05000323/LER-2013-001
Diablo Canyon Power Plant, Unit 2 | |
Event date: | |
---|---|
Report date: | |
Reporting criterion: | 10 CFR 50.73(a)(2)(i)(C), 50.54(x) TS Deviation 10 CFR 50.73(a)(2)(iv)(A), System Actuation |
Initial Reporting | |
ENS 48796 | 10 CFR 50.72(b)(3)(iv)(A), System Actuation |
3232013001R00 - NRC Website | |
I. Plant Conditions
At the time of the event The Diablo Canyon Power Plant (DCPP), Unit 1 was in Mode 1 at approximately 100 percent reactor [RCT] power with normal operating reactor coolant temperature and pressure, and Unit 2 was shutdown and defueled for the Unit 2 Refueling Outage Cycle 17.
II. Problem Description
A. Background
DCPP is equipped with a Class lE alternating current (acj electrical power distribution system [EB] that is divided into three load groups per unit. The power sources for this system consist of two physically-independent offsite sources and multiple onsite standby power sources (three emergency diesel generators (EDGs) [DG] per unit, with one EDG dedicated to each Class 1E load group). The Class lE electrical power distribution system has independent controls and protection. Offsite power consists of separate switchyards [FK], transmission lines, and tie-lines to the plant. In the normal alignment, the power produced at DCPP is transmitted offsite via the 500 kilovolt (kV) system [EL] and is also fed to normal onsite loads via the auxiliary transformer [XFMR].
Backup power is available immediately from the 230kV system [EK] via the startup transformer and (for vital loads) from onsite EDGs if the 230kV source is not available. The ac electrical power sources provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to engineered safety systems so that the fuel, reactor coolant system [AB], and containment building [NH] design limits are not exceeded.
DCPP is also equipped with a 4kV electric power system that provides power for the operation and control of vital Class 1E [EB] loads and non-vital (Non-Class 1E) [EA] loads during all modes of plant operation. Vital buses [BU] F, G and H supply class 1E loads for each unit. Each 4kV vital bus can access power from the 500kV switchyard, the 230kV switchyard, the main generator [GEN], or an onsite EDG. During normal operation, the vital 4kV buses are supplied by the main generator through the auxiliary transformer. Upon loss of normal power to any of these 4kV buses, the corresponding EDG will automatically start and the normal feeder breaker [BKR] to the bus will open. The backup supply via the 230kV system will automatically align to supply power to the bus.
If the 230kV system is also unavailable, the bus will be aligned to the running EDG. The automatic transfer from the 500kV source to the 230kV can be manually prevented though use of the Transfer-to-Startup feature cutout (FCO) hand switch [HS]. When this switch is placed in the cutout position, no automatic transfer between these two sources occurs.
B. Event Description
On February 27, 2013, electrical maintenance discovered a failed potential fuse [FU] for Unit 2, 4kV vital Bus G. A troubleshooting work order was prepared for electrical maintenance to replace the fuse and determine the cause of the failure. This work required removal of a fuse block [FUB] in a circuit that senses bus undervoltage conditions. Fuse block removal initiates the undervoltage protective circuitry (even though no undervoltage condition actually exists). The work order prerequisites contained a step to ensure that the FCO switch was placed in the cutout position to prevent bus realignment. The work order also contained a step to place EDG 2-1 in manual to prevent the anticipated automatic start.
When the work order was performed, technicians failed to ensure that all the prerequisites were met. Technicians did not put the FCO switch in the cutout position, so when they pulled the fuse block on February 28, 2013, at 21:54 PST, the undervoltage protective circuitry functioned as designed. The normal feeder breaker (52HG13) to vital Bus G automatically opened, de-energizing the bus, and signals were sent to start EDG 2-1 and close the breaker (52HG14) for the backup power source. However, this breaker was tagged out and removed from service to allow maintenance on the startup bus (supplied by the 230kV switchyard), so it did not close. Since the EDG was in manual, it did not start when maintenance personnel removed the fuse block. This resulted in a complete loss of power to 4kV vital Bus G when the normal feeder breaker opened.
Generation of an actuation signal to start EDG 2-1 was a pre-planned maintenance activity. However, the activity did not anticipate an actual loss of power to Bus G. Therefore, the EDG start signal was a valid start signal that was not part of a pre-planned sequence during testing once Bus G deenergized. Accordingly, on March 1, 2013, at 01:00 PST, DCPP made an 8-hour nonemergency report (NRC Event Notification 48796) in accordance with 10 CFR 50.72(b)(3)(iv)(A).
C. Status of Inoperable Structure, Systems, or Components That Contributed to the Event Backup power supply (230kV switchyard) feeder breaker 52HG14 was racked out and cleared for maintenance activities.
EDG 2-1 was placed in manual in preparation for planned maintenance. The maintenance activity would generate an automatic start signal to EDG 2-1, so control for the diesel was taken to manual to prevent the automatic start.
D. Other Systems or Secondary Functions Affected
Component cooling water (CCW) [CC] and spent fuel pool (SFP) cooling [DA] redundancy was challenged on CCW pump was not available due to planned maintenance). However, functionality was not compromised on either system.
available pumps common to both units was lost. However, system functionality was not compromised.
E. Method of Discovery
Multiple annunciators [ANN] in the control room [NA] alarmed when Unit 2, 4kV vital Bus G de-energized, and operators were immediately aware of the condition.
F. Operator Actions
Upon loss of Unit 2, 4kV vital Bus G, operators entered Operating Procedure OP AP-27, "Loss of Vital 4kV and/or 480V Bus," and appropriately responded to plant conditions. In addition, operators on each unit entered applicable technical specifications, and subsequently took actions needed to restore CCW, DFO transfer pump 0-2, and the SFP pump to service. Power to 4kV vital Bus G was restored approximately 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> after it was lost.
G. Safety System Responses
All safety systems responded as expected, given existing plant conditions.
III. Cause of the Problem
DCPP's process for evaluating the risk of outage emergent work on outage protected equipment and the potential impacts to the operating unit is not formal and does not include prerequisites for adequate analysis, review, and approval prior to making a decision to perform emergent work on protected equipment. Additionally, maintenance leadership has not been proactive in its approach to preventing shortfalls in human performance standards and use, including the failures to consistently perform task previews and establish clear standards for work order use and adherence.
IV. Assessment of Safety Consequences
For Unit 1, an analysis of the loss of power to Unit 2, 4 kV vital Bus G estimated the change in core damage frequency to be 6.0E-07 per year. The associated incremental conditional core damage probability for a 6-hour exposure period is 4.11E-10. This indicates that the increase in risk to Unit 1 from the loss of power to Bus G was of very low safety significance. This is expected, given the high degree of defense-in-depth for the impacted systems. Unit 1 auxiliary salt water pumps were available, DFO pump 0-1 was available, and DFO pump 0-2 had an alternate power supply that was unaffected by the loss of power.
Unit 2 was shut down and defueled at the time of the event. SFP cooling was never lost, and the event duration was less than the 11.8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> needed for the SFP to reach 200 degrees on a complete loss of SFP cooling event.
Therefore, the increase in risk to Unit 2 by the loss of Bus G is concluded by DCPP to be of very low safety significance.
V. Corrective Actions
A. Immediate Corrective Actions
DCPP included an article in a site-wide email which reiterated key requirements for determining troubleshooting level requirements, assigning a troubleshooting team lead, and using the procedure to develop troubleshooting plans.
Operations issued a shift/standing order for shift managers and shift foremen to ensure risk management has been performed and a troubleshooting team lead has been assigned for troubleshooting activities that either have the potential to, or represent actual or high potential for adverse impact.
B. Other Corrective Actions
DCPP will use a multi-discipline team led by work management to revise and align select site procedures to include risk management in modes 5 and 6 and when defueled. These revisions will include administrative controls for performing work on protected equipment, and for entering a protected equipment area to perform nonintrusive work.
DCPP will also perform corrective actions to address human performance shortfalls to internalize the use of error prevention tools. These actions include the station director reinforcing expectations for the maintenance director and managers to be human performance leaders who model and reinforce all human performance tools. The maintenance director will lead departmental meetings focused on the individual implementation and ownership of human performance standards, and procedural compliance expectations for work order implementation.
VI. Additional information
A. Failed Components
All components functioned as designed.
B. Previous Similar Events
Two events of a similar nature have previously occurred at DCPP. LER 1-2011-004-00 provided information regarding maintenance activities that induced a loss of the startup power supply (230kV switchyard), which generated a valid actuation signal to start all Unit 1 EDGs.
power supply, which generated a valid actuation signal to start all Unit 1 EDGs.
C. Industry Reports
None.