Design Considerations for Meeting Separation Criteria for Class IE Systems within the Control Board

Abstract

The logic diagram for an engineered safety features protection system is shown in Figure 1. The engineered safety feature system is similar for Babcock and Wilcox, Combustion Engineering, General Atomic, General Electric, and Westinghouse. As a result, the system will be used to illustrate the design considerations and techniques for meeting separation criteria for Class 1 systems. The engineered safety features system employs local coincidence logic. The system uses transmission logic, i.e., the transmission of electric power is required to initiate protective action. Transmission logic is used to prevent unwanted actuation of engineered safety features in the event of loss of electric power or safe channel failure. The system has three instrument channels for each variable. Bistable trip signals from the three instrument channels for each variable are fed to two two-of-three logic matrices; one for logic channel A and one for logic channel B. Two-of-three logic matrices are provided for each variable in both logic channels. The output of each two-of-three logic matrix is transmitted to a one-of-one logic matrix or actuator module which acts to transmit power to engineered safety feature equipment. Either output logic channel is capable of actuating the engineered safety features. In logic language, a one-of-three logic arrangement of three sets of three instrument trip signals and a one-of-one logic arrangement of two logic channels and electrical energizing signals initiate the engineered safety features actuation.1