invensys process systems - iaea · 2004. 12. 17. · • invensys respected industry leader turns...

Invensys Process Systems

Invensys I & C, COTS

Turbine IslandNuclear Island

BOP

I&C

INVENSYS PROCESS SYSTEMSNUCLEAR POWER PLANT

CONTROL AND SAFETY SOLUTIONS

Ian Govan DIR of Power. Invensys

Professor Dimitar Dragoev. DICS Intertrade Ltd

ABOUT IPS NUCLEAR EXPERIENCE

Supplier to the Nuclear Industry for more than 40 years

Fully certified Nuclear QA Program

Provided Safety & Control Systems to over 125 Nuclear Power Plants around the world

Multiple Power Plant Monitoring Systems

Introduced digital control technology to the Nuclear Industry in 1987

Provided the first Open Industrial Control System to the industry - 30 Installations

Currently supplying ABWR Distributed Control & Information System for Lungmen

IPA - NUCLEAR APPLICATIONS

Protective (Class 1E) Systems- Reactor Protection Systems (3 channel, 4 channel)- Reactor Trip System (2 train)- Engineered Safety Features Actuation System (2 channel)- Isolation Systems (Reactor Containment)- Emergency Power - Emergency Diesel Generator Controls (start, stop,

monitor)- Load Sequencer- Emergency Auxiliary Feedwater- Cold Over/Low Temperature Pressure Protection

(COPS/LTOPS)- Reactor Vessel Level Indicating System (RVLIS)- Inadequate Core Cooling Monitoring System (ICCMS)

THE PROBLEM

• Neutron embritlement of the reactor vessel

• Limiting factor of nuclear reactor life time

• Operator monitor and control

THE SOLUTION• Assess the degree of embritlement• Anneal the vessel

– Slowly heat and cool the vessel to relieve stress

• Design a protective system• Technology selection• License / Qualify the design with

regulators– TUV Class 6– Seismically Test (real test to anchoring point)

• Thoroughly test and install the system

COPS DESIGN

1E Qualified

Economic

SCADAOptimisation Accurate Confidence

5 cmLevel controlBand.All transients Caused by TurbinesReactorPumpsSteam Gen

ABOUT IPA – Divisional product sucesses

A history of growth, increasingproduct breadth, and marketleadership

Introduced Tricon in 1986

Product focus on safety, critical and high availability control solutions

62% TMR world market share

More than 5,000 TMR and 1,500 turbine solutions installed to date

More than 140 million safe operating hours on TRICONsystems

Named #1 Safety System by Control MagazineReader’s Choice Survey for five years - 1997through 2002.

TRICON TRICON -- TMR Fault Tolerant ControllerTMR Fault Tolerant Controller

Utilizes Triple Modular Redundant Architecture

from Input Termination to Output Termination

Definition of Triconex Fault ToleranceDefinition of Triconex Fault Tolerance::Identifies and Compensates for Failed Control System Elements and Allows On-Line Repair while Continuing its Assigned Task Without Process Interruption.

Diagnostics are Embedded in the System -Independent of

User Written Application Programming!

1. No Single Point of Failure

2. Diagnostics

3. On - Line Repair

1. No Single Point of Failure

2. Diagnostics

3. On - Line Repair

The Difference Between Long Term and Short Term Availability and Reliability ---- Diagnostics

Triconex TMR vs. All Other PLC Triconex TMR vs. All Other PLC TechnologiesTechnologies

TRICON Architecture“Transparent Triplication”

Tri-Station 1131 Developer’s Workbench

• Operates Under Windows NT Version 4.0• Implements IEC 1131-3 “Standard for

Programmable Controllers, Part 3: Programming Languages, March 93”

• Supports the Following Languages• Function Block Diagram (FBD)• Ladder Diagram (LD)• Structured Text (ST) • Cause & Effect Matrix

(CEMPLE)

• Compliant with NUREGCR6463

QUALITY PROGRAM • FORMAL, COMPREHENSIVE

PROGRAM– Describes the essential practices and procedures

required to ensure that the products designed, manufactured, and serviced by the Triconex Corporation meet the highest standards of quality, reliability, and maintainability.

• APPLICABILITY – All Quality-Related Activities associated with the

Product- Triconex Hardware/Software- Design, Manufacturing, Inspection, Test,

Servicing

GOVERNING STANDARDS• ISO 9001:2000

– 20 Criteria

• 10CFR50 Appendix B– 18 Criteria

• Industry Standards– Certification – DIN, CSA, CE Mark, FM– Other Commitments/Practice– IEC, UL, IEEE, ISA, NFPA, MIL..

QA STANDARDS CROSS-REFERENCETITLE ISO 9001 10CFR50, TRICONEX

APPENDIX B QA MANUAL

• Management Responsibility 4.1 I, II 1.1, 1.2, 1.3, 1.4• Quality System 4.2 II, V 2.1, 2.2, 2.3• Contract Review 4.3 III 3.0• Design Control 4.4 III 4.0• Document and Data Control 4.5 VI 5.1, 5.2, 5.3• Purchasing 4.6 IV, VII 6.0• Control of Customer Supplied Product 4.7 VIII 7.0• Product Identification and Traceability 4.8 VIII 8.0• Process Control 4.9 IX 9.0• Inspection and Testing 4.10 VII, X, XI 10.0• Control of Inspection, Measuring, and Test Equipment 4.11 XII 11.0• Inspection and Test Status 4.12 XIV 12.0• Control of Nonconforming Product 4.13 XV 13.1, 13.2• Corrective and Preventive Action 4.14 XVI 14.0• Handling, Storage, Packaging, Preservation, and Delivery 4.15 XIII 15.0• Control of Quality Records 4.16 XVII 16.0• Quality Audits 4.17 XVIII 17.0• Training 4.18 II 18.0• Servicing 4.19 None 19.0• Statistical Techniques 4.20 None 20.0• Reporting of Defects and Noncompliance None 10CFR21 13.3

Certification - Compliant

• API RP-14C– “Recommended Practice for Analysis, Design, Installation and

Testing of Basic Surface Safety Systems for Offshore Production Platforms”

• IEC 61508, IEC 61131-2/2000• National Fire Protection Association

– NFPA 72/96 (Fire & Gas)– NFPA 8501/97 (Burner Management Systems)

• TUV– AK1 – AK6 (DIN V 19250, DIN V VDE 0801)– SIL 1 – 3 (IEC 61508)

• EPRI TR-103699 [19994]– “Programmable Logic Controller Qualification Guidelines for

Nuclear Applications”, Westinghouse

Certification - Approvals

• Factory Mutual Research– Report 3010681 – “Hazardous (Class 1, Division 2)

Locations”• TUV

– Report No. 968/EZ 105.03/01• Emergency Shutdown (ESD)• Burner Management (BMS)• Fire and Gas (F&G)

• EPRI TR-1000799 [2001]– “Generic Qualification of the Triconex Corporation

TRICON Triple Modular Redundant Programmable Logic Controller system for Safety-Related Applications in Nuclear Power Plants”

• NRC Safety Evaluation Report– ADAMS Accession Number ML013470433

REGULATORY COMPLIANCEIEEE Std 603-1991, “IEEE Standard Criteria for Safety Systems for Nuclear Power Generating Stations”

Reliability• Reliability Analysis

– RPS/RTS Nuclear Certified Risk Assessment –“Shapire” NRC Program (independent)

• MTTR – 8 hours• Surveillance Interval (Refueling Outage) – 18

months• Excludes Sensors and Actuators

– Probability to Fail on Demand (PFD) – 2.235E-8 (1 in 44,700,000 years)

– Probability to Spurious Reactor Trip – 1 in 300 years• Experience

– > 5,000 TRICONs Installed in Safety-Related Applications

– > 200,000,000 Hours Without Failure on Demand

NUCLEAR QUALIFICATION SUMMARY

TRICON PERFORMED VERY WELL

NRC APPROVAL (12/12/01)

“When properly installed and used, the Tricon PLC system is acceptable for

safety-related use in nuclear power plants.”(Еexcerpt from NRC APPROVAL)

HOW DOES THE TRICON SYSTEM COMPLY WITH

REGULATORY REQUIREMENTS?

REACTOR PROTECTION SYSTEMEPRI TR-103044

“Generic Requirements Specification forUpgrading the Safety-Related Reactor Trip

and Engineered Safety Features Actuation

Systems in Westinghouse PWR Nuclear Power Plants”

DEFENSE-IN-DEPTH ---- DIVERSITY

• Physical Separation• Electrical Isolation• Small, Modular Platform• Functional Approach• Operating Experience• Replication

IPA - NUCLEAR APPLICATIONSProtective (Class 1E) Systems

- Reactor Protection Systems (3 channel, 4 channel)- Reactor Trip System (2 train)- Engineered Safety Features Actuation System (2 channel)- Isolation Systems (Reactor Containment)- Emergency Power - Emergency Diesel Generator Controls (start, stop, monitor)- Load Sequencer- Emergency Auxiliary Feedwater- Cold Over/Low Temperature Pressure Protection (COPS/LTOPS)- Reactor Vessel Level Indicating System (RVLIS)- Inadequate Core Cooling Monitoring System (ICCMS)

INVENSYS NUCLEAR PLANT CONTROL SYSTEM

SUMMARY

• Invensys respected industry leader turns focus to nuclear power industry.

• The TRICON - first commercial-off-the-shelf fault tolerant PLC to be qualified for generic Class 1E applications.

• Invensys solutions addresses all of the CONTROL needs of the nuclear power industry.

• Invensys provided continued support to KNPP and the future Belene project.