Attachments 8-13 to the Enclosure contain Proprietary Information - Withhold Under 10 CFR 2.390 Enclosure Attachment 2 PG&E Letter DCL-12-120 PG&E Document "Diablo Canyon Power Plant Units I & 2 Process Protection System (PPS) Replacement Interface Requirements Specification, Revision 7" (Non-Proprietary) Attachments 8-13 to the Enclosure contain Proprietary Information When separated from Attachments 8-13 to the Enclosure, this document is decontrolled.
62
Embed
Enclosure Attachment 2 PG&E Letter DCL-12-120 Document ... · Updated section title Vendor CS Innovations 2.7.2 Deleted descriptive sections; information not needed here -contained
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Attachments 8-13 to the Enclosure contain Proprietary Information - Withhold Under 10 CFR 2.390
EnclosureAttachment 2
PG&E Letter DCL-12-120
PG&E Document"Diablo Canyon Power Plant Units I & 2
Process Protection System (PPS) ReplacementInterface Requirements Specification, Revision 7"
(Non-Proprietary)
Attachments 8-13 to the Enclosure contain Proprietary InformationWhen separated from Attachments 8-13 to the Enclosure, this document is decontrolled.
Pacific Gas and ElectricCompanyDiablo Canyon Power Plant
(J Units I & 2
Process Protection System (PPS) Replacement
Interface Requirements Specification
Nuclear Safety-Related
Rev 7
Ž~w iLu~Prepared Sig.
Print Last Name
Reviewed Sig.
Print Last Name
Coord Sig.
Print Last Name
Approval Sig.
Print Last Name
Z eri " - "I
NI11
Lint
Date L"
User ID JWW3
Date 2//i 1.1z.-
User ID RAL4
Date
User ID
Date JA7A I
User ID i$
This page left blank by intent
REVISION HISTORY
Revision Affected Reason for RevisionNumber Pages
1 All Initial Issue
1.4.4.8 Added STP 1-331.4.5.4 ALS Topical Report is Rev 1
1.5.2 Revised Tricon PLC description
1.5.3.1 Deleted STB and COM boards - not used
1.5.3.2 Clarified ASU capability1.5.3.3 Added section and new Figure 1-1 to clarify ALS A and ALS B connections to
SSPS
1.5.5 Revised section to clarify signal characteristics and open RTD detection1.5.5.6 Revised TCM communications description1.5.7 Added PPS Gateway Computer Scope and CC4 system health HMI unit1.5.8 Added Response Time Allocation
Clarified PRXM and RRXM chasses notationFigure 1 2 Reassigned safety-related OOS switches to safety-related PRXM Chassis
2 through Replaced Class 2 PS Failure contact inputs to Class 2 RRXM with safety-Figure 1 21 related + 24 Vdc PS output to safety-related PRXM chassis
Removed FW flows from Class 2 RRXM
Appendix 3.1 (1/O General revisionList)2.1.1 Clarified ALS input loop power supply
Clarified PTC Thermistor terminology2.1.2 Deleted reference to Fig 2-2 through Fig 2-4
2.3.3 Added new section - one-way communications link from ALS to MaintenanceWorkstation.Renumbered remaining sections.
2.3.6.3 Protocol is Ethernet based
Appendix 3.1 General revision(All sheets) Clarified "Safety-Related" and "Non-Safety-Related" items
Entire Document Changed MVDU to Maintenance Workstation1.3.1 Added Electrical Class 1E definition, clarified instrument class definitions
1.5.7 Clarified port aggregator tap description and scope1.5.8 ALS response time is 150 ms for temperature channels per ALS comment
Figure 11 Added loopback from trip switch load side; port aggregator tap is PG&E scope;Figure 1 21 Figure 1-14, Figure 1-19 corrected typos in descriptions
Figure 1 22 Updated figure per ALS topical report
2.1 Clarified I/O power supply requirements and scopeFigure 2 2 Clarified TE-413A and TE-423 for illustration only
2.32.7.1 Updated communications
Figure 2 1S Figure 2 3 Added new figures per ALS coordination meeting 05/17-18/2011Figure 2 3
1.5.3.3Figure 11 Updated per ALS design documentation
1.5.7 Updated isolation per ALS design documentation
1.5.8 Updated response time per ALS documentation
REVISION HISTORY, continued
Revision Affected Reason for RevisionNumber Pages
Figure 1 2Figure 1 3Figure 1 7Figure 1 8 Updated figures to illustrate ALS Line Sense Modules and external Trip SwitchesFigure 1 12
Figure 1 13Figure 1 17Figure 1 18
Figure 1 6Figure 1 11 Updated figures to include Class II power supply failure discrete inputsFigure 1 16
Figure 1-5Figure 1-10 Changed "Manual Trip Switch" to "Trip Status"Figure 1-15 Corrected directional arrows between from PRXM to RRXM (Figure 1-20 only)Figure 1ý20
1. Added TC454B alarm DO (Set IV Only)2. Delete "PCS" from TM-454A analog output (Set IV Only)
Figure 1-6 3. Changed BYP/OOS alarm to BYP alarm (New OOS alarm below)Figure 1-11 4. Added "PPS Set x Channel Out of Service Alarm" DO to MASFigure 1-16 5. Added "PPS Set x Time Synch" DI
6. Remove ALS data links to MWS; clarified MWS is Tricon
7. Added KVM Switch, HMI peripherals
Figure 1-22 Split MWS~into two units; one each for Tricon and ALS. Added KVM switch, KVM
REVISION HISTORY, continued
Revision I Affected ResnfrevioNumber Pages ResnfrRvso
2.1.1.7.a Add "24 Vdc"; deleted sharing of Tricon analog input and output power supplies
2.1.1.7.c Analog output power supply cannot be shared with discrete signals per Tricon vl0qualification
2.1.4 Added new figure to illustrate LSM functionsFigure 2-1 Renumbered remaining figures
Updated ALS analog input loop power supply designation; clarified 24 VdcFigure 2-2 (was Changed ALS-321 from internal current shunt mode to external current shunt
Figure 2-1) (voltage) modeAdded example Rs calculation for information only
e2-4 Changed ALS-321 from internal current shunt mode to external current shuntFigure 2 (voltage) mode
Figure 2-3 (was Updated Tricon analog input loop power supply designation; clarified 40 VdcFigure 2-2)
2.3 Revised to reflect separate ALS and Tricon MWS computers and disconnection of
2.7.1 the TAB when the ASU is not in use.
2.7.2 Added KVM switch descriptionAdded ALS TxB and TAB protocol references
Figure 2-6 (was Updated to show SSPS and RNASA ETT DO Power Supply voltage TBD byFigure 2-5) detailed design
Figure 2-7 Added New figure to illustrate TAB communication cable connections
2.8.3.2.2) Added reference to FRS
New Section - Application constraints and requirements:2.9.1 Tagname length restriction2.9.2 Modbus aliases
2.9 2.9.3 Tagname convention2.9.4 Disallowed function block names2.9.5 Quality Codes2.9.6 Online Maintenance and Test Interface
7, cont.
Appendix 3.1
ReformattedCorrected tagnames and engineering units various sheetsAdded new points and Tricon quality check for Gateway Computer all setsCorrected ALS Power Supply failure alarm descriptions PSII and PS IllRevised cells are shown in red textSeparated into individual appendices for each Protection Set
Process Protection System Revision: 7Interface Requirements Specification Page 1 of 55
ContentsI INTRO DUCTIO N ...................................................................................................................................... ............. 3
1 .1 P U R P O S E .................................................................................................................................................... ; ....... 3
1 .2 S C O P E ................................................................................................................................................................ 3
1.3 DEFINITIONS AND ACRONYMS ................................................................................................................................ 3
2.1 PROCESS INTERFACE REQUIREMENTS .................................................................................................................. 362.2 SAFETY-RELATED ALS/TRICON INTERFACE REQUIREMENTS .................................................................................. 442.3 DATA COMMUNICATION INTERFACE REQUIREMENTS ........................................................................................... 44
2.4 SYSTEM POW ER REQUIREMENTS ......................................................................................................................... 462.5 INSTRUMENT POWER SUPPLY LOCATIONS ......................................................................................................... 462.6 SYSTEM POWER S6URCES PROVIDED BY PG&E .............................................................................................. 462.7 W ORKSTATIONS ................................................................................................................................................. 46
TABLESTable 1 Tagnam e Convention ................................................................................................................................. 50
Table 2 Restricted Function Block Nam es .............................................................................................................. 51
Table 3 Quality Code Assignm ent ........................................................................................................................... 52
Process Protection System Revision: 7Interface Requirements Specification Page 2 of 55
Figures
Figure 1-1 A LS D iversity A rchitecture C oncept .......................................................................................................... 8
Figure 1-2 Replacement PPS Architecture - Set I ALS-A ..................................................................................... 11Figure 1-3 Replacement PPS Architecture - Set I ALS-B and Isolation Devices ................................................ 12Figure 1-4 Replacement PPS Architecture - Set I Safety-Related Tricon Main Chassis ..................................... 14Figure 1-5 Replacement PPS Architecture - Set I Safety-Related Tricon Primary RXM Chassis ........................ 15Figure 1-6 Replacement PPS Architecture - Set I Non-Safety-Related Tricon Remote RXM Chassis ................ 16Figure 1-7 Replacement PPS Architecture - Set II ALS-A .................................................................................. 17Figure 1-8 Replacement PPS Architecture - Set II ALS-B and Isolation Devices ................................................ 18Figure 1-9 Replacement PPS Architecture - Set II Safety-Related Tricon Main Chassis ................................... 20Figure 1-10 Replacement PPS Architecture - Set II Safety-Related Tricon Primary RXM Chassis ....................... 21Figure 1-11 Replacement PPS Architecture - Set II Non-Safety-Related Tricon Chassis ...................................... 22Figure 1-12 Replacement PPS Architecture - Set Ill ALS-A .................................................................................. 23Figure 1-13 Replacement PPS Architecture - Set III ALS-B and Isolation Devices .............................................. 24Figure 1-14 Replacement PPS Architecture - Set III Safety-Related Tricon Main Chassis ................................... 26Figure 1-15 Replacement PPS Architecture - Set III Safety-Related Tricon Primary RXM Chassis ..................... 27Figure 1-16 Replacement PPS Architecture - Set Ill Non-Safety-Related Tricon Chassis ................................... 28Figure 1-17 Replacement PPS Architecture - Set IV ALS-A ................................................................................ 29Figure 1-18 Replacement PPS Architecture - Set IV ALS-B and Isolation Devices .............................................. 30Figure 1-19 Replacement PPS Architecture - Set IV Safety-Related Tricon Main Chassis ................................... 32Figure 1-20 Replacement PPS Architecture - Set IV Safety-Related Tricon Primary RXM Chassis ...................... 33Figure 1-21 Replacement PPS Architecture - Set IV Non-Safety-Related Tricon Chassis ................................... 34Figure 1-22 Replacement PPS Non-Safety-Related Communications Architecture ............................................... 35F ig u re 2-1 LS M F u nctio n s ........................................................................................................................................ 3 8'Figure 2-2 Typical A LS A nalog Input W iring ............................................................................................................. 39Figure 2-3 Typical Tricon Analog Input Wiring .................................................................................................... 40Figure 2-4 Tricon/ALS PT-455 Interface Wiring ................................................................................................... 41Figure 2-5 ALS-A and ALS-B SSPS Connections (Deenergize to Trip Configuration) ....................................... 42Figure 2-6 ALS-A and ALS-B SSPS Connections (Energize to Trip Configuration) ............................................ 43Figure 2-7 Typical TAB Communication Link Connection ................................................................................... 48
Process Protection SystemInterface Requirements Specification
Revision: 7Page 3 of 55
1 Introduction
1.1
1.2
Purpose
This document specifies the requirements imposed on the Process Protection.System(PPS), its subsystems, and other system components to achieve interfaces among theseentities that are required for the PPS to perform its design function.
This document is intended to be revised as the PPS replacement design progresses.
Scope
The PPS is comprised of Tricon equipment provided by Invensys/Triconex and AdvancedLogic System (ALS) equipment provided by Westinghouse CS Innovations, LLC. ThisInterface Requirement Specification (IRS) provides: (1) requirements for the interfacesbetween external field devices such as process transmitters and the Tricon and the ALS;(2) electrical and communication interfaces between the Tricon and ALS and theirassociated peripheral devices; and (3) other interfacing Diablo Canyon Power Plant(DCPP) systems such as the Plant Process Computer (PPC), Main Annunciator System(MAS), Safety Parameter Display System (SPDS) and the Safety-Related 120 Vac and125 Vdc Power Systems. I
All external interface requirements for each of these systems will be defined.
1.3 Definitions and Acronyms
1.3.1 Definitions
The following definitions are used in this document:
TERM DEFINITION .,Channel An arrangement of components, modules, and software as
required to generate a single protective action signal whenrequired by a generating station condition. A channel loses itsidentity where single action signals are combined.
Electrical Class IE Design Class I electrical systems, components and equipment[1.4.4.9] perform safety-related functions. Instrument Class IA and IB
Category 1 devices below are considered to serve Class 1 Efunctions. All other instrument classes are considered toserve non-Class 1 E functions.
Instrument Class IA Instrument Class IA instruments and controls are those that[1.4.4.6] initiate and maintain safe shutdown of the reactor, mitigate the
consequences of an accident, or prevent exceeding 10 CFR100 [1.4.5.2] off-site dose limits.
InstrUment Class IB Instrument Class IB instruments and controls are those that[1.4.4.6] are required for post-accident monitoring of Category 1 and 2
variables in accordance with Regulatory Guide 1.97, Revision3 [1.4.3.2].
Instrument Class IC Instrument Class IC instruments and controls have the[1.4.4.6] passive function of maintaining the pressure boundary
integrity of PG&E Design Class I piping systems.Instrument Class ID Instrument Class ID instruments and controls are components[1.4.4.6] that have certain Design Class I attributes, but do not require
conformance with all Class IA, IB, or IC requirements.
Process Protection SystemInterface Requirements Specification
Revision: 7Page 4 of 55
1.3.2
TERM -DEFINITION
Instrument Class II Instrument Class II components are Design Class II devices[1.4.4.6] with non-safety-related functions. However, certain Class II
components are subjected to some graded quality assurancerequirements.
Protection Set The physical grouping of process channels with the samechannel designation. Each of the four redundant protectionsets is provided with a separate and independent power feedand process instrumentation transmitters. Thus, each of thefour redundant protection sets is physically and electricallyindependent from the other sets.
Acronyms
.ACRONYM 1iDEFINITIONALS Advanced Logic System
AMSAC ATWS Mitigation System Actuation Circuitry
ASU (ALS) Auxiliary Service Unit
ATWS Anticipated Transient Without Scram
CDD Conceptual Design Document
CLB Core Logic Board
COM Communications Board
DCM Design Criteria Memorandum
DDE Dynamic Data Exchange
DCPP Diablo Canyon Power Plant
DFWCS Digital Feedwater Control System
FRS Functional Requirements Specification
HMI Human Machine Interface
I&C Instrumentation and Controls
IEEE Institute of Electrical and Electronic Engineers
I/O Input/Output
IPB (ALS) Input Board
IRS Interface Requirements Specification
KVM Keyboard, Video display, and Mouse HMI peripheral devices
Process Protection SystemInterface Requirements Specification
Revision: 7Page 5 of 55
ACRONYM DEFINITION >PCS Process Control System
PLC Programmable Logic Controller
PPC Plant Process Computer
PPS Process Protection System
PRXM Primary Remote Expansion Module
PSU (ALS) Power Supply Unit
RCS Reactor Cooling System
RNARA Auxiliary Relay Rack A
RNASA Auxiliary Safeguards Rack A
RNPxy PPS RacksX = 1-4 (Protection Sets I - IV)Y = A, B, C, D, E (Protection Sets 1, 11)Y= A, B, C (Protection Sets Il1, IV)
RNSIA/RNSIB SSPS Input Relay Cabinet Train A/Train B
RRXM Remote RXM
RTD Resistance Temperature Detector
RXM Remote Expansion Module
RVLIS Reactor Vessel Level Indication System
SCM Software Configuration Management
SPDS Safety Parameter Display System
SRS Software Requirements Specification
SSPS Solid State Protection System
STB (ALS) Service and Test Board
TCM Triconex Communication Module
TMR Triple Modular Redundant
TSAP TriStation 1131 Application Project
WR Wide Range
Referenced Documents
General References and Standards
The following codes, standards, and regulations referenced in this Section are totally orpartially applicable to the activities covered by this Specification:
Institute of Electrical and Electronics Engineers (IEEE)
1.4.2.1 IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear PowerGenerating Stations"
1.4.2.2 IEEE Standard 603-1991, "IEEE Standard Criteria for Safety Systems forNuclear Power Generating Stations"
United States Nuclear Regulatory Commission (USNRC) Regulatory Guides
1.4.3.1 Regulatory Guide 1.75, Rev. 2, "Physical Independence of Electric Systems"
1.4
1.4.1
1.4.2
1.4.3
Process Protection System Revision: 7Interface Requirements Specification Page 6 of 55
1.4.3.2 Regulatory Guide 1.97, Rev. 3, "Instrumentation for Light-Water-CooledNuclear Power Plants to Assess Plant and Environs Conditions During andFollowing an Accident"
1.4.3.3 Regulatory Guide 1.180, Rev. 1, "Guidelines for Evaluating Electromagneticand Radio-Frequency Interference in Safety-Related Instrumentation andControl Systems"
1.4.3.4 U.S., Nuclear Regulatory Commission, Digital Instrumentation and Controls,Revision 1, "DI&C-ISG-04, Task Working Group #4: Highly-IntegratedControl Rooms - Communications Issues (HICRc)," March 6, 2009 (ADAMSAccession No.ML083310185)
1.4.4 Implementing Documents
1.4.4.1 Process Protection System Replacement Conceptual Design Document(CDD)
1.4.4.2 Process Protection System Replacement Functional RequirementsSpecification (FRS)
1.4.4.3 Process Protection System Replacement System Software Requirements
Specification (SRS)
1.4.4.4 Deleted
1.4.4.5 DCM S.-38A, Plant Protection System
1.4.4.6 DCM T-24, DCPP Instrumentation and Controls
1.4.4.7 DCM S-65, 120 VAC System
1.4.4.8 STP 1-33, Reactor Trip Time Test Program
1.4.4.9 DCM T-19, Electrical Separation and Isolation
1.4.5 Other References
1.4.5.1 Triconex Corporation Nuclear Qualified Equipment List (NQEL), latestversion
1.4.5.2 Title 10 Code of Federal Regulations Part 100, Reactor Site Criteria
1.4.5.3 Letter No. NRC-V1 0-09-01, J. Polcyn (Invensys) to NRC, "Nuclear Safety-Related Qualification of the Tricon TMR Programmable Logic Controller(PLC) - Update to Qualification Summary Report Submittal and "Applicationfor withholding Proprietary Information from Public Disclosure," datedSeptember 9, 2009
1.4.5.4 Diablo Canyon Power Plant, Unit Nos. 1 and 2 - Safety Evaluation for TopicalReport, "Process Protection System Replacement Diversity & Defense-In-Depth Assessment" (TAC Nos. ME4094 and ME4095), dated April 19, 2011(ADAMS Accession No. ML1 10480845)
1.4.5.5 6002-00301, CS Innovations ALS Topical Report and Supporting Documents
Submittal, July 29, 2010 (ADAMS Accession No. ML1 02160471)
1.4.5.6 6002-32102, CS Innovations, ALS 321 Design Specification
1.4.5.7 9700052-019, Field Terminations Guide for Tricon v9-1 0 Systems
Process Protection System Revision: 7Interface Requirements Specification Page 7 of 55
1.4.5.8 6116-00011, DCPP ALS System Design Specification
This section identifies the systems, interfacing entities, and other interfaces to which thisdocument applies.
1.5.1 Protection Sets
The PPS consists of sixteen (16) racks (per DCPP Unit) of instrumentation located in theCable Spreading Rooms (Auxiliary Building, elevation 128). The sixteen racks aredivided into four Protection Sets; five racks each for Protection Sets I and II, three rackseach for Protection Sets III and IV. Each Protection Set is. physically separated andelectrically isolated from the other sets. Figure 1-1 illustrates the hardware thatcomprises the sixteen (16) protection sets.Protection Set I is comprised of Racks 1 thru 5 (RNP1A, RNP1B, RNP1C, RNP1D, andRNP1E).Protection Set II is comprised of Racks 6 thru 10 (RNP2A, RNP2B, RNP2C, RNP2D, andRNP2E).Protection Set III is comprised of Racks 11 thru 13 (RNP3A, RNP3B, and RNP3C).
Protection Set IV is comprised of Racks 14 thru 16 (RNP4A, RNP4B, and RNP4C).
Physical equipment will be assigned to specific PPS racks during detailed design.The existing Eagle 21 HMI units are located in Racks 5 (RNP1E), 9 (RNP2D), 12(RNP3B) and 14 (RNP4A). These racks are expected to house the replacement PPSMaintenance Workstation and communications equipment.
The Tricon PLC shown in the following figures comprises the Main Chassis and twoRemote Expansion Chassis (RXMs), all within a given protection set. The Main Chassisis connected to a "Primary" RXM via triplicated copper I/O expansion bus cables. ThePrimary RXM (PRXM) is connected to a "Remote" RXM chassis using multimode fiber-optic cables. The Remote RXM (RRXM) chassis allows extending the I/O bus overlonger distances than copper cables can support, and to provide electrical isolation fornon-safety-related I/O signals, as required.Refer to the Triconex licensing Topical Report [1.4.5.3] for additional information.
1.5.3 CS Innovations Advanced Logic System (ALS)
1.5.3.1 A typical ALS rack configuration as shown in the following figures containstwo sets of the following components (See Reference 1.4.5.5 for additionaldetails):
ALS CLB - Core Logic Board
ALS IPB - Input BoardALS OPB - Output Board
ALS PSU - Power Supply Unit
1.5.3.2 ALS ASU -Auxiliary Service Unit
The ASU shown in Figure 1-22 is a dedicated piece of test equipment which can be
Process Protection SystemInterface Requirements Specification
Revision: 7Page 8 of 55
connected to the ALS rack during diagnostics or testing by plant personnel. The ASUprovides non-intrusive diagnostic tools that allow plant personnel to access detailedstatus and configuration information of the system while the system is online. TheASU also provides post-event analysis information about the system to plantpersonnel for evaluation of an event after it has occurred.The ASU can modify setpoints and tuning constants, but cannot alter functionalprogramming (i.e., alter the algorithm) of the CLB.
In the PPS Replacement project, the Maintenance Workstation will perform thefunctions of the ASU.
1.5.3.3 The ALS A and ALS B conceptual architecture to provide built-in diversityand defense in depth per the D3 evaluation approved by NRC [1.4.5.4] isillustrated in Figure 1-1. Wiring details are illustrated In Figure 2-5 andFigure 2-6.
The manual bypass switches in Figure 1-1 allow one ALS diversity Group (i.e., ALS-Aor ALS-B) to be bypassed and removed from service without tripping the channel.The manual trip switch may be used to initiate a partial channel trip independently ofthe ALS logic.
Figure 1-1 ALS Diversity Architecture ConceptO.-.n.,gio. to Trip
Cofiguraon
Ent-gi. to TripConfiguraton
.1.5.4 Isolation Devices
The isolation devices shown in Figure 1-3, Figure 1-8, Figure 1-13, and Figure 1-18 aresafety-related components powered from the Class II 24 Vdc I/O power supplies providedby PG&E. The isolation devices are separate and independent from both the Tricon andthe ALS. All isolation devices are 4-20 mA DC input and 4-20 mA DC output. Input andoutput range information is provided in the I/O List [Appendix 3.1]. The qualified isolationdevices perform the required isolation function when powered from non-safety-related I/Opower. That is, credible faults (short circuit, open circuit, application of fault potential) onthe Class II terminals will not adversely affect the Class I circuit.
Process Protection System Revision: 7Interface Requirements Specification Page 9 of 55
1.5.5 ALS Signal Conditioning
1.5.5.1 The ALS shall provide signal conditioning and isolation for the ReactorCoolant System (RCS) non-safety-related flow analog output signals withcapability to normalize the scaling periodically.
1.5.5.2 The ALS shall provide signal conditioning for the RCS narrow rangeResistance Temperature Detector (RTD) safety-related signals to theOverpower Delta Temperature (OPDT) and Overtemperature Delta T (OTDT)reactor trip functions, and for the RCS Wide Range Temperature andPressurizer Vapor Space Temperature RTD signals.
1.5.5.3 The ALS shall convert the RTD signals from resistance to temperature. TheALS shall provide capability to update the resistance to temperatureconversion coefficients periodically. Analog temperature signal input andoutput range information is provided in the I/O List [Appendix 3.1]
1.5.5.4 Temperatures shall be transmitted from the ALS to the Tricon via 4-20 mAanalog signals scaled per Appendix 3.1.
1.5.5.5 All temperatures shall be transmitted from the ALS to the Gateway computervia RS-422 signals scaled for the full input range per Appendix 3.1.
1.5.5.6 The ALS .shall provide down-scale open RTD protection. If the ALS detectsan open or failed RTD, it shall output an analog signal below the Triconsignal failure threshold, which is -5% of span = 3.20 mA per the FRS [6]. Ifthe actual temperature is below the low scale value provided in Appendix 3.1,the ALS shall output the low scale value, or 0% of span = 4.00 mA. Thisallows the Tricon to provide RTD failure alarming and ensures that the Tricondoes not indicate RTD failure when the temperature is below low scale butstill functioning correctly, a condition that exists during plant shutdown. In thelatter case, the actual temperature shall be available from the ALS via the.Gateway computer.
1.5.6 Maintenance Workstation
Separate and independent Maintenance Workstation computers [Section 2.7] showninFigure 1-22 are provided for the Tricon and ALS subsystems, respectively, for eachProtection Set to allow PPS information processing and display. The two MWScomputers in each Protection Set share common HMI peripheral devices such as thekeyboard, video display, mouse (KVM), and touchscreen interface through a KVM switch[Section 2.3.7].
The Tricon will be isolated from its dedicated Maintenance Workstation computer by thequalified safety-related Triconex Communications Module (TCM). Fiber optic cableelectrically isolates the Tricon from external non-safety-related devices.
The ALS broadcasts data to its dedicated Maintenance Workstation computer via theisolated one-way TxB2 RS-422 data links. TAB communications between the ALS andthe MWS take place via RS-485 data link. The TAB is physically disconnected from theMWS when the TAB is not in use. The TAB is connected and enabled only whenmaintenance is being performed on the ALS. It is disconnected at all other times. TheTAB is enabled for short periods only when ALS maintenance is being performed, andmaintenance will be performed under administrative controls by qualified individuals.This arrangement satisfies NRC DI&C ISG-04, Staff Position 10 of Section 1,Interdivisional Communications [1.4.3.4].
A Maintenance Workstation computer may access data only within its own protection setsubsystem (i.e., Tricon or ALS). Communication with other protection sets or betweensubsystems within a Protection Set is not possible.
Process Protection System Revision: 7Interface Requirements Specification Page 10 of 55
1.5.7 Plant Process Computer Gateway and Other Non-Safety-Related CommunicationsInterfaces
The safety-related Tricon and ALS are connected to the non-safety-related PPC andworkstation via the Gateway computer shown in Figure 1-22. The Gateway computer willbe installed by PG&E in the Process Control System (PCS) replacement project. TheALS Core Logic Board (CLB) provides isolation for the TxB1 and TxB2 one-way EIA-422communication links to the PPC Gateway and the Maintenance Workstation,respectively. The ALS transmits data to the non-safety-related Gateway computer, whichis common to all four protection sets, and to the Maintenance Workstation using serial,unidirectional, one-way communications channels that do not require any handshaking.
The Tricon will be isolated from the Gateway computer by a data isolation device such asthe port aggregator network tap shown in Figure 1-22, which permits two-waycommunications between the Maintenance Workstation belonging to a specific protectionset and the Tricon in that protection set, yet allows only one-way communication to thePPC Gateway Computer. The port aggregator tap will be provided by PG&E.
For system health displays, the PPS will share a HMI unit in the Control Room on CC4that will also be installed by the Process Control System (PCS) replacement project.
1.5.8 Response Time
The reactor trip response time is the time interval from when the monitored parameterexceeds its trip setpoint at the channel sensor, until loss of control rod stationary grippercoil voltage. The ESF response time is the time interval from when the monitoredparameter exceeds its trip setpoint until the ESF equipment is capable of performing itssafety function. The PPS is allocated a maximum response time of 409 ms [1.4.4.8].The ALS performs signal conditioning for the narrow range RTD's that support theOvertemperature AT (OTDT) and Overpower AT (OPDT) reactor trips, and the Triconperforms setpoint calculation and comparison and trip output. Therefore, the PPS timeresponse allocation is shared between the ALS and Tricon portions of the PPS for thesefunctions.The preliminary worst case (deterministic) OTDT and OPDT PPS response timeallocations are as follows:ALS: 175 ms for RTD processing
Tricon: 200 ms
Contingency: 34 msTotal PPS Allocation: 409 ms
The vendor shall provide means of verifying the actual response time if the system doesnot support deterministic methods of calculating worst case response timecharacteristics.
1.5.9 Accuracy
The FRS specifies existing Eagle 21 accuracy requirements with the intent to maintaincurrently licensed Channel Statistical Allowance (CSA) margins such that no setpointchanges are required. Accuracy allocation between the ALS and Tricon for the RCStemperature parameters will be determined during the detailed design.
Process Protection SystemInterface Requirements Specification
Revision: 7Page 11 of 55
Figure 1-2 Replacement PPS Architecture - Set I ALS-A
PPS Protection Set I
RS-485 TAB Data Link
Disconnected when no in. usein/P-422 Data Li 1~ 7'r -1 FPP Gat ... eway
TX Only
R..4.2 Data ln TOP
TX Onlytil lI+I I
+l Loop 1 RCS Flow(SI) FT-414(4- 20 otA)
....- Loop 2PRC Flow
(4-20 mA)Loop 3 RCS Flow
(4-20 mA)Loop 4 RCS Flow
(4-20 tA)Loo. 1 DnZA T)ld-t
(2o 0 D)Loopy1 DiTA Thot-tA
(2000)
TE4tI A Loop 1 DTfA Thot-2A(200 D)
-- -.- Loop t DUTA Thot-23A(20D 0)
TE-413A Loop I WP Tamp Hot Lag
(2:0 D)
TE-413B Loop 1 WR Temp Cold Leg
(2000)PZR Pressure
(4-20 mA)
(S6) PT-937 Containment Pressure(4-20 mA)
FC*414_FB_LSM A FC-414 Loop I Lo Flow LSM A -- O(Disotete)
Process Protection System Revision: 7Interface Requirements Specification Page 36 of 55
2 Interface RequirementsThis section specifies the requirements imposed on the systems, subsystems, configurationitems, or other system components to achieve required interfaces among these entities.
2.1 Process Interface Requirements
Appendix 3.1 describes process inputs and outputs for the PPS replacement project.The I/O list contains the following information for each protection set. As noted below,some I/O list information is outside the scope of this interface specification.
2.1.1 I/O Power Supplies
The Triconex qualification requires that separate power supplies be used for analog anddigital i/o.
1. All Tricon discrete inputs and outputs will be powered in accordance with therequirements provided in the I/O list.
2. The Containment Pressure Bypass switch inputs to the ALS will be dry contactswetted by 48 Vdc supplied by PG&E.
3. The Pressurizer pressure loops are shared among the ALS, Tricon, and the controlsystem, via qualified isolator modules, and will be powered by the Tricon ETP asshown in Figure 2-3.
4. Where the analog input signal source is a process transmitter, bounding loopresistances per the I/O list are as follows:
a. Max resistance < 750 ohms
b. Min resistance > 200 ohms5. All 4-20 mA analog signals are powered from power supplies located within the PPS
cabinets. The 0-10 VDC analog signals from the Nuclear Instrumentation System(NIS) are powered by the NIS.
6. PG&E will provide power supplies which will accommodate the above bounding loopresistance values. Analog input loop power supply voltage should not exceed 40Vdc, and may be as low as 24 Vdc based on the following considerations andassumptions:
a. Rosemount 1154 and 1154 Series H
1) Max qualified power supply voltage: 45 Vdc
2) Max Design loop resistance at 45 Vdc input: 1575 ohms
3) Min Design loop resistance at 45 Vdc input: 500 ohms
4) Max Design loop resistance at 24 Vdc input: Approx. 700 Ohms
5) Min Design loop resistance at 24 Vdc input: 0 Ohms
b. Rosemount 1153 Series B&D Output Code P
1) Max qualified power supply voltage: 40 Vdc
2) Max Design loop resistance at 40 Vdc input: 1325 ohms
3) Min Design loop resistance at 40 Vdc input: 500 ohms
4) Max Design loop resistance at 24 Vdc input: Approx. 600 Ohms
5) Min Design loop resistance at 24 Vdc input: 0 Ohms
Process Protection System Revision: 7Interface Requirements Specification Page 37 of 55
c. Rosemount 1153 Series B&D Output Code R
1) Max qualified power supply voltage: 45 Vdc
2) Max Design loop resistance at 45 Vdc input: 1575 ohms
3) Min Design loop resistance at 45 Vdc input: 500 Ohms
4) Max Design Loop Resistance at 24 Vdc input: Approx. 700 ohms
5) Min Design Loop Resistance at 24 Vdc input: 0 ohms
d. Barton 763 max power supply voltage: 50 Vdc
e. Barton 763 Max loop resistance at 40 Vdc input: Approx. 1250 ohmsf. Barton 763 Min loop resistance at 40 Vdc input: Approx. 190 ohms
g. Triconex 3805N Analog Output module OVP: 42.5 Vdc
h. ALS input resistance is 220 ohms [Figure 2-4] when both "A" and "B" 302boards are in the circuit.
i. Triconex 9792-61 ON Reg. Guide 1.180 FTP Max 48 Vdc (Approx. inputresistance: (250 + 1/(1/250 + 1/3300)) - 482 ohms)
j. Input and output loop resistances as shown in Appendix 3.1 based onTriconex resistance above and:
k. ALS 4-20 mA analog outputs are powered by the ALS. Therefore,temperature inputs to the Tricon will not use the Positive TemperatureCoefficient (PTC) thermistor for loop overcurrent protection and the inputresistance for Tricon temperature inputs is 250 ohms.
7. Tricon Analog Output Power Supply
a. Analog outputs in the safety-related Triconex Main Chassis will be poweredby redundant 24 Vdc power supplies furnished by PG&E.
b. Analog outputs in the non-safety related Triconex Remote RXM chassis willbe powered by redundant 24 Vdc power supplies furnished by PG&E andmounted in the rack housing the RRXM chassis.
c. The Tricon analog output power supply shall not be shared with any discreteinput or output signals.
2.1.2 Analog Inputs
Figure 2-2, Figure 2-3, and Figure 2-4 illustrate typical PPS analog input signal wiring[1.4.5.6, 1.4.5.7]:
1. PT-455 signal shared among Tricon (DTTA functions), ALS-A, ALS-B and anisolation device
2. LT-459 signal shared among Tricon, Control Board indicators and an isolation device
3. PT-505 signal shared among the Tricon, and an isolation device
4. RCS Temperature signals are conditioned by ALS-A and ALS-B, respectively beforethey are input to the Tricon. Example wiring for these signals is shown in Figure 2-3.
5. Tricon Al cards 3721 (where used) and 3721N shall be configured for 14-bitresolution, unipolar. These cards are used for all 4-20 mA analog inputs to the PPS
Process Protection System Revision: 7Interface Requirements Specification Page 38 of 55
6. Tricon Al cards 3703E (where used) and 3703EN shall be selected for 0-10 Vdcinput, fail downscale. These cards are used for Nuclear Instrumentation (NI) inputsto the PPS.
7. Signals from redundant field devices shall be processed on separate input boards.
2.1.3 Discrete Inputs
Signals from redundant field devices shall be processed on separate input boards.
2.1.4 Discrete Outputs
Figure 2-5 and Figure 2-6 illustrate typical ALS discrete output signal wiring thatimplements the diversity architecture [Figure 1-1] using a Line Sense Module (LSM) toprovide a hardwired OR configuration between Diversity Groups ALS-A and ALS-B andto enable the ALS to perform continuous error checks for detecting the followingconditions:
* Failure to Trip on Demand
• Trip without Demand
" Failure to Bypass
* Illegal Bypass
The LSM is illustrated in Figure 2-1. Configuration of the LSM for use in an Energize toTrip (ETT) or Deenergize to Trip (DTT) circuit is done through field wiring terminations onthe LSM and does not require any modification of any electrical properties of the LSMitself. Thus, a single LSM can be used in an ETT or DTT circuit without the need toelectrically configure the module for the trip circuit type before use. This allows a singlepart number to be used to provide spares for both ETT and DI7 circuit configurations.
Refer to the ALS Design Specification [1.4.5.6] for additional information regarding theLSM and field wiring interface.
Figure 2-1 LSM FunctionsFeedback• to Feedback to
ALS-302-A DI ALS-302-B 01
ttFro. ALS-402-A DO LSMA
Fro- By DoP M-oSw-"0 A kDoptW .
EEE To SPSPIOONASA
Frow AL-•402-B DO U LSM B13SM
F-o Bypme
Revision: 7Page 39 of 55ecification
Figure 2-2 Typical ALS Analog Input Wiring
ALS 321 Cwd "AExternal Current
Shunt Mode
ALS 321 Card "BExternal Current
Shunt Mode
DIN Rail Terminal Boardwith Disconnect
Notes:External shunt resistor Rs across ALS En and Anterminals allows Al card to be removed withoutinterrupting the 4-20 mA field circuit.
Example (Informati on Only) :
Calculate Rs for 0.4 - 2.0 VDC Input (4- 20mADC)
I I I100 260 K RsRS (260KXl°°)
260K - 100Rs = 100.03850
Revision: 7Page 40 of 55ecification
Figure 2-T3 Typical Tricon Analog Input Wiring
TB-ATB-A-Il.IIETPI-OllT-r)
--------------------
PANEL MODEL zizv Tat9792-61ONJETP1 (For 3721 N Al)
J4 J3 J2
JP17
TB-A-I(-)/ETPl-0(T-) TBK
. TB-A--/TP 1-0T-l +) 1K
K. -- TB-A-8 (-)ETPI-02('Tl-) W
L TB-A-O(+)ETPKI.3fl+) BK
K. TB-A.Io(-;STPI-o3(-) .r
K. TB-AI11+YSTPI-04<T-)BKI
T&-A-I 1,+YETP -O4IAIWT
Li TB-A-12(+tETPi-05(A) W2 I
I/O Power Supply PRI PS(+YT82-1 RD
PS2S I R S(IDII) B(40 VOC L---
SEC PS(+)/TB3-1 RDO Power Supply- - - -- -
PSS p S(-)/DCI(-) BK(40 VDC) -------
:-!I aPT
2 aLT
3 F'T
4 eTl
5 8P'
ISa1
TB2-TBS
P2
455
459
TS05
JP1
JP2
JP3
E413A
T423A
* 0 JP4
* 0 JPS
JPie
TBM
INotes:* PT-455, PT-505, and LT-459 are powered by the Tricon ETA.* The TE-413A and TE-423A RTD signals are conditioned by the ALS before they are input to the Tncon and provided
to the Tricon as 4-20 mA analog signals. They are powered by the ALS, externally from the Tricon ETA.The DCPP PPS NIS input signals are 0-10 VDC and will utilize a 3703EN Al card and 9783-1 1ONJ ETADo not remove Jumper JP-17 when using the 9792-610NJ with the 3721N A1 card.
DIN Rail Terminal Boardwith Di-eonnrec
Revision: 7Page 41 of 55ecification
Figure 2-4 Tricon/ALS PT-455 Interface Wiring
TRICON
TB-ATB-A-I (+)/ETP 1-01(T+)
JUMPER
JUMPER
JUMPER
TB-A-4(-)/ETP1 -01 (T-)
with Disconnect
ALS-AALS 321 Card A
PT-455 TB-A Externa Cunent Shnt Mode
From Tricon TB-A I N E-n 2 50
'. AntAn2() ()E- IAn-10K- A A/
DIN Rail Terminal Boardwith Disconnect
ALS-BALS 321 Card B"
PT-55T1313Extennal C-ren ShuntS ModePT-455 TB-B ,ne h• o
From Tricon TB-A I NEn 2-.1E - R sA nJ 10 K -1DI (-) \- ~ An =An ]
DIN Rail Terminal Boardwith Disconnect
Note:• Rs across 1 (+) and 1 (-) on TB-A and TB-B allows
ALS-321 card to be removed without breaking the 4-20 mA field circuit.
Revision: 7Page 42 of 55ecification
Figure 2-5 ALS-A and ALS-B SSPS Connections (Deenergize to Trip Configuration)
NOTES:1. Normally Open, Open to Alarm2. Normally Open, Close to Actuate
I A and LSM B are parts of a single LSM.
Revision: 7ecification Page 43 of 55
Figure 2-6 ALS-A and ALS-B SSPS Connections (Energize to Trip Configuration)
ALS-Bwamn Supply AL33 DI 1 W.Wng&Spply
4 C1 ) 8 C
Logic _
ALS-A CHN(n) ALS-B-02-2D ,TN ALS,.402-2 D,
(2.) (2.)
2 'v
Ind t. hdicaW
•LSM LSM B
L5A ,A - (Relays)IlL B NA SA (I Relay.)
I A and LSM B are parts of a single LSM.
Process Protection System Revision: 7Interface Requirements Specification Page 44 of 55
1. ALS shall provide 4-20 mA analog Temperature channel inputs to Tricon
2. ALS output signals shall be powered by ALS
2.3 Data Communication Interface Requirements
As shown in in Figure 1-22, the Tricon portion of the PPS replacement will utilize twoTCM cards in each main chassis (Slots 7L and 7R), as well as two Media converters, twoPort Aggregator Network Taps, and two sets of associated media. This arrangementprovides two non-safety-related communication paths to the MWS and the PPC GatewayComputer from each Protection Set to ensure continued communications if a single non-safety-related communication component fails.
2.3.1 Non-Safety-Related Communications from Tricon to Port Aggregator Tap (2-way)
2.3.1.1 Hardware: Net Optics PA-CU 10/10BaseT Port Aggregator Tap supplied byPG&E
2.3.1.2 Media: Optical Fiber from TCM 100baseT Ethernet Media Converter to port
aggregator. Supplied by Triconex.
2.3.1.3 Data Interface Protocol: Triconex Standard Ethernet NET2
2.3.2 Non-Safety-Related Communications from Port Aggregator Tap to Tricon MaintenanceWorkstation Computer (2-way)
2.3.2.1 Hardware: See Section 2.3.1.1
2.3.2.2 Media: 100baseT Ethernet
2.3.2.3 Data Interface Protocol: Triconex Standard Ethernet NET2
2.3.3 Non-Safety-Related Data Communications from ALS to ALS Maintenance WorkstationComputer (1- way)
2.3.3.1 Description: Core Logic Board communication channel TxB2
2.3.3.2 Media: RS-422 twisted pair copper to maintenance workstation
2.3.3.3 Data Interface Protocol: TxB1/TxB2 Data Packet [Reference1.4.5.9, App A;1.4.5.10, App A]
2.3.4 Non-Safety-Related Communications from Test ALS Bus (TAB) to ALS MaintenanceWorkstation Computer (physically disconnected when TAB is not in use). Refer to Figure2-7 for TAB communication interface connections.
2.3.4.1 Description: TAB interface with ALS chassis
2.3.4.2 Media: RS-485 twisted pair copper to TAB enable switch and MWS
2.3.4.3 Data Interface Protocol: TAB [Reference 1.4.5.10, Section 5.2]
2.3.5 Non-Safety-Related Communications from ALS to Gateway computer (One-way)
2.3.5.1 Description: Core Logic Board communication channel TxB1
2.3.5.2 Media: RS-422 twisted pair copper to Gateway computer
Process Protection System Revision: 7Interface Requirements Specification Page 45 of 55
2.3.5.3 Data Interface Protocol: TxB1iTxB2 Data Packet [Reference1.4.5.9, App A;1.4.5.10, App A]
2.3.6 Non-Safety-Related Communications from Port Aggregator Tap to Gateway computer
(One-way)
2.3.6.1 Hardware: See Section 2.3.1.1.
2.3.6.2 Media: 100baseT Ethernet + network hub supplied by PG&E
2.3.6.3 Data Interface Protocol: Ethernet-based.
2.3.7 Keyboard, Video Display, and Mouse (KVM) Switch
2.3.7.1 The KVM switch shall enable sharing a high resolution screen and USB HMIperipheral devices (including keyboard, mouse and touchscreen interface)between multiple computers.
a. The KVM switch shall enable up to four computers to be controlled fromone single high resolution KVM console using high definition analog VGAvideo links to a single VGA monitor.
b. The KVM switch shall permit only connections between the video displayand USB interface devices and the single selected computer.Connection between the computers or to multiple computers shall not bepermitted.
C. The KVM switch shall support switching the video display and HMIinterface devices between the connected computers via the followingmeans:
* Keyboard hotkeys
* Front panel switch
* Mouse button (requires a 3-button mouse)
d. The KVM switch shall enable USB 2.0 enhanced feature mouse andkeyboard input devices to be switched instantaneously and reliablybetween the connected computers without requiring the devices to beenumerated upon transfer. Item f, below explains enumeration.
e. The KVM switch shall include two independently switchable USB 2.0channels for other devices. The first channel (USB1) will be used for theTouchscreen interface device. The second channel (USB2) may beused to connect a printer to the workstation as determined by thedetailed design.
f. The independently switchable USB 2.0 channels shall provideenumerated switching, which requires the connected USB device toperform a full initiation process (i.e., enumeration) every time it isswitched. The enumerated switch shall pass signals straight through theswitch between the USB device and the computer without interpretation.
g. The switch shall utilize the default switching mode, in which the videodisplay, keyboard and mouse and the enumerated USB ports are allswitched simultaneously.
h. The KVM Switch provides an Options Port that can be utilized forremotely controlled switching or firmware update.
* The PPS replacement application will not utilize the remotelycontrolled switching feature.
0 DCPP may utilize the Options Port to update the KVM switchfirmware. If needed. such a maintenance update will be performed
Process Protection System Revision: 7Interface Requirements Specification Page 46 of 55
using approved DCPP configuration management procedures
i. The PPS replacement application will not utilize the audio interface.j. Multiple KVM stations are not required for the DCPP PPS Replacement
application.
2.3.7.2 Media: Copper
2.3.7.3 Data Interface Protocol: Analog VGA; USB 2.0
2.4 System Power Requirements
2.4.1 I/O Power
Refer to Section 2.1.1
2.4.2 Tricon System Power Requirements
The Tricon portion of the PPS replacement will use the standard Triconex V10 AC powerdistribution design. An external independent vital 120 VAC 60 HZ power source will beprovided by PG&E for each Protection Set. The single vital 120 VAC source for eachProtection Set will be connected in parallel to the dual input power supply for each TriconV10 Protection Set. Power filters will reduce conducted noise to acceptable levels inaccordance with USNRC Regulatory Guide 1.180, Rev 1.
2.4.3 ALS System Power Requirements
The ALS "A" and ALS "B" chassis in each Protection Set requires two redundant safetyrelated sources of 48 VDC power, which are necessary to power the ALS chassis andthe individual boards within the chassis. The power supplies are provided by PG&E. Aswith the Tricon, the single vital 120 VAC power source provided by PG&E for eachprotection set will be connected in parallel to the two ALS chassis power supplies.
2.5 Instrument Power Supply Locations
To be determined by detailed design.
2.6 System Power Sources Provided by PG&E
2.6.1 The following power sources are available for the Process Protection System:
2.6.1.1 120 Vac vital instrument power [1.4.4.7]:
Voltage: 120V ±10% [DC 6010908-397]
Frequency: 60 HZ ±5% [DC 6010908-397]
2.6.1.2 Non-safety-related 120 Vac utility power
2.6.2 Harmonic Distortion Limitations
PG&E practices power supply quality monitoring. As-found and as-left Total HarmonicDistortion (THD) measurements will be performed on power supply at PPS 120 Vacpower supply input terminals before and after installation of equipment powered from the120 Vac vital instrument power supply. Refer to USNRC Reg. Guide 1.180 [1.4.3.3].
2.7 Workstations
2.7.1 Maintenance Workstations
Separate and independent Maintenance Workstation computers are provided for the
Process Protection System . Revision: 7Interface Requirements Specification Page 47 of 55
Tricon and ALS subsystems in each Protection Set to allow independent processing anddisplay of information from both Triconex and ALS portions of the PPS. The HMIapplication in the Tricon MWS computers shall interface (2-way) with the Tricon. TheTS1 131 PPS application contains function blocks that allow WRITE-access to a limitedset of parameters programmed into the application software with the Tricon keyswitch inthe RUN position. Without these function blocks programmed into the applicationprogram application program parameters cannot be modified with the keyswitch in theRUN position. The Tricon protection set is considered inoperable when the keyswitch isnot in RUN position.
The HMI application in the ALS MWS computers shall interface (1-way) with the ALS viathe isolated TxB2 RS-422 data link. The two MWS computers in each Protection Setshare peripheral devices through a KVM switch. Refer to Section 2.3.7 for details.
2.7.2 Auxiliary Service Unit Application Software
Software application shall be provided by Vendor CS Innovations to run on the ALSMaintenance Workstation Computers. The ASU application utilizes a two-way RS-485communication link to communicate with the Test ALS Bus (TAB) that is physicallydisconnected from the MWS computer when it is not in use. The activation of the TABvia connecting the TAB data link to the MWS computer does not interfere with the abilityof the ALS safety channels to perform their respective safety functions and the ALS is stilloperable during activation of the TAB. Therefore, individual instrument loops may beplaced is bypass for maintenance and the rest of the ALS safety channel is still operablewith respect to its safety function.
To detect the TAB connection, the ALS-1 02 DI #2 needs to be connected to ALS-1 02'lnput.Rtn as shown in Figure 2-7 [Reference 1.4.5.8, Figure 4-2].
2.8 Alarm Interface Requirements
The PPS shall provide the following alarm output signals from each Protection Set forconnection to the Main Annunciator System (MAS) in the DCPP Main Control Room(MCR). Separate input signals shall be provided for these alarms from each ProtectionSet per Section 3.2.1.5 of the FRS [1.4.4.2].
2.8.1 PPS Failure (Deenergize to Alarm with Reflash capability)
The conditions listed in FRS Section 3.2.1.5.1 shall provide signals to initiate the PPSFailure alarm in the Main Control Room.
2.8.2 PPS Trouble (Deenergize to Alarm with Reflash capability)
The following platform-specific inputs to the Main Control Room PPS Trouble Alarm shallbe provided in addition to those listed in FRS Section 3.2.1.5.2. Other alarms not listedhere or in the FRS may be provided to meet platform diagnostic requirements.
2.8.2.1 Controller keyswitch not in RUN (Tricon only)
2.8.2.2 TAB communication enabled (ALS Only)
Revision: 7Page 48 of 55
ecification
Figure 2-7 Typical TAB Communication Link Connection
ILS BACKPI
P3-C2 IP3-E6
PI-AI0PI-AII
LANE CONNECTOR ALS BACKPA
13 102-1.C2 INPUT.C2 i I O-E6J3-102-l.E6 k3PUT.R1N -,Z J0-D5
P10-E6 1_ 0 2 ASU COM ENABLED F-<<PIO-D5 2 INPUT.RTN
P1bA6 1 2 TAB- TABPI -A2 ' 1 1,• 2 TAB+ TAB+-
TAB TO MAINTENANCE TERMFNAL
CONNECTOR
CABINET WIRING
ALS RACK
Process Protection System Revision: 7Interface Requirements Specification Page 49 of 55
2.8.3 PPS Channel in Bypass [Energize to Alarm with Reflash capability]
2.8.3.1 External comparator Bypass switches, where used, are provided with two (2)separate and independent output contacts.
1) One contact physically bypasses the comparator trip/actuation outputper FRS Section 3.2.1.3.6.
2) One contact satisfies Bypassed Indication requirements per Section3.2.1.5.3.a) of the FRS
2.8.3.2 External Channel Out-of-Service (OOS) switches, where used, are providedwith two (2) separate and independent output contacts.
1) One contact satisfies PPS functional logic requirements per FRSSection 3.2.1.3.7.
2) One contact for use by the MAS, independent of the PPS per FRSSection 3.2.1.5.5.b).1.
Process Protection SystemInterface Requirements Specification
Revision: 7Page 50 of 55
2.9
2.9.1
2.9.2
2.9.3
Software Constraints and Requirements
Tagnames shall consist of no more than 14 alphanumeric characters for compatibilitywith the DCPP Training simulator.
Modbus Aliases
2.9.2.1 Tricon application physical input and output tagnames shall utilize theModbus aliases assigned automatically by the TS1131 Developer'sWorkbench to ensure compatibility with the MWS WonderWare application.
2.9.2.2 All other tagname Modbus aliases shall be user-defined. Default aliases arenot acceptable.
Tagname Convention
2.9.3.1 Tricon
The tagname convention shown in Table 1 shall be used in developing the PPS application.Global variables shall be assigned a lower case letter (per the following table) as a uniquedesignator dependent on the variable type. The remainder of the tagname shall be assignedbased on the variable's function within the application. Tagnames for I/O variables andvariables transmitted to external systems shall be assigned in accordance with Appendix 3.1,I/O list.
2.9.3.2 ALS
The tagname convention shown in Table 1 shall be used for display of PPS variables thatare transmitted to the MWS. The MWS displays shall utilize the tagnames provided inAppendix 3.1, 1/0 List.
Table 1 Tagname Convention
FirstCharacter Description
a Scaled signal from analog input modulec Discrete output pointsd Discrete input pointse Enterable Analogsf Internal Discreteg Enterable Discretei Integer valuesk Fixed Constantm Alarm / Trip Flago Override Discrete (Not used in PPS)ov Override Value Real (Not used in PPS)p Pulse Inputs (Not used in PPS)q Quality Code DINTr Internal Analog Real
w Raw Analog Inputy Raw Analog Output
Process Protection SystemInterface Requirements Specification
Revision: 7Page 51 of 55
2.9.4 Disallowed Function Block Names
The function block names listed in the following table are in use in other Triconapplications at DCPP. The listed function block names shall not be used in the PPSapplication to ensure compatibility with the DCPP Training Simulator. A listed functionblock may be used if the function block is obtained from PG&E and is not modified in anyway.
Table 2 Restricted Function Block Names
Function Name Used Function Name Used I Function Name Used
RunningAveTimeSGThermalPowerSTEPPERSTMARBITRATORAlPROCA_1'4LINIT1i103AIPROCHRAI02_PROCA_14A103_PROCA_14AMSMan_1AMSMan_2AMS Man 3AMSSP_1AMSSP_2AMSSP_3AMSSP_4CycleNBoolsLog toLinearP_ONLYCONTROLLERPID_R_PGEPulse CyclerRamp_R_Trig_lRamp_RTrig_2Real2NormExpAlarmCheckAlarmCheckFanMonitorFanStartPosCompilPosComp_2ACPIRMAFWAMAFW SP SEL
DFWCSDFWCSDFWCSDFWCSRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIRIPOVPOVPOVPOVPOVPCSSPCSSPCS S
AISCALESDCKFTMHIAGEDBLOALEDBMEDIANSELRAMPAlarmCheckAlarmCheckAIPROCA vlAIPROCHR viRTDOhms2FABCRAMINTERFACEHighest4DCKFTMHIAGEDBMEDIANSELOOSTPRAMPRATELAGSPSELAC PI RMLAGLEADSGPAMSGPSPSELPZLAMPZLSPSELCWFAMCWFSPSELLAGLINIT6_03AINHR_0
Process Protection System Revision: 7Interface Requirements Specification Page 52 of 55
2.9.5 Quality Codes
A method shall be provided to identify the validity of data being transmitted to the MWSand external systems for the purpose of displaying the status of displayed information.
2.9.5.1 ALS
Channel integrity information shall be included in the TXB1/TxB2 data stream.
2.9.5.2 Tricon
As required by the I/O List, provide read-only Modbus aliased Quality Code tagnames foranalog input variables. The Quality Code (DINT) value shall be assigned per the followingdefinitions:
Table 3 Quality Code Assignment
Code Quality Description
0 Good; QC is Not 1, 2, 3, 4, or 5.1 Not Used
2 Not Used
3 Not Used
4 OOR;lnstrument that is beyond the allowable scale.
5 OOS; Instrument has been removed from service.
2.9.6 On-Line Maintenance and Test Interface
2.9.6.1 The PPS shall provide capability for maintenance bypass during poweroperation; that is, the PPS shall permit removal of the capability of anindividual channel or channels to perform its protective action due to arequirement for replacement, repair, test, or calibration [GDC 21].
2.9.6.2 The maintenance and test functions shall be accomplished without liftingelectrical leads or installing temporary jumpers.
2.9.6.3 The channel or channels subject to the maintenance bypass may remain inthe bypassed condition within administrative time limits in accordance withDCPP technical specifications established to meet the single failure criterionper IEEE-603-1991 Sections 5.1 and 6.3.1.
2.9.6.4 Capability to initiate protective action (i.e., to initiate partial trip or actuation)from a channel that has been removed from service for maintenance shall beprovided per IEEE 603-1991 Section 6.3.2 and DCPP TechnicalSpecifications.
2.9.6.5 Capability of the PPS to accomplish its safety function shall be retained
during maintenance bypass per IEEE-603-1991 [1.4.2.2] Section 6.7.
2.9.6.6 Tricon PPS Subsystem Specific Requirements
1. External trip switches will be provided on PPS partial trip and actuation outputsthat de-energize to trip. The switches may be used for SSPS input relay testingor to trip or actuate the channel manually if needed. External trip switches arenot required for energize to trip outputs.
0
Process Protection System Revision: 7Interface Requirements Specification Page 53 of 55
2. On-line testing shall be controlled by the safety-related Tricon processor enabledvia a permissive from an external safety-related hardwired Out of Service (OOS)switch.
3. When the OOS switch is activated, the safety-related function processor shallallow the associated instrument channel to be taken out of service whilemaintaining the remainder of the Protection Set operable. Features to limitinadvertently placing a channel OOS shall include, but not be limited to:
a. Approved PG&E procedures are required to perform testing operations.
b. Operation of the hardware OOS switch alone shall not place the channel outof service.
c. More than one specific action shall be required at the MaintenanceWorkstation to perform the maintenance functions. In order to perform anytest operation from the maintenance workstation, the user must:
(1) Activate the OOS switch for the specific loop to be tested
(2) Log in as a maintenance user on the maintenance workstation
(3) Open the maintenance screen for the specific loop being tested
(a) On the maintenance screen, request the desired test mode(b) On the maintenance screen, confirm the requested test mode (Loop
.is placed OOS only after the requested mode is confirmed)
(c) If it is desired to change the test mode, repeat steps 3.(a) and 3.(b)while the channel is OOS; selecting a different test mode alone shallnot cause or require returning the channel to service.
(4) The channel shall return to service:
(a) When the OOS switch is returned to its normal position; or
(b) When so commanded from the MWS
d. Feedback is provided to the user on the maintenance workstation that thehardware OOS switch for the loop to be tested has been activated.
e. Continuous indication is provided in the control room that a loop is OOS.
f. If the safety-related hardware out of service switch is not activated, non-safety-related actions or failures cannot adversely affect the safety-relatedfunction.
g. An instrument loop is not permitted to be bypassed if external trip switch is inthe trip position. The user may test in trip in this condition following requestand confirmation as described above.
4. Maintenance modes allowable under 3.c.(3) above shall include:
a. Test in Bypass: The channel trip output is maintained in the untrippedcondition while in this mode; that is, Test in Bypass mode shall override theoutput of the channel trip comparator to prevent generation of a partial tripfrom the channel being tested.
b. Test in Trip: The channel trip output is maintained in the tripped conditionwhile in this mode; that is, Test in Trip mode shall override the output of thechannel trip comparator to initiate partial trip or actuation from the channelbeing tested.
c. Parameter Update: Capability to update parameters such as trip setpoints ortunable parameters.
(1) The parameter values to be updated are limited by the softwareapplication to pre-determined ranges.
Process Protection System Revision: 7Interface Requirements Specification Page 54 of 55
(2) The Maintenance Workstation software application shall request operatorconfirmation that the parameter update process is complete prior to saving thenew tuning constant.
2.9.6.7 ALS PPS Subsystem Specific Requirements
1. ALS bypass and test functions are accomplished through ALS Service Unit(ASU) software implemented in the MWS as discussed in Section 2.7.2.
2. Placing a specific channel in maintenance bypass shall not affect the safetyfunction of other channels in the same ALS chassis that are not subject to thesame maintenance bypass.
3. Placing an individual channel in maintenance bypass in one ALS chassis (e.g.,Chassis "A") shall not affect the safety function of any channels in the diverseALS chassis (e.g., Chassis "B) in the same protection set.
4. Multiple channels may be placed in maintenance bypass concurrently within anALS chassis. However, placing multiple channels in maintenance bypass shallrequire individual bypass actions for each channel. Multiple channels shall notbe placed in maintenance bypass by a single action.
5. The Test ALS Bus (TAB) must be physically connected to the MWS as shown inFigure 2-7 to allow two-way communications on the TAB between the ALSchassis and the MWS.
6. The ALS-A and ALS-B chassis partial trip outputs are hardwire OR'd to the SSPSinput relays through an external LSM to allow either ALS chassis to initiate a tripor actuation. Refer to Figure 2-5 and Figure 2-6 for LSM usage.
7. The LSM shall not allow an ALS chassis to prevent the diverse ALS chassis frominitiating a required trip or actuation.
8. External bypass switches are provided for the individual ALS-A and ALS-B partialtrip outputs to allow removal of an ALS circuit board in without initiating a falsetrip or actuation.
Process Protection System Revision: 7Interface Requirements Specification Page 55 of 55
3 Appendices3.1 Protection Set i I/O List
3.2 Protection Set 11 1/0 List
3.3 Protection Set Ill I/O List
3.4 Protection Set IV I/O List
Appendix Notes
Analog Inputs:(1) Not used.(2) Can be downgraded to IB,D,2 if properly isolated from IA equipment.(3) Transmitter input of 4-20 mA to be converted by PPS hardware such that input card removal will not
break transmitter loop continuity.(4) Input impedance is an estimate.(5) The "w" tagname is for the raw D/A count input (DINT); the "a" tagname is for the scaled input
(REAL).
Analog Outputs:(6) Output loop impedance is conservatively estimated and should not exceed the value shown(7) From analog sensor input loop, isolation not required(8) Part of transmitter input loop impedance(9) The "y" tagnames are counts to the D/A (DINT).(10) Signal is isolated to Class II via qualified isolation device.(11) Continuity supervision is not required for this ETT output to the PORV interlock in RNASA.