Upgrading I&C and computer systems at KORI 1

The KORI nuclear power plant unit 1 had analog modules for process protection and control and PRODAC-2500 for plant monitoring based on 1960s and 1970s technology. After 20 years of operation, a successful I&C upgrade project was completed. The project was initiated due to growing concerns of obsolescence, increased maintenance costs and overall ageing of equipment. The Korea Electric Power Corporation (KEPCO) contracted the Korea Power Engineering Company (KOPEC) to carry out a turnkey base revamping project. The outstanding features of this project are:

• Project management by a domestic team.

• Completion of the overall project within one year.

• Success without help from original vendor.

• No single reactor trip during startup.

The scope of work consisted of basic engineering, procurement, detailed engineering, licensing support, installation, startup support and total project management.

Project Summary

Due to an aggressive schedule and complex organisational structures, organised and efficient project management was critical for the successful completion of the project. The project management involved budget control, scheduling, document and drawing preparation, technical interfaces, quality assurance and many unforeseen activities.

Basic design and engineering

The greatest design and engineering challenge was to revamp all systems at once during one over-haul period. Basic design and engineering was done to support the decision.

Procurement

For procurement, ITBs (invitations to bid) were issued to several suppliers for control equipment and a PCS (Plant Computer System). After thorough technical evaluation and negotiation, Foxboro and Woorigisool, a Korean venture company, were selected immediately after the main contract award from KEPCO on 17 September 1997.

Detailed engineering

In contrast to similar overseas projects in which the control and protection systems were replaced separately in several phases, both systems including the PCS were replaced at the same time, to avoid the need for additional temporary signal interfacing equipment. This led to cost savings and maximised the reliability of the integrated system.

Licensing support

Since the protection system is equipped with digital components, it went through a rigorous licensing process in accordance with US Nuclear Regulatory Commission regulation 10 CFR50.59. The major licensing activities included Final Safety Analysis Report (FSAR) revision, Diversity & Defense in Depth Analysis (EPRI TR-102348, NUREG/CR-6303), Uncertainty & Setpoint Calculations (ISA-S67.04), EMI/RFI Qualification (EPRI TR-102323), Software Verification and Validation (RG 1.152) and a licensing audit during a factory acceptance test. An updated FSAR was submitted to the Korea Institute of Nuclear Safety for review through the Ministry of Science and Technology and permission was granted on 25 June 1998. A continuous communication channel was established from the beginning to end to facilitate the regulatory process.

Installation and startup support

During the 85 day over-haul period, 38 cabinets and 42 km of cables were removed and 32 cabinets and 87 km of cables were installed with 273 indicators, 187 transmitters and 32 I/P converters. In order to prove functional performance, startup tests (such as site acceptance tests, calibration tests, loop tests, surveillance tests and performance tests) were carried out in accordance with respective procedures. The work was accomplished on schedule with no plant trip experienced during startup.

Protection and Control System

The basic functions of the NSSS Protection System (NPS), the NSSS Control System (NCS) and the Secondary Process Control System (SPCS) remain unchanged. Due to the change of signal interface type from 10-50 mA to 4-20 mA, not only field transmitters but also the operator interface comprising of auto/manual stations, the Main Control Board (MCB) indicators, recorders and selector switches were replaced. The Foxboro SPEC 200 Micro was used as the digital replacement module for the analog control equipment with analog input and output modules.

The algorithms used to generate trip signals, bistable (comparator) actions and various analog output signals were implemented in the NPS.

The control functions of the NCS and the SPCS were built by interconnecting the input/output terminals and configuring up to six blocks from twenty configurable control blocks in the module.

In all cases where the process sensor is shared by the NPS and the NCS, the signal remains analog, isolated from the protection system interaction. For all output signals derived from a micro (digital) module and transmitted to non-safety subsystems, the analog output signal is also isolated from the protection channel.

The functional and physical assignment of 10 NCS cabinets is maintained. However, 12 NPS cabinets were rebuilt with 8 cabinets and 13 field-installed SPCS cabinets were regrouped into 6 cabinets in order to relocate them into the main control room area for centralisation. Each cabinet has dedicated redundant power supply units with primary and secondary power units adjusted to share equal loads. New annunciators for protecting against cabinet failure and fire detection were added. The overall system demonstrated improved reliability by Failure Mode Effect Analysis (FMEA) with increased flexibility for future changes.

Fisher-Rosemount analog/smart transmitters and I/P converters were installed to replace old 10-50 mA equipment. All indicators using 10 - 50 mA signal were also replaced with Weschler’s 4-20 mA analog indicators.

Plant Computer System (PCS)

The previous plant process computer, PRODAC-2500 developed by Westinghouse in the 1970s, was replaced with a new PCS developed by Woorigisool.

The PCS is a redundant system, composed of primary and backup computer servers designed to achieve high system availability. The network communications are also redundant with fault tolerant technology.

The purpose of the PCS is to monitor plant operation. It involves standard monitoring functions such as data acquisition, graphic display, on-line database modification, priority based alarm processing, reporting, logging, sequence of event (SOE) processing, historical data storage and retrieval and NSSS application processing.

All these standard monitoring functions are provided with advanced man-machine interface features including a multi-window environment.

The overall software architecture for a PCS is depicted in the diagram on the previous page. Each rectangular box represents its hardware platform. The computer servers, engineering workstation (EWS) and operator interface system (OIS) are based on HP workstations.

The graphical display was developed using X-designer and SL-GMS tools. The database was developed using the Real Time Application Platform (RTAP) tool.

SOE points are scanned every one milli-second, all digital points are scanned every ten milli-seconds, 200 critical analog points are scanned every two hundred milli-seconds, and general analog points are scanned every second.

Diversity and Defence-in-Depth Analysis

The purpose of the analysis is to determine if sufficient diversity exists within the NPS to prohibit accidents and to mitigate them assuming a postulated common mode failure (CMF) in the software. It was investigated in the analysis whether a diverse protective scheme was provided for each credible event described in the FSAR using the methodology described in NUREG/CR-6303, Method for Performing Diversity and Defence-in-Depth Analyses of Reactor Protection Systems. The analysis showed that six vulnerabilities exist for CMF of redundant channels and five vulnerabilities for total CMF of the protection system out of 25 events.

The plant parameters (protective functions) considered vulnerable were: Pressuriser Pressure (High/Low Pressure Reactor Trip, Low Pressure Safety Injection Actuation), Steam Generator Level (Low-Low Level Reactor Trip and Auxilary Feedwater Pump Start, High-High Level Turbine Trip and Feedwater Isolation) and Containment Pressure (Containment Spray Initiation Actuation, Main Steam Isolation). The vulnerabilities in diversity were eliminated by using analog modules for vulnerable parameters to exclude software common mode failure. As a result, the NPS consists of three analog and four digital channels which perform 14 reactor protective and/or ESF functions. A unique feature of KORI Plant is its hybrid protection system.

The plant successfully reached full power operation on 12 September 1998, 360 days after the award of the main contract.