License Amendment Request 03-06, Revision to Technical Specification 3.8.1, AC Sources - Operating.

ML031550354
Person / Time
Site:	Diablo Canyon
Issue date:	05/29/2003
From:	Oatley D Pacific Gas & Electric Co
To:	Document Control Desk, Office of Nuclear Reactor Regulation
References
DCL-03-060
Download: ML031550354 (55)
v • d • e

Text

W Pacific Gas and F

Electric Company David H. Oatley Diablo Canyon Power Plant Vice President and P0. Box 56 General Manager Avila Beach, CA 93424 May 29, 2003 805.545.4350 Fax: 805.545.4234 PG&E Letter DCL-03-060 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 Diablo Canyon Units 1 and 2 License Amendment Request 03-06 Revision to Technical Specification 3.8.1, AC Sources - Operating"

Dear Commissioners and Staff:

In accordance with 10 CFR 50.90, enclosed is an application for amendment to Facility Operating License Nos. DPR-80 and DPR-82 for Units 1 and 2 of the Diablo Canyon Power Plant, respectively. The enclosed license amendment request (LAR) proposes to revise Technical Specification (TS) 3.8.1, "AC Sources - Operating," to extend the allowable completion times for the Required Actions associated with restoration of an inoperable diesel generator (DG).

The proposed changes will extend the completion time for restoring an inoperable DG from 7 days to 14 days.

The proposed changes will provide increased flexibility in the scheduling and performance of on-line DG maintenance, improved allocation of maintenance resources, avoidance of DG-related unplanned plant shutdowns or requests for a Notice of Enforcement Discretion, and increased DG availability resulting in reduced risk during shutdowns.

The justification for the use of a DG extended completion time is based upon a risk-informed and traditional engineering (defense-in-depth) evaluation consisting of three main elements: 1) the availability of AC power via the start-up transformers from either offsite power or the opposite unit, 2) verification that the other DGs in the affected unit, the unit auxiliary feedwater pumps and all auxiliary saltwater (ASW) trains (including the ASW cross-tie between the two units) are operable, and

3) utilization of an established on-line risk management program while a DG is inoperable.

Enclosure 1 contains a description of the proposed changes, the supporting technical analyses, and the no significant hazards consideration determination.

A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

• Comanche Peak

• Diablo Canyon

• Palo Verde

• South Texas Project

• Wolf Creek 40

Document Control Desk PG&E Letter DCL-03-060 May 29, 2003 Page 2 Enclosures 2 and 3 contain marked-up and revised TS pages, respectively. provides the marked-up TS Bases changes for information. The TS Bases changes will be implemented pursuant to TS 5.5.14, "Technical Specifications Bases Control Program."

PG&E has determined that this LAR does not involve a significant hazards consideration as determined per 10 CFR 50.92. Pursuantto 10 CFR 51.22(b), no environmental impact statement or environmental assessment needs to be prepared in connection with the issuance of this amendment.

This amendment request represents a risk-informed licensing change. The proposed change meets the criteria of Regulatory Guide 1.174, "An Approach for Using Probabilistic RiskAssessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," and Regulatory Guide 1.177, "An Approach for Plant-Specific, Risk-Informed Decisionmaking: Technical Specifications," for risk-informed changes.

The changes proposed in this LAR are not required to address an immediate safety concern. Therefore, PG&E requests that the NRC review this LAR on a medium priority basis. PG&E also requests that the TS changes requested in this LAR be effective upon issuance, to be implemented within 60 days from issuance.

If you have any questions or require additional information, please contact Stan Ketelsen at (805) 545-4720.

Sincerely, David H. Oatley Vice President and General Manager - Diablo Canyon JER/3664 Enclosures cc: Edgar Bailey, DHS Thomas P. Gwynn David H. Jaffe David L. Prouix Girija S. Shukla Diablo Distribution A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

• Comanche Peak

• Diablo Canyon

• Palo Verde

• South Texas Project

• Wolf Creek

PG&E Letter DCL-03-060 UNITED STATES OF AMERICA NUCLEAR REGULATORY COMMISSION

) Docket No. 50-275 In the Matter of ) Facility Operating License PACIFIC GAS AND ELECTRIC COMPANY) No. DPR-80

)

Diablo Canyon Power Plant ) Docket No. 50-323 Units 1 and 2 ) Facility Operating License

) No. DPR-82 AFFIDAVIT David H. Oatley, of lawful age, first being duly sworn upon oath says that he is Vice President and General Manager - Diablo Canyon of Pacific Gas and Electric Company; that he has executed license amendment request LAR 03-06 on behalf of said company with full power and authority to do so; that he is familiar with the content thereof; and that the facts stated therein are true and correct to the best of his knowledge, information, and belief.

David H. Oatley Vice President and General Manager - Diablo Canyon Subscribed and sworn to before me this 29th day of May 2003.

Notary Public <

County of San Luis Obispo CHMK State of California Commisson # 1397547i

Enclosure 1 PG&E Letter DCL-03-060 EVALUATION

1.0 DESCRIPTION

This letter is a request to amend Operating Licenses DPR-80 and DPR-82 for Units I and 2 of the Diablo Canyon Power Plant (DCPP), respectively.

The proposed changes would revise the operating licenses by revising Technical Specification (TS) 3.8.1, "AC Sources - Operating" to extend the allowable completion times for the Required Actions associated with restoration of an inoperable diesel generator (DG) from 7 days (the current limit) to 14 days.

2.0 PROPOSED CHANGE

The proposed changes would revise TS 3.8.1 to extend the completion time for an inoperable DG from 7 days to 14 days.

Specifically:

The completion time for Required Action A.2 would be revised from "72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> AND 10 days from discovery of failure to meet LCO" to "72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> AND 14 days from discovery of failure to meet LCO."

The completion time for Required Action B.4 would be revised from "7 days AND 10 days from discovery of failure to meet LCO" to "14 days from discovery of failure to meet LCO."

The proposed changes will provide increased flexibility in the scheduling and performance of on-line DG maintenance, improved allocation of maintenance resources, avoidance of DG-related unplanned plant shutdowns or requests for a Notice of Enforcement Discretion, and improved DG availability during shutdowns. The proposed changes are justified based upon a risk-informed and traditional engineering (defense-in-depth) evaluation.

The proposed TS changes are shown on the marked-up TS pages provided in Enclosure 2. The revised TS pages are provided in Enclosure 3.

Appropriate changes will be made to the TS Bases. The revised TS Bases are included for information in Enclosure 4.

3.0 BACKGROUND

The proposed changes have been developed consistent with the objectives of the NRC's Probabilistic Risk Assessment (PRA) Policy Statement, "Use of 1

Enclosure 1 PG&E Letter DCL-03-060 Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy Statement," for enhanced decision-making and result in a more efficient use of resources, improvement in safety, and reduction of unnecessary burden.

Implementation of this proposed completion time extension will provide the following benefits.

1. Allow increased flexibility in the scheduling and performance of on-line DG maintenance.

2. Allow better control and allocation of resources. Allowing maintenance, including overhauls, in Modes 1, 2, 3 and 4 provides the flexibility to focus in-house experienced resources on any required or elective DG maintenance.

3. Avoid unplanned plant shutdowns and minimize the potential need for requests for a Notice of Enforcement Discretion. Risks incurred by unexpected plant shutdowns are not insignificant.

4. Improve DG availability during shutdown modes by performing maintenance currently done during shutdown in Modes 1, 2, 3 and 4.

This will reduce the risk associated with DG maintenance and the synergistic effects on risk due to DG unavailability occurring at the same time as other activities and equipment outages that occur during an outage.

The proposed completion time of 14 days provides adequate time to perform normal preventive DG inspections and maintenance requiring disassembly of the DG and to perform post-maintenance and operability tests required to return the DG to operable status.

It is PG&E's intent to minimize the use of the proposed 14-day completion time for planned maintenance to a frequency of no more than once per operating cycle for each DG. Furthermore, it is PG&E's intent to continue minimizing the time periods required to complete any unplanned maintenance. DG maintenance will be performed with the same emphasis on timely completion as is currently practiced. Additionally, DCPP will provide the resources necessary to minimize DG unavailability due to unplanned maintenance, as well as managing the risk of such evolutions using the DCPP Online Risk Management Program.

The Online Risk Management Program is controlled by Administrative Procedure AD7.DC6, "On-Line Risk Management," which provides guidance for managing plant trip and safety function degradation risk from on-line maintenance, external or internal conditions, as required by 10 CFR 50.65(a)(4) of the maintenance rule. Plant configuration changes for planned and unplanned maintenance of the DGs, as well as the at-power maintenance of other risk significant equipment, is managed by the Online Risk Management Program. This program helps to ensure that these maintenance activities are carried out with no significant increase in the risk of a severe accident.

2

Enclosure 1 PG&E Letter DCL-03-060

4.0 TECHNICAL ANALYSIS

The proposed changes have been evaluated to determine that current regulations and applicable requirements continue to be met, that adequate defense-in-depth and sufficient safety margins are maintained, and that any increase in the "at-power" core damage frequency (CDF) and large early release frequency (LERF) is small and consistent with the NRC Safety Goal Policy Statement. The change in the TS completion time is evaluated consistent with Regulatory Guide (RG) 1.177, "An Approach for Plant-Specific Risk-Informed Decisionmaking: Technical Specifications." Additionally, the proposed changes will not result in any increase in the total unavailability of each DG (i.e., including all Modes) and it is expected that the changes will result in a risk decrease for a typical refueling outage.

The justification for the use of a DG extended completion time is based upon a risk-informed and defense-in-depth evaluation consisting of three main elements:

1) the availability of AC power via the start-up transformers (SUT) from either offsite power or the opposite unit, 2) verification that the other DGs in the affected unit, the unit auxiliary feedwater (AFW) pumps, and all auxiliary saltwater (ASW) trains (including the ASW cross-tie between both units) are operable, and

3) utilization of the Online Risk Management Program while a DG is inoperable.

The Online Risk Management Program is used for DG maintenance as well as other work to ensure that there is no significant increase in the risk of a severe accident while any DG maintenance is performed. These elements provide the justification for the proposed TS change by providing a high degree of assurance that the current "at-power" defense-in-depth measures for mitigating the consequences of significant accident scenarios during the DG extended completion time (e.g., loss of offsite power (LOOP)/loss of coolant accident (LOCA), station black-out (SBO), and seismic events) are not noticeably impacted.

4.1 Traditional Engineering Considerations - Defense-in-DeDth The impact of the proposed TS changes were evaluated and determined to be consistent with the defense-in-depth philosophy. The defense-in-depth philosophy in reactor design and operation results in multiple means to accomplish safety functions and ultimately prevent the release of radioactive material.

DCPP is designed and operated consistent with the defense-in-depth philosophy. The plant has diverse power sources available (e.g., DGs, SUTs, auxiliary/main transformers and opposite unit DGs) to provide power to accident mitigation systems and components. The overall availability of the AC power sources to the engineered safety feature (ESF) buses, while "at-power," will not be significantly reduced as a result of the increased on-line DG preventive maintenance activities.

3

Enclosure 1 PG&E Letter DCL-03-060 Additionally, it is expected that the availability of the AC power sources to the ESF buses will be increased during a typical refueling outage.

Therefore, it is acceptable under controlled conditions to extend the completion time to perform on-line maintenance intended to maintain the reliability of the onsite emergency power systems.

While the proposed changes do increase the length of time a DG can be out of service (OOS) during unit operation, they will also increase the availability of the DGs while the unit is shutdown. The increased availability of the DG while shutdown will increase the system defense-in-depth during outages.

Electric Power Systems General Design Criterion (GDC) 17, "Electric Power Systems," states that the onsite electric power supplies shall have sufficient independence, redundancy, and testability to perform their safety functions assuming a single failure. Electric power from the transmission network to the onsite electric distribution system shall be supplied by two physically independent circuits designed and located so as to minimize, to the extent practical, the likelihood of their simultaneous failure under operating and postulated accident and environmental conditions. At DCPP, the two sources of offsite power are the 500-kV system and the 230-kV system, with the 230-kV system being immediately available after an accident.

The 230-kV system is supplied by two incoming transmission lines, one from Morro Bay Substation, and the other from Mesa Substation.

Limiting Condition for Operation (LCO) 3.8.1. requires the following AC electrical sources to be operable:

a. Two qualified circuits (one immediate access 230-kV source and one delayed access 500-kV source) between the offsite transmission network and the onsite Class I E distribution system.

b. Three DGs capable of supplying the onsite Class 1E distribution system.

Description of AC Power System The DCPP electrical systems generate and transmit power to the high-voltage system, distribute power to the auxiliary loads, and provide control, protection, instrumentation, and annunciation power supplies for the units. Power is generated at 25-kV. Auxiliary loads are served at 12-kV, 4.16-kV, 480-V, 120-Vac, 250-Vdc and 125-Vdc. None of the ESF auxiliary loads are served at 12-kV or at 250-Vdc.

4

Enclosure 1 PG&E Letter DCL-03-060 Offsite AC power for plant auxiliaries is available from two 230-kV transmission circuits and three 500-kV transmission circuits.

Onsite AC auxiliary power is supplied by each unit's main generator and is also available for vital loads from six DGs. Three DGs are dedicated to each unit.

Figure 1 provides an overview of the DCPP electrical distribution system (4-kV and higher).

5OOkV Switchyard 230kV Switchyard Bus:

Midway 2 Bus I 'L70i4-

.]282 Mesa Midway 3 nzJ t2Z..I 83 ~~-l 622 Main Bank Xfmr - LTEy 2-1.LTC I-' t 632 Bs 2 zmrs~~~~~~~~~~~~~-

, Morro Ba Gates 1 500kV t 25kV x-s U2 Main Bank Xfmr 500kVi25kV Aux Xfmr z 1-1if 25kV 2kV 4kV Ax 1- 212kV 12-2

'1 220kV'~'1-V U XfmrT '

( Aux Xfmr 225kV 12kV

_7 2 Aux Xfmr 2-1 CI Generator 12kVSU u., 7 Generator

[usD DG H (Y)Bus F DG F DG DG BusD BusE2 1-1 1-2 1-3232122 I' Tr-Yj 7 YiJC 7 v> 7~~~~~~~~~~~ _ E CBus Bus D Bus H Bus G Bus F Bus F Bus G Bus H Bus D Figure 1 DCPP Electrical Distribution Overview Availability of Offsite Power System DCPP is interconnected to PG&E's electric grid system via two 230-kV and three 500-kV lines through their respective 230-kV and 500-kV switchyards. These switchyards are physically and electrically separated and independent of each other. The 230-kV system provides startup and standby power, and is immediately available following a LOCA to assure that core cooling, containment integrity, and other vital safety functions are maintained. The 500-kV system provides for transmission of the plant's power output. The 500-kV connection also provides a delayed access source of offsite power after the main generator is disconnected. A combination of either 230-kV circuit and one of the 500-kV circuits provides independent sources of offsite power, as required by GDC 17.

5

Enclosure 1 PG&E Letter DCL-03-060 The other 230-kV and 500-kV circuits provide capability beyond that required to meet minimum NRC regulatory requirements to ensure reliability of the offsite power systems.

Offsite power for startup and standby service is provided from the 230-kV transmission system. The two incoming 230-kV transmission lines, one from the Morro Bay switchyard, about 10 miles away, and the other from the Mesa Substation, feed a 230-kV switchyard having three 230-kV circuit breakers, one for each line and one for the 230-kV/12-kV standby-startup transformers. A single tie-line from the 230-kV switchyard supplies the standby-startup transformer (230-kV/12-kV) for each unit. A single standby startup transformer may be taken out of service for maintenance. Both units are designed to be supplied from a single startup transformer, with the startup bus Unit 1-Unit 2 cross-tie breaker closed.

Continued operation of the plant is procedurally controlled while in this configuration. The 230-kV transmission system and the 230-kV/12-kV standby startup power system are designed in a manner intended to obtain a high degree of service reliability and to minimize the time and extent of outage if failures do occur.

The 500-kV system provides for transmission of the plant's power output, and provides a delayed access source of offsite power to the plant auxiliary systems and ESF buses when the main generator is not in operation. The 500-kV system is available in sufficient time to safely shutdown the plant during non-accident conditions. Power is backfed via the main transformer and the unit auxiliary transformers. In the event of a loss of main generator output, the 500-kV backup source of auxiliary power can be placed in service in about 30 minutes.

Availability of Onsite Power Systems The onsite AC systems consist of the 25-kV, 12-kV, 4.16-kV, and 480-V power systems, the 208Y/120-V lighting system, and the 120-Vac instrument supply systems.

Auxiliary power for normal plant operation is supplied by each unit's main generator through the unit auxiliary transformers, except during startups and shutdowns. Auxiliary power for startups and shutdowns is supplied by offsite power sources.

25-kV is the voltage at which power is generated. Approximately 96 percent of the generated power is transformed to 500-kV at the main transformers, and the remainder is transformed to 12-kV and 4.16-kV at the unit auxiliary transformers.

6

Enclosure 1 PG&E Letter DCL-03-060 The 12-kV system for each unit serves two circulating water pumps (13,000 hp each) and the four reactor coolant pumps (6,000 hp each).

The 4.16-kV system serves motors from 200 to 3000 hp, and transformers for the smaller loads at lower voltages. The 4.16-kV loads are divided into five groups; two of these groups are not vital to the ESFs and are connected to nonvital 4.16-kV buses D and E.

The other three 4.16-kV load groups are important to safety and are connected to 4.16-kV vital buses F, G, and H. Each vital bus has three sources: one from the main generator (or the 500-kV system through the main transformer) through unit auxiliary transformer 12(22), one from the 230-kV transmission system through standby SUTs 11 (21) and 12(22),

and a dedicated DG.

The three dedicated 4.16-kV DGs for each unit are physically isolated from each other and from other equipment. Each DG supplies power to its associated 4.16-kV vital bus.

The ESF loads and their onsite sources are grouped so the functions required during a major accident are provided regardless of any single failure in the electrical system. Any two of the three DGs and their buses are adequate to serve at least the minimum required ESF loads of a unit after a major accident.

In the event of a loss of satisfactory electrical power from the main generator, due to a unit trip, a safeguard signal, or a loss of voltage on the bus, the vital 4.16-kV buses are automatically disconnected immediately from the main generator as a source.

If power is available from the offsite standby source (230-kV), the vital 4.16-kV buses are transferred to this source automatically after a short delay to allow for voltage decay on the motors that were running.

If bus voltage is not restored within 1 second, the associated DG is started automatically and brought to a condition suitable for loading. Should there be a loss of offsite standby power concurrent with the loss of onsite power (i.e., the main generator), the 4.16-kV circuit breaker feeding the vital 4.16-kV buses F, G, and H from the main generator is opened immediately. All three DGs for the unit are started and accelerated to normal frequency and minimum bus voltage in a period of less than 10 seconds.

Should offsite power still be unavailable when the DGs have reached breaker close-in voltage, all circuit breakers from the normal onsite and offsite standby sources to the vital 4.16-kV buses are given a trip signal 7

Enclosure 1 PG&E Letter DCL-03-060 independently to make sure they are open (the expected condition at this point). The offsite standby source is automatically blocked from reclosing.

The 4.16-kV circuit breaker for each DG then closes automatically to restore power to its associated vital 4.16-kV bus and, consequently, also to its associated 480- and 120-V buses.

Station Blackout Capacity SBO at DCPP is defined as loss of power from the 500-kV and 230-kV switchyards with the failure of two DGs to operate in one of the units. The other unit is assumed to experience only a LOOP.

The DCPP SBO analysis was performed using the guidance provided in NUMARC 87-00, Rev. 0. During an SBO event, the SBO analysis demonstrated that the plant could be safely shutdown utilizing either buses G or H and their normally connected DGs (emergency AC sources) and, thereby, the third DG and its bus F were declared the alternate AC (AAC) source. However, during an SBO event, any of the three DGs may be used as the AAC source. The SBO analysis takes credit for the hydraulic interconnection of the ASW systems between Unit 1 and 2 by manually opening FCV-601. Since the AAC source is a Class 1E DG, it meets the criterion for the AAC source to be available within 10 minutes and, therefore, no coping analysis was required to be performed.

The SBO analysis is not required to assume a concurrent single failure or design basis accident. In addition, 10 CFR 50.63 permits the use of nonsafety-related systems and equipment to respond to an SBO event.

Although the DCPP SBO analysis takes credit for the hydraulic ASW interconnection between units, the electrical interconnection of the 4-kV buses within a unit to obtain the necessary ASW flow is not precluded. To prevent initiation of a safety injection (SI) signal during an SBO, it is necessary to re-energize a battery charger connected to each battery bus within the 2-hour battery duty cycle. However, generation of an inadvertent SI signal has been analyzed and does not interfere with safe shutdown of the unit.

Safety Function Defense-in-Depth With one DG OOS during at-power operations, the AC system is designed with adequate defense-in-depth. There are multiple means to accomplish safety functions and prevent release of radioactive material. The DCPP PRA confirms the results of the defense-in-depth analysis, that protection of the public health and safety are ensured.

8

Enclosure 1 PG&E Letter DCL-03-060 System redundancy, independence, and diversity are maintained commensurate with the expected frequency and consequences of challenges to the system. Implementation of the proposed changes will be done in a manner consistent with the defense-in-depth philosophy.

The Online Risk Management Program ensures consideration of prevailing conditions, including other equipment OOS, and implementation of compensatory actions to assure adequate defense-in-depth when a DG is OOS. Although not quantified as a risk reduction factor, the insights from PRA are used to develop configuration-specific contingency plans, when needed. Such an approach further enhances the defense-in-depth concept and improves the overall reliability of the accident mitigating functions.

The following subsections and Table 1 summarize the capability of the plant to respond to events while a DG is unavailable. The DGs support the plant response to events involving LOOP. Based on the DCPP PRA, the most risk-significant scenarios in which DGs are required involve two important plant safety functions in addition to the AC power function: heat removal and reactor coolant pump (RCP) seal cooling. Table 1 provides a summary of the defense-in-depth of these safety functions for Unit 1, assuming offsite power is lost.

AC Power In the context of this evaluation, AC power availability involves the availability of AC power to the vital buses for event mitigation, if the normal offsite power supply is lost (e.g., due to a LOOP). This requires providing alternate or emergency power to vital buses F, G, and H. As described previously, a dedicated DG is available to supply emergency AC power to each vital bus.

Heat Removal Assurance of adequate heat removal is primarily supported by AFW feed and bleed. AFW feed and bleed involves pumping AFW water, which is at ambient temperature, into the SGs and removing heated water via the blowdown system, or removing steam via the steam dump valves, or the atmospheric dump valves if the condenser is not available. The primary and desired mode of decay heat removal is via the steam generators. In the event of a LOOP, this can be accomplished with any one of three AFW pumps (one turbine, and two motor-driven). Alternatively, core cooling can be accomplished via reactor coolant system (RCS) feed and bleed cooling if AFW fails.

RCS feed and bleed involves injecting water into the RCS with an emergency core cooling system (ECCS) pump (charging, SI or residual 9

Enclosure 1 PG&E Letter DCL-03-060 heat removal (RHR) depending on RCS pressure) and bleeding via a power-operated relief valve (PORV).

RCP Seal Cooling Although RCP seal cooling is not a true safety function, it is important in LOOP cases and can be evaluated from a defense-in-depth perspective. Even with the RCPs not in operation, the RCP seals need to be protected from overheating by the reactor coolant. The thermal barriers, cooled by component cooling water (CCW), are capable of preventing overheating and degradation of the RCP seals. RCP seal integrity can also be maintained via RCP seal injection using the centrifugal charging pumps. Either CCW cooling of the thermal barriers (note that CCW requires success of ASW) or seal injection alone is capable of maintaining adequate RCP seal cooling. If CCW is unavailable, fire protection system flow through installation of a jumper can be used to cool the centrifugal charging pumps, which provide seal injection flow.

From Table 1, it can be seen that in all cases, including those with a DG OOS, the plant has at least two means of assuring that each safety function can be met. From this table, it can also be seen that when DG 1-3 is unavailable, there is less redundancy than the other configurations. The relative importance of DG 1-3 is also seen in the PRA results and is consistent with the defense-in-depth evaluation. The same evaluation would apply to Unit 2.

Additional Defense-in-Depth Considerations No new potential common cause failure modes are introduced by the proposed TS changes, and protection against common cause failure modes previously considered is not compromised.

The independence of physical barriers to radionuclide release is not affected by these proposed changes.

Consistent with the current practices, adequate defenses against human errors are maintained. These proposed changes do not require any new operator response or introduce any new opportunities for human errors not previously considered. Qualified personnel will continue to perform DG maintenance and overhauls. In fact, on-line maintenance will allow for experienced in-house resources to be directed towards the DG maintenance, since concurrent work is significantly less than during an outage. The actual DG maintenance work activities are not affected by this change. No other new actions are necessary because of additional maintenance performed on-line.

10

Enclosure I PG&E Letter DCL-03-060 The DCPP Final Safety Analysis Report Updated (FSARU), Section 3.1 provides the basis for concluding that the plant adequately satisfies and meets the intent of the NRC GDCs in Appendix A to 10 CFR Part 50.

FSARU Section 3.1 states:

3.1 CONFORMANCE WITH AEC GENERAL DESIGN CRITERIA The Diablo Canyon Power Plant (DCPP) units are designed to comply with the Atomic Energy Commission (AEC) (now the Nuclear Regulatory Commission, or NRC) General Design Criteria (GDCs) for Nuclear Power Plant Construction Permits, published in July 1967.

Sections 3.1.1 through 3.1.10, therefore, provide a listing of these criteria and a discussion of conformance. In addition, Appendix 3. 1A lists the GDCs published as Appendix A to 10 CFR 50 in February 1971 and provides a summary discussion of the designs and procedures that are intended to meet these criteria. Any exception to the 1971 GDCs that could not be met or accommodated because of earlier design or construction commitments for DCPP is identified in the discussion of the corresponding criterion.

The proposed changes do not affect the bases for the FSARU conclusions and do not affect compliance with NRC GDCs.

11

Enclosure 1 PG&E Letter DCL-03-060 Table I DEFENSE-IN-DEPTH

SUMMARY

FOR DIABLO CANYON POWER PLANT ASSUMING LOSS OF OFFSITE POWER (BASED ON UNIT 1)

AC POWER HEAT REMOVAL RCP SEAL COOLING Supplies to Supplies to Supplies to Steam Generator Feed & Bleed RCP Seal Cooling Configuration BUS F BUS G BUS H Heat Removal Capability

• SUT 1-2 . SUT 1-2

• SUT 1-2 . Turbine-Driven

• Bleed Capability:

• Thermal Barrier-

• DG 1-3

• DG 1-2 . DG 1-1 AFW Pump 1-1 PORV 455C and Cooling:

• Auxiliary

• Auxiliary

• Auxiliary

• Motor-Driven PORV 456 (Note 3) - CCW Pumps 1-1, NORMAL Transf 1-2 Transf 1-2 Transf 1-2 AFW Pump 1-2 . Injection: 1-2 and 1-3 (ALL DGs (Note 1) (Note 1) (Note 1)

• Motor-Driven -Charging Pump 1-1 - ASW Pumps 1-1 AVAILABLE)

• Cross-tie

• Cross-tie

• Cross-tie AFW Pump 1-3 -Charging Pump 1-2 and 1-2 and cross-from other from other from other -SI Pump 1-1 tie to Unit 2 via unit or from unit or from unit or from -SI Pump 1-2 FCV-601 another another another

• Seal Injection DG in the DG in the DG in the -Charging Pump 1-1 same unit. same unit. same unit. -Charging Pump 1-2 12

Enclosure 1 PG&E Letter DCL-03-060 AC POWER HEAT REMOVAL RCP SEAL COOLING Supplies to Supplies to Supplies to Steam Generator Feed & Bleed RCP Seal Cooling Configuration BUS F BUS G BUS H Heat Removal Capability

• SUT 1-2

• SUT 1-2

• SUT 1-2

• Turbine-Driven

• Bleed Capability:

• Thermal Barrier

• DG 1-3

• DG 1-2

• Auxiliary AFW Pump 1-1 - PORV 455C and Cooling:

• Auxiliary

• Auxiliary Transf 1-2

• Motor-Driven PORV 456 (Note 3) - CCW Pumps 1-1 DG 1-1 OOS Transf 1-2 Transf 1-2 (Note 1) AFW Pump 1-3

• Injection: and 1-2 (Note 1) (Note 1)

• Cross-tie -Charging Pump 1-1 -ASW Pumps 1-1

• Cross-tie

• Cross-tie from other -Charging Pump 1-2 and 1-2 and cross-from other from other unit or from -SI Pump 1-1 tie to Unit 2 via unit or from unit or from another FCV-601 another another DG in the

• Seal Injection DG in the DG in the same unit. -Charging Pump 1-1 same unit. same unit. -Charging Pump 1-2

• SUT 1-2

• SUT 1-2

• SUT 1-2

• Turbine-Driven

• Bleed Capability:

• Thermal Barrier

• DG 1-3

• Auxiliary

• DG 1-1 AFW Pump 1-1 PORV 455C and Cooling:

• Auxiliary Transf 1-2

• Auxiliary (Note 2) PORV 456 (Note 3) - CCW Pumps 1-1 DG-1-2 OOS Transf 1-2 (Note 1) Transf 1-2

• Motor-Driven

• Injection: and 1-3 (Note 1)

• Cross-tie (Note 1) AFW Pump 1-2 -Charging Pump 1-1 - ASW Pump 1-1

• Cross-tie from other

• Cross-tie

• Motor-Driven -SUPump 11 and cross-tie to from other unit or from from other AFW Pump 1-3 -SI Pump 1-2 Unit 2 via FCV-601 unit or from another unit or from

• Seal Injection another DG in the another -Charging Pump 1-1 DG in the same unit. DG in the same unit. same unit.

13

Enclosure 1 PG&E Letter DCL-03-060 AC POWER HEAT REMOVAL RCP SEAL COOLING Supplies to Supplies to Supplies to Steam Generator Feed & Bleed RCP Seal Cooling Configuration BUS F BUS G BUS H Heat Removal Capability

• SUT 1-2

• SUT 1-2

• SUT 1-2

• Turbine-Driven

• Bleed Capability:

• Thermal Barrier

• Auxiliary

• DG 1-2

• DG 1-1 AFW Pump 1-1 PORV 455A and Cooling:

Transf 1-2

• Auxiliary

• Auxiliary

• Motor-Driven PORV 456 (Note 3) - CCW Pumps 1-2 DG-1-3 OOS (Note 1) Transf 1-2 Transf 1-2 AFW Pump 1-2

• Injection: - ASW Pump 1-2 and

• Cross-tie (Note 1) (Note 1) -Charging Pump 1-2 cross-tie to Unit 2 via from other

• Cross-tie

• Cross-tie -SI Pump 1-2 FCV-601 (Note 4) unit or from from other from other

• Seal Injection another unit or from unit or from -Charging Pump 1-2 DG in the another another same unit. DG in the DG in the same unit. same unit.

NOTES: 1. Although Auxiliary Transformer 1-2 is the primary source of AC power when the unit is on-line and is not normally the source during a plant trip or accident condition, an alternate path can be established when the generator is off-line: auxiliary transformer "backfeed" provides power from the 500-kV switchyard to the auxiliary transformers with the generator off-line.

2 DC power for AFW Pump 1-1 is provided via Battery Charger 12 from DG 1-2 or by manually aligning the backup Battery Charger 121 from DG 1-1.

3. Two PORVs are required for successful feed and bleed. The third PORV (PCV-474) is assumed to be unavailable on LOOP due to loss of non-class 1 instrument air. DC power for PORV 455C is normally via Battery Charger 12 (DG 1-2) or alternately via manual alignment to Battery Charger 121 (DG 1-1). DC power for PORV 456 is normally via Battery Charger 132 (DG 1-1) or alternately via manual alignment to Battery Charger 131 (DG 1-3).

4. For remote operation from the control room, ASW cross-tie valve FCV-601 is powered from Unit 1 Bus F.

However, there is adequate time available for local operation of the valve in many accident conditions.

14

Enclosure 1 PG&E Letter DCL 03-060 4.2 Evaluation of Risk Impact Using RG 1.177 Three Tier Approach Risk-informed support for these proposed changes is based on maintaining defense-in-depth, quantifying the PRA to determine the change in "at-power" CDF and LERF resulting from the proposed increase in completion time for the DGs, continuation of the Online Risk Management Program, including performance of maintenance rule 10 CFR 50.65(a)(4) risk assessments, to control performance of other risk significant tasks during the DG outage, and consideration of configuration specific compensatory measures to minimize risk.

The risk impact of the proposed changes has been evaluated and found to be acceptable. Overall "at-power" risk only increases incrementally and within acceptable limits. The effect on risk of the proposed increase in completion time for restoration of an inoperable DG has been evaluated using the NRC's three-tier approach suggested in RG 1.177:

Tier I - PRA capability and insights, Tier 2 - Avoidance of risk-significant plant configurations, and Tier 3 - Risk-informed configuration risk management.

Although RG 1.177 requires the evaluation of the proposed change on the total risk (i.e., on-line and shutdown risk), this evaluation only quantifies the on-line risk. This is conservative since the shutdown risk will be reduced as a result of the proposed change. This is due to the increased availability of the DGs during shutdown that will result from this change.

4.2.1. Tier 1: PRA Capability and Insights Risk-informed support for the proposed changes is based on an evaluation of PRA calculations performed to quantify the change in CDF and LERF resulting from the increased completion times for the DGs.

PRA Capability The scope, level of detail, and quality of the DCPP PRA (DCPRA) are sufficient to support a technically defensible and realistic evaluation of the risk change from this proposed completion time extension. The DCPRA used in this evaluation addresses internal, seismic and fire events at full power. The internal and seismic models were used directly; the fire model required additional evaluation for the purpose of 15

Enclosure 1 PG&E Letter DCL-03-060 these calculations. The DCPRA is performed for Unit 1, but it is equally applicable to Unit 2 because the two units are essentially identical.

The DCPRA is based on the original 1988 DCPP PRA that was performed as part of the long term seismic program (LTSP). The DCPRA-1 988 was a full scope Level 1 PRA that evaluated internal and external events. The NRC reviewed the LTSP and issued Supplemental Safety Evaluation Report (SSER) No. 34 accepting the DCPRA-1 988. The DCPRA was subsequently updated to support the Individual Plant Examination (IPE) (1991) and the Individual Plant Examination for External Events (IPEEE) (1993). Since 1993, several other updates have been made to incorporate plant and procedure changes, update plant specific reliability and unavailability data, improve the fidelity of the model, incorporate Westinghouse Owners Group (WOG) Peer Review comments, and support other applications, such as on-line maintenance and risk-informed in-service inspection.

Prior to the IPE submittal, the model was enhanced to include the probability of a LOOP subsequent to non-LOOP initiating events.

Other improvements to the PRA model, since the IPE, that affect this submittal include:

• Incorporation of sixth DG installed in 1993.

• Upgraded ASW system modeling to make it more consistent with the SBO submittal

• Allowed credit for cross-tie of vital 4-kV buses (i.e., one DG feeds loads on two vital buses)

• Added 500-kV switchyard model, to supplement 230-kV switchyard

• Added more detailed modeling for transient-induced LOCAs from LOOP, including application of credits and penalties for third PORV.

• Updated initiating event frequencies to reflect data from NUREG-5750 The DCPRA was recently enhanced to support the analysis of the DG completion time extension. The most significant change made was to the RCP seal LOCA model. The updated DCPRA now uses the Rhodes RCP Seal Model as defined in NUREG/CR-5167 "Cost/Benefit Analysis for Generic Issue 23: Reactor Coolant Pump Seal Failure,"

Appendix A, dated April 1991 to characterize the RCP seal performance on loss of cooling and seal injection.

16

Enclosure 1 PG&E Letter DCL-03-060 The DCPRA includes an evaluation of containment performance. A simplified LERF model, based on the Level 2 PRA, is used for calculating LERF for internal, seismic and fire scenarios.

The DCPRA is a living PRA, which is maintained through a periodic review and update process.

Peer review certification of the DCPRA, using the WOG peer review certification guidelines, was performed in May 2000. This peer review certification was carried out by a team of independent PRA experts from U.S. nuclear utility PRA groups and PRA consultant organizations. This intensive peer review involved about two person-months of engineering effort by the review team and provided a comprehensive assessment of the strengths and limitations of each element of the PRA. On the basis of its evaluation, the certification team determined that, with certain findings and observations addressed, the quality of all elements of the PRA would be sufficient to support risk significant evaluations with defense-in-depth input relative to the requested completion time extension. All of the findings and observations from this assessment, which the review team indicated were important or which involved risk elements that are needed to evaluate the proposed completion time extension, were dispositioned.

As a result, a number of modifications were made to the PRA model prior to its use to support these proposed changes. A major enhancement was the reanalysis and updating of the pre- and post-initiating events human reliability assessment.

In addition to the peer certification, a limited scope, independent assessment of the DCPRA was performed by an industry PRA expert prior to completing the extended completion time analysis. The assessment focused on the elements required to support the DG completion time extension.

As a result of the sound basis of the original model as documented in NUREG-0675 (SSER-34) and NUREG/CR-5726, the considerable effort to incorporate the latest industry insights into the PRA, self-assessments, and certification peer reviews, PG&E is confident that the results of the risk evaluation to support the requested DG completion time extension are technically sound and consistent with the expectations for PRA quality set forth in RG 1.177 and 1.174.

17

Enclosure 1 PG&E Letter DCL-03-060 Fire and Other External Events A fire analysis was conducted as part of the LTSP and updated to support the 1993 IPEEE. Other than control room (CR) and cable spreading room (CSR) fire scenarios, the fire PRA quantifies the CDF associated with most internal fire initiating events using the same linked event tree models as the internal and seismic events analyses.

Separate event trees using conservative assumptions were developed for evaluating CR and CSR fire scenarios.

As part of the evaluation of the DG completion time extension, the fire scenarios and models were re-evaluated using the following steps:

1. For non-CR/CSR fire scenarios that are quantified using the event tree models, the figures of merit were directly calculated.

The results of these calculations are included in the risk metric results tables later in this section.

2. For fires in the CR and the CSR, the customized fire event trees were reviewed to assess the impact of the extension in the DG completion time results.

The review of these scenarios determined that the contribution of these scenarios to the change in risk due to the proposed DG completion time extension is negligible.

3. All fire scenarios previously screened during the fire PRA evaluation were reviewed to ensure that the screening basis is not significantly affected by the extension in the completion times for the DGs. For the affected scenarios, the contribution to risk was reassessed for the base case and the DG OOS cases. This assessment included a review of plant fire events to ensure that the risk from plant specific fire events was included. The review concluded that the impact of the proposed DG completion time extension is limited to a class of fire events that could result in a fire-induced LOOP (similar to the event that occurred in May 2000).

The quantitative impact of these fire-induced LOOP events are incorporated into the values provided in the risk metric results tables later in this section.

The evaluation of high winds, external floods, and other external events, which was done as part of the IPEEE, revealed no potential 18

Enclosure I PG&E Letter DCL-03-060 vulnerabilities. The proposed extension to the DG completion time has negligible effect on the risk profile at DCPP from other external events.

Risk Metrics To determine the effect of the proposed 14-day completion time for restoration of an inoperable DG, the guidance suggested in RG 1.174 and 1.177 was used. Accordingly, the following risk metrics were used to evaluate the risk impacts of extending the DG completion time from 7 days to 14 days.

ACDFAvE = change in the annual average CDF due to any increased on-line maintenance unavailability of DGs that could result from the increased completion time. This risk metric is used to compare against the criteria of RG 1.174 to determine whether a change in CDF is regarded as risk significant. These criteria are a function of the baseline annual average core damage frequency, CDFBASE.

ALERFAVE = change in the annual average LERF due to any increased on-line maintenance unavailability of DGs that could result from the increased completion time. Similar to ACDFAVE, RG 1.174 criteria were also applied to judge the significance of changes in this risk metric.

ICCDP{EDGx) = incremental conditional core damage probability with DG "x" OOS for an interval of time equal to the proposed new completion time (i.e.,14 days). This risk metric is used as suggested in RG 1.177 to determine whether a proposed increase in completion time has an acceptable risk impact.

ICLERPfEDGx) = incremental conditional large early release probability with DG "x" OOS for an interval of time equal to the proposed new completion time (i.e., 14 days). Similar to ICCDP{EDGx), RG 1.177 criteria were also applied to judge the significance of changes in this risk metric.

The evaluation of the above risk metrics was performed as follows.

Change in CDF/LERF The change in the annual average Unit 1 CDF due to the change in the DG completion time, ACDFAVE, was evaluated by computing the following equation. Note, that since the DCPRA model applies to both 19

Enclosure 1 PG&E Letter DCL-03-060 Unit 1 and 2, the results of the following calculations apply to both units also:

ACDFvE (f1 T C YAR)

S + (r7,-2 tCDF K YER)

CCDF +

k

-L"1DF_,O TYEAR)

+

IrIi T TYEAR T1CDFBASE - CDFBAE where the following definitions apply.

CDF1_100S = CDF evaluated from the PRA model for Unit 1 with the DG 1-1 OOS.

CDF 200 S = CDF evaluated from the PRA model for Unit 1with the DG 1-2 OOS.

CDFI-30 0S = CDF evaluated from the PRA model for Unit 1 with the DG 1-3 OOS.

T1. 1 = Additional time per year (TYEAR) that DG 1-1 is OOS as a result of extending the completion time T1_2 = Additional time per year (TYEAR) that DG 1-2 is OOS as a result of extending the completion time T13 = Additional time per year (TYEAR) that DG 1-3 is OOS as a result of extending the completion time CDFBASE =baseline annual average CDF for Unit 1 with average unavailability of DGs consistent with the current DG Completion time. This is the CDF result of the current baseline DCPRA for Unit 1. The same value is used for Unit 2.

Note that the CDF results for the DG OOS cases (e.g., CDF1 10 05 )

include constraints on concurrent maintenance or inoperability of other key components, including those that would normally be constrained due to TSs. Specifically, the quantification assumed the following structures, systems, and components (SSCs) are available:

• Other DGs in the same unit

• 230-kV start-up power

• AFW in the same unit

• ASW in both units, including the cross-tie FCV-601.

20

Enclosure I PG&E Letter DCL-03-060 Although additional configuration specific compensating measures are expected to be taken during DG maintenance or unavailability (see Section 4.2.2), the impact of these compensatory measures on the risk measures are not explicitly quantified.

A similar approach was used to evaluate the change in the average LERF (ALERFAVE) due to the requested completion time:

M ERFA E =(-LERF, 7

TYE4R] TiEr )Ex 10s(-)LER,200S+( t)LERFI 300s+(

i-oor 12 LERFAELERFASE LEFa-EF where the following definitions were applied.

LERFIlooS =LERF evaluated from the DCPRA model with DG train 1-1 OOS.

LERFi- 200S = LERF evaluated from the DCPRA model with DG train 1-2 OOS.

LERFI- 300S =LERF evaluated from the DCPRA model with DG train 1-3 OOS.

LERFBASE = baseline annual average LERF for Unit 1 with average unavailability of DGs consistent with the current DG Completion time. This is the LERF result of the current baseline DCPRA for Unit 1. The same value is used for Unit 2.

The constraints accounted for in the LERF calculations are the same as those described above for the CDF metrics.

Expected Unavailability with New Completion Times The following are the bases and assumptions used to determine the additional expected unavailability for the delta CDF/LERF evaluations:

1. The extended completion time would be used for two purposes:

Performance of preventive maintenance tasks currently performed during outages and repair of a failed DG.

2. The amount of time to be added to future on-line unavailability due to moving preventive maintenance work out of refueling outages is 21

Enclosure 1 PG&E Letter DCL-03-060 approximately 29 hours3.356481e-4 days <br />0.00806 hours <br />4.794974e-5 weeks <br />1.10345e-5 months <br /> per year. Currently, a significant portion of the DG preventive maintenance is already performed on-line.

3. Only one major overhaul (in excess of seven days) will be performed per DG per refueling cycle.

4. The additional unavailability required for the maintenance items that are not due every refueling cycle is estimated at 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> per year.

These are items that are on a schedule other than a refueling cycle schedule.

5. The general policy of working both shifts for DG maintenance continues, so unavailability estimates based on past performance are indicative of future unavailability.

6. The cycle time is based on the current nominal 21-month fuel cycle and an assumed total planned and unplanned outage duration of 30 days.

7. Diesel generator reliability and unavailability values are based on past plant experience. A review of recent data verified that the values used in the current PRA model are still representative of the diesel reliability and availability. In the future, maintenance practices and requirements are expected to remain consistent with current practices. Thus, for the purposes of calculating the expected change in DG unavailability, it is appropriate to use the current unavailability from the PRA plus the additional unavailability that will be incurred by moving some outage maintenance to on-line (as a result of this completion time extension). The monitoring and corrective action processes in place for the 10 CFR 50.65 maintenance rule, will ensure that if DG reliability or unavailability change significantly in the future, they will be addressed appropriately (see Section 4.3.1).

Therefore, the increase in "at-power" DG unavailability given the extension in completion time is 24 + 29 = 53 hours6.134259e-4 days <br />0.0147 hours <br />8.763227e-5 weeks <br />2.01665e-5 months <br /> (2.2 days) per year.

This is equivalent to an increase in unavailability of approximately 0.006.

Hence, TIIOos = TI- 20 0S = TI30os = 53 hours6.134259e-4 days <br />0.0147 hours <br />8.763227e-5 weeks <br />2.01665e-5 months <br /> = 2.2 days Other Comments on PRA Calculations

1. The calculations for change in CDF conservatively neglect the decrease in CDF contribution that will be associated with increased DG availability during shutdown periods, particularly during mid-loop operations in the first week of the outage.

22

Enclosure 1 PG&E Letter DCL-03-060

2. The values calculated for change in CDF and LERF are obtained from PRA models that include contributions from internal events, seismic and internal fires. These values do not include other external events, such as transportation accidents. However, DG unavailability has a negligible impact on CDF/LERF from these external hazards.

3. The calculated LERF does not include contributions from the CR and CSR fire scenarios. However, the analysis of containment performance supporting the IPEEE did not identify vulnerabilities stemming from sequences that involve containment failure modes distinctly different from those obtained in the internal events analysis (LERF is dominated by the non-isolated steam generator tube rupture (SGTR) initiating event). Considering this, and the fact that the CDF associated with CR and CSR fires is unaffected by the EDG completion time, it can be concluded that the LERF estimate as currently calculated is an adequate estimate of this figure of merit.

4. The DCPRA calculations provide CDF and LERF results for Unit 1.

A separate Unit 2 PRA model does not exist. However, due to the symmetry of the two units, the DCPRA results are used to characterize the risk for both units. Equipment failure rates and unavailability are based on plant specific experience from both units combined.

Incremental Conditional Probabilities The incremental conditional core damage probability (ICCDP) and incremental conditional large early release probability (ICLERP) are computed using their definitions in RG 1.177. The ICCDP values are dimensionless probabilities used to evaluate the incremental probability of a core damage event over a period of time equal to the extended completion time. This should not be confused with the evaluation of ACDFAVE, in which the CDF is based on expected unavailability. However, the endstate frequencies used to calculate ICCDP/ICLERP (e.g., CDFI.loos) are the same as those used to calculate the change in CDF/LERF as described in the previous section.

The ICCDP is calculated by multiplying the change in CDF by the full completion time (TcT) requested. Therefore, 23

Enclosure 1 PG&E Letter DCL-03-060 ICCDP, = (CDF,OOS - CDFBASE CT JCCDP,X = (CDFxos- CDFBASE)* (14days) * (365.25days/year)'

ICCDPX = (CDF;IQ.s - CDFBAsE )

• 3 .83xlo 2 In the above formula, 365.25 days/year is a conversion factor to get the completion time (TCT) units consistent with the CDF frequency units (expressed as frequency per year).

Similarly, ICLERP is defined as follows.

ICLERPx = (LERF;oos - LERFAS) *3.83xl 0-2 Since the unavailability of each DG has a different impact on quantified risk, the incremental conditional probabilities for the most limiting DG(s) will be used to compare against the acceptance criteria.

Results and Insights The intermediate results of the risk evaluation are presented in Tables 2, 3, and 4. These tables show the results of the risk metric calculations for each train independently. The total base CDF ("base model") value is approximately 5.1E-05/yr, based on the average unavailability of the DGs using plant specific data (i.e., the average unavailability based on current completion times and maintenance practices). Total base LERF is approximately 2.1 E-06/yr. The total base CDF and LERF values include contributions from internal, seismic and fire events. Each of the contributions is listed separately in the tables.

From Table 2, contributions to the base model CDF are split approximately 60% due to seismic, and 20% each due to internal and fire events. When a DG is OOS, considering the applied constraints, the risk profile remains similar, with internal events becoming slightly more important than fire events, but seismic still contributing about 60% of the CDF. Internal and seismic CDFs increase due to the importance of the DGs in LOOP events. For seismic, the concern is a seismically induced LOOP from low intensity events where the switchyard components fail but the DGs remain functional due to their substantially higher values of high-confidence-of-low-probability-of-failure.

24

Enclosure 1 PG&E Letter DCL-03-060 The contribution of non-LOOP-inducing fire events to CDF actually decreases (i.e., there is a lower fire CDF during the time when the DG is OOS). This is due to the fact that maintenance is constrained on the other DGs, start-up power, AFW, and ASW, as opposed to the average maintenance considered in the base case. Fire-induced LOOP events contribute a small amount (less than 4E-7 per year) to the increase in CDF when a DG is OOS.

Table 2 Intermediate Results of Risk Evaluation for DCPP Unit I CDF CDF (per yr) Base Model DG 1-1 DG 1-2 DG 1-3 Internal 8.18E-06 1.25E-05 1.15E-05 1.15E-05 Seismic 3.18E-05 3.56E-05 3.58E-05 3.93E-05 Fire 1.15E-05 1.15E-05 1.12E-05 1.14E-05 TOTAL 5.15E-05 5.95E-05 5.85E-05 6.23E-05 Note-- Results apply to Unit 2, but DG naming is not symmetrical between units.

Equivalent DGs are: 1-1 and 2-2 (Bus H), 1-2 and 2-1 (Bus G),

1-3 and 2-3 (Bus F).

Table 3 shows that contributions to the base model LERF are split approximately 75% due to seismic, and 25% due to internal events, with fire contributing less than 1%. When a DG is OOS, the risk profile remains similar, with internal events becoming slightly more important and seismic contribution decreasing. The change in fire importance is insignificant.

Overall, the relative change in LERF is much less than the change in CDF when a DG is unavailable. LERF is dominated by non-isolated SGTR and inter-system LOCA events, which are relatively insensitive to DG availability.

25

Enclosure 1 PG&E Letter DCL-03-060 Table 3 Intermediate Results of Risk Evaluation for DCPP Unit 1 LERF LERF Base Model DG 1-1 DG 1-2 DG 1-3 (per yr)

Internal 5.49E-07 6.51 E-07 6.32E-07 5.39E-07 Seismic 1.50E-06 1.52E-06 1.49E-06 1.51 E-06 Fire 8.11 E-09 7.23E-09 4.54E-09 5.30E-09 TOTAL 2.06E-06 2.17E-06 2.13E-06 2.05E-06 Note: Results apply to Unit 2, but DG naming is not symmetrical between units.

Equivalent DGs are: 1-1 and 2-2, 1-2 and 2-1, 1-3 and 2-3.

In Table 4, the highest change in CDF is when DG 1-3 is OOS, which is about a 21% increase, compared to 16% and 13% changes in CDF for DG 1-1 and DG 1-2, respectively. The significance of DG 1-3 is that it supplies power to ASW Pump 1-1, the ASW cross-tie valve (FCV-601), and motor-driven AFW Pump 1-3, which are significant contributors to risk during LOOP events. In contrast, DG 1-1 and DG 1-2 support either an ASW pump or a motor-driven AFW pump.

In Table 4, the increase in LERF is limited by DG 1-1. The LERF results for DG 1-1 and 1-2 are similar (approximately 6% and 4%

increases, respectively). The change in LERF for DG 1-3 is negligible.

The insignificance of DG 1-3 to LERF is based on the fact that DG 1-1 and 1-2 support the buses supplying power to residual heat removal (RHR) Trains 1-1 and 1-2, used for stable end-state decay heat removal in SGTR scenarios. Both buses are needed to establish RHR closed loop cooling for decay heat removal.

Table 4 Increase in CDFILERF and ICCDPIICLERP for Each Unit I DG DG 1-1 DG 1-2 DG 1-3 Increase in CDF (per yr) 8.OE-06 7.1 E-06 1.1 E-05 ICCDP 3.1 E-07 2.7E-07 4.1 E-07 Increase in LERF (per 1.2E-07 7.5E-08 1.4E-09 yr)

ICLERP 4.5E-09 2.9E-09 5.4E-11 Note: Results apply to Unit 2, but DG naming is not symmetrical between units.

Equivalent DGs are: 1-1 and 2-2, 1-2 and 2-1, 1-3 and 2-3.

26

Enclosure 1 t PG&E Letter DCL-03-060 The limiting results of the risk evaluation are compared in Table 5 with the risk significance criteria from RG 1.174 for change in the annual average CDF and LERF, and criteria from RG 1.177 for ICCDP and ICLERP.

• The proposed extended completion time is calculated to increase the annual average "at-power" CDF and LERF by less than 1%

from the current baseline values. The change in CDF and LERF are much less than the criteria for these metrics. Margins to the change in CDF and LERF criteria (plotted in Figure 2) demonstrate that the criteria are met with sufficient margin. The additional time spent with a DG OOS could be increased to the proposed completion time value of 14 days before exceeding the risk significance criteria for change in CDF.

• As noted in the previous tables, the ICCDP and ICLERP evaluations are based on DG 1-3 (2-3 for Unit 2) and 1-1 (2-2 for Unit 2), respectively. These DGs provide the limiting values for those risk metrics. The calculated values for ICCDP and ICLERP demonstrate that the proposed DG completion time change has only a small quantitative impact on plant risk, as they are less than the RG acceptance criteria.

Table 5 Results of Risk Evaluation for Unit I Risk Risk Risk Metric Results Metric Significance (% of Risk Significance Criterion)

Criterion Unit I ACDFAVE < 1.OE-06/yr 2.8E-07/yr

____ _____ ____ ___ ___ (28% )

ICCDP" < 5.OE-07 4.1E-07 (83%)

ALERFAVE <1 .OE-07/yr. 5.4E-O9/yr (5%)

ICLERP < 5.OE-08 4.5E-09

. _ __._ _ ,_(9% )

(1) ICCDP value is for DG 1-3 and 2-3, which are the limiting diesels for CDF.

(2) ICLERP value is for DG 1-1 and 2-2, which are the limiting diesels for LERF.

27

Enclosure 1 PG&E Letter DCL-03-060 Figure 2 shows the margin to the risk significance criteria. Although the ICCDP for the limiting DG (1-3 or 2-3) is approximately 83% of the risk significance criteria, the other DGs have substantially more margin, as shown in Table 4 and Figure 3.

100%

90%

< 0 80%o _ a ICCDP/ICLERP

. 70%/o = , f .: oEDelta CDF/LERF O 0%

60%

C 50% -

0. 40% -

< 30%

0 20%

S 10% =

0%

CDF LERF Endstate Figure 2 Margins Exhibited Against Regulatory Guide 1.177 Criteria for ICCDP and ICLERP and 1.174 Criteria for Delta CDF and LERF 28

Enclosure 1 PG&E Letter DCL-03-060 100%

a 90%

a) 80%

O 70%

a 60%

X 50%

a} 40%

< 30%

o 20%

.- 10%

0%

DG 1-1 DG 1-2 DG 1-3 Diesel Generator ICCDP Figure 3 Margins Exhibited Against Regulatory Guide 1.177 Criteria for ICCDP of Unit lDGs The contributions to the ICCDP and ICLERP are shown in Table 6.

The table shows the contribution due to internal, seismic, and fire events on DG 1-3 (2-3) for ICCDP and DG 1-1 (2-2) for ICLERP.

For ICCDP, seismic events contribute nearly 70% of the increase and internal events the other 30%. Note that the contribution due to fire is actually negative, although small. This is due to the low importance of DGs to fire scenarios in combination with constraining maintenance on the other diesels, 230-kV, AFW and ASW systems.

The total ICLERP is very small, approximately an order of magnitude below the acceptance criteria. A majority of the change in LERF is due to internal events, and seismic contributes about 15% to the increase.

Note that the fire contribution to ICLERP is also negative for a similar reason as described above for ICCDP.

29

Enclosure 1 PG&E Letter DCL-03-060 Table 6 Event Contribution to ICCDP and ICLERP for Limiting DGs ICCDP ICLERP DG 1-3 (2-3) DG 1-1 (2-2)

Internal 1.3E-07 3.9E-09 Seismic 2.9E-07 6.4E-10 Fire -1.OE-09 -3.4E-1 1 TOTAL 4.1 E-07 4.5E-09 In determining the values displayed in the tables above, the PRA quantification truncation limits were set to sufficiently low values to ensure that sequences important to the evaluation are included in the results. The truncation limits for sequence quantification vary based on the initiating event. The truncation limits are set such that the unaccounted for frequency is less than 1% of the total frequency calculated. There was no truncation used in generating the cutsets.

The following are factors associated with the PRA calculations that are not considered explicitly in the calculations. If added to the quantification, these factors would reduce the calculated impact of the DG unavailability.

• Certain risk significant equipment combinations would not generally be entered voluntarily by following the DCPP Online Risk Management procedure. Some of these configurations are excluded from the CDF and LERF calculations for a DG unavailable by constraining maintenance on other DGs, startup power, AFW and ASW. If additional undesirable configurations that would generally not be entered were explicitly excluded in the calculations, the calculated risk could be substantially lower.

• The values calculated in the PRA do not take into account compensatory measures, beyond the maintenance constraints described previously, that would likely be in place when using the extended completion time, since the impact on quantified results is not estimated. However, these compensatory actions (see Section 4.2.2) do reduce risk.

• There is some risk trade-off between on-line and outage modes that is not explicitly quantified. As described previously, performing DG overhauls on-line rather than during outages will increase DG 30

Enclosure 1 PG&E Letter DCL-03-060 availability during outages. This will reduce shutdown risk by improving the availability of standby AC power sources for shutdown cooling equipment and other equipment needed to mitigate the events postulated to occur during shutdown. The decrease in risk is not insignificant considering that LOOP likelihood may be greater during shutdown modes than while at power. The likelihood of LOOP increases during shutdowns when one of the two offsite power sources is cleared for maintenance, and because of maintenance activities which may trip breakers supplying power from an offsite source. The impact of the decrease in shutdown risk on overall risk is not quantified for this evaluation.

4.2.2. Tier 2: Avoidance of Risk-Siqnificant Plant Configurations There is reasonable assurance that risk-significant plant equipment configurations will not occur when the DGs are OOS using the proposed TS changes.

Technical Specifications and Safety Function Determination Program Adhering to the current TS requirements will prevent many of the more risk significant configurations from being entered into. Specifically, there are requirements concerning the operability of offsite power sources and other DGs. Furthermore, LCO 3.8.1 (Condition B) requires that "required feature(s) supported by the inoperable DG" must be declared inoperable when "its required redundant feature(s) is inoperable." This prevents having unavailable front-line SSCs (e.g.,

AFW) from the other train, without entering more restrictive LCOs, including TS 3.0.3. Thus, except for emergent conditions resulting from equipment failure, it is highly unlikely that these SSCs will be made unavailable during at-power DG unavailability. Even under these unexpected conditions, it is likely that a more restrictive LCO would be entered requiring corrective action to be taken to return equipment to operable status.

The Safety Function Determination Program (SFDP), required by TS 5.5.15, requires provisions for cross-division checks to ensure a loss of the capability to perform a safety function assumed in the accident analysis does not go undetected. TS LCO 3.0.6 establishes requirements regarding supported systems when support systems are found inoperable. Upon entry into TS LCO 3.0.6 an evaluation is required to determine whether there has been a loss of safety function.

Additionally, other limitations, remedial actions, or compensatory 31

Enclosure 1 PG&E Letter DCL-03-060 actions may be identified as a result of the support system inoperability and corresponding exception to entering supported system Conditions, and Required Actions. The SFDP implements the requirements of TS LCO 3.0.6. Administrative Procedure OP1.DC38, "Safety Function Determination Program," implements the SFDP.

Risk Management and Compensatory Actions The analysis performed to support extending the DG completion time specifically constrained maintenance on the affected unit DGs, startup power, the affected unit AFW trains, and all trains of ASW, including the cross-tie (FCV-601). Since these constraints are used to justify the extended completion time, these configurations should not be entered into voluntarily.

The risk associated with having a DG OOS will be managed by adhering to the requirements for online risk assessment and management as described in the DCPP procedure AD7.DC6. In addition to the risk directly associated with the DG unavailability, the procedure requires that potentially risk significant configurations during the period of DG unavailability are assessed and managed.

Risk management procedures have been developed at DCPP for previous online DG maintenance. These procedures have been used to provide strategies for managing risk, including placing restrictions on certain activities and enacting compensatory measures. Examples of risk management actions and restrictions used in the past at DCPP include:

• Risk awareness briefings for maintenance, operations, engineering and other support personnel prior to the work.

• Maintenance performed around-the-clock to minimize the time spent with equipment unavailable.

• Establishment of back-out criteria and procedures in the event of unexpected conditions or configurations.

• Verification of redundant equipment operability and posting of signs.

• Walkdown of redundant or other important mitigation equipment (e.g., other DGs, AFW pumps) to ensure that equipment is in good material condition, with no work being performed that could jeopardize operation.

• Disallowance of work that may cause a trip hazard (e.g., work in the switchyard under control of the licensee) or elective maintenance on redundant equipment.

32

Enclosure 1 PG&E Letter DCL-03-060

• Senior management on-shift support, in the event conditions jeopardize plant operation.

• Plan for no more than 50% of the completion time for the maintenance without additional management approval.

• Evaluation of seasonal weather patterns prior to maintenance.

• Verification prior to maintenance, that off-site power sources are not in danger of being lost due to wild land fires, grid degradation, or scheduled work activities.

• Follow guidelines provided in the DCPP California Energy Crisis Contingency Plan.

Examples of risk-informed compensatory actions that are not quantified but would further reduce the risk of DG maintenance while on-line are:

• Station an operator and/or other personnel in vicinity of ASW pumps and cross-tie valve. This would ensure that personnel are more readily available to establish local ASW cross-tie (e.g., Bus F without power due to DG 1-3 failure), thus increasing the likelihood of success.

• Provide guidance to operations for cross-tying buses in the event of a DG failure. If DG 1-3 is unavailable and Bus F is de-energized during a LOOP, cross-tying to re-energize Bus F will recover both AFW and ASW components. This is more effective and reliable than performing mechanical cross-tie operations in both systems.

4.2.3. Tier 3: Risk-Informed Configuration Risk Management Program DCPP has developed a process for online risk assessment and management. Following the process and procedures ensures that the risk impact of equipment OOS while the plant is on-line is appropriately evaluated prior to performing any maintenance activity or following an equipment failure or other intemal or external event that impacts risk.

DCPP procedure AD7.DC6 provides guidance for managing safety function, probabilistic risk, and plant trip risks as required by 10 CFR 50.65(a)(4) of the maintenance rule. The procedure addresses risk management practices in the maintenance planning phase and maintenance execution (real time) phase for Modes 1 through 4. Appropriate consideration is given to equipment unavailability, operational activities such as testing, and weather conditions.

33

Enclosure 1 PG&E Letter DCL-03-060 In general, risk from performing maintenance on-line is minimized by:

• Performing only those preventative and corrective maintenance items on-line required to maintain the reliability of SSCs.

• Minimizing cumulative unavailability of safety-related and risk significant SSCs by limiting the number of at-power maintenance outage windows per cycle per train/component.

• Minimizing the total number of SSCs OOS at the same time.

• Minimizing the risk of initiating plant transients (trips) that could challenge safety systems by implementing compensatory measures.

• Avoiding higher risk combinations of OOS SSCs using PRA insights.

• Maintaining defense-in-depth by avoiding combinations of OOS SSCs that are related to similar safety functions or that affect multiple safety functions.

• Scheduling in train/bus windows to avoid removing equipment from different trains simultaneously.

Actions are taken and appropriate attention is given to configurations and situations commensurate with the level of risk as evaluated using AD7.DC6. This occurs both during planning and real time (execution) phases.

For planned maintenance activities, an assessment of the overall risk of the activity on plant safety, including benefits to system reliability and performance, is currently performed and documented per AD7.DC6 prior to scheduled work. Consideration is given to plant and external conditions, the number of activities being performed concurrently, the potential for plant trips, and the availability of redundant trains.

Risk is evaluated, managed and documented for all activities or conditions based on the current plant state:

• Before any planned or emergent maintenance is to be performed.

• As soon as possible when an emergent plant condition is discovered.

• As soon as possible when an external or internal event or condition is recognized.

34

Enclosure 1 PG&E Letter DCL-03-060 Compensatory measures are implemented as necessary and f the risk assessment reveals unacceptable risk, a course of action is determined to restore degraded or failed safety functions and reduce the probabilistic risk.

4.2.4. Inteqrated Risk-Informed Assessment The proposed changes to TS Section 3.8.1 "AC Sources - Operating,"

extending the allowable completion times for the Required Actions associated with restoration of an inoperable DG, have been evaluated with a risk-informed approach. This approach demonstrates that the principles of risk-informed regulation are met for these proposed changes:

• The applicable regulatory requirements will continue to be met

• Adequate defense-in-depth will be maintained

• Sufficient safety margins will be maintained, and

• Increases in CDF and LERF are small and consistent with the NRC Safety Goal Policy Statement and Regulatory Guides 1.174 and 1.177.

The limiting configuration is with DG 1-3 (2-3) unavailable. This is seen in the defense-in-depth analysis as well as the probabilistic results (for CDF). Although the PRA results for LERF indicate that DG 1-1 is more risk significant for that endstate, the DG impact on LERF and containment performance is minimal. The PRA evaluation indicates that the risk increase is primarily due to increases in risk from seismic sequences and, to a lesser extent, internal events. DG unavailability has almost no impact on the risk due to fire scenarios.

Constraints on maintenance for the following equipment while a DG is OOS are needed to ensure that the risk increase due to the proposed change is small:

• SUT and power source

• Other DGs in the unit affected

• AFW trains in the unit affected

• All site ASW trains, including the cross-tie, FCV-601.

These constraints are factored into the CDF and LERF calculations.

Other compensatory actions and restrictions identified by site risk management procedures are not quantified, but do have a real and substantial impact on the risk of taking a DG OOS. Further reductions 35

Enclosure 1 PG&E Letter DCL-03-060 in overall plant risk will be achieved by moving DG maintenance out of outages, although the impact of this strategy on total plant risk is not quantified.

4.3 Implementation and MonitorinQ Program To ensure the proposed extension of the DG completion time does not degrade operational safety over time, should equipment not meet its performance criteria, an evaluation is required as part of the maintenance rule. The evaluation will include prior related TS changes, including this one, in its scope. Appropriate corrective action will be taken as required by the maintenance rule including a change to the TS if necessary.

The reliability and availability of the affected DGs are monitored under the maintenance rule program. If the pre-established reliability or availability performance criteria are exceeded for the DGs, they are considered for 10 CFR 50.65 (a)(1) actions, requiring increased management attention and goal setting in order to restore their performance (i.e., reliability and availability) to an acceptable level.

The performance criteria are risk-based and, therefore, are a means to manage the overall risk profile of the plant. An accumulation of large core damage probabilities over time is precluded by the performance criteria. The actual OOS time for the DGs will be minimized to ensure the reliability and availability performance criteria are not exceeded.

The DG availability used in the PRA analysis to calculate CDF values is consistent with the DG system maintenance rule goals, actual past performance of the DGs at the plant, and expected unavailability following implementation of the proposed increased DG completion time. The DG system maintenance rule performance criteria are consistent with those values used to calculate the risk metrics (i.e., the expected unavailability). All DGs at DCPP are currently meeting their maintenance rule performance criteria.

DCPP Procedure MA1.1D17, "Maintenance Rule Monitoring Program,"

describes how the plant program complies with the maintenance rule.

The procedure provides instructions for scoping, risk significance determination, performance criteria, monitoring, goal setting, periodic assessment, and maintenance rule (a)(4) assessments.

As part of the DCPP maintenance rule program, the actual DG reliability and availability will be monitored and periodically evaluated.

This process will, in effect, assess the impact of the proposed extended DG completion time upon plant performance in relationship 36

Enclosure 1 PG&E Letter DCL-03-060 to the maintenance rule goals. To ensure the TS completion time does not degrade operational safety over time, the maintenance rule program will be used, as discussed above, to identify and correct adverse trends.

Procedure AD7.DC6 describes the tools and processes used for assessing and managing on-line risk. Included in AD7.DC6 is a process for assessing risk when the assessment tool is unavailable.

4.4 Industry and Operating Experience Industry and plant operating experience were reviewed to assess the proposed change. A number of plants, including DCPP, have been performing DG maintenance on-line for several years and no events or adverse consequences have been experienced to date. This change to the TSs does not create any new configuration or maintenance, it only extends the time allowed to perform maintenance on-line.

4.5 Impact on Previous Submittals This request has no impact on previous risk-informed submittals. The only other risk informed submittals made by DCPP were for the Risk' Informed In-Service Inspection (ISI) Program, and for one-time increases in completion times for Centrifugal Changing Pumps (CCP)

Nos. 1-1 and 2-1. The DG completion time extension does not have any affect on Risk Informed ISI. The completion time extension for CCP 2-1 (Unit 2 License Amendment 149) has expired and is not a factor. The completion time extension for CCP 1-1 (License Amendment Request 03-03 submitted by PG&E Letter DCL-03-019 dated February 28, 2003) when approved and implemented, will be evaluated for risk and managed in accordance with the online risk assessment requirements of DCPP procedure AD7.DC6. Future risk-informed submiftals will need to be evaluated to determine whether they have an impact on this submittal.

37

Enclosure 1 PG&E Letter DCL-03-060 4.6 Conclusion The acceptability of the proposed 14-day DG completion time is based upon both a deterministic evaluation and a risk-informed assessment.

The risk assessment concluded that the increase in plant risk is small and consistent with the USNRC "Safety Goals for the Operations of Nuclear Power Plants; Policy Statement" as interpreted by NRC Regulatory Guides 1.174 and 1.177. To ensure the proposed extension of the DG completion time does not degrade operational safety over time, should the DGs not meet their performance criteria, an evaluation is required as part of the maintenance rule. The evaluation will include prior related TS changes in its scope and appropriate corrective action will be taken including a change to the TS if necessary.

5.0 REGULATORY ANALYSIS

5.1 No Significant Hazards Consideration PG&E has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three standards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below:

1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response: No.

The proposed changes revise the Technical Specification (TS) 3.8.1 completion times for Required Actions A.2 and B.4 associated with the diesel generators (DGs). The proposed changes allow an extension of the current TS completion time from 7 days to 14 days for an inoperable DG.

The proposed changes do not affect the design of the DGs, the operational characteristics or function of the DGs, the interfaces between the DGs and other plant systems, or the reliability of the DGs.

Required Actions and the associated completion times are not initiating conditions for any accident previously evaluated, and the DGs are not initiators of any previously evaluated accidents. The DGs mitigate the consequences of previously evaluated accidents including loss of offsite power. The consequences of a previously analyzed event will 38

Enclosure 1 PG&E Letter DCL-03-060 not be significantly affected by the extended DG completion time since the DGs will continue to be capable of performing their accident mitigation function as assumed in the accident analysis. Thus the consequences of accidents previously analyzed are unchanged between the existing TS requirements and the proposed changes. The consequences of an accident are independent of the time the DGs are out of service as long as adequate DG availability is assured. The proposed changes will not result in a significant decrease in DG availability so that the assumptions regarding DG availability are not impacted.

To fully evaluate the effect of the proposed DG completion time extension, probabilistic risk assessment methods and a deterministic analysis were utilized. The results of the analysis show no significant increase in core damage frequency and large early release frequency.

Therefore, the proposed changes do not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different accident from any accident previously evaluated?

Response: No.

The proposed changes do not involve a change in the design, configuration, or method of operation of the plant. The proposed changes will not alter the manner in which equipment operation is initiated, nor will the function demands on credited equipment be changed. No alteration in the procedures which ensure that the plant remains within analyzed limits is being proposed, and no change is being made to the procedures relied upon to respond to an off-normal event. As such, no new failure modes are being introduced.

Therefore, the proposed changes do not create the possibility of a new or different accident from any accident previously evaluated.

3. Does the proposed change involve a significant reduction in a margin of safety?

Response: No.

The proposed 14 day DG completion time is based upon both a deterministic evaluation and a risk-informed assessment. The availability of offsite power coupled with the availability of the other 39

Enclosure 1 PG&E Letter DCL-03-060 DGs in the affected unit, the unit auxiliary feedwater pumps, and all auxiliary saltwater trains (including the cross-tie) and utilization of the Online Risk Management Program while a DG is inoperable, provide adequate compensation for the potential small incremental increase in plant risk of the extended DG completion time. In addition, the increased availability of the DGs during refueling outages provides a reduction in plant risk during shutdown periods.

The risk assessment performed to support this license amendment request concluded that the increase in plant risk is small and consistent with the NRC's Safety Goal Policy Statement, "Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy Statement," Federal Register, Volume 60, p. 42622, August 16, 1995 and guidance contained in of Regulatory Guides (RG) 1.174, "An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis," dated July 1998 and RG 1.177, "An Approach for Plant-Specific, Risk-informed Decision making: Technical Specifications," dated August 1998. Together, the deterministic evaluation and the risk-informed assessment provide high assurance of the capability to provide power to the engineered safety feature buses during the proposed 14 day DG completion time.

Therefore, the proposed change does not involve a significant reduction in a margin of safety.

Based on the above evaluation, PG&E concludes that the proposed changes present no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

5.2 Applicable Regulatory Requirements/Criteria The proposed license amendment has been developed in accordance with the NRC's Safety Goal Policy Statement, Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy Statement,"

Federal Register, Volume 60, p. 42622, August 16, 1995, and guidance contained in of RG 1.174, "An Approach for Using Probabilistic Risk Assessment in Risk-informed Decisions on Plant-Specific Changes to the Licensing Basis," dated July 1998, and RG 1.177, "An Approach for Plant-Specific, Risk-Informed Decision making: Technical Specifications," dated August 1998.

40

Enclosure 1 PG&E Letter DCL-03-060 In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public.

6.0 ENVIRONMENTAL CONSIDERATION

PG&E has evaluated the proposed amendment and has determined that the proposed amendment does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any effluent that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure. Accordingly, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51 .22(c)(9). Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.

7.0 REFERENCES

7.1 References

1. "Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy Statement," Federal Register, Volume 60, p.42622, August 16, 1995.

2. NRC Regulatory Guide 1.177, "An Approach for Plant-Specific Risk-Informed Decisionmaking: Technical Specifications," August 1998.

3. Diablo Canyon Power Plant Administrative Procedure AD7.DC6, "On-line Maintenance Risk Assessment," Revision 6, 11/26/01.

4. DCPP Updated Final Safety Analysis Report.

5. Pacific Gas and Electric Company, "Long Term Seismic Program Final Report," PG&E Letter No. DCL-88-192, July 31, 1988.

6. PLG, Inc., "Diablo Canyon Probabilistic Risk Assessment," prepared for Pacific Gas and Electric Company, PLG-0637, July 1988.

{"DCPRA-1 988"}

7. Diablo Canyon Power Plant Probabilistic Risk Assessment Peer Review Report, Westinghouse Electric Co., Final Report, August 2000.

41

Enclosure 1 PG&E Letter DCL-03-060

8. NUREG/CR-0675 Supplement No. 34, Safety Evaluation Report related to the operation of Diablo Canyon Nuclear Power Plant, Units I and 2 Docket Nos. 50-275 and 50-323 Pacific Gas and Electric Company, June 1991.

9. NUREG/CR-5726, Review of the Diablo Canyon Probabilistic Risk Assessment, August 1994.

10. NRC Regulatory Guide 1.174, An Approach for Using Probabilistic Risk Assessment In Risk-informed Decisions On Plant-Specific Changes to the Licensing Basis, July 1998.

11. DCPP Calculation PRA 02-06, "Diesel Generator LAR for 14 day AOT."

12. Licensee Event Report for Diablo Canyon Unit 1, LER Number 2000-004-01, August 30, 2000.

13. Diablo Canyon Power Plant Technical Specifications, 3.8.1 AC Sources - Operating, Unit 1 - Amendment No. 135, Unit 2 -

Amendment No. 135.

14. Diablo Canyon Administrative Procedure OP1.DC38, "Safety Function Determination Program."

15. Diablo Canyon Power Plant Temporary Procedure TP TO-00003, "Diesel Generator 2-3 On-Line Maintenance."

16. Diablo Canyon Power Plant California Energy Crisis Contingency Plan, Revision April 23, 2001.

17. Diablo Canyon Power Plant Administrative Procedure MA1.1D17, "Maintenance Rule Monitoring Program."

18. Diablo Canyon Power Plant Administrative Procedure AD7.DC6, "On-Line Risk Management."

7.2 Precedents The NRC staff has approved similar license amendments (LA) for other plants including LA Nos. 114, 114,108, and 108 for Byron Station, Units I and 2, and Braidwood Stations Units 1 and 2, respectively, on September 1, 2000, LA No. 141 for Clinton Power Station, Unit 1, on November 8, 2001, and LA Nos. 150 and 136 for LaSalle County Station, Units 1 and 2, respectively, on January 30, 2002.

42

Enclosure 2 PG&E Letter DCL 03-060 Proposed Technical Specification Changes (mark-up)

Remove Paqe Insert Page 3.8-1 3.8-1 3.8-2 3.8-2

AC Sources - Operating 3.8.1 3.8 ELECTRICAL POAIER SYSTEMS 3.8.1 AC Sources - Operating LCO 3.81 The folloving AC electrioal sources shall be OPERABLE,

a. Two qualified circuits between the cffsite transmission network and the onsite Class 1E AC Electrical Power Distribution System; and

b. Three diesel generators (DGs) capable of supplying the onsite Class IE power distribution subsystem(s); and

c. Two supply trains of the diesel fuel oil (DFO) transfer system.

APPLICABILITY: MODES 1, 2 3 and 4 ACTIONS CONDITION REQUIRED ACTION COMPLETION TINlE A. One required offsite circuit A.1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> inoperable. required OPERABLE AND affsite circuit.

Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

AND A-2 Restore required offsite 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> circuit to OPERABLE D status., -

days from discovery of failure to meet LCO.

(continued)

DIABLO CANYON - UNITS 1 & 2 3.8-1 Unit 1 -

TAB 3.8- RO 1 Unit 2 -

AC Sources - Operating 3.8.1 ACTIONS (continued)

CONDITION REQUIREDA CTION COMPLETION TIME I~~~~~~ ~~~~~~~~~~~~~ -,_I B. One DG inoperable. B.1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> the required offsite AND circuit(s).

Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

AND NOTE In MAODE 1, 2, and 3.

TDAFW pump is considered a required redundant feature.

B.2 Declare required 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from feature(s) supported by discovery of Corsdition the inoperable DG 8 concurrnt with inoperable when Its Inoperatility of required redundant redundant required feature(s) is inoperable. feature(s).

AND 8.3,1 Determine OPERABLE 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> DG(s) is not inoperable due to common cause failure.

B.3.2 Perform SR 3.8.1.2 for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> OPERABLE DG(s),

AND B.4 Restore DG to OPERABLE status.

days from discovery of failure to meet LCO.

.3.

(continued)

DIABLO CANYON - UNITS I & 2 3.8-2 Unit 1 - Amendment TAB 3.8 - RO 2 Unit 2 - Amendment

Enclosure 3 PG&E Letter DCL 03-060 Proposed Technical Specification Changes (retyped)

AC Sources - Operating 3.8.1 3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC Sources - Operating LCO 3.8.1 The following AC electrical sources shall be OPERABLE:

a. Two qualified circuits between the offsite transmission network and the onsite Class 1E AC Electrical Power Distribution System; and

b. Three diesel generators (DGs) capable of supplying the onsite Class 1E power distribution subsystem(s); and

c. Two supply trains of the diesel fuel oil (DFO) transfer system.

APPLICABILITY: MODES 1, 2, 3, and 4.

ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One required offsite circuit A.1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> inoperable. required OPERABLE AND offsite circuit.

Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

AND A.2 Restore required offsite 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> circuit to OPERABLE AND status.

14 days from I discovery of failure to meet LCO.

(continued)

DIABLO CANYON - UNITS 1 & 2 3.8-1 Unit I - Amendment No. 435 TAB3.8-RO 1 Unit 2 - Amendment No. 1-35

AC Sources - Operating 3.8.1 ACTIONS (continued)

CONDITION REQUIRED ACTION COMPLETION TIME B. One DG inoperable. B.1 Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> the required offsite AND circuit(s).

Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

AND

---

NOTE ---- - ------

In MODE 1, 2, and 3, TDAFW pump is considered a required redundant feature.-----

B.2 Declare required 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery feature(s) supported by of Condition B the inoperable DG concurrent with inoperable when its inoperability of required redundant redundant required feature(s) is inoperable. feature(s).

AND B.3.1 Determine OPERABLE 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> DG(s) is not inoperable due to common cause failure.

OR B.3.2 Perform SR 3.8.1.2 for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> OPERABLE DG(s).

AND 14 days from B.4 Restore DG to discovery of failure to I

OPERABLE status.

meet LCO.

(continued)

DIABLO CANYON - UNITS 1 & 2 3.8-2 Unit 1 - Amendment No. 435 TAB3.8-RO 2 Unit 2 - Amendment No. 4-35

Enclosure 4 PG&E Letter DCL 03-060 Changes to Technical Specification Bases Pages

AC Sources - Operating B 3.8.1 BASES ACTIONS &2 (continued)

The setond Completion Time for Required Action A,2 establishes a limit on the maximum lime allowed for any ombination of required AC power sources to be inoperable during any single contiguous occurrence of failing to meet the LCtO if Condition A Is entered while, t) for Instance, a DG is noperable and that DG is subsequently rem3 R OPERABLE, the LCO m lady have been not met for up to ys.

Tis could le to a totalda days, since initial failure to meet the LCOI to restore lhe offsite circuit. At this time, a 4G could again d le hnecircuit restored OPERABLE, and an additional r212%b day {foir a total o days) allowed prior to complete restoration of Lday Completion Time provides a limit on the time a~2lYalowed in a pecified cordition after discovery of failure lo meet the LCO. This limit i onsiderd reasonable for sitations Inwhich onditions A and B re entered concurrenty. The 'AND" connector I ii3/4g?

, .s lween 72Jhourayn day Completion Times means that both

r. I Competio rnes apply simulneously, and the more restrictive 019se-f5i= \ Cometio Tme must be meL C A5The j7

t;-

4 kc263s u

LA h q x

Oprtonmycntinue nConiin o eidta 'ol o exXedays. This AOT was revised frorn 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 7 days by license Amendment (LA) 44 for Unit 1 and LA 43 for Unit In Condition B, the remaining OPERABLE DGs and offsfte circuits are adequate lo supply electrical power to the onsite Class 1E Distribution Sysaem Th~~day y Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for

_v_ repairs. and the low probability of a DBA occuring'during this period,

'4qiilCJThe plCo mpletion Time for Required Action B.4 estab4shes a limit on the maximum time allowed for any combination of required AC power sources to be inoperable during any single contiguous occurrence of failng to meet the LCO. If Condition B is entered while, for Instance, an offsite circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may alre not met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This could lead to a total o ys, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become Inoperable, the DG restored OPERABLE, (confinued)

DIABLO CANYON - UNITS I 8 2 8 3.8-8 Revision I TABB3-.DOC - RIA B

AC Sources - Operating B3.8.1 BASES ACTIONS 8.4 (continued) and an additional 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (fa tota f days) allowed pnor to oomplete restoration of the LCO. The day Completon Time provides a limit on tirne allowed in a specified condition after discovery oFfailure to meet the LCO. This fimit is considered reasonabi for suations in which CondRions-A ac[1 are etered concLurrently. TSAND*

7 ~~ ~ ~ mpltha

~~ie l vCompon imn 4ppy m eouy 5thmoeSie rGmp n Time tnmt As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time dDrk. This uit result In establishing the time zero" at the time that the LCO was intiafly not met, instead of at the time Condition was entered, C. and C.2 Required Action C.1, which applies when two offsite cimits are inoperable. is intended to provide assurance that an event wlth a coincident single failure wilT not result in a complete loss of redundant required safety functions. The rationale for the reduction to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> for Required Action C.1 Is that Regulatory Guide 1-93 (Ref. 6)alows a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for two required offslte circuits Inoperable.

based upon the assumption that two complete safety trains are OPERABLE. When a concurrent redundant required featre failure exists, tWs assumption Is not valid, and a shorter Compteion Timne of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is appropriate. Required features are redurdan' safety-related systems, subsystems, trains, components, and devices that depend on the DGs as a source of emergency power. These features are powered from the three Class I E AC electical power distribution subsystems. Examples of required features would Include, but ae not limited to, auxiliary salwater pumps, centrifugal chargirg pumps, or motor-driven auxiliary feedwater pumps.

The Conpletion Tlime for Required Action C.1 is intended to allow the operator time to evaluate and repair any discovered noperabilites.

This Completion Time also allows for an exception to the normal "tme zero' for beginning the allowed outage time 'ciock." In this Rewired Action the Completion ime only begins on discovery that both-

a. All required offsite circuits are inoperable; and

b. A required feature is inoperable.

If at any time during the existence of Condition C (wo offsite drcuits inoperable) a required feature becomes inoperable, this Completion Time begins to be tracked.

(continued)

DlABLO CANYON - UNITS I & 2 B 3.B-9 Revision 1 TABB3-8.DOC - RIA 9