CP-202300096, License Amendment Request (LAR) 23-002 Application Regarding GDC-5 Shared Systems Requirements

From kanterella
Jump to navigation Jump to search

License Amendment Request (LAR)23-002 Application Regarding GDC-5 Shared Systems Requirements
ML23110A156
Person / Time
Site: Comanche Peak  Luminant icon.png
Issue date: 04/20/2023
From: John Lloyd
Luminant, Vistra Operations Company
To:
Office of Nuclear Reactor Regulation, Document Control Desk
References
CP-202300096, TXX-23005
Download: ML23110A156 (1)
v  d  e


Text

a Luminant Jay Lloyd Senior Director, Engineering and Regulatory Affairs Comanche Peak Nuclear Power Plant (Vistra Operations Company LLC)

P.O. Box 1002 6322 North FM 56 Glen Rose, TX 76043 T 254.897.6113 CP-202300096 TXX-23005 April 20, 2023 U. S. Nuclear Regulatory Commission Ref 10 CFR 50.90 ATTN: Document Control Desk 10 CFR 50.91(b)

Washington, DC 20555-0001

Subject:

Comanche Peak Nuclear Power Plant Docket Nos. 50-445 and 50-446 License Amendment Request (LAR)23-002 Application Regarding GDC-5 Shared Systems Requirements

References:

1. NRC letter from Gregory Werner to Ken Peters dated November 1, 2022, "Comanche Peak Nuclear Power Plant, Units 1 and 2 Integrated Inspection Report 05000445/2022003 and Notice of Violation" (ADAMS Accession Number ML22299A056)
2. Luminant Letter from Steven K. Sewell to U.S. NRC dated December 1, 2022, "Comanche Peak Nuclear Power Plant (CPNPP) Docket No. 50-445 - Reply to a Notice of Violation" (ADAMS Accession Number ML22335A518)

Dear Sir or Madam:

Pursuant to 10 CFR 50.90, Vistra Operations Company LLC (Vistra OpCo) hereby requests an amendment to the Comanche Peak Nuclear Power Plant (CPNPP) Unit 1 Operating License (NPF-87) and CPNPP Unit 2 Operating License (NPF-89) permitting the sharing of systems powered by alternating current (AC) and direct current (DC) sources. This change request applies to both units.

CPNPP previously revised the station Final Safety Analysis Report (FSAR) to clarify the coordination of Class lE electrical power supplies shared between CPNPP Unit 1 and Unit 2. The FSAR change served to provide clarifying information of existing electrical configurations. In NRC Inspection Report 05000445/2022003 and 05000446/2022003 (Reference 1), the NRC determined that this FSAR change required prior NRC approval, specifically related to commitments associated with Regulatory Guide (RG) 1.81, "Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants,"

Revision 1 (January 1975). Therefore, Vistra OpCo is requesting NRC approval of the CPNPP design of specific safety-related unit-specific loads being supported by common panels with respect to compliance with 10 CFR 50, Appendix A, General Design Criterion (GDC) 5, "Sharing of structures, systems, and components." The CPNPP design represents a deviation from the guidance provided in RG 1.81, Revision 1.

This request fulfills, in part, Commitment No. 22-558339 (Reference 2) to submit a license amendment to address CPNPP's commitments to RG 1.81. There are no Technical Specification changes associated with this request.

TXX-23005 Page 2 of 3 The enclosure to this submittal provides a description and assessment of the proposed changes. to the Enclosure provides a markup of proposed changes to the FSAR. This is being provided for information purposes only.

Vistra OpCo has determined that there are no significant hazards considerations associated with the proposed amendment and that the amendment qualifies for a categorical exclusion from environmental review pursuant to the provisions of 10 CFR 51.22(c)(9).

Vistra OpCo requests that the amendment be reviewed as a normal license amendment request.

Approval of the proposed amendment is requested within one year of the NRC acceptance date. Once approved, the amendment shall be implemented within 90 days.

In accordance with 10 CFR 50.91(b), Vistra OpCo is providing the State of Texas with a copy of this proposed amendment.

There are no new regulatory commitments made in this submittal.

Should you have any questions, please contact Ryan Sexton at (254) 897-6267 or ryan.sexton@vistracorp.com.

I state under penalty of perjury that the foregoing is true and correct.

Executed on April 20, 2023.

Sincerely, Jay Lloyd (Apr 20, 2023 09:00 CDT)

Jay Lloyd

Enclosure:

Description and Assessment

Attachment:

1. FSAR Changes (markup) - For Information Only
2. Technical Specification Bases Changes (markup) - For Information Only

TXX-23005 Page 3 of 3 c (email) - Robert Lewis, Region IV [Robert.Lewis@nrc.gov]

Dennis Galvin, NRR [Dennis.Galvin@nrc.gov]

John Ellegood, Senior Resident Inspector, CPNPP [John.Ellegood@nrc.gov]

David Nani, Resident Inspector, CPNPP [David.Nani@nrc.gov]

Mr. Robert Free [robert.free@dshs.state.tx.us]

Environmental Monitoring & Emergency Response Manager Texas Department of State Health Services Mail Code 1986 P. O. Box 149347 Austin TX, 78714-9347

Enclosure to TXX-23005 DESCRIPTION AND ASSESSMENT

Enclosure to TXX-23005 Page 1 of 16 DESCRIPTION AND ASSESSMENT 1.0

SUMMARY

DESCRIPTION 2.0 DETAILED DESCRIPTION 2.1 Background Information 2.2 Existing Electrical Configuration of Applicable Common Loads 2.3 Comanche Peak Nuclear Compliance with RG 1.81, Regulatory Position C.2 2.4 Reason for Proposed Change 2.5 Description of Proposed Change

3.0 TECHNICAL EVALUATION

3.1 Summary of Shared Systems Electrical Design 3.2 Evaluation of Shared System Electrical Design Capability 3.3 Shared System Electrical Design Single Failure Considerations 3.4 Conclusions

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements 4.2 Precedent 4.3 No Significant Hazards Consideration Determination 4.4 Conclusions

5.0 ENVIRONMENTAL CONSIDERATION

S

6.0 REFERENCES

7.0 ATTACHMENT

1. FSAR Changes (markup) - For Information Only
2. Technical Specification Bases Changes (markup) - For Information Only

Enclosure to TXX-23005 Page 2 of 16 1.0

SUMMARY

DESCRIPTION Comanche Peak Nuclear Power Plant (CPNPP) previously revised the common Unit 1 and Unit 2 Final Safety Analysis Report (FSAR) to clarify the coordination of Class 1E electrical power supplies shared between the two units. The FSAR change served to provide clarifying information of existing electrical configurations. In NRC Inspection Report 05000445/2022003 and 05000446/2022003 (Reference 1), the NRC determined that this FSAR change required prior NRC approval, specifically related to commitments associated with Regulatory Guide (RG) 1.81, "Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants," Revision 1 (Reference 2). Therefore, Vistra Operations Company LLC (Vistra OpCo) is requesting NRC approval of the CPNPP design of specific safety-related unit-specific loads being supported by common panels with respect to compliance with 10 CFR 50, Appendix A, General Design Criterion (GDC) 5, "Sharing of structures, systems, and components" (Reference 3). The CPNPP design represents a deviation from the guidance provided in RG 1.81, Revision 1.

This request fulfills, in part, Commitment No. 22-558339 (Reference 4) to submit a license amendment to address CPNPPs commitments to RG 1.81. There are no Technical Specification changes associated with this request.

2.0 DETAILED DESCRIPTION 2.1 Background Information The CPNPP Unit 1 and Unit 2 design includes some common loads which can be powered from either unit, including receiving power from Class 1E vital AC and DC sources. GDC 5 (Reference 3) states:

Criterion 5 - Sharing of structures, systems, and components. Structures, systems, and components important to safety shall not be shared among nuclear power units unless it can be shown that such sharing will not significantly impair their ability to perform their safety functions, including, in the event of an accident in one unit, an orderly shutdown and cooldown of the remaining units.

Subsequently, the sharing of structures, systems, and components (SSCs) can be acceptable provided the fulfillment of associated safety functions is not significantly impaired (assuming an accident in one unit and a coincident orderly shutdown of the other).

The existence of CPNPP common AC loads was acknowledged during the initial licensing process as stated in Section 8.3.1, "AC Power System," of NUREG-0797 (Reference 5),

Supplement No. 22:

"Nuclear-safety-related loads common to both units are powered from Class 1E MCCs [motor control centers] and distribution panels which have supplies from each unit. Class 1E MCCs and distribution panels common to both units shall be aligned to be powered from Unit 1 only until Unit 2 design, installation, and testing are complete. These dual-unit supplies are interlocked to preclude supplying power to one MCC or distribution panel from both units simultaneously. Incoming feeders to train A MCCs or distribution panels common to both units are supplied only from train A power systems of both units (a similar arrangement exists for train B equipment and incoming feeders). This ensures the proper train separation between equipment common to both units."

Enclosure to TXX-23005 Page 3 of 16 This section of the supplement concluded that the design was in conformance with RG 1.81; however, this conclusion was in reference to the separation and independence of the two unit-specific vital AC electrical trains since at the time of Unit 1 licensing, it was not possible to credit any aspect of the Unit 2 design. Therefore, the supplement did not provide a statement regarding shared SSC conformance, or non-conformance, with RG 1.81 (Reference 2).

Regarding the sharing of vital DC electrical sources between the units, Section 8.3.2, "DC Power System," of NUREG-0797 (Reference 5), Supplement No. 22, stated (emphasis added):

"There are no bus ties or sharing of power supplies between redundant trains. Class 1E equipment associated with systems shared by both units receives power from panel boards having an incoming automatic transfer switch which can select power from either unit.

Transfer switch design is such that power cannot be supplied from both units simultaneously.

Train separation is maintained by supplying these shared panel boards from the same train of both units. Sharing of these power sources in this manner does not significantly impair the ability of these sources to perform their safety function and, as such, this arrangement is in accordance with GDC 5."

"On the basis of its review of the dc power system as described in the FSAR, the staff concludes that two fully redundant Class 1E dc systems are provided. The systems are testable, independent, and conform to the requirements of Regulatory Guides 1.6 and 1.32.

These systems meet the requirements of GDC 5, 17, and 13 and are, therefore, acceptable."

Finally, Section 8.4.5, "Nonsafety Loads on Emergency Sources," of NUREG-0797 (Reference 5), Supplement No. 22, stated:

"Regulatory practice for operating license applications permits the connection of nonsafety loads, in addition to the required safety loads, to Class IE (emergency) power sources if it can be shown that the connection of nonsafety loads will not result in degradation of the Class 1E system. The CPSES design provides for the connection of both safety and selected nonsafety loads to the Class 1E emergency buses of the ac and dc onsite emergency power systems. With this arrangement, electrical isolation is provided to preclude interaction between Class 1E and non-Class 1E circuits."

"On the basis of its review and evaluation of the information provided by the applicant, the staff concludes that the design provides mean's for electrically isolating nonsafety loads connected to Class 1E power sources in accordance with RG 1.75 and is, therefore, acceptable. Use of two circuit breakers, two fuses, or a breaker and a fuse, in series, both coordinated with an upstream breaker and other similar devices, meets the requirement of isolation devices per IEEE Standard 384-1974 and is, therefore, acceptable."

The aforementioned NRC inspection report and subsequent violation focused on conformance with RG 1.81. CPNPP is required to follow RG.1.81, Revision 1, Regulatory Positions C.1 and C.3.

RG 1.81, Regulatory Position C.1:

"DC systems in multi-unit nuclear power plants should not be shared."

Enclosure to TXX-23005 Page 4 of 16 The CPNPP construction permit application was submitted after June 1, 1973, so through reviewing NUREG-0797 and its supplements, it is clear that at the time of licensing RG 1.81, Regulatory Position C.3, was applicable to CPNPP:

"In the case of multi-unit nuclear power plants for which the construction permit application was made on or after June 1, 1973, each unit should have separate and independent onsite emergency and shutdown electric systems, both a.c. and d.c., capable of supplying minimum ESF [Engineered Safety Feature] loads and the loads required for attaining a safe and orderly cold shutdown of the unit, assuming a single failure and loss of offsite power."

In order to assist the NRC with the review and approval of this LAR, RG 1.81, Regulatory Position C.2, is discussed as it related to CPNPP (emphasis added):

"Multi-unit nuclear power plants now under construction or for which construction permit application was made before June 1, 1973, will be reviewed on an individual-case basis. For these plants, the design of shared onsite emergency and shutdown a.c. electric systems should satisfy the following:

a. The sharing of onsite a.c. electric systems should be limited to two units.
b. A single failure (a false or spurious accident signal at the system level in the non-accident unit should be considered as a single failure) should not preclude the capability to automatically supply minimum engineered safety feature (ESF) loads in any one unit and safely shut down the remaining unit, assuming a loss of the offsite power.
c. Onsite power capacity should be provided to energize sufficient Seismic Category I equipment to attain a safe and orderly cold shutdown of all units, assuming the loss of offsite power and the most severe (in terms of power drain) design basis event and a single failure in the onsite electric system.
d. The interaction between each unit's engineered safety feature electric circuits should be limited such that any allowable combination of maintenance and test operations in the units will not preclude the capability to automatically supply power to minimum ESF loads in any unit, assuming a loss of offsite power.
e. Coordination between the unit operators should not be necessary in order to meet Regulatory Positions 2.b and 2.c. Coordination required to meet Regulatory Position 2.d should be minimized.
f. Complete information regarding the status of the shared systems should be provided for each unit operator.
g. The design should conform to the recommendations contained in Regulatory Guides 1.6 (Safety Guide 6), 1.9 (Safety Guide 9), and 1.47."

RG 1.81, Regulatory Position C.2 could have been applicable to CPNPP on a case-by-case basis as CPNPP started its construction in December of 1974 (Reference 6), and the NRC performed an inspection on January 17, 1975, where one of the stated aims was to "Review construction progress" (Reference 7).

Enclosure to TXX-23005 Page 5 of 16 Regulatory guides are issued to describe and make available to the public methods acceptable to the NRC staff of implementing specific parts of the Commission's regulations, to delineate techniques used by the staff in evaluating specific problems or postulated accidents, or to provide guidance to applicants. Regulatory guides are not substitutes for regulations and compliance with regulatory guides is not required. Methods and solutions different from those set out in the guides are acceptable if a basis is provided for the findings requisite to the issuance or continuance of a permit or license by the Commission. RG 1.81 describes a method acceptable to the NRC staff for complying with the NRC's requirements with respect to the sharing of onsite emergency and shutdown electric systems for multi-unit nuclear power plants.

The following information is provided to illustrate conformance with GDC 5 (Reference 3) by justifying deviation from RG 1.81 (Reference 2), Regulatory Positions C.1 and C.3.

2.2 Existing Electrical Configuration of Applicable Common Loads Safety-related electrical 125 VDC power, including inverted 118 VAC power, for some common loads is provided through common buses which have the capability to be fed from either Unit 1 or Unit 2. This arrangement assures that the power to common loads will be available when either unit is available, thus meeting the availability requirements of the common system. The safety-related common systems are designed as redundant systems.

Common buses providing power to redundant Train A common system loads are fed from only Unit 1 and Unit 2 Train A sources. Similarly, common buses providing power to redundant Train B common system loads are fed from only Unit 1 and Unit 2 Train B sources. Thus, the redundancy of the common system is maintained consistent with the design of the Unit 1 and Unit 2 unit-specific redundant systems (trains).

All loads fed from safety-related common 125V DC and safety-related common 118 VAC buses are considered as load on both Unit 1 and Unit 2 power sources, e.g., inverters, batteries, battery chargers, 118 VAC / 125 VDC / 480 VAC / 6.9 KV buses, and the emergency diesel generators (EDGs). The onsite power sources of either unit have sufficient capacity and capability to adequately meet power requirements of the common bus loads, in addition to all the required unit specific loads.

The safety-related common 125V DC and safety-related common 118 VAC buses are designed such that on loss of a normal power source, the buses are automatically energized from the alternate source as described below.

For 125V DC common panels - On loss of offsite source and subsequent loss of battery charger output for the unit normally feeding the common panels, the panels will be automatically fed from the 125V DC battery of the unit which the panel was aligned. If the battery charger output is not restored prior to expiration of the battery duty cycle by restoration of offsite power or by EDG, then the common 125V DC panels shall be automatically transferred to the other unit before the end of the battery duty cycle.

For 118 VAC common panels - On loss of offsite source and subsequent loss of battery charger output for the unit normally feeding the common panels, the panels will be automatically fed from the 125V DC battery of the unit to which the panel was aligned. If the battery charger output is not restored prior to expiration of the battery duty cycle by restoration of offsite power or by EDG, then the common 118 VAC panels are manually transferred to the other unit within four hours (i.e., before the end of the battery duty cycle).

Enclosure to TXX-23005 Page 6 of 16 Some of the safety-related common 125V DC and safety-related common 118 VAC panels in addition to feeding common loads, also feed Unit 1 specific loads. The Unit 2 118 VAC loads, which were previously fed from the common distribution panels XEC1-1 and XEC2-1, were later reconnected to the Unit 2 distribution panels. Therefore, panels XEC1-1, and XEC2-1 feed only Unit 1 specific loads in addition to common loads. The CPNPP configuration is administratively controlled such that these Unit 1 specific loads are fed from a common panel (XEC1-1 or XEC2-1) with its power source aligned from Unit 1 in all modes (power may be aligned from the Unit 2 source when Unit 1 is defueled), this requirement is being added to both the CPNPP UFSAR and the CPNPP Technical Specification Bases (TSB).

For common Distribution Panels XED1-1 and XED2-1 (DC), which also only feed common and Unit 1 specific loads, Unit 1 is the normal source of power. Therefore, Unit 1 is the normal source of power for all common 125V DC and common 118 VAC panels. As described above, this does not affect the capability of any unit to feed these loads if power is lost.

For XED1-1 and XED2-1, the time in which a common panel feeding Unit 1 specific loads is aligned to a Unit 2 power source (such as in support of maintenance or testing) is administratively limited. The status of the safety-related common 125V DC and safety-related common 118 VAC buses, with power source connection to Unit 1 or Unit 2, is provided in the control room and is accessible by the unit operator of either unit. Therefore, the unit operator in each unit is aware of the status of the bus, specifically, the unit feeding the bus.

The Train A and Train B post-accident monitoring system hydrogen analyzers are common analyzers for both Units 1 and 2. The analyzers are powered from common 118 VAC distribution panels. The analyzers receive inputs from hydrogen detectors (sensors) located in the containment buildings of both Unit 1 and Unit 2. Although the hydrogen detectors (sensors) have unitized tag numbers, the output is analyzed by the common hydrogen analyzers.

Therefore, the detectors are also powered from common 125V DC distribution panels to assure and maintain compatibility of power supply for the detectors and the analyzers.

The sharing of the system is limited between two units only. Because redundancy for common systems is maintained consistent with that of unit-specific safety-related trains, a single failure at the system level will not preclude the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss of off-site power.

In summary, the CPNPP design assures that on loss of normal source, the common buses will automatically be powered from a qualified alternate source. Further information is available in FSAR Sections 8.3.1.1.3, 8.3.1.1.9, 8.3.1.1.13, 8.3.1.2.1, and 8.3.2.1.

2.3 Comanche Peak Nuclear Compliance with RG 1.81, Regulatory Position C.2 The following section describes how CPNPP complies with RG 1.81, Regulatory Position C.2.

Due to CPNPP beginning construction in December of 1974 (Reference 6), there is an allowance to gain approval for Regulatory Position C.2 on a case-by-case basis (Reference 2).

This section is being added to assist the NRC in the review and approval of this LAR.

Regulatory Position 2.a: The sharing of onsite a.c. electric systems should be limited to two units:

Enclosure to TXX-23005 Page 7 of 16 CPNNP sharing of onsite AC electric systems are limited to only Unit 1 and Unit 2.

Regulatory Position 2.b: A single failure (a false or spurious accident signal at the system level in the non-accident unit should be considered as a single failure) should not preclude the capability to automatically supply minimum engineered safety feature (ESF) loads in any one unit and safely shut down the remaining unit, assuming a loss of the offsite power:

Due to redundancy for common systems being maintained consistent with that of unit-specific safety-related trains, a single-failure at the system level will not preclude the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss of off-site power.

Regulatory Position 2.c: Onsite power capacity should be provided to energize sufficient Seismic Category I equipment to attain a safe and orderly cold shutdown of all units, assuming the loss of offsite power and the most severe (in terms of power drain) design basis event and a single failure in the onsite electric system:

On-site power capacity to energize sufficient seismic Category I equipment to attain a safe and orderly cold shutdown of both the units, assuming the loss of off-site power and most severe design basis event and a single failure in the on-site electrical system, is not compromised as a result of common buses because each unit system is designed to have sufficient capacity to feed common bus loads in addition to the unit's specific loads.

Regulatory Position 2.d: The interaction between each unit's engineered safety feature electric circuits should be limited such that any allowable combination of maintenance and test operations in the units will not preclude the capability to automatically supply power to minimum ESF loads in any unit, assuming a loss of offsite power:

For AC electric systems, CPNPP has established the following administrative procedural requirement for XEC1-1 and XEC2-1, which power some Unit 1 safety-related loads, that the power source shall be aligned to Unit 1 during Unit 1 Modes 1 through 6. The panels power source alignment to Unit 2 will only be allowed when Unit 1 is defueled. This requirement is being added to the CPNPP FSAR and the TSB, Attachment 1 and 2 respectively.

DC electric systems XED1-1 and XED2-1 feed both Unit 1 and common components.

Alignment to either unit provides an acceptable power source for Unit 1 components fed from the panels. An evaluation of being aligned from a Unit 2 power source coincident with a Unit 1 safety injection (SI) signal did not reveal any adverse impacts (i.e., no significant loss of safety function was identified). Evaluations confirmed that the power sources, from both units, feeding the common buses have sufficient capacity and capability to adequately feed all the common bus loads, as stated in the FSAR.

Regulatory Position 2.e: Coordination between the unit operators should not be necessary in order to meet Regulatory Positions 2.b and 2.c. Coordination required to meet Regulatory Position 2.d should be minimized:

As stated above, XEC1-1 and XEC2-1 cannot be aligned to Unit 2 while there is fuel in the Unit 1 reactor vessel; therefore, for AC electric systems, there is no possible interaction from Unit 2 operators.

Enclosure to TXX-23005 Page 8 of 16 For DC electric systems the evaluations confirmed that the power sources from both units, have sufficient capacity and capability to adequately feed all XED1-1 and XED2-1 common loads and unit specific loads as stated in the FSAR. Because redundancy for common systems is maintained consistent with that of unit-specific safety-related trains, a single failure at the system level will not preclude the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss of off-site power. Based on this, there is no need for coordination between unit operators for Regulatory Positions 2.b or 2.c, and minimal coordination would be needed for Regulatory Position 2.d.

Regulatory Position 2.f: Complete information regarding the status of the shared systems should be provided for each unit operator:

The status of the which unit power supply is aligned to shared loads is provided in the control room which is available to the unit operator of each unit.

Regulatory Position 2.g: The design should conform to the recommendations contained in Regulatory Guides 1.6 (Safety Guide 6), 1.9 (Safety Guide 9), and 1.47:

CPNPP design is in accordance with RG 1.6, RG 1.9, and RG 1.47. This is described in the sites FSAR and relevant pages are included in the markup of the FSAR (refer to Attachment 1 to this letter).

2.4 Reason for Proposed Change The proposed amendment is necessary to permit a deviation from the guidance of RG 1.81 (Reference 2), Regulatory Positions C.1 and C.3. As discussed, the CPNPP design includes common and Unit 1 specific loads that can be powered from either unit Class 1E vital electrical subsystems. The sharing of Class 1E vital electrical sources between units is not consistent with the guidance provided in Regulatory Positions C.1 and C.3.

2.5 Description of Proposed Change The proposed amendment would permit an update to the CPNPP FSAR, describing the acceptable configuration of the Class 1E vital electrical power supplies to common loads, where applicable, in relation to conformance with RG 1.81 (including discussion of deviations from the RG). The following excerpt of the applicable paragraph from UFSAR Section 8.3.1.2.1, Item 8, Compliance with NRC Regulatory Guide 1.8.1, describes the proposed change.

From:

The CPNPP design is in compliance with the provisions of Regulatory Guide 1.81 with an exception to Regulatory Position C1 as described below.

To:

The CPNPP design represents a deviation of Regulatory Guide 1.81, Regulatory Positions C.1 and C.3, as approved in Amendments [xxx] and [xxx] to the Unit 1 and

Enclosure to TXX-23005 Page 9 of 16 Unit 2 facility licenses, respectively (Reference 49). Regulatory Position C.1 states that DC systems in multi-unit nuclear power plants should not be shared. Regulatory Position C.3 states that each unit should have separate and independent onsite emergency and shutdown electric systems (i.e., vital power should not be shared between units). The CPNPP design includes some safety-related common loads, and some unit 1 specific loads fed from common panels which is a deviation from Regulatory Guide 1.81, Regulatory Positions C.1 and C.3. The acceptability of this design is described below and is in compliance with GDC 5 in that the sharing of these loads does not significantly impair the ability to perform the necessary safety functions, assuming an accident in one unit and an orderly shutdown and cooldown of the remaining unit.

A markup of the current FSAR illustrating the proposed change is included in Attachment 1 of this enclosure.

3.0 TECHNICAL EVALUATION

3.1 Summary of Shared Systems Electrical Design A summary of the CPNPP shared system electrical design is provided in Section 2.2 above.

The status of which unit power supply is aligned to shared loads is provided in the control room which is available to the unit operator of each unit. The design of the common 125 VDC and 118 VAC system panels conform to the requirements of RG 1.6, "Independence Between Redundant Standby (Onsite) Power Sources and Between their Distribution Systems" (Reference 8), RG 1.9, "Application and Testing of Safety-Related Diesel Generators in Nuclear Power Plants" (Reference 9), and RG 1.47, "Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems" (Reference 10), as can be seen in the Attachment 1 markup of the CPNPP FSAR.

3.2 Evaluation of Shared System Electrical Design Capability In 2019, a condition report (CR-2019-001711) was initiated to evaluate operability impacts of Unit 1 specific loads connected to common buses/panels when these loads were powered from Unit 2. Common loads (safety-related and non-safety-related) were subsequently evaluated with respect to potential adverse effects when powered from Unit 2, assuming a loss of the subject Unit 2 power source feeding the common buses/panels. The following provides a synopsis of the evaluations which identified potential adverse impacts (common loads or electrical components determined to be of no consequence are not discussed).

118 VAC instrument distribution panels XEC1-1 and XEC2-1 provide power to common and Unit 1 specific safety-related loads. Associated inverters feed supply power to these panels and are normally powered from the 1E DC switchboard battery charger and continue to be powered from the associated 125 VDC battery if AC power supply to the battery charger is lost. If battery charger power is not restored, Station procedures require these panels to be transferred to the other unit inverter within battery duty cycle of four hours. Evaluations have confirmed that the power sources, from both units, feeding the common buses have sufficient capacity and capability to adequately feed all the common bus loads, as stated in the FSAR.

The evaluations, however, noted some relays that would not function properly when these panels were powered from the Unit 2 source, following a loss of the Unit 2 power source with coincident Unit 1 safety injection (SI) signal. The failure of these relays to actuate would

Enclosure to TXX-23005 Page 10 of 16 prevent some automatic SI functions from occurring (such as some required load shedding, fan starts, valve re-positionings, etc.) following a Unit 1 SI signal. For conditions while in the alternate alignment (aligned to Unit 2 power), the safety functions will be maintained by the connected DC battery and will allow coping time for restoring battery charger power or manually aligning the 118 VAC instrument distribution panels to the normally connected unit. However, CNCPP conservatively revised procedures such that alignment of Unit 2 power to these panels would no longer be permitted during Unit 1 operation in Modes 1, 2, 3, 4, 5, or 6 (i.e., alignment to Unit 2 would be permitted only with Unit 1 defueled). This requirement is being added to the CPNPP FSAR and the TSB.

125 VDC distribution panels XED1-1 and XED2-1 are normally aligned to Unit 1 through automatic transfer switches XED1-1S and XED2-1S, respectively, and supply power to Unit 1 specific loads. An evaluation of being aligned from a Unit 2 power source coincident with a Unit 1 SI signal did not reveal any significant impacts (i.e., there would be no impact on an orderly and safe shutdown and cooldown of Unit 1). Evaluations confirmed that the power sources, from both units, feeding the common buses have sufficient capacity and capability to adequately feed all the common bus loads, as stated in the FSAR. Nevertheless, procedures maintain the panels normally powered from Unit 1 and limit the time power is supplied by Unit 2 by limiting the time of maintenance and testing activities.

As discussed previously, the FSAR states that following a loss of AC power, the common 125 VDC panels shall be automatically transferred to the opposite unit prior to end of the battery coping time. As is the case with the 118 VAC panels, this occurs within four hours of the loss of AC power. This statement has led to some confusion in that the "automatic" transfer is initiated by manually opening the source breaker to the panel to which it was aligned when the loss of AC power occurred, forcing an automatic transfer to opposite unit power. Four hours provides ample time for operator response, taking into consideration required response to a loss of AC power with potential coincident design basis accident and the human factors elements associated with the actions necessary for event recovery. The FSAR will be updated to clarify the reference to automatic transfer as depicted in the marked-up version provided in of this enclosure.

With respect to Unit 2, no Unit 2 specific loads are powered from the subject common panels.

With no Unit 2 specific loads powered from a Unit 1 source, no further adverse impacts on safety function performance were identified. In summary, the sharing of the vital 125 VDC system at CPNPP does not adversely affect the capability of DC systems to adequately perform the associated specified safety functions.

3.3 Shared System Electrical Design Single Failure Considerations As stated previously, the sharing of the system is limited between two units only. Because redundancy for common systems is maintained consistent with that of unit-specific safety-related trains, a single failure at the system level will not preclude the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss of off-site power.

Enclosure to TXX-23005 Page 11 of 16 3.4 Conclusions Vistra OpCo is requesting NRC approval of the CPNPP design of the Class 1E electrical power supplies supporting Unit 1 and Unit 2 common loads and feeding Unit 1 specific loads from common panles, which is a deviation from the guidance provided in RG 1.81, Revision 1, Regulatory Positions C.1 and C.3. The acceptability of the CPNPP electrical power design shared between Unit 1 and Unit 2 is based on the following:

1. The design does not significantly impair the ability to perform the specified safety functions, including an assumption of an accident in one unit and coincident orderly shutdown and cooldown of the remaining unit, and, therefore, meets the requirements of 10 CFR 50, Appendix A, GDC 5, "Sharing of structures, systems, and components."
2. For common vital 118 VAC buses/panels supplying Unit 1 specific loads, both FSAR and TSB controls are being established to require these buses/panels to be aligned from Unit 1 power sources, except when Unit 1 is defueled or during testing/maintenance activities.
3. With respect to vital 125 VDC shared electrical supplies, administrative controls conservatively maintain the panels normally powered from Unit 1 and limit the time power is supplied by Unit 2 by limiting the time of maintenance and testing activities, although no Unit 2 specific loads are powered from these panels. On a loss of AC power (offsite power) the 125 VDC system common panels continues to be fed from the 125VDC battery, the AC power source is restored within four hours and 125 VDC system common panels power source is restored to AC power.
4. The shared power sources from both units (DC and AC) feeding the common buses have sufficient capacity and capability to adequately feed all the common bus loads, as stated in the FSAR.
5. The sharing of the electrical power supplies is limited between two units only.
6. Because redundancy for common systems is maintained consistent with that of unit-specific safety-related trains, a single failure at the system level will not preclude the capability to automatically supply minimum safety-related loads in any one unit and safely shutdown the other unit assuming a loss of offsite power.
7. The design of the common 125 VDC and 118 VAC system panels conforms to the requirements of GDC 17, "Electrical Power Systems" (Reference 11), RG 1.6 (Reference 8), RG 1.9 (Reference 9), and RG 1.47 (Reference 10).
8. The design of CPNPP electrical systems meet the requirements of RG 1.81, Revision 1, Regulatory Position C.2.

4.0 REGULATORY EVALUATION

4.1 Applicable Regulatory Requirements

Enclosure to TXX-23005 Page 12 of 16 The GDC contained in Appendix A of 10 CFR 50 establish minimum requirements for the principal design criteria for water-cooled nuclear power plants. The following GDC, regulatory documents, and industry standards establish specific design requirements applicable to independence between redundant power sources and shared systems for multi-unit sites as described in CPNPP FSAR.

  • GDC-5 requires that structures, systems, and components important to safety, including the onsite electric power supplies and distribution systems, shall not be shared among nuclear power units unless it can be shown that such sharing will not significantly impair their ability to perform their safety functions, including, in the event of an accident in one unit, an orderly shutdown and cool down of the remaining units.
  • GDC-17 requires, in part, that the onsite electric power supplies, including the onsite electric distribution system, shall have sufficient independence and redundancy to perform their safety functions assuming a single failure.
  • RG 1.6, Revision 0 (Reference 8), describes an acceptable degree of independence between redundant standby (onsite) power sources and between their distribution systems.
  • RG 1.9, Revision 0 (Reference 9), describes an acceptable basis for the selection of diesel generator sets of sufficient capacity and margin to implement GDC 17.
  • RG 1.47, Revision 0 (Reference 10), describes an acceptable method of complying with the requirements of IEEE Standard 279-1971 and Appendix B to 10 CFR Part 50 with regard to indicating the inoperable status of a portion of the protection system (as defined in IEEE Standard 279-1971), systems actuated or controlled by the protection system, and auxiliary or supporting systems that must be operable for the protection system and the systems it actuates to perform their safety-related functions.
  • RG 1.75, Revision 1, "Physical Independence of Electric Systems" (Reference 12),

describes a method acceptable to the Regulatory staff of complying with IEEE Std 279-1971 and Criteria 3, 17, and 21 of Appendix A to 10 CFR Part 50 with respect to the physical independence of the circuits and electric equipment comprising or associated with the Class IE power system, the protection system, systems actuated or controlled by the protection system, and auxiliary or supporting systems that must be operable for the protection system and the systems it actuates to perform their safety-related functions.

  • IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations" (Reference 13), established minimum requirements for the safety-related functional performance and reliability of protection systems for stationary land-based nuclear reactors producing steam for electric power generation.
  • IEEE Standard 308-1974, "Criteria for Class 1E Power Systems for Nuclear Power Generating Stations" (Reference 14), provides criteria for the determination of Class 1E power system design features and the requirements for their testing, surveillance, and documentation.

Enclosure to TXX-23005 Page 13 of 16 CPNPP Units 1 and 2 will continue to meet the applicable regulations and requirements, subject to the previously approved exceptions, with approval of this amendment request.

4.2 Precedent No applicable precedent has been identified.

4.3 No Significant Hazards Consideration Determination The proposed amendment to the Comanche Peak Nuclear Power Plant (CPNPP) Units 1 and 2 Final Safety Analysis Report (FSAR) satisfies the commitment established in CPNPP letter dated December 1, 2022 to, "[Perform a] 10CFR50.59 evaluation and [submit] a license amendment to address CPNPPs commitments to NRC Regulatory Guide (RG) 1.81." Once approved, the FSAR will be revised to include discussion regarding the CPNPP shared electrical sources with respect to the guidance of Regulatory Guide (RG) 1.81, "Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants," Revision 1 (Reference 2), Regulatory Positions C.1 and C.3.

Vistra Operations Company LLC (Vistra OpCo) has concluded that the proposed change does not involve a significant hazards consideration. This conclusion is based on its evaluation in accordance with Title 10 of the Code of Federal Regulations (10 CFR) 50.91(a)(1) of the three standards set forth in 10 CFR 50.92, Issuance of Amendment, as discussed below:

1. Does the proposed amendment involve a significant increase in the probability or consequence of an accident previously evaluated?

Response: No.

The proposed change does not alter the safety function of any structure, system, or component (SSC) and does not alter equipment out-of-service time. The proposed change is unrelated to the probability of an accident previously evaluated. This request would permit the sharing of specific 118 VAC and 125 VDC common loads between the CPNPP Units 1 and 2, and feeding Unit 1 specific loads from common panels which can impact accident mitigation capability.

Although power sources from both units feeding the common buses have sufficient capacity and capability to adequately feed all the common bus loads, some Unit 1 relays would not function properly when certain AC common panels (i.e., XEC1-1 and XEC2-1) are powered from the Unit 2 source, following a loss of the Unit 2 power source with coincident Unit 1 safety injection (SI) signal. The failure of these relays to actuate would prevent some automatic SI functions from occurring (such as some required load shedding, fan starts, valve re-positionings, etc.) following a Unit 1 SI signal. To account for this, CPNPP has added a requirement in the station's FSAR and Technical Specification Bases (TSB) that will disallow powering XEC1-1 and XEC2-1 from Unit 2 during all Unit 1 modes (i.e., only allowed when Unit 1 is defueled).

With respect to vital 125 VDC shared electrical supplies, administrative controls conservatively maintain the common panels (XED1-1 and XED2-1) normally powered from Unit 1 and limit the time power is supplied by Unit 2 by limiting the time of maintenance and testing activities, although no Unit 2 specific loads are powered from these panels. The

Enclosure to TXX-23005 Page 14 of 16 125 VDC common panels continue to be fed from the 125 VDC system and are not impacted by a loss of AC power (offsite power) source. Evaluations have confirmed that with Unit 2 powering these common panels, there will be no impact to the safe and orderly shutdown and cooldown of either Unit 1 or Unit 2.

Because redundancy for common systems is maintained consistent with that of unit-specific safety related trains, a single failure at the system level will not preclude the capability to automatically supply minimum safety-related loads in any one unit and safely shutdown the other unit assuming a loss of offsite power. Based on the above, the sharing of the subject common loads does not significantly degrade the ability of the shared systems to perform the intended safety functions.

Therefore, the proposed change does not involve a significant increase in the probability or consequence of an accident previously evaluated.

2. Does the proposed amendment create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No.

The proposed change does not involve any physical changes to plant safety related SSCs or alter the modes of plant operation in a manner that is outside the bounds of the system design analyses. The proposed change to revise the FSAR description of the shared electrical sources in relation to the guidance provided in RG 1.81, does not create the possibility for an accident of a different type than any evaluated previously in the CPNPP FSAR. Permitting the sharing of specific Unit 1 specific loads between the two CNPP units does involve the potential of a loss of certain functions absent the established controls which act to prevent such loss. Assuming a single failure of the redundant AC power Unit 1 power train at the onset of an accident and a loss of the Unit 2 power (AC and battery-backed DC) supplying the affected Unit 1 SI functions of the remaining Unit 1 train, a potential loss of specific Unit 1 SI capabilities could occur (failure of some required load shedding, fan starts, valve re-positionings, etc.). To account for this, CPNPP has added a requirement in the stations FSAR and TSB that will disallow powering XEC1-1 and XEC2-1 from Unit 2 during all Unit 1 modes (i.e., only allowed when Unit 1 is defueled).

Based on the above, the sharing of the subject common loads does not significantly degrade the ability of the shared systems to perform the intended safety functions.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3. Does the proposed amendment involve a significant reduction in a margin of safety?

Response: No.

The proposed change to revise the FSAR description of the shared electrical sources in relation to the guidance provided in RG 1.81, Revision 1, does not reduce the margin of safety because the associated SSCs will continue to perform the specified safety functions.

With respect to common (shared) electrical buses or panels that supply Unit 1 specific loads, administrative controls require these loads to normally be powered from the Unit 1

Enclosure to TXX-23005 Page 15 of 16 source. When powered from a Unit 2 source to support testing or maintenance, a loss of Unit 2 AC power will automatically result in the affected panels being powered from the associated Unit 2 vital battery, ensuring assumed automatic response of SSCs in the event of a design basis accident. The affected panel(s) is thereafter transferred to the Unit 1 power source within four hours, assuming AC power is not restored, prior to the end of the Unit 2 battery duty cycle. Subsequently, the results of accident analyses remain unchanged by this request.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above, Vistra OpCo concludes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92 (c), and accordingly, a finding of no significant hazards consideration is justified.

4.4 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commissions regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

5.0 ENVIRONMENTAL CONSIDERATION

S The proposed change would change a requirement with respect to installation or use of a facility component located within the restricted area, as defined in 10 CFR Part 20, or would change an inspection or surveillance requirement. However, the proposed change does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed change meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).

Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed change.

Enclosure to TXX-23005 Page 16 of 16

6.0 REFERENCES

1. NRC letter from Gregory Werner to Ken Peters dated November 1, 2022, "Comanche Peak Nuclear Power Plant, Units 1 and 2 Integrated Inspection Report 05000445/2022003 and Notice of Violation" (ADAMS Accession Number ML22299A056)
2. Regulatory Guide 1.81, "Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants," Revision 1, January 1975.
3. 10 CFR 50, Appendix A, Criterion 5, "Sharing of structures, systems, and components."
4. Luminant Letter from Steven K. Sewell to U.S. NRC dated December 1, 2022, "Comanche Peak Nuclear Power Plant (CPNPP) Docket No. 50-445 - Reply to a Notice of Violation" (ADAMS Accession Number ML22335A518)
5. NUREG-0797, "Safety Evaluation Report related to the operation of Comanche Peak Steam Electric Station, Units 1 and 2," Supplement No. 22, January 1990.
6. Texas Utilities Generating Company Letter from R.J. Gary to U.S. NRC dated June 15, 1979, "Comanche Peak Steam Electric Station Request for Amendment of Construction Permits CPPR-126 and CPPR-127" (ADAMS Accession Number ML19308A358)
7. NRC letter from the Office of Inspection and Enforcement Region IV to Texas Utilities Generating Company dated January 21, 1975, "Regulatory Operations Inspection Reports 50-445/75-02 & 50-446/75-02" (ADAMS Accession Number ML20212N894)
8. Regulatory Guide 1.6, "Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems," Revision 0, March 1971.
9. Regulatory Guide 1.9, "Application and Testing of Safety-Related Diesel Generators in Nuclear Power Plants," Revision 0, March 1971.
10. Regulatory Guide 1.47, "Bypassed and Inoperable Status Indication for Nuclear Power Plant Safety Systems," Revision 0, May 1973.
11. 10 CFR 50, Appendix A, Criterion 17, "Electrical Power Systems."
12. RG 1.75, Revision 1, "Physical Independence of Electric Systems," January 1975.
13. IEEE Standard 279-1971, "Criteria for Protection Systems for Nuclear Power Generating Stations," June 1971.
14. IEEE Standard 308-1974, "Criteria for Class 1E Power Systems for Nuclear Power Generating Stations," February 1974.

7.0 ATTACHMENTS

1. FSAR Changes (markup) - For Information Only
2. Technical Specification Bases Changes (markup) - For Information Only

Enclosure Attachment 1 to TXX-23005 FSAR Changes (markup) - For Information Only

CPNPP/FSAR in the containment sump and shown to be greater than the required net positive suction head for the pump.

The lines from the containment sump to the RHR pumps were flushed and inspected to ensure that they are free from obstruction.

For details refer to Table 14.2-2, Sheet 15.

Regulatory Guide 1.80 Preoperational Testing of Instrument Air Systems Discussion Regulatory Guide 1.80 was superseded by Regulatory Guide 1.68.3.

Refer to the discussion of Regulatory Guide 1.68.3.

Regulatory Guide 1.81 Shared Emergency and Shutdown Electric Systems for Multi-Unit Nuclear Power Plants Discussion The CPNPP design complies with the provisions of Revision 1 (1/75) of this regulatory guide with an exception to Regulatory Positions C.1 and C.3. For details see Section 8.3.1.2.1 Item 8.

Regulatory Guide 1.82 Sumps for Emergency Core Cooling and Containment Spray Systems Discussion The containment recirculation sump design in the CPNPP complies with the intent of the Regulatory Positions of this regulatory guide dated June 1974 with clarifications as noted below.

The description and design evaluation of the containment recirculation sumps is provided in Section 6.2.2.

C.3 and C.8 - The screen design with (1) an outer trash rack and (2) a fine inner screen mounted on a structure with a solid top cover has been replaced by a strainer which incorporates the function of both the screen and the trash rack. The strainer is located on the lowest floor elevation in the containment exclusive of the reactor vessel cavity. The strainer is fully submerged prior to switchover of containment spray from injection to recirculation for LOCAs and secondary pipe breaks. This design meets the intent of the Reg. Guide.

C.4 and C.6 - The floor level in the vicinity of the sumps does not slope away from the sumps.

However, the design meets the intent of the Reg. Guide by the provision of a one foot tall solid debris interceptor surrounding the sump strainers.

1A(B)-38 Amendment No. 110

CPNPP/FSAR tested at full power so as not to damage equipment or upset plant operation (as allowed by the ASME Code). These valves are identified by a footnote and a justification as to why the valve cannot be tested at full power. The guidelines of Regulatory Position D.4 of Regulatory Guide 1.22 are met.

7.1.2.6 Conformance to Regulatory Guide 1.47 The Bypassed and Inoperable Status Indication System (called Safety System Inoperable Indication (SSII) on CPNPP) conforms to the requirements of Regulatory Guide 1.47. The system is designed as follows:

1. The SSII is located in the Control Room and consists of one control board display for each safety train. Within each display are bypass lights for each of the systems listed in item 6.

The system for each train consists of a lamp box, a horn and an electronics logic chassis. The lamp box is mounted on the front of the control board. The electronics logic chassis and the horn are mounted inside the control board.

Each lamp box consists of twenty backlighted pushbuttons and acknowledge, reset and two test pushbuttons. Each backlighted pushbutton is capable of red and amber displays and there are separate test pushbuttons for the red and amber lamps.

The inputs to each backlighted pushbutton are divided into two categories, primary inputs which give a red display and secondary inputs which give an amber display. The primary inputs are those inputs to a given system, from components within the given system itself, that will cause the given system to be bypassed or inoperative. The secondary inputs are those inputs from other (supporting) systems or other primary displays to the given system that will cause the given system to be bypassed or inoperative.

The system functions like an annunciator system in that activation of a field contact, or momentary actuation of a backlighted pushbutton causes the light in that pushbutton to flash and the horn to come on. Pressing the acknowledge button, silences the horn and the light becomes steady. Upon return to normal, the light stays on until reset button is pressed.

For electrical schematic drawings, see drawings 2323-E1-0071, sheets 46 through 65, 67 and 68.

2. The SSII does not perform functions essential to mitigate the consequences of an accident, nor do administrative procedures require operator manual actions based solely on SSII displays. SSII is implemented as a non-safety grade system consistent with R.G. 1.47.
3. Electrical separation is based on analysis provided in Section 8.3. The interface with safety systems and components is such that no degradation of safety systems will occur because of an SSII failure.

7.1-24 Amendment No. 108

CPNPP/FSAR

4. The SSII display is automatically initiated for those inoperable conditions reasonable expected to occur more frequently than once per year when the affected system is normally required to be operable.
5. A means for manually initiating the SSII light exists for those maintenance or bypass activities not automatically initiated. The manual initiation consists of pressing the backlighted pushbutton used for display. This can only be cleared by again actuating the pushbutton.
6. An audible alarm is sounded when any bypass is automatically initiated.

The list of systems included on each SSII display, along with a reference to the description of the system is as follows:

a. Residual Heat Removal, (Section 5.4.7)
b. Safety Injection, (Section 6.3)
c. Containment Spray, (Section 6.5.2)
d. Onsite power, diesel (Section 8.3)
e. Preferred offsite power, (Section 8.3)
f. Alternate offsite power, (Section 8.3)
g. 480 VAC, (Section 8.3)
h. Station Service Water, (Section 9.2.1)
i. Auxiliary Feedwater, (Section 10.4.9)
j. Component Cooling Water, (Section 9.2.2)
k. Control Room HVAC, (Section 9.4.1)
l. 125 VDC, (Section 8.3.2)
m. 118 VAC, (Section 8.3.1)
n. Safety Chilled Water System, (Section 9.4F)
o. Primary Plant ESF ventilation exhaust system, (Section 9.4)

A logic diagram showing typical implementation of this system is shown on Figure 7.1-4 for the Containment Spray System.

The design was verified as part of the Preoperational Test Program.

7.1-25 Amendment No. 108

CPNPP/FSAR in NRC Regulatory Guide 1.32, i.e., inclusion of two immediate access circuits from the transmission network.

Considerations for multi-unit stations given in IEEE 308 permit sharing of the preferred power supply between units as long as sufficient capacity is provided to carry the Engineered Safety Features (ESF) for a Design Basis Accident (DBA) on one unit and on those systems required for a concurrent safe shutdown on the second unit. The preferred offsite power systems for CPNPP are supplied through two startup transformers common to both units. These transformers have more than ample capacity to operate the ESF loads for DBAs on both units simultaneously, although the design criteria requires consideration of a DBA on one unit only.

8.2.1.2.4 Compliance with NRC Regulatory Guide 1.93 As described in the Technical Specifications, power operation is initiated and continued without restriction only when the Limiting Conditions for Operation (LCO) are met. If the LCO is not met, power operation is restricted, as explained in the Technical Specification.

8.2.1.2.5 Compliance with IEEE 336 (7) and NRC Regulatory Guide 1.30 (2)

The Quality Assurance Program for the Class 1E portions of the CPNPP preferred power system is based on the requirements of IEEE 336 and Regulatory Guide 1.30. For details see Chapter 17 and Appendix 1A(B).

8.2.1.2.6 Compliance with NRC Regulatory Guide 1.47 The surveillance of the off-site preferred power system operability status is based on the requirements of Regulatory Guide 1.47 augmented by Branch Technical Position ICSB 21 as described herein:

A system level indication is provided to indicate if a preferred power source is unavailable. This indication for Train A Unit 1 is activated on:

1. Loss of preferred source voltage
2. Breaker 1EA1-1 control switch in the pull to lock position
3. Operator manual action Train B is similar to Train A. A duplicate scheme is provided for Unit 2.

8.2.2 ANALYSIS Offsite power sources are not obtained from a common switchyard. The 138-kV switchyard is physically separated from the 345-kV switchyard. There is no interconnection between the CPNPP 345-kV and 138-kV switchyards. (See Figure 8.2-1). The control supply of the 138-kV circuit breakers is independent of the control supply of the 345-kV circuit breakers. The source of DC power provided for the 138-kV switchyard is separate from the source of DC power for the 345-kV switchyard. See description in 8.2.1. The offsite power source lines from 138-kV and 345-kV switchyards to startup transformers XST1 and XST2 do not cross each other or any other transmission line from the switchyards to the plant. The power from 138-kV and 345-kV 8.2-6 Amendment No. 111

CPNPP/FSAR supplying power to the plant computer and other non-Class 1E instruments, the DC power input is provided from the non-Class 1E 125/250 VDC system.

The AC instrument buses have two incoming circuit breakers to power the loads from either the UPS or directly from the bypass transformers. Common AC instrumentation buses have two incoming circuit breakers to power the loads from either Unit 1 AC instrumentation bus or Unit 2 instrumentation bus. These manually operated circuit breakers are mechanically interlocked to prevent paralleling of both sources.

The mechanical interlock between the bypass source and the inverter source breakers of panels 1EC1, 1EC2, 1EC5, 1EC6, 2EC1, 2EC2, 2EC5, 2EC6, 1PC1, 1PC2, 1PC3 and 1PC4 may be removed during inverter maintenance. When the interlock is removed, appropriate procedural controls are exercised to prevent paralleling the inverter output with the bypass source.

Class 1E buses feeding common systems loads shared by both units receives power from buses having an incoming manual transfer switch that can select power from either unit. Transfer switch design is such that power can not be supplied from both units simultaneously. Train separation is maintained by supplying these shared buses from the same train of both units.

On loss of offsite power and subsequent loss of battery charger output, 118 VAC and 125 VDC buses feeding common loads will be automatically fed by the battery. If the battery charger output can not be restored, by restoration of offsite source or by EDG, during battery duty cycle, the common 118 VAC panels shall be manually transferred to other unit and the common 125 VDC panels shall be automatically transferred to the other unit by tripping of the source breaker feeding the common panel.

A spare inverter is provided in each train of 118 VAC system. The spare inverter can be manually aligned to substitute any of the four inverters in that train. Procedural controls and interlocks ensure that the spare inverter can feed the loads of only one inverter at a time and the power source of the spare inverter is the same as that of the substituted inverter.

The AC output voltage provided by the inverters remains regulated within the following limits:

voltages of 120V +/-2%, Frequency of 60 HZ. +/-0.5%. The inverters are provided with a synchronizing circuit to synchronize its output sine wave with the 120V AC bypass source.

1. Tests and Inspection Prior to placing the Class 1E UPS systems in operation, the system components are tested to ensure their proper operation. The inverters are checked for output voltage and frequency, and transfer between normal and bypass sources, while operating on either the normal or bypass supplies. Panel-mounted instruments monitoring the inverter are calibrated and annunciator and static switch operation checked. During plant power operations, the UPS systems are periodically tested and inspected to ensure their continued capabilities to perform their operations.

The inverter can be removed from service for inspection and test by manually transferring to the bypass power source. The surveillance instrumentation provides continuous monitoring of the system.

8.3-25 Amendment No. 111

CPNPP/FSAR

2. Abnormal Conditions Procedures (listed in Table 13.5-3) specify alternate instrumentation and/or controls which can be used by the operator upon loss of power to a particular bus.

8.3.1.2.1 Compliance

1. Compliance With GDC 17 [1]

The safety-related systems are designed with sufficient capacity, independence, and redundancy (as described in Subsections 8.3.1 and 8.3.2) to ensure performance of their safety functions assuming a single failure. The offsite electrical power system also provides independence and redundancy (as discussed in Section 8.2) to ensure an available source of power to the safety-related loads.

Upon loss of the preferred power source to any 6.9 kV Class 1E bus, the alternate power source is automatically connected to the bus and the diesel generator starts should the alternate source not return power to the Class 1E buses. Loss of both offsite power sources to any 6.9 kV Class 1E bus, although highly unlikely, results in the diesel generator providing power to the Class 1E bus.

As discussed in Subsection 8.3.1, two independent diesel generators and their distribution systems are provided for each unit to supply power to the redundant onsite AC Power System. Each diesel generator and its distribution system is designed and installed to provide a reliable source of redundant onsite-generated (standby) AC power and is capable of supplying the Class 1E loads connected to the Class 1E bus which it serves.

As discussed in Subsection 8.3.2, four independent Class 1E 125-V batteries and their distribution systems are provided for each unit to supply power to the redundant DC systems. Each Class 1E battery and its distribution system is designed and installed to provide a reliable source of redundant onsite DC power. Each Class 1E battery is capable of supplying power for four hours to the Class 1E loads connected to the Class 1E bus which it serves.

Redundant parts within the AC and DC systems are physically and electrically independent to the extent that a single event or single electrical fault can not cause a loss of power to both Class 1E load groups.

2. Compliance With GDC 18 [1]

The electric power systems are designed to permit inspection and testing of all Class 1E systems. Periodic testing is performed on a scheduled basis to demonstrate the operability and continuity of all safety-related systems and components. The testing capability provided for the diesel generators and Class 1E batteries is described in Subsections 8.3.1.1 and 8.3.2.1, respectively. Testing capability for solid-state safeguards sequencers (SSSS) is discussed in Section 8.3.1.1.5.3. Plant design also provides testing capability of other Class 1E equipment as required by IEEE 308 [20].

3. Compliance With NRC Regulatory Guide 1.6 [2]

The CPNPP design is in compliance with the provisions of NRC Regulatory Guide 1.6.

8.3-28 Amendment No. 111

CPNPP/FSAR The electrically powered safety loads, both AC and DC, are separated into two redundant and completely independent load groups for each unit. There are no automatic or manual ties between redundant load groups.

No single failure can prevent operation of the minimum number of required safety loads and loss of any one group will not prevent the minimum safety functions from being performed. Each Class 1E AC bus has access to two offsite power sources and an onsite standby power source. There are no automatic or manual ties between redundant buses.

Two diesel generators are provided for each unit. Each diesel generator is connected exclusively to its associated 6.9-kV Class 1E bus, which ensures independence in the onsite standby power sources.

Each Class 1E DC bus can be energized either by a battery or by one of two battery chargers (one spare) or combination of battery and battery charger. There are no automatic or manual ties between Class 1E redundant DC load groups. Arrangement of the AC and DC systems is described in Subsections 8.3.1 and 8.3.2, respectively.

Because there are no bus ties between redundant load groups, interlocks are not required.

4. Compliance With NRC Regulatory Guide 1.9 [3]

The rating of the diesel generators is based on the maximum continuous load demand.

This rating exceeds the sum of the conservatively rated loads. Motor loads are based on nameplate rating, pump runout conditions, or flow pressure conditions. 6600-V motor efficiency is based on design data. Low-voltage motor efficiency is assumed to be 80 percent.

During preoperational testing, the maximum continuous load demand is verified by tests.

Each diesel generator set is capable of starting and accelerating to rated speed all Class 1E loads in the required sequence.

Sequencing of large loads at 5-sec intervals ensures that large motors have reached rated speed and that voltage and frequency have stabilized before the succeeding loads are applied. The voltage may dip below 75 percent of nominal voltage when the diesel generator breaker closes and energizes the two 2000/2666 kVA, 6.9 kV/480-V unit substation transformers supplied from each diesel generator. This dip is due to magnetizing inrush current which exists for two to three cycles. The diesel generators are designed to recover to 80 percent of nominal voltage within 10 cycles for this transient.

The effect on the first load group would, therefore, be a maximum possible delay of 12 to 13 cycle after closure of the diesel generator breaker. However, the objective of first load group and subsequent load groups is not affected. During recovery from transients caused by step load increases or resulting from the disconnection of the largest single load, the speed of the diesel generator set should not exceed the nominal speed plus 75 percent of the difference between nominal speed and the overspeed trip setpoint or 115 percent of nominal, whichever is lower. The voltage is restored to within 10 percent of nominal; and the frequency is restored to within two percent of nominal in less than 8.3-29 Amendment No. 111

CPNPP/FSAR 40 percent of each load sequence time interval. The diesel generator supplier has successfully performed these tests in his facility on one CPNPP diesel generator set.

The prototype qualification test program of

a. Start and load capability at full load, and
b. 300 valid start and load tests on the diesel generator are discussed in Section 8.3.1.1.11.
5. Compliance With Regulatory Guide 1.32 [7]

The offsite power system includes the preferred design stated in NRC Regulatory Guide 1.32: namely, two immediate access circuits from the transmission network are available to the emergency (Class 1E) bus systems.

Each battery charger is sized to handle the combined steady-state loads while recharging the battery from the design minimum charge state to the fully charged state under all modes of plant operation.

6. Compliance With NRC Regulatory Guide 1.63 [12]

The electric penetration assembly design complies with the intent of NRC Regulatory Guide 1.63.

The propagation of light thru fiber optic cable in the Electrical Penetration Fiber Optic modules does not generate heat. Therefore, the Electrical Penetration seals and Electrical Penetration concrete interface are not impacted by Fiber Optic Circuits. As such, the circuit protection requirements of NRC Regulatory Guide 1.63 are not applicable to Fiber Optic Circuits of Electrical Penetrations.

In reference to Regulatory Position C.1 of NRC Regulatory Guide 1.63, the electric penetration assembly design, for electrical circuits, is capable of withstanding, without loss of mechanical integrity, the maximum current versus time conditions permitted by backup protective devices. The adequacy of penetration protective devices to protect the penetrations is established by detailed calculations which demonstrate that the fault current-versus time conditions for which the penetrations are designed and qualified will not be exceeded.

Circuits using fiber optic cables are not required to have overcurrent protection. The penetration assembly modules for fiber optic cables will only contain fiber optic circuits and, therefore will not impact the fault current vs. time conditions of the penetrations.

The electrical distribution system design incorporates backup protective devices for all power circuits. Control circuits have also been provided with backup protective devices.

Fuses or fusible links within the penetration assembly are not incorporated in the design because of the physical limitations of the standard penetration designs available.

8.3-30 Amendment No. 111

CPNPP/FSAR the level transmitter, the current flowing in the loop will be greater than 20 mA.

The voltage across the 30.1 resistor will not be normal and an indication or an alarm may initiate. A fault to ground of the transmitter will have the same effect as a short circuit. These indications and alarms are not a safety-related function.

Therefore, the malfunction of the level transmitters is not a safety concern.

A loop voltage and a short circuit current test on the power supply card, required by the vendor to verify the operability of the card, is performed by connecting a 100 1 W resistor which simulates a short of the transmitter, the 392 and 250 resistor. The test required by the vendor simulates a more severe case than the failure of the transmitter only. As such, the power supply will not be challenged by the failure of the transmitter only and the failures in the transmitter will not adversely affect the Class 1E power source. Therefore, Non-Class 1E Travel Screen Differential Level Transmitters fed by a Class 1E Power Supply is not a safety concern.

o. Electrical Isolation/Separation of Class 1E Partial Discharge Monitor Bus Couplers for Unit 1 and Unit 2 Station Service Water Pump and Component Cooling Water Pump Motors and Emergency Diesel Generators.

The Bus Coupler consists of a Class-1E, 15 kV rated, non-shielded jumper cable, Class-1E epoxy mica capacitor (EMC), and Non-Class 1E low voltage, low energy coaxial cable for each motor/generator phase connection and a common Non-Class 1E termination box. The termination box is used to connect Non-Class 1E diagnostic equipment, one phase at a time, when partial discharge monitoring is performed.

The 15 kV jumper is spliced to the motor feeder cable. The other end of this jumper connects to the high voltage side of the EMC. The coaxial cable connects to the low voltage side of the EMC and the other end of this coaxial cable terminates at a BNC connector in the termination box.

The EMC is an 80 pico-farad capacitor that has an impediance of 33 meg-ohms at 60 hertz. Thus the EMC essentially acts as an open circuit at the normal operating frequency of 60 hertz. Only the partial discharge pulses (on the order of nano seconds duration and 100-500 mili-volts) are passed through this capacitor.

The diagnostic equipment employs 120 VAC (60 hertz) plant power. Any short on the low voltage side would be of insufficient magnitude to damage the 6.6 kV rated windings of the motor or generator. An open circuit on the low voltage side will not affect the performance of the Station Service Water Pump Motors, Component Cooling Water Pump Motors, and Emergency Diesel Generators, since there is no voltage applied to the EMC under this condition. Also, the capacitor essentially acts as an on circuit at this frequency. Therefore, electrical separation is not required.

8. Compliance With NRC Regulatory Guide 1.81 [16]

The CPNPP design represents a deviation of Regulatory Guide 1.81, Regulatory Positions C.1 and C.3, as approved in Amendments xxx and xxx to the Unit 1 and Unit 2 facility licenses, respectively (Reference 49). Regulatory Position C.1 states that DC systems in multi-unit nuclear power plants should not be shared. Regulatory Position C.3 states that each unit should have separate and independent onsite emergency and 8.3-45 Amendment No. 111

CPNPP/FSAR shutdown electric systems (i.e., vital power should not be shared between units). The CPNPP design includes some safety-related common loads, and some Unit 1 specfic loads fed from common panels, which is a deviation from Regulatory Guide 1.81, Regulatory Positions C.1 and C.3. The acceptability of this design is described below and is in compliance with GDC 5 in that the sharing of these loads does not significantly impair the ability to perform the necessary safety functions, assuming an accident in one unit and an orderly shutdown and cooldown of the remaining unit.

Compliance with Regulatory Position C.2:

Regulatory Position 2.a, The sharing of onsite a.c. electric systems should be limited to two units:

CPNNP sharing of onsite AC electric systems are limited to only Unit 1 and Unit 2.

Regulatory Position 2.b, A single failure (a false or spurious accident signal at the system level in the non-accident unit should be considered as a single failure) should not preclude the capability to automatically supply minimum engineered safety feature (ESF) loads in any one unit and safely shut down the remaining unit, assuming a loss of the offsite power:

Due to redundancy for common systems being maintained consistent with that of unit-specific safety-related trains, a single-failure at the system level will not preclude the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss of off-site power.

Regulatory Position 2.c, Onsite power capacity should be provided to energize sufficient Seismic Category I equipment to attain a safe and orderly cold shutdown of all units, assuming the loss of offsite power and the most severe (in terms of power drain) design basis event and a single failure in the onsite electric system:

On-site power capacity to energize sufficient seismic Category I equipment to attain a safe and orderly cold shutdown of both the units, assuming the loss of off-site power and most severe design basis event and a single failure in the on-site electrical system, is not compromised as a result of common buses because each unit system is designed to have sufficient capacity to feed common bus loads in addition to the unit specific loads.

Regulatory Position 2.d, The interaction between each unit's engineered safety feature electric circuits should be limited such that any allowable combination of maintenance and test operations in the units will not preclude the capability to automatically supply power to minimum ESF loads in any unit, assuming a loss of offsite power:

For AC electric systems, CPNPP has created the following administrative procedural requirement for XEC1-1 and XEC2-1, which power some Unit 1 safety-related loads, that the power source SHALL be aligned to Unit 1 during Unit 1 Modes 1 through 6. The panels power source alignment to Unit 2 will only be allowed when Unit 1 is in NO MODE. Since they only power Unit 1 loads this will not allow any interaction. This requirement is being added to the FSAR, a markup of the FSAR is included in Attachment 1 to this letter.

8.3-45 Amendment No. 111

CPNPP/FSAR For DC electric systems XED1-1 and XED2-1, feed both Unit 1 and common components. Alignment to either unit provides an acceptable power source for Unit 1 components fed from the panels. An evaluation of being aligned from a Unit 2 power source coincident with a Unit 1 SI signal did not reveal any adverse impacts (i.e., no significant loss of safety function was identified). Evaluations confirmed that the power sources, from both units, feeding the common buses have sufficient capacity and capability to adequately feed all the common bus loads, as stated in the FSAR.

Regulatory Position 2.e, Coordination between the unit operators should not be necessary in order to meet Regulatory Positions 2.b and 2.c. Coordination required to meet Regulatory Position 2.d should be minimized:

As stated above, XEC1-1 and XEC2-1 cannot be aligned to Unit 2 while there is fuel in Unit 1, so for AC electric systems there is no possible interaction from Unit 2 operators.

For DC electric systems the evaluations confirmed that the power sources from both units, have sufficient capacity and capability to adequately feed all XED1-1 and XED2-1 common loads and unit specific loads as stated in the FSAR.

Because redundancy for common systems is maintained consistent with that of unit-specific safety-related trains, a single failure at the system level will not preclude the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss of off-site power. Based on this there is no need for coordination between unit operators for regulatory positions 2.b or 2.c and minimal coordination would be needed for regulatory position 2.d.

Regulatory Position 2.f, Complete information regarding the status of the shared systems should be provided for each unit operator:

The status of the which unit power supply is aligned to shared loads is provided in the control room which is available to the unit operator of each unit.

Regulatory Position 2.g, The design should conform to the recommendations contained in Regulatory Guides 1.6 (Safety Guide 6), 1.9 (Safety Guide 9), and 1.47:

CPNPP design is in accordance with RG 1.6, RG 1.9, and RG 1.47. This is laid out in the sites UFSAR, this is laid out in other sections of Section 8.3 Exception to Regulatory Position C1 and C.3:

Safety-related loads shared between both units are powered from common MCCs, 120-VAC panels, 118-VAC panels, and 125-VDC panels as described in Subsections 8.3.1.1.9, 8.3.1.1.13 and 8.3.2.1. Indication of source of power associated with the common electrical equipment mentioned above is provided on a common panel located in the Control Room and accessible to both unit operators.

A single failure at the system level will not affect the capability to automatically supply minimum ESF loads in any one unit and safely shutdown the other unit assuming a loss 8.3-45 Amendment No. 111

CPNPP/FSAR of off-site power because the redundancy of common buses is maintained the same as redundancy for Unit 1 and Unit 2 buses.

On-site power capacity to energize sufficient seismic Category I equipment to attain a safe and orderly cold shutdown of both the units, assuming the loss of off-site power and most severe design basis event and a single failure in the on-site electrical system, is not compromised as a result of common buses because each unit system is designed to have sufficient capacity to feed common bus loads in addition to the unit specific loads.

The CPNPP design is controlled such that only common loads are fed from common buses except for some DC / 118-VAC common panels which feed Unit 1 loads also and the normal source of power for the panels is Unit 1. This does not affect the capability of any unit to feed these loads adequately. Because the unit specific loads of only one unit are fed from a common panel and the common panel normal power source is the same unit, therefore, under normal operation, the interaction between the units for maintenance and test operation will be no different than what is required for a common panel. The time when such common panel is aligned to the unit other than the one whose specific loads it feeds is procedurally limited, therefore, any additional interaction needed for maintenance and test activities will be limited also.

The previous paragraph only applies to the common DC panels XED1-1 and XED2-1. For common AC panels XEC1-1 and XEC2-1, which power some Unit 1 safety-related loads, the power source shall be aligned to Unit 1 during Unit 1 Modes 1 through 6. The panels power source alignment to Unit 2 will only be allowed when Unit 1 is defueled. This is to avoid the possibility that the XEC1-1 and XEC2-1 panels being powered by Unit 2 could cause some Unit 1 relays not to function in the Safety Injection system.

9. Compliance With NRC Regulatory Guide 1.93 [18]

CPNPP power operation procedure is in compliance with NRC Regulatory Guide 1.93 as described in technical specifications. The power operation procedure is initiated and continued without restriction only when the limiti conditions for operation (LCO) are met.

If the LCO are not met, the power operation will be restricted in accordance with the technical specification.

10. Compliance With IEEE 308-1974 [20]

Class 1E electrical equipment and power sources are designed to satisfy the functional requirements under conditions produced by the DBA listed in IEEE 308. The capacity of each onsite Class 1E power source is sufficient to operate all required Class 1E loads during and after the DBA.

Each Class 1E distribution system is capable of transmitting sufficient energy to start and operate all required loads in that system. A failure of any onsite Class 1E power source does not jeopardize the capability of the redundant onsite Class 1E power source to start and run the required shutdown systems.

Separation, redundancy, and independence of components eliminate the probability of a common failure mode. Class 1E equipment is located in seismic Category I structures 8.3-45 Amendment No. 111

CPNPP/FSAR except as noted in Section 8.3.1.4 item 1 and qualified in accordance with IEEE 344-1975

[26]. Seismic design of electrical equipment is discussed in Section 3.10. Surveillance of Class 1E systems indicates readiness to perform their intended safety functions.

Availability and operability of these systems are monitored by means of periodic testing.

All aspects of the electrical station design comply with IEEE 308-1974 with the exception of test intervals for the battery performance discharge test. (See Subsection 8.3.2.)

11. Compliance with IEEE 336 [24] and NRC Regulatory Guide 1.30 [6]

Quality Assurance Program for the CPNPP onsite Class 1E AC power system is based on the requirements of IEEE 336 and Regulatory Guide 1.30. For details see Chapter 17 and Appendix 1A(B).

12. Compliance with NRC Regulatory Guide 1.47 [9]

The surveillance of each on-site Class 1E AC power system operability status is based on the requirements of Regulatory Guide 1.47, augmented by Branch Technical Position ICSB 21.

A system level safety system inoperable indication (SSII) is provided for each train to indicate if the on-site power source is unavailable.

The Diesel Generator Power Window (DG pwr) on the SSII panel is activated by those conditions that render the D-G inoperable for auto start. The same SSII window is also activated if the following conditions exist.

a. Diesel generator remote-local-maintenance switch in local or maintenance position
b. 6.9kV generator breaker control switch in the lockout position
c. Operator manual action
d. Service water system inoperable
e. Loss of 125 volts DC
f. Diesel generator disabled Although the conditions listed above may not be electrically interlocked with the D-G, it is recognized that they may render the D-G inoperable or, are otherwise important enough to advise the operator of its existence.

The condition that renders the D-G incapable of responding to an automatic emergency start signal are:

1. 125V DC not available
2. Overspeed trip not reset 8.3-46 Amendment No. 111

CPNPP/FSAR

3. Differential lock-out relay not reset
4. Remote-Local-Maintenance Switch in local or maintenance mode
5. Starting air pressure low 8.3.1.2.2 Analysis of Uninterruptible Power Systems Class 1E 118-V uninterruptible AC Power Systems, which provide power to the Class 1E instrumentation and control circuits, are designed to the same criteria as those for the onsite Class 1E power system.

Distribution panels and equipment they feed as a minimum meet the requirements of GDC 17 [1] and 18 [1], NRC Regulatory Guides 1.6 [2], and IEEE 308 [20], 344-1975 [26] and 384-1974 [31].

8.3.1.2.3 Failure Mode Analysis Verification that the safety-related auxiliary AC and DC systems satisfy the single-failure criteria is demonstrated by the failure mode analysis given in Tables 8.3-3 and 8.3-7.

Component failure and the effects of the failure are noted. Item numbers corresponding to those in the tables appear on Figures 8.3-1 and 8.3-13.

8.3.1.2.4 Class 1E Equipment in a Potentially Harsh Environment Wherever possible, electrical equipment is located to avoid or minimize the effects of potentially harsh environments during all modes of plant operation. All Class 1E equipment is specified to perform its intended function under the maximum expected environmental conditions at the equipment location.

For details, see Sections 3.11N and 3.11B and Appendix 3A. Appendix 3A delineates postulated environmental extremes for Class 1E equipment located in a potentially harsh environment.

Class 1E equipment located in a potentially harsh environment is designed, fabricated, and qualified in accordance with the requirements of IEEE 323 [22] and applicable IEEE standards for particular equipment (e.g., IEEE 382 [29] for valve motor operators, IEEE 383 [30] for cables, and IEEE 317 [21] and ASME Boiler and Pressure Vessel Code [45]

for electric penetrations).

8.3.1.3 Physical Identification of Class 1E Power Systems Equipment The identification method by which onsite power system equipment can be distinguished as redundant Class 1E systems, associated Class 1E circuits, and non-Class 1E systems is described below:

1. Equipment Tag No.

Electrical equipment has its own tagging scheme developed by equipment type. Many equipment types follow the tagging scheme for mechanical equipment with a modification of the eighth and ninth character. For equipment using a modified mechanical equipment tagging scheme, the eighth character is generally either E or N. E designates 8.3-47 Amendment No. 111

CPNPP/FSAR

46. Brown Boveri Electric, Inc., Test Report K-82089-K1, Test Date May 27, 1982.
47. Wyle Laboratories Test Report No. 53575, Test Report on Separation Verification Testing for Bechtel Energy Corporation for Houston Lighting and Powers South Texas Project, Configuration #1, Test #2.
48. Letter NS-CE-604, dated March 31, 1975, C. Eicheldinger (Westinghouse) to the Secretary of the Nuclear Regulatory Commission.
49. [Insert reference to approving amendments]

8.3-75 Amendment No. 111

Enclosure Attachment 2 to TXX-23005 Technical Specification Bases Changes (markup) - For Information Only

Distribution Systems - Operating B 3.8.9 BASES ACTIONS (continued)

B.1 With one AC vital bus inoperable the remaining OPERABLE AC vital buses are capable of supporting the minimum safety functions necessary to shut down the unit and maintain it in the safe shutdown condition. Overall reliability is reduced, however, since an additional single failure could result in the minimum required ESF functions not being supported. Therefore, the required AC vital bus must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> by powering the bus from the associated inverter via inverted DC, or alternate bypass power via Class 1E transformers. Alternatively, a Completion Time can be determined in accordance with the Risk Informed Completion Time Program.

As AC Vital Bus 1EC5 or 2EC5 power AC common panel XEC1-1 and AC Vital Bus 1EC6 or 2EC6 power AC common panel XEC2-1, and evaluations have called into question the ability for Unit 2 to fully power all Unit 1 loads, XEC1-1 and XEC2-1 cannot be powered by Unit 2 when Unit 1 is in any mode applicable to TS 3.8.9 (i.e.,

MODES 1-4). When Unit 2 is powering XEC1-1 and XEC2-1 in MODES 1, 2, 3, or 4, the requirements of TS 3.8.9, Condition B are applicable for the associated vital bus (Ref. 3).

Condition B represents one AC vital bus without non-interruptible inverted DC power.

In this situation, the unit is significantly more vulnerable to a complete loss of all non-interruptible power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of non-interruptible power to the remaining vital buses and restoring power to the affected vital bus subsystems.

This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that are without adequate vital AC power. Taking exception to LCO 3.0.2 for components without adequate vital AC power, that would have the Required Action Completion Times shorter than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> if declared inoperable, is acceptable because of:

a. The potential for decreased safety by requiring a change in unit conditions (i.e.,

requiring a shutdown) and not allowing stable operations to continue;

b. The potential for decreased safety by requiring entry into numerous Applicable Conditions and Required Actions for components without adequate vital AC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected train; and
c. The potential for an event in conjunction with a single failure of a redundant component.

The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time takes into account the importance to safety of restoring the AC vital bus to OPERABLE status, the redundant capability afforded by the other OPERABLE vital buses, and the low probability of a DBA occurring during this period.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-79 Revision 85

Distribution Systems - Operating B 3.8.9 BASES ACTIONS (continued)

C.1 With DC bus(es) in one train inoperable the remaining DC electrical power distribution subsystems are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining DC electrical power distribution subsystems could result in the minimum required ESF functions not being supported. Therefore, the required DC buses must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> by powering the bus from the associated battery or charger. Alternatively, a Completion Time can be determined in accordance with the Risk Informed Completion Time Program.

Condition C represents one or more electrical power distribution subsystems without adequate DC power; potentially both with the battery significantly degraded and the associated charger nonfunctioning for the affected bus(es). In this situation, the unit is significantly more vulnerable to a complete loss of all DC power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining bus(es) and restoring power to the affected bus(es).

This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that would be without power. Taking exception to LCO 3.0.2 for components without adequate DC power, which would have Required Action Completion Times shorter than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, is acceptable because of:

a. The potential for decreased safety by requiring a change in unit conditions (i.e., requiring a shutdown) while allowing stable operations to continue;
b. The potential for decreased safety by requiring entry into numerous applicable Conditions and Required Actions for components without DC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected train; and
c. The potential for an event in conjunction with a single failure of a redundant component.

The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time for DC buses is consistent with Regulatory Guide 1.93 (Ref. 4).

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-80 Revision 85

Distribution Systems - Operating B 3.8.9 BASES ACTIONS (continued)

D.1 and D.2 If the inoperable distribution subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.

E.1 Condition E corresponds to inoperable distribution subsystems that result in a loss of safety function, adequate core cooling, containment OPERABILITY and other vital functions for DBA mitigation would be compromised, and immediate plant shutdown in accordance with LCO 3.0.3 is required.

SURVEILLANCE REQUIREMENTS SR 3.8.9.1 This Surveillance verifies that the required AC, DC, and AC vital bus electrical power distribution systems are functioning properly, with the correct circuit breaker alignment. The correct breaker alignment ensures the appropriate separation and independence of the electrical divisions is maintained, and the appropriate voltage is available to each required bus.

The verification of proper voltage availability on the buses ensures that the required voltage is readily available for motive as well as control functions for critical system loads connected to these buses. The Surveillance Frequency is controlled under the Surveillance Frequency Control Program.

REFERENCES

1. FSAR, Chapter 6.
2. FSAR, Chapter 15.
3. FSAR, Chapter 8.3.
4. Regulatory Guide 1.93, December 1974.

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-81 Revision 85

Distribution Systems - Operating B 3.8.10 BASES ACTIONS A.1, A.2.1, A.2.2, A.2.3, A.2.4, and A.2.5 (continued) administrative efforts. Therefore, the allowance for sufficiently conservative actions is made (i.e., to suspend CORE ALTERATIONS, movement of irradiated fuel assemblies, and operations involving positive reactivity additions that could result in loss of required SDM (MODE 5) or boron concentration (MODE 6)). Suspending positive reactivity additions that could result in failure to meet the minimum SDM or boron concentration limit is required to assure continued safe operation. Introduction of coolant inventory must be from sources that have a boron concentration greater than that required in the RCS for minimum SDM or refueling boron concentration. This may result in an overall reduction in RCS boron concentration but provides acceptable margin to maintaining subcritical operation. Introduction of temperature changes including temperature increases when operating with a positive MTC must also be evaluated to ensure they do not result in a loss of required SDM.

Suspension of these activities does not preclude completion of actions to establish a safe conservative condition. These actions minimize the probability of the occurrence of postulated events. It is further required to immediately initiate action to restore the required AC and DC electrical power distribution subsystems and to continue this action until restoration is accomplished in order to provide the necessary power to the unit safety systems.

Notwithstanding performance of the above conservative Required Actions, a required residual heat removal (RHR) subsystem may be inoperable. In this case, Required Actions A.2.1 through A.2.4 do not adequately address the concerns relating to coolant circulation and heat removal. Pursuant to LCO 3.0.6, the RHR ACTIONS would not be entered. Therefore, Required Action A.2.5 is provided to direct declaring RHR inoperable, which results in taking the appropriate RHR actions.

As AC Vital Bus 1EC5 or 2EC5 power common panel XEC1-1 and AC Vital Bus 1EC6 or 2EC6 power common panel XEC2-1, and evaluations have called into question the ability for Unit 2 to fully power all Unit 1 loads, XEC1-1 and XEC2-1 cannot be powered by Unit 2 when Unit 1 is in any mode applicable to TS 3.8.10 (i.e., MODES 5-6). When Unit 2 is powering XEC1-1 or XEC2-1 in MODES 5 or 6, the requirements of TS 3.8.10, Condition A, are applicable for the associated vital bus (Ref. 3)

The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required distribution subsystems should be completed as quickly as possible in order to minimize the time the unit safety systems may be without power.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-86 Revision 85

Distribution Systems - Operating B 3.8.10 BASES SURVEILLANCE SR 3.8.10.1 REQUIREMENTS This Surveillance verifies that the AC, DC, and AC vital bus electrical power distribution subsystems are functioning properly, with all the buses energized. The verification of proper voltage availability on the buses ensures that the required power is readily available for motive as well as control functions for critical system loads connected to these buses. The Surveillance Frequency is controlled under the Surveillance Frequency Control Program.

REFERENCES 1. FSAR, Chapter 6.

2. FSAR, Chapter 15.
3. FSAR, Chapter 8.3.

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-87 Revision 85

Retrieved from "https://kanterella.com/w/index.php?title=CP-202300096,_License_Amendment_Request_(LAR)_23-002_Application_Regarding_GDC-5_Shared_Systems_Requirements&oldid=3535167"