsite, or offsite (e.g. vendor) test measurements, or (3) utilizing vendor engineering specifications.

WCAP-1 3632-P-A Revision 2, "Elimination of Pressure Sensor Response Time Testing Requirements" provides the basis and methodology for using allocated sensor response times in the overall verification of the channel response time for specific sensors identified in the WCAP. In addition, while not specifically identified in the WOAP, ITT Barton 386A and 580A-0 sensors were compared to sensors which were identified. It was concluded that the WCAP results could be applied to these two sensor types as well. Response time verification for other sensor types must be demonstrated by test.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-48 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQUIREMENTS (continued)

WCAP-1 4036-P-A Revision 1, "Elimination of Periodic Protection Channel Response Time Tests" provides the basis and methodology for using allocated signal processing and actuation logic response times in the overall verification of the protection system channel response time.

The allocations for sensor, signal conditioning and actuation logic response times must be verified prior to placing the component in operational service and re-verified following maintenance that may adversely affect response time. In general, electrical repair work does not impact response time provided the parts used for repair are of the same type and value. Specific components identified in the WCAP may be replaced without verification testing. One example where response time could be affected is replacing the sensing assembly of a transmitter.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

This SR is modified by a Note that clarifies that the turbine driven AFW pump is tested within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months after reaching 600 psig in the SGs.

SR 3.3.2.11 SR 3.3.2.11 is the performance of a COT on the NSWS Suction Transfer

- Low Pit Level.

A COT is performed on each required channel to ensure the entire channel will perform the intended Function. Setpoints must be found within the Allowable Values specified in Table 3.3.2-1. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

Catawba Units 1 and 2 B3324 eiinN.1 B 3.3.2-49 Revision No. 12

ESFAS Instrumentation B 3.3.2 BASES SURVEILLANCE REQU IREMENTS (continued)

SR 3.3.2.12 SR 3.3.2.12 is the performance of an ACTUATION LOGIC TEST on the Doghouse Water Level-High High and NSWS Suction Transfer-Emergency Low Pit Level Functions.

An ACTUATION L'OGIC TEST to satisfy the requirements of GL 96-01 is performed on each instrumentation to ensure all logic combinations will initiate the appropriate Function. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

REFERENCES

1.

UFSAR, Chapter 6.

2.

UFSAR, Chapter 7.

3.

UFSAR, Chapter 15.

4.

IEEE-279-1971.

5.

10 CFR 50.49.

6.

10 CFR 50.36, Technical Specifications, (c)(2)(ii).

7.

WCAP-1 0271-P-A, Supplement 1 and Supplement 2, Rev. 1, May 1986 and June 1990.

8.

WCAP-13632-P-A Revision 2, "Elimination of Pressure Sensor Response Time Testing Requirements" Sep., 1995.

9.

WCAP-14036-P-A Revision 1, "Elimination of Periodic Protection Channel Response Time Tests" Oct., 1998.

10.

Not used.

11.

Not used.

12.

Not used.

13.

WCAP-1 4333-P-A, Revision "1, October 1998.

14.

Not used.

Catawba Units 1 and 2 B3325 eiinN.1 B 3.3.2-50 Revision No. 12

LOP DG Start Instrumentation B 3.3.5 B 3.3 INSTRUMENTATION B 3.3.5 Loss of Power (LOP) Diesel Generator (DG) Start Instrumentation BASES BACKGROUND The DGs provide a source of emergency power when offsite power is either unavailable or is insufficiently stable to allow safe unit operation.

Undervoltage protection will generate an LOP start if a toss of voltage or degraded voltage condition occurs at the 4.16 kV switchgear. There are two LOP start signals, one for each 4.16 kV vital bus.

Each of the redundant 4160V essential buses is provided with two levels of undervoltage protection to monitor bus voltage. Each level is provided with a separate set of three under voltage relays which are utilized in a two-out-of-three logic scheme.

The first level of undervoltage relays detect a loss of voltage on the 41 60V AC essential bus. The relays are set to drop out if voltage falls below 3450V (82.9% of normal bus voltage) and remains there for approximately 10 cycles. The 10 cycle time delay prevents false diesel starting due to power system transients. The voltage setpoirit was selected such that relay operation will not be initiated during normal motor starting; however, these relays will detect loss of voltage and initiate action in a time consistent with the accident analysis.

The second level provides degraded voltage protection. The relays are set to drop out at greater than or equal to 3766V (approximately 90.5% of normal bus voltage). This second level employs two time delays: the first (5 seconds) establishes the existence of a sustained degraded voltage condition and provides an annunciator alarm in the control room; the second (10 minutes) permits corrective operator action prior to separating the Class 1 E and offsite power systems. The occurrence of a safety injection signal subsequent to the first time delay will immediately separate the Class 1 E and offsite power systems.

The LOP start actuation is described in UFSAR, Section 8.3 (Ref. 1).

Catawba Units 1 and 2 B3351Rvso o

B3.3.5-1 Revision No. 3

LOP DG Start Instrumentation B 3.3.5 BASES BACKGROUND (continued)

Trip Setpoints and Allowable Values The NOMINAL TRIP SETPOINTS used in the relays are based on the analytical limits presented in UFSAR, Chapter 15 (Ref. 2). The selection of these Trip Setpoints is such that adequate protection is provided when all sensor and processing time delays are taken into account.

The actual as-left setpoint of the relays is normally still more conservative than that required by the Allowable Value. If the measured setpoint does not exceed the Allowable Value, the relay is considered OPERABLE.

Setpoints adjusted in accordance with the Allowable Value ensure that the consequences of accidents will be acceptable, providing the unit is operated from within the LCOs at the onset of the accident and that the equipment functions as designed.

Allowable Values and NOMINAL TRIP SETPOINTS are specified for each Function in the LCO. The NOMINAL TRIP SETPOINTS are selected to ensure that the setpoint measured by the surveillance procedure does not exceed the Allowable Value if the relay is performing as required. A relay shall be OPERABLE if the point at which the relay4 trips is found more conservative than the Allowable Value. In the event a q

relay's trip setpoint is found less conservative than the Allowable Value, or the transmitter, instrument loop, signal processing electronics, or bistable is found inoperable, then all affected Functions provided by that relay must be declared inoperable and the LCO Condition(s) entered for the protection Function(s) affected. If plant conditions warrant, the trip setpoint may be set outside the NOMINAL TRIP SETPOINT calibration tolerance band as long as the trip setpoint is conservative with respect to the NOMINAL TRIP SETPOINT. If the trip setpoint is found outside of the NOMINAL TRIP SETPOINT calibration tolerance band and non-conservative with respect to the NOMINAL TRIP SETPOINT, the setpoint shall be re-adjusted. Each Allowable Value and NOMINAL TRIP SETPOINT specified is more conservative than the analytical limit assumed in the transient and accident analyses in order to account for instrument uncertainties appropriate to the trip function. These uncertainties are defined in setpoint calculations.

APPLICABLE The LOP DG start instrumentation is required for the Engineered SAFETY ANALYSES Safety Features (ES F) Systems to function in any accident with a loss of offsite power. Its design basis is that of the ESF Actuation System (ESFAS).

Catawba Units 1 and 2 B3352Rvso o

B3.3.5-2 Revision No. 3

LOP DG Start Instrumentation B 3.3.5 BASES O

APPLICABLE SAFETY ANALYSES (continued)

Accident analyses credit the loading of the DG based on the loss of offsite power during a loss of coolant accident (LOCA). The actual DG start has historically been associated with the ESFAS actuation. The DO loading has been included in the delay time associated with each safety system component requiring DO supplied power following a loss of offsite power. The analyses assume a non-mechanistic DG loading, which does not explicitly account for each individual component of loss of power detection and subsequent actions.

The required channels of LOP DO start instrumentation, in conjunction with the ESE systems powered from the D~s, provide unit protection in the event of any of the analyzed accidents discussed in Reference 2, in which a loss of offsite power is assumed.

The delay times assumed in the safety analysis for the ESE equipment include the 10 second DO start delay, and the appropriate sequencing delay, if applicable. The response times for ESFAS actuated equipment in LCO 3.3.2, "Engineered Safety Feature Actuation System (ESFAS)

Instrumentation," include the appropriate DG loading and sequencing delay. The LOP DG start instrumentation channels satisfy Criterion 3 of D

10 CFR 50.36 (Ref. 3).

LCO The LCO for LOP DO start instrumentation requires that three channels per bus of both the loss of voltage and degraded voltage Functions shall be OPERABLE in MODES 1, 2, 3, and 4 when the LOP DG start instrumentation supports safety systems associated with the ESFAS. In MODES 5 and 6, the three channels must be OPERABLE whenever the associated DG is required to be OPERABLE to ensure that the automatic start of the DO is available when needed. Loss of the LOP DO Start Instrumentation Function could result in the delay of safety systems initiation when required. This could lead to unacceptable consequences during accidents. During the loss of offsite power the DO powers the motor driven auxiliary feedwater pumps. Failure of these pumps to start would leave only one turbine driven pump, as well as an increased potential for a loss of decay heat removal through the secondary system.

Catawba Units 1 and 2 B3353Rvso o

B 3.3.5-3 Revision No. 3

LOP DG Start Instrumentation B 3.3.5 BASES APPLICABILITY The LOP DG Start Instrumentation Functions are required in MODES 1, 2, 3, and 4 because ESE Functions are designed to provide protection in these MODES. Actuation in MODE 5 or 6 is required whenever the required DG must be OPERABLE so that it can perform its function on an LOP or degraded power to the vital bus.

ACTIONS A channel shall be OPERABLE if the point at which the channel trips is found more conservative than the Allowable Value. In the event a channel's trip setpoint is found less conservative than the Allowable Value, or the transmitter, instrument loop, signal processing electronics, or bistable is found inoperable, then all affected Functions provided by that channel must be declared inoperable and the LCO Condition(s) entered for the protection Function(s) affected. If plant conditions warrant, the trip setpoint may be set outside the NOMINAL TRIP SETPOINT calibration tolerance band as long as the trip setpoint is conservative with respect to the NOMINAL TRIP SETPOINT. If the trip setpoint is found outside of the NOMINAL TRIP SETPOINT calibration tolerance band and non-conservative with respect to the NOMINAL TRIP SETPOINT, the setpoint shall be re-adjusted.

Because the required channels are specified on a per bus basis, the Condition may be entered separately for each bus as appropriate.

A Note has been added in the ACTIONS to clarify the application of Completion Time rules. The Conditions of this Specification may be entered independently for each Function listed in the LCO. The Completion Time(s) of the inoperable channel(s) of a Function will be tracked separately for each Function starting from the time the Condition was entered for that Function.

A.1 Condition A applies to the LOP DG start Function with one loss of voltage or degraded voltage channel per bus inoperable.

If one channel is inoperable, Required Action A.1 requires that channel to be placed in trip within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . With a channel in trip, the LOP DG start instrumentation channels are configured to provide a one-out-of-two logic to initiate a trip of the incoming offsite power.

The specified Completion Time is reasonable considering the Function remains fully OPERABLE on every bus and the low probability of an event occurring during these intervals.

Catawba Units 1 and 2 B3354Rvso o

B 3.3.5-4 Revision No. 3

LOP DG Start Instrumentation B 3.3.5 BASES ACTIONS (continued)

B.1I Condition B applies when more than one loss of voltage or more than one degraded voltage channel on a single bus is inoperable.

Required Action B.I requires restoring all but one channel to OPERABLE status. The 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months Completion Time should allow ample time to repair most failures and takes into account the low probability of an event requiring an LOP start occurring during this interval.

C...1 Condition C applies to each of the LOP DG start Functions when the Required Action and associated Completion Time for Condition A or B are not met.

In these circumstances the Conditions specified in LCO 3.8.1, "AC Sources--Operating," or LCO 3.8.2, "AC Sources--Shutdown," for the DG made inoperable by failure of the LOP DG start instrumentation are D

required to be entered immediately. The actions of those LCOs provide for adequate compensatory actions to assure unit safety.

SURVEILLANCE SR 3.3.5.1 REQUIREMENTS SR 3.3.5.1 is the performance of a TADOT. The test checks trip devices that provide actuation signals directly, bypassing the analog process control equipment. For these tests, the relay Trip Setpoints are verified and adjusted as necessary. There is a plant specific program which verifies that the instrument channel functions as required by verifying the as-left and as-found setting are consistent with those established by the setpoint methodology. The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

Testing consists of voltage sensor relay testing only. Actuation of load shedding and time delay timers is not required.

Catawba Units 1 and 2 B3355Rvso o

B 3.3.5-5 Revision No. 3

LOP DG Start Instrumentation B 3.3.5 BASES SURVEILLANCE REQUIREMENTS (continued)

SR 3.3.5.2 SR 3.3.5.2 is the performance of a CHANNEL CALIBRATION.

The setpoints, as well as the response to a loss of voltage and a degraded voltage test, shall include a single point verification that the trip occurs within the required time delay, as shown in Reference 1.

CHANNEL CALIBRATION is a complete check of the instrument loop, including the sensor. The test verifies that the channel responds to a measured parameter within the necessary range and accuracy. There is a plant specific program which verifies that the instrument channel functions as required by verifying the as-left and as-found setting are consistent with those established by the setpoint methodology.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program.

REFERENCES

1.

UFSAR, Section 8.3.

2.

UFSAR, Chapter 15.

3.

10 CFR 50.36, Technical Specifications, (c)(2)(ii).

Catawba Units 1 and 2 B3356Rvso o

B3.3.5-6 Revision No. 3

Kelvin Henderson

('DUKE Vice President ENERGY Catawba Nuclear Station Duke Energy CNOIVP I 4800 Concord Road York, SC 29745 0: 803.701.4251 CNS-16-015 f: 803.701.3221 February 18, 2016 U.S. Nuclear Regulatory Commission Document Control Desk Washington, DC 20555-0001

Subject:

Duke Energy Carolinas, LLC Catawba Nuclear Station, Units 1 and 2 Docket Nos. 50-413 and 50A414 Technical Specification Bases. Changes Pursuant to 10OCER 50.4, please find attached changes to the Catawba Nuclear Station Technical Specification Bases. These Bases changes were made according to the provisions of Technical Specification 5.5.14, "Technical Specifications (TS) Bases Control Program."~

Any questions regarding this information should be directed to Larry Rudy, Regulatory Affairs, at

(803) 701--3084.

I certify that I am a duly authorized officer of Duke Energy Carolinas, LLC, and that the information contained herein accura~~tel ersnscags aet h

ehia Specification Bases since the previous submittal.

Kelvin Henderson Vice President, Catawba Nuclear Station Attachment www.duke-energy.com

U.S. Nuclear Regulatory Commission February 18, 2016 Page 2 xc: C. Haney, Regional Administrator U. S. Nuclear Regulatory Commission, Region II Marquis One Tower 245 Peachtree Center Ave., NE Suite 1200 Atlanta, GA 30303-1257 Mr. J.A. Whited NRC Project Manager (CNS)

U.S. Nuclear Regulatory Commission One White Flint North, Mail Stop O-8B1A 11555 Rockville Pike Rockville, MD 20852-2746 G. A. Hutto, Senior Resident Inspector catawba Nuclear Station

Catawba Nuclear Station DUKE ENERGY Duke Energy 4800 Concord Rd.

York, SC 29745 February 18, 2016 Re:

Catawba Nuclear Station Technical Specificati~ns (TS) Manual Amendmenlts 277/273 On December 18, 2015, the NRC issued Amendments 277/273 to the Facility Operating Licenses NPF-35 & NPF-52 for the Catawba Nuclear Station; Unit 1 and Unit 2, respectively.

The amendments revise the TSs to correct non-conservative setpoints. Specifically, the Allowable Value and Nominal Trip'Setpoint for the Auxiliary Feedwater loss of Offsite Power (Function 6.d) is modified. Additionally, the values in the associated Surveillance Requirement 3.3.5.2 are modified to the same values. As part of the change, the amendment also adds the applicable footnotes in accordance with TSTF-493, Revision 14, "Clarify Application of Setpoint Methodology for LSSS Functions."

REMOVE THESE PAGES INSERT THESE PAGES Page 4 FACILITY OPERATING LICENSE UNIT 1 TAB FACILITY OPERATING LICENSE UNIT 2 TAB Page 4 Page 4 Page 4 LIST OF EFFECTIVE PAGES Pages 1-19 Pages 1-19 TECHNICAL SPECIFICATIONS TAB 3.3.2 3.3.2-13 thru 3.3.2-17 3.3.2-13 thru 3.3.2-18 TAB 3.3.5 3.3.5-1 thru 3.3.5-2 3.3.5-1 thru 3.3.5-2 www.duke-energy.com

Catawba Nuclear Station Technical Specifications Manual Amendments February 18, 2016 Page 2 BAS ES TAB 3.3.2 B 3.3.2-1 thru B 3.3.2-49 Revision 11 B 3.3.2-1 thru B 3.3.2-50 Revision 12 TAB 3.3.5 B 3.3.5-1 thru B 3.3.5-6 Revision 2 B 3.3.5-1 thru B 3.3.5-6 Revision 3 If you have any questions concerning the contents of this Technical Specification update, please contact Kristi Byers at (803),01-3758.

Cecil A. Fletcher, II Manager, Regulatory Affairs (2) 'Technical Sp~ecifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 277, which are attached hereto, are hereby incorporated into this renewed operating license. Duke Energy Carolinas, LLC shall operate the facility' in accordance with the Technical Specifications.

(3)

Up~dated Final Safety Analysis Report The Updated Final Safety Analysis Report supplement submitted pursuant to 10 CFR 54.21 (d), as revised on December 16, 2002, describes certain future activities to be completed before the period of extended operation. Duke shall complete these activities no later than December 6, 2024, and shall notify the NRC in writing when implementation of these activities is complete and can be verified by NRC inspection.

The Updated Final Safety Analysis Report supplement as revised on December 16, 2002, described above, shall be included in thenext scheduled update to the Updated Final Safety Analysis Report required by 10 CFR 50.71 (e)(4), following issuance of this renewed operating license. Until that update is complete, Duke may make changes to the programs described in such supplement without prior Commission approval, provided that Duke evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59 and otherwise complies with the requirements in that section.

(4)

Antitrust Conditions Duke EneIrgy Carolinas, LLC shall comply with the antitrust conditions delineated in Appendix C to this renewed operating license.

(5)

Fire Protection Proqram (Section 9.5.1, SER, SSER #2, SSER #3, SSER #4, SSER #5)*

Duke Energy Carolinas, LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report, as amended, for the facility and as approved in the SER through Supplement 5, subject to the following provision:

The licensee may make changes to the~approvedifire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

- The parenthetical notation following the title of this renewed operating license condition denotes the section of the Safety Evaluation Report and/or its supplement wherein this renewed license condition is discussed.

Renewed License No. NPF-35 Amendment No. 277 S

(2)

Technical S pecifications The Technical Specifications contained in Appendix A, as revised through Amendment No. 273, which are attached hereto, are herebY incorporated into.

this renewed operating license. Duke Energy Carolinas, LLC shall operate the" facility in accordance with the Technical Specifications.

(3)

Updated Final Safety Analysis Report The Updated.Final Safety Analysis Report supplement submitted pursuant to 10 CFR 54.21(d), as revised on December 16, 2002, describes certain future activities 16 be completed before the period of extended operation. Duke shall complete these activities no later than December 6, 2024, and shall notify the NRC in writing when implementation of these activities is complete~and can be verified by NRC inspection.

The Updated Final Safety Analysis Report supplement as revised on December 16, 2002,-described above, shall be included in the next scheduled update to the Updated Final Safety Analysis Report required by 10 CFR 50.71(e)(4), following issuance of'this renewed operating license. Until that update is complete, Duke may make changes to the programs described in such supplement without prior Commission approval, provided that Duke evaluates each such change pursuant to the criteria set forth in 10 CFR 50.59' O

~and otherwise complies with the requiremerits in that section.

(4)

Antitrust Conditions Duke Energy Carolinas, LLC shall comply with the antitrust conditions delineated in Appendix C to this renewed operating license.

-(5)

Fire Protection Proqram (Section 9.5.1, SER, SSER #2, SSER #3, SSER #4, SSER #5)*

.Duke Energy Carolinas,. LLC shall implement and maintain in effect all provisions of the approved fire protection program as described in the Updated Final Safety Analysis Report, as amended, for the facility and as approved in the SER through Supplement 5, subject to the following provision:

The.licensee may make changes.to the approved fire protection program without prior approval of the Commission only if those changes would not adversely affect the ability to achieve and maintain safe shutdown in the event of a fire.

The parenthetical notation following the title of this renewed operating license condition denotes the section of the Safety Evaluation Report and/or its supplement wherein this renewed license condition is discussed.