05000220/LER-2003-004, Regarding Unplanned Inoperability of Emergency Cooling System Caused by Inadequate Review of Clearance for Replacement of Instrumentation Relay
| ML040340344 | |
| Person / Time | |
|---|---|
| Site: | Nine Mile Point  |
| Issue date: | 01/22/2004 |
| From: | Hopkins L Constellation Energy Group |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| NMP1L 1810 LER 03-004-00 | |
| Download: ML040340344 (8) | |
| Event date: | |
|---|---|
| Report date: | |
| Reporting criterion: | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications 10 CFR 50.73(a)(2)(vii), Common Cause Inoperability 10 CFR 50.73(a)(2) 10 CFR 50.73(a)(2)(iii) 10 CFR 50.73(a)(2)(x) 10 CFR 50.73(a)(2)(v)(A), Loss of Safety Function - Shutdown the Reactor 10 CFR 50.73(a)(2)(v)(B), Loss of Safety Function - Remove Residual Heat 10 CFR 50.73(a)(2)(v), Loss of Safety Function 10 CFR 50.73(a)(2)(1) |
| 2202003004R00 - NRC Website | |
text
P.O. Box 63 Lycoming, New York 13093 I
Constellation Energy Group Nine Mile Point Nuclear Station January 22, 2004 NMP1L 1810 United States Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555
SUBJECT:
Nine Mile Point Unit 1 Docket No. 50-220; DPR-63 Licensee Event Report 03-004, "Unplanned Inoperability of Emergency Cooling System Caused by Inadequate Review of Clearance for Replacement of Instrumentation Relay" Gentlemen:
In accordance with 10 CFR 50.73(a)(2)(i)(B) and 10 CFR 50.73(a)(2)(vii), we are submitting Licensee Event Report 03-004, "Unplanned Inoperability of Emergency Cooling System Caused by Inadequate Review of Clearance for Replacement of Instrumentation Relay."
Very truly yours, Lawrence A. Hopkins Plant General Manager LAHICDM/bjh Attachment cc:
Mr. H. J. Miller, NRC Regional Administrator, Region I Mr. G. K. Hunegs, NRC Senior Resident Inspector
NRC FORM 366 U.S. NUCLEAR REGULATORY COMMISSION APPROVED BY OMB NO. 3150-0104 EXPIRES 7-31-2004 (1-20M)
Estimated burden per response to comply with this mandatory Information collection request:
50 hours5.787037e-4 days <br />0.0139 hours <br />8.267196e-5 weeks <br />1.9025e-5 months <br />. Reported lessons learned are Incorporated Into the licensing process and fed baci to Industry. Send comments regarding burden estimate to the Records Management Branch (1.
6 E6), US. Nuclear Regulatory Commission, Washington, DC 20555-0001. or by Intemet s-LICENSEE EVENT REPORT (LER) mail to bjsl@nrc.gov. and to the Desk Officer, Office of Information and Regulatory Affairs, NEOB-10202 (3150-0104), Office of Management and Budget, Washington, DC 20503. If a (means used to Impose Information collection does not display a currently valid OMB control (See reveuse for required number of number, the NRC may not conduct or sponsor, and a person Is not required to respond to. the dagitslcharacters for each block) formation collection.
FACILITY NAME (1)
DOCKET NUMBER (2)
PAGE (3)
Nine Mile Point, Unit 1 05000220 1
OF 7
TITLE (4)
Unplanned Inoperability of Emergency Cooling System Caused by Inadequate Review of Clearance for Replacement of Instrumentation Relay EVENT DATE (5)
LER NUMBER (6)
REPORT DATE (7)
OTHER FACILITIES INVOLVED (8)
MO DAY YEAR YEAR SEQUENTIAL REV MO DAY YEAR ACILITY NAME DOCKET NUMBER INUMBER NO
___l l_
05000 08 13 2003 2003 -
004 -
00 01 26 2004 ACILITY NAME DOCKET NUMBER 05000 OPERATING 1
THIS REPORT IS SUBMITED PURSUANT TO THE REQUIREMENTS OF 10 CFR 5: (Check all that appl)
(11)
MODE (9)
POWER 100 20.2201 (b) 20.2203(a)(3)0i) 50.73(a)(2)(iX(B) 50.73(a)(2)(bx)(A)
LEVEL (10) 1 20.2201(d) 20.2203(a)(4) 50.73(a)(2)(iii) 50.73(a)(2)(x)
N"> W-q2^jw r
^
2>~mes4.20.2203(a)(1) 5_
0.36(c)(1)(i)(A) 50.73(a)(2)(Iv)(A) 73.71 (a)(4)
_ 20.2203(a)(2)(i)
_ 50.36(c)(1)Oi)(A) 50.73(a)(2)(v)(A) 73.71 (a)(5)
° 20.2203(a)(2)(iio 50.36(c)(2) 50.73(a)(2)(v)(B)
_OTHER 20.2203(a)(2)(iii) 50.46(a)(3)01) 50.73(a)(2)(v)(C) 20.2203(a)(2)(Iv) 50.73(a)(2)(1)(A) 50.73(a)(2)(v)(D) 20.2203(a)(2)(v)
X_
07_
)())B 20.2203(a)(2)(vi) 50.73(a)(2)(1)(C) 50.73(aW2)(li) 12.23(a)(3)(0 07i)()I)A)5.3a LICENSEE CONTACT FOR THIS LER (12)
NAM TELEPHONE NUMBER Onclude Area Code)
M. Steven Leonard, General Supervisor Licensing 315-349-4039 COMPLETE ONE LINE FOR EACH COMPONENT FAILURE DESCRIBED IN THIS REPORT (13)
CAUSE
SYSTEM COMPONENT MANU.
REPORTABLE
CAUSE
SYSTEM COMPONENTU-REPORTABLE FACTURER ITO EP`Ds(l FACTURER TO EPDC SUPPLEMENTAL REPORT EXPECTED (14)
EXPECTED MONTH DAY YEAR SUBMISSION DATE (15) l 1ES (if yes, complete EXPECTED SUBMISSION DATE).
I X INO AlBSTRACT (Limit to 1400 spaces, I.e., approxrmately 15 single-spaced typewritten lines) (16)
On August 13, 2003, at approximately 0430 hours0.00498 days <br />0.119 hours <br />7.109788e-4 weeks <br />1.63615e-4 months <br /> with the plant operating at 100 percent power, fuses were pulled in accordance with Clearance N03-13-004 to support the replacement of Emergency Cooling (EC) system initiation logic time Jelay dropout (TDDO) relay 11 K62A. Removal of these fuses de-energized 125 VDC battery power to EC solenoid valves39-05G and 39-06G, which inhibited the capability of the solenoid valves to actuate (energize) to close their respective EC condensate return isolation valves in response to an EC system high steam flow isolation signal. On November 26, 2003, plant management determined that both EC systems (loops) had been inoperable on August 13, 2003 for a period of approximately one hour and eight minutes as a result of this event without having initiated a reactor shutdown within one hour as required by Technical Specification (TS) 3.1.3.e. Compliance with TS 3.1.3.e was restored when the clearance was removed at approximately 0538 hours0.00623 days <br />0.149 hours <br />8.895503e-4 weeks <br />2.04709e-4 months <br /> on August 13, 2003.
The cause of this event is inadequate performance of the plant and TS impact reviews for the clearance supporting the replacement of the EC system initiation logic TDDO relay. A contributing cause is inadequate corrective actions for a non-reportable similar previous event.
Corrective actions include removal of Clearance N03-13-003, a written briefing for Operations describing this event and the resolution, reinforcement of the proper attributes for performing clearance impact reviews, and written guidance and training for Operations personnel regarding the EC instrumentation logic and compliance with TS Table 3.6.2c.
NRC FORM 38s (1-2001)
Of more space Is required, use adctonal copies of NRC Fonm 366A) (17)
I. Description of Event
Introduction On August 13, 2003, at approximately 0430 hours0.00498 days <br />0.119 hours <br />7.109788e-4 weeks <br />1.63615e-4 months <br /> with the plant operating at 100 percent power, fuses F20, F21, F24, and F25 were pulled in accordance with Clearance N03-13-004 to support the replacement of Emergency Cooling (EC) system initiation logic time delay dropout (TDDO) relay 11 K62A under Work Order 02-04949-00.
Removal of these fuses de-energized 125 VDC Battery #11 power to EC solenoid valves39-05G and 39-06G. The clearance identified the plant impact to be the insertion of a half EC system initiation signal. The clearance did not address its effect on the EC isolation function.
EC System Description The EC system is a standby system for the removal of fission product decay heat without the loss of reactor water inventory following a reactor scram, when the main condenser Is not available as a heat sink or in the event of a loss of reactor feedwater. In addition, the EC system aids the Core Spray and Automatic Depressurization systems by providing core cooling following a loss-of-coolant accident (LOCA). The EC system consists of two independent systems (loops), and included in each loop are two emergency condensers, two motor-operated steam supply isolation valves, an air-operated condensate return Isolation valve, and a condensate return check valve. Note that, for clarity, the two independent EC systems will hereinafter be referred to as EC loops. In the standby condition, each loop's steam supply isolation valves are maintained open (to keep the condenser tubes flooded) and the condensate return isolation valve is maintained closed. The EC system operates by natural circulation and is automatically initiated on either a high reactor pressure or a low-low reactor water level signal from the Reactor Protection System (RPS). Redundant principal and confirmatory automatic initiation logics are provided to ensure EC initiation capability in the event of a control room fire. Full initiation of the EC system Is accomplished by opening the air-operated condensate return isolation valve in both EC loops. The automatic initiation function (i.e.,
the automatic opening of both EC condensate return isolation valves) uses a one-out-of-two taken twice logic, with either the principal or confirmatory logic being capable of performing the function independently.
Automatic isolation of the EC system occurs on a high steam flow signal from the RPS as sensed by the elbow flow meters and AP transmitters connected to each steam supply line. For a sensed high steam flow condition in a steam line, which would be indicative of an EC system line break, only the affected loop will isolate. Automatic isolation of an EC loop involves closure of both steam supply isolation valves (normally open) and the condensate return isolation valve (open for EC operation only) in the affected loop. The EC condensate return check valve in each EC loop, located inside the containment drywell in-series with the condensate return isolation valve (located outside the drywell), provides redundant isolation protection for the condensate return lines. Redundant principal and confirmatory high steam flow Isolation logics are provided to prevent an inadvertent EC system isolation due to hot shorts caused by a control room fire. Both the principal and confirmatory logics for the affected EC loop are required to actuate to initiate automatic closure of the associated steam supply and condensate return isolation valves.
The RPS consists of two independent logic channels, and within each logic channel there are two essentially identical subchannels. For the EC system initiation function, the logic channels for both the high reactor pressure and low-low reactor water level parameters are referred to as trip systems and the associated subchannels are referred to as instrument channels in TS Table 3.6.2c. For the EC high steam flow isolation function, each RPS logic channel provides isolation signals to each of the two trip systems in each EC loop referred to in TS Table 3.6.2c, and the RPS subchannels are the instrument channels referred to in TS Table 3.6.2c.
The RPS high steam flow isolation signals for the EC loops are initiated from four AP transmitters connected to the steam supply lines, with two transmitters (one from each RPS logic channel) connected to each EC loop steam supply line. Each AP transmitter provides the sensor inputs to its respective electronic trip unit and instrument NRC FORM 3WSA (1.2001)
(f more space Is required, use adddonal copies of NRC Forn 366A) (17)
I. Description of Event (Cont'd.)
channel. As indicated in TS Table 3.6.2c, the high steam flow isolation function has two trip systems per EC loop, with each trip system receiving inputs from both associated instrument channels arranged in a one-out-of-two logic configuration. The trip of either trip system will initiate an Isolation of the associated EC loop.
Component Information Each EC loop contains a normally closed condensate return isolation valve (Loop 11 valve 39-05; Loop 12 valve 39-06) that receives both RPS initiation and RPS isolation signals. Each air-operated condensate return isolation valve Is equipped with four solenoid valves installed in series to control the air supply to the air-operator (spring to open/air to close). Two of the solenoid valves are DC operated and two are AC operated. The two AC solenoid valves are normally de-energized to maintain the associated condensate return isolation valve closed. The AC solenoid valves allow each condensate return isolation valve to be operated from its respective remote shutdown panel. Energizing either of the two AC solenoid valves will open the associated condensate return isolation valve. The DC solenoid valves (Loop 11 solenoid valves39-05G and 39-05H; Loop 12 solenoid valves39-06G and 39-06H) are normally energized to maintain the associated condensate return isolation valve closed.
The RPS initiation logic must de-energize both DC solenoid valves to open the associated condensate return isolation valve, and thereby initiate the EC loop. TDDO auxiliary relays (principal logic relays: 11 K61, 11 K62, 12K61, and 12K62; confirmatory logic relays: IIK61A, 11K62A, 12K61A, and 12K62A) provide a twelve second time delay before de-energizing the DC solenoid valves to prevent unnecessary initiations of the EC system (i.e., the EC system is not needed during anticipated transients when the main condenser remains available for decay heat removal). For compliance with TS Table 3.6.2c, a trip system for the EC initiation function has been determined to be the arrangement of instrument channel trip signals and auxiliary equipment required to initiate the protective action of de-energizing one of the two DC solenoid valves for the condensate return isolation valve in both EC loops.
Each trip system receives inputs from its two associated Instrument channels, arranged in a one-out-of-two logic configuration. The actuation of both trip systems is required to Initiate a full EC system initiation (i.e., the opening of both condensate return isolation valves). Thus, the EC initiation function for both the high reactor pressure and low-low reactor water level parameters uses a one-out-of-two taken twice logic. TS Table 3.6.2c requires a minimum of two tripped or operable trip systems with two operable Instrument channels per operable trip system for operability of each parameter of the EC Initiation function.
Provided that both associated AC solenoid valves are de-energized, a condensate return isolation valve will close automatically when at least one of the two associated DC solenoid valves energize In response to a high steam flow isolation signal. For compliance with TS Table 3.6.2c, a trip system for the EC high steam flow isolation function, as it applies to closure of a condensate return isolation valve, has been determined to be the arrangement of Instrument channel trip signals and auxiliary equipment required to Initiate the protective action of energizing one of the two DC solenoid valves. Each trip system receives inputs from its two associated instrument channels (one from each RPS logic channel), arranged in a one-out-of-two logic configuration. For a given EC loop, the actuation of either trip system will initiate closure of the associated condensate return isolation valve. Thus, the EC high steam flow isolation function for each EC loop uses a one-out-of-two logic. For each of the two EC loops, TS Table 3.6.2c requires a minimum of two tripped or operable trip systems with two operable instrument channels per operable trip system for operability of the EC high steam flow isolation function.
Event Clearance N03-13-004 pulled fuses F20, F21, F24, and F25 for the replacement of EC initiation system (confirmatory) logic TDDO relay 11 K62A, which de-energized Battery #11 125 VDC power to DC solenoid valves39-05G and 39-06G. DC solenoid valve 39-05G is one of the two DC solenoid valves supplying the Loop 11 EC condensate return isolation valve (39-05) and DC solenoid valve 39-06G is one of the two DC solenoid valves NRC FORM 388A (1.2001)
(If more space Is required, use adclftonal copies of Pf more space Is required, use addional copies of (of more space Is required, use addifonal copies of NRC Forn 366A) (17) each EC loop was the insertion of a half EC system initiation signal. Therefore, although both EC loops were considered inoperable for one hour and eight minutes, there was no loss of either the EC initiation or the EC high steam flow isolation functions during this period. In addition, in the unlikely event that a condensate return isolation valve were to fail to close to isolate an EC system line break, single failure protection is provided by the in-series condensate return check valve that is designed to fulfill the isolation safety function.
A probabilistic risk assessment of this event concluded that the risk of either one or both EC loops failing to isolate is not risk-significant. Note that the EC condensate return isolation valves are normally closed when the EC system is in the normal standby condition. As such, automatic closure of a condensate return isolation valve on a high steam flow isolation signal would only be needed following an event when the EC system is required to operate (i.e., when the main condenser is not available or in the event of a loss of reactor feedwater) coincident with an EC system line break. For the event being reported, both EC loops were determined to be inoperable for a period of one hour and eight minutes. The probability of a LOCA occurring during this period coincident with the EC system being required and an EC system line break occurring is extremely low, such that the occurrence of the event during the short time period involved is not considered credible.
Based on the information presented above, the event did not pose a significant threat to the health and safety of plant personnel of the public.
IV. Corrective Actions
- 1. Clearance N03-13-003 was removed, which restored both EC loops to operable status, thereby restoring compliance with TS 3.1.3.e since the action statement no longer applied.
- 2. A written briefing was issued for Operations personnel describing the event and the resolution. This action was an interim preventive measure until the subsequent corrective actions, as described below, are completed.
- 3. Appropriate Operations personnel have had the proper attributes for performing clearance reviews reinforced with them.
- 4. A briefing is being provided to Operations Department personnel to clarify the EC system instrumentation initiation and isolation functional requirements and actions for inoperable trip system(s) and instrument channel(s). In addition, the provided information will be incorporated into the Unit 1 operator initial license and continuing training programs.
- 5. The EC operating procedure will be revised to include a precaution indicating that work on the initiation logic TDDO relays can affect both the EC system initiation and isolation logic circuits.
V. Additional Information
A.
Failed Components:
None B.
Previous similar events
No reportable previous similar events were identified. However, two DERs were initiated in 2001 identifying a concern that the requirements of TS Table 3.6.2c are confusing and may not properly consider the design of the EC system isolation logic. Based on the results of an evaluation, an LDCR was initiated to revise TS Table 3.6.2c and/or the associated TS Bases to clarify the minimum requirements and required actions associated with the instrumentation control logic for the EC initiation and isolation functions. However, no interim training/guidance was provided. The corrective actions associated with the two DERs have been determined to be inadequate, in that the corrective actions were a missed opportunity to avert the event described in this LER.
NRC FORM W66A (1-2001)
(f more space Is required, use addibonal copies of NRC Form 366A) (17)
IV. Additional Information (Cont'd.)
C.
Identification of components referred to in this Licensee Event Report:
Components IEEE 805 System ID IEEE 803A Function Emergency Cooling System BL N/A 125 VDC Battery EJ BTRY Solenoid Valve BL FSV Fuse BL FU Time Delay Dropout Relay JC RLY, 62 Reactor AC,AD RCT Isolation Valve BL ISV, 20 Main Condenser SG COND Reactor Feedwater SJ N/A Core Spray System BM N/A Automatic Depressurization System BM RV Emergency Condenser BL COND Reactor Protection System JC N/A Control Room NA N/A Containment Drywell NH N/A Flow Meter JC FE AP Transmitter JC PDT Channel JC CHA NRC FORM 38eA (1.2001)