Oconee RPS/ESPS Digital Upgrade Presented by: Michael Bailey June 3, 2013 1 Oconee RPS/ESPS Digital Upgrade Agenda: Oconee Digital Upgrades RPS/ESPS Digital Upgrade Overview License Amendment Request Review and Approval NRC Follow up Inspection Implementation Activities System Operational Performance 2 Oconee Digital Upgrades Oconee Nuclear Station is a Babcock and Wilcox PWR design Duke Energy designed and constructed Oconee in the late 1960s and early 1970s Unit 1 began commercial operation in 1973 and Units 2 and 3 began commercial operation in 1974 License Renewal extended the Facility Operating Licenses to 2033 and 2034. Original Non-Safety Control Systems were analog systems that were based on standard power plant design practices at the time A lack of redundancy was common with the analog Non-Safety Control Systems Pneumatic Instrumentation and Controllers were common elements of the control system strategy 3 Oconee Digital Upgrades A Trip and Transient Report (TTR) was developed to assist in identifying the plant improvements needed to address equipment reliability The TTR outlined the incorporation of redundancy in the Non-Safety Control Systems and elimination of single point vulnerabilities System upgrades were initiated on the Integrated Control System, Main Turbine Control System, Control Rod Drive System, Main Generator Voltage Regulator, and Main Feedwater Pump Controls Another input into the Digital Modernization Project was the obsolescence of Control and Protection Systems Following a review of options to address the obsolescence Issues, upgrades were planned for the Reactor Protection System, Engineered Safeguards System, Keowee Exciter, Keowee Governor, Turbine Supervisory Instrumentation, and Pneumatic Instrumentation and Controllers The final input into the Digital Modernization Project was the need to isolate Feedwater during specific Design Basis Events Designed a new Safety-Related Automatic Feedwater Isolation System 4 Oconee Digital Upgrades Oconee implemented several directives to control the digital upgrade lifecycle and software design controls These directives incorporate the guidance of industry standards and NRC documents An Engineering Directive was developed in the mid 1990s to support digital upgrades The first version of the updated software controls for plant control and protection systems were implemented in 2005 Fleet digital system lifecycle directives and cyber security directives have been generated Fleet modification directives were revised to ensure digital design aspects are addressed by modifications 5 RPS/ESPS Digital Upgrade Overview Replaces Analog Reactor Protection System and Engineered Safeguards Protection System Uses existing Reactor Protection and Accident Mitigation Sensor inputs Actuates existing Reactor Trip Breakers and Engineered Safety Features systems/components Adds Diverse LPI and HPI Actuation Systems Oconee Unit 1 Installation was performed in April and May 2011 Oconee Unit 3 Installation was performed in April and May 2012 Oconee Unit 2 Installation is scheduled for October and November 2013 6 LAR Review and Approval Duke submitted Cyber Security Submittal on January 30, 2008 Duke submitted the RPS/ESPS License Amendment Request on January 31, 2008 Diversity and Defense in Depth analysis was submitted previously and incorporated by reference NRC performed acceptance review in accordance with the office instruction provided in LIC109 for acceptance review NRC identified six areas of concern in the acceptance review Diversity and Defense-in-Depth assessment Bi-directional communications between safety and non-safety (ISG#4) Software quality program Acceptability of hardware, software and procedure changes Compliance with IEEE 1012, IEEE Standard for Software Verification and Validation Software test tool questions NRC approval of the Oconee Digital RPS/ESPS was received in January 2010 7 LAR Review and Approval Weekly conference calls with NRC staff. Established sharepoint to share over 70,000 pages of documentation. 18 Supplements for Project to address ~120 RAIs. 2 Supplements for Cyber Security to address ~10 RAIs. NRC/NRR Audits and Inspections ~5 Vendor Design Office – Alpharetta, GA Vendor Test Area – Erlanger, Germany Duke - Oconee NRC/Duke/AREVA meetings ~ 8 NRC Region 2 Inspections with support from NRR during each outage installation. 8 NRC Followup Inspection Safety Evaluation Report identified 5 Software Plan and Site Acceptance Testing reviews that needed to be performed by inspection The 5 Software Plan and Testing reviews consisted of: Software Maintenance Plan Software Operation Plan Software Training Plan Software Installation Plan Site Acceptance Test Plan and Results 9 NRC Followup Inspection The Safety Evaluation Report outlined 40 Inspector Followup Items which addressed the following major areas: Modification Documentation Installed Configuration Procedures Review (Ops, Mnt, Cyber) Design Basis Documents Operations Manual Software Training System Indication and Alarms 10 NRC Followup Inspection NRC Inspection team consisted of 5 inspectors that were onsite in various numbers during the Site Acceptance Testing, Installation, and Post Installation Testing NRC Inspection Plan was based on IP 52003 – Digital Instrumentation and Control Modification Inspection Inspection results were documented in a separate inspection report NRC Observations - incomplete Human Factors V&V process, wiring bend radius, Software Operation Plan did not refer to Alarm Response Guides 11 RPS/ESPS Outage Implementation Oconee Unit 1 outage implementation consisted of the following major activities: Isolation of RPS and ESPS Determination of the existing analog system Removal of analog system cabinets Removal of fire penetration material Movement of the new cabinets into the Control Room Re-termination of the cabinet connections System power up System calibrations RPS and ESPS equipment restorations Functional Tests Integrated Test Startup Tests 12 RPS/ESPS Outage Implementation Lessons learned from the Unit 1 implementation were accumulated during the outage Lessons learned were factored into the design and implementation of the Unit 3 modification and are being factored into the Unit 2 modification The major lessons learned were in the following categories: Outage preparation – Field walkdowns for Unit 1 were not intrusive enough to identify legacy configuration management issues Project execution – Challenges with work sequencing to ensure efficient work scheduling Testing – Difficult to manage alarms for redundant hardware, especially with one Train or Diverse System bypassed or in test mode. Inconsequential alarms caused problems with test procedure performance. 13 RPS/ESPS System Operational Performance After completion of the post modification testing, overall system performance has meet expectations. No negative Operating Experience No operational challenges No nuisance alarms No equipment failure concerns Maintenance activities have been performed without challenges Obsolescence of equipment has been addressed Improved redundancy has been realized 14 Oconee Operating Experience Positive OE from Digital Upgrades Digital Systems have replaced obsolete systems which had some performance problems Digital Systems have enhanced system and plant reliability by installing redundancy to eliminate single point vulnerabilities Digital Systems have provided better reactivity management by increasing system stability Digital Systems have allowed increased system monitoring and on-line functional check capabilities Digital Systems have allowed for automation of certain plant activities such as turbine valve movement testing 15 Oconee Operating Experience Other OE from digital upgrades The interaction between the digital system and the installed plant equipment must be a focus Scope control is a challenge as projects get into the detailed design phase Functional requirements must be clearly identified as part of project initiation System testing must include multiple levels to ensure the system requirements are tested Training of plant personnel must be included in the project Cyber Security requirements continue to change and must be factored into the system design 16 Questions ? 17