05000263/LER-2005-001, Re Single Failure Identified That Could Prevent Energizing Busses 15 and 16
| ML050940462 | |
| Person / Time | |
|---|---|
| Site: | Monticello  |
| Issue date: | 04/04/2005 |
| From: | Thomas J. Palmisano Nuclear Management Co |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| L-MT-05-027 LER 05-001-00 | |
| Download: ML050940462 (5) | |
| Event date: | |
|---|---|
| Report date: | |
| Reporting criterion: | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition 10 CFR 50.73(a)(2)(ix)(A) 10 CFR 50.73(a)(2)(iii) 10 CFR 50.73(a)(2)(x) 10 CFR 50.73(a)(2)(iv)(A), System Actuation 10 CFR 50.73(a)(2)(v)(A), Loss of Safety Function - Shutdown the Reactor 10 CFR 50.73(a)(2)(v)(B), Loss of Safety Function - Remove Residual Heat 10 CFR 50.73(a)(2)(v), Loss of Safety Function 10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications 10 CFR 50.73(a)(2)(vii), Common Cause Inoperability 10 CFR 50.73(a)(2)(i) 10 CFR 50.73(a)(2)(viii)(A) 10 CFR 50.73(a)(2)(ii)(A), Seriously Degraded 10 CFR 50.73(a)(2)(viii)(B) |
| 2632005001R00 - NRC Website | |
text
Monticello Nuclear Generating Plant Operated by Nuclear Management Company, LLC April 4, 2005 L-MT-05-027 10 CFR Part 50.73 US Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555 Monticello Nuclear Generating Plant Docket No. 50-263 License No. DPR-22 LER 2005-001, Single Failure Identified that could prevent energizing Busses 15 and 16 A Licensee Event Report for this occurrence is attached.
This letter makes no new commitments or changes any existing commitments.
Thomas J. Palmisano Site Vice President, Monticello Nuclear Generating Plant Nuclear Management Company, LLC Enclosure cc:
Administrator, Region III, USNRC Project Manager, Monticello, USNRC Resident Inspector, Monticello, USNRC 2807 West County Road 75
- Monticello, Minnesota 55362-9637 Telephone: 763-295-5151
- Fax: 763-295-1454
NRC FORM 366 U.S. NUCLEAR REGULATORY (6-2004)
COMMISSION LICENSEE EVENT REPORT (LER)
(See reverse for required number of digits/characters for each block)
APPROVED BY OMB NO. 3150-0104 EXPIRES 6-30-2007
, the NRC may not conduct or sponsor, and a person is not required to respond to, the information collection.
FACILITY NAME (1)
DOCKET NUMBER (2)
PAGE (3)
Monticello Nuclear Generating Plant 05000263 1 of 4 TITLE (4) Single Failure Identified that could prevent energizing Busses 15 and 16 EVENT DATE (5)
LER NUMBER (6)
REPORT DATE (7)
OTHER FACILITIES INVOLVED (8)
MO DAY YEAR YEAR SEQUENTIAL NUMBER REV NO MO DAY YEAR FACILITY NAME DOCKET NUMBER 05000 02 04 2005 2005
- - 001
- - 00 04 04 2005 FACILITY NAME DOCKET NUMBER 05000 OPERATING THIS REPORT IS SUBMITTED PURSUANT TO THE REQUIREMENTS OF 10 CFR §: (Check all that apply) (11)
MODE (9)
N 20.2201(b) 20.2203(a)(3)(ii)
X 50.73(a)(2)(ii)(B) 50.73(a)(2)(ix)(A)
POWER 20.2201(d) 20.2203(a)(4) 50.73(a)(2)(iii) 50.73(a)(2)(x)
LEVEL (10) 100 20.2203(a)(1) 50.36(c)(1)(i)(A) 50.73(a)(2)(iv)(A) 73.71(a)(4) 20.2203(a)(2)(i) 50.36(c)(1)(ii)(A)
X 50.73(a)(2)(v)(A) 73.71(a)(5) 20.2203(a)(2)(ii) 50.36(c)(2)
X 50.73(a)(2)(v)(B) 20.2203(a)(2)(iii) 50.46(a)(3)(ii)
X 50.73(a)(2)(v)(C) 20.2203(a)(2)(iv) 50.73(a)(2)(i)(A)
X 50.73(a)(2)(v)(D) 20.2203(a)(2)(v) 50.73(a)(2)(i)(B) 50.73(a)(2)(vii) 20.2203(a)(2)(vi) 50.73(a)(2)(i)(C) 50.73(a)(2)(viii)(A) 20.2203(a)(3)(i) 50.73(a)(2)(ii)(A) 50.73(a)(2)(viii)(B)
LICENSEE CONTACT FOR THIS LER (12)
NAME TELEPHONE NUMBER (Include Area Code)
Ron Baumer 763-295-1357 COMPLETE ONE LINE FOR EACH COMPONENT FAILURE DESCRIBED IN THIS REPORT (13)
CAUSE
SYSTEM COMPONENT MANU-FACTURER REPORTABLE TO EPIX
CAUSE
SYSTEM COMPONENT MANU-FACTURER REPORTABLE TO EPIX SUPPLEMENTAL REPORT EXPECTED (14)
MONTH DAY YEAR YES (If yes, complete EXPECTED SUBMISSION DATE).
X NO EXPECTED SUBMISSION DATE (15)
ABSTRACT On February 4, 2005, with the plant operating at 98% power in Run Mode, NMC staff reviewed an event at Crystal River (#41362) concerning single failure vulnerability between essential buses. NMC staff determined the single point vulnerability was applicable between the 4.16 kV vital bus circuit breakers 152-610 and 152-511 for the Monticello Nuclear Generating Plant (MNGP). Activation of supply circuits over current relays will initiate a respective bus (15/16) lockout. This single point vulnerability issue was reported under event notification#41374.
The apparent cause of the single point vulnerability issue was a failure to recognize an original plant construction design, which was noncompliant to 10CFR50 Appendix A General Design Criteria. A plant modification has been completed to remove the transformer 1AR relaying and metering vulnerability.
Further evaluation of the issue revealed previously undiscovered Appendix R non-compliance implications. The 1AR Auxiliary transformer source (breaker 152-610) to safeguards bus 16 includes current transformers that are used for over-current protection and ammeter indication on control room panel C-08. A postulated fire in the control room/cable spreading room could cause a hot short that has the potential to trip breaker 152-610 and cause a bus 16 lockout. A transfer to Alternate Shutdown System (ASDS) panel control will not override the bus 16 lockout. This subsequent issue was reported on February 23, 2005 under event notification#41436. The apparent cause of the Appendix R vulnerability is a failure to completely implement the original ASDS design recommended by General Electric Safe Shutdown Analysis reports (1982-1984). An Engineering Change Notice to the 1AR plant modification was completed to disconnect cable A610-C08/3 at bus 16 which eliminated the Appendix R concern.
OTHER Specify in Abstract below or in NRC Form 366A U.S. NUCLEAR REGULATORY COMMISSION (1-2001)
LICENSEE EVENT REPORT (LER)
FACILITY NAME (1)
DOCKET (2)
LER NUMBER (6)
PAGE (3)
YEAR SEQUENTIAL NUMBER REVISION NUMBER Monticello Nuclear Generating Plant 05000263 2005 001 00 2 of 4 TEXT (If more space is required, use additional copies of NRC Form 366A) (17) Description On February 4, 2005, with the plant operating at 98% power in Run Mode, NMC reviewed an event at Crystal River (#41362) concerning a single failure between essential buses. NMC determined the single point vulnerability was applicable between the 4.16 kV [EA] vital bus circuit breakers 152-610 and 152-511 for the Monticello Nuclear Generating Plant (MNGP). The 1AR transformer [XFMR] supply breaker [BKR] to Busses [BU] 15 and 16 are 152-511 and 152-610 respectively. The over current relays for these breakers share common circuitry between current transformers and other devices.
Activation of the over current relays [51] will initiate a respective bus (15/16) lockout. The single failure vulnerability that could cause false activation of the over current relays is a hot short. This single point vulnerability issue was reported under event notification#41374. Technical Specification (TS) 3.9.B.3 was entered for Emergency Diesel Generators (EDGs) [EK] inoperability since these were the most limiting components affected and an orderly shutdown was initiated. The 1AR transformer and its associated current transformer (CT) circuits were isolated by opening the respective breakers and opening knife switches [89] in the CT circuits thereby restoring operability to associated EDGs. This event was reported In accordance with 10 CFR 50.72 (b)(3)(v)(A, B, C, and D), Event or Condition that could have Prevented Fulfillment of a Safety Function, and 10 CFR 50.72 (b)(3)(ii)(B), Any Event or condition that resulted in the nuclear power plant being in an unanalyzed condition that significantly degraded plant safety. A plant modification has been completed to remove the 1AR relaying and metering vulnerability.
Further evaluation of the single point vulnerability issue revealed previously undiscovered 10 CFR 50 Appendix R non-compliance implications. The 1AR Auxiliary transformer source (breaker 152-610) to safeguards bus 16 includes current transformers that are used for over-current protection and ammeter [MTR] indication on control room panel C-08. A postulated fire in the control room/cable spreading room could cause a hot short of the ammeter circuit on the panel C-08. The hot short has the potential to trip breaker 152-610 and cause a bus 16 lockout. A transfer to the Alternate Shutdown System (ASDS) [JC] panel control will not override the bus 16 lockout. Therefore, the control room/cable spreading room fire along with the bus 16 lockout will prevent control of Division II equipment from the control room and ASDS panel. This subsequent issue was reported under event notification#41436 on February 23, 2005. On February 23, 2005, the ASDS Panel was declared inoperable and an unplanned Limiting Condition of Operation (LCO) entered per TS 3.13.A.2. Breaker 152-610 (1AR to bus 16) was racked out and knife switch two was opened removing the hot short potential from the ammeter circuit. The ASDS Panel was declared operable and the 7-day LCO was exited. An Engineering Change Notice (ECN) was completed to resolve the Appendix R vulnerability with the 4.16 kV AC current sensing and protective relaying circuitry for breaker 152-610 that could result in bus 16 lockout.
There were no equipment failure(s) associated with the single point vulnerability or ASDS circuit isolation issues.
Event Analysis
The first single failure design deficiency is a noncompliance with 10CFR50 Appendix A, General Design Criteria for Nuclear Power Plants. The subsequent issue constitutes a non-conformance to 10CFR50 Section III.G.3 Appendix R Safe Shutdown Analysis ASDS design requirements. U.S. NUCLEAR REGULATORY COMMISSION (1-2001)
LICENSEE EVENT REPORT (LER)
FACILITY NAME (1)
DOCKET (2)
LER NUMBER (6)
PAGE (3)
YEAR SEQUENTIAL NUMBER REVISION NUMBER Monticello Nuclear Generating Plant 05000263 2005 001 00 3 of 4 TEXT (If more space is required, use additional copies of NRC Form 366A) (17) In accordance with 10 CFR 50.72 (b)(3)(v)(A, B, C, and D), Event or Condition that could have Prevented Fulfillment of a Safety Function, and 10 CFR 50.72 (b)(3)(ii)(B), Any Event or condition that resulted in the nuclear power plant being in an unanalyzed condition that significantly degraded plant safety, an eight-hour event notification was made to the USNRC, due to the potential loss of the busses resulting in the potential loss of systems which are required to provide safety functions and due to placing the plant in an unanalyzed condition that could degrade plant safety. Per 10 CFR 50.73 (a)(2)(v)(A, B, C, and D) and 10 CFR 50.73 (a)(2)(ii)(B), a Licensee Event report is required for this event.
The event is classified as a safety system functional failure.
Safety Significance
The following is an assessment of safety significance analysis associated with single failure and fire vulnerabilities at the Monticello Nuclear Generating Plant.
At Monticello a cable traversing fire zones 14A (TB 931 - Div II 4kV area), 19A&B (TB 931E), and 17 (TB 941 cable way) can cause a lockout of emergency electrical busses 15 and 16, if a hot short occurs. In addition, a fire in the main control room (fire zone 8) or cable spreading room (fire zone 9) can also cause busses 15 and 16 to lockout.
Significance is assessed for fires that cause these bus lockouts through hot shorts in any of these fire zones. The assessment used an analysis model that included fires and credits Reactor Core Isolation Cooling (RCIC) [BN] manual operation, improved reliability of alternate injection valves, charging division II 250 VDC batteries [EJ] through jumpers from non-emergency diesel generator DG-13, and a fire truck supply to the fire protection system [KP] which can be used as an alternate injection source.
The station performed a risk model based on the issue and potential event. The scenarios for the model involved loss of containment heat removal and venting as well as sources that can provide makeup after containment failure. The most likely scenarios generated by the model involve a fire that causes a hot short in the turbine building and automatic transfer switch Y21 independently fails or transformer Y01 fails or EDG-11 fails and resulted in a change to core damage frequency (CDF) of 9.9 E-8 per year.
If a propagating fire occurs in the cable spreading room, with assumed loss of offsite power, a loss of power to High Pressure Core Injection [BJ], RCIC, and all Division I equipment is also assumed to occur. However, Division II Core Spray [BM], Residual Heat Removal (RHR) [BO], RHR Service Water [BI], Safety Relief Valves [RV], and the EDG & EDG-Essential Service Water [BI] will remain available.
If the lockout of busses 15 and16 occurs and remains locked long term, then the Division II equipment identified above is lost, but manual RCIC operation remains available, and depressurization is available (Division II 250V DC batteries are available and can be charged by the non-essential DG). Because depressurization is available, reliable makeup capability remains available from the diesel fire pump [P]
and fire pump truck(s).
Based on this information, the issue of single failure and fire vulnerability of redundant electrical safety buses has been determined to be low safety significance at Monticello. U.S. NUCLEAR REGULATORY COMMISSION (1-2001)
LICENSEE EVENT REPORT (LER)
FACILITY NAME (1)
DOCKET (2)
LER NUMBER (6)
PAGE (3)
YEAR SEQUENTIAL NUMBER REVISION NUMBER Monticello Nuclear Generating Plant 05000263 2005 001 00 4 of 4 TEXT (If more space is required, use additional copies of NRC Form 366A) (17)
Cause
The apparent cause of the single point vulnerability issue was a failure to recognize an original plant construction design, which was noncompliant to 10CFR50 Appendix A General Design Criteria.
The apparent cause of the Appendix R vulnerability is a failure to completely implement the original ASDS design recommended by General Electric Safe Shutdown Analysis reports (1982-1984). The original design recommendation would have isolated this cable.
Corrective Action
An immediate action to isolate the 1AR transformer was performed until the plant could perform a required modification.
A plant modification was completed to remove the 1AR relaying and metering vulnerability.
An Engineering Change Notice to the plant modification for the single point vulnerability was completed for the ASDS isolation issue by disconnecting cable (A610-C08/3) at bus 16.
An engineering review of the ASDS design will be performed to validate compliance with originally proposed General Electric design recommendation.
Failed Component Identification N/A
Previous Similar Events
A review of the Station Corrective Action Program identified one similar event, ASDS design deficiency results in vulnerability to a single hot short during control room / cable spreading room fire. This issue was identified during an engineering review performed in 2001, hot short vulnerabilities were discovered in the Alternate Shutdown System (ASDS) in the event of loss of offsite power. This condition was reportable and LER 2001-06 was submitted by MNGP. This was a missed opportunity by the station to identify the issue with ASDS during the extent of condition review for LER 2001-06. As a result, the station will perform a review of the ASDS system to ensure the system complies with the General Electric design recommendation.