Text

License Amendment Request (LAR)06-009, Revision to Technical Specification (TS) 3.8.1, AC Sources - Operating, Extension of Completion Times for Diesel Generators
	ML070230493
Person / Time
Site:	Comanche Peak
Issue date:	01/18/2007
From:	Madden F; TXU Power
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	00236, CPSES-200700130, LAR 06-009, TXX-07011
	Download: ML070230493 (77)
	v • d • e

I 6\ ',

TXU Power uxM Poweir Dirlke Blevins Comanche Pla Steam SenaoE Wre-Preskient & Ref: IOCFR50.90 E1fii Stati*n C~hief. N'udear Ofiteer Giatn Rose, T X 76EI43 T-eft 254 87, 5209 Fax: 254 897 66.52 mike.brevins@txui.com CPSES-200700130 Logf# TXX-07011 File # 00236 January 18, 2007 U. S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555

SUBJECT:

COMANCHE PEAK STEAM ELECTRIC STATION (CPSES)

DOCKET NOS. 50-445 AND 50-446 LICENSE AMENDMENT REQUEST (LAR)06-009 REVISION TO TECHNICAL SPECIFICATION (TS) 3.8.1, "AC SOURCES - OPERATING," EXTENSION OF COMPLETION TIMES FOR DIESEL GENERATORS REF: 1. TXU Power letter, logged TXX-06141, from Mike Blevins to the U.S. Nuclear Regulatory Commission, dated October 16, 2006.

Dear Sir or Madam:

On December 11, 2006, during a conference call between the NRC and TXU Power staff, the NRC suggested that CPSES withdraw License Amendment Request (LAR)06-009, "Revision to Technical Specifications (TS) 3.8.1, 'AC Sources - Operating,'

Extension of Completion Times for Diesel Generators." The NRC suggested that CPSES revise the LAR submitted in Reference I to more fully address the treatment of external events, i.e., fires and floods, in addition to other PRA issues. As suggested, CPSES withdrew the LAR and agreed to resubmit it by January 19, 2007 with revised PRA analysis. The present submittal replaces Reference I above.

Pursuant to 10CFR50.90, TXU Generation Company LP (TXU Power) hereby requests an amendment to the CPSES Unit 1 Operating License (NPF-87) and CPSES Unit 2 Operating License (NPF-89) by incorporating the attached change into the CPSES Unit 1 and 2 Technical Specifications (TS). This change request applies to both units.

A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

Comanche Peak

Diablo Canyon - Palo Verde - South Texas Project ° Wolf Creek

TXX-07011 Page 2 of 4 The proposed changes will revise Technical Specification 3.8.1 for "AC Sources -

Operating" that will extend the allowable Completion Time (CT) associated with restoration of an inoperable Diesel Generator (DG). The extended CT establishes a 14 day allowable out of service time when one DG is inoperable if an alternate AC power source (AACPS) is available. The 14 day CT is based on a plant specific risk analysis performed to establish the out of service time. As a defense-in-depth measure, when the option of an extended allowable out of service time for a DG is exercised, an AACPS will be provided with the capability of supplying the same loads as the existing DG with the exception that it will not be Class IE. In the absence of an AACPS, the DG 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT will be applied.

TXU Power's evaluation of the proposed changes includes traditional engineering analyses as well as a risk informed approach as set forth in the guidance of Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," and Regulatory Guide 1. 177, "An Approach for Plant-Specific, Risk-Informed Decision making: Technical Specifications."

These proposed changes will provide operational flexibility by allowing more efficient application of plant resources to safety significant activities. These proposed changes will allow performance of periodic DG overhauls on-line and improve DG availability during shutdown.

The justification for these changes to the DG Completion Time is based upon a risk-informed, deterministic evaluation consisting of three main elements: (1) the reliability and availability of offsite power via separate and physically independent offsite circuit startup transformers, (2) assessment of risk that shows an acceptable small increase in risk (as indicated by Core Damage Frequency (CDF) and Large Early Release Frequency (LERF)), and (3) continued implementation of a Configuration Risk Management Program (CRMP) while the DG is in an extended Completion Time. These elements provide the basis for the requested TS changes by providing a high degree of assurance of the capability to provide power to the safety related 6.9 kV AC Engineered Safety Features (ESF) buses during the extended Completion Time.

Attachment I provides a detailed description of the proposed changes, a technical analysis of the proposed changes, TXU Power's determination that the proposed changes do not involve a significant hazard consideration, a regulatory analysis of the proposed changes and an environmental evaluation. Attachment 2 provides the affected Technical Specification (TS) pages marked-up to reflect the proposed changes. Attachment 3 provides proposed changes to the Technical Specification

TXX-0701 1 Page 3 of 4 Bases for information only. These changes will be processed per CPSES site procedures. Attachment 4 provides retyped Technical Specification pages which incorporate the requested changes. Attachment 5 provides retyped Technical Specification Bases pages which incorporate the proposed changes.

TXU Power requests approval of the proposed License Amendment by October 13, 2007, to be implemented within 120 days. The approval date was administratively selected to allow for NRC review but the plant does not require this amendment to allow continued safe full power operations.

In accordance with IOCFR50.91 (b), TXU Power is providing the State of Texas with a copy of this proposed amendment.

This communication contains no new or revised commitments.

Should you have any questions, please contact Ms. Tamera J. Ervin at (254) 897-6902.

I state under penalty of perjury that the foregoing is true and correct.

Executed on January 18, 2007.

Sincerely, TXU Generation Company LP By: TXU Generation Management Company LLC Its General Partner Mike Blevins By:___. -Mý__

/F'ra W. Madden Director, Oversight & Regulatory Affairs TJE/tje

TXX-07011 Page 4 of 4 Attachments 1. Description and Assessment

2. Markup of Technical Specifications Pages

3. Markup of Technical Specifications Bases Pages (for information)

4. Retyped Technical Specification Pages

5. Retyped Technical Specification Bases Pages (for information)

6. Comanche Peak Switchyards and Distribution Subsystem Figures c - B. S. Mallet, Region IV M. C. Thadani, NRR Resident Inspectors, CPSES Ms. Alice Rogers Environmental & Consumer Safety Section Texas Department of State Health Services 1100 West 49th Street Austin, Texas 78756-31

Attachment I to TXX-0701 I Page 1 of 45 ATTACHMENT I to TXX-07011 DESCRIPTION AND ASSESSMENT

Attachment I to TXX-07011 Page 2 of 45 LICENSEE'S EVALUATION

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration 5.2 Applicable Regulatory Requirements/Criteria

6.0 ENVIRONMENTAL CONSIDERATION

7.0 PRECEDENTS

8.0 REFERENCES

Attachment I to TXX-07011 Page 3 of 45

1.0 DESCRIPTION

By this letter, TXU Generation Company LP (TXU Power) requests a License amendment to the CPSES Unit I Operating License (NPF-87) and CPSES Unit 2 Operating License (NPF-89) by incorporating the attached changes into the CPSES Unit I and 2 Technical Specifications (TS).

The proposed changes will revise Technical Specification 3.8.1 for "AC Sources -

Operating" by adding an alternate Required Action to B.4 that will extend the allowable Completion Time (CT) associated with restoration of an inoperable Diesel Generator (DG).

The extended CT establishes a 14 day allowable out of service time when one DG is inoperable if an alternate AC power source (AACPS) is available. The 14 day CT is based on a plant specific risk analysis performed to establish the out of service time. As a defense-in-depth measure, when the option of an extended allowable out of service time for an emergency DG is exercised, an AACPS will be provided with the capability of supplying the same loads as the existing DG with the exception that it will not be Class IE.

Additionally, the AACPS would be started manually or automatically and connected to the bus when it has achieved its rated voltage and speed. The AACPS connection to the bus will occur within 15 minutes of detection of a loss of offsite power (LOOP). Thus the AACPS would have the capacity required for safe shutdown such that performance of powered equipment is acceptable after a LOOP to the bus. In the absence of an AACPS, the DG 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT will be applied. The license amendment request also proposes to add a second CT for this alternate Required Action to establish a limit on the maximum time allowed for any combination of required AC electrical sources to be inoperable during any single contiguous occurrence of failing to meet the Limiting Condition for Operation (LCO).

Additionally, an alternate Required Action will be added to Condition A.3. The CT to restore an inoperable required offsite circuit to OPERABLE status will be 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months .

Furthermore, the second CT for the alternate Required Action establishes a limit on the maximum time allowed for one required offsite circuit and one DG to be inoperable during any single contiguous failure to meet the LCO if an AACPS is available. In the absence of an AACPS, the DG 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT will be applied.

The requested changes are based upon CPSES plant specific risk-informed and deterministic evaluations perfonned in a manner consistent with the risk-informed approaches endorsed by Regulatory Guides 1. 174 (Reference 8. 1) and 1.177 (Reference 8.2). The proposed changes would increase operational flexibility and provide additional allowances for performance of testing, repairs, and periodic maintenance while at power.

2.0 PROPOSED CHANGE

On page 3.8-2 of Technical Specifications (TS) 3.8.1 "AC Sources - Operating," the Required Action A.3 will be renumbered to read A.3. 1. The alternate proposed Required Action will be numbered A.3.2 and read, "Restore required offsite circuit to OPERABLE

Attachment I to TXX-07011 Page 4 of 45 status" and the proposed associated CT will read, "72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months AND 17 days from discovery of failure to meet LCO due to an inoperable DG with AACPS available." The acronym AACPS is defined as "alternate AC power source." The Required Actions A.3.1 and A.3.2 are choices, only one of which must be performed as indicated by the use of the logical connector "OR" and the left justified placement.

On Page 3.8-4 of TS 3.8.1, the Required Action B.4 will be renumbered to read B.4.1.

Additionally, in the CT of this Required Action the word "discover" will have a "y" added to the end of the word to read "discovery." The alternate proposed Required Action will be numbered B.4.2 and will read, "Restore DG to OPERABLE status" and the proposed associated CT will read, "14 days AND 17 days from discovery of failure to mneet LCO."

The proposed Required Action B.4.1 and B.4.2 are choices, only one of which must be performed as indicated by the use of the logical connector "OR" and the left justified placement.

Required Action B.4.2 will be modified by a note that will read, "Required Action B.4.2 and associated Completion Times are only allowed if an AACPS is available."

For information only, this LAR includes markups in Attachment 3 indicating proposed associated changes to the Bases for TS 3.8. 1, "AC Sources - Operating." Retyped TS pages and TS Bases pages which incorporate the proposed changes are provided in Attachments 4 and 5, respectively.

In summary, the proposed changes will revise TS 3.8.1 for "AC Sources - Operating" to add an alternate Required Action to B.4 that will extend the CT for an inoperable DG if an AACPS is available. Additionally, the proposed changes for TS 3.8.1 will also add an alternate Required Action to A.3 for one required offsite circuit inoperable, that will extend the second CT due to an inoperable DG if an AACPS is available.

3.0 BACKGROUND

The allowable alternate Required Actions Completion Time (CT) extension for the diesel generator (DG) is expected to be used for performing maintenance activities on-line if all alternate AC power source AACPS is available. Conversely, in the absence of an AACPS, the DG 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT will be applied. The proposed changes would increase operational flexibility and provide additional allowances for performance of testing, repairs, and periodic maintenance while at power. Section 4 includes a detailed description and background of the reliability and availability of the onsite and the offsite power system, Station Blackout DG capacity, onsite power design criteria, and other considerations for Comanche Peak Steam Electric Station (CPSES).

The current CT associated with inoperable AC power source(s) are intended to minimize the time an operating plant is exposed to a reduction in the number of available AC power sources. United States Nuclear Regulatory Commission (NRC) Regulatory Guide (RG) 1.93, "Availability of Electric Power Sources," December 1974, (Reference 8.4) is

Attachment I to TXX-07011 Page 5 of 45 referenced in the TS Bases for Actions associated with TS Section 3.8.1. RG 1.93 provides operating restrictions (i.e., CT and maintenance limitations) that the NRC considers acceptable if the number of available AC power sources is less than the LCO. This change deviates from RG 1.93 as described in Section 5.

4.0 TECHNICAL ANALYSIS

The proposed changes have been evaluated to determnine that current regulations and applicable requirements continue to be met, that adequate defense-in-depth and sufficient safety margins are maintained, and that any increases in core damage fiequency (CDF) and large early release frequency (LERF) are small and consistent with the United States Nuclear Regulatory Commission (NRC) Safety Goal Policy Statement (Reference 8.12),

and the acceptance criteria in Regulatory Guide (RG) I. 174, "An Approach for Using Probabilistic Risk Assessment In Risk-lnfonned Decisions On Plant-Specific Changes to the Licensing Basis," July 1998, (Reference 8.1) and RG 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," August 1998 (Reference 8.2) are met. As an additional defense-in-depth measure, when the option of an extended allowable out of service time for a DG is exercised, an alternate AC power source (AACPS) will be provided with the capability of supplying the same loads as the existing DG. Additionally, the AACPS would be started manually or automatically and connected to the bus when it has achieved its rated voltage and speed. The AACPS connection to the bus will occur within 15 minutes of detection of a LOOP. Thus the AACPS would have the capacity required for safe shutdown such that performance of powered equipment is acceptable after a LOOP to the bus. Conversely, in the absence of an AACPS, the DG 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time (CT) will be applied.

The justification for these changes to the DG CT is based upon a risk-informed, deterministic evaluation consisting of three main elements: (1) the reliability and availability of offsite power via separate and physically independent offsite circuit startup transformers, (2) assessment of risk that shows an acceptable small increase in risk (as indicated by Core Damage Frequency (CDF) and Large Early Release Frequency (LERF)),

and (3) continued implementation of a Configuration Risk Management Program (CRMP) while the DG is in an extended CT. These elements provide the basis for the requested Technical Specifications (TS) changes by providing a high degree of assurance of the capability to provide power to the safety related 6.9 kV AC Engineered Safety Features (ESF) buses during the extended CT.

4.1 Traditional Engineering Considerations Defense-in-depth The impact of the proposed TS changes were evaluated and determined to be consistent with the defense-in-depth philosophy. The defense-in-depth philosophy in reactor design and operation results in multiple means to accomplish safety functions and prevent release of radioactive material.

Attachment I to TXX-070 I1 Page 6 of 45 Comanche Peak Steam Electric Station (CPSES) is designed and operated consistent with the defense-in-depth philosophy. The units have diverse power sources available (e.g., DGs and startup transformers (STs)) to cope with a loss of the preferred alternating current (AC) source (i.e., offsite power). The overall availability of the AC power sources to the ESF buses will not be reduced significantly as a result of increased on-line maintenance activities. It is therefore, acceptable, under certain controlled conditions, to extend the CT and perform on-line maintenance intended to maintain the reliability of the onsite emergency power systems when an AACPS is available.

While the proposed changes do increase the length of time a DG can be out of service during unit operation, it will increase the availability of the DGs while the unit is shutdown. The increased availability of the DG while a unit is shutdown will increase the defense-in-depth of systems during outages. Even with one DG out of service, there are multiple means to accomplish safety functions and prevent release of radioactive material.

Onsite and offsite system redundancy, independence, and diversity are maintained commensurate with the expected frequency and consequences of challenges to these systems. Inplementation of the proposed changes will be done in a manner consistent with the defense-in-depth philosophy. Station procedures will ensure consideration of prevailing conditions, including other equipment out of service, and implementation of administrative controls to ensure adequate defense-in-depth whenever a DG is out of service. Furthermore, appropriate personnel are trained on the operation and maintenance of the DGs.

No new potential common cause failure modes are introduced by these proposed changes and protection against common cause failure modes previously considered is not compromised.

Independence of physical barriers to radionuclide release is not affected by these proposed changes.

Adequate defenses against human errors will be maintained. The operator actions required to start and load the AACPS manually are similar to the response to a DG failure to start. The difference is that this change will involve the use of an AACPS.

Station procedures will be revised as necessary and appropriate training will be provided to ensure adequate defense against human errors are maintained. These operator actions have been accounted for in the PRA model. The results of the analysis for adding the alternate Required Action CT for the DG included these operator actions. Qualified personnel will continue to perform DG maintenance and overhauls whether they are performed on-line or during shutdown. No other new actions are necessary as a result of performing DG maintenance on-line.

Attachment I to TXX-07011 Page 7 of 45 "Conformance with NRC General Design Criteria (GDC)," Section 3.1 of the Final Safety Analysis Report (FSAR) (Reference 8.3) provides the basis for concluding that the station fully satisfies and complies with the GDC in Appendix A to 10 CFR Part 50. These proposed changes do not affect the basis for this conclusion and do not affect compliance with the GDC.

Related background information in the CPSES FSAR is found primarily in Section IA(B) and Section 8. Compliance with design criteria is described in detail in FSAR Section 8.1, "INTRODUCTION" and in FSAR Appendix IA(B),

"APPLICATION OF NRC REGULATORY GUIDES." Onsite power systems are described in FSAR Section 8.3 and Station Blackout is described in Appendix 8B of the FSAR.

Reliability and Availability of the Offsite Power System The transmission lines of TXU Electric Delivery (ED) (also known as CPSES' Transmission and or Distribution Service Provider (TDSP))

comprise an integrated system with operations coordinated by the System Dispatcher so as to maintain system reliability. Transmission systems consist of 345 kilovolts (kV) lines for bulk supply and 138 kV and 69 kV lines to transmit power to load-serving substations. Composition of generation sources connected to ED's transmission system includes fossil fuel plants (lignite, gas/oil, and combustion turbines) and the CPSES nuclear plant (interconnected). Direct ties to other utilities in Texas are maintained by the Electric Reliability Council of Texas (ERCOT), creating a highly reliable integrated system.

The CPSES output is connected to the 345 kV transmission system via the CPSES switchyard. Startup and shutdown power for the units is derived from the 138 kV and 345 kV systems. Separate connections to the 138 kV switchyard and the 345 kV switchyard provide independent and reliable offsite power sources to the Class I E systems. The highly reliable network interconnections are made through five 345 kV and two 138 kV transmission lines as shown on the figures in Attachment 6.

Two physically independent and redundant sources of offsite power are available on an immediate basis for the safe shutdown of either unit. The preferred source to Unit I is the 345 kV offsite supply fiom the 345 kV switchyard via startup transformer XST2; the preferred source to Unit 2 is the 138 kV offsite supply from the 138 kV switchyard via startup transformer XSTI. Each of the startup transformers (XSTI and XST2) normally energizes its related 6.9 kV AC Class 1E buses as a preferred source; i.e., XSTI normally energizes Unit 2 Class I E buses and XST2 normally energizes Unit I Class I E buses.

Attachment I to TXX-0701 I Page 8 of 45 The preferred power sources supply power to the Class IE buses during plant startup, normal operation, emergency shutdown, and upon a unit trip.

This eliminates the need for automatic transfer of safety-related loads in the event of a unit trip.

Each startup transformer has the capacity to supply the required Class I E loads of both units during all modes of plant operation. In the event one startup transformer (e.g., XSTI, a preferred source) becomes unavailable to its Class 1E buses, power is made available from the other startup transformer (e.g., XST2, an alternate source) by an automatic transfer scheme. For the loss of a startup transformer, the load transfer only takes place in the unit for which the transformer was the preferred source. If it becomes necessary to safely shut down both units simultaneously, sharing of these offsite power sources between the two units has no effect on the station electrical system reliability because each transformer is-capable of supplying the required safety-related loads of both units although the design criteria require consideration of a Design Basis Accident on one unit only.

Reliability and Availability of the Onsite Standby Power System The standby AC Power System is an independent, onsite, automatically starting system designed to furnish reliable and adequate power for Class IE loads to ensure safe plant shutdown and standby power when the preferred and the alternate offsite power sources are not available. Four independent diesel generator sets, two per unit, are provided.

Loads important to plant safety are divided into redundant divisions. Each division is provided with standby power from a dedicated DG. Each DG is directly connected to its dedicated bus. The DGs are physically and electrically independent. With this arrangement, redundant components of all ESF systems are supplied from a separate ESF bus so that no single failure can jeopardize the proper functioning of redundant ESF loads. Due to the redundancy of the units' ESF divisions and DGs, the loss of any one of the DGs will not prevent the safe shutdown of the unit. The total standby power system, including DGs and electrical power distribution equipment, satisfies the single failure criterion.

A DG is automatically started by a safety injection signal or an under-voltage condition on the 6.9 kV ESF bus served by the DG. Upon loss of voltage on a 6.9 kV ESF bus due to a loss of offsite power (LOOP) with no safety injection signal present, under-voltage relays automatically start the DGs and close its output breaker. Sequential loading of the DG is automatically performed as a result of sequential loading of its dedicated bus.

Attachment .1to TXX-0701 I Page 9 of 45 The DG output breaker will close to its dedicated 6.9 kV Class I E bus automatically only if the other source feeder breakers to the bus are open.

When the DG output breaker is closed, no other source feeder breaker will close automatically. Design and procedural controls ensure that no means exist for connecting redundant buses with each other.

The design basis for the DGs is that the loss of one DG will not result in the inability to perform a safety function. With two DGs available per unit, the system is capable of performing its intended safety function with an assumed single failure of one DG.

Station Blackout (SBO) DG Capacity CPSES is able to withstand and recover from a SBO event of 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months duration in accordance with the guidelines of RG 1.155, "Station Blackout,"

dated August 1988 (Reference 8.5). The 4-hour coping duration was determined by approved methods based on the redundancy and reliability of onsite emergency AC power sources, the expected frequency of loss of offsite power, and the probable time needed to restore offsite power.

Assumptions relevant to the proposed changes and used in the SBO analysis include:

1. One Unit at the CPSES site is assumed to be in a station blackout condition. The other unit is assumed to have one emergency DG available.

2. One emergency DG is capable of powering one train of those safety-related systems which are common to both Units I and 2.

3. Per NUMARC 87-00 (Reference 8.26), NRC Staff analysis reports the median AC power restoration time for all LOOP events to be about 1/2 hour, with offsite power restored in approximately 3 hours3.472222e-5 days 8.333333e-4 hours 4.960317e-6 weeks 1.1415e-6 months for 90% of all events.

4. As stated in NUMARC 87-00, since a number of failures must occur to result in a station blackout event, additional independent failures are of secondary importance.

5. Following the loss of all AC power, the reactor will shutdown automatically since the control rod drive mechanism rod drive motor generator sets will lose power.

Attachment I to TXX-0701 I Page 10 of 45 The proposed changes are bounded by these assumptions. Therefore, the assumptions used in the SBO analysis regarding the availability and reliability of the emergency DGs are unaffected by this proposed change.

The results of the SBO analysis are also unaffected by this proposed change.

The impact of a SBO event on plant risk is discussed in Section 4.2, "Evaluation of Risk Impact."

Onsite Power System, Design Criteria Compliance with NRC design criteria is described in detail in FSAR Section 8.1, "INTRODUCTION" and in FSAR Appendix IA(B), "APPLICATION OF NRC REGULATORY GUIDES." Safety-related systems and components that require electrical power to perform their safety-related function are defined as Class IE loads. These proposed changes do not add or reclassify any safety-related systems or equipment; therefore, conformance with Safety Guide 6, dated March 10, 1971, titled "Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems," (Reference 8.6) as discussed in Appendix IA(B) of the FSAR is not affected by this change.

These proposed changes do not add any loads to the DGs; therefore, the selection of the capacity of the DGs for standby power systems and conformance to the applicable sections of Safety Guide 9, dated March 10, 1971, titled "Selection of Diesel Generator Set Capacity for Standby Power Supplies," (Reference 8.7) are not affected by this change.

CPSES conformance with Regulatory Guide 1.81, Revision 1, dated January 1975, titled "Shared Emergency and Shutdown Electric Systems for Multi-unit Nuclear Power Plants," (Reference 8.8) is described in detail in Appendix IA(B) to the FSAR.

CPSES conformance with Regulatory Guide 1.93, Revision 0, dated December 1974, titled "Availability of Electric Power Sources," (Reference 8.4) is described in Appendix IA(B) to the FSAR. The station currently conforms to Regulatory Guide 1.93, specifically the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT and the proviso that the operating time limits are explicitly for corrective maintenance activities only. If the proposed changes are approved, the station will continue to conform to RG 1.93 with the exceptions that the CT for Required Actions associated with the restoration of a DG will be 14 days and the CT may be used for all DG maintenance if an AACPS is available.

CPSES will adhere to a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT in the absence of an AACPS.

CPSES commitments to conformance with other key design criteria applicable to onsite electrical systems are unaffected by these proposed

.0 Attachment 1 to TXX-07011 Page II of 45 changes. These commitments include: Regulatory Guide 1.53, dated June 1973, titled, "Application of Single-Failure Criterion to Nuclear Power Plant Protection Systems," (Reference 8.9); Regulatory Guide 1.62, dated October, 1973, titled "Manual Initiation of Protective Actions," (Reference 8.10); and Regulatory Guide 1.75, Revision 1, dated January 1975, titled "Physical Independence of Electrical Systems" (Reference 8.11).

Other Considerations As discussed above and in Section 5.2, CPSES conformance with relevant regulatory guidance is not affected by these proposed changes, with the exception of RG 1.93.

DG operability following repair or maintenance activities will continue to be based on surveillance test(s) recommended by RGs 1.9 and 1. 137. The surveillance tests to be performed to ensure DG operability are dependent on the scope of the maintenance activities performed. For normal maintenance, the fast start and load run would be the only testing required. However, to set the governor or voltage regulator system in the event of repair or replacement, the full load reject and manual load sequencing at power would be required.

Unavailability of a single DG due to maintenance does not reduce the number of DGs below the minimum required to mitigate all DBAs. In addition, the proposed changes have no impact on the availability of the two offsite sources of power. The proposed changes do not affect any assumptions or inputs to the safety analyses.

All safety functions continue to be available and all safety analysis acceptance criteria continue to be met.

Application of the Configuration Risk Management Program Methodologies (Configuration Risk Management Program (CRMP)) associated with risk monitoring and contingency action planning currently exist at CPSES and provide an acceptable risk profile during periods of equipment inoperability. Plant procedures require management approval for entry into a limiting condition for operation (LCO) for planned maintenance activities that would exceed 50% of the required LCO CT. Thus if the planned DG maintenance activity requires greater than 50% of the requested CT, existing plant procedures would ensure specific management attention and heightened plant awareness in support of the planned activity.

Operator, maintenance, and management focus will be maximized by scheduling performance of this maintenance on-line when no other significant activities are taking place (as opposed to an outage, for example, where many competing tasks are occurring at the same time). The DG outage would be scheduled to ensure the to TXX-07011 Page 12 of 45 availability of experienced manpower and technical support personnel, as well as to reduce the potential for distraction due to competing job demands.

Station procedure STA-604, "Configuration Risk Management and Work Scheduling" implements the requirements of TS 5.5.18, "Configuration Risk Management Program (CRMP)." Procedure STA-604, along with other station procedures, provides the administrative controls to ensure that equipment important to accident mitigation remains operable and available for the duration of a planned DG maintenance outage. For example, to minimize risk during a planned maintenance outage of a DG, maintenance and testing of the other unit DG, the station transformers (XSTI or XST2), or the unit 6.9 kV AC safety buses would not be conducted.

The steam driven emergency feedwater pumps (one per unit and called the Turbine Driven Auxiliary Feedwater pumps) at CPSES are protected from elective maintenance activities since they are relied upon for mitigation of station blackout conditions when the electric motor-driven auxiliary feedwater pumps would be unavailable. Surveillance testing of any such "protected" equipment that might become due during the period that the DG is out of service would be performed prior to removing the DG fiom service. Limiting testing in this way protects the availability of equipment during the DG maintenance window. This does not imply that surveillance testing requirements will not be performed on key equipment as required, but only that surveillance testing will be shifted as allowed by TS (e.g.,

within 1.25 tunes the interval specified in the Frequency).

Routine testing and preventive maintenance activities are normally scheduled to be performed on a 12 week rotating basis. Work schedules can be adjusted to ensure that surveillance testing of equipment, identified as important to LOOP and SBO considerations, is demonstrated current prior to the start of the DG outage work window and will not be required on the equipment for the duration of the planned DG outage.

Risk management strategies and maintenance practices at CPSES ensure that extensive work planning is performed. Important aspects of this planning not already mentioned include pre-job briefs and consideration of overall station operating configuration which includes opposite unit impact.

When scheduling, to minimize grid loading and weather related impacts, the prospective schedule window for any proposed on-line DG outage will be implemented during the time of the year when weather conditions at CPSES have historically not been severe or threatening to offsite power. Times of peak tornado and thunderstorm frequency or likelihood of winter ice storms will be avoided. In addition, times of optimum grid conditions outside the summer peak electric demands will be considered in selecting the on-line DG maintenance window.

Other weather-related considerations include equipment protection, minimal job

Attachment I to TXX-07011 Page 13 of 45 interruptions, and good worker conditions. Therefore, the 14 day CT extension will not be exercised if weather conditions are not conducive to performance of on-line DG maintenance.

Station procedure STA-629, "Switchyard Control" is part of the Generation Interconnect Agreement for CPSES and defines responsibilities for the design, maintenance, control, and operation of the CPSES switchyards. STA-629 establishes the necessary interfaces between CPSES and the transmission grid system operators. This procedure also provides guidance for the timely exchange of necessary and pertinent information. This guidance has been summarized and is added to the procedure in the form of Attachments 8.F, "Comrmunication Protocol,"

Attachment 8.G, "CPSES -. Plant Condition Communication Guideline" and is also supported by Attachment 8.H, "CPSES Offsite Power System Performance Characteristics" and Attachment 8.1, "CPSES Generator and Transformer Performance Characteristics." STA-629 ensures (1) activities in the switchyards are closely monitored and controlled, (2) all switchyard maintenance is reviewed to ensure that the increase in probability of loss of offsite power is minimized, and (3) switchyard access is strictly controlled to minimize the potential for offsite power transients. Therefore, the DG 14 day CT will not be exercised if switchyard and grid conditions are not conducive to perform on-line maintenance of the DG.

In summary, CPSES has a robust design which retains desired design features such as defense-in-depth (i.e., the ability to mitigate design basis accidents when the DG is out of service). The risk-informed CT will be implemented consistent with the CRMP and STA-629. When utilizing the 14 day CT, the requirements of the CRMP per TS 5.5.18 call for the consideration of other measures to mitigate consequences of an accident occurring while a DG is inoperable. Furthermore, the provisions of STA-629 will be applied when exercising the 14 day DG CT extension and are sufficient to maintain adequate defense-in-depth and existing safety margins.

Diesel Generator Completion Time (Technical Specification Bases 3.8.1)

The Completion Time for Required Action B.4.2 establishes a 14 day allowable out of service time when one DG is inoperable and an AACPS is available. The 14 day Completion Time is based on a plant specific risk analysis performed to establish the out of service time.

With one DG out of service, the remaining OPERABLE unit DG, the offsite circuits, and the alternate AC power source (AACPS) are adequate to supply electrical power to the unit onsite Class I E Distribution System. With a DG inoperable, the inoperable DG must be restored to OPERABLE status within the applicable, specified Completion Time. The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources and the AACPS, a

Attachment I to TXX-0701 1 Page 14 of 45 reasonable time for maintenance, and the low probability of a DBA occurring during this period.

As a defense-in-depth measure, when the option of an extended allowable out of service time for an emergency DG is exercised, an AACPS will be provided with capability of supplying the same loads as the existing DG with the criteria noted below. Thus, the AACPS will be capable of supplying safe shutdown loads after a LOOP to the bus. For unplanned DG outages, an AACPS will be available upon entering the allowed outage period extension (i.e., by 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months into the 14 day Completion Time). For DG outages planned to exceed an initial 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time, an AACPS will be provided within one hour of entering the 14 day Completion Time. In any event, if an AACPS of the required capacity is not available after entering the extended Completion Time period (after 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months into the 14 day Completion Time), the requirement to be in at least hot standby within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in cold shutdown within the following 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months would apply.

The following criteria would apply to any AACPS used as a defense-in-depth measure:

I. An AACPS may be of a temporary or permanent nature and would not be required to satisfy Class I E requirements.

2. The dynamic effects of an AACPS failure (GDC 4 events) would not adversely affect safety related plant equipment.

3. An AACPS would not be required to be protected against natural phenomena (GDC 2 events) or abnormal environmental or dynamic effects (GDC 4 events).

4. An AACPS would be started manually or automatically and connected to the bus when it has achieved its rated voltage and speed. The AACPS connection to the bus will occur within 15 minutes of detection of a LOOP.

Thus, the AACPS would have the capacity required for safe shutdown such that performance of powered equipment is acceptable after a LOOP to the bus.

Prior to relying on its availability, a temporary AACPS would be determined to be available by: (1) starting the AACPS and verifying proper operation; (2) verifying that sufficient fuel is available onsite to support 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of operation; and (3) ensuring that the AACPS is in the correct electrical alignment to supply power to the required safe shutdown loads. Subsequently, when not in operation, a status check for availability will also be performed once every 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This check will consist of (1) verifying the AACPS is mechanically and electrically ready for operation; (2) verifying that sufficient fuel is available onsite to support 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of

Attachment I to TXX-07011 Page 15 of 45 operation; and (3) ensuring that the AACPS is in the correct electrical alignment to supply power to the required safe shutdown loads.

Prior to relying on its availability, a permanent AACPS would be determined to be available by starting the AACPS and verifying proper operation. In addition, initial and periodic testing, surveillances, and maintenance will conform to NUMARC 87-00, Revision 1, Appendix B, "Alternate AC Power Criteria" guidelines. Functional testing, timed starts, and load capacity testing on a fuel cycle basis, and surveillance and maintenance will consider manufacturer's recommendations.

The following administrative controls will be applicable when utilizing the 14 day CT for DG on-line DG maintenance activities:

I. The Configuration Risk Management Program (CRMP) (TS 5.5.18) will be applied per IOCFR50.65(a)(4).

2. Weather conditions must be historically conducive to perform planned maintenance on the DG.

3. The offsite power supply and switchyard conditions will be conducive to perforin maintenance on the DG.

4. Switchyard access will be monitored and controlled.

The second Completion Time for Required Action B.4.2 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that offsite circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 20 days) allowed prior to complete restoration of the LCO. The second Completion Time of 17 days provides a limit on the time allowed to restore the LCO after discovery of a failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently.

The "AND" connector between the 14 day and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the 17-day second CT allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

to TXX-07011 Page 16 of 45 4.2 Evaluation of Risk Impact The requested CT extension for the DG is expected to be used to support maintenance activities as discussed in Section 4.1. The probabilistic evaluations presented in the following sections support and justify the allowed CT extension request for the DG. The risk analysis methods employed are described in Section 4.2.1, followed by a discussion on PRA quality in Section 4.3. The analysis tasks and results are presented in Sections 4.2.1 and 4.2.2, respectively.

4.2.1 Overall Methodology and PRA Model Considerations in Support of the Evaluation This section describes the CPSES PRA model for internal events and provides a description of the overall methodology that was used for the PRA analysis in support of this submittal. The features of the CPSES PRA model that were used in the analysis are also described. In general, the overall methodology is designed to address the considerations described in the RGs 1.174 and 1.177 (References 8.1 and 8.2, respectively).

4.2.1.1 Review of the CPSES PRA Model The CPSES PRA model for internal events is an all-MODES model that allows quantification of configurations to determine core damage frequency (CDF) and large early release frequency (LERF) at power (MODE 1), in transition (MODES 2 through 4), and while shutdown (MODES 5 and 6). The CPSES PRA model for internal events also includes spent fuel pool modeling for core-off load configurations; however, only MODE I was considered in the evaluation of extending the CT for the DG from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days.

The following review shows that the PRA model is sufficiently developed with a scope capable of providing appropriate risk insights for this CT extension. The following sections address data, modeling, and truncation.

Data Review and Model Evaluation The PRA model has been updated three times since the individual plant examination (IPE) and the work has been peer reviewed. With these updates, a number of areas of the PRA model have been strengthened. Notably for this work, the generic equipment failure probabilities were updated with plant specific data using Bayesian techniques, the RCP seal model was updated as described below, plant specific thermal-hydraulic timing studies for LOOP recovery and human error probabilities (HEPs) were performed, and LOOP frequencies were updated using EPRI data. The PRA model was

AttSachment I to TXX-07011 Page 17 of 45 updated to include separate branches for the components of LOOP (plant-centered, weather-centered, grid-centered, and grid SBO-centered). The PRA quality considerations are addressed in Section 4.3 below.

PRA and deterministic data related to the affected components, e.g.,

DGs, were reviewed. For the probabilistic portion, this consisted of a detailed review of PRA elements that directly model the component and related supporting documents that impacted this evaluation. Consideration was given to each of the PRA tasks in order to define what documents needed to be reviewed in more detail.

Information collected and reviewed in support of extending the DG CT evaluation is listed below.

CPSES Full Power PRA analysis files and computer model

Reactor Coolant Pump (RCP) Seal loss of coolant accident (LOCA) model

DG common cause failure modeling data and techniques

LOOP Initiating Event Frequency and post-initiator plant response SBO Initiating Event Frequency and post-initiator plant response

Emergency Operating Procedures

Maintenance Rule data for the DG with historical outage times The scope of the existing PRA was reviewed to ensure that it is adequate to evaluate the impact of the proposed CT extension. Two key areas were identified for review: (1) review aspects of the PRA model related to 6.9 kV AC electrical power to ensure high quality standards for the submittal; and (2) review of the RCP Seal LOCA model to ensure integrity and completeness.

The 6.9 kV AC system fault tree models and DG reliability data were reviewed. This review included common cause failure parameters, unavailability parameters, failure rates, and level of detail of these system models. The CPSES LOOP and SBO models were also reviewed. Specifically, the LOOP frequency, LOOP recovery models, and the LOOP/SBO event trees were reviewed. The conclusion was that the 6.9 kV AC system, LOOP and SBO modeling are detailed and appropriate for this analysis.

Attachment I to TXX-070 11 Page 18 of 45 The RCP seal LOCA model was reviewed. The CPSES model of record uses the WOG 2000 RCP seal LOCA modeling described in WCAP-15603 Revision I-A (Reference 8.27), with the modifications proposed by the NRC Safety Evaluation. The existing RCP Seal LOCA model was confirmed to contain all of the failure modes identified in the United States Nuclear Regulatory Commission (USNRC)-approved Brookhaven RCP Seal LOCA model. The impact of using the Brookhaven RCP Seal LOCA model was examined as a sensitivity analysis. This sensitivity analysis was performed on the model of record as part of the most recent model update. This analysis shows that if the Brookhaven RCP Seal LOCA model was used, there would be a small increase in the baseline risk.

These results showed that the CPSES PRA model compared very favorably with the Brookhaven model. Thus, the conclusions of this study remain unchanged and the proposed CT analysis is supported.

Truncation The following describes the methodology and results of the CPSES evaluation of truncation levels done in support of the current model update.

A curve generated from the results of quantifying the model at different truncation limits provides the basis for the evaluation. The curve is typically asymptotic such that successive changes in truncation level will result in smaller and smaller changes in results.

A general guideline is that the truncation level should be low enough such that 9 5 % of the total result is captured. Using this guideline, a change in the results of less than 5% is acceptable. This allows the analyst to have confidence that the result is in the flat portion of the curve and that the truncation level will be low enough to capture approximately 95% of the total results.

To support the analysis of the truncation level, several quantifications were performed with different truncation levels. A best-fit curve was developed and analyzed. The curve is asymptotic in nature as expected. The slope of the curve decreases in change at about 2E-l1. The increase in risk from 5E-1 Ito 2E- I1 is 3.l1%.

Since the increase for the truncation levels is less than 5%, the truncation level of IE-11, which was used for ease of calculation, is considered acceptable.

The truncation level is unaffected by recoveries. This is due to the fact that the recoveries are added after the cutsets have been truncated. In conclusion, the use of the current CPSES PRA model with a truncation level set at 1.0 E- II is considered adequate for this evaluation.

Attachment I to TXX-0701 1 Page 19 of 45 4.2.1.2 PRA Model Modifications to Support this Evaluation Certain modifications to the CPSES PRA model were made for this evaluation. The two principal modifications are discussed below.

The other modifications are related to such things as ordinary adjustments for equipment out of service and temporary changes to probabilities for sensitivities.

AACPS Modeling As a surrogate for an AACPS, a DG capable of supplying all the emergency loads for one train was modeled for failure to start and run along with the failure of the operator to start the AACPS and the failure of the AACPS output breaker to close. Any of these events would prevent the AACPS from supplying power to the safety related bus. No credit was taken for starting and running of the AACPS when a large LOCA or medium LOCA was the initiating event because the time to core damage due to these types of LOCAs was not sufficient to allow the manual starting and loading of the AACPS.

Reduced LOOP At CPSES the LOOP is modeled as it constituent parts; plant-,

weather-, grid-, and grid SBO-centered events. For this analysis, sensitivities were performed using reduced LOOP frequencies. The reduced LOOP frequency is based only on reduced plant-centered and weather-centered fiequencies.

A review of the plant-centered events was evaluated to remove events caused by human interaction. Removal of events caused by human interaction was justified because during the proposed CT, work which could affect offsite power components or work in the switchyard would not be allowed. As a result, plant-centered LOOP frequency was reduced from 1.37E-02 to 7.72E-03.

The next component of the LOOP calculation that was reviewed was severe weather. A review of the National Severe Storm Laboratory website produced several graphs showing the occurrences of severe weather for the last twenty years (1980 through 1999). The graph is characterized by periods of distinct peaks. By choosing a maintenance period away from the peaks, the weather-centered failure probability was reduced by 70%. As a result, weather-centered LOOP frequency was reduced from 8.4E-03 to 2.52E-03.

Attachment I to TXX-07011 Page 20 of 45 A table summarizing the LOOP constituent frequencies is provided below:

Constituent Baseline Analysis Frequency Plant-Centered 1.37E-02 7.72E-03 Weather-Center 8.40E-03 2.52E-03 Grid-Centered 5.04E-03 5.04e-03 Grid SBO-Centered 7.79E-03 7.79E-03 Total 3.49E-02 2.31 E-02 Table 1. LOOP Frequencies 4.2.1.3 Inputs and Analysis Assumptions and Methods For this evaluation, a number of inputs, analysis assumptions, and methods were used. These are described in the following paragraphs.

Incremental Conditional Core Damage Probability (ICCDP) and Incremental Conditional Large Early Release Probability (ICLERP) and Delta CDF and Delta LERF The Incremental Conditional Core Damage Probability (ICCDP) and Incremental Conditional Large Early Release Probability (ICLERP) were calculated by assuming the DG is in maintenance with the administrative controls described earlier in place (e.g., no switchyard work resulting in a reduced LOOP frequency) for the entire extended CT duration. The opposite train DG was not allowed to be made unavailable.

The delta CDF and delta LERF were calculated by assuming the DG is in maintenance with the specified administrative controls in place (e.g., no switchyard work resulting in a reduced LOOP frequency) for the proposed 14 day CT duration and then adding the baseline CDF/LERF for the remainder of the year. The basis for these calculations were that the risk reduction measures (administrative controls) would not be in effect during the remainder of the year.

LOOP and Time of Year Considerations The assumption was made that CPSES will not plan maintenance that would lead to the DG being unavailable when work is being performed in the switchyard. Also, CPSES would not plan DG maintenance during the time of the year when the weather at CPSES

Attachment I to TXX-07011 Page 21 of 45 has historically been severe (i.e., when the likelihood of tornado or thunderstorms is high). Therefore, to account for these administrative controls the LOOP frequency was recalculated. For the sensitivity studies, a new CDF and LERF were calculated with and without using the new LOOP fiequency.

This new CDF was then multiplied by the period of time the extended-CT was in effect (14 days) and combined with the baseline CDF multiplied by the time it was in effect (365 - 14 = 351 days) to determine the DG out of service CDF. This combination of new CDF (reduced LOOP frequency) with baseline CDF (baseline LOOP frequency) allows credit for administrative controls during the 14 day CT, but does not take credit for the administrative controls for the whole year. If credit were taken for administrative controls for the whole year (i.e., using only the reduced LOOP frequency) the calculated risk results would be non-conservative.

Alternate AC Power Supply (AACPS)

The PRA modeling assumed that when exercising the 14 day extension, the AACPS would be started and connected to the bus when it has achieved its rated voltage and speed. The AACPS connection to the bus would occur within 15 minutes of detection of a LOOP. Thus the AACPS would have the capacity required for safe shutdown such that performance of powered equipment is acceptable after a LOOP to the bus. The failure probability of the AACPS output breaker was assumed to be the same as the emergency DG output breaker.

As noted above, no credit was taken for the AACPS with large and/or medium break Loss of Coolant Accidents (LOCA) initiators.

The required time frame for starting the AACPS to prevent core damage was considered to be too short. Therefore the operator, output breaker, and the AACPS were failed when the initiator was a large or medium LOCA.

Common Cause Considerations The baseline CPSES PRA model, consistent with the usual modeling approach, assumes the failure rate of the second DG remains at Beta times Lambda for all DG activities. TS 3.8. 1 requires that the possibility of common mode failure be ruled out relatively soon after the event by either verifying no common cause or demonstrating operability of the other DG within 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months . If a common mode failure exists, TS 3.0.3 would require the plant be shutdown. Thus, operating with this condition for extended periods is precluded and

Attachment I to TXX-070 I1 Page 22 of 45 therefore has no bearing on the risk impact of the proposed extended CT when compared to the current CT.

This conclusion can be drawn because the common cause failure (CCF) exposure time is dependent only on the DG common mode failure TS action statement; it is independent of the CT. This TS requirement is CulTently in place and will remain in place with the increased CT. Thus, there is no increase in risk due to the CCF aspect of the ICCDP or ICLERP calculations associated with this CT extension. Therefore, the ICCDP/ICLERP for a DG in repair should be limited to consideration of nominal DG failure rates.

Discussion of Repair-type Activities and Expected Frequency of Use of Extended CT Whereas repair-type activities could occur at any time whether as a part of a scheduled or unscheduled activity, typically, repair activities will be identified as part of a planned or scheduled activity (surveillance). Historically, at CPSES, the majority of the repairs to the DG occur as a result of failures found during surveillance testing.

The DGs are in standby and are only started during surveillance testing or an actual emergency. If a failure occurs on the DG during a surveillance test, then LCO action is entered, and the CT clock starts when the DG became inoperable due to the surveillance test or the failure, whichever came first. The CT clock stops when the DG is declared operable. Typically any scheduled work is planned for half the CT, which in this case would be 7 days (i.e., 14/2). This methodology (CRMP) associated with risk monitoring and contingency action planning currently exists at CPSES and provides an acceptable risk profile during periods of equipment inoperability.

The LCO action and associated CT may be entered more than once a year for emergent repair-type activities. Historically, at CPSES, there has been more than one such entry per year; however, the average duration of these is sufficiently less than the current CT.

Based on historical monitoring data, the average time for a DG outage was less than 20 hours2.314815e-4 days 0.00556 hours 3.306878e-5 weeks 7.61e-6 months , as compared to the TS CT of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This is not expected to change with the extended CT; however, there may be cases where the corrective or repair-type maintenance takes longer than the historical times. If necessary, TXU Power will use the full CT to do the repairs. This will be tracked by the requirements of the Maintenance Rule and any actions required will be instituted.

These considerations are fully accounted for in the risk assessment supporting this evaluation. The PRA analysis addresses the extended to TXX-0701 I Page 23 of 45 interval and other expected DG surveillance, test, and maintenance (including planned and unplanned maintenance) activities and risks in two ways. First, the risk for the extended interval is assessed with appropriate adjustments to the LOOP frequencies using the No Test and Maintenance Model. Second, the risk for times other than the extended interval is assessed using the normal LOOP frequencies and the full Test and Maintenance Model. This second analysis includes all the DG unavailability and failure modes and other system out of service combinations that are in the current model of record.

Other Considerations The recovery of the DG that is out of service for maintenance was not allowed in the cases considered below. The recovery of the opposite train DG was allowed.

4.2.1.4 Evaluation Criteria and Methodology The criteria and guidance in RGs 1.174 and 1. 177 (References 8. 1 and 8.2, respectively) were used in this evaluation. The following provides a discussion of the risk metrics used to evaluate the risk impacts of the extended DG CT.

ACDFAVE = The change in the annual average CDF due to any increase in on-line maintenance unavailability of the DG that could result from the increased allowed CT. This risk metric is used to compare against the criteria of RG 1.174 (Reference 8. 1) to determine whether a change in CDF is regarded as risk significant.

These criteria are a function of the baseline annual average core damage frequency, CDFbase.

ALERFAvE = The change in the annual average LERF due to any increase in on-line maintenance unavailability of the DG that could result from the increased CT extension. This risk metric is used to compare against the criteria of RG 1.174 (Reference 8.1) to determine whether a change in LERF is regarded as risk significant.

These criteria are a function of the baseline annual average core damage frequency, LERFbaSC.

1CCDP{)("Gvy = The incremental conditional core damage probability with DG Y for Unit X out of service for a period equal to the proposed new allowed CT. This risk metric is used as suggested in RG 1.177 (Reference 8.2) to determine whether a proposed increase in allowed CT will have an acceptable risk impact.

Attachment I to TXX-07011 Page 24 of 45 ICLERPIc;,yý = The incremental conditional large early release probability with DG Y for Unit X out of service for a period equal to the proposed new allowed CT. This risk metric is used as suggested in RG 1.177 (Reference 8.2) to determine whether a proposed increase in allowed CT will have an acceptable risk impact.

The change in core damage frequency (ACDF) and the change in large early release frequency (ALERF) are computed per the definitions from RG 1.174 (Reference 8.1). fn terms of the parameters defined above, the definitions are as follows:

ACDF = [(CDFtnbasc

B/365) + (CDF,'educe~dlOOIP

CT/365)] -

CDFtr*lbase and ALERF = (LERFY,mbase

B/365) + (LERFredLCdLOOP

CT/365) -

LERFimnbase where:

CDF131Ftnbas = CDF (Model of Record, test and maintenance model)

B = 365 - CT CT = Completion Time CDF.ICCiLIccdi..Ioi, = CDF with reduced LOOP and DG out of service (no test or maintenance model)

LERF,,b,,oha = LERF (Model of Record, test and maintenance model)

LERFreddUce!lOO) = LERF with reduced LOOP and DG out of service (no test or maintenance model)

The incremental conditional core damage probability (ICCDP) and incremental conditional large early release probability (ICLERP) are computed per the definitions from RG 1.177 (Reference 8.2). fn terms of the parameters defined above, the definitions are as follows:

ICCDP = (CDFcr - CDFbhLIe) * (CT/365) and

Attachment I to TXX-0701 1 Page 25 of 45 ICLERP = (LERFc-r - LERFbase) * (CT/365) where:

CDFcT = The CDF with the equipment out of service (no test or maintenance model)

CDFbase = Baseline CDF (Model of Record, no test or maintenance model)

LERFc-r = The LERF with the equipment out of service (no test or maintenance model)

LERFbh:, = Baseline LERF (Model of Record, no test or maintenance model)

CT = Completion Time Note that in the above formula 365 days/year is merely a conversion factor to make the units for allowed CT consistent with the units for CDF frequency. The ICCDP values are dimensionless incremental probabilities of a core damage event over a period of time equal to the extended allowed CT.

4.2.1.5 Evaluation and Results The CPSES PRA internal events model was used to evaluate the DG CT extension using the methodology and assumptions presented above. The results were obtained and compared to the acceptance criteria in RG 1.174 and 1.177.

A discussion of the cases evaluated and the results are presented below. Several cases were evaluated to determine if plant configuration would affect the conclusions in this CT evaluation.

The results of these analyses also formed the bases for the high risk equipment listed in Section 4.2.3. The Computer Aided Fault Tree Analysis (CAFTA) suite of PRA tools were used for this evaluation.

All cases with the exception of the baseline cases (Case I and 2) include the AACPS.

Cases considered Case 1: Base (NTM) No Test and Maintenance - This case is the Full Power Internal Events Model with no equipment in test or maintenance (baseline case). For this case, both CDF and LERF

Attachment I to TXX-07011 Page 26 of 45 were calculated. This is the baseline case to which other no test and maintenance cases are compared.

Case 2: Base (TM) Average Test and Maintenance - This case is the Full Power Internal Events Model with average test or maintenance (TM baseline case). For this case, both CDF and LERF were calculated. This is the baseline case to which other test and maintenance cases are compared.

Case 3: DG With NTM - A DG is assumed unavailable with no reduction in LOOP frequency and no test or maintenance. For this case, both CDF and LERF were calculated. This case was used to evaluate the 14 day DG CT. This case indicates the expected risk for using this CT extension when used for unplanned DG maintenance.

Case 4: DG With RPC (Reduced Plant-Centered) NTM - A DG is assumed unavailable with reduction in plant-centered failures and no test or maintenance. For this case, both CDF and LERF were calculated. This case shows the effect on CDF and LERF when work is restricted on plant equipment and in the switchyard which would minimize the likelihood of a LOOP.

Case 5: DG With RPC, "B" TM - The train B DG is assumed unavailable with reduction in plant-centered failures with average test and maintenance assumed for Train B. This case shows the effect on CDF and LERF if additional train related test and maintenance is allowed.

Case 6: DG With RPC RWC (Reduced Weather-Centered) NTM -

The DG is assumed unavailable with reduction in both plant-centered and weather-centered failures with no test or maintenance.

This case shows the effect on CDF and LERF when all administrative controls are applied. This case indicates the expected risk for using this CT extension when used for planned DG maintenance.

Case 7: DG With RPC NTM and Increased AACPS Failure Rate -

The DG is assumed unavailable with reduction in plant-centered failures with no test or maintenance and the DG failure rate increased to 5.OOE-01. This case shows the effect on CDF and LERF when the AACPS failure is increased.

Attachment I to TXX-0701 I Page 27 of 45 Results The risk evaluation of performing a 14 day DG maintenance activity at power meets the requirements for a permanent TS change in accordance with RG 1.174 and RG 1.177 (References 8.1 and 8.2, respectively). The requirement of RG 1. 174 (Reference 8.1) is a ACDF less than I E-06 and a ALERF less than I E-07. The requirement of RG 1. 177 (Reference 8.2) is an ICCDP less than 5E-07 and ICLERP less than 5E-08.

Case 3 was used for the CT extension evaluation and successfully demonstrated the effect of increasing the DG CT without taking credit for other compensatory actions. The following are tile calculated values for the 14 day CT assuming an AACPS is available to supply all the loads of the I E safety related bus normally powered by the DG which is out of service: ACDF of 1.63E-07, ALERF of 5.48E-09, ICCDP of 2.77E-07, and ICLERP of 1.0 1E-08.

The above case indicates that with an AACPS and no test and mnaintenance that the risk increase for a 14 day CT meets the requirements of RGs 1.174 and 1. 177 and is not risk significant.

This would allow CPSES to use a 14 day DG CT to be used with the only restriction being that no other test and maintenance be performed while the DG is out of service.

To further reduce the risk, CPSES intends to schedule the use this 14 day CT for planned maintenance during the time of year when the weather is historically not severe. This will not preclude using the 14 day CT for emergent work at any time during the year. Case 6 is the expected effect on risk when compensatory measures are fully implemented. The results of all the cases with a DG out of service, including the base cases are shown in Table 2, "Results of Case Studies."

Therefore, the request to extend the CT to restore an inoperable DG to OPERABLE status firom 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days is supported by this evaluation given that an AACPS is available.

Table 2. Results of Case Studies >D Case Qnt Value ACDF ALERF ICCDP ICLERP Cc Z Case 1: Base (NTM) CDF 6.24E-06 Case 1: Base (NTM) LERF 4.95E-07 Case 2: Base (TM) CDF 9.20E-06 Case 2: Base (TM) LERF 6.16E-07 Case 3: DG WITH NTM CDF 1.35E-05 1.63E-07 2.77E-07 Case 3: DG WITH NTM LERF 7.58E-07 5.48E-09 1.0 1E-08 Case 4: DG WITH RPC NTM CDF 1.31E-05 1.48E-07 2.62E-07 Case 4: DG WITH RPC NTM LERF 7.47E-07 5.03E-09 9.65E-09 Case 5: DG WITH RPC, "B" TM CDF 6.62E-05 2.19E-06 2.30E-06 Case 5: DG WITH RPC, "B" TM LERF 2.84E-06 8.55E-08 9.01 E-08 Case 6: DG WITH RPC RWC NTM CDF 9.78E-06 2.23E-08 1.36E-07 Case 6: DG WITH RPC RWC NTM LERF 6.47E-07 1.20E-09 5.82E-09 Case 7: DG WITH RPC NTM and Increased AACPS Failure Rate* 5.94E-05 1.93E-06 2.04E-06 The ACDF and ALERF calculations (Section 4.2. 1.4) used Case 1 (test and maintenance included) for the base case.

The ICCDP and ICLERP calculations (Section 4.2.1.4) used the Case 2 (no test or maintenance) for the base case.

Qnt - quantification NTM - no test or maintenance TM - test and maintenance DG - diesel generator RPC - reduced value for plant-centered failures B - train B RWC - reduced weather-centered failures

AACPS failure rate was increased to 5.00E-O1

Attachment I to TXX-07011 Page 29 of 45 4.2.2 External Events Considerations The CPSES PRA internal events model does not include contributions from internal fires, internal floods, seismic events, and other external events. A qualitative evaluation of these events is provided below. The conclusion of this qualitative assessment is that external events have only a minor impact on the results of the internal events evaluation.

External events of interest in this assessment are those that can cause a loss of offsite power (LOOP) without impacting the operability of the DGs. For events that impact the DG operability, whether the DGs are available or unavailable for maintenance is immaterial since the external event would have caused the DG to be inoperable. The same is true for events that impact DG support systems, such as service water. If the service water system is unavailable, the availability of the DG is immaterial. This also applies to external events that cause failure of components in the plant power distribution system, but leave the DGs intact. If the plant's power distribution system is unavailable, then the availability of the DG again is not important since power cannot be provided to the required equipment. Therefore, for many external event scenarios, an extended DG CT will not impact the plant risk. Those scenarios of interest, with regard to this CT extension, are the ones that leave the plant intact, but cause a LOOP event. In this case, the availability of the DG is important since the external event induced LOOP can be mitigated if the DGs are available. Therefore, for this particular situation, increasing the CT and unavailability of the DGs while at-power, can adversely impact the plant risk. However, as can be seen in the above internal events evaluation, the availability of the alternate power source significantly reduces the overall risk of such events.

LOOP events that are initiated by an external events that do not fail additional equipment, such as a seismic event that fails the DGs, are mitigated similarly as internal event initiated LOOPs. The primary mitigation requirements involve maintaining decay heat removal and reactor coolant pump seal cooling. Given this, one simple way of assessing the impact of external events on plant risk for this CT is to evaluate external events that result in LOOP.

The following discusses the potential impact of each external event on the conclusions of the CT change. As shown below, the relative impact of these occurrences is small when compared to internal events LOOP.

Attachment I to TXX-07011 Page 30 of 45 Internal Floods The internal flood event of interest is one that can cause a LOOP but, as previously noted, not disable the DGs or other equipment used to support the DGs or the plant's electrical distribution system. Internal flood events contribute less than 1% of the internal events plant risk. The dominant sequences are not associated with the LOOP due to internal flooding.

Therefore the impact of CT on internal flooding risk is not significant.

External Events - Seismic The seismic event of interest is one that can cause a LOOP but, as previously noted, not disable the DGs or other equipment used to support the DGs or the plant's electrical distribution system. The LOOP could occur within the plant's switchyard or by an event that impacts the offsite power supply (grid) to the plant. The weak point of the electrical power distribution system, with regard to seismic events, is the ceramic insulators. A typical high confidence low probability of failure (HCLPF) acceleration for a ceramic insulator is 0. 1 g. If it is assumed that at this ground acceleration level a LOOP will occur, then the frequency of a LOOP can be determined from the annual probability of exceedence for peak ground acceleration (Appendix A of NUREG-1488, "Revised Livermore Seismic Hazard Estimates for Sixty-Nine Nuclear Power Plant Sites East of the Rocky Mountains", Reference 8.28). The seismically induced LOOP frequency, based on the mean values, would be approximately 5E-05.

The internal event LOOP values for this plant is 3.49-02 per year. From this it is seen that the additional risk (CDF and LERF) from the seismically induced LOOP events is small.

External Events - Fire The fire events of interest are those that can cause a loss of offsite power, but as previously noted, not disable the DGs or other equipment used to support the DGs or the plant's electrical distribution system. The fire could occur within the plant's switchyard or by an event that impacts the offsite power supply (grid) to the plant.

A review of the fire insights provided in Section 3 ofNUREG-1742

("Perspectives Gained from the Individual Plant Examination of External Events (IPEEE) Program," Reference 8.29) lists the common fire zones ranked as important contributors to fire-induced CDF. The fire zones include:

to TXX-07011 Page 31 of 45

Main control room

Switchgear room

Turbine building

Cable spreading rooms

Electrical equipment rooms

Diesel generator rooms

Cable vault/tunnel/chase zones

Battery/charger rooms The switchyard is not on the list which indicates that fire events that cause LOOP are not important contributors to plant risk, and therefore, the impact of fire events on plant risk, with respect to changes to DG CTs, are not expected to impact the conclusions of this analysis.

The insights from the CPSES Fire PRA support the conclusion that fire risk will not impact the results or conclusions of DG CT extension evaluation. The Fire PRA showed that there are only three fire scenarios that directly result in a LOOP, each initiated by a fire in any one of three different control room cabinets. These fire initiating events have a very low frequency of occurrence which supports the discussion above that the fire incremental risk for the extended CT is very small. Other scenarios that could indirectly lead to a LOOP require failure of fire protection features and/or additional random equipment failures. These scenarios are less consequential to the DG CT than the three scenarios mentioned above.

External Events - High Winds The occurrence of high winds that can cause plant damage is location specific. Damaging winds in the coastal region are typically due to hurricanes and in the interior of the country tornadoes become important.

The dominant CDF sequences associated with high winds typically involve LOOP in combination with random failures of emergency AC power. LOOP events from high winds are already accounted for in the LOOP initiating event frequency used in the internal event PRA model.

The LOOP initiating event frequency includes a contribution for severe weather.

High wind events that cause LOOP and additional damage, such as damage to the DGs, are not addressed by the LOOP events in the internal event PRA. Such events would be addressed by the external events assessment. The insights from the CPSES high wind evaluations discussed below support the conclusion that high wind risk will not impact the results or conclusions DG CT extension evaluation.

Attachment I to TXX-070 11 Page 32 of 45 The IPEEE (Reference 8.30) determined that the tornado strike frequency for CPSES is 5E-04 for all F classes. The increased exposure resulting from the extended CT (11 additional days from the present TS limit) is very small. Further, the offsite power non-recovery probability is very small beyond 3 days. Thus, tornadoes do not contribute significantly to the risk of extending the CT.

External Events - Floods The occurrence of floods that can cause plant damage is also location specific. The CPSES IPEEE concludes for external flooding that the Category I building structures [including the DG Buildings and Electrical and Control Buildings] are not under a threat from external flooding, even in the worst conditions of probable maximum precipitation or potential dam failures. Consequently, the contribution of such events to the total core damage frequency at CPSES is concluded to be insignificant.

Other flooding events of interest are those leading to LOOP with additional random failures leading to core damage. Given the plant's location, CPSES is not subject to floods that could cause a LOOP.

Further, the severe weather component for a LOOP is already accounted for in the calculation for detennining the frequency of a LOOP initiator.

Thus it can be concluded that external flooding events have an insignificant impact on the risk associated with this extended CT.

Other External Events Other external events include transportation and nearby facility accidents and the other external events listed in Table 4.1 of NUREG- 1742. As concluded in the NUREG, these events do not account for a significant risk contribution in any of the IPEEE submittals. In addition, the plant events that could be caused by these external events would not require the DGs for mitigation. This conclusion is consistent with the conclusions and insights from the CPSES [PEEE.

4.2.3 Restriction on High Risk Configuration This section addresses the Tier 2 and Tier 3 considerations related to avoidance and control and management of high risk considerations.

Tier 2: Avoidance of Risk-Significant Plant Conditions In addition to the administrative controls proposed by this license amendment, CPSES has existing administrative guidelines to avoid or reduce the potential for risk-significant configurations from either emergent or planned work. These guidelines control configuration risk by

Attachment I to TXX-07011 Page 33 of 45 assessing the risk impact due to out of service equipment during all modes of operation to ensure that the plant is operated within acceptable risk guidelines.

CPSES employs a conservative approach to performing maintenance during power operations. The weekly schedules are train/channel based and prohibit the scheduling of opposite train activities without additional review, approvals, and/or administrative controls. The assessment process further minimizes risk by restricting the number and combination of systems/trains allowed to be simultaneously unavailable for scheduled work.

Unplanned or emergent work activities are factored into the plant's actual and projected condition, and the level of risk is re-evaluated. Based on the result of this re-evaluation, decisions are made concerning further actions required to achieve an acceptable level of risk. Unplanned or emergent work activities are also evaluated to determine the impact on other, already planned activities and the effect the combinations would have on risk.

Risk Significant Components While a Diesel Generator is Out of Service The following components and/or systems become risk-significant when a DG is out of service. The list provides those components and/or systems whose unavailability simultaneous with an out of service DG would likely place the plant in a high-risk configuration, based upon their Risk Achievement Worth (RAW) value (i.e., the increase in risk if the component is assumed to be failed at all times, expressed as a ratio of assumed risk to baseline risk). These are not necessarily in ranked order.

Electric Power - opposite train motive and control power

Refueling Water Storage Tank - tank and its associated discharge valves

Service Water - opposite train

Diesel Generator - opposite train

Turbine Driven Auxiliary Feedwater Pump and associated piping/valves The Tier 3 risk management actions as described below will address the availability of these system relative to the implementation of this CT.

Attachment I to TXX-07011 Page 34 of 45 Tier 3 Risk Informed Plant Configuration Control and Management The objective of the third tier is to ensure that the risk impact of out of service equipment is evaluated prior to performing any maintenance activity. As stated in Section 2.3 of Regulatory Guide 1. 177, "a viable program would be one that is able to uncover risk significant plant equipment outage configurations in a timely manner during normal plant operation." The third tier requirement is an extension of the second tier requirement, but addresses the limitation of not being able to identify all possible risk significant plant configurations in the second tier evaluation.

The risk impact associated with performance of maintenance and testing activities is evaluated in accordance with the CPSES Work Scheduling Process (Work Control Instruction WCI-203). A risk assessment is performed for activities with a weekly schedule. Compensatory measures are addressed for activities deemed to be risk significant. The weekly scheduled activities and associated risk assessment are reviewed by the CPSES PRA Group. The Work Scheduling Process also addresses the impact on the risk assessment due to added or emergent activities and activities which have slipped from the scheduled completion time.

4.3 PRA Quality To ensure a high-quality PRA and to provide quality control to the PRA process, two types of independent reviews were conducted during the development of the PRA model used to support the Individual Plant Examination (IPE) submittal.

One review was conducted internally by TXU Power staff, and the other review was performed externally by outside PRA experts. In general, both reviews were applied to the entire examination process except when it was not possible due to the availability of resources or required skills. In those few cases, as a minimum, each task was reviewed thoroughly by either an internal or external independent reviewer. Further, a final independent review was performed after the IPE study was completed. A team of PRA experts was selected from the industry to independently review the entire [PE study and its supporting analyses. The review team spent one week at the TXU offices where documents, procedures, and supporting calculations and analyses were available for use. The results of all independent review activities performed by internal and external reviewers were well documented as part of the IPE documentation requirements. This process has been continued since the [PE with the Westinghouse Owners Group (WOG) peer review and the external peer review of our updated models. A discussion of the WOG and other subsequent peer review is provided below.

Attachment I to TXX-0701 I Page 35 of 45 WOG and Other Peer Reviews A WOG peer review of the CPSES PRA model was performed during the spring of 2002. The conclusion of the peer assessment is that the CPSES PRA can be effectively used to support risk significance evaluations with deterministic input, subject to addressing the items identified as significant in the technical element summary and Facts & Observations (F&Os) sheets. There were three level A F&Os.

Two Level A F&Os involved steam generator (SG) tube rupture and the application of the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months mission time concept for both CDF and LERF considerations. The basis and success paths for the SG tube rupture model were clarified to provide for actions beyond the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months mission time to assure that plant is in a stable condition. To address this, it was determined that changes to the PRA event and fault trees were needed for long term cooling after a SG tube rupture. These changes were incorporated into and are part of the current PRA model.

A third Level A F&O was written to address cutsets with multiple human errors and to revise dependency calculations if necessary. This item was found not to adversely affect the technical adequacy of the PRA. To address this, a PRA utility program was used to identify unique combinations of multiple human actions.

These combinations were reviewed on a scenario basis to assure that dependencies were identified and handled as appropriate. Changes were made to the model where required to address these dependencies.

There were several Level B F&Os. CPSES addressed each of the Level B F&Os and incorporated those items into the PRA model. In summary, all of the level A and B F&Os were fully resolved and where appropriate internal PRA guidance was strengthened.

In addition to the above described peer review, a focused, independent industry peer review of the Revision 3 changes was completed in the spring of 2005. The major model features addressed in this review included the RCP seal LOCA model update to the WOG 2000 model, the T-H analyses associated with seal LOCA scenarios, the LOOP model changes, and the quantification process. This review was completed based on ASME PRA Standard. No category A or B F&Os were identified by this peer review. All other F&O items were resolved and incorporated in to Revision 3B of the model as appropriate.

4.4 Summary and Conclusions The current CT associated with inoperable AC power source(s) is intended to minimize the time an operating plant is exposed to a reduction iln the number of available AC power sources. The proposed CT will continue to provide adequate

Attachment I to TXX-07011 Page 36 of 45 protection of public health and safety and common defense and security as described below. These changes advance the objectives of the NRC's Probabilistic Risk Assessment (PRA) Policy Statement (Reference 8.12), for enhanced decision-making and result in a more efficient use of resources and reduction of unnecessary burden. hIplementation of the proposed CT will provide the following benefits:

Allow increased flexibility in the scheduling and performance of DG maintenance.

Allow better control and allocation of resources. Allowing on-line maintenance provides the flexibility to focus more quality resources on any required or elected DG maintenance.

Avert unplanned plant shutdowns by extending the DG CT to 14 days when an AACPS is available versus 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . Risks incurred by unexpected plant shutdowns can be comparable to and often exceed those associated with continued power operation.

Improve DG availability during shutdown modes or conditions. This will reduce the risk associated with DG maintenance and the synergistic effects on risk due to DG unavailability occurring at the same time as other various activities and equipment outages that occur during a refueling outage.

The results of TXU Power's probabilistic evaluation support extension of the DG CT from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days when an AACPS is available.

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration TXU Power has evaluated whether or not a significant hazards consideration is involved with the proposed amendment(s) by focusing on the three standards set forth in 10CFR50.92, "Issuance of amendment," as discussed below:

1. Do the proposed changes involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No The proposed Technical Specification (TS) changes do not significantly increase the probability of occurrence of a previously evaluated accident because the Diesel Generators (DGs) are not initiators of previously evaluated accidents involving a loss of offsite power (LOOP). The proposed changes to the TS Required Actions and Completion Times (CT) do not affect any of the assumptions used in the deterministic or the Probabilistic Safety Assessment (PSA) analysis. Implementation of the

Attachment I to TXX-0701 I Page 37 of 45 proposed changes does not result in a risk significant impact. The onsite AC power sources will remain highly reliable and the proposed changes will not result in a significant increase in the risk of plant operation. This is demonstrated by showing that the impact on plant safety as measured by the increase in core damage frequency (CDF) is less than 1E-06 per year and the increase in large early release frequency (LERF) is less than IE-07 per year. in addition, for the CT changes, the incremental conditional core damage probabilities (ICCDP) and incremental conditional large early release probabilities (ICLERP) are less than 5E-07 and 5E-08, respectively. These changes meet the acceptance criteria in Regulatory Guides 1.174 and 1.177. Therefore, since the onsite AC power sources will continue to perform their functions with high reliability as originally assumed and the increase in risk as measured by ACDF, ALERF, ICCDP, and ICLERP risk metrics is within the acceptance criteria of existing regulatory guidance, there will not be a significant increase in the consequences of any accidents.

The proposed changes do not adversely affect accident initiators or precursors nor alter the design assumptions, conditions, or configuration of the facility or the manner in which the plant is operated and maintained.

The proposed changes do not alter or prevent the ability of structures, systems, and components (SSCs) from performing their intended function to mitigate the consequences of an initiating event within the assumed acceptance limits. The proposed changes do not affect the source term, containment isolation, or radiological release assumptions used in evaluating the radiological consequences of an accident previously evaluated. The proposed changes are consistent with safety analysis assumptions and resultant consequences.

The proposed TS changes will continue to ensure the DGs perform their function when called upon. Extending the TS CT to 14 days, when an AACPS is available, does not affect the design, the operational characteristics, the function, or the reliability of the DGs. Additionally the CT extension to 14 days does not affect the interfaces between the DGs and other plant systems. Conversely, in the absence of an AACPS, the DG 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT will be applied. The availability of the onsite AC power system to perform its accident mitigation function is not affected by the proposed activity and thus there is no impact to the radiological consequences of any accident analysis.

To fully evaluate the effect of the changes to the CT, PSA methods were utilized. The results of this analysis show no significant increase in the CDF and LERF.

to TXX-07011 Page 38 of 45 The Configuration Risk Management Program (CRMP) in TS 5.5.18 is an administrative program that assesses risk based on plant status. The risk informed CT will be implemented consistent with the CRMP and approved plant procedures. When utilizing the 14 day extension, requirements of the CRMP per TS 5.5.18 call for the consideration of other measures to mitigate the consequences of an accident occurring while a DG is inoperable. Furthermore, administrative controls will be applied when exercising the 14 day CT extension and are adequate to maintain defense-in-depth and sufficient safety margins.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Do the proposed changes create the possibility of a new or different kind of accident from any accident previously evaluated?

Response: No The proposed changes do not result in a change in the manner in which the electrical distribution subsystems provide plant protection. The changes to the CT do not change any existing accident scenarios, nor create any new or different accident scenarios.

In addition, the changes do not impose any new or different accident mitigation requirements or eliminate any existing requirements. The proposed changes are consistent with the safety analysis assumptions and current plant operating practice.

Therefore, the proposed change does not create the possibility of a new or different kind of accident from any previously evaluated.

3. Do the proposed changes involve a significant reduction in a margin of safety?

Response: No The proposed changes do not alter the manner in which safety limits, limiting safety system settings or limiting conditions for operation are determined. Neither the safety analyses nor the safety analysis acceptance criteria are impacted by these changes. The proposed changes will not result in plant operation in a configuration outside the current design basis.

The proposed activities only involve changes to certain TS CTs.

Therefore the proposed change does not involve a reduction in a margin of safety.

Attachment I to TXX-07011 Page 39 of 45 Based on the above evaluations, TXU Power concludes that the proposed amendment presents no significant hazards under the standards set forth in IOCFR50.92(c) and, accordingly, a finding of "no significant hazards consideration" is justified.

5.2 Applicable Regulatory Requirements/Criteria GDC 5 - Sharing of Structures, Systems, and Components, "Structures, systems, and components important to safety shall not be shared between nuclear power units unless it can be shown that such sharing will not significantly impair their ability to perform their safety functions including, in the event of an accident in one unit, an orderly shutdown and cooldown of the remaining unit." Therefore, the proposed license amendment has no impact on this regulatory requirement.

GDC 17 - Electric Power Systems, "An onsite electric power system and an offsite electric power system shall be provided to permit functioning of structures, systems, and components important to safety. The safety function for each system (assuming the other system is not functioning) shall be to provide sufficient capacity and capability to ensure that (1) specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded as a result of anticipated operational occurrences, and (2) the core is cooled and containment integrity and other vital functions are maintained in the event of postulated accidents.

The onsite electric power sources, including the batteries, and the onsite electrical distribution system, shall have sufficient independence, redundancy, and testability to perform their safety functions, assuming a single failure.

Electric power from the transmission network to the onsite electric distribution system shall be supplied by two physically independent circuits (not necessarily on separate rights of way) designed and located so as to minimize to the extent practical the likelihood of their simultaneous failure under operating and postulated accident and environmental conditions. A switchyard common to both circuits is acceptable. Each of these circuits shall be designed to be available in sufficient time following a loss of all onsite alternating current power supplies and the other offsite electrical power circuit, to ensure that specified acceptable fuel design limits and design conditions of the reactor coolant pressure boundary are not exceeded. One of these circuits shall be designed to be available within a few seconds following a loss of coolant accident to ensure that core cooling, containment integrity, and other vital safety functions are maintained.

Provisions shall be included to minimize the probability of losing electric power from any of the remaining supplies as a result of., or coincident with, the loss of power generated by the nuclear power unit, the loss of power from the transmission network, or the loss of power from the onsite electrical power supplies."

Attachment I to TXX-07011 Page 40 of 45 At CPSES, the safety-related systems are designed with sufficient capacity, independence, and redundancy to ensure performance of their safety functions assuming a single failure. The offsite electrical power system also provides independence and redundancy to ensure an available source of power to the safety-related loads. Upon loss of the preferred power source to any 6.9 kV Class IE bus, the alternate power source is automatically connected to the bus and the DG starts should the alternate source not return power to the Class IE buses. Loss of both offsite power sources to any 6.9 kV Class 1E bus, although highly unlikely, results in the DG providing power to the Class I E bus. Two independent DGs and their distribution systems are provided for each unit to supply power to the redundant onsite alternating current (AC) Power System.

Each DG and its distribution system is designed and installed to provide a reliable source of redundant onsite-generated (standby) AC power and is capable of supplying the Class I E loads connected to the Class I E bus which it serves.

Therefore, the proposed license amendment has no impact on this regulatory requirement.

GDC 18 - Inspection and Testing of Electric Power System, "Electric power systems important to safety shall be designed to permit appropriate periodic inspection and testing of important areas and features, such as wiring, insulation, connections, and switchboards, to assess the continuity of the systems and the condition of their components. The systems shall be designed with a capability to test periodically (1) the operability and functional performance of the components of the systems, such as onsite power sources, relays, switches, and buses and (2) the operability of the systems as a whole and, under conditions as close to design as practical, the full operational sequence that brings the systems into operation, including operation of applicable portions of the protection system and the transfer of power among the nuclear power unit, the offsite power system, and the onsite power system." Therefore, this proposed license amendment has no impact on this regulatory requirement.

NRC Regulatory Guide 1.53, dated June 1973, titled "Applicability of Single-Failure Criterion to Nuclear Power Plant Protection Systems." The proposed license amendment has no impact on this regulatory requirement.

NRC regulatory Guide 1.62, dated October 1973, titled "Manual Initiation of Protective Actions." The proposed license amendment has no impact on this regulatory requirement.

NRC Regulatory Guide 1.75, Revision I, dated January 1975, titled "Physical Independence of Electrical Systems." The proposed license amendment has no impact on this regulatory requirement.

Attachment I to TXX-07011 Page 41 of 45 NRC Regulatory Guide 1.81, Revision 1, dated January 1975, titled "Shared Emergency and Shutdown Electric Systems for Multi-unit Nuclear Power Plants."

The proposed license amendment has no impact on this regulatory requirement.

NRC Regulatory Guide 1.93, dated December 1974, titled "Availability of Electric Power Sources." The current CT associated with inoperable AC power source(s) are intended to minimize the time an operating plant is exposed to a reduction in the number of available AC power sources. NRC Regulatory Guide (RG) 1.93 (Reference 8.4) is referenced in the TS Bases for Actions associated with TS Section 3.8.1. RG 1.93 provides operating restrictions (i.e., CT and maintenance limitations) that the NRC considers acceptable if the number of available AC power sources is one less than the LCO. RG 1.93 specifically states, "If the available a.c. power sources are one less than the LCO, power operation may continue fbr a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months if the system stability and reserves are such that a subsequent single failure (including a trip of the unit's generator, but excluding an unrelated failure of the remaining offsite circuit if this degraded state was caused by the loss of an offsite source) would not cause total loss of offsite power." RG 1.93 additionally states, "The operating time limits delineated above are explicitly for corrective maintenance activities only."

Conformance with Regulatory Guide 1.93 is affected by these proposed changes.

The station currently conforms to the RG. If the proposed changes are approved, the station will continue to conform to RG 1.93 with the exception that the alternate allowable Required Actions CT for restoration of a DG will be 14 days and the CT may be used for all DG maintenance if an AACPS is available.

CPSES will adhere to a 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months CT in the absence of an AACPS.

NRC Regulatory Guide 1. 155, "Station Blackout," dated August 1988. The proposed license amendment has no impact on this regulatory requirement.

NRC Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-Informed Decisions on Plant-Specific Changes to the Licensing Bases," dated July 1998. The proposed license amendment is consistent with this regulatory requirement.

NRC regulatory Guide 1. 177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," dated August 1998. The proposed license amendment is consistent with this regulatory requirement.

NRC Safety Guide 6, dated March 10, 1971, titled "Independence Between Redundant Standby (onsite) Power Sources and Between Their Distribution Systems." These proposed changes do not add or reclassify any safety-related systems or equipment; therefore, conformance with Safety Guide 6 (Reference 8.6) as discussed in Appendix IA(B) of the FSAR (Reference 8.3) is not affected by this change. Redundant parts within the AC and direct current (DC) systems are physically and electrically independent to the extent that a single event or

Attachment I to TXX-0701 I Page 42 of 45 single electrical fault can not cause a loss of power to both Class IE buses.

NRC Safety Guide 9 (Reference 8.7), dated March 10, 1971, titled "Selection of Diesel Generator Set Capacity for Standby Power Supplies." These proposed changes do not add any loads to the DGs; therefore, the selection of the capacity of the DGs for standby power systems and conformance to the applicable sections of Safety Guide is not affected by this change.

The technical analysis performed by TXU Power in Section 4, "Technical Analysis," demonstrates the ability of the DGs to perform their safety function.

The increased CT continues to comply with the above regulatory requirements with the exception of RG 1.93.

Safety analysis acceptance criteria in the FSAR continue to be met. The proposed changes do not affect any assumptions or inputs to the safety analysis (Reference 8.3).

In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

6.0 ENVIRONMENTAL CONSIDERATION

TXU Power has determined that the proposed amendment would change requirements with respect to the installation or use of a facility component located within the restricted area, as defined in IOCFR20, or would change an inspection or surveillance requirement.

TXU Power has evaluated the proposed changes and has determined that the changes do not involve (1) a significant hazards consideration, (2) a significant change in the types or significant increase in the amounts of any effluent that may be released offsite, or (3) a significant increase in individual or cumulative occupational radiation exposure.

Accordingly, the proposed changes meet the eligibility criterion for categorical exclusion set forth in I OCFR5 1.22(c)(9). Therefore, pursuant to IOCFR51.22(b), an environmental assessment of the proposed change is not required However, a non-radiological environmental assessment will be required to ensure compliance with existing station emission permits or a new Title V permit could be required before exercising the 14 day Completion Time extension.

7.0. PRECEDENTS 7.1 By letter dated May 26, 2004 the FirstEnergy Nuclear Operating Company (FENOC) submitted similar proposed Technical Specification to extend the Completion Time for an out of service diesel generator (DG) for the Beaver

Attachment I to TXX-07011 Page 43 of 45 Valley Power Station Unit I (Operating License No. DPR-66) and Unit 2 (Operating License No. NPF-73) (Reference 8.14). The NRC staff's safety evaluation report (SER) approving the plant specific license amendment requests, to extend the Completion Time for an inoperable DG from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days if an alternate AC power source was available, and issuing License Amendments No. 268 to Operating License DPR-66 and No. 150 to Operating License NPF-73 was transmitted by letter to Mr. L. William Pearce (FirstEnergy Nuclear Operating Company, Beaver Valley Power Station) by Timothy G. Colburn (USNRC), dated September 9, 2005 (Reference 8.15).

Similar license amendments have been issued for the Wolf Creek Generating Station (Reference 8.22), Diablo Canyon Power Plant (Reference 8.23), Columbia Generating Station (Reference 8.24), and Donald C. Cook Nuclear Plant (Reference 8.25).

7.2 The CPSES PRA has been used in support of several submittals to the USNRC including Risk-Informed [nservice Testing program (Reference 8.17) and Risk-Informed Inservice Inspection program (Reference 8.18). Additionally, the CPSES PRA supported License Amendment Requests to (1) remove the mode restrictions on several Technical Specification (TS) 3.8.1 surveillance requirements (Reference 8.19), (2) revise TS 3.8.1 to allow a one-time only change to extend the Action A.3 Completion Time (CT) for restoration of an inoperable offsite circuit from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 2 1 days (Reference 8.20), and (3) increase the allowed outage time for a centrifugal charging pump from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 7 days (Reference 8.21). The NRC has reviewed and approved these risk-informed submittals.

8.0 REFERENCES

8.1 N RC Regulatory Guide 1.174, "An Approach for Using Probabilistic Risk Assessment In Risk-informed Decisions On Plant-Specific Changes to the Licensing Basis," July 1998.

8.2 N RC Regulatory Guide 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," August 1998.

8.3 Comanche Peak Steam Electric Station Final Safety Analysis Report, Docket Nos.

50-445 and 50-446.

8.4 NRC Regulatory Guide (RG) 1.93, "Availability of Electric Power Sources,"

December 1974.

8.5 NRC Regulatory Guide 1.155, "Station Blackout," August 1988.

8.6 NRC Safety Guide 6, "Independence Between Redundant Standby (Onsite) Power Sources and Between Their Distribution Systems," March 10, 1971.

8.7 NRC Safety Guide 9, "Selection of Diesel Generator Set Capacity for Standby Power Supplies," March 10, 1971.

8.8 NRC Regulatory Guide 1.81, Revision 1, "Shared Emergency and Shutdown Electric Systems for Multi-unit Nuclear Power Plants," January 1975.

Attachment I to TXX-070 I1 Page 44 of 45 8.9 NRC Regulatory Guide 1.53, "Applicability of Single-Failure Criterion to Nuclear Power Plant Protection Systems," June 1973.

8.10 NRC Regulatory Guide 1.62, "Manual Initiation of Protective Actions," October 1973.

8.11 NRC Regulatory Guide 1.75, Revision 1, "Physical Independence of Electrical Systems," January 1975.

8.12 NRC Probabilistic Risk Assessment (PRA) Policy Statement, "Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy Statement," Federal Register, Volume 60, p.42622,. August 16, 1995.

8.13 WCAP- 10541, "Reactor Coolant Pump Seal Performance Following A Loss of All AC Power," November i986.

8.14 Letter to USNRC from L. William Pearce (FirstEnergy Nuclear Operating Company, Beaver Valley Power Station), May 26, 2004, "License Amendment Request Nos. 306 and 176."

8.15 Letter from Timothy G. Colburn (USNRC) to L. William Pearce (FirstEnergy Nuclear Operating Company, Beaver Valley Power Station) dated September 29, 2005, "Beaver Valley Power Station ,Unit Nos. I and 2 - Issuance of Amendment Re: Increase of the Emergency Diesel Generator (EDG) Allowed Outage Time from 72 Hours to 14 Days (TAC Nos. MC3331 and MC3332)."

8.16 WCAP- I5622-P, "Risk-Informed Evaluation of Extension to AC Electrical Power System Completion Times," May 2001.

8.17 Letter to C. Lance Terry (TU Electric) from John H. Hannon (USNRC) dated August 14, 1998, "Approval of Risk-Informed Inservice Testing (RI-IST)

Program for Comanche Peak Steam Electric Station, Units I and 2 (TAC Nos.

M94165, M94166, MA1972, and MA1973)."

8.18 Letter to C. Lance Terry (TXU Electric) from Robert A. Gramm (USNRC) dated September 28, 2001, "Comanche Peak Steam Electric Station (CPSES), Units I and 2 - Approval of Relief Request for Application of Risk-Informed Inservice Inspection Program for American Society of Mechanical Engineers Boiler and Pressure Vessel Code Class I and 2 Piping (TAC Nos. MBI201 and MB 1202)."

8.19 Letter to M. R. Blevins (TXU Power) firom Mohan C. Thadani (USNRC) dated March 15, 2006, "Comanche Peak Steam Electric Station (CPSES), Units I and 2

- Issuance of Amendments Re: Technical Specification 3.8.1, "AC Sources -

Operating," Mode Restrictions on Emergency Diesel Generator Surveillance (TAC Nos. MC4912 and MC4913)."

8.20 Letter to C. Lance Terry (TXU Electric) from David H. Jaffe (USNRC) dated October 9, 2001, "Comanche Peak Steam Electric Station (CPSES), Units 1 and 2

- Issuance of Amendments Re: Extended Outage Time for Off-site Power-Single Occurrence (TAC Nos. MB1823 and MB 1824)."

8.21 Letter to C. Lance Terry (TU Electric) from Timothy J. Polich (USNRC) dated December 29, 1998, "Comanche Peak Steam Electric Station, Units I and 2 -

Amendment Nos. 62 and 48 to Facility Operating License Nos. NPF-87 and NPF-89 (TAC Nos. M97809 and M978 10)."

Attachment I to TXX-07011 Page 45 of 45 8.22 Letter to Rick A. Muench (Wolf Creek Nuclear Operating Corporation) from Jack Donohew (USNRC) dated April 26, 2006, "Wolf Creek Generating Station -

Issuance of Amendment Re: Extended Diesel Generator Completion Times (TAC No. MC 1257)."

8.23 Letter to Gregory M. Rueger (Pacific Gas and Electric Company) from Meena Khanna (USNRC) dated April 20, 2004, "Diablo Canyon Power Plant, Unit No. I (TAC No. MB9146) and Unit No. 2 (TAC No. MB9147) - Issuance of Amendment Re: Extensions of the Completion Times for Restoring an Inoperable Diesel Generator from 7 Days to 14 Days."

8.24 Letter to J. V. Parrish (Energy Northwest) from Brian J. Benney (USNRC) dated April 14, 2006, "Columbia Generating Station - Issuance of Amendment Re:

Extension of Diesel Generator Completion Time (TAC No. MC3203)."

8.25 Letter to Mano K. Nazar (Indiana Michigan Power Company) from Deirdre W.

Spaulding (USNRC) dated September 30, 2005, "Donald C. Cook Nuclear Plant, Units I and 2 - Issuance of Amendments Re: Safety Evaluation Regarding Allowed Outage Time Extension for the Emergency Diesel Generators (TAC Nos.

MC4525 and MC4526)."

8.26 NUMARC 87-00, "Guidelines and Technical Bases for NUMARC Initiatives Addressing Station Blackout at Light Water Reactors," Rev. 1, August 1991.

8.27 WCAP- 15603 Revision I-A, "WOG 2000 Reactor Coolant Pump Seal Leakage Model for Westinghouse PWRS," June 2003.

8.28 NRC NUREG-1488, "Revised Livermore Seismic Hazard Estimates for Sixty-Nine Nuclear Power Plant Sites East of the Rocky Mountains," April 1994.

8.29 NRC NUREG-1742, "Perspectives Gained From the Individual Plant Examination External Events ([PEEE) Program," April 2002.

8.30 CPSES IPEEE, "IPEEE for Severe Accident Vulnerabilities," June 1995.

to TXX-0701 I Page 1 of 6 ATTACHMENT 2 to TXX-07011 PROPOSED TECHNICAL SPECIFICATION CHANGES (MARK-UP)

Pages 3.8-I 3.8-2 3.8-3 3.8-4 INSERTS to TXX-07011 Page 2 of 6 K FOR TENFORMATfON ONLY J AC Sources - Operating 3.8.1 3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC Sources-Operating LCO 3.8.1 The following AC electrical sources shall be OPERABLE:

a. Two qualified circuits between the offsite transmission network and the onsite Class 1E AC Electrical Power Distribution System;

b. Two diesel generators (DGs) capable of supplying the onsite Class 1 E power distribution subsystem(s); and

c. Automatic load sequencers for Train A and Train B.

APPLICABILITY: MODES 1, 2, 3, and 4

NOTE --------------------------------------------

One DG may be synchronized with the offsite power source under administrative controls for the purpose of surveillance testing.

COMANCHE PEAK - UNITS 1 AND 2 3.8-1 Amendment No. 64,124 to TXX-070 11 AC Sources - Operating Page 3 of 6 3.8.1 ACTIONS NOTE-------------------------------

LCO 3.0.4.b is not applicable to DGs.

CONDITION REQUIRED ACTION COMPLETION TIME A. One required offsite circuit A.1 Perform SIR 3.8.1.1 for 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months inoperable, required OPERABLE offsite circuit. AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND

...............-NOTE ---------

In MODES 1, 2 and 3, the TDAFW pump is considered a required redundant feature.

A.2 Declare required 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from feature(s) with no offsite discovery of no power available offsite power to one inoperable when its train concurrent with redundant required inoperability of feature(s) is inoperable, redundant required feature(s)

AND A.3 Restore required offsite 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months circuit to OPERABLE status. AND 6 days from discovery of failure to meet LCO (continued)

INSERT A COMANCHE PEAK - UNITS 1 AND 2 3.8-2 Amendment No. 40-9,4-24 to TXX-0701 I Page 4 of 6 I FOR INFORMATION ONLY JAC Sources - Operating 3.8.1 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME B. One DG inoperable. B.1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months the required offsite circuit(s). AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND NOTE-------

In MODES 1, 2 and 3, the TDAFW pump is considered a required redundant feature.

B.2 Declare required 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months from feature(s) supported by discovery of the inoperable DG Condition B inoperable when its concurrent with required redundant inoperability of feature(s) is inoperable. redundant required feature(s)

AND B.3.1 Determine OPERABLE 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months DG(s) is not inoperable due to common cause failure.

OR NOTE-------

The SR need not be performed if the DG is already operating and loaded.

B.3.2 Perform SR 3.8.1.2 for 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months OPERABLE DG(s).

(continued)

COMANCHE PEAK - UNITS 1 AND 2 3.8-3 Amendment No. 64 to TXX-07011 AC Sources - Operating Page 5 of 6 3.8.1 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME B. (continued) AND

.11 BA4 !: Restorre DDG to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OPERABLE status.

AND 6 days from discover f failure to meet LC INSERT B C. Two required offsite circuits ------------- -NOTE inoperable. In MODES 1, 2 and 3, the TDAFW pump is considered a required redundant feature.

C.1 Declare required 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from feature(s) inoperable discovery of when its redundant Condition C required feature(s) is concurrent with inoperable. inoperability of redundant required features AND C.2 Restore one required 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months offsite circuit to OPERABLE status.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 3.8-4 Amendment No.-6A-to TXX-070 11 Page 6 of 6 INSERTS JNSERT A OR A.3.2 Restore required offsite 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months circuit to OPERABLE status. AND 17 days from discovery of failure to meet LCO due to an inoperable DG with AACPS available INSERT B OR

NOTE-------

Required Action B.4.2 and associated Completion Times are only allowed if an AACPS is available.

B.4.2 Restore DG to 14 days OPERABLE status.

AND 17 days from discovery of failure to meet LCO to TXX-07011 Page l of 8 ATTACHMENT 3 to TXX-07011 PROPOSED TECHNICAL SPECIFICATIONS BASES CHANGES (Markup For Information Only)

Pages B 3.8-8 B 3.8-10 B 3.8-11 INSERTS

AC Sources - Operating B 3.8.1 Attachment 3 to TXX-07011 Page 2 of 8 BASES ACTIONS (continued)

According to Regulatory Guide 1.93 (Ref. 6), operationmacotnei Condition A for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . With one offsite "

INSERT A >, circuit inoperable, the reliability of the offsite system is degraded, and the potential for a loss of offsite power is increased, with attendant potential for a challenge to the unit safety systems. In this Condition, however, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action A.3 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 144 hours0.00167 days 0.04 hours 2.380952e-4 weeks 5.4792e-5 months , since initial failure to meet the LCO, to restore the offsite circuit.

At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 9 days) allowed prior to complete restoration of the LCO. The 6 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 6 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition A was entered.

INSERT B B.1 To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not (continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-8 Revision r

AC Sources - Operating B 3.8.1 Attachment 3 to TXX-07011 Page 3 of 8 BASES ACTIONS B.2 (continued)

OPERABILITY of the redundant counterpart to the inoperable required feature. Additionally, the 4 hour4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

B.3.1 and B.3.2 Required Action B.3.1 provides an allowance to avoid unnecessary testing of the OPERABLE DG. If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DG, SR 3.8.1.2 does not have to be performed. If the cause of inoperability exists on the other DG, the other DG would be declared inoperable upon discovery and Condition E of LCO 3.8.1 would be entered. Once the failure is repaired, the common cause failure no longer exists, and Required Action B.3.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG, performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG.

In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the applicable plant procedures will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition B.

According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG is not affected by the same problem as the inoperable DG.

During performance of surveillance activities as a requirement for ACTION statements, the air-roll test shall not be performed.

BA4 <: .l I INSERT C

>~ Condition B for a period that should not exceed 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months .

tem. The 7 2 hour2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-10 Revisionr

AC Sources - Operating B 3.8.1 Attachment 3 to TXX-0701I.

Page 4 of 8 BASES "_

ACTIONS B.4 (continued)

The second Completion Time for Required Action B. stablishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 144 hours0.00167 days 0.04 hours 2.380952e-4 weeks 5.4792e-5 months , since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 9 days) allowed prior to complete restoration of the LCO. The 6 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations inwhich Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 6 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

INSERT D >

C.1 and C.2 Required Action C.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety functions. The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from that allowed for one train without offsite power (Required Action A.2). The rationale for the reduction to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is that Regulatory Guide 1.93 (Ref. 6) allows a Completion Time of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE. When a concurrent redundant required feature failure exists, this assumption is not the case, and a shorter Completion Time of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is appropriate. These features are powered from redundant AC safety trains. This includes the motor driven auxiliary feedwater pumps and the TDAFW pump which must be available for mitigation of a Feedwater line break. Single train systems, other than the turbine driven auxiliary feedwater pump, are not included.

The Completion Time for Required Action C.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities. This (continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-11 Revision 1 1

to TXX-07011 Page 5 of 8 INSERTS INSERT A In Condition A, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System. With an offsite circuit inoperable, the inoperable offsite circuit must be restored to OPERABLE status within the applicable, specified Completion Time.

INSERT B A.3.2 In Condition A, the remaining offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1E Distribution System. With an offsite circuit inoperable, the inoperable offsite circuit must be restored to OPERABLE status within the applicable, specified Completion Time.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action A.3.2 establishes a limit on the maximum time allowed for one required offsite circuit and one DG to be inoperable during any single, contiguous occurrence of failing to meet the LCO if an AACPS is available. When utilizing the extended 14 day CT that will be applicable during maintenance windows to deterministically enhance the capability of the plant, the list of administrative controls discussed in TS Bases ACTION B.4.2 apply. An AACPS is described in TS Bases ACTION B.4.2. If Condition A is entered while, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 14 days. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 14 days (for a total of 31 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition A was entered.

to TXX-07011 Page 6 of 8 INSERTS (continued)

INSERT C In Condition B, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1E Distribution System. With a DG inoperable, the inoperable DG must be restored to OPERABLE status within the applicable, specified Completion Time.

INSERT D B.4.2 In Condition B, the remaining OPERABLE DG, offsite circuits, and alternate AC power source (AACPS) are adequate to supply electrical power to the onsite Class 1 E Distribution System. With a DG inoperable, the inoperable DG must be restored to OPERABLE status within the applicable, specified Completion Time.

The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources and the AACPS, a reasonable time for maintenance, and the low probability of a DBA occurring during this period.

The Completion Time for Required Action B.4.2 establishes a 14 day allowable out of service time when one DG is inoperable and an AACPS is available. The 14 day Completion Time is based on a plant specific risk analysis performed to establish the out of service time.

As a defense-in-depth measure, when the option of an extended allowable out of service time for an emergency DG is exercised, an AACPS will be provided with capability of supplying the same loads as the existing DGs with the criteria noted below. Thus the AACPS will be capable of supplying safe shutdown loads after a LOOP to the bus. For unplanned DG outages, capability to supply an AACPS will be available upon entering the allowed outage period extension (i.e., by 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months into the 14 day Completion Time).

For DG outages planned to exceed an initial 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time, an AACPS will be provided within one hour of entering the 14 day Completion Time. In any event, if an AACPS of the required capacity is not available after entering the extended Completion Time period (after 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months into the 14 day Completion Time), the requirement to be in at least hot standby within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in cold shutdown within the following 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months would apply.

The following criteria would apply to any AACPS used as a defense-in-depth measure:

1. An AACPS may be of a temporary or permanent nature and would not be required to satisfy Class 1E requirements.

2. Dynamic effects of an AACPS failure (GDC 4 events) would not adversely affect safety related plant equipment.

to TXX-0701 I Page 7 of 8 INSERTS (continued)

3. An AACPS would not be required to be protected against natural phenomena (GDC 2 events) or abnormal environmental or dynamic effects (GDC 4 events).

4. An AACPS would be started manually or automatically and connected to the bus when it has achieved its rated voltage and speed. The AACPS connection to the bus will occur within 15 minutes of detection of a LOOP. Thus the AACPS would have the capacity required for safe shutdown such that performance of powered equipment is acceptable after a LOOP to the bus.

Prior to relying on its availability, a temporary AACPS would be determined to be available by: (1) starting the AACPS and verifying proper operation; (2) verifying that sufficient fuel is available onsite to support 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of operation; and (3) ensuring that the AACPS is in the correct electrical alignment to supply power to designated safe shutdown loads. Subsequently, when not in operation, a status check for availability will also be performed once every 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This check consists of (1) verifying the AACPS is mechanically and electrically ready for operations; (2) verifying that sufficient fuel is available onsite to support 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of operation; and (3) ensuring that the AACPS is in the correct electrical alignment to supply power to designated safe shutdown loads.

Prior to relying on its availability, a permanent AACPS would be determined to be available by starting the AACPS and verifying proper operation. In addition, initial and periodic testing, surveillances, and maintenance conform to NUMARC 87-00, Revision 1, Appendix B, "Alternate AC Power Criteria" guidelines. Functional testing, timed starts and load capacity testing on a fuel cycle basis, and surveillance and maintenance will consider manufacturer's recommendations.

The following is a listing of administrative controls when utilizing the extended 14 day CT that will be applicable during DG maintenance windows (as applicable) to deterministically enhance the capability of the plant.

1. The Configuration Risk Management Program (CRMP) (TS 5.5.18) will be applied per 10CFR50.65(a)(4).

2. Weather conditions must be historically conducive to perform planned maintenance on the DG.

3. The offsite power supply and switchyard conditions are conducive to perform maintenance on the DG.

4. Switchyard access will be monitored and controlled.

The second Completion Time for Required Action B.4.2 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to to TXX-07011 Page 8 of 8 INSERTS (continued) 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 20 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 14 day and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the CT allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

to TXX-07011 Page 1 of 3 ATTACHMENT 4 to TXX-07011 RETYPED TECHNICAL SPECIFICATION PAGES Pages 3.8-2 3.8-4 to TXX-07011 AC Sources - Operating Page 2 of 3 3.8.1 ACTIONS

NOTE.

LCO 3.0.4.b is not applicable to DGs.

CONDITION REQUIRED ACTION COMPLETION TIME A. One required offsite circuit A. 1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months inoperable. required OPERABLE offsite circuit. AND Once per 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months thereafter AND

-NOTE In MODES 1, 2 and 3, the TDAFW pump is considered a required redundant feature.

A.2 Declare required 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months from feature(s) with no offsite discovery of no power available offsite power to one inoperable when its train concurrent with redundant required inoperability of feature(s) is inoperable. redundant required feature(s)

AND A.3.1 Restore required offsite 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months circuit to OPERABLE status. AND 6 days from discovery of failure to meet LCO OR A.3.2 Restore required offsite 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months circuit to OPERABLE status. AND 17 days from discovery of failure to meet LCO due to an inoperable DG with AACPS available (continued)

COMANCHE PEAK - UNITS 1 AND 2 3.8-2 Amendment No. 4-0-9, 42-4, to TXX-07011 AC Sources - Operating Page 3 of 3 3.8.1 CONDITION REQUIRED ACTION COMPLETION TIME B. (continued) AND B.4.1 Restore DG to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months OPERABLE status.

AND 6 days from discovery of failure to meet LCO OR NOTE-------

Required Action B.4.2 and associated Completion Times are only allowed if an AACPS is available.

B.4.2 Restore DG to 14 days OPERABLE status.

AND 17 days from discovery of failure to meet LCO C. Two required offsite circuits NOTE-------

inoperable. In MODES 1, 2 and 3, the TDAFW pump is considered a required redundant feature.

C.1 Declare required 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from feature(s) inoperable discovery of when its redundant Condition C required feature(s) is concurrent with inoperable. inoperability of redundant required features AND C.2 Restore one required 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months offsite circuit to OPERABLE status.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 3.8-4 Amendment No. 64, to TXX-07011 Page 1 of 7 ATTACHMENT 5 to TXX-07011 RETYPED TECHNICAL SPECIFICATION BASES PAGES Pages B 3.8-8 B 3.8-9 B 3.8-11 B 3.8-12 B 3.8-13 B 3.8-14

AC Sources - Operating B 3.8.1 Attachment 5 to TXX-0701 I Page 2 of 7 BASES ACTIONS (continued)

A.3.1 In Condition A, the remaining OPERABLE offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System. With an offsite circuit inoperable, the inoperable offsite circuit must be restored to OPERABLE status within the applicable, specified Completion Time.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action A.3.1 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 144 hours0.00167 days 0.04 hours 2.380952e-4 weeks 5.4792e-5 months , since initial failure to meet the LCO, to restore the offsite circuit.

At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 9 days) allowed prior to complete restoration of the LCO. The 6 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 6 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition A was entered.

A.3.2 In Condition A, the remaining offsite circuit and DGs are adequate to supply electrical power to the onsite Class 1 E Distribution System. With an offsite circuit inoperable, the inoperable offsite circuit must be restored to OPERABLE status within the applicable, specified Completion Time.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-8 Revision

AC Sources - Operating B 3.8.1 Attachment 5 to TXX-070 11 Page 3 of 7 BASES ACTIONS A.3.2 (continued)

The second Completion Time for Required Action A.3.2 establishes a limit on the maximum time allowed for one required offsite circuit and one DG to be inoperable during any single, contiguous occurrence of failing to meet the LCO if an AACPS is available. When utilizing the extended 14 day CT that will be applicable during maintenance windows to deterministically enhance the capability of the plant, the list of administrative controls discussed in TS Bases ACTION B.4.2 apply. An AACPS is described in TS Bases ACTION B.4.2. If Condition A is entered while, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 14 days. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 14 days (for a total of 31 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action A.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition A was entered.

B.1 To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable. Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered.

B.2 Required Action B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are designed with redundant safety related trains. This includes the motor driven auxiliary feedwater pumps and the TDAFW pump which must be available for mitigation of a Feedwater line break. Single train systems, (continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-9 Revision

AC Sources - Operating B 3.8.1 Attachment 5 to TXX-07011 Page 4 of 7 BASES ACTIONS B.3.1 and B.3.2 (continued) longer exists, and Required Action B.3.1 is satisfied. If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DG, performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of that DG.

In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the applicable plant procedures will continue to evaluate the common cause possibility. This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months constraint imposed while in Condition B.

According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months is reasonable to confirm that the OPERABLE DG is not affected by the same problem as the inoperable DG.

During performance of surveillance activities as a requirement for ACTION statements, the air-roll test shall not be performed.

B.4.1 In Condition B, the remaining OPERABLE DG and offsite circuits are adequate to supply electrical power to the onsite Class 1 E Distribution System. With a DG inoperable, the inoperable DG must be restored to OPERABLE status within the applicable, specified Completion Time.

The 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action B.4.1 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 144 hours0.00167 days 0.04 hours 2.380952e-4 weeks 5.4792e-5 months , since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 9 days) allowed prior to complete restoration of the LCO. The 6 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector (continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-11 Revision

AC Sources - Operating B 3.8.1 Attachment 5 to TXX-07011 Page 5 of 7 BASES ACTIONS B.4.1 (continued) between the 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months and 6 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

B.4.2 In Condition B, the remaining OPERABLE DG, offsite circuits, and alternate AC power source (AACPS) are adequate to supply electrical power to the onsite Class 1E Distribution System. With a DG inoperable, the inoperable DG must be restored to OPERABLE status within the applicable, specified Completion Time.

The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources and the AACPS, a reasonable time for maintenance, and the low probability of a DBA occurring during this period.

The Completion Time for Required Action B.4.2 establishes a 14 day allowable out of service time when one DG is inoperable and an AACPS is available. The 14 day Completion Time is based on a plant specific risk analysis performed to establish the out of service time.

As a defense-in-depth measure, when the option of an extended allowable out of service time for an emergency DG is exercised, an AACPS will be provided with capability of supplying the same loads as the existing DGs with the criteria noted below. Thus the AACPS will be capable of supplying safe shutdown loads after a LOOP to the bus. For unplanned DG outages, capability to supply an AACPS will be available upon entering the allowed outage period extension (i.e., by 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months into the 14 day Completion Time).

For DG outages planned to exceed an initial 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months Completion Time, an AACPS will be provided within one hour of entering the 14 day Completion Time. In any event, if an AACPS of the required capacity is not available after entering the extended Completion Time period (after 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months into the 14 day Completion Time), the requirement to be in at least hot standby within the next 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in cold shutdown within the following 36 hours4.166667e-4 days 0.01 hours 5.952381e-5 weeks 1.3698e-5 months would apply.

The following criteria would apply to any AACPS used as a defense-in-depth measure:

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-12 Revision

AC Sources - Operating B 3.8.1 Attachment 5 to TXX-07011 Page 6 of 7 BASES ACTIONS B.4.2 (continued)

1. An AACPS may be of a temporary or permanent nature and would not be required to satisfy Class 1E requirements.

2. Dynamic effects of an AACPS failure (GDC 4 events) would not adversely affect safety related plant equipment.

3. An AACPS would not be required to be protected against natural phenomena (GDC 2 events) or abnormal environmental or dynamic effects (GDC 4 events).

4. An AACPS would be started manually or automatically and connected to the bus when it has achieved its rated voltage and speed. The AACPS connection to the bus will occur within 15 minutes of detection of a LOOP. Thus the AACPS would have the capacity required for safe shutdown such that performance of powered equipment is acceptable after a LOOP to the bus.

Prior to relying on its availability, a temporary AACPS would be determined to be available by: (1) starting the AACPS and verifying proper operation; (2) verifying that sufficient fuel is available onsite to support 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of operation; and (3) ensuring that the AACPS is in the correct electrical alignment to supply power to designated safe shutdown loads.

Subsequently, when not in operation, a status check for availability will also be performed once every 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This check consists of (1) verifying the AACPS is mechanically and electrically ready for operations; (2) verifying that sufficient fuel is available onsite to support 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months of operation; and (3) ensuring that the AACPS is in the correct electrical alignment to supply power to designated safe shutdown loads.

Prior to relying on its availability, a permanent AACPS would be determined to be available by starting the AACPS and verifying proper operation. In addition, initial and periodic testing, surveillances, and maintenance conform to NUMARC 87-00, Revision 1, Appendix B, "Alternate AC Power Criteria" guidelines. Functional testing, timed starts and load capacity testing on a fuel cycle basis, and surveillance and maintenance will consider manufacturer's recommendations.

The following is a listing of administrative controls when utilizing the extended 14 day CT that will be applicable during DG maintenance windows (as applicable) to deterministically enhance the capability of the plant.

1. The Configuration Risk Management Program (CRMP) (TS 5.5.18) will be applied per 10CFR50.65(a)(4).

(continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-13 Revision

.AC Sources - Operating B 3.8.1 Attachment 5 to TXX-0701I1 Page 7 of 7 BASES ACTIONS B.4.2 (continued)

2. Weather conditions must be historically conducive to perform planned maintenance on the DG.

3. The offsite power supply and switchyard conditions are conducive to perform maintenance on the DG.

4. Switchyard access will be monitored and controlled.

The second Completion Time for Required Action B.4.2 establishes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG.

At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (for a total of 20 days) allowed prior to complete restoration of the LCO. The 17 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions A and B are entered concurrently. The "AND" connector between the 14 day and 17 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met.

As in Required Action B.2, the CT allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered.

C.1 and C.2 Required Action C.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety functions. The Completion Time for this failure of redundant required features is reduced to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months from that allowed for one train without offsite power (Required Action A.2). The rationale for the reduction to 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months is that Regulatory Guide 1.93 (Ref. 6) allows a Completion Time of 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE. When a concurrent redundant required feature failure exists, this assumption is not the case, and a shorter (continued)

COMANCHE PEAK - UNITS 1 AND 2 B 3.8-14 Revision to TXX-07011 Page 1 of 4 ATTACHMENT 6 to TXX-070111 CPSES SWITCHYARDS and DISTRIBUTION SUBSYSTEM FIGURES (For Information Only) to TXX-0701 I Page 2 of 4 r -

OFFSITE POWER SYSTEM 138kv Switchyard I 345kv Switchyard L_ - -------- -- - - - - - ----

Startup Transformer XST2 Unit 2 Startup Transformer XST1 Unit 2 NC lEA1 1EA2 6

1EDG1 1EDG2 IEDGI XEDG2

DECORDOVAI WOLF HOLLOW VENUS 2 COMANCHE SWITCH PARKER I

_ _ - _ ST BUS "

8089 8009 . 849 7797 8W9/ i 8029 908 8070 NC 8010 NC 8050 NC 7981 8090 NC 8030 8080 X 1- 345 KV SWITCHYARD 8061 7 8001 ' 8002 7971 8041 X 8021 X Xo022 8060 NC 8000 NC N 7970 8040 NC 8020 [jNC 8059x 7999 X 7969 8039,,X 80ol9 /

6.9 KV SAFEGUARDS BUSES ELECTRIC POWER SYSTEM HIGH VOLTAGE SWITCHYARDS SIMPLIFIED SCHEMATIC SHEET 1 OF 2

c>

PLANTSUPPORT POWER SYSTEM PLANTSUPPORT POWER SYSTEM TRANSFORMERI DECORDOVA STEPHENVULLE H WEST BUS Tol0 7029 7020 LJNC 7030 [Ei NC 7U21 7031 138 KV SWITCHYARD 7040 NC 7050 N.

PLANTSUPPORT POWERSYSTEM TRANSFORMER 2 77 PLANTSUPPORT ]_ _ rj- r151 L112 EAST BUS POWERSYSTEM 2 OVERHEAD CPX-ECDSST-01 o80STA OXST*

FJ*2*ET'*T -UR TRANSFORMER XST1 CPX-EFTRST-01 IEA, I.AS 2EA1. 2EA2 A.AKS SAFEGUARDS BUSES ELECTRIC POWER SYSTEM HIGH VOLTAGE SWITCHYARDS SIMPLIFIED SCHEMATIC SHEET 2 OF 2

v t e Letter Sequence Request
TAC:MD4066, (Withdrawn, Closed)
Initiation Request Acceptance... Administration Questions 21 June 2007 25 July 2007 Answers Results Withdrawal Other:
MONTHYEAR2007-07-25 [Table View]

CPSES-200700130, License Amendment Request (LAR) 06-009, Revision to Technical Specification (TS) 3.8.1, AC Sources - Operating, Extension of Completion Times for Diesel Generators

Text

SUBJECT:

Dear Sir or Madam:

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

6.0 ENVIRONMENTAL CONSIDERATION

8.0 REFERENCES

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

6.0 ENVIRONMENTAL CONSIDERATION

8.0 REFERENCES

Navigation menu

CPSES-200700130, License Amendment Request (LAR) 06-009, Revision to Technical Specification (TS) 3.8.1, AC Sources - Operating, Extension of Completion Times for Diesel Generators

Text

SUBJECT:

Dear Sir or Madam:

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

6.0 ENVIRONMENTAL CONSIDERATION

8.0 REFERENCES

1.0 DESCRIPTION

2.0 PROPOSED CHANGE

3.0 BACKGROUND

4.0 TECHNICAL ANALYSIS

5.0 REGULATORY ANALYSIS

6.0 ENVIRONMENTAL CONSIDERATION

8.0 REFERENCES

Navigation menu

Search