System

Nuclear Reactor Protection System, continuing decomposition from session 201. At session start, 3 of 8 subsystems were decomposed (Reactor Trip, ESFAS, Nuclear Instrumentation) with 70 requirements and 18 interface connections. This session targeted the two highest-risk remaining subsystems: {{entity:Process Instrumentation Subsystem}} (the sensor front-end feeding safety signals to both trip and ESF logic) and {{entity:Post-Accident Monitoring Subsystem}} (Reg Guide 1.97 qualified indication for accident response). At session end, 5 of 8 subsystems are decomposed with 102 requirements, 36 entities, and 35 PART_OF relationships.

Decomposition

The {{entity:Process Instrumentation Subsystem}} was broken into 6 components reflecting the distinct measurement principles and signal paths in a real PWR protection system: {{entity:RTD Temperature Measurement Channel}} {{hex:54853051}}, {{entity:Pressure Transmitter Channel}} {{hex:54D57018}}, {{entity:Differential Pressure Flow Channel}} {{hex:54B53858}}, {{entity:Level Measurement Channel}} {{hex:54853050}}, {{entity:Process Signal Conditioning Module}} {{hex:54F57018}}, and {{entity:Containment Environment Monitor}} {{hex:54A53058}}. All five sensor channels feed into the signal conditioning module, which then connects to both the {{entity:Bistable Trip Processor}} and {{entity:ESF Coincidence Logic Processor}} in the downstream safety logic subsystems.

flowchart TB
  RTD["RTD Temperature Channel"]
  PT["Pressure Transmitter Channel"]
  DP["DP Flow Channel"]
  LV["Level Measurement Channel"]
  CM["Containment Environment Monitor"]
  SC["Signal Conditioning Module"]
  RTD -->|RTD resistance| SC
  PT -->|Pressure 4-20mA| SC
  DP -->|DP flow 4-20mA| SC
  LV -->|Level DP 4-20mA| SC
  CM -->|Containment signals| SC

The {{entity:Post-Accident Monitoring Subsystem}} was decomposed into 5 components matching the Reg Guide 1.97 Category 1 Type A and B variables: {{entity:Wide-Range Containment Pressure Monitor}} {{hex:D4853858}}, {{entity:Containment Hydrogen Monitor}} {{hex:54853058}}, {{entity:Core Exit Thermocouple Assembly}} {{hex:C6851058}}, {{entity:Reactor Vessel Level Indication System}} {{hex:54F57058}}, and {{entity:Qualified Safety Display Panel}} {{hex:D6CD5058}}. The display panel receives all four monitored parameters and is physically and electrically independent from the general plant Communication and Display Subsystem.

flowchart TB
  WR["Wide-Range Containment Pressure"]
  H2["Containment Hydrogen Monitor"]
  CE["Core Exit Thermocouple Assembly"]
  RV["Reactor Vessel Level (RVLIS)"]
  QD["Qualified Safety Display Panel"]
  WR -->|Pressure 0-200 psig| QD
  H2 -->|H2 concentration| QD
  CE -->|Core exit temps| QD
  RV -->|Vessel level| QD

Analysis

UHT classification reveals that the {{entity:RTD Temperature Measurement Channel}} {{hex:54853051}} and {{entity:Level Measurement Channel}} {{hex:54853050}} differ by only one trait bit — both are passive sensor channels measuring temperature-dependent physical quantities, but the RTD channel has the {{trait:Digital/Virtual}} trait set (reflecting its bridge excitation electronics) while the level channel does not. The {{entity:Process Signal Conditioning Module}} {{hex:54F57018}} shares its upper nibble pattern with the {{entity:Reactor Vessel Level Indication System}} {{hex:54F57058}} — both are signal processing subsystems that transform raw sensor inputs into calibrated outputs, despite operating in very different contexts (routine protection vs. post-accident monitoring).

Lint found one high-severity ontological mismatch: {{entity:Containment Environment Monitor}} lacks the Physical Object trait despite having environmental qualification requirements in {{sub:SUB-REQS-026}}. This is correct — the monitor is a distributed system of sensors at multiple containment elevations, not a single physical device. Acknowledged. The 28 items lacking “shall” are all architecture decisions and verification procedures, which are inherently non-prescriptive.

Requirements

Created 13 subsystem requirements ({{sub:SUB-REQS-021}} through {{sub:SUB-REQS-028}} for Process Instrumentation, {{sub:SUB-REQS-030}} through {{sub:SUB-REQS-034}} for PAMS), 8 interface requirements ({{ifc:IFC-DEFS-014}} through {{ifc:IFC-DEFS-021}}), 9 verification entries ({{sys:VER-METHODS-014}} through {{sys:VER-METHODS-022}}), and 2 architecture decisions. All subsystem requirements trace to system-level parents: PIS requirements derive from {{sys:SYS-REQS-001}} (trip timing), {{sys:SYS-REQS-003}} (channel independence), {{sys:SYS-REQS-005}} (ESF timing), {{sys:SYS-REQS-006}} (seismic), and {{sys:SYS-REQS-010}} (post-LOCA). PAMS requirements derive from {{sys:SYS-REQS-009}} (Reg Guide 1.97 indication) and {{sys:SYS-REQS-006}}. Every interface requirement has a corresponding verification entry with quantified pass/fail criteria.

Next

Three subsystems remain: Communication and Display, Class 1E Power Supply, and Test and Surveillance. Class 1E Power Supply should be next — it powers every safety subsystem and has implicit interfaces with all decomposed components but no explicit requirements yet. The Communication and Display Subsystem now has a CONNECTS fact from the PAMS Qualified Safety Display Panel that needs to be addressed when that subsystem is decomposed. After all 8 subsystems are complete, the system should transition to first-pass-complete for QC review.