Successful instrumentation & control upgrade at Loviisa

Mika Lehtonen and Yann Challamel look back on the ELSA modernisation project, which was implemented during annual outages from 2016 to 2018

Fortum’s Loviisa plant is located on the southern coast of Finland.

It has two Russian designed VVER-440 reactors, which have been in operation since 1977 and 1980, respectively.

While the major components of the plant are Russian, the I&C systems were mainly based on Siemens technologies (Simatic and Teleperm), for normal operation and safety related systems, and Russian technologies for reactor trip, rod control and neutron flux monitoring.

To maintain safe and reliable operation until the end of the operating licence and accommodate new safety recommendations, it was decided to carry out a modernisation project.

Project ELSA

The modernisation project named ELSA, was awarded to Rolls-Royce and kicked off on 14 October 2014 (‘name day’ for Elsa in Finland).

The objective of the project was to update the reactor protection, control and power limitation systems and accident management systems.

The new safety-classified systems delivered by Rolls-Royce are based on its Spinline digital safety platform. The Rolls-Royce scope also included a hardwired backup system for accident management, monitoring and normal control systems based on third party PLCs.

ELSA was a complex project with a challenging timeframe. The challenges included:

  • ensuring compatibility between the modernised systems and the old systems remaining in place: interfacing between these systems is a key success condition;
  • implementing the project in four years, from basic design and licensing to installation and commissioning;
  • ensuring modifications management: because the new systems use a different technology compared to the ones they replace (digital vs analogue), improvements are possible, while some existing applications cannot be replicated exactly identically;
  • putting in place of a strict interfacing policy to separate the systems of different categories, because the modernised systems belong to different safety classes.

The ELSA team

Instrumentation and controls (I&C) architecture

The list of functions to be implemented via the ELSA project was clear from the beginning, but the architecture design has been a long journey.

The conceptual design included drafting the list of systems and the preliminary interfaces between them. Two important questions were raised during the early design phases:

  • What level of diversity for the reactor trip system (RTS)?
  • Do we use the Rolls-Royce proprietary safety network widely or do we prefer the use of hardwired connections?

The advantages and drawbacks of all possible solutions were balanced during several brainstorming sessions, but we were able to arrive at these design principles:

  • A non-safety diverse automatic backup of RTS is enough if an SC (Safety Classification) 3 diverse manual backup is available. (Finland employs three Classfications, in descending order of stringency, SC2, SC3; and NS (Non Safety)). An SC3 automatic backup would have been better, but it would have required the licensing of another SC3 platform, most probably not software-free. The manual backup is sufficiently simple to be implemented in a simple hardwired platform, reducing the licensing risk compared with an additional software-based platform. The credibility of the manual backup of RTS is proven by accident analyses showing that the human operator has sufficient time to react for most likely accident cases, as well as RTS common cause failure (CCF). For unlikely cases where fast action is needed together with RTS CCF, NS classification is enough for the automatic backup.
  • Intensive cabling between channels has not been thought to be practicable for an existing plant, where cable trays and penetrations have not been designed for four-channel architecture. It was decided that the licensing effort required for a safety network was more reasonable than pulling several tens of kilometers of cables just for voting logic. The network is thus mainly used for communication between channels of the same system and between systems, making use of the characteristics of the Rolls-Royce NERVIA network, designed for nuclear applications.

In the beginning, there was no plan as to how to implement the functions on site, except that everything should be finished in 2018. The decision was made to implement the SC2 systems last, to allow enough time for the licensing and certification of the Spinline platform. And the starting point would be several SC3 functions to be implemented in 2016, within the PAIS (Preventative Actuation and Indication System), which includes renewal of the reactor boiling margin calculation system, and new preventative functions for both the primary and secondary sides. Starting with one system of a less stringent safety classification, provided a training opportunity for both the Rolls-Royce and Fortum teams, without taking excessive risks with such a tight schedule. The need for diversity together with the three phase approach resulted in the breakdown structure for the project shown in the block diagram above.

Licensing

It was clear at the start that the licensing would be a key success factor for the project.

Rolls-Royce has been guided by Fortum in gaining an understanding of the YVL guides (Finnish nuclear safety regulatory guides) and their underlying principles. One important point was to plan each design or validation step with clear documentation before doing anything, and to have it approved by the authority.

The innovative approach used in the ELSA project was to create packages of documents that were linked together and present a high-level view of each package to the nuclear regulatory authority at a dedicated meeting, before it received the individual documents for review. This helped the regulator to better understand what it was reviewing. All the ELSA documents were approved in time without impacting the project schedule.

Combining the package-based approach with high quality documentation made for a smooth licensing process throughout the project, something that can be hard to achieve in nuclear I&C projects.

Field engineering

For the entire project, around 300 installation plans have been written by Rolls-Royce and approved by Fortum, and then executed with Finnish installation company INSTA.

An installation plan is the result of a significant engineering effort to adapt the Rolls-Royce technology to existing plant constraints and customer requirements. This enabled the installation of more than 80 cabinets and the connection of thousands of new wires, together with the modification of tens of existing cabinets that accommodated the new connections and improvement in existing functions.

Thanks to the construction of new buildings close to the reactor building, it was possible to perform installation of cabinets and interconnection of them before outages, and precautions were taken to pull almost all cables during an operational period. The outage period was used to dismantle unneeded equipment, to make modifications in the control room, and to connect the new instrumentation & control to the existing I&C (including sensors); then all testing and commissioning activities were carried out, before start-up, which was always kept unimpacted by the I&C upgrade work.

Key success factors
The Rolls-Royce team receive the Fortum Supplier Award 2019

Several factors were considered to have been essential in achieving success:

  • A constant commitment to deliver on time at the right level of quality.
  • A “continuous improvement” way of working taking into account the lessons learnt from each phase as it was completed and reassessing the process/project organisation based on the findings.
  • A fine-tuned breakdown of tasks, a tailored schedule and excellent work by all stakeholders in-factory and on-site, which made it possible to complete all the tasks that could be anticipated before the outages.
  • A very collaborative mindset among all those mobilised on the project and a trust in our ability to work together, to think differently, and to better motivate the teams.