BSEP-95-0269, Forwards Review of Preliminary Accident Sequence Precursor Analysis

From kanterella
Jump to navigation Jump to search
Forwards Review of Preliminary Accident Sequence Precursor Analysis
ML20085K904
Person / Time
Site: Brunswick  Duke Energy icon.png
Issue date: 06/21/1995
From: Lopriore R
CAROLINA POWER & LIGHT CO.
To:
NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM)
References
BSEP-95-0269, BSEP-95-269, NUDOCS 9506280166
Download: ML20085K904 (12)
v  d  e


Text

_-

t tPkL Carolina Power & Ught Company P.O. Box 10429 Sout!. port, NC 28401-0429 JUN 211995 SERIAL: BSEP 95-0269 U. S. Nuclear Regulatory Commission ATTENTION: Document Control Desk Washington, DC 20555 BRUNSWICK STEAM ELECTRIC PLANT, UNIT NOS,1 AND 2 DOCKET NOS. 50-325 AND 50-324 LICENSE NOS. DPR-71 AND DPR-62 REVIEW OF PRELIMINARY ACCIDENT SEQUENCE PRECURSOR ANALYSIS Gentlemen:

The purpose of this letter is to respond to the Nuclear Regulatory Commission (NRC) letter of May 16,1995 forwarding the preliminary Accident Sequence Precursor (ASP) analysis of a loss of offsite power event on May 21,1994 at the Brunswick Steam Electric Plant, Unit 2. The NRC letter provides a copy of the preliminary Accident Sequence Precursor (ASP) analysis of this operational event for Carolina Power & Light Company's (CP&L) review and comment. Carolina Power & Light Company's comments about this analysis are provided in Enclosure 1.

Please refer any questions regarding this submittal to Mr. George Honma at (910) 457-2741.

Sincerely, s v

\ d'G R. P. Loprio Manager- Regulatory Affairs Brunswick Nuclear Plant WRM/wrm Enclosures cc: Mr. S. D. Ebneter, Regional Administrator, Region 11 Mr. D. C. Trimble, NRR Project Manager - Brunswick Units 1 and 2 Mr. C. A. Patterson, NRC Senior Resident inspector- Brunswick Units 1 and 2 The Honorable H. Wells, Chairman - North Carolina Utilities Commission 270037 ,

9506280166 950621 ji PDR ADOCK 05000324 '

P PDR

ENCLOSURE 1 BRUNSWICK STEAM ELECTRIC PLANT, UNIT NOS.1 AND 2 DOCKET NOS. 50-325 AND 50-324 LICENSE NOS. DPR-71 AND DPR-62 REVIEW OF PRELIMINARY ACCIDENT SEQUENCE PRECURSOR ANALYSIS By letter dated May 16,1995, the Nuclear Regulatory Commission provided for review and comment a copy of the preliminary Accident Sequence Precursor (ASP) analysis of an operational event which occurred at the Brunswick Steam Electric Plant, Unit 2 on May 21,1994.

The NRC letter states that the purpose of the review process is to provide as realistic an analysis of the significance of the event as possible.

The guidance provided for licensee review of the preliminary ASP analysis stated that comments should address the following questions:

NRC Question 1:

Does the " Event Description" section accurately describe the event as it occurred?

CP&L Comment 1:

The " Event Description" provides an accurate description of event as it occurred.

NRC Ouestion 2:

Does the " Additional Event-Related information" section provide accurate additional information concerning the configuration of the plant and the operation of and procedures associated with relevant systems?

CP&L Comment 2:

The " Additional Event-Related Information" section does not include a discussion of the capability of the emergency bus configuration that provides for uninterrupted avail ability of one service water pump and two residual Iwat removal pumps on the unit experiencing the loss of off-site power (LOOP). Each of the four emergency buses (buses E1 and E2 for Unit 1 and buses E3 and E4 for Unit 2) is designed to power one RHR pump for each unit, and the five service water pumps are powered such that at least one is available from the opposite unit's emergency buses. Thus, the unit that loses off-site power has residual heat removal capability that is powered from a separate switchyard and is not dependent on the postulated loss of the unit's emergency buses.

The Event Tree in Figure A.1.3 does not account for this design feature. Accident sequences 49 and 71 in the preliminary analysis do not account for the availability of low pressure coolant injection and containment heat removal. Two stuck -open safety / relief valves are sufficient to depressurize the vessel to allow low pressure injection without fuel damage (reference the ,

Brunswick Individual Plant Examination ). Therefore, sequences 49 and 71 do not represent E1-1 l

l l

I

1

\

4 realistic accident sequences at Brunswick and should not contribute to a conditional core damage probability for the purpose of the preliminary ASP analysis .

NRC Question 3:

Does the "Modeling Assumptions" section accurately describe the modeling done for the event?

Is the modeling of the event appropriate for the events that occurred or that had the potential to occur under the event conditions? This also includes assumptions regarding the likelihood of equipment recovery.

CP&L Comment 3:

The treatment of long-term recovery of off-site power is not appropriate for the Brunswick event.

The event involved an interruption of off-site power to Unit 2, which was in a refueling outage.

Off-site power was always available during the event. The restoration of off-site power to the unit simply required a human action to align off-site power to the switchyard bus. As a result of the event, there were no accompanying degraded plant conditions, and there were no significant failures of safety equipment. One key modeling assumption, however, is not appropriate for this analysis: treatment of the recovery of off-site power.

Failure to recover off-site power is estimated in the preliminary ASP analysis on the basis of generic plant-centered loss of off-site power events. The off-site power recovery times from all types of plant-centered LOOP events are characterized in a probability curve in NUREG-1032,

" Evaluation of Station Blackout Accidents at Nuclear Power Plants" The failure probabilities for short- and long-term recovery of offsite power are derived from LOOP frequency and duration relationships which are developed in Appendix A of the report. In particular, plant-centered LOOPS (the Brunswick event is considered in this category) are described as follows:

Plant-centered failures typically involve hardware failures, design deficiencies, human errors (in maintenance and switching), localized weather-induced faults (lightning), or combinations of these failure types. Plant-centered failures can be recovered by switching or repairing faulted equipment at the site.

The analysis in NUREG-1032 captures all of the pertinent plant-centered LOOPS and their recovery times. Included in this sample are simple switching actions and more complex (and time consuming) tasks such as equipment replacement or repair for faults that were due to hardware failures or design deficiencies.

The Brunswick event involved a human error that was easily recovered. The event did not result in equipment failures and their associated repair times. There is no reason to believe that similar switching error events would lead to equipment damage. Recovery from the event required a system dispatcher, in communication with the unit control room operators, to operate control switches at the system energy control center to open or close switchyard circuit breakers.

Historical data shows that switching actions are very common occurrences and are easy to accomplish successfully.

The non-recovery probabilities for the Brunswick LOOP event should not be based on the f generalized category of plant-centered faults. Switching actions are simple, easily recoverable, and they do not cause or involve hardware failures or design deficiencies. Therefore, an appropriate non-recovery probability for this event should only reflect switching actions. It is reasonable to believe that a simple switching action would take place within a few minutes, as it E1-2

1 1

did in the Brunswick event. It is also reasonable to assume that such actions would be successful within one hour, contrary to the assumption in the pre::minary analysis.

1 in order to provide a more realistic estimate of switching error recovery probabilities, two analyses were performed (see Attachments 1 and 2). The first analysis uses historical data to evaluate recovery times. The second is a human reliability analysis which uses the THERP method for quantification, as outlined in NUREG/CR-1278. All events in the historical analysis were recovered within one hour, which allows sufficient time to prevent battery depletion and i thus prevent a severe core damaging event. Furthermore, the human reliability results indicate i that the estimated "non-recovery of off-site power" probability is at least an order of magnitude ;

lower than the value assumed in the preliminary ASP analysis when proper consideration is given to the type of recovery that is required. l CP&L maintains that for events that involve simple switching errors, off-site power recovery would be successful within a few minutes. Therefore, the core damage sequences involving long-term station blackout do not apply to this event.

i l

l 4

l l

E1-3 l

l ATTACHMENT 1 Historical Data Analysis The purpose of this analysis is to analyze actual recovery times for industry loss of off-site power (LOOP) events to understand the variations of recovery with time. NSAC-203, " Losses of Off-Site Power at U.S. Nuclear Power Plants Through 1993" contains a comprehensive accounting of LOOP events at all U.S. nuclear plants from 1980 through 1993. Each event in the report was reviewed to determine if off-site power was recovered solely by performing system switching actions. Those events that were caused by external factors, such as storms, grid losses, or component failures would not be recoverable solely by switching actions and were not counted.

Determinations were based on descriptions from NSAC-203 and are shown in Table 1.

Twenty-nine events were categorized in this manner. The recovery times ranged from 15 seconds to 45 minutes with a mean of about 13 minutes. No events were found to result in a long-term (several hours) failure to recover off-site power due to human error.

TABLE 1 Restoration Times for Restoring Offsite Power to Plant Loads by Switchyard Breaker Control Actions (Source: NSAC-203)

Plant Name Event Date LER # Restoration Time (sec)

Duane Arnold 7/14/84 84-028 24 Beaver Valley 1 10/12/93 93-013 600 Beaver Valley 2 10/12/93 93-013 90 Brunswick 1 4/26/83 83-023 1020 Brunswick 2 5/21/94 94-008 120 Connecticut Yankee 8/1/84 84-009 600 Crystal River 6/16/89 89-023 120 Crystal River 3/27/92 92-001 1200 Diablo Canyon 1 7/30/84 84-023 45 Fort Calhoun 2/26/90 90-006 840 Haddam Neck 8/1/84 84-009 600 Indian Point 2 12/12/85 N/A 1200 McGuire 1 8/21/84 N/A 1200 McGuire 1 2/11/91 91-001 2400 I

Millstone 1 11/21/85 N/A 330

}

Millstone 2 10/25/88 88-011 1140 -

I E1-4

TABLE 1 Restoration Times for Restoring Offsite Power to Plant Loads by Switchyard Breaker Control Actions (Source: NSAC-203)

Plant Name Event Date LER # Restoration Time (sec)

Monticello 6/4/84 84-021 120 Nina Mile Point 2 5/21/91 91-012 1800 Nine Mile Point 2 3/23/92 92-006 2160 Palo Verde 1 10/3/85 N/A 1440 Palo Verde 1 10/7/85 N/A 720 Pilgrim 5/19/93 93-010 2700 Point Beach 2 10/22/84 84-005 180 San Onofre 1 4/22/80 80-38 180 San Onofre 1 11/22/80 80-38 15 San Onofre 11/21/85 N/A 240 Susquehanna 2 7/26/84 N/A 660 Yankee Rowe 5/3/84 N/A 420 i

E1-5

i ATTACHMENT 2 Human Reliability Analysis A human reliability analysis was performed to demonstrate that the failure probability of the switching action to restore the switchyard breakers is extremely low. The analysis estimates the human error probability associated with failure to restore off-site power, given that the system dispatcher has made the original error of opening the wrong breaker. Recovery from this event invo!ves closing the breakers that were opened in error. This action restores off-site power to the unit. Typical for switching evolutions, a switching procedure was developed for the planned action, and communication between the system dispatcher at the energy control center and the Unit 2 control room was maintained throughout the evolution. Off-site power was being provided to Unit 2 from four lines through circuit breakers in the switchyard. The transmission crew is trained on the importance of maintaining off-site power to the nuclear units and understands how to recover from this event.

Analysis Detect. Diaanose. and Decide:

Feedback that an error has occurred will be swift and come from multiple sources. First, the individual who opened the wrong breakers may note the error. The other members of the system dispatcher crew may also detect the error. The Unit 2 control room will definitely note the error.

The control room will associate the LOOP with the evolution in progress and relay this to the system dispatcher. A diagnosis error is considered negligible for the above reasons.

Subtask Analysis:

Normally, errors of omission and errors of commission are considered in evaluating the probability of human error. In this case, an omission error seems unlikely because the nature of the original mistake immediately leads the individual to the proper corrective action; i.e., the corrective action consists of " undoing" the action that caused the event. However, to be conservative, an omission error was modeled, assuming the operator must remember his training rather than rely on a written recovery procedure. One commission error was modeled

- a selection error. While this seems unlikely, so does any other commission error (e.g.,

incorrect operation of the breaker).

For both the omission and commission errors, recovery is possible by others. Additionally, the control room will continue to direct that action be taken until off-site power has been restored.

E1-6 l

f. i.:

t- .

l 5

I J

.i 1

.q',

'I 1

~l 1

FIG U R E 1: H R A TR E E - Switchyard O perator-Falls to R ecover O ffsite P owe r - '!

Following Loss from Opening incorrect Breaker-i O E1 1

R1 CE1 R1 i

S pq S

F2 C success O = omission error C = commission error  ;

- failu re R = recovery '

S = success recovery F = failure i

l l

E1-7 1

1

, i 8

a HRA Tree: I l

The essential steps were modeled as nodes in an HRA tree and quantified using an abbreviated  ;

version of THERP (NUREG/CR-1278). Note that the control room recovery of the omission and l commission errors was not credited. The HRA tree is presented in Figure 1 and the nodes are  ;

summarized in Table 1.  !

- Quantification: .

The HRA tree for this operator action was quantified; refer to Table 2. To be conservative, a moderate stress level was assumed for these actions. The overall HEP for this was evolution .

determined to have a median value of 3.7E-3. Note that this value is considered conservative for reasons presented above.

The HRA tree was quantified by performing the following steps:

+

The median human error probability (HEP) for each node (from Table 1) was modified to account for dependency using formulae from Table 20-17 of NUREG/CR-1278.  ;

i

+

The mean HEP (and variance) for each node was determined, assuming a lognormal distribution and the given median and error factor.  ;

The mean failure probability for each failure path was calculated. i; The overall mean HEP for the tree was calculated.

F The last two steps presented above were accomplished using the algorithm presented in '

NUREG/CR-1278, Appendix A. The mean. HEP for the operator action is the sum of the mean failure probabilities of each failure path. The mean failure probability for each failure path is the product of the mean failure probabilities of the nodes along that path. For simplicity, the success nodes wete not taken into account in the quantification; this is conservative.

The results of this analysis are presented in the tables below:

l b

8 E1-8  ;

.. q,

~.

Table 1: Summary of HRA Tree Nodes," System Dispatcher Fails to Recover Off-site Power '

Following Loss from Opening incorrect Breaker" NUREG- NUREG STRESS NODE D

, NODE DESCRIPTION 1278 MEDIAN FACTOR MEDIAN E REMARKS TABLE (EF) (EF) P D1 Diagnosis of need to re-close Negligible breaker OE1 Dispatcher fails to recall one step 20-8(6a) .001(3) 2 .002(3) NA to re-close breaker Dispatcher selects incorrect CE1 20- .003(3) 2 .006(3) NA breaker to re-close 12(12) 1 R1 Other members of crew fail to 20-22(3) .05(5) 2 .1(5) MD Only one individual note errors of omission and credited with recovery. )

commission by individual l Table notes:

1. The "DEP" column represents " dependency" of the node on the preceding action in the HRA Tree. Dependencies: Zero (ZD),

Low (! D), Moderate (MD), High (HD), Complete (CD).

2. NUREGICi' 177r published error factors (EF) are used for single entries; Table 20-20 of the NUREG is used for EFs of nodes ths.t are combinad actions or multiplied by a stress factor.
3. Moderate stress (factor = 2) is used for the individual who made the error and for the other crew members.
4. Rt utilizes the NUREG/CR-1278 entry for"special short-term, one-of-a-kind checking with alerting factors." The alerting factors include the assumption of persistent control room feedback.

I E1-9

l 4 l

TABLE 2: HRA TREE QUANTIFICATION l l

I information Relative to Failure Path 1 Node S/F Dep Original Median Error Mean Variance Label Median w/ Dependency Factor OE1 F Z 2.00E-03 2.00E-03 3 2.50E-03 3 51 E-06 R1 F M 100E41 2.29E-01 5 3.69E-01 2.18E-01 Total For Path: 1 4.57E-04 7 9.22E-04 2.61 E-05 Information Relative to Failure Path 2 l

Node S/F Dep Onginal Median Error Mean Variance Label Median w/ Dependency Factor CE1 F Z 6 00E-03 6.00E-03 3 7.50E-03 3.16E-05 1

R1 F M 1.00E-01 2.29E-01 5 3.69E-01 2.18E-01 Total For Path: 2 1.37E-03 7 2.77E-03 2.35E-05 Parameters for Distnbution of Total Human Error Probability Node S/F Dep Original Median Error Mean Vanance  !

Label Median w' Dependency Factor Tree Total. 2.16E-03 5 3.69E-03 2.61 E-05 l

l l

l l

i l

l E1-10 i

ENCLOSURE 2 BRUNSWICK STEAM ELECTRIC PLANT, UNIT NOS.1 AND 2 DOCKET NOS. 50-325 AND 50-324 LICENSE NOS. DPR-71 AND DPR-62 REVIEW OF PRELIMINARY ACCIDENT SEQUENCE PRECURSOR ANALYSIS LIST OF REGULATORY COMMITMENTS The following table identifies those actions committed to by Carolina Power & Light Company in this document. Any other actions discussed in the submittal represent intended or planned

actions by Carolina Power & Light Company. They are described to the NRC for the NRC's information and are not regulatory commitments. Please notify the Manager-Regulatory Affairs at the Brunswick Nuclear Plant of any questions regarding this document or any associated regulatory commitments.

Committed Commitment date or*

outage

1. None E2-1

. . - - _ _ _ _ _

Retrieved from "https://kanterella.com/w/index.php?title=BSEP-95-0269,_Forwards_Review_of_Preliminary_Accident_Sequence_Precursor_Analysis&oldid=3499002"