05000440/LER-2006-001, Re Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation

From kanterella
(Redirected from 05000440/LER-2006-001)
Jump to navigation Jump to search
Re Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation
ML060870398
Person / Time
Site: Perry FirstEnergy icon.png
Issue date: 03/19/2006
From: Pearce L
FirstEnergy Nuclear Operating Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
PY-CEI/NRR-2947L LER 06-001-00
Download: ML060870398 (5)
v  d  e


LER-2006-001, Re Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation
Event date:
Report date:
Reporting criterion: 10 CFR 50.73(a)(2)(i)
10 CFR 50.73(a)(2)(vii), Common Cause Inoperability
10 CFR 50.73(a)(2)(ii)
10 CFR 50.73(a)(2)(viii)(A)
10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition
10 CFR 50.73(a)(2)(viii)(B)
10 CFR 50.73(a)(2)(iii)
10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(v)(A), Loss of Safety Function - Shutdown the Reactor
10 CFR 50.73(a)(2)(v)(B), Loss of Safety Function - Remove Residual Heat
10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown
10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications
4402006001R00 - NRC Website
v  d  e

text

FENO C, Perry Nuclear PowerStation EF 10 Center Road FirstEnergy Nuclear Operating Company Ferry 44081 L. William Pearce 440-280-5382 Vice President FEX: 440-280-8029 March 19, 2006 PY-CEI/NRR-2947L United States Nuclear Regulatory Commission Document Control Desk Washington, D.C. 20555 Perry Nuclear Power Plant Docket No. 50-440 Licensee Event Report 2006-01 Lacies and Gentlemen:

Enclosed is Licensee Event Report (LER) 2006-01, Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation.

There are no regulatory commitments contained in this letter. Any actions discussed in this document that represent intended or planned actions, are described for the NRC's information, and are not regulatory commitments.

If you have questions or require additional information, please contact Mr. Jeffrey J. Lausberg, Manager - Regulatory Compliance, at (440) 280-5940.

- Very ly Enclosures: LER 2006-01 cc: NRC Project Manager NRC Resident Inspector,.

NRC Region IlIl

NRC FORM 3t;6 U.S. NUCLEAR REGULATORY COMMISSION APPROVED BY OMB NO. 3150-0104 EXPIRES 6/30/2007 (6-2004)

, the NRC ray not conduct or (See reverse for required number of sponsor, and a person is not required to respond to. the informEtion collection.

digits/characters for each block)

3. PAGE Perry Nuclear Power Plant 05000440 l

F1 OF 4

4. TITLE Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation
5. EVENT DATE
6. LER NUMBER
7. REPORT DATE
8. OTHER FACILITIES INVOLVED SEQUENTIAL REV FACILITY NAME 1OCKET NUMBER UAY YEAR MBER NO.

IOT DAY YEAR

[ 2006 2006 -

0 1 -

00 3

1 9 2006 FACILITY NAME 3OCKET NUMBER

9. OPERATING MODE
1. THIS REPORT IS SUBMITTED PURSUANTTO THE REQUIREMENTS OF 10 CFRI: (Checkalfhatapply)

El 20.2201(b) 0 20.2203(a)(3)(i) 0 50.73(a)(2)(i)(C) 0 50.73(a)(2)(vii) 1 0 20.2201(d)

[]

20.2203(a)(3)(ii)

E 50.73(a)(2)(ii)(a)

E 50.73(a)(2)(viii)(A)

_i20.2203(a)(1) 0 20.2203(a)(4)-

C 50.73(a)(2)(ii)(B)

El 50.73(a)(2)(viii)(B) a 20.2203(a)(2)(i)

El 50.36(c)(1)(i)(A) a 50.73(a)(2)(iii)

El 50.73(;a)(2)(ix)(A)

10. POWER LIEVEL E 20.2203(a)(2)(ii)

E 50.36(c)(1)(ii)(A) a 50.73(a)(2)(iv)(A)

El 50.73(;a)(2)(x)

Ea 20.2203(a)(2)(iii) a 50.36(c)(2)

El 50.73(a)(2)(v)(A)

Ea 73.71(;3)(4) 84%

D 20.2203(a)(2)(iv) a 50.46(a)(3)(ii) a 50.73(a)(2)(v)(B)

El 73.71(a)(5) 0 20.2203(a)(2)(v)

El 50.73(a)(2)(i)(A) a 50.73(a)(2)(v)(C)

Z OTHER Specify in Abstract below 0 20.2203(a)(2)(vi) 0 50.73(a)(2)(i)(B)

E 50.73(a)(2)(v)(D) orin NFC (if more space is required, use additional copies of NRC Forn 366A)

INTRODUCTION

The Division 1 remote shutdown panel (RSP)[PL] is designed to control the required shutdown systems from outside the control room irrespective of shorts, opens, or grounds in the control circuit in the control room that may have resulted from an event or fire causing an evacuation of the control room. The functions needed for Division I remote shutdown control are provided with manual transfer switches [HS] at the remote shutdown panel which override controls from the control room and transfer the controls to the Division 1 Remote Shutdown Panel (RSP)

Redundant remote shutdown capability is provided using the Division 2 remote shutdown controls. These controls are designed to parallel the controls from the control room. An indicating panel for the Division 2 remote shutdown system is located in the Division 2 switchgear room. The Division 2 remote shutdown is controlled by pull-to-lock-switches.HSI mounted on the electrical switchgear.

Manual activation of safety relief valves [RV] and the initiation of the reactor core isolation cooling (RC:IC)[BN]

system will maintain reactor water inventory and bring the reactor to a hot shutdown condition after scram. In the cas e of the Division 2 remote shutdown system, credit is taken for automatic initiation of high pressure core spray HPCS [BG], thereby providing for RCIC system backup. During this phase of shutdown, the suppression pool will be cooled by operating the residual heat removal (RHR) [BO] system in the suppression pool cooling mode. Reactor pressure will be controlled and core decay and sensible heat rejected to the suppression pool by relieving steam pressure through the relief valves.

Operating procedures provide guidance to cool the reactor and reduce its pressure at a controlled rate until reactor pressure becomes so low that the RCIC system is unable to sustain operation. The RHR system will then be operated in the shutdown cooling mode using the RHR system heat exchanger to cool reactor water and bring the reactor to the cold low pressure condition.

EVENT DESCRIPTION

On January 17, 2006, at about 1000 hours0.0116 days <br />0.278 hours <br />0.00165 weeks <br />3.805e-4 months <br />, with the plant operating at 84% power, an internal wiring jumper on a switch in the Division 1 RSP was found to be installed incorrectly. The jumper was identified as a result of surveillance testing. The switch contact has the function of isolating control room circuitry from the RSP circuitry for the RCIC turbine exhaust valve M. Complete isolation of the control room circuitry for the RCIC valve would not have been established by transferring control switches to the emergency position. The RSP was pre-wired and supplied by a vendor.

--The DC powered motor operated control valve for the RCIC -turbine exhaust to the suppression pool, is a normally open and must remain open to support RCIC operation for reactor inventory control. The existing configuration of the controls for the exhaust valve bypassed the control room isolation on the positive side of the "Op an" control circuits for the valve. The control room isolation on the negative side of the 'Open" logic and both sides of the 'Close" logic was correctly wired and would have provided isolation. This conficuration would expose the controls for the exhaust valve at the Division 1 RSP to the effects of fire induced faults on the 'Open" logic circuits in the control room after the isolation is initiated. A hot short from an energized circuit in the control room of the correct polarity could open the fuses in the emergency (alternate) power supply for the exhaust valve.

The exhaust valve had the potential for spurious operation to the closed position caused by fire induced hot shorts prior to isolation from the control room. It would then be necessary to reopen this valve at the Division 1 RSP. However, the power supply for the valve could be made unavailable by fire induced hot shorts occurrirg in the control room. If the open fuses were replaced, the existing or new hot shorts in the control room could continue to interrupt the power. Power could not be reliably reestablished until the positive side of the "Open" control circuits in the control room is isolated. This would require a "repair" to the Division 1 (If more space is required, use additional copies of NRC Form 366A)

RSP. The malfunctioning exhaust valve could also be corrected if the valve was manually opened using operatcr actions if this can be accomplished before unrestorable conditions occurred. However, these3 repairs and operator actions are not currently identified in the Fire Protection Safe Shutdown Analysis or associated operating procedures. Therefore, for this issue the plant does not comply with the Perry Plant Fire Protection Program. Although no actual fire occurred, this was determined to be a violation of the fire protection program, which is also a violation of the Operating License paragraph 2.C.6, Fire Protection.

Violation of the Operating License is reportable as a Licensee Event Report.

CAUSE

OF EVENT The wiring error in the RSP was determined to be the result of a drawing error in the original vendor supplied

- drawing.--The same vendor supplied the pre-wired RSP with the latent wiring error which went undetected --

until the surveillance instruction was performed on January 17, 2006.

The cause of the wiring error was determined to be a less than adequate vendor supplied drawing review that failed to discover a drawing error on a wiring diagram resulting in the RSP containing a wiring error.

An additional cause was determined to be less than adequate testing of design/licensing basis functic'ns.

Functional testing was not thorough enough to discover incorrect wiring or failed contacts that could lead to loss of isolation functions.

A contributing cause was determined to be less than adequate understanding of fire protection related design functiors and testing requirements of the RSP that resulted in inadequate testing being performed.

EVENT ANALYSIS

The consequence of a fire in the Emergency Closed Cooling System Panel in the control room is pos:ulated as the worst case to cause both RCIC and Low Pressure Core Spray (LPCS) to be unavailable. Per Off-Normal Instruction, Evacuation of the Control Room, if the Unit Supervisor deems it necessary to evacuate the Cortrol Room, the operator at the controls will manually perform a reactor SCRAM. The operating staff will report to the RSP to control the cooldown of the plant. In accordance with Integrated Operating Instruct on, Shutdown from Outside the Control Room, the staff would use the system necessary to accomplish a controlled cooldown to cold shutdown. This would include, HPCS, RHR-A, RHR-B, RHR-C, relief velves, and others. Additionally, other sources of inventory (e.g., CST Pumps) are available in accord. nce with Emergency Instructions, as well as other methods to remove heat from the containment building (i.e., sprays, venting).

Furthermore, other mitigating factors include, 1) a fire in the panel may be detected and extinguished prior to causing failure of the RCIC and LPCS systems, 2) the fire may be extinguished prior to requiring a reactor SCRAM and a Control Room evacuation, and 3) a hot short may or may not cause the RCIC exhaust valve to close.

As such, qualitatively, the defense in depth remains to control the cooldown of the reactor given the condition failures associated with the described scenario. Therefore, using the Counting Rule Worksheet (reference Inspection Manual Chapter 0609 Appendix. A, Attachment. 1), the event is considered to have a very low

safety significance

NRC FORM 356A U.S. NUCLEAR REGULATORY COMMISSION (1.2001)

LICENSEE EVENT REPORT (LER)

1. FACILITY NAME
2. DOCKET
6. LER NUMBER
3. PAGE SEQUENTIAL REVISION Perry NucIE!ar Power Plant 05000440 YEAR NUMBER NUMBER CF 4 2006 01 00

_I DD-

- T'a fA eoin; A..

1.-

X ;:1^:

aAD a

u I7.

  • AKKA Ii t (It more space is requireu, use adowuonal copies Of MuTL Form 366OOA)

CORRECTIVE ACTIONS

The mi 3-wired jumper in the RSP was corrected on January 17, 2006.

The investigation team contacted the vendor's Engineering Manager, and informed him of the drawing error and the! wiring error in the vendor supplied RSP. The Engineering Manager responded that the vendor had opened a potential safety concern in their system (precursor to their 1 OCFR21 evaluation).

RSP surveillances will be revised to include testing to verify correct isolation and transfer functions of the Norma 1Em'rgencVy Witches'on the'RSP to'ensure' the' circuits-meet the unique testing requirements for double isolation of the Fire Protection Program.

The Updated Safety Analysis Report will be revised to clarify information for the RSP that was difficult to locate and information that conflicted with the Supplement to the Safety Evaluation Report (SSER).

Design Engineering Section (DES) personnel will review this event with respect to the deficiency of inadequate vendor drawing review and less than adequate understanding of the fire protection related design functions and testing requirements of the RSP. Also these two issues will be discussed at the DES Curriculum Review Committee to determine if additional training is warranted.

PREVIOUS SIMILAR EVENTS

A search of Licensee Event Reports and the corrective action program over the past 3 years from the PNPP found tiat no similar events had been reported.

Energy Industry Identification System Codes are identified in the text as [XX].

Retrieved from "https://kanterella.com/w/index.php?title=05000440/LER-2006-001,_Re_Incorrect_Wiring_in_the_Remote_Shutdown_Panel_Results_in_a_Fire_Protection_Program_Violation&oldid=5367488"