A. INTRODUCTION Criterion XIV, "Inspection, Test, and Operating
Status," of Appendix B to 10 CFR Part 50, "Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants," requires that measures be established for indicating the operating status of structures, systems, and components of the nuclear power plant, such as by tagging valves and switches, to prevent inadvertent operation. Section 50.55a, "Codes and Standards," of 10 CFR Part 50, requires in Paragraph (h) that protection systems meet the requirements set forth in the Institute of Electrical and Electronics Engineers
"Criteria for Nuclear Power Plant
Protection Systems" (IEEE 279).' Section 4.13 of IEEE Std 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations,"' (also designated ANSI N42.7-1972) requires that, if the protective action of some part of the protection system has been bypassed or deliberately rendered inoperative for any purpose, this fact shall be continuously indicated in the control room. This guide describes an acceptable method of complying with the requirements of IEEE Std 279-1971 and Appendix B to 10 CFR Part 50 with regard to indicating the inoperable status of a portion of the protection system (as defined in IEEE Std 279-1971), systems actuated or controlled by the protection system, and auxiliary or supportin
g systems that must be operable for the protection system and the systems it actuates to perform their safety-related functions. The Advisory Committee on Reactor Safeguards has been consulted concerning this guide and has concurred in the Regulatory position.  'Copies may
be obtained from the Institute of Electrical
and Electronics Engineers, United Engineering Center, 345 East 47th Street, New York, N.Y. 10017.May 1973
IDE
B. DISCUSSION
Current designs of protection systems and engineered safety feature systems are such that certain safety-related functions of a nuclear power plant may be bypassed or made inoperable during the performance of periodic tests or maintenance.2 Generally, the plant's administrative procedures
require
that the operator's
permission be obtained prior to initiating any activity that would or could affect a safety-related system. The
decision
to grant such permission should be based on a knowledge of the operating status of the safety-related systems, the extent to which the activity will affect those systems, and whether that effect is permissible within the provisions of the license. Experiences at
operating plants, however, indicate that, when the measures
used to indicate inoperable status consist solely of administrative procedures, the operator is not always fully aware of the ramifications of each bypassed or inoperable component. An acceptable way of aiding the operator's
knowledge of plant status is to supplement administrative procedures with automatic indication of Mhe bypass or inoperability of each redundant portion of a system that performs a function important to safety.  It is recognized
that automatic indication of
inoperability or a
bypassed condition
is not feasible
for
all
the possible means by. which safety-related systems could be completely or partially rendered inoperative. A
practical indicating system covering a wide range of commonly expected conditions, however, could be designed if it included provisions for automatic indication of each bypass or deliberately induced
inoperable condition that meets all three of the
following guidelines:
IRegulatory Guide    1.22 (Safety Guide 22), "Periodic Testing of Protection System Actuation Function
s," provides
guidance that should be considered in designing systems that require bypassing a protective action in order to perform
periodic tests.USAEC REGULATORY GUIDES Copies of published guides may be obtained by request indicating the divisions
desired to the U.S. Atomic Energy Commission, Washington,    D.C. 20545,
Regulatory Guides are issued to describe and make available to the public Attention: Director of Regulatory Standards. Comments and
suggestions for methods acceptable to the AEC Regulatory staff of implementing specific parts of
Improvements in these guides are e ncouraged and should be sent to the Secretary the Commission's regulations, to delineate techniques used by the staff in of the Commission, U.S. Atomic Energy Commission, Washiniton, D.C. 20545, evluating specific problems or postulated accidents, or to provide guidance to
Attention: Chief, Public Proceedings Staff.  applicants. Regulatory Guides are not substitutes for regulations and compliance with them is not
required. Methods and solutions different from those set out in
The guides are issued in the following ten broad divisions:reactor bypass是什么意思
the guides will be acceptable if they provide a bais for the findings requisite to the issuance or continuance of a permit or license by the Commission.    1. Power Reactors    6. Products
2. Research and Test Reactors 7. Transportation
3. Fuels and Materials Facilities 8. Occupational Health
Published guides will be revised periodically, as appropriate, to accommodate    4. Environmental and Siting 8. Antitrust Review
comments and to reflect new information or experience.    5. Materials and Plant Protection 10. General S.U.S. ATOMIC ENERGY COMMISSION SREGULATORY GUI DIRECTORATE OF REGULATORY STANDARDS REGULATORY GUIDE 1.47
BYPASSED AND INOPERABLE STATUS INDICATION FOR NUCLEAR
POWER PLANT SAFETY SYSTEMS
1. The bypass or inoperable condition affects a system that is designed to perform automatically    a function that is important to the safety of the public;
2. The bypass will be utilized by plant personnel or the inoperable condition can reasonably be expected to occur more frequently than once per year; and
3. The bypass or inoperable condition is expected to occur when the affected system is normally required to be operable.
Such a design is considered practical because: (1) appropriate emphasis on testability early in the design process can reduce to a minimum the number of bypasses that are needed for frequent activities such as testing, and (2) activities such as modification, repair, and maintenance either are conducted infrequently or can be restricted to times when plant conditions do not require the affected system to be available.
Bypass indication should aid the operator in recognizing the effects on plant safety of seemingly unrela
ted or insignificant events. Therefore, the indication of bypass conditions should be at the system level, whether or not it is also at the component or channel level. For example, if operation of a test switch prevents actuation of core spray pump 'A', the information automatically indicated should be "Core Spray System 'A' Inoperable," rather than (or in addition to) indication that the pump is inoperable or that the test switch is in its "Test" position. In addition, the indication should be designed to emphasize the effects on safety systems rather than the apparently less significant (to the operator) effects on auxiliary or supporting systems. For example, in a design which utilizes d-c power to control circuit breakers, deenergizing    a d-c power system during maintenance should result in indication for each safety system whose operation is dependent on that power system that the safety system is inoperable. At multi-unit stations, bypassing a protective function of a shared system should be indicated in each unit affected by the bypass.
In a given plant design it may be best to group the bypass indicators according to the safety systems' dependence on a common electric power supply; for example, locating the bypass indicators for all engineered safety feature systems that are assigned to one standby power source near the bypass indicator for that source. There are other groupings which could be acceptable. In any design, it may be necessary to include an audible, as well as visual, alarm to attact the operator's attention when the status of the safety systems changes.
The effectiveness of an automatic indicating system ..an be enhanced by including a manual capability to activate the indicators. Manual capability would be useful in displaying those inoperable or bypassed conditions, whether deliberately induced or not, which
are not automatically indicated.
The following example is intended to illustrate one
type of inoperable condition in which the provision of automatic indication would aid the operator in recognizing the overall effect on plant safety of
seemingly unrelated events. The example does not consider any existing or proposed plant and should not be construed as endorsement of any particular design for an automatic status indication system.
A nuclear power plant has two emergency containment spray pumps, either of which is adequate to mitigate the consquences of an accident. Each pump is driven by a water-cooled electric motor. The cooling water for the motors is supplied by redundant service water pumps. Plant procedures require that the service water pumps be shut down for maintenance every three months, and the technical specifications contain no provisions that prohibit performing this maintenance on one pump at a time d
uring reactor power operation.  Indication of the status of the service water systems includes an indication of power available to the service water pump motors. The automatic status indication for the containment spray systems is designed so that shutting down the portion of the service water system serving a containment spray pump motor is one of several events that automatically results in indication that the affected containment spray system is inoperable.
C. REGULATORY POSITION
The following comprises an acceptable method foi implementing the requirements of Section 4.13 of IEEE Std 279-1971 and Criterion XIV of Appendix B to 10 CFR Part 50 with respect to indicating the bypass or inoperable status of portions of the protection system, systems actuated or controlled by the protection system, and auxiliary or supporting systems that must be operable for the protection system and the system it actuates to perform their safety-related functions:
1. Administrative procedures should be supplemented by a system that automatically indicates at the system level the bypass or deliberately induced inoperability of the protection system and the systems actuated or controlled by the protection system.
2. The indicating system of C.l. above should also be activated automatically by the bypassing or delib
erately induced inoperability of any auxiliary or supporting system that effectively bypasses or renders inoperable the protection system and the systems actuated or controlled by the protection system.
3. Automatic indication in accordance with C.1. and
C.2. above should be provided in the control room for each bypass or deliberately induced inoperable status
1 .47-2
that meets all of the following conditions:
a. Renders inoperable any redundant portion of the protection system, systems actuated or controlled by the protection system, and auxiliary or supporting systems that must be operable for the protection system and the systems it actuates to perform their safety-related functions;
"b. Is expected to occur more frequently than once per year; and
c. Is expected to occur when the affected system is normally required to be operable.
4. Manual capability should exist in the control room to activate each system-level indicator provided in accordance with C.1. above.
1.47-3

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。