July-August 2019 NPJ

36 NuclearPlantJournal.com Nuclear Plant Journal, July-August 2019 Advanced Generation... ( Continued from page 35) and CE plants. (See “Path to Digital Rod Control,” Nuclear Plant Journal, January- February 2019). Computerized Procedures System The second generation Computerized Procedures System (CPS) developed for the AP1000 plant builds on a first generation product introduced in the 1990s in multiple plants in Europe. The CPS incorporates many of the most common modern interface technologies to deliver a state-of-the-art procedure execution system in the main control room. The user-friendly format allows operators to accurately and efficiently assess procedure execution data globally across an entire procedure set and individually at the detailed procedure content level. The CPS guides operators through the procedure steps using real-time process data. The CPS also monitors the data and alerts the operator performing the procedure based on relevant information, including procedure entry conditions, critical safety functions and parallel information. Because the AP1000 plant I&C system instruments the entire plant, information is available to the CPS to support routine surveillances, including the operability status of major systems and components. Such surveillances would traditionally require manual calculations and external data monitoring. Cyber Secure Design The AP1000 design uses a plant-wide digital I&C architecture that integrates four main areas of I&C platforms and equipment: reactor monitoring and protection, diverse actuation, plant-wide control and information, and electronic field equipment. For the U.S. AP1000 plants, cyber security has been integrated into the plant-wide I&C architecture through various levels of defenses. The I&C application software has been developed and released for use from a secure development environment that is managed and monitored by Westinghouse. The I&C network equipment has also been cyber-hardened against unnecessary access points and services. A centralized cyber security monitoring system actively detects, analyzes and monitors the control and information network for an array of potential security attacks. The security monitoring system consolidates and prioritizes cyber-related data collected from the network and automatically alerts when there is a possible security attack. There is also a cyber-secure data transfer process that enables station personnel to access the plant-wide process data for monitoring and analysis. Simulator Westinghouse developed theAP1000 full-scope simulators for the AP1000 plants in China and the U.S. Because the AP1000 plant was a new design, the plant design and I&C implementation had to be available for simulation to support initial licensed operator training. These simulators are high fidelity, replica control rooms that duplicate the control consoles, panels and displays used in an AP1000 plant. Operating in real time, the AP1000 simulators were used to validate the design, the operator interface and the plant operating procedures, and to improve the plant alarm management system. Its capabilities include simulating plant conditions from startup to shutdown, reduced reactor coolant inventory, and malfunctions and component failures. The innovative Westinghouse I&C suite of simulation software tools and techniques developed for the AP1000 I&C simulators are directly applicable to operating plants when upgrading their I&C systems. They offer enhanced flexibility and ease of maintenance to the simulator plant maintenance staff, and are included in Westinghouse I&C upgrades today. Regulatory Oversight While Westinghouse has implemented and licensed fully integrated digital safety and non-safety systems in previous applications in the Czech Republic, Sweden and the United Kingdom, the AP1000 plant was the first nuclear power plant to be designed from the beginning with modern I&C throughout the entire plant. The AP1000 plants currently under construction in the U.S. are also the first nuclear plants being built under the Combined Operating License process, 10 CFR Part 52, “Licenses, Certifications, and Approvals for Nuclear Power Plants.” As such, regulatory review occurred throughout the project lifecycle. During the U.S. AP1000 plants’ safety system development, the NRC performed more than 30 multi-day inspections and audits of the Westinghouse Common Q platform and implementation. Teams of NRC inspectors conducted audits of all aspects of the project, including requirements definitions, design, implementation, independent verification and validation, manufacturing and testing. The reviews also confirmed adequate protection from common cause failures by virtue of a relatively small Diverse Actuation System. This level of scrutiny, along with inspections by the China National Nuclear Safety Administration (NNSA) served to ensure a very high level of quality in every aspect of the design and documentation. The result was that the Common Q safety systems started up very smoothly at all four AP1000 plants in China, without any trips, operational issues or need for any software changes. With this level of regulator acceptance and confidence gained, follow-on applications can be implemented at other plants with significantly lower licensing risk. Process Innovations Not only does the latest-generation I&C system include many technical innovations, but also process innovations that have evolved during the past 20+years of designing and implementing digital I&C systems, incorporating continuous application of lessons learned. The AP1000 plant I&C program followed a disciplined system engineering approach and is consistent with the system design and implementation process currently released in the Electric Power Research Institute’s Digital Engineering Guide. These engineering processes include robust and comprehensive handling of software hazards such as single point vulnerabilities, common cause failures, requirements engineering comprising comprehensive tracing and objective evidence of satisfaction, data communications, human factors, integration, testing, configuration management and lifecycle management.