UKEPR Issue 01

Similar documents
NATF CIP Requirement R1 Guideline

Connection tariffs

SARAD GmbH Tel.: 0351 / Wiesbadener Straße 10 FAX: 0351 / Dresden Internet:

Consolidated Edison Company of New York. Developer Welcome Kit

Puget Sound Company Overview. Purpose of the Project. Solution Overview

Upgrading to PlanetPress Suite Version 5

LED wdali MC Switch Input Modul Set - User Manual

Specification for a communicating Panelboard system to monitor, control and maintain LV electrical installations

Spectracom GSG ecall Test Suite

BV4115. RF Packet Transmitter. Product specification. February ByVac 2007 ByVac Page 1 of 5

3400 to 3600MHz. Crown Recognised Spectrum Access in 3400 to 3600 MHz. The response of Alcatel-Lucent to Ofcom Spectrum Policy Group

Transmission is reliable and safe when antennas are managed by Movicon

Application for Drive Technology

Transmission Substation Field Instructions

Standard Authorization Request Form

Annex II to Decision 2019/004/R. AMC and GM to Part ATCO Issue 1, Amendment 2

Processors with Sub-Microsecond Response Times Control a Variety of I/O. *Adapted from PID Control with ADwin, by Doug Rathburn, Keithley Instruments

PJM Protection Standards

Transmit and receive information by marine radio or telephone

Specification for Learning and Qualifications for Physical Intervention Skills

Reliability Coordinator Procedure

Acceptance and verification PCI tests according to MIL-STD

idcv Isolated Digital Voltmeter User Manual

Communication Protocol Procedure

Martel LC-110H Loop Calibrator and HART Communications/Diagnostics

LINE POWER SUPPLIES Low-Loss Supplies for Line Powered EnOcean Modules

Victorian Student Number Data Quality and Process Guidelines for Victorian Government Schools

Notified Body Office, VUZ a.s. Novodvorská 1698, Praha 4, Czech Republic

Fig 1 System architecture. As shown in Figure 1, AUV system could be separated in 3 main blocks:

Operating Instructions

Meteorological Satellites (MetSat) Overview of the global network of Meteorological Satellites. Speaker: Markus Dreis (EUMETSAT)

Network Working Group. Category: Informational Cisco Systems A. Shaikh AT&T Labs (Research) April 2005

Figure 1: View, connection compartment closed

Materials: Metals, timber, plastics, composites, smart and nanomaterials Candidates should:

High Level Design Circuit CitEE. Irere Kwihangana Lauren Mahle Jaclyn Nord

Project QC Consultation on Proposed Reliability Standards and Supporting Documents. Information session for registered entities

Dry Contact Sensor. Communications cable - RJ-45 jack to sensor using UTP Cat 5 wire. Power source: powered by the unit. No additional power needed.

C&E Mobility Policy (Standard)

GE Multilin 339 Motor Protection Specifications

Common Network Operation Tools

PS 430 FOUR CHANNEL REMOTE SPEAKER STATION

VIP-200. Point to Point Extension Configuration Quick Start Guide. Video over IP Extender and Matrix System

SARMAP RELEASE NOTES. Version: 7.0 (July 2016) rpsgroup.com

RiverSurveyor S5/M9 & HydroSurveyor Second Generation Power & Communications Module (PCM) Jan 23, 2014

AccuBuild Version 9.3 Release 05/11/2015. Document Management Speed Performance Improvements

TC 60 THERMOCOMPUTER TC 60. prog. start stop. Operating Instructions

PROBABILITY OF DETECTION OF FLAWS IN A GAS TURBINE ENGINE. Gary L. Burkhardt and R.E. Beissner

Operating Process for Access to Gas Insulated Switchgear

IEEE C802.16h-06/029

ELEC 7250 VLSI TESTING. Term Paper. Analog Test Bus Standard

Figure 1: A Battleship game by Pogo

CB-030S Circuit Board

User Guide. ACC Mobile 3 Preview App for ios

PTE-100-V USER S MANUAL VOLTAGE, FREQUENCY, AND SYNCHRONIZING RELAY TESTING UNIT USER S MANUAL DISCLAIMER

SVT Tab and Service Visibility Tool Job Aid

WS-400 BASE STATION FOR WIRELESS INTERCOM WITH FOUR TX/RX MODULES USER MANUAL

Dry Contact Sensor DCS15 User Manual

Declaration of Amsterdam. Cooperation in the field of connected and automated driving

Study of New architecture needs for AOCS / Avionics Abstract. Abstract

INTERNATIONAL CIVIL AVIATION ORGANIZATION EASTERN AND SOUTHERN OFFICE

Safety Architect : A Tool for Model-Based Safety Analyses Compliant with the System Engineering Approach

Electrical devices may only be mounted and connected by electrically skilled persons.

Standard OPS-020 Avionics and Communications

CAR ASYST - Quick Start Guide MAIN MENU

Information Article. Relevance

Wonder Tree Video Slot Introduction. How to Bet. Gamble Feature

COMMERCIAL BUILDING PLAN REVIEW CHECKLIST CITY OF NOVI Community Development Department (248)

Guide for ESP32-Sense Development Kit

Fuel-D Dependencies on Fuels and Impact of Alternative Options for Crisis Management Operations Compliance Checklist

LED DALI MC+ Switch Input Module - User Manual

Enabling the Bluetooth Low Energy Direct Test Mode (DTM) with BlueNRG-MS

Operating Instructions

Application Package Checklist ITEMS MUST BE REVIEWED AND APPROVED BEFORE AUTHORIZATION IS GIVEN TO INTERCONNECT WITH UTILITY.

XDSL/TELEPHONE CABLE MEASUREMENT

1.12 Equipment Manager

Dry Contact Sensor

EGHD Position Paper Optimising ATM staff working stations in the Joint Human-Machine System 1

EE 311: Electrical Engineering Junior Lab Phase Locked Loop

Hospital Task Scheduling using Constraint Programming

Exam solutions FYS3240/

AND8333/D High Power PoE Applications

APPENDIX B TRAFFIC IMPACT STUDY CRITERIA

Wide-Area Voltage and VAR Control of SCE Transmission Network. i-pcgrid 2014 March 26-28, 2014

Reliability Coordinator Procedure

IA CERTIFICATE (Revision 3 Revised for Annual review)

Software manual. GoPal Navigator Version 5

RSB Service Bulletin No.. RSB--E4--003/12

A Basis for LDO and It s Thermal Design

Supplementary Appendix to ARTC Track & Civil Code of Practice. Trackside Monuments ETD-11-01

Galileo Exploitation 2018 Grant Plan

HIGH POWER UPS SELECTION METHODOLOGY AND INSTALLATION GUIDELINE FOR HIGH RELIABILITY POWER SUPPLY

APPLICATION NOTE Sales & Application DEWESoft Slovenia

Cleveland Public Theatre. Catapult. Request for Proposals. Deadline for submissions is Monday, June 12 th, 2017

ADS ECHO Qstart Quick Reference Guide. 340 The Bridge Street, Suite 204 Huntsville, Alabama (256)

KELOX room thermostats - KM690D Digital-Standard/ KM690U Digital-Control

1300 S. Interocean Ave. Holyoke, CO

Reliability Coordinator Area Restoration Plan

2015 Chevrolet Corvette Corvette Service Manual Body Systems Vehicle Access Repair Instructions Document ID:

Kennecott Utah Copper Corporation Safety and Health Standards

The WHO e-atlas of disaster risk for the European Region Instructions for use

Transcription:

Title: PCSR Sub-chapter 7.5 Class 3 Instrumentatin and Cntrl Systems Ttal number f pages: 41 Page N.: I / V Chapter Pilt: B. WORINGER Name/Initials Date 30-10-2012 Apprved fr EDF by: A. MARECHAL Apprved fr AREVA by: G. CRAIG Name/Initials Date 31-10-2012 Name/Initials Date 31-10-2012 REVISION HISTORY Issue Descriptin Date 00 First issue. Nte: the RRC-B Safety Autmatin System ( 1), Prcess Infrmatin and Cntrl System ( 2), Prcess Autmatin System ( 3), and Severe Accident I&C System ( 4) were previusly cvered by Sub-chapter 7.4. Fr clarity, the changes frm the previus text in Sub-chapter 7.4 are sidelined in this dcument as fllws: - Minr editrial changes - Clarificatin f text - Update and additin f references - Update f Safety Functin Categrisatin and SCC Classificatin t clearly summarise Categry A, B, C and Class 1, 2, 3 fr I&C scpe - Architecture : Class 1 manual cntrl and indicatin systems in the MCR and RSS - Rle f RRC-A in Defence in Depth Cncept and assciated allcatin - Electrical and functinal islatin fr interfaces t systems f different safety class - Respnse times invlving netwrk cmmunicatin achievable 01 Cnslidated PCSR update: - References listed under each numbered sectin r sub-sectin heading numbered [Ref-1], [Ref-2], [Ref-3], etc - Minr editrial changes - Update and additin f references - Clarificatin f text and additin f crss-references ( 1, 1.0, 1.4.3, 2.0.2.1.1, 2.0.2.1.2, 2.0.2.1.3, 2.4.1, 2.4.3, 2.5, 3.0, 3.3.2, 4.0, 4.4.1, 4.4.3.2, 7.5.4 Figure 1) 27.03.11 31.10.2012 Cntinued n next page

Title: PCSR Sub-chapter 7.5 Class 3 Instrumentatin and Cntrl Systems Page N.: II / V REVISION HISTORY (Cnt d) Issue Descriptin Date 01 cnt d Cnslidated PCSR update: - Justificatin prvided fr the end t end respnse times fr the plant bus and terminal bus ( 2.3.2)

Title: PCSR Sub-chapter 7.5 Class 3 Instrumentatin and Cntrl Systems Page N.: III / V Cpyright 2012 AREVA NP & EDF All Rights Reserved This dcument has been prepared by r n behalf f AREVA NP and EDF SA in cnnectin with their request fr generic design assessment f the EPR TM design by the UK nuclear regulatry authrities. This dcument is the prperty f AREVA NP and EDF SA. Althugh due care has been taken in cmpiling the cntent f this dcument, neither AREVA NP, EDF SA nr any f their respective affiliates accept any reliability in respect t any errrs, missins r inaccuracies cntained r referred t in it. All intellectual prperty rights in the cntent f this dcument are wned by AREVA NP, EDF SA, their respective affiliates and their respective licensrs. Yu are permitted t dwnlad and print cntent frm this dcument slely fr yur wn internal purpses and/r persnal use. The dcument cntent must nt be cpied r reprduced, used r therwise dealt with fr any ther reasn. Yu are nt entitled t mdify r redistribute the cntent f this dcument withut the express written permissin f AREVA NP and EDF SA. This dcument and any cpies that have been made f it must be returned t AREVA NP r EDF SA n their request. Trade marks, lgs and brand names used in this dcument are wned by AREVA NP, EDF SA, their respective affiliates r ther licensrs. N rights are granted t use any f them withut the prir written permissin f the wner. EPR TM is an AREVA Trade Mark. Trade Mark Fr infrmatin address: AREVA NP SAS Tur AREVA 92084 Paris La Défense Cedex France EDF Divisin Ingénierie Nucléaire Centre Natinal d'equipement Nucléaire 165-173, avenue Pierre Brsslette BP900 92542 Mntruge France

Title: PCSR Sub-chapter 7.5 Class 3 Instrumentatin and Cntrl Systems Page N.: IV / V TABLE OF CONTENTS 1. RRC-B SAFETY AUTOMATION SYSTEM (RRC-B SAS) 1.0. SAFETY REQUIREMENTS 1.1. ROLE 1.2. FUNCTIONS PERFORMED 1.3. DESIGN BASIS 1.4. ARCHITECTURE 1.5. OPERATING CONFIGURATIONS 1.6.. TECHNOLOGY 1.7. POWER SUPPLY 1.8. PROVISIONS FOR PERIODIC TESTING 2. PROCESS INORMATION AND CONTROL SYSTEM (MCP [PICS]) 2.0. SAFETY REQUIREMENTS 2.1. ROLE 2.2. FUNCTIONS PERFORMED 2.3. DESIGN BASIS 2.4. ARCHITECTURE 2.5. OPERATING CONFIGURATIONS 2.6.. TECHNOLOGY 2.7. POWER SUPPLY 2.8. PROVISIONS FOR PERIODIC TESTING 3. PROCESS AUTOMATION SYSTEM (PAS) 3.0. SAFETY REQUIREMENTS 3.1. ROLE

Title: PCSR Sub-chapter 7.5 Class 3 Instrumentatin and Cntrl Systems Page N.: V / V 3.2. FUNCTIONS PERFORMED 3.3. DESIGN BASIS 3.4. ARCHITECTURE 3.5. OPERATING CONFIGURATIONS 3.6.. TECHNOLOGY 3.7. POWER SUPPLY 3.8. PROVISIONS FOR PERIODIC TESTING 4. SEVERE ACCIDENT I&C SYSTEM (SA I&C) 4.0. SAFETY REQUIREMENTS 4.1. ROLE 4.2. FUNCTIONS PERFORMED 4.3. DESIGN BASIS 4.4. ARCHITECTURE 4.5. TECHNOLOGY 4.6.. OPERATING CONFIGURATIONS 4.7. POWER SUPPLY 4.8. PROVISION FOR MAINTENANCE AND I&C TESTS

PAGE : 1 / 36 SUB-CHAPTER 7.5 CLASS 3 INSTRUMENTATION AND CONTROL SYSTEMS 1. RRC-B SAFETY AUTOMATION SYSTEM (RRC-B SAS) Nte: Refer t the quality plans, system specificatin reprts and verall architecture drawings fr mre detailed infrmatin n the Safety Autmatin System (SAS), which is als applicable t RRC-B SAS [Ref-1] t [Ref-7]. 1.0. SAFETY REQUIREMENTS The Risk Reductin Categry B (RRC-B) SAS is subject t the safety requirements applicable t Class 3 I&C systems, due t its management f Categry C RRC-B functins (with the exceptin f functins devted t the particular Lss Of Offsite Pwer (LOOP) severe accident scenari, allcated t the Severe Accident I&C system (SA I&C), see sectin 4 f this sub-chapter). The requirements are detailed in several dcuments, which prvide all the required infrmatin cntained within an IEC 61513 cmpliant system requirements specificatin, as demnstrated fr the SAS in sectin 1.0 f Sub-chapter 7.4 [Ref-1] and fr the PAS in sectin 3.0 f this subchapter [Ref-2]. The RRC-B SAS enables the prcessing f mstly manual actins, tgether with the assciated mnitring, necessary fr the perfrmance f the I&C Functins detailed belw. 1.0.1. Safety functins The RRC-B SAS cntributes t the RRC-B functins related t preventin f large releases in the event f a pstulated lw pressure cre melt, with the exceptin f the LOOP RRC-B sequence. It cntributes t the fllwing safety functins: primary circuit depressurisatin; hydrgen cntrl (mitigatin); cntainment depressurisatin and heat remval; radilgical surce term mnitring. It shuld be nted that a significant number f RRC-B functins are passive withut requiring I&C management. With regard t the safety analysis, the RRC-B SAS perfrms RRC-B Categry C seismic classified I&C Functins. The RRC-B SAS will nt be allcated any Categry A r Categry B I&C Functins.

PAGE : 2 / 36 1.0.2. Design requirements The RRC-B SAS must meet the requirements detailed belw. These requirements must be met fr all the I&C Safety Features managed by the RRC-B SAS. 1.0.2.1. Requirements resulting frm the functinal classificatins 1.0.2.1.1. Functinal classificatin f the system The RRC-B SAS must be safety-classified, in accrdance with the classificatin indicated in Sub-chapter 3.2. 1.0.2.1.2. Single failure criterin The single failure criterin des nt apply t the RRC-B SAS. 1.0.2.1.3. Emergency pwer supplies The electrical pwer supply fr the RRC-B SAS equipment must be backed-up by the Emergency Diesel Generatrs. Mrever, the pwer supply must be uninterruptible, guaranteeing the pwer supply even during switching between nrmal pwer and diesel pwer (i.e. it must ensure that the RRC-B SAS I&C Functins can cntinue withut interruptin). In additin, the electrical pwer supply fr the RRC-B SAS equipment must be backed-up by the Ultimate Diesel Generatrs. Fr that reasn, the RRC-B SAS equipment is lcated in electrical divisins 1 and 4. 1.0.2.1.4. Qualificatin under perating cnditins The RRC-B SAS equipment must remain peratinal in severe accident cnditins, and must therefre meet the qualificatin requirements defined in Sub-chapter 3.6. Mrever, the RRC-B SAS equipment must be peratinal in bth nrmal and extreme envirnmental cnditins applicable t the I&C equipment rms in which it is lcated. These cnditins are defined in sectin 1 f Sub-chapter 9.4. 1.0.2.1.5. Electrical and I&C classificatins The electrical and I&C classificatin f the RRC-B SAS is cnsistent with the classificatin principles given in Sub-chapter 3.2. 1.0.2.1.6. Seismic classificatin The RRC-B SAS meets the seismic requirements defined in Sub-chapter 3.2. 1.0.2.1.7. Peridic testing The I&C Functins managed by the RRC-B SAS must be tested peridically (as defined in sectin 1 f Sub-chapter 3.2). The RRC-B SAS must be designed t allw peridic tests.

PAGE : 3 / 36 1.0.2.1.8. Additinal requirements Nt applicable. 1.0.2.2. Hazards The RRC-B SAS is nt subject t requirements regarding internal hazards. Prtectin against external hazards fr the RRC-B SAS system cncerns nly seismic phenmena and is defined cnsistent with the principles in Sub-chapter 3.2. 1.0.3. Tests After installatin, the RRC-B SAS must be subject t pre-peratinal testing t verify that it cnfrms t the system perfrmance required by the design. The requirements fr peridic testing are set ut in sectin 1.0.2.1.7 f this sub-chapter. 1.1. ROLE A Severe Accident (RRC-B) is an abnrmal event which leads t the meltdwn f the cre within the Reactr Pressure Vessel (RPV) and is likely t cause a ptential release f radiatin due t an RPV failure. The management f a Severe Accident is primarily accmplished by RRC-B SAS equipment. Cmbined with the passive safety systems dedicated t Severe Accident scenaris, and with lcal manual cmmands, it prvides the necessary mitigatin path t limit discharges f radiactivity t the envirnment. 1.2. FUNCTIONS PERFORMED The I&C Functins prcessed by the RRC-B SAS have the same features as ther Standard I&C autmatin systems: Data prcessing: acquisitin and/r cnditining (example: mnitring f cre utlet temperature, radiactivity mnitring ); Prcessing f applicatin calculatins: mst I&C Functins are manual (example : manual pening f the SA relief valve in electrical divisin 4); Prcessing f mnitring signals: Prcessing f status and fault check-backs, generatin f alarms and status indicatins.

PAGE : 4 / 36 1.3. DESIGN BASIS 1.3.1. Availability requirements The main availability requirements fr the RRC-B SAS are linked t the reliability and the maintainability f the system i.e.: t limit the lss f the RRC-B SAS due t failure f ne f its cmpnents (mainly by cmpnent redundancy); t facilitate the maintenance and repair f the RRC-B SAS t minimise dwntime. 1.3.2. Perfrmance requirements The RRC-B SAS is subject t specific perfrmance requirements: Respnse time requirements: maximum time frm the variatin f an input signal (analgue r digital) t transmissin t an utput interface; maximum time frm the receipt f a manual cmmand t its transmissin t an utput interface. These glbal criteria are applied t the RRC-B SAS as fllws: fr a manual cmmand, see sectin 2.3.2 f this sub-chapter; fr an autmatic cmmand: nt applicable. The RRC-B SAS must cntribute t fulfilling the glbal criteria described abve and in sectin 2.3.2 f this sub-chapter In particular, the tw acquisitin, prcessing and transmissin actins perfrmed by the RRC-B SAS must be cmpatible with the required ttal respnse time (including Safety Infrmatin and Cntrl System (MCS [SICS]), Prcess Infrmatin and Cntrl System (MCP [PICS]), RRC-B SAS and level 0 cmpnents and systems). Sizing requirements: static sizing includes actuatrs, sensrs and I&C Functins that the RRC-B SAS supprts; dynamic sizing includes sampling and prcessing times, taking int accunt the way in which the I&C Functins are prcessed (peridic r eventtriggered). 1.3.3. Envirnmental requirements The ambient cnditins that the RRC-B SAS must tlerate are linked t the temperature and relative humidity f the rms husing this equipment. The envirnmental characteristics are defined in Sub-chapter 9.4, fr nrmal and extreme cnditins.

PAGE : 5 / 36 1.3.4. Human-machine interface requirements The RRC-B SAS must interface with an engineering Human-Machine Interface (HMI) t enable safe, effective and errr-free cmmissining, maintenance, peridic testing and cnfiguratin f the RRC-B SAS. The peratinal HMI fr the RRC-B SAS is prvided by the level 2 I&C systems (see sectin 1.1 f Sub-chapter 7.2). 1.4. ARCHITECTURE 1.4.1. Structure and cmpsitin The structure and cmpsitin f the RRC-B SAS are dictated by the functinal requirements. This set f requirements affects the allcatin f I&C prcessing tasks t the varius cmpnents within the RRC-B SAS. These functinal requirements relate t the fllwing: The functinal classificatin f the prcessing (all RRC-B SAS I&C Functins are Categry C); The electrical divisin (tgether with the prcessing cabinet, and assciated actuatrs and sensrs) : RRC-B SAS I&C Functins are allcated t electrical divisins 1 and 4; The prcessing perfrmance requirements (respnse times, prpagatin times, accuracy); The prcessing grupings/exclusins which require certain prcesses t be gruped (due t the requirement t simultaneusly shut dwn all these prcesses in the event f malfunctin f part f the I&C system that manages them), r cnversely, that certain prcessing grups need t be managed by different input/utput bards. In additin, the RRC-B SAS structure takes int accunt the segmentatin f the prcess being cntrlled, dictated by the number, gegraphic lcatin and type f actuatr and sensr interfaces t be managed. Unlike the Class 2 Plant SAS, the RRC-B SAS des nt have any dedicated SAS Bus interface, but nly its Class 3 Plant bus interface. 1.4.2. Installatin The RRC-B SAS equipment is installed in the I&C cabinet rms f divisins 1 and 4 in the safeguard buildings. The RRC-B SAS cabinets are psitined cnsidering: cnsistency with the lcatin and divisin f the actuatrs and the sensrs t be managed; available space; and

PAGE : 6 / 36 cnsistency with the electrical supplies f the electrical divisins. 1.4.3. Interfaces with ther I&C systems The RRC-B SAS exchanges infrmatin with the fllwing: the HMI, MCS [SICS] in the MCR and MCP [PICS] in bth the MCR and RSS, related t plant peratin by the peratr; the PAS, related t the plant autmatin management; the instrumentatin prcess assciated with measurement and data acquisitin; the switchgear units (electrical bards) and the cntrl devices (electr-psitiners, etc.) that are assciated with actuatr cntrls; the external systems (I&C cabinets fr the diesels, etc.), assciated with the units autmatin management. Cncerning the RRC-B SAS interfaces: The RRC-B SAS I&C Functins have the characteristics, in accrdance with the defence in depth cncept, f being autnmus in relatin t ther I&C systems at level 1 f the I&C architecture. This means that these I&C Functins d nt depend n infrmatin cming frm ther systems and the interfaces are limited in number. 1.5. OPERATING CONFIGURATIONS The cnfiguratin f the RRC-B SAS (frm the hardware and functinal pints f view) is independent f the plant situatin. Prcessing allcatin depends nly n functinal criteria and n the allcatin principles f the I&C system. The cnfiguratin f the RRC-B SAS is, frm this pint f view, cnstant. The RRC-B SAS cnfiguratin is based n the principle that, in the event f malfunctin f an active CPU, the system switches t a redundant standby unit. This principle applies t all the redundant RRC-B SAS bards (CPU bards and cmmunicatin management bards). 1.6. TECHNOLOGY The equipment used t implement the RRC-B SAS is the digital I&C system based n SPPA-T2000 [Ref-1]. 1.7. POWER SUPPLY Within each f divisins 1 and 4, the I&C cabinets f the RRC-B SAS are supplied by a dual pwer supply via independent AC/DC cnverters and DC/DC cnverters. One pwer supply is prvided by a 400V AC supply and the ther by a 220V DC supply with apprpriate cnverters. The vltage required by the cabinets will be regulated internally in dedicated pwer supply cabinets. These pwer supply cabinets are situated in the same rms as the I&C cabinets. The descriptin f the pwer supply distributin f the NI is given in Sub-chapter 8.3.

PAGE : 7 / 36 1.8. PROVISIONS FOR PERIODIC TESTING All I&C Functins are subject t peridic testing. The safety functin test will allw the verificatin f the whle cntrl channel, frm the sensr, r frm the MCP [PICS]/MCS [SICS], via RRC-B SAS, up t the change f state f the actuatr. Hwever, if recnfiguratin f the relevant actuatr cannt be carried ut (fr example, during plant peratin), prvisins are taken fr blcking the cntrl signals during the test, s that the actuatr cntrl line can be tested withut physically cntrlling it.

PAGE : 8 / 36 2. PROCESS INFORMATION AND CONTROL SYSTEM (MCP [PICS]) Nte: Refer t the quality plans, system specificatin reprts and verall architecture drawings fr mre detailed infrmatin n the Prcess Infrmatin and Cntrl System (MCP [PICS]) [Ref-1] t [Ref-7]. 2.0. SAFETY REQUIREMENTS The MCP [PICS] is subject t the safety requirements applicable t Class 3 I&C systems. 2.0.1. Safety functins The way the MCP [PICS] cntributes t the I&C Functins is described in Sub-chapter 7.1. With regard t safety, the MCP [PICS] prvides the peratrs with infrmatin and cmmand facilities necessary t perate and mnitr the plant in nrmal (PCC-1) perating cnditins (cnditins within the limits f the nrmal functining f the installatin) and als in RRC-A and RRC-B situatins. The MCP [PICS] is required t be designed t supprt Categry C I&C Functins. The MCP [PICS] is als the preferred means f cntrl t ensure ptimised peratin f the installatin in PCC-2 t PCC-4 cnditins (see Chapter 14 fr mre details). 2.0.2. Design requirements 2.0.2.1. Requirements resulting frm functinal classificatin 2.0.2.1.1. Functinal classificatin f the system The MCP [PICS] is a Class 3 system and supprts Categry C and nn-categrised perating and mnitring I&C Functins accrding t the classificatin principles described in Sub-chapter 3.2. The MCP [PICS] is a Class 3 I&C system. The MCP [PICS] is the preferred means f cntrl t ensure ptimised peratin f the installatin in PCC-2 t PCC-4 cnditins. In additin t its Class 3 requirements, the fllwing requirements apply t the MCP [PICS]: peratr wrkstatin equipment and the architecture f the cmputerised Human- Machine Interface in the Main Cntrl Rm (MCR) must meet requirements applicable t Class 2 systems; the crrespnding sftware must meet related qualificatin requirements prpsed by the designer in the RCC-E (implementatin f thse parts f IEC 62138 standard fr Class 3 cmputer-based systems) [Ref-1]; systems must be implemented (utside the MCP [PICS]) fr the detectin f failures f the MCP [PICS] prcessing units and assciated netwrk links, and these systems must meet the requirements applicable t Class 2 systems.

PAGE : 9 / 36 2.0.2.1.2. Single failure criterin The single failure criterin is nt required fr the Class 3 I&C Safety Features f the MCP [PICS]. Due t the applicatin f Class 2 requirements t peratr wrkstatin equipment and t the architecture f the cmputerised Human-Machine Interface in the cntrl rm, the single failure criterin must be met by the architecture f this sub-set f MCP [PICS] equipment. 2.0.2.1.3. Emergency pwer supply Due t the MCP [PICS] being Class 3, a requirement fr a backed-up pwer supply f the MCP [PICS] equipment is defined n a case-by-case basis. Due t the applicatin f Class 2 architecture and design requirements fr electrical back-up t the peratr wrkstatin equipment and t the architecture f the cmputerised Human-Machine Interface in the cntrl rm, the pwer supply f the assciated equipment must, at least, be backed-up by the Emergency Diesel Generatrs. In additin, this pwer supply must be f an uninterruptible type in all pssible perating mdes and crrespnding transients. 2.0.2.1.4. Qualificatin under perating cnditins The MCP [PICS] equipment must be qualified accrding t its safety class, and must in cnsequence meet the qualificatin requirements (integrity, availability, etc.) defined in Sub-chapter 3.6, under nrmal and extreme envirnmental cnditins t which they are subjected in carrying ut their task (see sectin 2.3.3 f this sub-chapter). 2.0.2.1.5. Electrical and I&C classificatins The electrical and I&C classificatin f the MCP [PICS] is cnsistent with the classificatin principles given in Sub-chapter 3.2. 2.0.2.1.6. Seismic classificatin MCP [PICS] system meets the seismic requirements defined in Sub-chapter 3.2. 2.0.2.1.7. Peridic testing MCP [PICS] equipment is subject t peridic tests. 2.0.2.2. Hazards The MCP [PICS] must be prtected against cmmn cause failures that can result frm internal r external hazards by meeting requirements defined in Sub-chapter 3.1 (external and internal hazards). 2.0.3. Tests 2.0.3.1. Pre-peratinal tests The MCP [PICS] must be subject t pre-peratinal tests t check that, after installatin, the system perfrmance cnfrms t the design requirements.

PAGE : 10 / 36 2.0.3.2. Mnitring during peratin Class 2 systems implemented t detect and annunciate ptential failures f the MCP [PICS] prcessing units enable mnitring f the crrect peratin f the MCP [PICS] prcessing units in the cntrl rm. 2.0.3.3. Peridic tests All I&C Functins must be subject t peridic testing. The equipment must be designed s that specific peridic tests can be perfrmed. 2.1. ROLE The Prcess Infrmatin and Cntrl System (MCP [PICS]) is the I&C system that supprts the cmputerised means fr cmmand and mnitring f the installatin. It includes: the peratr wrkstatins and the Plant Overview Panel (POP) installed in the MCR; the peratr wrkstatins installed in the Remte Shutdwn Statin (RSS); the peratr wrkstatin installed in the Technical Supprt Centre (TSC) fr supervisin; the basic peratr wrkstatins (with fewer screens) that can be installed in additin t the cmputerised perating means in particular plant situatins (e.g. cmmissining) r fr specific activities (e.g. maintenance). In additin, the MCP [PICS] recrds significant events that ccur in the plant and prvide the interface with the nn real-time applicatins (als called level 3 applicatins) such as the applicatin fr dcument assistance. The main functin f the MCP [PICS] is t prvide the peratrs with cntrls, infrmatin and perating guides that are fully apprpriate t their tasks, in any plant situatin. As this functin entails an interactin with peratrs, the MCP [PICS] Human-Machine Interface must cmply with ergnmic criteria taking int accunt the cgnitive and physilgical aptitudes f the peratrs. 2.2. FUNCTIONS PERFORMED In rder t meet the bjective described in the previus sectin, the MCP [PICS] must prvide the fllwing features: Display functins: displaying graphical images including representing data frm sensrs, perating guides, alarm sheets, technical sheets and lists; navigatin thrugh different images; designatin f the item with which the peratr must interact; updating images (clur, shape f bjects etc.) accrding t the prcess state;

PAGE : 11 / 36 visualisatin and pltting curves; printing f varius images r lists. Instrumentatin and Cntrl functins: sending cmmands t actuatrs via the I&C systems; displaying cmmand feedback; allwing the presentatin f data t the peratr. Alarm functins: warning the peratrs as sn as an alarm ccurs; managing the lists f alarms; allwing access t alarm sheets. Prcessing functins: managing databases; initiating prcessing in the event f a change f state; elabrating infrmatin if needed (situatins, alarms, synthetic infrmatin etc.). Interface functins: retrieving and filtering data frm the prcess via the autmatin level; sending cmmands t the prcess via the autmatin level. Archiving functin: archiving digital and analgue data; retrieving archived data; Administrative and maintenance functins: prviding help fr maintenance; managing the intrductin f data int peratin; prviding help fr analysis (e.g. analysis f wrkstatin access etc.); ensuring security tasks (e.g. the management f wrkstatin access etc.); self mnitring.

PAGE : 12 / 36 These features help ensure that the results f the Human Factrs prgramme described in Sub-chapter 18.1 are made available t the shift team. T cmplement these features, special attentin is paid t the design f the interface and the wrking envirnment as detailed in sectin 2.3.3 belw. 2.3. DESIGN BASIS 2.3.1. Availability requirements The main bjectives fr MCP [PICS] architecture are availability, flexibility and maintainability. In particular, this means that the MCP [PICS] architecture must be sufficiently flexible and redundant t: prevent mst lsses f MCP [PICS] due t the failure f ne item f equipment; allw redistributin f the wrking area (screens, perating wrkstatins etc.) when sme equipment (screen, cmputer etc...) is unavailable; facilitate maintenance and repair t minimise the perid f unavailability f the MCP [PICS]; allw cnnectin f additinal cmpnents (fr example additinal peratr wrkstatins) during specific phases (e.g. cmmissining, maintenance). 2.3.2. Perfrmance requirements The MCP [PICS] is subject t particular perfrmance requirements: Respnse time requirements: these requirements are intended t ensure that the MCP [PICS] is able t prvide the necessary level f infrmatin whatever the plant situatin; Glbal criteria cncerning the fllwing: maximum permissible time between a variatin ccurring at level 0 (sensr level) and the update f the crrespnding infrmatin n screen; maximum permissible time between an peratr actin and the transmissin f the crrespnding cmmand t the actuatr; time necessary fr requested infrmatin t reach the peratr. These glbal requirements are taken int accunt in the design f the MCP [PICS] by specifying: fr a manual cmmand (frm the actin f the peratr t transmissin t level 1) taking int accunt the HMI respnse time, the accuracy f the transmitted value and the transit time; fr feedback frm a manual cmmand (frm level 1 utput t screen update) taking int accunt the respnse time fr the visualisatin display, the accuracy f the displayed value and the transit time;

PAGE : 13 / 36 fr the visualisatin f a sensr value (frm level 1 utput t the screen update) taking int accunt the respnse time fr the visualisatin display, the accuracy f the displayed value and the transit time. Sizing requirements: static sizing specificatin includes the number f actuatrs, sensrs etc. that the MCP [PICS] must manage and the number f images, animated bjects, prcedures pages, alarms sheet etc. that must be supprted by the cmputerised perating system; dynamic sizing specificatin includes specificatin f the number f state changes r analgue variatins that the MCP [PICS] must be able t prcess within a fixed interval f time. Values fr the different criteria listed abve will be defined in detailed studies as fr FA3. They depend mainly n ergnmic criteria (e.g. respnse time fr infrmatin refreshment r cmmand feedback; type f infrmatin and its rganisatin fr static sizing), r n functinal studies. An analysis f the FA3 studies and tests shws that the design derived time respnses are cnsiderably mre pessimistic than thse determined by the testing perfrmed. It presents arguments fr the acceptability f the results that have been btained and argues that the equipment t be used fr the UK EPR can be expected t prduce mre acceptable results. It is nted that the numerical criteria fr the time respnses are nt safety related limits but are average respnse time targets [Ref-1]. 2.3.3. Envirnmental requirements The envirnmental requirements depend largely n the lcatin f the different equipment items (MCR r RSS r I&C cabinet rms). They are divided int tw categries: the envirnmental cnditins that the equipment must withstand. This includes temperature and relative humidity f the equipment rm; the impact f the equipment n lcal envirnmental cnditins. This categry includes nise level and dissipated heat. Fr display equipment, sme particular envirnmental cnditins, such as lighting, must be cnsidered frm an ergnmic pint f view. The prvisins that must be made are determined as part f the Human Factrs apprach (see Sub-chapter 18.1 fr a descriptin f the Human Factrs prgramme, particularly with regard t definitin f requirements fr lighting and ther envirnmental cnditins). 2.3.4. Human-machine interface requirements The MCP [PICS] must interface with an engineering HMI t enable safe, effective and errr-free cmmissining, maintenance, peridic testing and cnfiguratin f the MCP [PICS].

PAGE : 14 / 36 With regard t the Human Factrs apprach, the MCP [PICS] plays tw rles: the MCP [PICS] must have the functinality necessary t implement the results f the Human Factr apprach (e.g. treatment and type f supprted data, rganisatin f data, layut f infrmatin, means f navigatin, alarm system, perating help mechanisms etc.); the MCP [PICS] must prvide a wrking envirnment fr the peratrs with an interface that meets the requirement f the state-f-the-art ergnmic criteria (rganisatin f the different means f cntrl in the MCR, wrkstatin layut, dialgue methds, cmmunicatins methds etc). These requirements are included in the Human Factrs prgramme described in Sub-chapter 18.1. The peratinal HMI fr the MCP [PICS] is prvided by the level 2 I&C systems (see sectin 1.1 f Sub-chapter 7.2). 2.4. ARCHITECTURE 2.4.1. Structure and cmpsitin T accmplish its bjective, the MCP [PICS] includes the fllwing resurces (sftware and/r hardware): graphical interfaces fr the Human-Machine Interface; netwrk interfaces fr data exchange; real time data bases (prcess and elabrated data, and their attributes, Human- Machine Interface data); archiving and printing facilities; perating systems; applicatin sftware. These resurces are used by the fllwing equipment: cntrl wrkstatins in the MCR and in the RSS; mnitring wrkstatins in the MCR and in the TSC; a POP incrprating large screens in the MCR; basic peratr wrkstatins fr use during specific phases (e.g. cmmissining) r specific tasks; a set f cmputers, either assciated with the wrkstatins r, if required, centralised and installed in the I&C cabinet rms (divisins 1 and 4);

PAGE : 15 / 36 equipment allwing printing; equipment allwing archiving; interfaces with engineering tls; interfaces with ther nn real time (level 3) applicatins; netwrks fr exchange f data between MCP [PICS] and level 1 r 3 systems. Operatr wrkstatins cnsist f standardised screens refreshed by prcessing units depending n the cntent f databases and pinting and data input devices (mice, keybards, etc). Operatr wrkstatins, whether they perate in cntrl mde r mnitring mde, are based n similar equipment and prvide similar functinality. Any mnitring wrkstatin installed in the MCR r in the RSS can be cnfigured n-line t becme a cntrl wrkstatin t allw a reallcatin f peratr wrkstatin in the event f ttal lss f an peratr wrkstatin in cntrl mde. This flexibility is cntrlled by prcedures. The number f wrkstatins, their detailed cmpsitin (e.g. number f screens), their rganisatin in the MCR, RSS r TSC, is determined by the Human Factrs Engineering prgramme (see Sub-chapter 18.1). The POP is cnsidered as an integral part f the MCP [PICS]: therefre, it is subject t the same functinal classificatin (i.e. Categry C/nn-categrised) and culd be cnsidered as an peratr wrkstatin cnfigured in mnitring mde. Therefre simultaneus failure f the POP and MCP [PICS] must be cnsidered, especially in the MCS [SICS] design. The I&C Functins supprted by the MCP [PICS] are rganised within the equipment listed abve in rder t satisfy safety and availability requirements: MCP [PICS] and MCS [SICS] cmpnents are chsen t be sufficiently diverse t minimise the risk f cmmn cause failure (i.e. the MCS [SICS] is cnventinal and the MCP [PICS] is a digital system). This measure is reinfrced by apprpriate equipment installatin measures (see Sub-chapter 7.7); the prcessing equipment needed t cntrl and mnitr the plant frm the RSS wrkstatins is installed in I&C cabinet rms f divisins 1 and 4, utside the MCR (in a different fire cmpartment t the MCR) s that it cannt be lst simultaneusly with the MCR; MCP [PICS] architecture is fault-tlerant, i.e. the design takes accunt f criteria fr redundancy and independence s that prbable failures will nt result in a lss f HMI functins. 2.4.2. Installatin The MCP [PICS] equipment is typically installed as fllws: In the main cntrl rm (MCR): peratr wrkstatins in cntrl mde; peratr wrkstatins in mnitring mde;

PAGE : 16 / 36 basic peratr wrkstatins with a reduced number f screens, sme f which may be temprary (e.g. fr initial start-up); POP; printing devices. In the remte shutdwn statin (RSS): peratr wrkstatins in cntrl mde (when the RSS is active, r therwise in mnitring mde ); ne basic peratr wrkstatin cnfigured in mnitring mde; printing devices. In the technical supprt centre (TSC): peratr wrkstatin in mnitring mde; printing devices. In the I&C cabinet rms f divisin 1 and 4 f the safeguard buildings: prcessr units (PU); server units (SU); RAID system (Divisin 4 nly). 2.4.3. Interfaces with ther I&C systems The MCP [PICS] has three types f interfaces with ther I&C systems: the interface with the autmatin level (Prtectin System (RPR [PS]) 1 / SAS / PAS / (Reactr Cntrl, Surveillance and Limitatin system, RCSL) / (Severe Accident I&C system, SA I&C) 2 ); the interface with the engineering and maintenance tls (f MCP [PICS]); the interface with nn real time (level 3) applicatins. 1 The cnnectin t the RPR [PS] is unidirectinal frm the RPR [PS] t the MCP [PICS] and is a Class 3 netwrked interface. 2 The SA I&C prvides status data t MCP [PICS] via a netwrk link.

PAGE : 17 / 36 2.5. OPERATING CONFIGURATIONS Frm the I&C standpint, the varius mdes f peratin f the MCP [PICS] are as fllws: The standard cnfiguratin f the MCP [PICS] is: all peratr wrkstatins f the MCR, whether they are in cntrl mde r mnitring mde, are wrking; the POP is peratinal; the wrkstatins f the RSS are in mnitring mde; the TSC peratr wrkstatin is nt peratinal except in a situatin where a supprt team is needed. In this situatin, the TSC peratr wrkstatin is in mnitring mde. Nn-critical failure f MCP [PICS] equipment. In this situatin, a part f the MCP [PICS] has failed but sufficient means are still available t allw a redistributin f the peratin I&C Functins t allw cntinued use f the MCP [PICS] t cntrl and mnitr the plant. Typical situatins are as fllws: lss f nn-graphical equipment: the redistributin f the prcess resurces r interface resurces is in mst cases dne autmatically by the system (e.g. thrugh redundancy mechanisms) and it des nt affect significantly the peratr tasks; lss f a screen f an peratr wrkstatin: as the screens f an peratr wrkstatin are standardised, the peratr can redistribute tasks frm the lst screen t the remaining screens; lss f an peratr wrkstatin in cntrl mde: a wrkstatin in mnitring mde can be cnfigured t cntrl mde t replace the lss; lss f a part f the POP: the POP is divided int several areas in the same way that an peratr wrkstatin has several screens. This allws redistributin f the display f the POP using the remaining areas in the event f failure f ne f the large screens making up the POP; lss f the POP: All infrmatin shwn n the POP is als available frm the peratr wrkstatins, therefre in this situatin the peratrs wuld use these t cntinue peratins. Lss f the POP des nt lead t the lss f the MCP [PICS]. In additin t these arrangements, special attentin is paid t maintenance and repair tasks t reduce the time needed t replace r repair the cmpnent that has failed. Unavailability f the MCP [PICS] In the event f accidental lss f MCP [PICS] r a shutdwn f the MCP [PICS] scheduled fr maintenance purpses, cntrl is transferred t the MCS [SICS]. The transfer is cntrlled by prcedures. Fr the I&C, thse prcedures stipulate particular actins t prevent spurius cntrl signals being generated by the MCP [PICS] which are taken int accunt by the prcess [Ref-1] [Ref-2]. The MCP [PICS] is mnitred by the SAS. The SAS displays the MCP [PICS] status n the PSIS. When cntrl is passed t MCS [SICS] it sends a message t the SAS t blck the MCP [PICS] utputs.

PAGE : 18 / 36 Unavailability f the MCR: in the event f lss f the MCR due t an internal hazard (e.g. fire), the equipment f the MCS [SICS] and f the MCP [PICS] lcated in the MCR is n lnger available. In this situatin, the shift team uses the cntrl system situated in the RSS. As fr the previus cnfiguratin, particular actins must be taken t prevent spurius cntrl signals being generated frm the MCR. The cnfiguratin f the MCP [PICS] is as fllws: RSS wrkstatins are peratinal and cnfigured in cntrl mde; All cmmand means f the MCP [PICS] in the MCR are islated t avid spurius cmmands; see sectin 1.5.3 f Sub-chapter 7.2 fr details. The way in which the varius MCP [PICS] peratr wrkstatins are used t cntrl r supervise the unit is detailed in Sub-chapter 18.1. The different cnfiguratins (particularly different cnfiguratins arising due t unavailability f the MCP [PICS] and nn-critical failure f ne f the cmpnents) are determined by setting the minimum equipment required t perate the plant with the MCP [PICS] (minimum number f screens needed t perate the plant frm an peratr wrkstatin, minimum number f cntrl and supervisin wrkstatins t perate the plant etc.). These limits depend n the way in which the different items f equipment are used and are therefre mainly determined by the Human Factrs engineering prgramme (see Sub-chapter 18.1). 2.6. TECHNOLOGY The equipment used t implement the MCP [PICS] is the digital Operating and Mnitring system OM690, which is part f the SPPA-T2000 platfrm. 2.7. POWER SUPPLY The prcessing part f the MCP [PICS] (which is lcated utside the MCR) is electrically pwered by divisins 1 and 4 s that the lss f ne f these tw pwer surces des nt lead t the ttal lss f MCP [PICS]. The pwer supply fr the peratr wrkstatins in the MCR is frm divisins 1 t 4 s that the pwer distributin in the MCR wuld minimise the impact n the MCR equipment if there was a lss f electrical pwer frm ne divisin. A descriptin f the pwer distributin system in the NI is given in Sub-chapter 8.3. 2.8. PROVISIONS FOR PERIODIC TESTING All MCP [PICS] equipment is subject t peridic testing.

PAGE : 19 / 36 3. PROCESS AUTOMATION SYSTEM (PAS) Nte: Refer t the quality plans, system specificatin reprts and verall architecture drawings fr mre detailed infrmatin n the Prcess Autmatin System [Ref-1] t [Ref-12]. 3.0. SAFETY REQUIREMENTS The PAS is subject t safety requirements applicable t Class 3 I&C systems, due t its management f Categry C I&C Functins. The requirements are detailed in several dcuments, which prvide all the required infrmatin cntained within an IEC 61513 cmpliant system requirements specificatin [Ref-1]. The PAS prcesses autmatic and manual actins and the related mnitring required t fulfil the I&C Functins described belw. 3.0.1. Safety functins The PAS is an peratinal system that participates in the three main safety functins defined in Sub-chapter 3.2. Due t this peratinal aspect, PAS I&C Safety Features fulfil Categry C I&C Functins. 3.0.2. Design requirements The PAS must fulfil the requirements described belw. These requirements must be met fr all the autmatic I&C Safety Features managed by the PAS (including the part f the PACS functins prcessed by the PAS equipment accrding t sectin 1.4 f Sub-chapter 7.2). 3.0.2.1. Requirements resulting frm functinal classificatin 3.0.2.1.1. Functinal classificatin f the system The PAS is required t be safety classified, in accrdance with the classificatin principles in Sub-chapter 3.2. 3.0.2.1.2. Single failure criterin The single failure criterin des nt apply t the PAS. Independence and physical separatin must be prvided when: the PAS is used t reduce the cnsequences f internal r external hazards. In this situatin its peratin must nt be affected (in an unacceptable manner) by the hazard.

PAGE : 20 / 36 3.0.2.1.3. Emergency pwer supply The requirement fr emergency pwer supplies t PAS equipment is defined n a case-by-case basis. If required, the pwer supply must be backed-up by the Emergency Diesel Generatrs. In these cases, the pwer supply must be uninterruptible t ensure cntinuatin f the supply during the switchver frm nrmal t diesel pwer supplies. The PAS is required t be pwered frm the same divisin r sectin that is supplying the prcess that the PAS is cntrlling. 3.0.2.1.4. Qualificatin under perating cnditins The PAS equipment must remain peratinal in pst-accident cnditins. It must therefre meet the qualificatin requirements defined in Sub-chapter 3.6. In additin, the equipment must remain peratinal in nrmal and extreme envirnmental cnditins ccurring in the plant rms in which it is installed. These cnditins are defined in Sub-chapter 9.4. 3.0.2.1.5. Electrical and I&C classificatin The electrical and I&C classificatin f the PAS is cnsistent with the classificatin principles given in Sub-chapter 3.2. 3.0.2.1.6. Seismic classificatin The PAS equipment meets the seismic requirements defined in Sub-chapter 3.2. 3.0.2.1.7. Peridic testing The I&C Functins managed by the PAS must be tested peridically (as defined in sectin 1 f Sub-chapter 3.2). The PAS must be designed t allw peridic tests. 3.0.2.1.8. Additinal requirements Nt applicable. 3.0.2.2. Hazards The PAS system manages autmatic cntrl and mnitring I&C Functins designed t reduce the cnsequences f internal and external hazards. These I&C Functins must remain peratinal fllwing a hazard, and thus must nt be affected (t an unacceptable extent) by the hazard itself r by its cnsequences. Fr these I&C Functins, an analysis is perfrmed n a case-by-case basis t define the measures t be implemented (redundancy, separatin, independence) t prtect the PAS equipment against hazards. 3.0.3. Tests The PAS system must be subjected t pre-peratinal tests t check that, after installatin, the system perfrmance cmplies with design requirements.

PAGE : 21 / 36 The requirements assciated with the peridic tests are given in sectin 3.0.2.1.7. 3.1. ROLE The rle f the PAS is t manage the required Categry C nn-seismically qualified and nn-categrised I&C Functins f the nuclear and cnventinal islands and the site (see sectin 3.0.1). 3.2. FUNCTIONS PERFORMED The PAS carries ut the fllwing I&C Functins: data prcessing: acquisitin, cnditining and transmissin; prcessing f applicatin calculatins: regulatins, generating individual and gruped cmmands (simultaneus r sequential), hierarchical rganisatin f the pririties f cmmands, generating diverse infrmatin t be sent t ther instrumentatin and cntrl units, etc. survey prcessing: prcessing f state and default reprts, alarms and signals elabratin. Refer t sectin 1 f Sub-chapter 7.2 fr details f hw Risk Reductin Categry A (RRC-A) I&C Functins are allcated in PAS. 3.3. DESIGN BASIS 3.3.1. Availability requirements The main requirements n PAS availability are linked t reliability and maintainability, and are summarised as fllws: T reduce the prbability f lsses f the PAS due t the failure f ne f its cmpnents (i.e. by prviding redundancy f cmpnents); T facilitate maintenance and repair t minimise the duratin f unavailability f the PAS. 3.3.2. Perfrmance requirements The PAS is subject t specific perfrmance requirements (see sectin 3 f Sub-chapter 7.1 fr mre detail f where these will be defined) and is subject t the fllwing perfrmance requirements: Respnse time requirements: Maximum allwable time between the variatin f an input signal (digital r analgue) and the transmissin t the utput interface;

PAGE : 22 / 36 Maximum allwable time between the receipt f a manual cmmand and the transmissin t the utput interface. These glbal criteria are adapted t the PAS as fllws: fr a manual cmmand, see sectin 2.3.2; fr an autmatic cmmand: acquisitin f a digital input, prcessing f the digital cmmand, and transmissin t an utput interface; acquisitin f an analgue input signal, calculatin f a digital r analgue cmmand, and transmissin t an utput interface. The PAS cnfrms with the glbal criteria described abve and with thse f sectin 2.3.2. In particular, the transmissin and prcessing I&C Functins perfrmed by the PAS must cnfrm t the ttal respnse time requirements (including the exchanges between MCP [PICS] in bth the MCR and RSS, PAS and level 0). Sizing requirements: Static sizing requirements define the number f input/utputs (actuatrs, sensrs, etc.) that the PAS has t manage; Dynamic sizing requirements define the prcessing times, taking int accunt the prgram executin types (peridic r event-driven) that the PAS must manage. 3.3.3. Envirnmental requirements The envirnmental cnditins that the PAS equipment must withstand relate t the temperature and relative humidity in the rms where the equipment is lcated. These envirnmental cnditins (nrmal and extreme) are described in sectin 1 f Sub-chapter 9.4. 3.3.4. Human-machine interface requirements The PAS must interface with an engineering HMI t enable safe, effective and errr-free cmmissining, maintenance, peridic testing and cnfiguratin f the PAS. The peratinal HMI fr the PAS is prvided by the level 2 I&C systems (see sectin 1.1 f Sub-chapter 7.2). 3.4. ARCHITECTURE 3.4.1. Structure and cmpsitin The structure and the cmpsitin f the PAS are dictated by functinal requirements. These requirements gvern the allcatin f the treatment f cntrl cmmands in the different entities f the PAS.

PAGE : 23 / 36 The functinal requirements deal with: the functinal classificatin f the prcessing I&C Functins; the electrical divisin r train (which crrespnds with that f the prcess, actuatrs and sensrs, t be managed); the type f prcessing t be perfrmed (which may cnditin the chice f the type f input/utput cards fr example); the perfrmance required f the prcessing functin (respnse time, prpagatin time, accuracy); the gruping/exclusins f prcessing required. Certain prcessing I&C Functins are gruped (in relatin t requirements due t a simultaneus lss f prcessing I&C Functins during a malfunctin f the part f the I&C system that cntrls them). Cnversely, there may be a requirement fr certain prcessing I&C Functins t be cntrlled by different PAS hardware units (t preserve perability f a grup f prcessing I&C Functins despite lss f certain thers due t a malfunctin). Furthermre, the structure f the PAS takes int accunt the segmentatin f the prcess cntrl dictated by the number, lcatin and the type f interfaces f actuatrs and sensrs t be managed. Fr a given safety functin, different cmbinatins are pssible e.g.: 1 x 100 %: One mechanical train, with its assciated I&C, is necessary t fulfil the safety functin; 4 x 50 %: Tw ut f fur mechanical trains, with their assciated I&C, are necessary t fulfil the safety functin; 2 x 100 %: One ut f tw mechanical trains, with its assciated I&C, is necessary t fulfil the safety functin. In rder t prevent an internal failure having an impact n mre than ne mechanical train, each mechanical train is cntrlled by a sub-system f the PAS lcated in the same divisin r sectin as the mechanical train. 3.4.2. Installatin The equipment, which manages the I&C Functins f the PAS, is distributed within the fur divisins f the nuclear island and in the tw sectins f the cnventinal island and site. It is installed in the I&C cabinets f divisins 1 t 4 f the safeguard buildings, in the I&C cabinets f the tw sectins f the cnventinal island, and in the I&C cabinets f the site buildings. The PAS equipment is lcated: in crrespndence with the lcatin f the divisin r sectin f the systems (actuatrs and sensrs) managed; in accrdance with the space available; in crrespndence with the pwer supply divisin r sectin.

PAGE : 24 / 36 3.4.3. Interfaces with ther I&C systems The PAS exchanges infrmatin with the fllwing: Prcess instrumentatin: exchanges linked t the acquisitin f measurements and states; The HMI: MCP [PICS]/RSS, and MCS [SICS]: exchanges linked with peratr cntrl; The RCSL, RPR [PS], and SAS: exchanges* assciated with the management f plant prcess cntrl; Electrical cells (electrical bards) and the cntrl systems (electr-psitiners etc.): exchanges linked t actuatr cntrl; External systems (turbine I&C cabinets, etc.): exchanges linked t the management f the plant prcess cntrl. * Nte that the cmmunicatin frm higher class systems is managed by the higher class system and is usually unidirectinal (frm the higher class t the lwer). See sectin 1.4.3 f Sub-chapter 7.3 fr the descriptin f the interfaces frm the RPR [PS] t lwer class systems. 3.5. OPERATING CONFIGURATIONS The cnfiguratin (hardware and functinal aspects) f the PAS is independent f the plant state. Prcessing allcatin nly depends n functinal criteria and the prcessing allcatin principles f the I&C system. The cnfiguratin f the PAS is, frm this pint f view, cnstant. The cnfiguratin f the PAS is subject t the fllwing principle: in the event f a malfunctin f an active bard, the system switches autmatically t the redundant standby bard. This principle applies t any redundant card f the PAS (CPU cards and cmmunicatin management cards). 3.6. TECHNOLOGY The equipment used t implement the PAS is the digital I&C system based n SPPA-T2000. 3.7. POWER SUPPLY Within each divisin, the I&C cabinets f the PAS are supplied by a dual pwer supply, via independent AC/DC cnverters and DC/DC cnverters. One pwer supply is prvided by a 400V AC supply and the ther by a 220V DC supply with apprpriate cnverters. Each mechanical train is cntrlled by a sub-system f the PAS that is lcated and electrically supplied by the same electrical divisin as the mechanical train. The adjustment t the vltage required by the PAS cabinets will be made internally t the cabinet supplying them with pwer. The supply cabinets are lcated in the same rm as the PAS cabinets. The descriptin f the pwer supply distributin f the NI is given in Sub-chapter 8.3.

PAGE : 25 / 36 3.8. PROVISIONS FOR PERIODIC TESTING Peridic tests are required fr all classified I&C Functins. The testing f a functin must allw verificatin f the cmplete cmmand channel, frm the sensr (autmatic cmmand), r frm the MCP [PICS] via the PAS (manual cmmand), up t the change f state f the actuatr. Hwever, if effecting an actuatr change f state is nt feasible (e.g. during peratin f the plant) prvisins are taken t blck the cmmand signals while the test is in prgress, in rder t test the line f cmmand f the actuatr withut effecting the cmmand.

PAGE : 26 / 36 4. SEVERE ACCIDENT I&C SYSTEM (SA I&C) Nte: Refer t the quality plans, system specificatin reprts and verall architecture drawings fr mre detailed infrmatin n the SA I&C system [Ref-1] t [Ref-7]. 4.0. SAFETY REQUIREMENTS The SA I&C is subject t safety requirements applicable t Class 3 I&C systems, due t its management f Categry C I&C Functins. The requirements are detailed in several dcuments, which prvide all the required infrmatin cntained within an IEC 61513 cmpliant system requirements specificatin as demnstrated fr the RPR [PS] in sectin 1.0 f Sub-chapter 7.3. 4.0.1. Safety functins The Severe Accident (SA) I&C system participates in the fllwing main safety functin: Limiting the radiactive releases at the site bundary t an acceptable level and maintaining the integrity f the primary and secndary systems. The SA I&C system perfrms the Severe Accident I&C Functins (RRC-B functins) needed in the event f a ttal lss f pwer (Lss f Off-site Pwer (LOOP) and lss f Emergency Diesel Generatrs and lss f Ultimate Diesel Generatrs). 4.0.2. Design requirements 4.0.2.1. Requirements resulting frm functinal classificatin 4.0.2.1.1. Functinal classificatin f the system The Severe Accident I&C system must be classified accrding t the principles specified in Sub-chapter 3.2. 4.0.2.1.2. Single failure criterin Nt applicable. 4.0.2.1.3. Emergency pwer supply T cmpensate fr the ttal lss f pwer scenari, the SA I&C system will be supplied by redundant Uninterruptible Pwer Supply (UPS) systems using battery-backed systems with a 12 hur capacity. 4.0.2.1.4. Qualificatin under perating cnditins The SA I&C cmpnents perfrming a Categry C I&C Functin must be qualified t remain functinal under pst-accident and severe accident cnditins.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback