05000461/LER-2006-004

PLANT OPERATING CONDITIONS PRIOR TO THE EVENT

Unit: 1� Event Date: 11/9/06� Event Time: 0644 Central Standard Time Mode: 1 (Power Operation)� Reactor Power: 95.5 percent

DESCRIPTION OF EVENT

On November 9, 2006, at 0644 hours0.00745 days <br />0.179 hours <br />0.00106 weeks <br />2.45042e-4 months <br />, with the unit at 95.5 percent power, operators in the Main Control Room (MCR) received an alarm [ALM] indicating the Division 3 shutdown service water system (SX) [BI] was not available. Operators also observed a status light [IL] for a loss of position indication for motor [MO]-operated valve [V] (MOV) 1SX014C, the plant service water system [KG] to Division 3 SX system header isolation valve, indicating that the MOV was not available.

At 0645 hours0.00747 days <br />0.179 hours <br />0.00107 weeks <br />2.454225e-4 months <br />, in response to the MCR indications, the Control Room Supervisor (CRS) dispatched a non-licensed operator (NLO) to investigate the circuit breaker for the 1SX014C valve.

The CRS also declared the Division 3 SX, high pressure core spray (HPCS) [BG], and Division 3 emergency diesel generator (DG) [EK] systems inoperable and unavailable since MOV 1SX014C is required to automatically close following a HPCS system initiation to isolate the non-safety loads from the safety loads in Division 3 during a loss of offsite power event. Operators entered the applicable Technical Specification action requirements including verifying within one hour that the reactor core isolation cooling system [BN] was operable.

At 0646 hours0.00748 days <br />0.179 hours <br />0.00107 weeks <br />2.45803e-4 months <br />, operators directed Electrical Maintenance to investigate the breaker. At 0650 hours0.00752 days <br />0.181 hours <br />0.00107 weeks <br />2.47325e-4 months <br />, the NLO reported to the MCR that the circuit breaker [52] hand switch [HS] was in the "off' position. At 0738 hours0.00854 days <br />0.205 hours <br />0.00122 weeks <br />2.80809e-4 months <br />, Maintenance reported to the MCR that the circuit breaker for the MOV had not tripped, but was turned off via the breaker hand switch [HS] moving to the "off' position.

No abnormal or unusual indications were noted in the circuit breaker cubicle. The valve was verified to be in the "open" position.

At 0742 hours0.00859 days <br />0.206 hours <br />0.00123 weeks <br />2.82331e-4 months <br />, operators closed the circuit breaker without resetting the breaker logic and the indication for MOV 1SX014C returned to normal in the MCR, and the SX system unavailable alarm cleared. The circuit breaker remained in the "closed" position and operators declared the HPCS, Division 3 SX and Division 3 DG systems available.

At 0810 hours0.00938 days <br />0.225 hours <br />0.00134 weeks <br />3.08205e-4 months <br />, Operations initiated a prompt investigation for this event and Plant Security performed a computer search, identifying that a security officer was in the area of the circuit breaker at the time of the MCR alarm.

At 1047 hours0.0121 days <br />0.291 hours <br />0.00173 weeks <br />3.983835e-4 months <br />, operators completed Division 3 SX pump testing and verified the capability of MOV 1SX014C to stroke closed normally.

At 1142 hours0.0132 days <br />0.317 hours <br />0.00189 weeks <br />4.34531e-4 months <br />, based on reviews of the circuit breaker condition, an engineering evaluation, stroking of the MOV, and identification of no discrepant circuit breaker condition, operators concluded that Division 3 SX, Division 3 DG, and HPCS systems were operable effective at 0742 hours0.00859 days <br />0.206 hours <br />0.00123 weeks <br />2.82331e-4 months <br /> when MOV 1SX014C was reenergized. Further, the Division 3 DG and HPCS systems were inoperable but available during this event from 0644 hours0.00745 days <br />0.179 hours <br />0.00106 weeks <br />2.45042e-4 months <br /> to 0742 hours0.00859 days <br />0.206 hours <br />0.00123 weeks <br />2.82331e-4 months <br />. The Division 3 SX system was inoperable and unavailable from 0644 hours0.00745 days <br />0.179 hours <br />0.00106 weeks <br />2.45042e-4 months <br /> to 0742 hours0.00859 days <br />0.206 hours <br />0.00123 weeks <br />2.82331e-4 months <br />.

Issue Report 555579 was initiated to perform a root cause evaluation of this event and identify corrective actions.

The investigation of this event identified that a security officer on shiftly security rounds bumped the circuit breaker hand switch for the 1SX014C MOV, moving it to the "off" position. The security officer was carrying a protective mask in a large bag attached to the officer's thigh. When the officer passed the circuit breaker panel, the bag contacted the breaker hand switch and actuated it.

The officer was unaware that the bag had contacted the breaker.

No other inoperable equipment or components directly affected this event.

This event is reportable under the provisions of 10 CFR 50.73(a)(2)(v)(D) as a condition that could have prevented the fulfillment of the safety function needed to mitigate the consequences of an accident.

CAUSE OF EVENT

The root cause of the event was Security Management failed to adequately assess the inadvertent contact configuration control risk when the requirement to carry the protective mask in a bag attached to the thigh was implemented in 2005.

A contributing cause for this event was Plant Operations failed to communicate adequate information and expectations to the Plant Organization regarding configuration control inadvertent contact events and the level of detail needed to identify and mitigate these hazards.

SAFETY ANALYSIS

This event had minimal safety significance. From 0644 hours0.00745 days <br />0.179 hours <br />0.00106 weeks <br />2.45042e-4 months <br /> to 0742 hours0.00859 days <br />0.206 hours <br />0.00123 weeks <br />2.82331e-4 months <br /> during this event, the Division 3 DG and HPCS systems were inoperable, because the Division 3 SX system was not capable of providing essential service water to these systems; however, Division 3 DG and HPCS systems were available because the non-safety plant service water system was available to provide cooling water to these systems. The Division 3 SX system was inoperable and unavailable from 0644 hours0.00745 days <br />0.179 hours <br />0.00106 weeks <br />2.45042e-4 months <br /> to 0742 hours0.00859 days <br />0.206 hours <br />0.00123 weeks <br />2.82331e-4 months <br /> because the system was not capable of providing essential service water to the Division 3 DG and HPCS systems during that period as a result of the loss of power to MOV 1SX014C.

During this event, no loss of offsite power occurred and the non-safety plant service water system was available to provide cooling water for the HPCS and Division 3 DG systems to allow them to perform their safety function. The HPCS system is a single train safety system; however, other I� /11/ MI I /11/1� I systems were available to help mitigate the consequences of an event requiring initiation of the high pressure Emergency Core Cooling System (ECCS) during the 58-minute period that the Division 3 SX system was inoperable and unavailable. The motor driven reactor feed pump, RCIC system, automatic depressurization system, and low pressure ECCSs (upon reaching the low pressure permissive) were available to mitigate the consequences of an event requiring initiation of the high pressure ECCS system.

This event report describes a safety system functional failure of the HPCS system.

CORRECTIVE ACTION

The area where the inadvertent contact with the circuit breaker occurred in the Division 3 SX Pump Room has been designated as an exclusion area, and passage by personnel is no longer allowed.

Security officers have been provided a different route to pass this equipment and this information was communicated to the officers.

Security Management and a Senior Reactor Operator performed a plant walk down of security officer tour paths to identify any safety-related equipment that is subject to inadvertent contact and identified additional inadvertent contact hazards that could affect safety-related equipment. The identified hazards have been captured in the corrective action program and will receive a disposition via that process.

Plant management walked down the entire plant for inadvertent contact hazards, and the hazards identified were captured in the corrective action program and will receive a disposition via that process.

Plant Operations will develop and implement a configuration control prevention program that emphasizes avoiding contact with components by recognizing the risk and obtaining an assessment and providing appropriate compensatory measures.

PREVIOUS OCCURRENCES

In 2004, a similar issue (not reportable) occurred when a security officer on rounds inadvertently snagged his belt on a disconnect switch for a 480-volt riser while passing it in a congested area, moving the switch to the "off" position. This issue was a configuration control event but had no other consequence. In response to this issue, Security walked down security plant tour routes and eliminated areas that had no valid need to be toured by Security and instructed patrols to stay on main travel paths when touring. Configuration control inadvertent contact hazards were not included in this walk down and the Screen House area where the SX circuit breaker event occurred was not toured because that area had pathways that were sufficient, based on equipment carried by patrols, to avoid inadvertent contact with panels. Additionally, the requirement for patrols to carry the mask attached to the thigh was not established until 2005, so the mask equipment was not a consideration at the time.

COMPONENT FAILURE DATA

None The following table identifies commitments made in this document. (Any other actions discussed in the submittal represent intended or planned actions. They are described to the NRC for the NRC's information and are not regulatory commitments.)

COMMITMENT TYPE

COMMITMENT ONE-TIME ACTION Programmatic (Yes/No)(Yes/No) This document has no regulatory commitments