Regional Workshop on the Impact of Digital Instrumentation and Control Technologies on the Operation and Licensing of NP

1. 1 Digital I&C Licensing at SNSA Sini�a Cime�a Slovenian Nuclear Safety Administration Regional Workshop on the Impact of Digital Instrumentation and Control Technologies on the Operation and Licensing of NPPs, 4-8 May 2009, Portoroz, Slovenia

2. 2 Contents SNSA and the Kr�ko NPP Licensing process Requirements (I&C) I&C modifications in the Kr�ko NPP Modification of DEH system Conclusion

3. 3 SNSA Established in 1987 Total SNSA staff of 47 employees 5 divisions, among others: Nuclear safety division (12), Inspection division (5) Kr�ko NPP Westinghouse, 2-loop PWR, ~725 MWe Commercial operation since 1983 Owned by Slovenia and Croatia (50/50 %)thus generated electricity is also divided 50/50 % Main modernizations: in 2000, steam generators (6,5 % power uprate) in 2006, LP turbines (3,1 % power uprate)

4. 4 Licensing process Licensing process is set by the Act on Protection Against Ionizing Radiation and Nuclear Safety, and is based on the NRC�s 10 CFR 50.59 �Changes, tests and experiments� The plant applies 10 CFR 50.59 to all planned modifications Regarding the importance of the change, it can be categorized to: 1st category: modifications of which the SNSA shall only be notified; submission of information at latest six months after the work done 2nd category: the intention to implement these modifications must be reported to the SNSA; the plant may commence with the implementation only after the SNSA confirms that it�s not necessary to obtain permit for the modification 3rd category: modifications of significance for radiation or nuclear safety for which a permit from the SNSA must be obtained

5. 5 Licensing process, cont�d For the 3rd category modifications an application is required, which must include: cause of the modification, description, impact on operation and conformance with design basis, legislation and standards, list of equipment effected, safety evaluation screening and safety evaluation, possible critical states, effected by safety function, deterministic safety analysis, supplementary documentation that support modification, experts opinion (from the technical support organization).

6. 6 Requirements regarding I&C modifications The Kr�ko NPP was licensed using the U.S. regulation It still presents the basis for the licensing of the modifications SNSA is preparing low level legislation (final preparation), which are based on WENRA requirements General requirements: single failure criteria, redundancy, diversity, independence, fail-safe design, defense-in-depth.

7. 7 Requirements regarding I&C modifications, cont�d Special I&C requirements: EQ, V&V, software development, testing, EMI conformance, cyber security, robustness of the network. The requirements posed to modifications depend on the level of importance-to-safety of modifications

8. 8 I&C modifications implemented since 1983 ATWS Mitigation Safeguard Actuation Circuitry (AMSAC) Inadequate Core Cooling Monitoring System (ICCMS) Process Information System (PIS) Annunciator System Off-line data acquisition of chemical analysis data (prim & sec. sampling) - Chemnet RCP and TU Vibration monitoring Core Monitoring and Operations Support System, BEACON-TSM System Meteorological Monitoring System Seismic Instrumentation

9. 9 SG Blowdown Control (digital discrete controllers and digital indicators) Heater Drain Control, PLC Condensate Polishing, PLC Water Treatment, PLC Switchyard Control & Monitoring (ABB Micro SCADA - although it has remote control capabilities in the MCR it is used for switchyard monitoring only) Emergency Response Data System (ERDS) Fire protection (Detection) system Programmable Digital Electro Hydraulic System (PDEH) I&C modifications implemented since 1983, cont�d

10. 10 Modification of DEH system DEH: Digital Electro Hydraulic System New DEH: programmable (PDEH), PLC based, single-failure immune, redundant and independent power supply backed-up with batteries, computerized HMI, backed-up with hardwired functional keyboard, mechanical overspeed protection removed, emergency trip 2/3 logic for all signals (turbine speed, position, low condenser vacuum, low EH fluid pressure, low bearing oil pressure�), enables continuous on-line equipment testing and troubleshooting, automatic recording of the governor valve curve and automatic calibration of modules for valve positioning,�

11. 11 Modification of DEH system, cont�d (P)DEH is not a safety related system Failures of (P)DEH and/or Emergency Trip System (ETS, part of DEH) have reasonable potential to cause plat transient and plant trips, which could result in a challenge to safeguard systems, functions or equipment Thus (P)DEH is considered as a system �Important-to-Safety� Whole project was subject to the Augmented Quality requirements: 10 CFR 50 Appendix A requirements (Criterion 1: Quality standards and records) applied, application of software design and development process generally implemented on safety-related computer software, redundancy, diversity, single-failure criterion, �

12. 12 Modification of DEH system, cont�d Biggest issues in PDEH: removal of mechanical overspeed protection (against the recommendation of NRC�s SRP 10.2), diversity and reliability of overspeed protection, common mode failure potential (especially in software), interconnections between 1E and Non-1E circuits, computerized HMI, EMI conformance. At the end SNSA was satisfied with the plant�s implementation of requirements TSO (IJS) gave positive opinion

13. 13 Conclusion At SNSA we are still very much using NRC�s regulation and guides We are developing our own legislation, which is very general Starting to develop our own guides, which will refer standards like IEEE, IEC,� Challenge for the SNSA: lifetime extension and thus lots of I&C modernizations possible new NPP ?licensing of digital I&C

14. 14