Configuration control of Controlled Documents residing on Plant Computer
We are currently upgrading our plant computer system and our SPDS screens have the Critical Safety Function status trees displayed identical to the EOP format. We also have the TS P-T curve on the Plant Computer.
Currently, the operators use this (computer display) information as an aid only which prompts them to check the control board RG 1.97 designated instruments to confirm what the computer is telling them. Even though the computer display and the control board indicators come from the same qualified transmitters there is some reluctance for authorizing the use of the computer indication alone for transitioning to the appropriate FRGs (something about the "Display" not being qualified). We are looking into this.
Another and more pressing problem is how to maintain these plant computer screens (Status Trees and P-T Curve) current if/when the EOPs or P-T Curve changes. The P-T Curve usually has a small RTNDT adjustment every cycle (I believe). I'm thinking that the best place is a checkoff on the Procedure Change Checksheet for EOPs and in the procedure that controls Plant Curve Book changes.
Questions:
- Do you rely solely on the Plant Computer Status Trees for transitioning or do you check other indicators? Any thoughts on the term "Qualified Display?"
- How do you control computer displays so that they are up to date? Does anyone consider a computer display an "Operator Aid?"
- Has anyone gone to computer based EOPs as their primary method? If so, are controlled hardcopies designated as backup and are any other considerations required before this can be done?
Thanks in advance,
Kevin H Thomas
1. Operators at Surry rely on the qualified instrumentation in the control room for EOP/optimal recovery guideline (ORG) implementation. The plant computer (PCS) aids in monitoring and does have ORG charts based on CSF status and Function Restoration Guideline implementation criteria. It remains the responsibility of the operating team to recognize the transition requirement based on the qualified instrumentation. The redundant capability of the PCS is certainly helpful but is used only as that, a back-up method of monitoring.
The PCS would require a great deal of procedure controls to become a qualified display including the indication tolerance, repair priority, and testing method. Additional testing and 'qualification' of the ORG/FRG status trees software, in addition to the hardware that feeds the PCS vice the board indicators. We are not there quite yet.
2. The PCS is a plant system with a system engineer, system health report, etc. and there are administrative procedures governing its programs and their use as well as procedural controls for updates. Any update or change required is reviewed by Ops supervision and approved by the Unit Supervisor/Shift Manager.
3. Surry tried electronic annunciator response procedures using a tablet PC. The tablet PC was updated by the normal procedures group protocol and worked fairly well. The pilot program was not implemented fully as the operators preferred the visi-file. A concern was raised regarding place-keeping in the hard copies and we successfully adopted dry-erase marker usage. AP/EOP usage remains limited to hard copies only.
Questions:
Do you rely solely on the Plant Computer Status Trees for transitioning or do you check other indicators? Any thoughts on the term "Qualified Display?"
At Seabrook on first use the Plant Computer System (MPCS) is verfied or validated for the transition and from that time on is good enough to use directly. Years ago we used to validate the entire set of status tress with a laminated set of trees and using the MCB hardwired instruments. That is no longer done as we believe that the MPCS is as accurate as any other instrument that goes to the control room.
How do you control computer displays so that they are up to date? Does anyone consider a computer display an "Operator Aid?"
At Seabrook they are considered controlled and receive the same level of review and approval as normal paper documents. The computer support group receives the electronic version form Ops and updates the MPCS as needed. When a change is made to the EOP/Status trees it is also made to the MPCS.
Has anyone gone to computer based EOPs as their primary method? If so, are controlled hardcopies designated as backup and are any other considerations required before this can be done?
We have not done that for EOPS. We still us hard copy notebooks for the EOPS at Seabrook. However, most of our alarm response is done from the MPCS. We have over 2500 computer alarms that have video procedures or VPROS associated with them. These are accessible from teh MPCS display and are structured like the "normal" hardwired control board alarms with initiating device, immediate response if any, and substeps to deal with the problem. They are technically guidelines so they do not have as rigorous a process as the regular abnormal procedures, but do get revised as necessary for any system or procedures changes.
Hope this helps.
Len Hubbard
I suggest having the Shift Manager review and approve changes. Byron put in a new DEH control system a couple years ago. We have a very detailed configuration procedure just for that system.
This is a big issue in the new generation plants.