On January 17, 2006, at about 1000 hours0.0116 days <br />0.278 hours <br />0.00165 weeks <br />3.805e-4 months <br />, with the plant operating at 84% power, an internal wiring jumper on a switch in the Remote Shutdown Panel ( RSP) was found to be installed incorrectly. The jumper was identified as a result 01 surveillance testing. The switch contact has the function of isolating control room circuitry from the RSP circuitry for the Reactor Core Isolation Cooling ( RCIC) turbine exhaust valve. Complete isolation of the control room circuitry for the RCIC valve would not have been established by transferring control switches to the emergency position. Although no actual fire occurred, thiS Was a violation of the fire protection program,-which Is a violation of the Operating License condition 2.C.6.
The cause of the event was determined to be a wiring drawing error during manufacture of the panel that resulted in the switch being incorrectly wired. The cause of the wiring error was determined to be a less than adequate vendor drawing review that failed to discover a drawing error on a wiring diagram and less than adequate testing.
A contrbuting cause was determined to be less than adequate understanding of fire protection related design functions and testing requirements of the RSP. Completed corrective actions were to rewire the switch correctly and to inform the manufacturer of the drawing and wiring error in the supplied RSP. Additional corrective actions will be to revise the necessary surveillances and the Updated Safety Analysis Report to clarify fire protection program testing requirements and to present lessons learned from this investigation to the Design Engineering Section.
This event is reportable as a violation of the Operating License, paragraph 2.C.6, Fire Protection. This event was determined to be of very low safety significance. |
LER-2006-001, Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation| Docket Number |
| Event date: |
|
|---|
| Report date: |
|
|---|
| 4402006001R00 - NRC Website |
|
INTRODUCTION
The Division 1 remote shutdown panel (RSP)[PL] is designed to control the required shutdown systems from outside the control room irrespective of shorts, opens, or grounds in the control circuit in the control room that may have resulted from an event or fire causing an evacuation of the control room. The functions needed for Division' 1 remote shutdown control are provided with manual transfer switches [HS] at the remote shutdown panel which override controls from the control room and transfer the controls to the Division 1 Remote Shutdown Panel (RSP) Redundant remote shutdown capability is provided using the Division 2 remote shutdown controls. These controls are designed to parallel the controls from the control room. An indicating panel for the Division 2 remote shutdown system is located in the Division 2 switchgear room. The Division 2 remote shutdown is controlled.by pull-to-lock-switches.[HS] mounted on the electrical switchgear.
Manual activation of safety relief valves [RV] and the initiation of the reactor core isolation cooling (RCIC)[BN] system will maintain reactor water inventory and bring the reactor to a hot shutdown condition after scram. In the case of the Division 2 remote shutdown system, credit is taken for automatic initiation of high pressure core spray HPCS [BG], thereby providing for RCIC system backup. During this phase of shutdown, the suppression pool will be cooled by operating the residual heat removal (RHR) [BO] system in the suppression pool cooling mode. Reactor pressure will be controlled and core decay and sensible heat rejected to the suppression pool by relieving steam pressure through the relief valves.
Operating procedures provide guidance to cool the reactor and reduce its pressure at a controlled rate until reactor pressure becomes so low that the RCIC system is unable to sustain operation. The RHR system will then be operated in the shutdown cooling mode using the RHR system heat exchanger to cool reactor water and bring the reactor to the cold low pressure condition.
EVENT DESCRIPTION
On January 17, 2006, at about 1000 hours0.0116 days <br />0.278 hours <br />0.00165 weeks <br />3.805e-4 months <br />, with the plant operating at 84% power, an internal wiring jumper on a switch in the Division 1 RSP was found to be installed incorrectly. The jumper was identified as a result of surveillance testing. The switch contact has the function of isolating control room circuitry from the RSP circuitry for the RCIC turbine exhaust valve M. Complete isolation of the control room circuitry for the RCIC valve would not have been established by transferring control switches to the emergency position. The RSP was pm-wired and supplied by a vendor.
--The DC powered motor operated control valve for the RCIC turbine exhaust to the suppression pool, is ----- normally open and must remain open to support RCIC operation for reactor inventory control. The existing configuration of the controls for the exhaust valve bypassed the control room isolation on the positive side of the "Open" control circuits for the valve. The control room isolation on the negative side of the "Open" logic and both sides of the "Close" logic was correctly wired and would have provided isolation. This configuration would expose the controls for the exhaust valve at the Division 1 RSP to the effects of fire induced faults on the "Open" logic circuits in the control room after the isolation is initiated. A hot short from an energized circuit in the control room of the correct polarity could open the fuses in the emergency (alternate) power supply for the exhaust valve.
The exhaust valve had the potential for spurious operation to the closed position caused by fire induced hot shorts prior to isolation from the control room. It would then be necessary to reopen this valve at the Division 1 RSP. However, the power supply for the valve could be made unavailable by fire induced hot short3 occurrir g in the control room. If the open fuses were replaced, the existing or new hot shorts in the control room could continue to interrupt the power. Power could not be reliably reestablished until the positive side of the "Open" control circuits in the control room is isolated. This would require a "repair" to the Division 1 RSP. The malfunctioning exhaust valve could also be corrected if the valve was manually opened using operatc r actions if this can be accomplished before unrestorable conditions occurred. However, these repairs and operator actions are not currently identified in the Fire Protection Safe Shutdown Analysis or associated operating procedures. Therefore, for this issue the plant does not comply with the Perry Plant Fire Protection Program. Although no actual fire occurred, this was determined to be a violation of the fire protection program, which is also a violation of the Operating License paragraph 2.C.6, Fire Protection.
Violation of the Operating License is reportable as a Licensee Event Report.
CAUSE. OF EVENT The wiring error in the RSP was determined to be the result of a drawing error in the original vendor supplied --drawinci.--The same vendor supplied the pre-wired RSP with the latent wiring error which went undetected until the surveillance instruction was performed on January 17, 2006.
The cause of the wiring error was determined to be a less than adequate vendor supplied drawing review that failed to discover a drawing error on a wiring diagram resulting in the RSP containing a wiring error.
An additional cause was determined to be less than adequate testing of design/licensing basis functions.
Functional testing was not thorough enough to discover incorrect wiring or failed contacts that could lead to loss of isolation functions.
A contributing cause was determined to be less than adequate understanding of fire protection related design functions and testing requirements of the RSP that resulted in inadequate testing being performed.
EVENT ANALYSIS
The consequence of a fire in the Emergency Closed Cooling System Panel in the control room is pos':ulated as the worst case to cause both RCIC and Low Pressure Core Spray (LPCS) to be unavailable. Per Off- Normal Instruction, Evacuation of the Control Room, if the Unit Supervisor deems it necessary to evacuate the Control Room, the operator at the controls will manually perform a reactor SCRAM. The operating staff will report to the RSP to control the cooldown of the plant. In accordance with Integrated Operating Instruct on, Shutdown from Outside the Control Room, the staff would use the system necessary to accomplish a controlled cooldown to cold shutdown. This would include, HPCS, RHR-A, RHR-B, RH R-C, relief valves, and others. Additionally, other sources of inventory (e.g., CST Pumps) are available in -, .accord. nce with Emergency Instructions, as well as other methods to remove heat from the containment building (i.e., sprays, venting).
Furthermore, other mitigating factors include, 1) a fire in the panel may be detected and extinguished prior to causing failure of the RCIC and LPCS systems, 2) the fire may be extinguished prior to requiring a reactor SCRAM and a Control Room evacuation, and 3) a hot short may or may not cause the RCIC exhaust valve to close.
As such, qualitatively, the defense in depth remain's to control the cooldown of the reactor given the condition failures associated with the described scenario. Therefore, using the Counting Rule Worksheet (reference Inspection Manual Chapter 0609 Appendix. A, Attachment. 1), the event is considered to have a very low safety significance.
CORRECTIVE ACTIONS
The mis-wired jumper in the RSP was corrected on January 17, 2006.
The investigation team contacted the vendor's Engineering Manager, and informed him of the drawing error and the wiring error in the vendor supplied RSP. The Engineering Manager responded that the vendor had opened a potential safety concern in their system (precursor to their 10CFR21 evaluation).
RSP surveillances will be revised to include testing to verify correct isolation and transfer functions of the ---NOrma iEmergency-SWitches'on'the'RSP to"ensUre- the circuits-meet the Unique testing requirements for -- double isolation of the Fire Protection Program.
The Updated Safety Analysis Report will be revised to clarify information for the RSP that was difficult to locate and information that conflicted with the Supplement to the Safety Evaluation Report (SSER).
Design Engineering Section (DES) personnel will review this event with respect to the deficiency of inadequate vendor drawing review and less than adequate understanding of the fire protection related design functions and testing requirements of the RSP. Also these two issues will be discussed at the DES Curriculum Review Committee to determine if additional training is warranted.
PREVIOUS SIMILAR EVENTS
A search of Licensee Event Reports and the corrective action program over the past 3 years from the PNPP found teat no similar events had been reported.
Energy Industry Identification System Codes are identified in the text as [XX].
|
|---|
|
|
| | | Reporting criterion |
|---|
| 05000305/LER-2006-010 | | | | 05000456/LER-2006-001 | Unit 1 Reactor Coolant System Pressure Boundary Leakage Due To Inter-Granular Stress Corrosion Cracking of a Pressurizer Heater Sleeve | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications
10 CFR 50.73(a)(2)(ii)(A), Seriously Degraded | | 05000454/LER-2006-001 | Technical Specification Required Action Completion Time Exceeded for Inoperable Containment Isolation Valves Due to Untimely Operability Determination | | | 05000423/LER-2006-001 | Loss Of Safety Function Of The Control Room Emergency Ventilation System | 10 CFR 50.73(a)(2)(v)(D), Loss of Safety Function - Mitigate the Consequences of an Accident | | 05000369/LER-2006-001 | Ice Condenser and Floor Cooling System Containment Isolation Valve inoperable longer than allowed by Technical Specification 3.6.3. | | | 05000353/LER-2006-001 | HPCI Ramp Generator Signal Converter Failure | 10 CFR 50.73(a)(2)(v)(D), Loss of Safety Function - Mitigate the Consequences of an Accident
10 CFR 50.73(a)(2)(v), Loss of Safety Function | | 05000352/LER-2006-001 | Loss Of One Offsite Circuit Due To Invalid Actuation Of Fire Suppression System | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000336/LER-2006-001 | | 10 CFR 50.73(a)(2)(v)(A), Loss of Safety Function - Shutdown the Reactor | | 05000316/LER-2006-001 | Failure to Comply with Technical Specification 3.6.2, Containment Air Locks | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000315/LER-2006-001 | Plant Shutdown Required by Technical Specification Action 3.6.5.B.1 | | | 05000293/LER-2006-001 | | 10 CFR 50.73(a)(2)(iv), System Actuation | | 05000289/LER-2006-001 | | | | 05000287/LER-2006-001 | Actuation of Emergency Generator due to Spurious Transformer Lockout | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000251/LER-2006-001 | Turkey Point Unit 4 05000251 1 OF 6 | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000247/LER-2006-001 | Manual Reactor Trip Due to Multiple Dropped Control Rods Caused by Loss of Control Rod Power Due to Personnel Error | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000440/LER-2006-001 | Incorrect Wiring in the Remote Shutdown Panel Results in a Fire Protection Program Violation | | | 05000413/LER-2006-001 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000368/LER-2006-001 | Completion of a Plant Shutdown Required by Technical Specifications Due to Loss of Motive Power to Certain Containment Isolation Valves as a Result of a Phase to Ground Short Circuit in a Motor Control Cubicle | 10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown | | 05000306/LER-2006-001 | | 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(A), Completion of TS Shutdown | | 05000298/LER-2006-001 | Cooper Nuclear Station 05000298 1 of 4 | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000286/LER-2006-001 | I | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000282/LER-2006-001 | | 10 CFR 50.73(a)(2)(iv)(A), System Actuation
10 CFR 50.73(a)(2)(v), Loss of Safety Function | | 05000266/LER-2006-001 | | 10 CFR 50.73(a)(2)(v), Loss of Safety Function | | 05000261/LER-2006-001 | Manual Reactor Trip Due to Failure of a Turbine Governor Valve Electro-Hydraulic Control Card | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000255/LER-2006-001 | | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition | | 05000461/LER-2006-002 | Turbine Bypass Function Lost Due to Circuit Card Maintenance Frequency | | | 05000458/LER-2006-002 | Loss of Safety Function of High Pressure Core Spray Due to Manual Deactivation | | | 05000456/LER-2006-002 | Units 1 and 2 Entry into Limiting Condition for Operation 3.0.3 due to Main Control Room Ventilation Envelope Low Pressure | | | 05000443/LER-2006-002 | Noncompliance with the Requirements of Technical Specification 6.8.1.2.a | | | 05000387/LER-2006-002 | DMissed Technical Specification surveillance requirement | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000362/LER-2006-002 | Unit 3 Shutdown to Inspect Safety Injection Tank Spiral Wound Gaskets | | | 05000336/LER-2006-002 | Manual Reactor Trip Due To Trip Of Both Feed Pumps Following A Loss Of Instrument Air | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000316/LER-2006-002 | | 10 CFR 50.73(a)(2)(vii), Common Cause Inoperability
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000315/LER-2006-002 | Failure to Comply with Technical Specification Requirement 3.6.13, Divider Barrier Integrity | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000293/LER-2006-002 | | | | 05000289/LER-2006-002 | | | | 05000251/LER-2006-002 | Intermediate Range High Flux Trip Setpoint Exceeded Technical Specification Allowable Value | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000440/LER-2006-002 | Scaffold Built in the Containment Pool Swell Region | 10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition | | 05000413/LER-2006-002 | Safe Shutdown Potentially Challenged by an External Flooding Event and Inadequate Design and Configuration Control | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000388/LER-2006-002 | Missed Technical Specification LCO 3.8.1 Entry for Unit 2 During Unit 1 ESS Bus Testing | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000348/LER-2006-002 | Main Steam Isolation Valve Failure to Close | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000305/LER-2006-002 | | 10 CFR 50.73(a)(2)(v)(C), Loss of Safety Function - Release of Radioactive Material
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000301/LER-2006-002 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000286/LER-2006-002 | 450 Broadway, GSB
P.O. Box 249
Buchanan, N.Y. 10511-0249Entergy Tel (914) 734-6700
Fred Dacimo
Site Vice President
Administration
September 13, 2006
Indian Point Unit No. 3
Docket No. 50-286
N L-06-084
Document Control Desk
U.S. Nuclear Regulatory Commission
Mail Stop O-P1-17
Washington, DC 20555-0001
Subject:L Licensee Event Report # 2006-002-00, "Manual Reactor Trip as a Result
of Arcing Under the Main Generator Between Scaffolding and Phase A&B
of the Isophase Bus Housing"
Dear Sir:
The attached Licensee Event Report (LER) 2006-002-00 is the follow-up written report
submitted in accordance with 10 CFR 50.73. This event is of the type defined in 10
CFR 50.73(a)(2)(iv)(A) for an event recorded in the Entergy corrective action process as
Condition Report CR-IP3-2006-02255.
There are no commitments contained in this letter. Should you or your staff have any
questions regarding this matter, please contact Mr. Patric W. Conroy, Manager,
Licensing, Indian Point Energy Center at (914) 734-6668.
Fred R. Dacimo
Site Vice President
Indian Point Energy Center
Docket No. 50-286
NL-06-084
Page 2 of 2
Attachment: LER-2006-002-00
CC:
Mr. Samuel J. Collins
Regional Administrator — Region I
U.S. Nuclear Regulatory Commission
U.S. Nuclear Regulatory Commission
Resident Inspector's Office
Resident Inspector Indian Point Unit 3
Mr. Paul Eddy
State of New York Public Service Commission
INPO Record Center
NRC FORM 366 U.S. NUCLEAR REGULATORY COMMISSION APPROVED BY OMB NO. 3150-0104 EXPIRES: 06/30/2007
(6-2004)
. Estimated burden per response to comply with this mandatory collection
request: 50 hours.DReported lessons learned are incorporated into the
licensing process and fed back to industry. Send comments regarding burden
estimate to the Records and FOIA/Privacy Service Branch (T-5 F52), U.S.
Nuclear Regulatory Commission, Washington, DC 20555-0001, or by internetLICENSEE EVENT REPORT (LER) e-mail to infocollects@nrc.gov, and to the Desk Officer, Office of Information
and Regulatory Affairs, NEOB-10202, (3150-0104), Office of Management and
Budget, Washington, DC 20503. If a means used to impose an information
collection does not display a currently valid OMB control number, the NRC
may not conduct or sponsor, and a person is not required to respond to, the
information collection.
■
1. FACILITY NAME 2. DOCKET NUMBER I 3. PAGE
INDIAN POINT 3 05000-286 1 OF 6
4.TITLE: Manual Reactor Trip as a Result of Arcing Under the Main Generator Between
Scaffolding and Phase A&B of the Iso-phase Bus Housing | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000282/LER-2006-002 | | 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000269/LER-2006-002 | High Energy Line Breaks Outside Licensing Basis May Result in Loss of Safety Function | | | 05000263/LER-2006-002 | | | | 05000255/LER-2006-002 | | 10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications | | 05000254/LER-2006-002 | Quad Cities Nuclear Power Station Unit 1 05000254 1 of 3 | 10 CFR 50.73(a)(2)(iv)(A), System Actuation | | 05000483/LER-2006-003 | Unexpected Inoperability of the Emergency Exhaust System due to Inoperable Pressure Boundary | 10 CFR 50.73(a)(2)(v)(C), Loss of Safety Function - Release of Radioactive Material
10 CFR 50.73(a)(2)(vii), Common Cause Inoperability
10 CFR 50.73(a)(2)(i)(B), Prohibited by Technical Specifications |
|