diablo sps handbook opshandbook.pdf · related to the diablo canyon special protection scheme...

Diablo Canyon Special Protection Scheme

(DCSPS)

Operations Handbook

2009-07-14

About this Handbook

DCSPS Operations Handbook Page i Rev Date/Time: 1/7/2019 4:31:00 PM

Pacific Gas and Electric Company, CONFIDENTIAL – For Internal Use by Authorized Personnel Only

Table of Contents

1 ABOUT THIS HANDBOOK .......................................................................................................... 1-1

1.1 AUDIENCE ................................................................................................................................... 1-1

2 DOCUMENT REVISION HISTORY............................................................................................ 2-1

3 DESCRIPTION OF OPERATIONS .............................................................................................. 3-3

3.1 DIABLO CANYON SPS OVERVIEW AND CONCEPTS ..................................................................... 3-3

3.1.1 Background ........................................................................................................................ 3-3

3.1.2 Transmission System Overview.......................................................................................... 3-5

3.1.3 Diablo SPS (DCSPS) Purpose and Requirements ............................................................. 3-7

3.1.4 Diablo Canyon SPS System Description and Definitions .................................................. 3-7

3.1.5 Diablo Canyon SPS Event Categories ............................................................................. 3-11

3.2 STANDARD OPERATING DEVICES, DESCRIPTION AND PROCEDURES ......................................... 3-12

3.2.1 Diablo Canyon SPS Cut-Out Switch ................................................................................ 3-13

3.2.2 Diablo Canyon SPS Unit Selector Switch ........................................................................ 3-14

3.2.3 500kV Circuit Breaker Maintenance Switches ................................................................ 3-14

3.2.4 500kV Line/Unit Maintenance Switches .......................................................................... 3-16

3.3 SUMMARY OF SWITCHING PROCEDURES ................................................................................... 3-16

3.3.1 Open a 500kV circuit breaker (No physical work is performed on CB or Circuitry) ..... 3-16

3.3.2 Open and Clear 500kV Breaker ....................................................................................... 3-16

3.4 DIABLO CANYON SPS STATUS AND ALARM INDICATION ......................................................... 3-17

3.4.1 Alarm Categories & Conditions ...................................................................................... 3-17

3.4.2 Universal Relay N60 (UR N60) LED’s ............................................................................ 3-22

4 DETAILED SYSTEM DESIGN AND COMPONENTS ............................................................. 4-1

4.1 SCHEME ARCHITECTURE OVERVIEW .......................................................................................... 4-1

4.2 RELAY INSTALLATION (AC CIRCUITS)........................................................................................ 4-1

4.3 DIABLO CANYON SPS LOGIC OVERVIEW ................................................................................... 4-3

4.3.1 System Start Up .................................................................................................................. 4-3

4.3.2 One Line Trip State ............................................................................................................ 4-3

4.3.3 One Line Out Armed State ................................................................................................. 4-3

4.3.4 One Line Out/Normal State ............................................................................................... 4-4

4.3.5 Trip Logic State.................................................................................................................. 4-4

4.3.6 Execute Trip State .............................................................................................................. 4-5

4.3.7 System Locked Out State ................................................................................................... 4-5

4.3.8 System Inactive State.......................................................................................................... 4-5

4.3.9 Plant Over Power State ..................................................................................................... 4-5

4.4 COMMUNICATION INFRASTRUCTURE .......................................................................................... 4-7

4.4.1 High Speed Relay-to-Relay Communications .................................................................... 4-7

4.4.2 Ethernet Relay-to-Relay communication and Remote Access ........................................... 4-9

4.5 RELAY FUNCTIONS ................................................................................................................... 4-11

4.6 TRIP DETECTION AND BREAKER FAILURE RECOGNITION .......................................................... 4-11

4.7 BREAKER FAILURE FUNCTIONAL OVERVIEW ............................................................................ 4-13

5 TESTING REQUIREMENTS AND PROCEDURES .................................................................. 5-1

5.1 MAINTENANCE REQUIREMENTS AND PROCEDURES .................................................................... 5-1

About this Handbook

DCSPS Operations Handbook Page ii Rev Date/Time: 1/7/2019 4:31:00 PM


5.2 DCSPS TESTING MATRIX ........................................................................................................... 5-1

6 DESIGN ADEQUACY (REF DCPP EDDG-006 ATTACHMENT 8.1) ..................................... 6-1

6.1 POWER SUPPLY (STATION BATTERY AND CHARGER) ................................................................. 6-1

6.1.1 Redundancy and Availability ............................................................................................. 6-1

6.1.2 Capacity and Capability .................................................................................................... 6-1

6.1.3 Worst Case Power Supply Conditions ............................................................................... 6-2

6.2 RACEWAY SYSTEM DESIGN ........................................................................................................ 6-2

6.2.1 Physical Separation ........................................................................................................... 6-2

6.3 SCHEME DESIGN ......................................................................................................................... 6-2

6.3.1 Redundancy ........................................................................................................................ 6-2

6.3.2 Single Point or Common Mode Failures (Failure Mode Analysis) ................................... 6-2

6.3.3 Security Enhancements ...................................................................................................... 6-4

6.4 SURGE PROTECTION .................................................................................................................... 6-7

6.4.1 UR Relay Surge Protection ................................................................................................ 6-7

6.4.2 EMI and RFI (Electro-Magnetic and Radio Interference) ................................................ 6-7

6.5 PROTECTION DEVICES ................................................................................................................. 6-8

6.5.1 Sensitivity ........................................................................................................................... 6-8

6.5.2 Relay Reliability ................................................................................................................. 6-8

6.5.3 Coordination ...................................................................................................................... 6-8

6.5.4 Relay Burden ...................................................................................................................... 6-8

6.5.5 Scheme Accuracy ............................................................................................................... 6-8

6.6 DESIGN CALCULATIONS (QUALITY ASSURANCE) ....................................................................... 6-9

6.6.1 Setting Reevaluation and Update ....................................................................................... 6-9

6.6.2 N60 Relay Setting Ownership .......................................................................................... 6-10

6.6.3 Setting Verification (Protection Department) .................................................................. 6-10

6.6.4 Relay Firmware ............................................................................................................... 6-10

7 GLOSSARY...................................................................................................................................... 7-1

8 ADDITIONAL REFERENCE DOCUMENTS ............................................................................. 8-1

9 APPENDIX A: DCSPS CRITICAL SET POINTS (COMMISSIONING SETTINGS) .......... 9-1

9.1 SET POINTS AND DEFINITIONS .................................................................................................... 9-1

10 APPENDIX B: DIABLO CANYON SPS ALARM POINTS ................................................ 10-1

10.1 DIABLO CANYON ANNUNCIATION & RTU ALARMS ................................................................. 10-1

11 APPENDIX C: DIABLO CANYON SPS DRAWINGS ........................................................ 11-1

11.1 DIABLO CANYON SPS DRAWING LIST ...................................................................................... 11-1

12 APPENDIX D: DCSPS EVENT CATEGORY DETAILED DESCRIPTION ................... 12-1

13 APPENDIX E: UNIT TRIPPING DETERMINATION AND KARNAUGH MAPS ........ 13-1

About this Handbook

DCSPS Operations Handbook Page 1-1 Rev Date/Time: 1/7/2019 4:31:00 PM

1 About this Handbook

This handbook was developed as a reference guide to the design, operating procedures, systems, and testing

related to the Diablo Canyon Special Protection Scheme (Diablo Canyon SPS).

This handbook is designed so that it may be used as a general reference guide, classroom-training manual or

tutorial for independent study. The organization allows different types of users to easily find the information

in the level of detail appropriate for their needs.

1.1 Audience

The target audience for the document includes:

▪ TOC (Transmission Operations Center) Operators

▪ Diablo Canyon Transmission Control Center Operators

▪ System Protection and Diablo Canyon Plant Engineers

▪ Diablo Canyon training personnel

▪ Strategic Planning and Technical Service (SATS) Department

▪ (OE) Operations Engineering Engineers

▪ Diablo Canyon Substation Maintenance

Document Revision History



2 Document Revision History

Previous Document Version

Revision Date

Description of Changes Change Author/ Approver

New Version Number

N/A 10/10/05 ▪ Document Creation (Draft “Table of Contents Version” For Circulation)

Davis Erwin A

A 02/10/06 ▪ Adopted Anatoliy Meklin’s comments within the SPS Overview section (“Background” section authored by Anatoliy Meklin)

Davis Erwin / Anatoliy Meklin / Ed Taylor

2006-02-10

2006-02-10 03/14/06 Adopted comments from:

▪ Anatoliy Meklin (TES)

▪ John Grant (OPS Engineering)

▪ Ed Taylor (System Protection)

▪ Joe Goryance (Diablo Canyon Engineering)

▪ Davis Erwin (System Protection)

Davis Erwin 2006-03-14

2006-03-14 05/12/06 The following modifications are not a result of a change in the concept or functionality of the of the DCSPS scheme. The updates to the document are as follows:

▪ Updated Appendix A to include the DCSPS relay set-points that resulted from the April-May 2006 TES study. (These settings will be the In-Service commissioning set points)

▪ Updated Appendix B to include a better description of the SCADA Arming points (3-SYS A and 3-SYS B). This includes associated description in section 3.4.1.3

▪ Updated the DOO section 3.4.1.1.1 for operator response to a DCSPS trip. (Based on feedback from the on-site operator training held 04-27-2006)

▪ Added Testing Matrix to Section 5 (Matrix was completed for on-site commissioning during the first week of May 2006.)

▪ Added a description table for every DCSPS programmable LED. (section 3.4.2)

▪ Minor wording corrections to Section 6.3.3.3


Document Revision History



Previous Document Version

Revision Date

Description of Changes Change Author/ Approver

New Version Number

2006-05-12 07/14/09 The following modifications are not a result of a change in the concept or functionality of the of the DCSPS scheme. The updates to the document are as follows:

▪ Updated Figure 12 – Pictorial representation of the Communication Network connection of the DCSPS relays. The relays are to be moved from the PDN to the ODN to comply with NERC CIP requirements. (Sketch provided by Greg Howaniec – PG&E Sr. Network Specialist - ITI Network Operations)

▪ Updated wording in section 4.4.2 to describe the new ODN relay network connection.

▪ At three (3) places within the document, changed the wording “RAS Network” to “Communication Network”. Reason: “RAS Network “ Implies “PDN”


Description of Operations

DCSPS Operations Handbook Page 3-3 Rev Date/Time 1/7/2019 4:31:00 PM


3 Description of Operations

This section contains core information on the operating procedures for the Diablo Canyon Special Protection

Scheme (DCSPS).

3.1 Diablo Canyon SPS Overview and Concepts

Special Protection Schemes (SPS) are designed to respond quickly to pre-defined events for which reliance on

human intervention is insufficient to protect equipment and minimize the adverse impacts of those events. Special

Protection Schemes can vary widely in purpose and scope.

The objective of this section is to provide an understanding of the purpose and function of the Diablo Canyon SPS.

It is also intended to provide information on system design, scope, how the scheme works and a comparison

between normal operating conditions and Diablo Canyon SPS event conditions. Specific guidelines and procedures

for the practical usage of the Diablo Canyon SPS system are covered in subsequent sections of this document.

3.1.1 Background

The various DCPP stability studies and the plant operating experience have not revealed any plant

stability problems related to its operation with all three 500 kV lines in service or following a loss of a

single 500 kV component (a line or a unit). The plant performance in such situations is in compliance

with the NERC/WECC Planning Standards

(http://www.wecc.biz/documents/library/procedures/CriteriaMaster.pdf, pages 9-13, 24 and 25) for the

A (all facilities in service) and B (loss of a single element) categories of events.

However, the various studies conducted by Strategic and Technical Services (SATS) and Operations

Engineering (OE) teams have shown that double line outages (DLO), single line outages (SLO) in 2-

line scheme and delayed SLO could lead to intensive synchronous swings or to a loss of synchronism

between the plant generators and the WECC system. This may trigger different plant protective

devices, such as out-of-step protection and Reactor Coolant Pump (RCP) undervoltage protection,

resulting in double unit outages (DUO). This may also violate the NERC/WECC Planning Standards

for more severe disturbances.

The potential of instability and DUO increases if one of the 500 kV lines is out of service. This

resulted in the DCPP practice to curtail the plant in 2-line schemes of operation.

More specifically, the main negative consequences of the intensive synchronous swings or a loss of

synchronism are:

a. DUO would impose definite strain on the remaining generating resources in the system

to supply demand, especially if other resources are off-line.

b. Out-of-step conditions would impose severe stress on both units’ equipment.

c. DUO could be accompanied by the undesirable loading of the on-site diesel generators

because capability of the off-site power source is not sufficient for DUO.

d. DUO can bring stability of the WECC system close to critical conditions causing a

severe test for the variety of control and protective devices in the entire system The

prevention of DUO would minimize the possibility of cascading, e.g. collapse and

separation of California-Oregon Intertie (COI). Cascading is not permitted by the

NERC/WECC Planning Standard even for relatively rare disturbances combined with a

failure or a partial operation of control and protective devices.

e. Transient voltage dips during the intensive synchronous swings or in out-of-step

conditions (before out-of-step protection trips the units) may exceed values allowed by

the NERC/WECC and PG&E Planning Standards.

The “d” and “e” items correspond to event categories C and D in the NERC/WECC Planning

Standard.

http://www.wecc.biz/documents/library/procedures/CriteriaMaster.pdf




The definitions of categories and the corresponding allowable impacts are given in Table I (NERC) of

the Standard. Category C corresponds to the above described DLO, SLO and delayed SLO with SLG

faults. Instability and cascading for category C are not allowed. Automatic removal of certain

generators is allowed to prevent instability or cascading.

The W-1 table (WECC) complements the category C definition by specifying event frequency, which

is 0.033-0.33 event/year. This frequency for DCPP is about 0.08 in accordance with the plant line

outage data.

Table W-1 and Figure W-1 specify allowable transit voltage dips - should not be greater than 30% for

category C. Even a short-time DCPP out-of-step violates this criterion because transient voltage dips

exceed 60% on the 500 kV bus and 40% on the 25 kV buses for about 1 second. The main goal of this

criterion is to prevent intensive swings or an out-of-step of large power plants or parts of the system.

Such DCPP swings produce a very significant impact to the entire system because a swing electrical

center is located in the 500 kV grid outside of the relatively small impedance of the plant and the

duration of the voltage decline is quite significant because of the high plant inertia (which is

additionally increased with the turbine replacement). Transient voltages should be even greater to

prevent operation of the RCP undervoltage protection. Everything possible should be done to avoid

intensive swings and even half of an out-of-step cycle of a 2,450 MW power plant. Out-of-step

protection is a last line of defense and should operate when measures, preventing an out-of-step, have

failed.

Category D corresponds to SLO with delayed 2 or 3-phase faults or to less severe disturbances with

failures or misoperations of control and protective devices (including devices outside DCPP). The

type of cascading, which can occur on a DCPP DUO, is not allowed.

The DCPP SPS installation will minimize the possibility of DUO and other negative consequences.

The 2001 SATS study “Mitigation Measures for Double Outages at Diablo Canyon Power Plant” and

the several farther developments defined the effective remedial actions and the main SPS design and

setup principles. Study conclusions include:

▪ The most effective remedial action to maintain DCPP stability is an immediate trip of one of the

generators. This action prevents intensive swings or out-of-step of the remaining generator for the

most credible severe line outages. The forced generator voltage pulsing and turbine fast valving

were found not effective enough.

▪ SPS should trip one generator on severe disturbances if plant generation exceeds certain levels.

These arming levels should be established in SPS for each type of outages (DLO, SLO in 2-line

scheme, delayed SLO) to provide compliance with the transient voltage dip criteria, non-operation

of the out-of-step protection and non-operation of the RCP protection.

▪ The arming levels could be automatically calculated in SPS as a function (e.g. polynomial) of the

most significant variables or set unchangeable based on the “worst” values of those variables. The

most significant variables - generator terminal bus voltages prior to a disturbance and short circuit

severity, which corresponds to the level and duration of a positive sequence voltage dip.

Maintaining initial terminal voltages as high as possible is essential. Voltage increase from 0.97

p.u. to 1 p.u. makes impossible post-disturbance oscillations, increases arming levels by more than

200 MW and makes SPS effective for a wider range of disturbances.

▪ The arming levels or arming functions, obtained from stability studies should be set with a margin,

sufficient to cover variations of the less significant variables and to count inaccuracy of the system

model and measurements.




▪ Total SPS time from a 500 kV line short circuit inception to generator breaker trip coil energizing

should not be more than 0.07 sec. for normal line trips and 0.2 sec. for delayed line trips. This

means that the initiating relay protection circuits should not be supervised by contacts (signals) of

the line minimum current relays or the line breaker seals because of their insufficient speed.

▪ The immediate SPS actions are not necessary on outages, which are not aggravated by short

circuits. Therefore, all speed-critical outages are accompanied by relay protection operation on

both ends of the 500 kV lines. This makes unnecessary transferring line outage signals from Gates

and Midway to DCPP (see “Modification of the DCPP SPS Technical Requirements”, SATS,

2004).

▪ The SPS generator tripping action might be necessary to prevent purely damped oscillation which

may occur if only one 500 kV line remains after an outage. These post-disturbance oscillations

have been indicated in the simulations with the simplified representation of the DCPP auxiliaries.

The more detailed dynamic auxiliary models have resulted in better damping but did not eliminate

the possibility of oscillations if SPS does not trip a generator. The relay protection initiates

immediate SPS generator tripping for the fault related line outages. For the no-fault line outages,

a generator tripping action can be delayed by 2-3 seconds. This is sufficient to indicate no-fault

switching of either end of a 500 kV line and initiate SPS.

▪ Default SPS selection of a generator for tripping can be manually established by the operator.

This selection should be automatically overridden if the switchyard post-disturbance topology is

such that the default trip causes loss of both generators or 500 kV lines. The manual selection

should take into consideration that Unit 1 features more intensive swings because of the less

favorable generator characteristics. Therefore, a remedial trip of the Unit 1 generator is

more effective for the voltage transient dip reduction and for the plant stability.

▪ SPS actions provide satisfactory plant performance for the category C and some of the category D

disturbances. SPS actions are effective for double line outages, for single phase faults with

breaker failures (sometimes necessary) and some cases of multi-phase faults with single phase

breaker failures. SPS cannot prevent operation of the RCP undervoltage protection on multi-phase

faults with multi-phase breaker failures and on some multi-phase faults with single phase failures.

▪ Triggering of the RCP undervoltage protection cannot be excluded for some category D

disturbances when SPS is not armed or generator tripping is not effective. RCP shuts a reactor

down and closes turbine valves, but does not isolate a generator from the grid for 30 sec. The

isolation occurs earlier by the unit out-of-step protection if other generator tripping and valve

closing do not prevent a loss of stability.

The more detailed discussion of different SPS issues can be found in the above mentioned SATS

reports. The SPS arming level calculations is in progress and will be completed in May 2006.

3.1.2 Transmission System Overview

Figure 1 illustrates the electrical infrastructure of the transmission system at Diablo Canyon. To

varying degrees, all of the elements in the figure are essential to the schemes proper operation.

Included are the critical elements that interact with the DCSPS:

1. Diablo Canyon 500kV Bus 1 and Bus 2

2. Diablo Canyon 500kV Bays 2, 3, and 4.

3. Unit #1 and #2 500kV Breakers CB 532, 632, 542, 642.

4. Diablo Canyon 500kV Line Breakers CB 622, 722, 632, 732, 642, and 742

5. 500kV line “Remote End” terminals at Gates and Midway




MIDWAY

BUS 2

GATES

BUS 1

DIABLO

CANYON

BUS 2

742642

DIABLO - MIDWAY #2 500kV LINE


GATES - DIABLO CANYON 500kV LINE

732

722622

812 912

802 902

652 552

542

DIABLO

CANYON

BUS 1

DIABLO

CANYON

UNIT 2

632532

DIABLO

CANYON

UNIT 1

ZZY Y

ZYX Y

ZYX YX YZ Y

Z YXY

DCPP_DCSPS 10-2005

Dpe4

Figure 1: Diablo Canyon One-Line Diagram including the Remote Line End Terminals




3.1.3 Diablo SPS (DCSPS) Purpose and Requirements

The Diablo Canyon SPS (DCSPS) was developed to mitigate the potential loss of two Diablo Canyon

Units after the occurrence of certain 500kV events. These events, left unmitigated, may result in the

loss of both Diablo Canyon units. DCSPS will prevent voltage dips that are in violation of the

NERC/WECC Standards. These events will be categorized and consist of combinations of Line Trips

and/or Line Outages and/or 500kV breaker failures.

For any system event that meets the criteria, the scheme will intentionally trip the 500kV breakers of

one unit, leaving the other unit connected to the 500kV system. A DCSPS trip will be issued for three

distinct scenarios. These scenarios are referred to in the remaining documentation as “DCSPS

Event(s)”:

DCSPS Event Description:

1. Two 500kV Line System, (one 500kV line has been “out” beyond a certain period of time),

followed by either of the following two events:

a. The sudden loss of one of the remaining two Diablo Canyon 500kV lines due to a

protective relay trip. (Tripping for this event is supervised by Diablo MW generation

arming level)

b. The loss of one of the remaining two Diablo Canyon 500kV lines by manual open (or

equivalent), at either Diablo or the remote station. (Tripping for this event is supervised

by a Diablo MW generation arming level)

2. Normal 500kV Line System, (all three lines are in-service and normal), followed by either of

the following two events:

a. The sudden loss of two Diablo Canyon 500kV lines due to a protective relay trip.

(Tripping for this event is supervised by a Diablo MW generation arming level)

b. The loss of two Diablo Canyon 500kV lines by a manual open (or equivalent), at either

Diablo or the remote stations. (Tripping for this event is supervised by a Diablo MW

generation arming level)

3. Diablo Canyon 500kV circuit breaker failure that occurs after failing to trip for a severe fault

condition. (Tripping for this event is supervised by Diablo MW generation arming level and

by the collapse of the 500kV positive sequence voltage level)

3.1.4 Diablo Canyon SPS System Description and Definitions

The Diablo Canyon SPS is a fully redundant scheme. The scheme consists of two systems, (System

“A” and System “B”), each of which are programmed identically, and each can operate independently

of the other. All of the components associated with the DCSPS are installed within the Diablo

Canyon 500kV control building. (No devices for this scheme exist at the remote stations or in the

Diablo Canyon plant)

The functionality of the Diablo Canyon SPS is dependent upon reliably performing the following:

1. Sensing a protective relay trip of any Diablo Canyon 500kV breaker.

2. Sensing a breaker failure condition of any Diablo Canyon 500kV breaker.

3. Sensing the position of each Diablo Canyon 500kV breaker (For the purposes of the

500kV Bus configuration. The bus configuration is used in the trip table.)

4. Sensing the current flow on each of the three 500kV lines and each of the two units (as

measured at 500kV)

5. Sensing a line outage of each of the three 500kV lines and a unit outage of each of the

two units.

6. Calculating the plant MW export flow.

7. Calculating the 500kV Positive sequence voltage.




8. Capability of tripping CB 532 and CB 632 (Unit #1 high side circuit breakers).

Capability of tripping CB 542 and CB 642 (Unit #2 high side circuit breakers)

9. Communication infrastructure that allows the transmission of data between all of the

devices in the scheme. (All devices for the scheme are located in the Diablo Canyon

500kV Control Room)

10. Sensing the operator designated interfaces with the scheme. (Pushbuttons, CB

Maintenance switches, and Unit selector switch, etc.)

3.1.4.1 DSCPS System Input and Output (I/O)

The Diablo Canyon SPS relays monitor the following AC quantities:

▪ Diablo – Gates 500kV Line three phase current

▪ Diablo – Midway #2 500kV Line three phase current

▪ Diablo – Midway #3 500kV Line three phase current

▪ Diablo Unit #1 500kV three phase current

▪ Diablo Unit #2 500kV three phase current

▪ Diablo Unit #1 500kV three phase potential

▪ Diablo Unit #2 500kV three phase potential

▪ Diablo – Gates 500kV Line three phase potential (System A only)

▪ Diablo – Midway #3 500kV Line three phase potential (System B only)

The DCSPS relays monitor the following digital events (DC status change):

▪ Eight CB status Inputs (Breaker position determined by 52b seals)

▪ Eight CB Breaker Failure Initiate Trip Circuit Inputs. (BFI indicate Protection Trips)

▪ Eight Breaker Failure Trips (Indicates when a breaker has failed to operate)

▪ Unit Selector Switch

▪ CB Maintenance Switch inputs for CB’s 532, 542, 632, and CB 642. (CB 622, 722, 732 and CB

742 monitor the CB Maintenance switch in parallel with the respective CB status input.)

The DCSPS relays output the following digital events via relay contact(s) closure:

▪ CB 532 Trip Output (Trip Coil 1)








▪ CB 532 Breaker Failure Initiate







▪ SCADA Alarms and Station Annunciation (See Appendix for Complete Listing)

▪ Relay status LED’s (See Later Sections for LED Assignments)

3.1.4.2 Diablo Canyon MW Export Calculations

Diablo Canyon MW export calculation is critical to the operation of the Diablo Canyon SPS and will

determine if any or all of the three distinct events categories are ARMED. For the Diablo SPS, the

Diablo Canyon Export is defined as the sum of power flow on the following two components:

▪ Unit #1

▪ Unit #2

The Diablo SPS relays require proper 500kV potential from Unit #1 and Unit #2 T-taps as well as

500kV currents from the Unit #1 and Unit #2 circuit breakers to accurately calculate the total Diablo

MW export.

3.1.4.3 500kV Bus Configuration

Diablo Canyon SPS determines 500kV bus configuration by continuously evaluating the breaker

position status and CB Maintenance switch inputs. Accurate determination of the 500kV Bus

configuration is essential for determining if a Unit will be tripped. If a Unit will be tripped, the 500kV

breaker configuration will determine which one (See Appendix).

3.1.4.4 Line and Unit Outage Status Determination

Diablo Canyon SPS determines 500kV Line/Unit outage status by continuously evaluating current

flow (to detect undercurrent conditions) and Line/Unit breaker seal status. The “Line Outage”

determination is done “Locally” by monitoring ONLY the necessary quantities at Diablo Canyon.

Line Outage Determination is necessary for two reasons:

1. If all prerequisite conditions are met, the Line Outage(s) will result in DCSPS tripping.

2. Distinguish the difference between DCSPS Event 1 and DCSPS Event 2 categories.

3.1.4.4.1 Local Line Outage

A Local line outage will be determined if both breakers for the line are opened (or in

Maintenance) AND the undercurrent element has been picked up. (See settings appendix for the

UC1 setpoint)

3.1.4.4.2 Remote Line Outage

A Remote line outage will be determined if the line is open ended at the remote substation by

sensing only the assertion of the undercurrent element for a predefined time (See settings

appendix for the UC1 setpoint).

Furthermore, to add security, the remote line outage determination will only be enabled when

the Plant Generation output is above the minimum MW arming setpoint. (Remote line outage

detection is disabled when the scheme is

3.1.4.5 Protection Relay Tripping – Sudden Line/Unit Trip Determination

The Diablo SPS detects the imminent, or sudden, outage of a Line/unit by continuously monitoring

the Breaker Failure Initiate circuits of each Diablo Canyon 500kV breakers. A Breaker Failure

Initiate (BFI) on a Circuit Breaker is an indication that the CB is being tripped by a protection device.

The DCSPS relay logic will determine what component(s), (Bank or Line), is tripped by sensing

which group of CB’s have had their Breaker Failure Device initiated.

A “Manual Open” of the Line/Unit is not defined as an Imminent or sudden outage of the Line/Unit.

Any normal clearance procedure is not defined as an Imminent or sudden outage. “Manual Open”

will NOT initiate breaker failure on the circuit breaker.

3.1.4.6 Breaker Failure Relay Tripping

If a breaker has failed to open for a trip issued by a protection relay, the breaker failure tripping will

open ALL breakers electrically adjacent to the failed CB.




The Diablo SPS detects breaker failure tripping by continuously monitoring the Breaker Failure TRIP

circuits of each Diablo Canyon 500kV breakers.

3.1.4.7 Fault Severity Determination

The fault severity sensing is used to supervise only in the Breaker Failure DCSPS events. Line

Outage and Line Tripping DCSPS events do not use positive sequence voltage supervision

Diablo Canyon SPS determines a “Medium” and “Severe” fault condition by measurement of the

500kV positive sequence voltage. Each System, (A and B), measure the 500kV voltage at the T-tap

CCVT’s for Unit #1 and Unit #2. Each CCVT secondary voltage is wired to separate relays.

A collapse of the positive sequence voltage beyond a certain set-point UVm will distinguish a

“Medium” fault condition. A collapse of the positive sequence voltage beyond a lower set-point UVs

will distinguish a “Severe” fault condition.

3.1.4.8 Diablo SPS Tripping

Diablo Canyon SPS will trip a Unit only if it result in a benefit to the system. Many of the events, by

there very nature and initial operational configuration of the 500kV bus, will result in the removal of

one or both units. If the initiating event removes one or both units, DCSPS will not issue a trip.




3.1.5 Diablo Canyon SPS Event Categories

The Diablo Canyon SPS (DCSPS) events are broken down into three major categories. (If

greater detail is desired, see the table in the appendix that describes each event and number

of permutations)

3.1.5.1 DCSPS Event 1: Loss of One Line in a Two Line System

One Line has been out of service for greater than TSIMULTANEOUS and Two lines are

in-service. This is the prerequisite condition for this event, followed by:

1. Protection trip of one of the two in-service lines

2. Outage of one of the two in-service lines

3.1.5.1.1 Description

A unit will be tripped for instance in this category provided ALL of the following

conditions are met:

• The Diablo Canyon plant Megawatt (MW) export level is above a predefined

arming level in the moments before the event. (The MW arming level for this

event will be referred to as L1 and the time prior to the event as TMW)

• The Diablo Canyon 500kV breaker configuration before and after the event

are positioned, (Open or Closed), such that a Diablo Canyon SPS operation is

logically reasonable. (If the initiating event removes one or both units, the

Diablo SPS will not trip) (See Trip Logic Appendix)

3.1.5.1.2 Indication

All appropriate Relay LED’s related to the particular event scenario will be

illuminated and latched. Any trip associated with the DCSPS and the event causing

the trip will be targeted on the 537DCSPS relay. (See RELAY LED section)

The appropriate Station Annunciators and RTU points asserted.

3.1.5.2 DCSPS Event 2: Loss of Two Lines in a Three Line System

Three lines in-service is the prerequisite condition for this event, followed by:

1. Protection trip of two lines within the TSIMULTANEOUS window of time

2. Protection Trip of one Line and the Outage (Non-Trip) of another line within the

TSIMULTANEOUS window of time.


A unit will be tripped for instances in this category provided ALL of the following

conditions are met:





are positioned, (Open or Closed), such that a Diablo Canyon SPS operation is

logically reasonable. (If the initiating event removes one or both units, the

Diablo SPS will not trip) (See Trip Logic Appendix)









3.1.5.3 DCSPS Event 3: 500kV Circuit Breaker Failure


A unit will be tripped for instances in this category for two conditions:

1. Breaker Failure for a “Severe” fault




• The positive sequence voltage has collapsed to a predefined level indicating a

“Severe” fault has occurred. (The positive sequence voltage level for this

event will be referred to as UVs )


are positioned such that a Diablo Canyon SPS operation is logically

reasonable. (If the initiating event removes one or both units, the Diablo SPS

will not trip)

2. Breaker Failure for fault with “Medium” severity




• The positive sequence voltage has collapsed to a predefined level indicating a

“Medium” fault has occurred. (The positive sequence voltage level for this

event will be referred to as UVm)


are positioned such that a Diablo Canyon SPS operation is logically

reasonable. (If the initiating event removes one or both units, the Diablo SPS

will not trip)






3.2 Standard Operating Devices, Description and Procedures

Operators have several methods of interfacing with this scheme to facilitate implementing operation

directives as well as accommodating any system set-ups, (including procedures for equipment

maintenance and servicing activities), that the scheme could not normally detect without human

interface.

All of the equipment referred to in this section is located within the Diablo Canyon 500kV control

room.




The operator interface equipment include following:

1. System Cut-Out Switch

2. Unit Selector Switch

3. 500kV Circuit Breaker Maintenance Switch(s)

4. UR Relay Reset Pushbutton (To Reset the Scheme after Tripping)

5. Line and Unit Maintenance Switch(s)

Operator actions need to be included in individual switching tags for any clearances or real time

operating scenarios that affect the proper operation of the Diablo Canyon SPS. In general, the steps

involve positioning DCSPS related manual switches on control boards at the appropriate time within

the preferred sequence. This section will summarize the steps and sequence that need to be included

in typical clearances or operating set-ups. Clearances or set-ups not covered in the following sections

need to be assessed on a case-by-case basis. The responsible Operations Engineer and System

Protection Engineer should be consulted as needed to provide guidance on how to modify or

incorporate special steps, if any, in the switching tag.

3.2.1 Diablo Canyon SPS Cut-Out Switch

The Diablo Canyon SPS has two separate Cut-Out switches, one for System A and one for

System B. Each of these two switches has two positions: CUT-IN or CUT-OUT. Two

separate cutout switches allow greater flexibility to perform maintenance, software

upgrades, or testing one system at a time.

1. Diablo Canyon SPS System A Cutout Switch: DEVICE RCO/DCSPS-A

2. Diablo Canyon SPS System B Cutout Switch: DEVICE RCO/DCSPS-B

These cutout switches are located side-by-side on the Diablo Canyon SPS Control Panel

Rack #1.

Placing the System-A cutout switch in the CUTOUT position will result in the following:

a. The trip output circuits from System – A to CB 532, 542, 632, and 642 will

be physically interrupted by a contact of the Cut-Out switch. (No Trips

issued from System-A will result in a unit separation)

b. The breaker failure initiate output circuits from System – A to CB 532, 542,

632, and 642 will be physically interrupted by a contact of the Cut-Out

switch.

c. The unit-1 and unit-2 trip output circuits originating from System – A and

wired to the System – B inputs will be physically interrupted by a latching

contact of the System – A relay. (Enabling System-A to be cut-out for

testing while the other remains in-service)

d. The “System – A” cut-in status that is continuously communicated via

hardware connection from the System – A relay to System B will change

state. (System – B senses the Cut-Out status of System – A. This point is

used for the Sys-A&B trip comparison logic.)

e. System – A logic and settings function normally when System – A is cut-out.

(No logic supervision within System – A is utilized when System – A is cut-

out. This is important for testing scenarios)

Placing the System-B cutout switch in the CUTOUT position will result in the following:

a. The trip output circuits from System – B to CB 532, 542, 632, and 642 will

be physically interrupted by a contact of the Cut-Out switch. (No Trips

issued from System-B will result in a unit separation)




b. The breaker failure initiate output circuits from System – B to CB 532, 542,

632, and 642 will be physically interrupted by a contact of the Cut-Out

switch.

c. The unit-1 and unit-2 trip output circuits originating from System – B and

wired to the System – A inputs will be physically interrupted by a latching

contact of the System – B relay. (Enabling System-B to be cut-out for

testing while the other remains in-service)

d. The “System – B” cut-in status that is continuously communicated via

hardware connection from the System – B relay to System A will change

state. (System – A senses the Cut-Out status of System – B. This point is

used for the Sys-A&B trip comparison logic.)

e. System – B logic and settings will function normally when System – B is

cut-out. (No logic supervision within System – B is utilized when System –

B is cut-out. This is important for testing scenarios)

A figure in the testing section illustrates the Cut-Out functions that are described above.

To completely cutout the Diablo Canyon SPS, both switches will need to be placed in the

cutout position.

Each RCO is independently SCADA controllable.

3.2.2 Diablo Canyon SPS Unit Selector Switch

The Diablo Canyon SPS has one Unit Selector Switch. The selector switch provides an

input to both System A and System B. This is a two position switch: UNIT1 or UNIT2.

1. Diablo Canyon SPS Unit Selector Switch: DEVICE 543UTS

The Unit Selector Switch is located on the Diablo Canyon SPS Control Panel Rack #1.

Placing the Unit Selector Switch in the UNIT1 position informs the logic that the preferred

unit for tripping is Unit #1.

Placing the Unit Selector Switch in the UNIT2 position informs the logic that the preferred

unit for tripping is Unit #2.

It is important to note that the “DCSPS EVENT” as sensed by the scheme, and the 500kV

CB physical topology, determines which unit will be tripped. Only for those scenarios that

allow the unit selector switch to influence the logic, is it used for determination of unit

tripping. (See tripping logic in the Appendix). The scheme may trip the unit that is NOT

selected by the unit selector switch.

The Unit selector switch is not SCADA controllable.

3.2.3 500kV Circuit Breaker Maintenance Switches

The Diablo Canyon SPS makes use of the (8) 500kV circuit breaker maintenance switches.

Each maintenance switch provides an input to both System A and System B. These are

two position switches: NORMAL or MAINTENANCE.

These same switches are also used for the 500kV RAS. Recognize that the repositioning

of these switches affect both schemes independently.

• CB 622 Normal/Maintenance SW (DEVICE 543M-622)

o Affects the Diablo – Gates Line Outage Logic

o Affects the Diablo – Gates Line Trip Sensing Logic

o Affects the CB 622 Breaker Failure Tripping Sensing.





o Affects the Diablo – Gates Line Outage Logic

o Affects the Diablo – Gates Line Trip Sensing Logic



o Affects the Unit #1 Outage Logic

o Affects the Unit #1 Trip Sensing Logic


o Affects the UNIT #1 DCSPS TRIPPING




o Affects the Diablo – Midway #3 Line Outage Logic

o Affects the Diablo –Midway #3 Line Trip Sensing Logic





o Affects the Diablo –Midway #3 Line Trip Sensing Logic











o Affects the Diablo – Midway #2 Line Trip Sensing Logic,




o A portion of Diablo – Midway #2 Line Outage Logic

o A portion of Diablo –Midway #2 Line Trip Sensing Logic

o Part of CB 742 Breaker Failure Tripping Sensing.

Each of the Circuit breaker maintenance switches is located on the respective Circuit

Breaker Control Panel.




Placing a switch in the Maintenance position provides a breaker open status to the scheme

for that breaker. This affects the scheme logic in the following way:

1. 500kV Bus Configuration: The Maintenance position substitutes for the Breaker

Seal for determining position of the Breaker. The Breaker will be considered

OPEN. (The breaker position is critically important to determining the

operational configuration of the 500kV bus. The configuration will be used to

determine which, (If either), unit will be tripped for an initiating event)

2. OUTAGE Line or Unit: The Maintenance position substitutes for the Breaker

Seal for determining position of the Breaker. The Breaker will be considered

OPEN. (The remaining breaker for the Line or Unit that has its maintenance

switch in the “Normal” position will be the only breaker used for determining an

OUTAGE)

3. TRIP SENSING Line or Unit: The scheme logic will IGNORE any trips that are

sensed for a breaker with the CB Maintenance switch in the Maintenance

position. (The remaining breaker for the Line or Unit that has its maintenance

switch in the “Normal” position will be the only breaker used for determining

TRIP Sensing)

4. BREAKER FAILURE TRIP SENSING CB: The scheme logic will IGNORE

any trips from the Breaker Failure Relay Scheme.

5. DIABLO SPS TRIPPING: The scheme logic will NOT issue a trip to any

breaker with the CB Maintenance switch in the Maintenance position (Tripping

disabled by logic)

3.2.4 500kV Line/Unit Maintenance Switches

The Diablo Canyon SPS has been wired to the Line maintenance switches located on the

line control panels. Each maintenance switch provides an input to both System A and

System B. These are two position switches: NORMAL or MAINTENANCE.

The line Maintenance switches are not used within the DCSPS logic. The point is reserved

for future implementation if and when the switch becomes necessary.

3.3 Summary of Switching Procedures

3.3.1 Open a 500kV circuit breaker (No physical work is performed on CB or Circuitry)

There are no special steps that need to be added to the switching sequence if

maintenance personnel will not physically work on the circuit breaker (CB) or the

related circuitry.

The use of the N/M switch is not required when the breaker is simply opened. The

use of the switch should be limited to conditions when maintenance is to be

performed on the breaker.

3.3.2 Open and Clear 500kV Breaker

The Open and Clear procedure is used to remove a circuit breaker from the system

to perform maintenance or testing in a de-energized state. The Diablo Canyon SPS

is designed to accommodate this set-up.

Maintenance activities that directly affect the DCSPS

1. Opening and closing the breaker when the CB disconnects

are opened.

2. Relay Trip checks on any 500kV breaker




Every CB on a breaker and a half bus configuration is equipped with a

Normal/Maintenance (N/M) switch. The switch is used as an input to RAS/SPS

schemes and indicates breaker abnormal conditions.

Operator Switching Procedure:

1. Evaluate conditions that exist at the time and determine

appropriate action.

2. Open and Clear the CB in accordance with current

standard switching procedures.

3. Place the CB Normal/Maintenance (N/M) switch in the

Maintenance position immediately after the CB has been

opened and prior to opening the Circuit Breaker

Disconnects.

4. On the go-back, after the Circuit Breaker disconnect

switches have been closed and just prior to closing the CB

and releasing it back for normal operations; place the CB

Normal/Maintenance (N/M) switch in the Normal

position.

3.3.2.1 Scheme Logic Actions

▪ The N/M switch inputs to the DCSPS devices do not drive a non-volatile

latch within the relay.

▪ If both breaker Normal/Maintenance switches on a line (or Unit) are placed in

the Maintenance position, and the UNDERCURRENT element within the

relay is activated, (Indicating a low level current), the substation scheme logic

will generate a Line (or Unit) outage.

▪ In the event that both breakers on a line are switched to Maintenance position,

and a current is measured on the equipment (UNDERCURRENT element is

NOT picked-up), the undercurrent disagreement alarm and LED will be

activated.

3.4 Diablo Canyon SPS Status and Alarm Indication

The Diablo SPS System “A” and System “B” give various status and alarm point indications via the

station Annunciator, SCADA RTU, and relay LED faceplates.

Diablo Canyon SPS events (Outages and Tripping) and equipment malfunctions are detected by the

relays within the scheme. The relays continuously monitor the status of the electrical system and the

health of the schemes equipment. Any deviation between the actual status of the monitored points and

the pre-programmed logic expectations will result in the appropriate indication. When abnormalities

are recognized by the Diablo Canyon SPS components, annunciation of the conditions is made in the

form of Annunciator and SCADA RTU alarms. (See Appendix for all alarm points)

3.4.1 Alarm Categories & Conditions

The DCSPS alarms can be placed into three major categories:

1. DCSPS Tripping (Critical)

▪ Unit #1 or Unit #2

2. DCSPS Functional Alarms (Critical)




▪ System “A” Channel Fail

▪ System “B” Channel Fail

▪ System “A” relay critical failure

▪ System “B” relay critical failure

▪ System “A” maintenance alarm

▪ System “B” maintenance alarm

3. DCSPS System Operation Indications

▪ System Outage (Line and/or Unit)

▪ System Arming (Either System “A” or System “B”)

▪ Unit Selector Switch Position

▪ System “A” Cut-Out

▪ System “B” Cut-Out

3.4.1.1 DCSPS Tripping Alarm

A DCSPS trip will be indicated on the Station Annunciator and via the SCADA

RTU. Four Annunciator windows have been provided that will indicate the

following:

1. System “A” Unit 1 Trip

2. System “A” Unit 2 Trip

3. System “B” Unit 1 Trip

4. System “B” Unit 2 Trip

The particular system condition that resulted in the DCSPS trip will be latched on

the DCSPS “Lines” N60 relay located on Rack #1. (Device number 537DCSPS-A

or 537DCSPS-B). The relay LED section of this document gives a visual

presentation of the LED assignments.

3.4.1.1.1 Response

o Obtain permission from TOC to Cut-Out both DCSPS System – “A” and

DCSPS System “B”. Both schemes must be cut-out prior to closing a

DCSPS tripped 500kV Unit breaker. (DCSPS must be CUT-OUT prior

to closing either 500kV unit breaker after a DCSPS trip event. The

CB may “Trip-Free” otherwise – As an example, the same system

condition that caused the trip may still be present.)

o Record LED faceplate information.

o Wait for System Protection confirmation prior to Resetting the scheme via

the Device 537DCSPS pushbuttons. (This will ensure that all of the

appropriate event data has been collected for post event analysis) (It is

important to Reset BOTH System A and System B even if only one of

the systems has tripped. A DCSPS trip from one system will “Lock-

out” the alternate unit on both systems. Resetting will clear the

lockout condition)

o Close one or both breakers for the tripped unit.

o Cut-In DCSPS after confirmation from TOC and consultation with DCPP

Operations & Engineering. (Note: Do not Cut-In if Unit #1 Trip or Unit

#2 Trip LED’s are lit. i.e. “No Standing Trips”)




3.4.1.2 DCSPS Functional Alarms

DCSPS will indicate when the scheme has malfunctioned, or has detected an

illogical condition. Functional Alarms will be indicated on the Station Annunciator

and via the SCADA RTU. Alarms in this category require

1. System “A” Channel Failure

Either a relay communication card failure, or a failure in the fiber

optic interconnectivity, has compromised the System “A”

relay grouping communication channel.

2. System “B” Channel Failure

Either a relay communication card failure, or a failure in the fiber

optic interconnectivity, has compromised the System “B”

relay grouping communication channel.

3. System “A” Relay Critical Failure

Any one of the five relays associated with System “A” has failed.

4. System “B” Relay Critical Failure

Any one of the five relays associated with System “B” has failed.

5. System “A” Maintenance Alarm

The relay group has detected a failure or an illogical condition.

The exact condition can be determined by viewing the

N60 relay LED’s.

▪ Circuit Breaker Disagreement

System A and System B disagree on the position of a 500kV

breaker (Example – System “A” indicates CB 532 is

Open and System “B” indicates CB 532 is closed)

▪ Ethernet Failure

Any relay within a group cannot establish communication with the

communication network.

▪ UC and CB disagreement

The relay has detected that both breakers are open for a line or unit

and the Undercurrent element is not asserted. (Example:

The line circuit breakers are open and there is load current

on the line)

▪ VT fuse failure

Indicates that the N60 relays have detected a failure of the a CCVT

phase or related secondary wiring.

6. System “B” Maintenance Alarm

The relay group has detected a failure or an illogical condition.

The exact condition can be determined by viewing the

N60 relay LED’s.

▪ Circuit Breaker Disagreement




System A and System B disagree on the position of a 500kV

breaker (Example – System “A” indicates CB 532 is

Open and System “B” indicates CB 532 is closed)

▪ Ethernet Failure

Any relay within a group cannot establish communication with the

communication network.

▪ UC and CB disagreement

The relay has detected that both breakers are open for a line or unit

and the Undercurrent element is not asserted. (Example:

The line circuit breakers are open and there is load current

on the line)

▪ VT fuse failure

This target indicates that the N60 relays have detected a failure of

one or more CCVT phases or related secondary wiring.

3.4.1.2.1 Response

o Alarms in this category require immediate attention.

o By viewing relay LED’s and comparing the targets with actual system

conditions, determine which system is has the failure. Immediately Cut-

Out the failed system.

o Notify Maintenance department within a business day.

o Notify System Protection department within a business day.

o Notify DCPP Operations within a business day.

3.4.1.3 DCSPS System Operation Indication

DCSPS operational statuses are indicated via the SCADA RTU. These points are

designed to give a real time view of certain points within the schemes logic.

(Absence of the RTU point will indicate the logical inverse of the point. Example:

the absence of the System A MW arming Level 1 (L1) point will indicate that

System A is Level 1 (L1) is not armed)

1. Diablo – Gates 500kV Line Outage.

Either System “A” or System “B” detection of an “Outage” of this

line will be indicated by this RTU point.

2. Diablo – Midway #2 500kV Line Outage.



3. Diablo – Midway #3 500kV Line Outage.



4. Unit #1 Outage.



5. Unit #2 Outage.



6. Unit #1 Tripping Preference.




This point comes from the N60 relays and confirms serves as

confirmation that the System “A” and System “B” relays

sense the position of the units selector switch correctly.

7. Unit #2 Tripping Preference.

This point comes from the N60 relays and confirms serves as

confirmation that the System “A” and System “B” relays

sense the position of the units selector switch correctly.

8. System “A” (1-Line Out) & (U1+U2 MW Net > L1 Setpoint) Armed.

Both conditions must be present to bring in this point at it indicates

that the scheme is armed and will operate for a Line Trip

Condition. (See State Diagram and Setting Point

Appendix for description)

9. System “A” (1-Line Out) & (500kVVolts < Vdlos Setpoint) & (U1+U2 MW

Net > L1 Setpoint) Armed.

All three conditions must be present to bring in this point at it

indicates that the scheme is armed and will operate for a

Line Outage Condition. (See State Diagram and Setting

Point Appendix for description)

10. System “A” (2-Lines Out) & (U1+U2 MW Net > L5 Setpoint) Armed.


that the plant is generating over a MW setpoint limit for a

two line outage condition. (See State Diagram and Setting


11. System “A” SPARE.

Spare Scada point for future implementation.

12. System “A” SPARE.


13. System “B” (1-Line Out) & (U1+U2 MW Net > L1 Setpoint) Armed.


that the scheme is armed and will operate for a Line Trip

Condition. (See State Diagram and Setting Point

Appendix for description)

14. System “B” (1-Line Out) & (500kVVolts < Vdlos Setpoint) & (U1+U2 MW

Net > L1 Setpoint) Armed.

All three conditions must be present to bring in this point at it

indicates that the scheme is armed and will operate for a

Line Outage Condition. (See State Diagram and Setting


15. System “B” (2-Lines Out) & (U1+U2 MW Net > L5 Setpoint) Armed.


that the plant is generating over a MW setpoint limit for a

two line outage condition. (See State Diagram and Setting


16. System “B” SPARE.


17. System “B” SPARE.





18. System “A” Cut-Out.

This point indicates that the System “A” Cut-Out switch has been

placed in the “Cut-Out” position. System “A” is incapable

of tripping either unit.

19. System “B” Cut-Out.

This point indicates that the System “B” Cut-Out switch has been

placed in the “Cut-Out” position. System “A” is incapable

of tripping either unit.

3.4.1.3.1 Response

o As a general rule, these are DCSPS operational status points that give a

real-time indication of scheme performance. These status points can be

periodically compared to actual system conditions and verified to be

correct. (Example: DCSPS indicates that the Diablo – Gates Line is OUT.

This is condition can be verified to be correct.)

o Note: The Diablo SPS arms on Analog values. It is possible, when the

actual Diablo plant output is bordering a MW arming level, that System-A

and System-B will not arm at the same time. This condition should be

considered normal. (This phenomenon will be noticed when ramping up a

unit after an outage.)

o If the conditions differ from the actual system conditions, observe the

DCSPS LED targets to determine which DCSPS system (“A” or “B”) has

malfunctioned, and CUT-OUT the system. (Example: RTU point

erroneously indicates that the Diablo – Gates Line is Out, verify which

system is bringing in the alarm by viewing the N60 relay LED faceplates.)

o In the event of discrepancies, notify DCPP Operations, T/SM&C

Maintenance, and System Protection department within a business day.

3.4.2 Universal Relay N60 (UR N60) LED’s

As indicated in earlier sections, the N60 relay contains numerous programmable LED’s. These

LED’s enable the programmer to provide very detailed information to operations and maintenance

personnel. In normal operation, it is not necessary to view LED information.

3.4.2.1 Left LED and Pushbutton Panel

The Left LED panel is located on the N60 relay as indicated in Figure 2. This panel

is common to all N60 relays in the Diablo Canyon SPS.

The LED’s on this panel reflect the status of equipment connected to the device and

indicate if there are problems with any of the equipment.

Certain actions such as resetting an alarm or acknowledging an alarm may be

initiated by pressing the blue buttons on the right side of the panel.




LED PANEL

NOTE: TRIP and ALARM LEDs ARE USER PROGRAMMABLE

IN SERVICE

TRIP

CURRENTTROUBLE

TEST MODE

ALARM

PICKUP

VOLTAGE

FREQUENCY

NEUTRAL / GND

RESET

METER

LED TESTPHASE B

PHASE A

OTHER

STATUS EVENT CAUSE

PHASE C

LEFT LED PANEL EXAMPLE

Figure 2

LED Indicator Label Function

Trip The Trip LED is programmable and lights when the trip bus is energized for any given load block circuit breaker that is connected to the associated N-60

(This LED has NOT been programmed to Illuminate for any )

Alarm The Alarm LED is programmed to illuminate for Relay Problems.

Pushbutton Indicator Label

Function

Relay Reset Only resets the LED’s associated with this panel and clears the relay of any relay malfunction alarm.

(Example: Any relay malfunction or LCD latched target will be cleared by this button. This

Pushbutton does not perform the System Reset.

Meter If the relay does not have a Latched target on the LCD display - Pressing this button will rotate the LCD

through the programmed displays (Example: metering values)

LED Test Performs preprogrammed LED illumination tests




3.4.2.2 Right LED Panel Section

The Right LCD and pushbutton panel is located on the N60 relay as indicated in

Figure 3. This panel is common to all N60 relays in the Diablo Canyon SPS.

The LCD on this panel reflects the status of each individual relay and at anytime may

have a latched a non-programmable relay target. Information displayed within the

LED will assist in determining the source of any relay malfunction. When alarms

cannot be cleared using the Reset Pushbutton, maintenance personnel are to be

notified.

Once malfunctions have been detected and cleared, pressing the “Reset” pushbutton

will clear the target information.

If no relay target is displayed, the LCD will rotate through pre-programmed status

information. This preprogrammed information will include: Metering status (if

applicable), System and relay device number.

The Pushbuttons located behind the swing panel is used for maintenance personnel

to access the relay information and performed functions that cannot be performed via

computer – relay communications.

N60 RIGHT PANEL EXAMPLE

Figure 3

3.4.2.3 Lines Relay (537DCSPS) Middle LED Panel Sections

The “Lines” relay is the major operator interface for the scheme. Figure 4 illustrates

the programmable LED indications available on both the 537DCSPS-A and the

537DCSPS-B.

Pushbutton Indicator Label

Function

System Reset

(One PB on Sys-A and One PB on

Sys-B)

Operation of this pushbutton will clear the Lockout condition created by a DCSPS trip event. (This One

pushbutton will reset the lockout condition all five relays, as well as clear Latched LED’s on all five

relays.)

LED Number Description

1, 9, 17 Indicates a Line out condition at Diablo Canyon (Both line breakers Open (Or in Maint.) and an Undercurrent

2, 10, 18 Indicates a Line out condition at the remote end of the line (UC condition for a specified Time period)





3, 4, 11, 12, 19, 20 Indicates when a breaker is Open or in Maintenance

5, 13, 21 Indicates when a line has been tripped by protection relays(s) or DTT. This LED will remain illuminated for a period of TSIMULTANEOUS. (Time period for transitioning from DCSPS EVE 2 to DCSPS EVE 1)

6, 7, 14, 15, 22, 23 Indicates a disagreement between the system A and system B sensing of the breaker position. (One system senses the breaker open, the other system senses it closed)

8, 16, 24 Indicates a disagreement with the line circuit breakers and the current on the line. (The system senses both breakers are open (or in Maint.), but does not sense an undercurrent condition).

25 The System Tripped due to a Line Trip event followed by another Line Trip that occurred within the TSIMULTANEOUS time period. (DCSPS EVE – 2)

26 Arming indication (One Line is out and the U1 + U2 Export is above the MW L1 Setting)

27 Indicates that the scheme tripped due to a Double Line Outage condition (Part of DCSPS EVE-1)

28 Indicates that the scheme tripped due to a Line Outage followed by a Line Trip condition (Part of DCSPS EVE-1)

29 Indicates that the scheme tripped due to a Line Trip followed by a Line Outage condition that occurred within TSIMULTANEOUS time period (Part

of DCSPS EVE-2)

30 Indicates that the scheme tripped due to a 500kV breaker failure condition (DCSPS EVE-3)

31 Indicates the scheme issued a trip for Unit #1 500kV breakers

32 Indicates the scheme issued a trip for Unit #2 500kV breakers

33, 34, 35, 36, 37, 38, 39, 40

Indicates that the DCSPS has detected that the breaker failure relay has operated. (This LED is latched, even if the scheme did not trip for the BF

condition – Requires a system reset to extinguish the LED)

41 Indicates that the relay cannot receive information via the direct connect fiber from other relays in the system (This is a critical failure and the scheme

should be cut-out)

42 Indicates that the relay cannot receive information over the Ethernet from the alternate system. (Results in the loss of Sys-A and Sys-B comparison

capability as well as remote access)

43 Indicates a Maintenance alarm condition (Many different errors result in a maintenance alarm – See other section within this document)

48 Indicates that the System is Unavailable either because it is cut-out or a relay logic status point has sensed unavailability – example: DD Com

Failure. (This LED will often be illuminated on all five chassis)




3.4.2.4 Unit1 Tripping Relay (578/586DCSPS-1) Middle LED Panel Sections

The Unit 1 System A and B “Tripping and Lockout” relay LED assignments can be

found in Figure 5.


1 Indicates that the scheme detects that 2 500kV lines are out and the plant MW next export (U1 + U2) is above L5

7 The DCSPS System detects that the Unit Selector Switch is in the Unit 1 Position.

8 The DCSPS System detects that the Unit Selector Switch is in the Unit 2 Position.

25 Indicates that the System is physically incapable of tripping Unit #1. This lockout condition can be created by a Unit #2 trip from this system, or the alternate system. (This requires a System Reset to clear the lock-out condition)


should be cut-out)




44 Indicates that the system has detected an error in sensing the position of the unit selector switch (Either senses both U1 and U2, or does not sense either

U1 or U2)



3.4.2.5 Unit1 Undercurrent and MW Relay (537/511DCSPS-1) Middle LED Panel Sections

The Unit 1 System A and B “Undercurrent and Multifunction (MF)” relay LED

assignments can be found in Figure 6.


1 Indicates Unit 1 outage condition at Diablo Canyon 500kV (Both 500kV breakers Open (Or in Maint.) and an Undercurrent

2 Indicates a Unit 1 outage condition at the plant. (MW/UC condition for a specified Time period)

3, 4 Indicates when a breaker is Open or in Maintenance

5 Indicates when the voltage from the Unit T-Tap PT’s is below the Vdlos setting AND a 500kV line is out AND the power level is above L1 (All three conditions must be present simultaneously)

6, 7 Indicates a disagreement between the system A and system B sensing of the breaker position. (One system senses the breaker open, the other





system senses it closed)

8 Indicates a disagreement with the line circuit breakers and the current on the line. (The system senses both breakers are open (or in Maint.), but does not sense an undercurrent condition).

25 Indicates that the U1+U2 Net MW export is above the L1 Setting






should be cut-out)






3.4.2.6 Unit2 Tripping Relay (578/586DCSPS-2) Middle LED Panel Sections

The Unit 2 System A and B “Tripping and Lockout” relay LED assignments can be

found in Figure 7.


25 Indicates that the System is physically incapable of tripping Unit #2. This lockout condition can be created by a Unit #1 trip from this system, or the alternate system. (This requires a System Reset to clear the lock-out condition)


should be cut-out)









3.4.2.7 Unit2 Undercurrent and MW Relay (537/511DCSPS-2) Middle LED Panel Sections

The Unit 2 System A and B “Undercurrent and Multifunction (MF)” relay LED

assignments can be found in Figure 8.


1 Indicates Unit 2 outage condition at Diablo Canyon 500kV (Both 500kV breakers Open (Or in Maint.) and an Undercurrent

2 Indicates a Unit 2 outage condition at the plant. (MW/UC condition for a specified Time period)

3, 4 Indicates when a breaker is Open or in Maintenance

5 Indicates when the voltage from the Unit T-Tap PT’s is below the Vdlos setting AND a 500kV line is out AND the power level is above L1 (All three conditions must be present simultaneously)

6, 7 Indicates a disagreement between the system A and system B sensing of the breaker position. (One system senses the breaker open, the other system senses it closed)

8 Indicates a disagreement with the line circuit breakers and the current on the line. (The system senses both breakers are open (or in Maint.), but does not sense an undercurrent condition).


should be cut-out)









RESET

LINE OUT AT DC 2-LINES TRIP

LINE OUT / P > L1

2-LINES OUT

LINE OUT / LINE TRIP

System Unavailable

Sys DD Com Fail25

29

32

26

27

28

30

31

33

37

34

35

36

38

39

9

12

17

20

14

16

10

11

13

15

18

19

22

21

23

24

7

2

3

5

4

6

8 40

1

47

42

43

45

44

46

48

41

LINE OUT GATES

DC - GATES DC - MIDWAY #2 DC - MIDWAY #3

622 OPEN / MAINT.

722 OPEN / MAINT.

LINE TRIP ACTIVE

622 SYS A&B DISAG

722 SYS A&B DISAG

CB & UC DISAGREE

Operational Status Operational Status ALARMS

LINE TRIP / LINE OUT

BFT PLANT TRIP

UNIT #1 TRIP

UNIT #2 TRIP

LINE OUT AT DC

LINE OUT MIDWAY

642 OPEN / MAINT.

742 OPEN / MAINT.

LINE TRIP ACTIVE

642 SYS A&B DISAG

742 SYS A&B DISAG

CB & UC DISAGREE

LINE OUT AT DC

LINE OUT MIDWAY

632 OPEN / MAINT.

732 OPEN / MAINT.

LINE TRIP ACTIVE

632 SYS A&B DISAG

732 SYS A&B DISAG

CB & UC DISAGREE

622 BF

722 BF

532 BF

632 BF

732 BF

542 BF

642 BF

742 BF

ETHERNET Fail

MAINTENANCE ALARM

537DCSPS – (A or B) LED’s and Pushbuttons

Rack 1 Rack 2 Rack 3

Sys - A

Sys - B

537DCSPS-A

537DCSPS-B

Sys - A

Sys - B

Lines Rack Unit 1 Rack Unit 2 Rack

Figure 4: DCSPS Lines Relay LED & PB and Rack Location




25

29

32

26

27

28

30

31

33

37

34

35

36

38

39

9

12

17

20

14

16

10

11

13

15

18

19

22

21

23

24

7

2

3

5

4

6

8 40

1

47

42

43

45

44

46

48

41

U1 SELECT

U2 SELECT

UNIT SELECT ERROR

Operational Status

System Unavailable

Sys DD Com Fail

ETHERNET Fail

MAINTENANCE ALARM

U1 Trip Blocked

ALARMS

A-B DISAGREE

Operational Status

DLO & OVERPOWER

578/586DCSPS – 1(A or B) LED’s and Pushbuttons


Sys - A

Sys - B

Sys - A

Sys - B

578/586DCSPS-A1

578/586DCSPS-B1


Figure 5: DCSPS Unit 1 Tripping-Lockout Relay LED Assignments and Rack Location




25

29

32

26

27

28

30

31

33

37

34

35

36

38

39

9

12

17

20

14

16

10

11

13

15

18

19

22

21

23

24

7

2

3

5

4

6

8 40

1

47

42

43

45

44

46

48

41GEN TIE OUT P > L1

GEN OFF LINE

DIABLO UNIT 1

532 OPEN / MAINT.

632 OPEN / MAINT.

532 SYS A&B DISAG

632 SYS A&B DISAG

CB & UC DISAGREE

U1 + U2 MW LEVEL

System Unavailable

Sys DD Com Fail

ETHERNET Fail

MAINTENANCE ALARM

ALARMS

P > L2

P > L3

P > L4

P > L5LO & V<Vdlos & P>L1



Sys - A

Sys - B

Sys - A

Sys - B

537/511DCSPS-A1

537/511DCSPS-B1


Figure 6: DCSPS Unit 1 Undercurrent and Multifunction Relay LED Assignments and Rack Location




25

29

32

26

27

28

30

31

33

37

34

35

36

38

39

9

12

17

20

14

16

10

11

13

15

18

19

22

21

23

24

7

2

3

5

4

6

8 40

1

47

42

43

45

44

46

48

41

Operational Status

System Unavailable

Sys DD Com Fail

ETHERNET Fail

MAINTENANCE ALARM

U2 Trip Blocked

ALARMS



Sys - A

Sys - B

Sys - A

Sys - B

578/586DCSPS-A2

578/586DCSPS-B2


Figure 7: DCSPS Unit 2 Tripping-Lockout Relay LED Assignments and Rack Location




25

29

32

26

27

28

30

31

33

37

34

35

36

38

39

9

12

17

20

14

16

10

11

13

15

18

19

22

21

23

24

7

2

3

5

4

6

8 40

1

47

42

43

45

44

46

48

41GEN TIE OUT

GEN OFF LINE

542 OPEN / MAINT.

642 OPEN / MAINT.

LO & V<Vdlos & P>L1

542 SYS A&B DISAG

642 SYS A&B DISAG

CB & UC DISAGREESystem Unavailable

Sys DD Com Fail

ETHERNET Fail

MAINTENANCE ALARM

ALARMSDIABLO UNIT 2



Sys - A

Sys - B

Sys - A

Sys - B

537/511DCSPS-A2

537/511DCSPS-B2


Figure 8: DCSPS Unit 1 Undercurrent and Multifunction Relay LED Assignments and Rack Location

Detailed System Design and Components



4 Detailed System Design and Components

4.1 Scheme Architecture Overview

In order to meet the functional specifications of the Diablo Canyon SPS, five G.E. UR N60 relays are installed

for each system, (System “A” contains five relays and System “B” contains five relays). A total of ten UR

relays are necessary to complete the objectives necessary. This section will describe each relay, the

individual purpose, and the architecture of their connectivity.

Collect real time status and analog information. Examples:

1. Line and Unit Outages

2. Line and Megawatt Telemetry (Analog and Digital representations)

3. System Health Indicators (Discrete components, Load Group data, and

Communication Failures)

4. Circuit Breaker Maintenance Switch positions

5. Line and Unit Maintenance Switch positions (If used)

6. Relay front panel pushbutton status inputs

7. Circuit Breaker Trip wire monitor

8. Breaker Failure Condition monitoring

Perform logic processing. This is logic processing that is performed by all five relays in the system.

Examples:

1. Monitor system operational condition based on position of operator controlled

switches.

2. Determine Outage Status of power system components. (Lines and Transformers)

3. Calculate Individual Unit and Total Export quantities (MW)

Perform Output commands Examples:

1. Trip Unit 1 or Unit 2.

2. Alarm information output (System Tripping, Maintenance Alarm etc.)

4.2 Relay Installation (AC Circuits)

All of the relays associated with this scheme are located in the Diablo Canyon 500kVcontrol building. The

scheme monitors the protection trip and breaker failure trip circuits for the 500kV breakers, Unit 500kV

voltages and currents and 500kV line voltages and currents. It is important to note that only Diablo Canyon

500kV quantities are monitored.

Figure 9 depicts the ten Diablo SPS relays and shows how the relays are wired to Diablo Canyon 500kV

Current Transformer (CT) and Potential Transformer (PT) circuits. The System-A relays are wired in Set-A

protection scheme CT’s. The System-B relays are wired in the Set-B protection scheme CT’s. (Set-A and

Set-B protection scheme components are not explicitly shown in the figure.) The darkened hashed areas

indicate the cabinets in which the relays are physically mounted.




MIDWAY

BUS 2

GATES

BUS 1

DIABLO

CANYON

BUS 2

742642


537DCSPS-B


537DCSPS-A

GATES - DIABLO CANYON 500kV LINE

732

722622

812 912

802 902

652 552

542

DIABLO

CANYON

BUS 1

DIABLO

CANYON

UNIT 2

632532

DIABLO

CANYON

UNIT 1

SYS - A GE UR-N60: Place in LFDC CURRENT CIRCUIT

SYS - B GE UR-N60: Place in PLS CURRENT CIRCUIT

ZZY Y

ZYX Y

ZYX YX YZ Y

Z YXY

537/511DCSPSA-1537/511DCSPSA-2

537/511DCSPSB-2 537/511DCSPSB-1

578/586DCSPSA-1578/586DCSPSA-2

578/586DCSPSB-1578/586DCSPSB-2

SYS-A

F1: DIABLO-GATES

M1: DIABLO-MID #3

M5: DIABLO-MID #2

SYS-B

F1: DIABLO-MID #2

M1: DIABLO-MID #3

M5: DIABLO-GATES

RELAY CONFIG AS

VIEWED FROM

BEHIND PANEL

UNIT #2 DCSPS RACK 3

RELAY CONFIG AS

VIEWED FROM

BEHIND PANEL


RELAY CONFIG AS

VIEWED FROM

BEHIND PANEL

LINES DCSPS RACK 1

DCPP_DCSPS 12-2005

Dpe4

Figure 9: Basic Single Line Meter and Relay Sketch for DCSPS




4.3 Diablo Canyon SPS Logic Overview

Logic programmed into the Diablo Canyon SPS relays enables the detection of specific Diablo

Canyon SPS events and facilitates the execution of appropriate tripping. Due to the complexity of the

scheme, this logic is distributed over several relays in the system, (System-A or System-B as

applicable).

The logic is based on the fact that the system can exist in only one “State” at any point in time.

Changes in the system due to line outages or Unit power output result in a transition to another state.

The following paragraphs summarize the System State Diagrams shown in Figure 10.

4.3.1 System Start Up

▪ On start-up, the system transitions to the “3-Line In” state

▪ If at least one “Line Out” is detected and the plant output power is greater than Level 1

(L1), the system transitions to the “1-Line Out/Armed” state, and a “Line Out/Armed”

LED is lit.

▪ If at least one “Line Out” is detected AND the plant power level is less than Level 1

(L1), the system transitions to the “1-Line Out/Normal” state.

▪ If a “Line Trip” is detected, the system transitions to the “1-Line Trip” state and a

“Trip Active” LED is lit for 10 seconds for the tripped line

4.3.2 One Line Trip State

▪ A LED labeled “Trip Active” for the respective line is lit for 10 seconds

▪ If a second “Line Trip” occurs within 10 seconds of the first trip AND the plant output

power is greater than Level 2 (L2), the “Two Line Trip” event flag is set and the

system transitions to the “Trip Logic” state

▪ If a “Line Out” event occurs and Power is greater than Level 2 (L2), the “Line Trip /

Line Out” event flag is set and the system transitions to the “Trip Logic” state.

▪ If after 10 seconds, neither a Line Trip nor a Line Out occurs, the system transitions to

the “1 Line Out/Armed” state and the corresponding LED is lit

▪ If a Breaker Failure occurs during the Line Trip, AND the plant power level is greater

than Level 3 (L3) AND a “Severe” under voltage (V1 < UVs) has existed for at least

16 ms during the fault AND at the time of the Breaker Failure Trip, the positive

sequence voltage is still less than the Medium UV level (V1 < UVm), then the system

transitions to the “Trip Logic” state.

▪ If a Breaker Failure occurs during the “Line Trip” AND the plant power level is >

Level 4 (L4), AND a “Severe” under voltage (V1 < UVs) did not occur during the

fault AND the positive sequence voltage is still less than the Medium UV level (V1 <

UVm) at the time the BFT is issued, then the “BFT Plant Trip” event flag is set, the

“BFT Plant Trip” LED is lit and the system transitions to the “Trip Logic” state.

▪ If the line that was tripped is successfully reclosed then the system transitions back to

the “3-Lines In” state.

4.3.3 One Line Out Armed State

▪ In the “1-Line Out/Armed” state, a LED labeled “1 Line Out/Armed” is lit. This state

is characterized as having a “Line Out” event AND the power level of the plant is

greater than Level 1 (L1)




▪ If a “Line Trip” occurs AND the plant output power is greater than Level 1 (L1) (by

definition of being in this state), the “Line Out/Line Trip” event flag is set, the “Line

Out/Line Trip” LED is lit, and the system transitions to the “Trip Logic” state

▪ If a “Line Out” event occurs AND Power is greater than Level 1 (L1), the “Double

Line Out Trip” event flag is set, the “Double Line Out Trip” LED is lit, and the system

transitions to the “Trip Logic” state

▪ If a Breaker Failure occurs during the “Line Trip”, AND the plant power level is

greater than Level 3 (L3), AND a “Severe” under voltage (V1 < UVs) has existed for

at least 16 ms during the fault AND at the time of the Breaker Failure Trip, the

positive sequence voltage is still less than .60 pu (V1 < .60 pu), then the system

transitions to the “Trip Logic” state

▪ If a Breaker Failure occurs during the “Line Trip”, AND the plant power level is

greater than Level 4 (L4) AND a “Severe” under voltage (V1 < UVs) did not occur

during the fault AND the positive sequence voltage is still less than .60 pu (V1 <

UVm) at the time the BFT is issued , then the “BFT Plant Trip” event flag is set, the

“BFT Plant Trip” LED is lit and the system transitions to the “Trip Logic” state

▪ If the line that was out is successfully reclosed, then the system transitions back to the

“3-Lines In” state.

▪ If the plant power level drops below Level 1 (L1), the system transitions to the “1-Line

Out/Normal” state and the “1-Line Out/Armed” LED is extinguished.

4.3.4 One Line Out/Normal State

▪ The 1-Line Out/Normal state is characterized as having an outage on one line AND the

power level of the plant is less than Level 1 (L1).

▪ If the line that was out is successfully reclosed, then the system transitions to the “3-

Lines In” state.

▪ If the plant power level increases above Level 1 (L1), the system transitions to the “1-

Line Out/Armed” state and the “1-Line Out/Armed” LED is lit and the “1-Line

Out/Armed” event message is issued.

▪ If a second line outage occurs and the system power level is less than Level 1 (L1),

then the system transitions to the “System Inactive” state.

4.3.5 Trip Logic State

▪ The “Trip Logic” state is characterized by the fact that the DCSPS has determined that

a Unit Trip is needed and subsequently determines which unit to trip based on the

substation configuration. The Trip Determination is based on the logic diagrams

shown in the figures labeled “Category 1 and 2” and “Category 3”. These figures are

located in the “Unit Tripping Determination” appendix.

▪ If the Unit selected to be tripped by System A is the same as the Unit selected to be

tripped by System B, then the System transitions to the “Execute Trip” state.

▪ If the Unit selected to be tripped by System A is not the same as the Unit selected to be

tripped by System B, then the DCSPS locks out the trip path to both units and

transitions to the “System Locked Out” state.

▪ If one system (A or B) determines that a Unit X (X= 1 or 2) trip is required and the

other system issues no trip decision within 16ms, the active system transitions to the

“Execute Trip” state and trips the selected Unit.




▪ If one system (A or B) determines that a Unit X (X= 1 or 2) trip is required and the

other system has a “critical alarm” or the communication system has failed, the active

system immediately transitions to the “Execute Trip” state and trips the selected Unit.

4.3.6 Execute Trip State

▪ The Execute Trip state is characterized by the fact that a Unit X (X = 1 or 2) trip has

been issued. If a Unit 1 Trip determination is made then the Trip output to Unit 2 is

“Locked Out” through a non-volatile latch. An LED is lit indicating which unit trip

was issued (Unit 1 or Unit 2). Similar logic applies if a Unit 2 Trip determination is

made, and the trip to Unit 1 is locked out. Lockout-Trip coordination is established by

the proper use of logic and timers. (Lockout alternate unit prior to tripping desired

unit)

4.3.7 System Locked Out State

▪ The “System Locked Out” state is characterized by the fact that a Unit trip has been

issued and the trips to the other unit are “Locked Out”. The logic paths involved in the

trip decision are “sealed in” and no further action by the system is possible.

▪ If the “Reset Pushbutton” is pressed, the “latched” conditions are reset and the scheme

transitions to the appropriate state based on the configuration of the system. Note:

The Reset Pushbutton on both systems must be pressed on both System “A” and

System “B” before the tripped unit is brought back on-line.

▪ Following the Description of Operations section “DCSPS Tripping Alarm” response

procedures, in the order presented, will ensure no standing trip on the unit breakers.

4.3.8 System Inactive State

▪ The “System Inactive” state is characterized by the fact that a double-line outage exists

and a plant trip was not issued by the DCSPS system.

▪ If the plant output power is greater than Level 5 (L5), then the system transitions to the

Plant Over-Power State

▪ If a line is successfully reclosed, then the system transitions to the “1-Line Out” state

4.3.9 Plant Over Power State

▪ The “Plant Over-Power” state is characterized by the fact that two lines are out and

that the plant output power is greater than Level 5 (L5). An Alarm Contact is set and

an LED is lit

▪ If the Plant Output Power drops below Level 5 (L5), then the system transitions to the

“System Inactive” state and the output contact is opened and the LED is extinguished

▪ If a line successfully recloses, and the power is less than Level 1 (L1), the system

transitions to the “1-Line Out Normal” state and the Plant Over-Power alarm contact is

reset and the alarm LED is extinguished.

▪ If a line is successfully reclosed and the plant output power is greater than Level 1

(L1), then the system transitions to the “1-Line Out Armed” state.




System State Transition Diagram

Start

U1 Trip

U2 Trip

System

Locked Out

System

Inactive

• 2 lines out &

P>L5

3-Lines In

1-Line Trip1-Line Out-

Armed

• 1 line or element

TRIP & P>L2

• 1 line OUT & P>L1

• 1 line TRIP & P<L2

1-Line Out

Normal• 1 line OUT

& P<L1

• Time Out & 1 line

OUT

Trip

Logic

• 2nd Line TRIP &

P>L1

• 2nd Line TRIP

& P>L2

•BFT

& P>L3 & UVs or

•P>L4 & UVm

Execute

Trip

•Sys A = Sys B

Sys A-B

Mismatch

•Sys A Sys B

•Other Sys Error

•Other Sys = NO TRIP

•1 Line Reclose

•BFT & P< L3 or no UV

•2nd Line Trip/Out & P<L2

•2 Lines

OUT

•System Reset (PB)

•2 Lines

OUT

•1 Line out

& P>L1

•2nd Line Outage

•2nd line Trip

• Reclose

Legend:

P = Total Plant Output Power in MW

BFT = Breaker Failure Trip

L1 = Arming Level in MW for Line Out/Line Trip

L2 = Arming Level in MW for Line Trip/Line Trip or Out

L3 = Arming Level in MW for a BFT with a Severe UV

L4 = Arming Level in MW for a BFT with a Medium UV

L5 = Alarm level in MW for Plant Over Power alarm

UVs = Severe UV

UVm = Med. UV

PB = Pushbutton

LED N Lit

Vdlos = V1 sup. for

double line out

•Unit Tripped

•BFT

& P>L3 & UVs

or P>L4 &

UVm

•Line Out &

P>L2

2nd Line Out

& P>L1

& V<Vdlos

Plant

Over-Power

•P<L5

•Same state as above

31

32

30

2526

• Reclose 1

line &

P<L1

29

28

27

N

•Reclose 2

lines

Figure 10: DCSPS State Diagram




4.4 Communication Infrastructure

All equipment associated with this scheme is located in the Diablo Canyon 500kV control building.

The Diablo Canyon SPS telecommunication infrastructure can be broken down into two distinct

subgroups:

1. High Speed Relay-To-Relay communication, which enables the transmittal of analog

and digitally encoded data between the relays associated with the Diablo Canyon SPS.

2. Ethernet Communication allows passing status information between System A and

System B for alarm purposes and permits connection to the secure communication

network for remote access for downloading Oscillography and Event Status.

4.4.1 High Speed Relay-to-Relay Communications

DCSPS System-A is comprised of a group of five relays connected via a dual channel fiber loop

(Figure 11). This connection allows data and logic states to be passed directly between relays in the

group for high-speed processing. Relays configured in this manner effectively operate as ONE

functional device. If any of the relays fails, the functional integrity of the group is compromised, the

system will be taken out of service and an alarm will be issued.

DCSPS System-B is comprised of a similar group of five relays connected via a separate dual channel

fiber loop. System A and System B SPS relays operate independently and are NOT interconnected

via fiber for peer-to-peer data exchange.

Integrity of the fiber communications is critical to the functional dependability of the scheme.

Therefore, redundant fiber paths have been designed into the scheme.

The direct relay communications makes use of a 32 bit cyclic redundancy code, (CRC), for high

reliability.

4.4.1.1 Loss of Channel Logic

Loss of channel logic occurs when the high-speed relay communication interface

fails. For a signal to be recognized as reliable, it must transmit without interruption

for at least 250 milliseconds.




RX

TX

W7IC

1

TX

RX

C

2

RX

TX

W7IC

1

RX

TX

C

2

RX

TX

W7IC

1

RX

TX

C

2

RX

TX

W7IC

1

RX

TX

C

2

REDUNDANT

FIBER RING (TX &

RX 64 Bit)

RELAY TO RELAY

COM

REDUNDANT

FIBER RING (TX &

RX 64 Bit)

RELAY TO RELAY

COM

SYS - A

SYS - B

DCPP_DCSPS 12-2005

Dpe4

RX

TX

W7IC

1

TX

RX

C

2

RELAY CONFIG AS

VIEWED FROM

BEHIND PANEL

UNIT #2 DCSPS RACK 3RELAY CONFIG AS

VIEWED FROM

BEHIND PANEL


RELAY CONFIG AS

VIEWED FROM

BEHIND PANEL

LINES DCSPS RACK 1

RX

TX

W7IC

1

TX

RX

C

2

RX

TX

W7IC

1

RX

TX

C

2

RX

TX

W7IC

1

RX

TX

C

2

RX

TX

W7IC

1

RX

TX

C

2

RX

TX

W7IC

1

TX

RX

C

2

578/586DCSPSA-1

DD 3

578/586DCSPSA-2

DD 4

537/511DCSPSA-1

DD 1

537/511DCSPSA-2

DD 2

537DCSPS-A

DD 5

578/586DCSPSB-1

DD 3

578/586DCSPSB-2

DD 4

537/511DCSPSB-1

DD 1

537/511DCSPSB-2

DD 2

537DCSPS-B

DD 5

Figure 11: Fiber Optic Connections for Diablo SPS – System A and System B




4.4.2 Ethernet Relay-to-Relay communication and Remote Access

Ethernet communication is not critical to the Normal operation of the scheme; however it provides an

opportunity for continuously monitoring the health of System A and B. Without the Ethernet

communications, continuous comparison of System-A and System-B quantities will not take place.

(System-A and System-B quantities will be identical during normal operations.)

The Relays are connected to the Operational Data Network (ODN) and allow remote monitoring and

event file download by System Protection personnel (Identical to Path 15 RAS, Path 26 RAS, and

Metcalf SPS, SFRAS, etc.).

The relay Ethernet communications makes use of a 32 bit cyclic redundancy code, (CRC), for high

reliability.

A diagram of the scheme is shown in Figure 12.




ODN Network

578/586DCSPSA-1

578/586DCSPSA-2

537/511DCSPSA-1

537/511DCSPSA-2

537DCSPS-A

578/586DCSPSB-1

578/586DCSPSB-2

537/511DCSPSB-1

537/511DCSPSB-2

537DCSPS-B

1 2 3 4 5 6

7 8 9101112

AB

12x

6x

8x

2x

9x

3x

10x

4x

11x

5x

7x

1x

Eth

ern

et

A

12x

6x

8x

2x

9x

3x

10x

4x

11x

5x

7x

1x

C

Ethernet Switch

IRIG-B TIME

SOURCE

Compare

Sys-A and

Sys-B

SYS - A

SYS - B

Remote

Monitor and

Coms

Remote

Monitor and

Coms

IRIG

IRIG

IRIGIRIG

IRIG

IRIG

IRIGIRIG

IRIG

IRIG

Remote

Monitor and

Coms

Compare

Sys-A and

Sys-B

Compare

Sys-A and

Sys-B

Compare

Sys-A and

Sys-B

Compare

Sys-A and

Sys-B

Firewall

Computer

DCPP_DCSPS 10-2005

Dpe4

Firewall

1 2 3 4 5 6

7 8 9101112

AB

12x

6x

8x

2x

9x

3x

10x

4x

11x

5x

7x

1x

Eth

ern

et

A

12x

6x

8x

2x

9x

3x

10x

4x

11x

5x

7x

1x

C

Ethernet Switch

Note:Each relay will have

a separate LAN

connection into the switchFirewall

Figure 12: Diablo SPS Relay Ethernet Connections




4.5 Relay Functions

Although all five relays function together, and all are essential for proper scheme operation; each relay

within the relay group performs a specific function. The table below provides a brief description:

UR N60 Chassis Functions (System A or B)

578/586DCSPS-1 Trip Outputs and Non-Volatile Latching supervision contacts (Lockout) for Unit #1 500kV CB 532 and CB 632. Houses the majority of the

tripping and voting-comparison logic.

578/586DCSPS-2 Trip Outputs and Non-Volatile Latching supervision contacts (Lockout) for Unit #2 500kV CB 542 and CB 642

537/511DCSPS-1 CT and PT inputs for Unit #1 and CB breaker status monitoring for CB 532 and CB 632

537/511DCSPS-2 CT and PT inputs for Unit #2 and CB breaker status monitoring for CB 542 and CB 642

537DCSPS CT and PT inputs for the Diablo – Gates 500kV line, Diablo – Midway #3 500kV Line, and Diablo – Midway #2 500kV Line. Calculates the MW unit output for monitor display purposes. Monitors the status of 500kV

CB 622, CB 722, CB 732, and CB 742

4.6 Trip Detection and Breaker Failure Recognition

Protection tripping for circuit breakers is taken from the Breaker Failure Initiate (BFI) circuit for each

circuit breaker (see Figure 13).

A line is determined to be tripped by protection if either of the following occurs:

1. One line breaker is open or on maintenance AND the other breaker is tripped

three-pole by protective relays

2. Both breakers are tripped three-pole by protective relays

The figure also illustrates how the DCSPS is wired within each breaker failure circuit to detect when a

breaker has failed. (The figure depicts one of the eight breakers)




BF

(A)

BF

(B)

BF

(C)

DSPS

SYS A

DSPS

SYS B

BF DC (-)

BF DC (+)

Protection Relay

Breaker Fail init

DCSPS BFI

UNIT CB’s

CB

BREAKER

FAIL RELAY

TIMER

TD-5

BREAKER

FAIL RELAY

TIMER

AR TRIPPING

RELAYS

DSPS

SYS A

DSPS

SYS B

TCO

RCO

DCPP_DCSPS 10-2005

Dpe4

Figure 13: SPS Protection Trip Detection




4.7 Breaker Failure Functional Overview

As discussed in previous sections, the breaker failure logic is separated into two distinct categories and

is a function of the following:

1. Plant MW Export Level

2. 500kV Positive sequence voltage during the fault (Indicates fault severity)

3. 500kV Positive sequence voltage at the breaker failure time.

Figure 14 illustrates the voltage level and timing of the two categories

• Voltage Restrained Breaker Failure Trip

– V1 < UVs pu & V1< UVm & P>L4 (SEVERE FAULT)

– V1 > UVs & V1< UVm & P>L3 (MEDIUM SEVERITY FAULT)

V1< UVm

V1< UVs

“Severe” Under-Voltage profile “Medium” Under-Voltage profile

t=0 t~8c t=0 t~8c

Figure 14: Breaker Failure Timing



5 Testing Requirements and Procedures

Diablo Canyon Special Protection Scheme testing is necessary to ensure the following:

▪ Verify that the SPS relays and logic correctly translate in Status Inputs to the Scheme. (Breaker

position, Protection Relay Trips, Breaker Failure Relay Trips, Operator Inputs)

▪ Verify that the SPS logic correctly operates (Outputs information) based on translations of various status

input combinations.

▪ Verify that the SPS relays accurately read AC quantities, (Current and Voltage), and calculate analog

quantities correctly (MW and Positive Sequence Voltage).

▪ Verify that the scheme operates within the Speed requirements.

Specific testing procedures for the Diablo Canyon SPS are provided within a separate document;

“DIABLO CANYON SPS TESTING - Version XX”. The testing document is located on the System

Protection Share drive: "ETM on 'Oakland03'" under the "RAS - SPS Info/DCSPS" folder. Contact

System Protection to obtain the latest version of the document.

System tests will be conducted at a minimum of once every four years. Alterations to the scheme,

(Logic or Hardwire), will require testing to verify that the changes meet expectations. The SPS

alteration will be evaluated to determine if a “Full” test or a “Subset” test is necessary for

verification.

The normal test cycle will be scheduled during the unit outage cycle when it is not necessary for the

scheme to be in service.

5.1 Maintenance Requirements and Procedures

Major construction changes (Addition of a CB to the scheme) will require performing portions of the

Diablo Canyon SPS testing document.

CT ratio changes on the breakers associated with the Diablo Canyon SPS scheme require setting

changes within the appropriate N60 for accurate MW calculations and Outage undercurrent elements.

Load checks should be performed to validate settings.

5.2 DCSPS Testing Matrix

The testing matrix in this section should be used as a template for testing the DCSPS logic. The matrix

provides the expected results, along with a “Test” column for the actual scheme response. (Example:

“SYS AB OK”)

The voltage and current connections necessary to set-up the scheme for arming should only be

connected to the DCSPS Unit relay (537) on the unit that is out during the main bank outage. Provided

that the other unit is on-line, it will provide the necessary base-line MW for arming.

Testing Requirements and Procedures



EVE Scenario ARM LEVELS G→MW2 Test MW2→G Test G→MW3 Test MW3→G Test MW2→MW3 Test MW3→MW2 Test

UNIT SEL SW

1

LLO → TRIP

L3<MW<L1 No Trip No Trip No Trip No Trip No Trip No Trip

L1<MW U2 TRIP U2 TRIP U1 TRIP U1 TRIP

U1 TRIP U1 TRIP Unit 1 Selected


ROD → TRIP





LLO → LLO

MW<L1 & V1<Vdlos No Trip No Trip No Trip No Trip No Trip No Trip

MW>L1 & V1>Vdlos No Trip No Trip No Trip No Trip No Trip No Trip

L1<MW & V1<Vdlos U2 TRIP U2 TRIP U1 TRIP U1 TRIP



LLO → ROD






ROD → LLO






ROD → ROD






2 TRIP → TRIP Within 10 sec

MW<L3 No Trip No Trip No Trip No Trip No Trip No Trip


L2<MW U2 TRIP U2 TRIP U1 TRIP U1 TRIP U1 TRIP U1 TRIP Unit 1 Selected

Testing Requirements and Procedures



EVE Scenario ARM LEVELS G→MW2 Test MW2→G Test G→MW3 Test MW3→G Test MW2→MW3 Test MW3→MW2 Test

UNIT SEL SW


TRIP → LLO Within 10 sec





TRIP → ROD Within 10 Sec





742 BF Test 732 BF Test 622 BF Test 722 BF Test

3 L3<MW V1<Uvs

U2 TRIP N/A N/A U1 TRIP U1 TRIP Unit 1 Selected

N/A N/A U1 TRIP U2 TRIP U2 TRIP Unit 2 Selected

N/A N/A N/A N/A N/A N/A U1 TRIP Unit 1 Selected 632 OPEN

N/A N/A N/A N/A N/A N/A U2 TRIP Unit 2 Selected 642 OPEN

Ensured for Each BF test that without the Voltage collapse and Power greater than L3, NO TRIP

Ensured for Each BF test that with the Voltage collapse and Power less than L3, NO TRIP

Design Adequacy (Ref DCPP EDDG-006 Attachment 8.1)



6 Design Adequacy (Ref DCPP EDDG-006 Attachment 8.1)

This section will address those particular design details expressly requested by the Diablo Canyon PP.

The “Electrical Design Desk Guide” EDDG-006 Attachment 8.1 will be used as a reference document.

The following sections will refer to the concept of reliability. Reliability is a measure of a schemes

performance. Reliability is comprised of both Dependability and Security.

1. Security is the measure of a schemes ability not to operate, (Trip), for unexpected conditions.

2. Dependability is the measure of a schemes ability to operate, (Trip), for expected conditions.

6.1 Power Supply (Station Battery and Charger)

6.1.1 Redundancy and Availability

The UR relays for this scheme are powered by the 125VDC station battery. This battery is the source

for all 500kV microprocessor based relays and accessories located in the Diablo Canyon 500kV

control building. There is only one battery system and associated charger.

Diablo Canyon SPS is composed of two separate distinct Systems – System A and System B. The

systems are identical and can be thought of as operating in parallel. Any failure of one system, (or

component therein), will not adversely affect the reliability of the other.

Each system’s relays are sourced from an independent DC Circuit breaker. If an abnormal DC circuit

condition should cause the DC breaker to trip, the alternate system will continue to be operational.

• System A relays (Qty: 5) receive 125VDC from CB 39

• System B relays (Qty: 5) receive 125VDC from CB 40

The 125VDC Station Battery at the 500kV Switchyard of Diablo Canyon Power Plant is rated at 1010

Ampere Hours. The station has redundant battery chargers each rated at 200 Amps DC. The output

of the battery chargers are connected in parallel, but only one is charging at a given time.

The chargers are fed on separate branch circuit breakers on 480 VAC Distribution Panel No.2. This

panel is supplied by two 4.16kV/480 Transformers which are designated as normal and alternate

sources for Panel No. 2. Please refer to Single Line Diagram of DC Panels (Dwg. 440004, Rev. 17)

and Single Line Diagram of AC Station Service (Dwg. 440003, Rev. 11).

6.1.2 Capacity and Capability

The addition of the relays associated with DCSPS adds burden to the existing battery source. Ten

(10) UR N60 Relays are installed for the DCSPS.

The manufacturer product description specifies the following:

• Power Consumption (per relay): Typical = 35 VA; Max. = 75 VA

• Calculation Total for (10 relays): Typical = 350 VA; Max. = 750 VA

Test Observation: Prior to connection of the DCSPS relays, the continuous 125V

DC load was measured at 13 Amps. The addition of the ten (10) DCSPS relays

increased the continuous load to 15 Amps.

During a quiescent state, the relays LED’s and output contacts are in the normal de-

energized state. The current measured by the aggregate group of ten relays during

the quiescent state was 2 Amps.




6.1.3 Worst Case Power Supply Conditions

The battery is expected to continue sourcing all protection related equipment, including circuit

breakers, for a period of Eight hours in the event of a loss of AC power.

Substation Engineering performed a battery size calculation that considered the newly connected

continuous load. The calculations show that the station requires 495 Ampere Hours capacity battery.

This is less than half the ampere hour rating of the existing station battery.

6.2 Raceway System Design

6.2.1 Physical Separation

The UR relays instrumentation (AC Current Source, AC Voltage Source, and Status) are routed in the

existing 500kV Basement tray system. The tray system is used by all existing 500kV protection

schemes. No special accommodations were made to design a separate tray or routing system for the

DCSPS.

PG&E substation design requirements prohibit routing the instrumentation wires with power cables

(480 Volts). All standard PG&E substation design standard practices were followed for the design

and construction of the Diablo Canyon SPS.

6.3 Scheme Design

6.3.1 Redundancy

Various conditions will directly affect the reliability of the DCSPS:

• Failures in any DCSPS component(s).

• Failure of DCSPS wiring (AC and DC).

Diablo Canyon SPS is composed of two separate distinct Systems – System A and System B. The

systems are identical and can be thought of as operating in parallel. A failure of one system, (or

component therein), will not adversely affect the reliability of the other.

The exceptions to the statement above are the following:

6.3.2 Single Point or Common Mode Failures (Failure Mode Analysis)

Single point failures, for the purposes of this document, are defined as the “Failure of any single

module or subsystem that affects the DCSPS reliability”

• Circuit Breaker Maintenance Switch

Only one circuit breaker Maintenance switch is provided for each breaker.

(Currently all Diablo Canyon 500kV breaker Maintenance switches – with the

exception of CB 532 and CB 542, are used in the 500kV RAS).

The correct position of this switch is critical for the correct operation of the DCSPS

scheme, as well as the 500kV RAS.

There are two contacts from the switch provided for the DCSPS. One contact from

the switch is connected to System-A, the other to System-B.

There are no provisions, other than operator vigilance, for detecting or verifying the

correct position of a CB Maintenance switch. Currently the Maintenance switch

status is not monitored by SCADA. If and when the station becomes unattended,

consideration will be given to providing Maintenance switch status to SCADA.




6.3.2.1 Circuit Breaker Maintenance Switch erroneously in the Maintenance Position

If the circuit breaker is Normal, (Closed and carrying load), A CB Maintenance

switch left in the Maintenance position will adversely affect the Schemes

Dependability or Security depending on the DCSPS Event.

The scheme will recognize the following:

▪ Determine that the Breaker is Open

▪ Ignore any Protection relay trips for the Breaker

▪ Ignore any Breaker Failure Conditions

▪ The scheme will not Trip a breaker in Maintenance. (Logic prohibits trip)

Impact on Dependability:

▪ The schemes ability to monitor the breaker positions is paramount. The maintenance

switch left in the Maintenance position will be interpreted as an OPEN CB by the

scheme.

DCSPS Event-1 and DCSPS Event-2 will not be Dependable.

▪ Any protective relay trip or Breaker failure trip sensed by the DCSPS will be ignored

for a breaker in the Maintenance, (or sensed in the Open) position. If a line trips, and

one of the CB’s for the line is in the maintenance position, the DCSPS will ignore any

Breaker Failure condition that may occur.

DCSPS Event-3 will not be Dependable.

▪ The schemes ability to trip a Unit breaker is critical to ALL Event Categories.

DCSPS Event-1, 2, and 3 will not be Dependable and may cause additional problems

if only one Unit Breaker is tripped.

Impact on Security:

▪ Initial reviews do not reveal any impact on the schemes security.

6.3.2.2 Circuit Breaker Maintenance Switch erroneously in the Normal Position

If the circuit breaker is abnormal, (Open and Cleared), A CB Maintenance switch

left in the Normal position will adversely affect the Schemes Dependability or

Security depending on the DCSPS Event.

The scheme will recognize the following:

▪ The maintenance switch left in the Normal position will be interpreted as OPEN or

CLOSED depending on the actual position of the breaker. (When a CB is Open and

Cleared, the scheme may erroneously recognize a CLOSED normal breaker).

▪ Recognize all Protection relay trips for the Breaker

▪ Recognize Breaker Failure Conditions

▪ The scheme will attempt to Trip the breaker.


▪ The schemes ability to monitor the breaker positions for 500kV bus configuration is

paramount.




DCSPS Event-1, 2, and 3 will not be Dependable. (Inability to accurately recognize a

Line Outage and the actual operating configuration of the Diablo 500kV Bus)

▪ The schemes ability to trip a Unit breaker is critical to ALL Event Categories.

The Diablo SPS May attempt to trip a breaker that is Open and Cleared. This may be

a safety issue if the Test switches from the scheme have not been isolated.

▪ Impacts the schemes ability recognize a trip of the breaker from a protection relay.

The test switches from the breaker may have been isolated by the Maintenance group.

The closed breaker will not be tripped, and the Diablo SPS will not recognize a

Sudden Line Trip. DCSPS Event-1, 2, and 3 will not be Dependable.

Impact on Security:

▪ The schemes ability to monitor the breaker positions for 500kV bus configuration is

paramount. The maintenance switch left in the Normal position will be interpreted as

OPEN or CLOSED depending on the actual position of the breaker. (When a CB is

Open and Cleared, the scheme may erroneously recognize a CLOSED normal

breaker).

Any trip Tests from protection relays completed on a CB in Maintenance will be

interpreted as a CB trip condition. This may cause a DCSPS initiated trip.

6.3.2.3 Circuit Breaker Breaker Failure Relay

As a standard design, the CB’s only have one breaker failure relay. If the breaker

failure relay is OUT for maintenance or defective, the scheme will be impacted.

To overcome this issue, the Circuit breaker with a defective breaker failure relay

must be open and cleared, and the CB Maintenance switch MUST be placed in the

Maintenance position

The scheme is impacted in the following way:

▪ Scheme may not be able to recognize Protection Trips for the CB.

▪ Scheme may not be able to recognize CB Breaker Failure Conditions.


▪ DCSPS Event-1, 2, and 3 will not be Dependable

Impact on Security:

▪ Initial reviews do not reveal any impact on the schemes security.

6.3.3 Security Enhancements

The following is a listing of those design and logic decisions that result in security enhancements:

6.3.3.1 DCSPS Limited Scenario Tripping

• DC SPS will trip for the events programmed, (DCSPS Event Category 1, 2,

and 3), only if the initiating event did not result in a Unit separation. For

many events, a unit separation will occur as a result of the initiating event and

the initial 500kV breaker positions. Although there are many, two examples




will be given where it would initially appear that the DCSPS should operate,

but will be restrained from tripping:

1. A CB 632 breaker failure will result in the separation of

Unit 1. The unit separation is a function of the event.

2. Initial condition: 542 Open. The loss of the Diablo –

Midway #2 and Diablo – Gates line will result in the

separation of Unit #2. The unit separation is a function of

the initial condition of the 500kV breakers and the

initiating event.

6.3.3.2 Physical Lockout

The physical lockout feature, (physical as opposed to a software lockout), provides

a level of comfort in limiting the ability of the DCSPS trip of both units.

• If DCSPS issues a unit trip, the alternate unit tripping circuit will be

physically interrupted by latching contacts.

• The System A latching contacts for the non-tripping unit will open either by a

System A trip OR a System B trip.

• The System B latching contacts for the non-tripping unit will open either by a

System B trip OR a System A trip.

• The latching contacts will remain open until the RESET pushbutton is

depressed. (System A latching contacts will close only when the System A

reset pushbutton is pressed. System B latching contacts will close only when

the System B reset pushbutton is pressed).

Figure 15 provides a visual representation of the latching “Lockout” concept. The

figure only explicitly shows the tripping and lockout for unit 1. (Unit 2 trip circuit

will look identical)

6.3.3.3 Two Tripping Contacts in Series

As seen in Figure 15, two trip contacts are wired in series for each circuit breaker

trip coil and breaker failure initiate circuit. Each contact must close prior to

initiating the function. Each of the two contacts resides on different relay modules.

This physical design feature provides a level of comfort in limiting the tripping of a

unit by the inadvertent closure of one relay contact. Inadvertent contact closure

could theoretically be caused by module failure or unintentional contact shorting.

6.3.3.4 DCSPS “Voting” Scheme (or Cross Blocking Scheme)

System “A” and System “B” exchange Trip information for comparison purposes.

If System “A” or System “B” makes the decision to trip a Unit, the tripping System

(“A” or “B”) waits for a response from the alternate system. If there is no decision

issued by the alternate system, then the unit will be tripped. If the alternate system

also has made a trip decision, and the unit selection matches; the unit is tripped. If

the alternate system makes a decision to trip a unit, and the unit selected is in

disagreement, then NO unit will be tripped.

This portion of the scheme logic may be more easily described as a “Cross Blocking

Feature”. Each system can be blocked from tripping by the alternate system.




Trip Coil 1 DC (-)

Trip Coil 1 DC (+)

DCSPS Unit-1 Tripping Relays

U1

CB

TC 1

DCPP_DCSPS 01-2006

Dpe4

Cut-Out Switch

RCO/DCSPS-A

Cut-Out Switch

RCO/DCSPS-B

Trip Coil 2 DC (-)

Trip Coil 2 DC (+)

U1

CB

TC 2

Cut-Out Switch

RCO/DCSPS-A

Cut-Out Switch

RCO/DCSPS-B

OPEN

CLOSE

LATCH

SYS-A

BF DC (-)

BF DC (+)

Cut-Out Switch

RCO/DCSPS-B

Cut-Out Switch

RCO/DCSPS-A

PRI

TC-1

SYS-A

Mod-F

PRI

TC-1

SYS-B

Mod-F

OPEN

CLOSE

LATCH

SYS-B

OPEN

CLOSE

LATCH

SYS-BOPEN

CLOSE

LATCH

SYS-B

OPEN

CLOSE

LATCH

SYS-AOPEN

CLOSE

LATCH

SYS-A

BF INIT

SYS-A

SYS-B

CB

CLOSE

579H

Auto Reclose

DCSPS

TRIP COIL #1

TRIP

DCSPS

Reclose

Block

DCSPS

TRIP COIL #2

TRIP

DCSPS

Breaker Failure

Initiate

Unit #1 Sys - A Trip

Unit #1 Sys - B Trip

ORUnit #2 DCSPS

Lockout

Close

Close Close

Close

Ope

n

Unit #1 DCSPSLockout

(From U2 Trip bySys-A OR Sys-B)

SYS A RESET PB

Open Close

Clo

seSEC

TC-1

SYS-A

Mod-M

SEC

TC-1

SYS-B

Mod-M

PRI

TC-2

SYS-A

Mod-F

PRI

TC-2

SYS-B

Mod-F

SEC

TC-2

SYS-A

Mod-M

SEC

TC-2

SYS-B

Mod-M

PRI

BFI

SYS-A

Mod-F

PRI

BFI

SYS-B

Mod-F

SEC

BFI

SYS-A

Mod-M

SEC

BFI

SYS-B

Mod-M

Close

Close Close

Close

U1 Trip Lockout U1 Trip Lockout

Sys-B Reset

Close

Close

Close

Clo

se

SYS-BSYS-A SYS-BSYS-A SYS-BSYS-A

SYS B RESET PB

Sys-A Reset

Sys-B Reset

Sys-A Reset

Figure 15: Alternate Unit DCSPS Tripping Lockout




6.4 Surge Protection

All Protection and Auxiliary relays used for this scheme are approved by Substation engineering for use

in Substation environments.

6.4.1 UR Relay Surge Protection

Refer to the UR Relay Instruction manual for specific industry standard tests. The following

information was obtained from the UR N60 Relay Instruction manual:

Surge Impunity Test

▪ EN 61000-4-5

6.4.2 EMI and RFI (Electro-Magnetic and Radio Interference)

All Protection and Auxiliary relays used for this scheme are approved by Substation engineering for

use in Substation environments.

6.4.2.1 UR Relay EMI/RFI tests

Refer to the UR Relay Instruction manual for specific industry standard tests. The

following information was obtained from the UR N60 Relay Instruction manual:

Electrical Fast Transient:

▪ ANSI/IEEE C37.90.1

▪ IEC 61000-4-4

▪ IEC 60255-22-4

RFI Susceptibility:

▪ ANSI/IEEE C37.90.2

▪ IEC 61000-4-3

▪ IEC 60255-22-3

▪ Ontario Hydro C-5047-77

Conducted RFI:

▪ IEC 61000-4-6

Power frequency Magnetic field immunity:

▪ IEC 61000-4-8

6.4.2.2 DC Transients

All new substation projects install shielded cables to reduce the electrical transients

on the attached equipment.

Some of the possible causes of transient events include:

▪ Switching surges

▪ Floating DC circuits or when DC sources are being tested for other future projects

▪ Battery charger startup




In order to secure the functionality of the scheme under transient conditions, all of

the following DC inputs will be set with a 16 millisecond time delay. (Input must

be asserted continuously for the pickup time before the relay logic will act on the

input).

▪ BF Initiate Inputs

▪ Breaker Status Change

▪ Breaker Maintenance Switches

▪ Breaker Failure Tripping

6.5 Protection Devices

6.5.1 Sensitivity

All Protection and Auxiliary relays used for this scheme are approved by Substation engineering for

use in Substation environments.

6.5.2 Relay Reliability

Approval from GE was obtained prior to quoting the following statistics:

• MTBF (Mean Time Between Failure): 104 years

• Availability: 99.99963%

For details regarding the actual equations for the statistics shown above, contact the GE factory.

6.5.3 Coordination

It is essential that this scheme coordinates with the Line and Unit relays

• The DCSPS must react faster than the Unit Out-of-Step relaying. The

DCSPS must issue a trip within 70 milliseconds of line short circuit inception

and 200 milliseconds for breaker failure scenarios. (See “Additional

Reference Documents”, Item #4)

• The 500kV line relay Out-of-Step blocking functions must be enabled to

prevent line tripping for Out-of-Step conditions.

6.5.4 Relay Burden

Microprocessor relays add minimal burden to the AC circuitry. The wiring added to include the new

relays was minimal and routed within the control room.

The following information was obtained from the UR N60 Relay Instruction manual:

▪ Relay AC Current Burden: < 0.2 VA at rated secondary

▪ Relay AC Voltage Burden: < 0.2 VA at rated secondary

6.5.5 Scheme Accuracy

The Relay Accuracy will directly impact the setpoint accuracy.

CT Error (CT accuracy) 1.0%

PT Error (PT accuracy) 1.0%

N60 Power Computation Accuracy 1.0%

N60 Digitizer Computation Accuracy 0.5%

Margin factor 1.5%




Total Error (Worst Case: 120 MW at

full scale)

5.0%

6.6 Design Calculations (Quality Assurance)

Those items not specifically referred to in this sub-section can be found within this document as a

whole. (Example: Design details, drawing list, description of Operations, Testing Criteria etc.)

6.6.1 Setting Reevaluation and Update

The set points for the scheme, (See appendix), will be reevaluated by PG&E Operation Engineering

department on a periodic basis. Setpoint setting changes may be the result of updated studies.

System Protection will coordinate any setting changes with DCPP Engineering for review and

concurrence prior to implementation.

6.6.1.1 Setpoint changes

Any setpoint change requests will be routed through PG&E System Protection Department

for implementation. The setpoint setting change request must be communicated to Diablo

Canyon Engineering.

Setpoint changes may include but are not limited to:

▪ New Set points for Positive Sequence Voltage level Setting

▪ Adjustment of Megawatt arming levels

The recommended procedure is as follows:

1. Obtain permission from the TOC for cutting out System A. (or System B)

2. Cut-Out System A. (or System B)

3. Maintenance or Construction tech makes necessary setting change(s) by either

loading file, or changing each setting individually.

4. Send As-Left settings to protection engineer for verification. Perform any other

necessary checks per Protection Engineer request. (Additional checks may be

verification of LED status, etc.)

5. Protection Engineer releases scheme to Operations

6. Operations to verify that the scheme does not have a sealed trip.

7. Cut-In scheme.

8. Repeat steps for alternate system. (System B)

6.6.1.2 Logic Changes

Logic changes may be necessary to improve the scheme performance.

Logic changes may include but are not limited to:

▪ Adjustment of timer pickup and/or dropout times

▪ Removal of Logic that is no longer required




6.6.2 N60 Relay Setting Ownership

The PG&E System Protection Department is responsible for providing any future setting changes

necessary for proper scheme operation. Setting changes will be issued in the form of a setting file to

the responsible PG&E Construction or Maintenance personnel.

The PG&E Maintenance headquarters associated with Diablo Canyon 500kV switchyard will

maintain setting files for the scheme. These setting files will accurately reflect the existing settings on

all relays associated with Diablo SPS.

The PG&E System Protection Department will maintain up-to-date Diablo Canyon SPS setting files

within the Protection Relay Setting Database. These files will accurately reflect the existing settings

on all relays associated with Diablo SPS.

6.6.3 Setting Verification (Protection Department)

6.6.3.1 Periodic

The Scheme settings will be verified on a periodic basis to ensure that the set points and

logic are as expected. Settings should be verified during the regularly scheduled Diablo

SPS test cycle.

6.6.3.2 Setting Change(s)

Upon downloading a new setting file into the appropriate relay(s), the responsible PG&E

Construction or Maintenance personnel will return a copy of the “As-Left” relay(s)

settings to PG&E System Protection for comparison with the expected settings.

6.6.4 Relay Firmware

6.6.4.1 Existing Firmware

The relay firmware upon commissioning of the scheme is version 5.0

6.6.4.2 Changes to Firmware

Any changes to the Relay firmware will require a review of the settings to ensure any

setting elements used in the scheme have not been removed by the new firmware. Any

new settings made available by the firmware upgrade should be reviewed to determine if

they provide any additional benefits for use in the scheme. (Examples may include

additional I/0, enhanced voltage measurements, etc.)

As a general rule, a relay firmware upgrade will require a system test of the affected

relays.

Glossary



7 Glossary

Fault Severity For the Purposes of the Diablo SPS, fault severity is defined by the collapse of the 500kV Positive Sequence Voltage. The Breaker

Failure DCSPS events utilize the Positive sequence voltage collapse to determine severity of the fault.

NERC North American Electric Reliability Council

Relays Relays are devices that monitor and sense abnormalities within an electric system. Relays are programmed to close contacts within an

electric circuit when certain imbalance thresholds have been met.

CAISO California Independent System Operator

Contingency The loss of an element in the power system. “First Contingency” refers to the loss of one unique element (e.g., the loss of a critical

transmission line or generator). “Second Contingency” refers to the loss of a subsequent unique element while the first element is still out

of service.

Inrush Current Inrush current is the short duration, large magnitude current required creating the fields that start motors, AND magnetize transformer

cores.

MW Megawatt

SPS Special Protection System. As implied by the name, an SPS is a protection scheme that goes beyond the scope of a standard

protection scheme. Special Protection Schemes (SPS) are designed to respond quickly to pre-defined events for which reliance on human

intervention is insufficient to protect equipment and minimize the adverse impacts of those events.

SATS Strategic and Technical Services PG&E engineering department

Overcurrent A condition in which the flow on a system element is above an established threshold. Overcurrent conditions are used in

conjunction with breaker seal status in some SPS to improve the reliability of outage status determination.

Undercurrent A condition in which the current flow on a system element is below an established threshold. Undercurrent conditions are used in

conjunction with breaker seal status in some SPS to improve the reliability of outage status determination.

Remote End Remote End 500kV Line Terminal

SCADA Supervisory Control and Data Acquisition. SCADA is a system of RTUs, communication links and master control stations devices that enable Electric Transmission Control Center operators to remotely

monitor system conditions such as MWs, amps, volts and the open/close status of circuit breakers and switches. It also makes the control of circuit breakers, switches, and other apparatus possible.

TOC Transmission Operations Center, located in the San Francisco General Office. System Dispatchers are a part of the TOC.

Additional Reference Documents



8 Additional Reference Documents

Document Owner Document Location

1 “Electrical Design Desk Guide” EDDG-006 Attachment 8.1

Diablo Canyon PP Reference version will be included on the System

Protection Share drive: "ETM on 'Oakland03'" under the

"RAS - SPS Info/DCSPS" folder from DCPP

2 Diablo Canyon SPS UR Relay Commissioning Testing

System Protection Engineering

All documentation associated with Diablo Canyon SPS design

will be stored on the System Protection Share drive: "ETM

on 'Oakland03'" under the "RAS - SPS Info/DCSPS" folder. If documents are required, please contact System Protection for

assistance.

3 Mitigation Measures for Double Outages at Diablo Canyon Power Plant

Electric Transmission and Distribution Engineering

Electric Transmission and Distribution Engineering for

Details

4 DCPP SPS Technical Requirements (Modification of Section 6 in the SATS

report)

Electric Transmission and Distribution Engineering

Electric Transmission and Distribution Engineering for

Details

5 O23 Operations Engineering

Appendix A: DCSPS Critical Set Points (Commissioning Settings)



9 Appendix A: DCSPS Critical Set Points (Commissioning Settings)

9.1 Set Points and Definitions

SETPOINT DESCRIPTION

Relay Setting

(May 06)

Set Point Accuracy

1

TMW

The Definite Time setting necessary for MW Arming and

Disarming. (The setting prohibits a DCSPS arming status

change during an event or post-event transients. MW arming

will occur when the U1+U2 NET MW Export is above the

MW arming setting, (L1 through L5), for the TMW period.

MW disarming will occur if the U1+U2 NET MW Export is

below the MW arming setting, (L1 through L5), for the TMW

period.)

10 Sec +/- 1 msec

2 TSIMULTANEOUS

The period of time, within which two events occur, will be

considered simultaneous 10 Sec

+/- 1 msec

3

L1

(Level 1)

Plant U1+U2 NET MW export arming level for DCSPS Event

– 1

(Setting is a function of plant minimum operating voltage –

0.975 pu of 25kV)

1808 MW < 5.0%

4

L2

(Level 2)


– 2


0.975 pu of 25kV)

1790 MW < 5.0%

5

L3

(Level 3)


– 3

(Breaker Failure with a Severe Fault)


0.975 pu of 25kV)

1723 MW < 5.0%

6

L4

(Level 4)


– 3

(Breaker Failure with a Medium severity level fault)

3000 MW (DISABLED

) < 5.0%

7

L5

(Level 5)

Plant U1+U2 NET MW export arming level for Double Line

Outage.

(Supports O23 operating procedure.)

1600 MW < 5.0%

8

UVm

500kV positive sequence setting value. Per Unit of nominal

voltage. (The measured 500kV positive sequence voltage

MUST fall below this setting level for the fault to be

categorized as “Medium” severity)

400 kVLL

(0.77 pu of 519.6 kVLL)

+/- 0.5%

9

UVs

500kV positive sequence setting value. Per Unit of nominal

voltage. (The measured 500kV positive sequence voltage

MUST fall below this setting level for the fault to be

categorized as “Severe”)

285 kVLL

(0.548 pu of 519.6 kVLL)

+/- 0.5%

Appendix A: DCSPS Critical Set Points (Commissioning Settings)



SETPOINT DESCRIPTION

Relay Setting

(May 06)

Set Point Accuracy

10

TV1

The 500kV positive sequence voltage dip window. (The

positive sequence voltage dip must be sensed in the window

of time beginning with an event initiation and ending with this

timer setting)

12 Cycles +/- 1

mesec

11

UC1

Undercurrent Pickup setting. (Used for Local Line outage and

Remote Line Outage)

220 Amps

(0.11 pu 1% Hyst.)

+/- 1 %

12

Vdlos

The positive sequence voltage level that supervises a double

line outage scenario (Outage → Outage). The voltage must

be below the setting

540 kV

(1.039 pu of 519.6 kVLL Hyst. 0.2%)

+/- 0.5%

13

Digitizer

The MW Quantities calculated by the relay are Digitized and

sent via relay-to-relay communication for Summation and

compared against MW setpoints

11 MW/BIT

(Summed Values are 22 MW/BIT)

0.5%

Appendix B: Diablo Canyon SPS Alarm Points



10 Appendix B: Diablo Canyon SPS Alarm Points

10.1 Diablo Canyon Annunciation & RTU Alarms

DESCRIPTION

ORIGINATION

Station

ANNUNCIATOR RTU

1

DIABLO - GATES 500kV LINE OUTAGE

Indicates that the DCSPS logic has Determined a

Diablo – Gates Line Outage

537DCSPS-A and 537DCSPS-B in PARALLEL

(One Or Both Systems will bring in this Point)

NO 500 D20ME RTU

2

DIABLO - MIDWAY #2 500kV LINE OUTAGE


Diablo-Midway #2 Line Outage



NO 500 D20ME RTU

3

DIABLO - MIDWAY #3 500kV LINE OUTAGE


Diablo – Midway #3 Line Outage



NO 500 D20ME RTU

4

UNIT #1 OUTAGE


Unit #1 Outage



NO 500 D20ME RTU

5

UNIT #2 OUTAGE


Unit #2 Outage



NO 500 D20ME RTU

6 UNIT #2 TRIPPING PREFERENCE

Indicates the Position of the Unit Selector Switch



NO 500 D20ME RTU

7 UNIT #1 TRIPPING PREFERENCE

Indicates the Position of the Unit Selector Switch



NO 500 D20ME RTU

8 SYSTEM A: (LINE-OUT) and (U1+U2 MW NET > L1) 578/586DCSPSA-1 (System A will bring in this Point) NO 500 D20ME RTU




DESCRIPTION

ORIGINATION

Station

ANNUNCIATOR RTU

ARMING INDICATION

9

SYSTEM A: (LINE-OUT) and

(500kV-VOLTS< Vdlos) and (U1+U2 MW NET > L1)

ARMING INDICATION

578/586DCSPSA-1 (System A will bring in this Point) NO 500 D20ME RTU

10

SYSTEM A: (TWO LINES-OUT) and

(U1+U2 MW NET > L5)

ARMING INDICATION

578/586DCSPSA-1 (System A will bring in this Point) NO 500 D20ME RTU

11 SYSTEM A: SPARE 578/586DCSPSA-2 (System A will bring in this Point) NO 500 D20ME RTU

12 SYSTEM A: SPARE 578/586DCSPSA-2 (System A will bring in this Point) NO 500 D20ME RTU

13 SYSTEM B: (LINE-OUT) and (U1+U2 MW NET > L1)

ARMING INDICATION

578/586DCSPSB-1 (System B will bring in this Point) NO 500 D20ME RTU

14

SYSTEM B: (LINE-OUT) and

(500kV-VOLTS< Vdlos) and (U1+U2 MW NET > L1)

ARMING INDICATION


15

SYSTEM B: (TWO LINES-OUT) and

(U1+U2 MW NET > L5)

ARMING INDICATION


16 SYSTEM B: SPARE 578/586DCSPSB-2 (System B will bring in this Point) NO 500 D20ME RTU

17 SYSTEM B: SPARE 578/586DCSPSB-2 (System B will bring in this Point) NO 500 D20ME RTU

18

SYSTEM A UNIT 1 TRIP

Indicates that System A has tripped

Unit #1

578/586DCSPSA-1 YES 500 D20ME RTU

19 SYSTEM A UNIT 2 TRIP 578/586DCSPSA-2 YES 500 D20ME RTU




DESCRIPTION

ORIGINATION

Station

ANNUNCIATOR RTU

Indicates that System A has tripped

Unit #2

20

SYSTEM B UNIT 1 TRIP

Indicates that System B has tripped

Unit #1

578/586DCSPSB-1 YES 500 D20ME RTU

21

SYSTEM B UNIT 2 TRIP

Indicates that System B has tripped

Unit #1

578/586DCSPSB-2 YES 500 D20ME RTU

22

SYSTEM A CHANNEL FAIL

Indicates that Both Communication channels

For System-A have failed. (No Relay-Relay

Communication Capability)

ALL SYSTEM “A” RELAYS IN PARALLEL YES 500 D20ME RTU

23

SYSTEM B CHANNEL FAIL

Indicates that Both Communication channels

For System-A have failed. (No Relay-Relay

Communication Capability)

ALL SYSTEM “B” RELAYS IN PARALLEL YES 500 D20ME RTU

24

SYSTEM A CUT-OUT

SYSTEM A C/O SWITCH NO 500 D20ME RTU

25

SYSTEM B CUT-OUT

SYSTEM B C/O SWITCH NO 500 D20ME RTU

26

SYS A RELAY CRITICAL FAILURE

ALL SYS A RELAYS IN PARALLEL

(Any failure of ONE relay will bring in this point)

YES 500 D20ME RTU

27 SYS B RELAY CRITICAL FAILURE ALL SYS B RELAYS IN PARALLEL YES 500 D20ME RTU




DESCRIPTION

ORIGINATION

Station

ANNUNCIATOR RTU

(Any failure of ONE relay will bring in this point)

28

SYS A MAINTENANCE ALARM

537/511DCSPSA-1 and 537/511DCSPSA-2 in PARALLEL

(Any System A Maintenance Alarm will bring in this point)

YES 500 D20ME RTU

29

SYS B MAINTENANCE ALARM

537/511DCSPSB-1 and 537/511DCSPSB-2 in PARALLEL

(Any System A Maintenance Alarm will bring in this point)

YES 500 D20ME RTU

NOTE:

RTU: All points indicated for the RTU will be available

AFTER the RTU replacement

(Note: 10/05/2005)

▪ It is projected that the 500kV RTU will be replaced by June 2006

Appendix C: Diablo Canyon SPS Drawings


Pacific Gas and Electric Company, CONFIDENTIAL – For Internal Use by Authorized Personnel

Only

11 Appendix C: Diablo Canyon SPS Drawings

11.1 Diablo Canyon SPS Drawing List

DESCRIPTION Design Drawing

Number

1 Single Line Meter and Relay 56654

2 Unit 1 500/25kV- (CB 532 & 632) (AC) 435804

3 CB 532 Control (DC) 435807

4 Unit 2 500/25kV- (CB 542 & 642) (AC) 435538

5 CB 542 Control (DC) 443541

6 500kV RAS (Maintenance Switch) 4004438

7 Diablo – Midway #3 (CB 632 & 732) (AC) 4012506

8 Bay 3 BF Timing (CB 532, 632, & 732) (DC) 4012509

9 CB 632 Control (DC) 4012514

10 CB 732 Control (DC) 4012515

11 Diablo – Midway #2 (CB 642 & 742) (AC) 4012518

12 Bay 4 BF Timing (CB 542, 642, & 742) (DC) 4012520

13 CB 642 Control (DC) 4012525

14 CB 742 Control (DC) 4012526

17 Diablo – Gates (CB 622 & 722) (AC) 4013352

18 Bay 2 BF Timing (CB 622 & 722) (DC) 4013354

19 CB 622 Control (DC) 4013359

20 CB 722 Control (DC) 4013360

21 DCSPS Panel Arrangement 4038189

22 DCSPS Alarms and SCADA points 4038190

23 DCSPS Alarms and SCADA points 4038191

24 DCSPS System A Unit 1 Device 578/586DCSPSA-1 (DC) 4038194

25 DCSPS System B Unit 1 Device 578/586DCSPSB-1 (DC) 4038195



28 DCSPS System A Line Device 537DCSPS-A (AC) 4038198

29 DCSPS System B Line Device 537DCSPS-B (AC) 4038199

30 DCSPS System A Line Device 537DCSPS-A (DC) 4038200

31 DCSPS System B Line Device 537DCSPS-B (DC) 4038201

Appendix C: Diablo Canyon SPS Drawings


Pacific Gas and Electric Company, CONFIDENTIAL – For Internal Use by Authorized Personnel

Only

DESCRIPTION Design Drawing

Number

32 DCSPS System A Unit 1 Device 537/511DCSPSA-1 (AC) 4038202

33 DCSPS System B Unit 1 Device 537/511DCSPSB-1 (AC) 4038203



36 DCSPS System A Unit 2 Device 537/511DCSPSA-2 (AC) 4038206

37 DCSPS System B Unit 2 Device 537/511DCSPSB-2 (AC) 4038207



40 Diablo Canyon DC Panels 440004

Appendix D: DCSPS Event Category Detailed Description



12 Appendix D: DCSPS Event Category Detailed Description

The following table defines the three Event Categories part of the Diablo Canyon SPS.

DCSPS Event Definition

1

One Line Trip or One Line Outage in a Double line configuration (Two Lines Initially In-Service):

Twelve (12) Permutations:

OUTAGE (1st Line) → TRIP (2nd Line)

OUTAGE (1st Line) → OUTAGE (2nd Line)

Diablo – Gates 500kV Line Outage

A. Protection Trip (or Outage) of the Diablo Canyon – Midway #3 500kV

line. (Two Permutations)

Protection Trip (or Outage) of the Diablo Canyon – Midway #2 500kV line.

(Two Permutations)

Diablo – Midway #3 500kV Line Outage


(Two Permutations)

Protection Trip (or Outage) of the Diablo Canyon – Gates 500kV line. (Two

Permutations)

Diablo – Midway #2 500kV Line Outage

Protection Trip (or Outage) of the Diablo Canyon – Gates 500kV line. (Two

Permutations)


(Two Permutations)

Appendix D: DCSPS Event Category Detailed Description



DCSPS Event Definition

2

Double Line Trips or Double Line Outages in a Triple line configuration (Three Lines initially In-Service)

Twelve (12) Permutations:

TRIP (1st Line) → TRIP (2nd Line)

TRIP (1st Line) → OUTAGE (2nd Line)

A. Protection Trip (or Outage) of the Diablo Canyon – Gates 500kV line

AND a Protection Trip (or Outage) of the Diablo Canyon – Midway #3

500kV line within the TSIMULTANEOUS time window. (Four

Permutations)

B. Protection Trip (or Outage) of the Diablo Canyon – Midway #3 500kV

line AND a Protection Trip (or Outage) of the Diablo Canyon – Midway

#2 500kVline within the TSIMULTANEOUS time window. (Four

Permutations)

C. Protection Trip (or Outage) of the Diablo Canyon – Midway #2 500kV

line AND a Protection trip (or Outage) of the Diablo Canyon – Gates

500kV line within the TSIMULTANEOUS time window. (Four

Permutations)

3

500kV Circuit Breaker Failure

Four (4) Distinct Possibilities:

A. CB 622 Failure

CB 722 Failure

CB 532 Failure (Not Required)


CB 732 Failure



CB 742 Failure

Appendix E: Unit Tripping Determination and Karnaugh Maps

DCSPS Operational Handbook Page 13-1 Rev Date/Time: 1/7/2019 4:31:00 PM


13 Appendix E: Unit Tripping Determination and Karnaugh Maps

The Karnaugh Maps in this appendix are included to illustrate the process involved with Unit trip

selection as a function of the Diablo Canyon 500kV Bus configuration at the time of the event.

The Unit Selection trip logic was derived with the use of the Karnaugh Maps and is included in this

section as well.




BUS 2

742642

732

722622

542

BUS 1

632532

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 2

DIABLO

UNIT 1

BUS 2

742642

732

722622

542

BUS 1

632532

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 2

DIABLO

UNIT 1

BUS 2

742642

732

722622

542

BUS 1

632532

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 2

DIABLO

UNIT 1

DCSPS EVE-1A

DCSPS EVE-1D

DCSPS EVE-1C

DCSPS EVE-1F

DCSPS EVE-1B

DCSPS EVE-1E

DIABLO - MIDWAY #3 LINE OUTAGEDIABLO - MIDWAY #2 LINE TRIP

DIABLO - GATES LINE OUTAGEDIABLO - MIDWAY #2 LINE TRIP

DIABLO - GATES LINE OUTAGEDIABLO - MIDWAY #3 LINE TRIP

DIABLO - GATES LINE TRIPDIABLO - MIDWAY #3 LINE OUTAGE

DIABLO - MIDWAY #3 LINE TRIPDIABLO - MIDWAY #2 LINE OUTAGE

DIABLO - GATES LINE TRIPDIABLO - MIDWAY #2 LINE OUTAGE

DIABLO - MIDWAY #3 LINE TRIP or OUTAGEDIABLO - MIDWAY #2 LINE TRIP or OUTAGE

DIABLO - MIDWAY #2 LINE TRIP or OUTAGEDIABLO - GATES LINE TRIP or OUTAGE

DIABLO - GATES LINE TRIP or OUTAGEDIABLO - MIDWAY #3 LINE TRIP or OUTAGE

DCSPS EVE-2B DCSPS EVE-2CDCSPS EVE-2A

DCPP_DCSPS 10-2005

Dpe4

For DCSPS Event 2x, the breakers at Diablo on the linethat is OUT may not be open (Remote Open Detection).The Remote End breakers, instead, may be open. Thefigure above is equivalent to the remote end breakersOpen.

Diablo - Midway #2 Line is the only export Path

By inspection, Unit 2 will never be tripped in thiscondition.

DCSPS Trips UNIT #1, (if MW and VOLTAGEsupervision is satisfied), AND only if CB’s 532, 542,and 642 are closed. (742 position status is not relevant)(DCSPS will be restricted from tripping unless theconfiguration of the four breakers that are unaffected bythe event are in a configuration such that DCSPS willresult in a beneficial action. )

DCSPS Event - 1x and 2x: Unit Trip Selection as a function of BUS CONFIGURATION

NO

TE

S


Diablo - Gates Line is the only export Path

By inspection, Either Unit #1 or Unit #2 can be tripped.

DCSPS Trips by the Unit Selector Switch Preference, (ifMW and VOLTAGE supervision is satisfied), AND onlyif CB’s 532, 542, and 622 are closed. (722 position statusis not relevant)(DCSPS will be restricted from tripping unless theconfiguration of the four breakers that are unaffected bythe event are in a configuration such that DCSPS willresult in a beneficial action. )


Diablo - Midway #3 Line is the only export Path

By inspection, Unit 1 will never be tripped in thiscondition.

DCSPS Trips UNIT #2, (if MW and VOLTAGEsupervision is satisfied), AND only if CB’s 532, 542,and 632 are closed. (732 position status is not relevant)(DCSPS will be restricted from tripping unless theconfiguration of the four breakers that are unaffected bythe event are in a configuration such that DCSPS willresult in a beneficial action. )

UN

IT T

RIP

DE

CIS

ION

AS

A

FU

NC

TIO

N O

F R

EM

AIN

ING

50

0k

V B

RE

AK

ER

CO

NF

IGU

RA

TIO

N

BU

S C

ON

FIG

UR

AT

ION

AS

A

FU

NC

TIO

N O

F T

HE

EV

EN

T

N

N

N

N

N

N

N

N

U1

N

N

N

N

N

N

00 01 11 10

00

01

11

10

N

N

N

N

N

N

N

N

U2

N

N

N

N

N

N

N N N N

N N N N

N N E N

N N E N

00 01 11 10

00

01

11

10

00 01 11 10

00

01

11

10

622 532

722 542632 532

732 542642 532

742 542

U1 U2

1: CB is Closed at the time of Initiating Event (t0) 0: CB is Opened at the time of Initiating Event (t

0)

Diablo SPS will only trip if it results in a benefit. (Removal of one of two units that remain tied to the system after the initiating event.

U1: Unit #1 Tripped U2: Unit #2 Tripped E: Either - Unit Tripped based on Unit Selector Sw




AND

CB 532 CLOSED

CB 542 CLOSED

CB 642 CLOSED

OR

AND

AND

AND

DG OUTAGE

DM#3 TRIP

DM#3 OUTAGE

DG TRIP

DM#3 (OUTAGE or TRIP)

DG (OUTAGE or TRIP)AND

UNIT #1 TRIP

AND

CB 532 CLOSED

CB 542 CLOSED

CB 622 CLOSED

OR

AND

AND

AND

DM#2 OUTAGE

DM#3 TRIP

DM#3 OUTAGE

DM#2 TRIP


DM#2 (OUTAGE or TRIP)AND

UNIT TRIP BY UNITSELECTOR

AND

CB 532 CLOSED

CB 542 CLOSED

CB 632 CLOSED

OR

AND

AND

AND

DG OUTAGE

DM#2 TRIP

DM#2 OUTAGE

DG TRIP


DG (OUTAGE or TRIP)AND

UNIT #2 TRIP

DCSPS EVE-1A

DCSPS EVE-1D

DCSPS EVE-1C

DCSPS EVE-1F

DCSPS EVE-1B

DCSPS EVE-1E

DCSPS EVE-2B

DCSPS EVE-2C

DCSPS EVE-2A

TRIP LOGIC DCSPS Event - 1x and 2x (SEE STATE TRANSITION DIAGRAMS)

Physical Topology ofthe 500kV Bus

(From Karnaugh Map)


(From Karnaugh Map)


(From Karnaugh Map)

DCPP_DCSPS 12-2005

Dpe4




632

742

BUS 2

742642

732

722622

542

BUS 1

632532

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 2

DIABLO

UNIT 1

FAILBUS 2

642

BUS 1

632

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 2

DIABLO

UNIT 1

722

FAIL

622

732532

542 742

BUS 2

642

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 1

FAIL

532

542

BUS 1

722

732

622

DIABLO

UNIT 2

BUS 2

DIABLO - MIDWAY #2

500kV LINE

DIABLO - MIDWAY #3

500kV LINE

GATES - DIABLO

500kV LINE

DIABLO

UNIT 1

532

542

722622

DIABLO

UNIT 2

732632

642

FAIL

742

DCSPS Event - 3x: Unit Trip Selection as a function of BUS CONFIGURATION

DCSPS EVE-3ACB 622 Failure

DCSPS EVE-3BCB 722 Failure

BUS 1

DCSPS EVE-3ECB 732 Failure

DCSPS EVE-3HCB 742 Failure

BU

S C

ON

FIG

UR

AT

ION

AS

A

FU

NC

TIO

N O

F T

HE

EV

EN

T

N

N

N

N

N

N

N

N

E

N

N

N

N

00 01 11 10

00

01

11

10

732 632

742 642

E

E

E

UN

IT T

RIP

DE

CIS

ION

AS

A

FU

NC

TIO

N O

F R

EM

AIN

ING

50

0k

V B

RE

AK

ER

CO

NF

IGU

RA

TIO

N

Diablo - Midway #2 or #3 Lines can be anexport Path (Depending on Initial Busconfiguration)

Given the proper initial bus configuration,Either Unit Can be tripped.

DCSPS Trips by the Unit Selector Switch, (ifMW and VOLTAGE supervision is satisfied),AND only if CB’s 632, 642, are closed. (732and 742 Position is not relevant)

N

N

N

N

N

N

N

E

N

N

N

00 01 11 10

00

01

11

10

632 532

642 542

EE E

U1

U2

N

N

N

N

N

N

N

N

N

N

00 01 11 10

00

01

11

10

622 532

642 542

U1

U1

N N U1 U1

N

N

N

N

N

N

N

N

N

N

00 01 11 10

00

01

11

10

622 532

632 542

U2

U2

N NU2 U2

Diablo - Midway #2 or #3 Lines can be anexport Path (Depending on Initial Busconfiguration)

Given the proper initial bus configuration,Either Unit can be tripped (Provided the MWand VOLTAGE supervision are satisfied):

DCSPS Trips by the Unit Selector Switch, IfCB 632 and CB 642 are closed. (CB 532 and542 position status is not relevant)

DCSPS Trips UNIT #1, If CB’s 532, 542, and642 are closed AND 632 is opened.

DCSPS Trips UNIT #2, If CB’s 532, 542, and632 are closed AND 642 is opened.

NO

TE

S

Diablo - Midway #2 or Diablo - Gates Linescan be an export Path (Depending on InitialBus configuration)

Given the proper initial bus configuration,Only Unit 1 will be tripped.

DCSPS Trips UNIT #1 For (3) Conditions(Provided the MW and VOLTAGEsupervision are satisfied):

If CB’s 532, 542, and 642 are closed (CB 622position status is not relevant).



DCPP_DCSPS 10-2005

Dpe4

1: CB is Closed at the time of Initiating Event (t0) 0: CB is Opened at the time of Initiating Event (t

0)

Diablo SPS will only trip if it results in a benefit. (Removal of one of two units that remain tied to the system after the initiating event.

U1: Unit #1 Tripped U2: Unit #2 Tripped E: Either - Unit Tripped based on Unit Selector Sw

Diablo - Midway #3 or Diablo - Gates Linescan be an export Path (Depending on InitialBus configuration)

Given the proper initial bus configuration,Only Unit 2 will be tripped.

DCSPS Trips UNIT #2 For (3) Conditions(Provided the MW and VOLTAGEsupervision are satisfied):







AND

CB 632 CLOSED

CB 642 CLOSED

ANDCB 622 Fail


AND

CB 542 CLOSED

AND

CB 632 CLOSED

CB 642 CLOSED

TRIP LOGIC DCSPS Event - 3x (SEE STATE TRANSITION DIAGRAMS)


(From Karnaugh Map)

PhysicalTopology of

the 500kV Bus (From

KarnaughMap)

DCSPS EVE-3A

CB 642 CLOSED

AND

CB 542 CLOSED

CB 632 CLOSED

AND

CB 632 OPENED

CB 642 OPENED

CB 532 CLOSED

CB 532 CLOSEDAND


UNIT #1 TRIP

ANDUNIT #2 TRIP

CB 722 FailDCSPS EVE-3B

OR

AND

CB 532 CLOSED

CB 542 CLOSED

CB 642 CLOSED

AND

CB 532 CLOSED

CB 542 CLOSED

CB 622 CLOSED

AND

CB 532 CLOSED

CB 622 CLOSED

CB 642 CLOSED

ANDCB 732 Fail

UNIT #1 TRIP

DCSPS EVE-3E

PhysicalTopology of

the 500kV Bus (From

KarnaughMap)

OR

AND

CB 532 CLOSED

CB 542 CLOSED

CB 632 CLOSED

AND

CB 532 CLOSED

CB 542 CLOSED

CB 622 CLOSED

AND

CB 542 CLOSED

CB 622 CLOSED

CB 632 CLOSED

ANDCB 742 Fail

UNIT #2 TRIP

DCSPS EVE-3H

PhysicalTopology of

the 500kV Bus (From

KarnaughMap)

DCPP_DCSPS 12-2005

Dpe4