DCL-03-178, Response to NRC Request for Additional Information Regarding License Amendment Request 03-07, Revision to Technical Specifications (TS) 3.8.1 AC Sources - Operating & 3.8.4 DC Sources - Operating Surveillance Requirements.

From kanterella
(Redirected from DCL-03-178)
Jump to navigation Jump to search
Response to NRC Request for Additional Information Regarding License Amendment Request 03-07, Revision to Technical Specifications (TS) 3.8.1 AC Sources - Operating & 3.8.4 DC Sources - Operating Surveillance Requirements.
ML040070345
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 12/23/2003
From: Oatley D
Pacific Gas & Electric Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
DCL-03-178
Download: ML040070345 (30)
v  d  e


Text

Pacific Gas and Electic Company David H. Datley Diablo Canyon Power Plant Vice President and PO. Box 56 General Manager Avila Beach, CA 93424 December 23, 2003 805.545.4350 PG&E Letter DCL-03-178 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, DC 20555-0001 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 Diablo Canyon Units 1 and 2 Response to NRC Request for Additional Information Reqardinq License Amendment Request 03-07, "Revision to Technical Specifications (TS) 3.8.1 "AC Sources - Operating" & 3.8.4 "DC Sources - Operating" Surveillance Requirements"

Dear Commissioners and Staff:

Pacific Gas and Electric (PG&E) Letter DCL-03-061, dated May 29, 2003, submitted License Amendment Request (LAR) 03-07, "Revision to Technical Specifications (TS) 3.8.1 'AC Sources - Operating' & 3.8.4 'DC Sources - Operating,' Surveillance Requirements," which allows surveillance testing of the onsite standby emergency diesel generators (EDG) during modes in which it is currently prohibited and incorporates changes included in NRC-approved Technical Specification Task Force (TSTF) Standard Technical Specification change TSTF-283, Revision 3. PG&E submitted LAR 03-07 in conjunction with an industry consortium of six plants as a result of a mutual agreement known as Strategic Teaming and Resource Sharing (STARS). The STARS group consists of the six plants operated by TXU Generation Company LP, Union Electric Company, Wolf Creek Nuclear Operating Corporation, Pacific Gas and Electric Company, STP Nuclear Operating Company, and Arizona Public Service Company. Three members of the group, Union Electric Company, Wolf Creek Nuclear Operating Corporation, and Arizona Public Service Company provided concurrent LAR submittals. The concurrent submittals were intended to allow the NRC to review these submittals as a group.

On September 25, 2003, the NRC staff requested additional information concerning all four of these STARS submittals. PG&E's responses to the staff's questions are provided in Enclosure 1. These responses were discussed with the NRC on November 19, 2003. In that discussion the NRC expressed concern with the proposed revision to the Notes in Surveillance Requirement (SR) 3.8.4.7 and SR 3.8.4.8, which provide the flexibility for a partial performance of the SRs to reestablish OPERABILITY following corrective maintenance. The inclusion of the changes to the Notes in SR 3.8.4.7 and SR 3.8.4.8 is consistent with NRC approval of TSTF-283. The NRC's concern was that the proposed TSTF changes to A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • Wolf Creek

Document Control Desk PG&E letter DCL-03-178 December 23, 2003 Page 2 SR 3.8.4.7 and SR 3.8.4.8, allowing portions of these surveillances to be performed at power, could result in a partial discharge of the batteries, which would not be acceptable. As a result of further discussions with the lead NRC Project Manager, Pacific Gas and Electric Company is providing responses to all the Requests for Additional Information. PG&E has agreed with the lead NRC Project Manager to have the Staff process separately the proposed changes to SR 3.8.4.7 and SR 3.8.4.8 to allow timely issuance of the license amendment for the remaining requested changes and to allow additional time to resolve the concern with the partial testing both generically for the industry and for Diablo Canyon Power Plant.

This information does not affect the results of the technical evaluation and no significant hazards consideration determination previously transmitted in PG&E Letter DCL-03-061.

If you have any questions or require additional information, please contact Stan Ketelsen at (805) 5454720.

Sincerely, 97,Vi2H David H. Oatley Vice President and General Manager- Diablo Canyon Dxs/4540 Enclosures cc: Edgar Bailey, DHS Bruce S. Mallett David L. ProuIx Diablo Distribution cc/enc: Girija S. Shukla A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • PaloVerde
  • SouthTexas Project
  • WolfCreek

PG&E letter DCL-03-178 UNITED STATES OF AMERICA NUCLEAR REGULATORY COMMISSION

-~~~~~~~~~~~~~~~~~~~~~~~ Docket No. 50-275 In the Matter of ) Facility Operating License PACIFIC GAS AND ELECTRIC COMPANY) No. DPR-80 Diablo Canyon Power Plant ) Docket No. 50-323 Units 1 and2 ) Facility Operating License

/ No. DPR-82 AFFIDAVIT David H. Oatley, of lawful age, first being duly sworn upon oath says that he is Vice President and General Manager - Diablo Canyon of Pacific Gas and Electric Company; that he has executed this response to the NRC request for additional information on License Amendment Request 03-07 on behalf of said company with full power and authority to do so; that he is familiar with the content thereof; and that the facts stated therein are true and correct to the best of his knowledge, information, and belief.

David H. Oatley Vice President and General Manager - Diablo Canyon Subscribed and sworn to before me this 23rd day of December, 2003.

otary Public SANDRA L. RECTOR Commission # 1339380 County of San Luis Obispo Notary Public - Califomia 7 State of California San Luis Obispo County r 1 My Comrn. Expires Jan 12.2006 ?

Enclosure 1 PG&E Letter DCL-03-178 PG&E Response To NRC Requests For Additional Information Regarding License Amendment Request 03-07, "Revision To Technical Specifications (TS) 3.8.1 'AC Sources - Operating' & 3.8.4 'DC Sources - Operating' Surveillance Requirements" In the NRC's request for additional information they provided a series of questions, which included questions that required answers by all four plants including Diablo Canyon Power Plant (DCPP) and some questions which were specific to one plant.

The common questions are 1a, 1b, 1c, Id, 1e, 1f, and 1g. The DCPP specific questions are 3a and 3b. DCPP was not requested to respond to any of the additional questions. The following are restatements of the NRC questions DCPP was to respond to, followed by DCPP's response.

NRC Question Ia:

Surveillance Requirement (SR) 3.8.4.7 and SR 3.8.4.8 contain a Note that has been modified to add "However, portions of the Surveillance may be performed to reestablish OPERABILITY provided an assessment determines the safety of the plant is maintained or enhanced. " Provide the intent of this note in detail (what exactly will be done at power, the duration of these surveillances and its impact on the limiting condition of operation, details regarding assessment, etc.)

PG&E's Response:

Surveillance Requirement (SR) 3.8.4.7 and SR 3.8.4.8 are the DC battery service test and the DC battery discharge test, respectively. In practice, this allowance provided by the revised Note will not likely be utilized since the battery service or performance discharge test require many hours to perform and the battery is inoperable during this testing. Partial performance of the battery service or performance discharge test is also unlikely given the intrusive nature of the test and the fact that partial performance would likely not be useful except under unusual circumstances. Additionally, partial performance of the SRs may present a challenge to the two-hour Completion Time specified for restoration of an inoperable battery per Required Action A.1 of limited condition for operation (LCO) 3.8.4.

The proposed revision to the Note was included in these SRs to provide the flexibility for a partial performance test to reestablish operability following corrective maintenance. The inclusion of the changes to the Notes in SR 3.8.4.7 and SR 3.8.4.8 is consistent with NRC approval of Technical Specification Task Force (TSTF)-283, Revision 3.

The responses to the Request for Additional Information were discussed with the NRC on November 19, 2003. Additional discussions were held with the lead NRC Project Manager regarding the NRC concerns that the proposed TSTF changes to SR 3.8.4.7 and SR 3.8.4.8 allowing portions of these surveillances to be performed at power could I

Enclosure 1 PG&E Letter DCL-03-178 result in a partial discharge of the batteries. PG&E is in agreement with the lead NRC Project Manager to process separately the proposed changes to SR 3.8.4.7 and SR 3.8.4.8.

NRC Question lb:

Do the work control programs, risk management programs, and/or procedures cover a comprehensive walk-down just prior to entering the period of reduced equipment availability during EDG testing? Provide details about the walk-down orjustify why such walk-down is not required.

PG&E's Response:

Any planned activity that potentially results in a reduced level of equipment availability is not undertaken unless the status of the equipment potentially affected is known and all redundant equipment is in a condition that precludes any unacceptable risk from performing such an activity. The procedures controlling such activity require determination of the status of all potentially affected systems, communication with responsible operation and maintenance personnel, and the placement of formal clearances, if necessary. The determination of the status of systems may involve review of the plan of the day to determine potential activities that could adversely affect the planned activity or increase the risk, walkdowns of the components or system being affected and the backups to those being affected, and review of offsite or external conditions that could have a potential affect on the risk (i.e., grass fires, severe weather or other grid related transients or scheduled work activities). Tailboards would take place with the various onsite operations and maintenance organizations to ensure complete understanding of the activity and to ensure no other activities take place that could adversely affect the plant through the duration of the activity being performed.

Prior to the activity, clearances would be implemented on the equipment and systems that are being removed from service for the testing. This would involve walkdowns and verification by operations and maintenance personnel. However, for components and systems that potentially could be affected by the testing, but are not part of the testing clearance, there are various ways of determining status as discussed above, and walkdowns are not always a requirement. For those components or systems outside of the test clearance, if the status are not readily verifiable a walkdown would be performed.

2

Enclosure 1 PG&E Letter DCL-03-178 NRC Question Ic:

Indicate where the loss-of-offsite power signal comes from when the EDG is powering, or is paralleled to, the safety bus.

PG&E's Response:

The loss-of-power relays sense voltage from the 4.16 kV safety buses. This is the case whether an emergency diesel generator (EDG) is or is not powering its associated bus and whether the EDG is paralleled or not paralleled to the off-site power source.

NRC Question 1d:

Discuss administrative controls to preclude performing these surveillances during other maintenance and test conditions that could have adverse effects on the offsite power system or plans for restricting additional maintenance or testing of required safety systems that depend on the remaining EDG as a source. Additionally, discuss if the remaining EDG were to become inoperable while the other EDG is being tested, would the test be aborted.

PG&E's Response:

At DCPP, no test is undertaken unless the status of the equipment being tested is known, and all redundant or potentially affected equipment is in a condition that precludes unacceptable risk from performing such a test. All of the testing activities require determination of the status of potentially affected systems, communication with responsible operation and maintenance personnel, and the placement of formal clearances, if necessary. The determination of the status of systems may involve the review of the plan of the day to determine potential activities that could adversely affect the test or increase risk, walkdowns of the components or system being tested and the backups to those being tested, and review of offsite or external conditions that could have a potential affect on the risk (i.e., grass fires, severe weather or other grid related transients or scheduled work activities). Tailboards would take place with the various onsite operations and maintenance organizations to ensure a complete understanding of the testing activity and to ensure no other activities take place that could adversely affect the testing or the plant during the testing. In addition, prior to the testing, clearances would be placed and verified by operations and maintenance personnel involved in the testing.

The switchyard at DCPP is not operated or controlled by plant staff, however, there are formal communication processes and agreements in place that limit risk related work in the switchyard during diesel testing.

During the testing activities, if a redundant system or component became inoperable, a decision to abort the test would be made based on current plant conditions, the purpose for performing the test, and whether increase in risk is involved. In some cases it may 3

Enclosure 1 PG&E Letter DCL-03-178 be prudent to complete the test, e.g., if the test is being performed to reestablish operability following corrective maintenance. However, in most cases the test would be aborted, and the affected systems returned to service immediately.

DCPP Administrative Procedure AD7.DC6, 'On-Line Maintenance Risk Management" is provided in Enclosure 2. This procedure includes the verification procedures and processes that are followed for all on-line activities including testing. This procedure provides guidance for evaluating risk in accordance with 10 CFR 50.65(a)(4)

(Maintenance Rule), establishing compensatory measures, and assuring the activity is scheduled in the appropriate train/bus/set workweek.

NRC Question le:

Discuss whether procedures are in place to alert operators when to perform either portions or full SRsfTesting. Will the operators receive training on the procedures related to the proposed technical specification changes prior to implementation?

PG&E's Response:

All testing at DCPP, whether normal full testing or partial testing, is performed using approved procedures. All operations and maintenance personnel are trained and knowledgeable of the associated procedures prior to performing them. Partial testing is not considered to be a normal testing activity, and the parameters or boundaries of the test may vary. As a result, partial tests may require a special test procedure be created specifically for that test.

The decision on whether to perform one (or more) of these SRs, either in full or partially, would be determined based on the specific corrective maintenance being performed. The cause of the failure that results in the need to perform corrective maintenance has to be known in order to determine what testing would be required in order to reestablish operability. This process is established in plant procedures on work controls and addresses emergent work. Emergent work is unforeseen or unexpected work requiring immediate attention, which may require 24-hour coverage due to potential impact on the safe, reliable, and legal operation of the plant. At a minimum, all issues causing unplanned entry into a technical specification equipment outage of 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> or less would be considered emergent. For emergent work activities, key personnel are identified as having the responsibility for providing input into the required repairs and testing necessary to restore operability. The identified surveillance testing requirements for any work would be specifically provided or referenced in the work orders for performing the corrective maintenance or modification. The work orders and the plant procedures associated with the identified surveillance testing, specify responsibilities for ensuring required surveillance tests are completed prior to declaring a system/component operable. These procedures take into consideration the proper plant conditions for the testing, require briefings with the test performer on the effect of the testing on plant equipment, and assure the testing will not place the plant in an unsafe condition.

4

Enclosure 1 PG&E Letter DCL-03-178 As a normal part of the implementation process for any approved technical specification change all required procedures must be in place and all personnel directly affected by those changes must be trained on the procedures and changes prior to implementation.

This training can involve mentoring, tailboards, and/or formal training.

NRC Question 1f:

Discuss the compensatory measures that will be implemened during performance of SRs 3.8.1.10, 3.8.1.13, and 3.8.1.14.

PG&E's Response:

All of the testing activities at DCPP require determination of the status of potentially affected systems, communication with responsible operation and maintenance personnel, and the placement of formal clearances, if necessary. The determination of the status of systems may involve the review of the plan of the day to determine potential activities that could adversely affect the test or increase risk, walkdowns of the components or systems being tested and the backups to those being tested, and review of offsite or external conditions that could have a potential affect on the risk (i.e.,

grass fires, severe weather or other grid related transients or scheduled work activities).

Tailboards would take place with the various onsite operations and maintenance organizations to ensure complete understanding of the testing activity and to ensure no other activities take place that could adversely affect the testing or the plant during the testing. In addition prior to the testing, clearances would be placed and verified by operations and maintenance personnel involved in the testing.

The compensatory measures for these specific tests include verifying the plant conditions, evaluating the risk, communicating to plant personnel, placing clearances, ensuring the redundant EDGs are operable and remain operable during this testing, and ensuring other activities do not take place that could adversely affect the plant through the duration of the activity being performed.

NRC Question 1a:

For SR 3.8.1.13, discuss (1) how the SR is performed and (2) how the safety injection (SI) signal is generated without disturbing power operation.

PG&E's Response:

The current approved wording of DCPP SR 3.8.1.13 is somewhat different from NUREG 1431 and TSTF-283. It does not specifically require that verification of bypass capability be tested for an actual or simulated loss of bus voltage concurrent with a safety injection (SI) signal. The DCPP EDG start logic is designed such that all EDG trip functions, with the exceptions listed in the technical specification (TS), are bypassed when the EDG is started automatically (on loss of standby power or SI signal, or both),

5

Enclosure 1 PG&E Letter DCL-03-178 the cutout switch is in the cutout position and the EDG is aligned for automatic operation. The continuity test across the switches ensures that there is no signal across these switches that would allow these trip functions to function and trip the EDG during an automatic start. The verification of no signal when the switches are in the cutout position ensures that these trip functions will be properly bypassed and the system will function properly for any single or combination of the start signals. EDG automatic start on an actual or simulated loss of bus voltage concurrent with a Si signal is verified in DCPP SR 3.8.1.11 and SR 3.8.1.12.

1) The SR 3.8.1.13 test involves turning a toggle switch on the vertical board to "cut-out" position and verifying that there is no continuity across the switch contacts. The toggle switch is also turned to "cut-in" position and it is verified that there is continuity across the switch contacts.
2) This surveillance test does not require an SI signal to be generated. However at DCPP, any surveillance test procedures that are performed, including start of the EDG on a SI signal, are performed from the solid state protection system (SSPS) test cabinet, which has switches controlling associated slave relays. Those switches are turned to the test position and then depressed to simulate the SI signal for particular equipment, i.e., EDG. Currently we start the EDGs on a quarterly frequency from SSPS by simulating a SI signal.

NRC Question 3a For SR 3.8.1.10, in Section 4.1 of the application, it is stated that "during the last refueling outage at DCPP [Diablo Canyon Power Plant] when the DG full load reject SRs were performed for each diesel, the voltage transients experienced by the loads on the associated buses were minor (the worst case was an approximate 1.29 percent change of 54 volts in the bus voltage at the 4.16 kV level, in approximately 0.09 seconds)." Discuss the impact of this voltage transient on degraded voltage relays.

Also, during power operation the voltages at the safety buses are relatively lower than during shutdown, what will be the voltage transient due to a full load rejection test at the lower voltages and its impact on degraded voltage relays?

NRC Question 3b Question a above is also applicable to SR 3.8.1.14.

PG&E's Response for 3a and 3b:

The impact of this momentary voltage transient on the degraded voltage relays will be negligible regardless of whether it is during an outage at higher bus voltages or during plant operation at lower (normal) bus voltages. The bus transient voltage of 54V is the difference between an EDG paralleled to the bus and offsite power, versus the offsite power voltage level. The transient voltage is the boost to the bus voltage from the associated EDG. Once the EDG output breaker is opened during load rejection, the 6

Enclosure 1 PG&E Letter DCL-03-178 bus voltage decays to the offsite power voltage level. During the subject testing, no bus voltage oscillation was observed when taking this data with high-speed recorders and the transition was smooth with no step change.

The degraded bus voltage relays (27HFB3 and 27HFB4) are set to drop out at 109.5 V (equivalent bus voltage of 3810 V) and 109 V (equivalent bus voltage of 3827 V),

respectively. These relays, when actuated, send output signals through time delay relays: 10sec (62HF3A) to start the EDG, and 20 sec (62HF3B) to initiate load shed.

The momentary 54 V transient would appear to these relays as a bus voltage drop from approximately 4210 V with the EDG connected, to approximately 4160 V, which would not actuate or have an affect on these relays.

7

Enclosure 2 PG&E Letter DCL-03-178 Diablo Canyon Power Plant Administrative Procedure AD7.DC6, "On-Line Maintenance Risk Management"

[

  • UNCONTROLLED PROCEDURE NT USE TO PERFORM WORK or ISSUE FOR USE,*

N~O PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 NUCLEAR POWER GENERATION REVISION 7 DIABLO CANYON POWER PLANT PAGE 1 OF 15 ADMINISTRATIVE PROCEDURE TITLE: On-Line Maintenance Risk Management 10/24/02 EFFECTIVE DATE PROCEDURE CLASSIFICATION: QUALITY RELATED SPONSORING ORGANIZATION: OPERATIONS REVIEW LEVEL: "A" TABLE OF CONTENTS SECTION PAGE SCOPE .. . . . . . . . . . .. . .. . . . . . . . . . . . . .. . .. . . . . . .. . . . . . . . . . . ..

DISCUSSION ................................................... 2 RESPONSIBILITIES ..................................................... 3 DEFINITIONS ................................................... 4 Compensatory Measures ................................................... 4 Core Damage Frequency (CDF) ................................................... 4 Core Damage Probability (CDP) ................................................... 5 Degraded ................................................... 5 External Risk ................................................... 5 Internal Risk ................................................... 6 Key Safety Function (KSF) ................................................... 6 Large Early Release Frequency (LERF) ................................................... 7 Probabilistic Risk Assessment Allowable Outage Time (PRA AOT) ................................................... 7 Risk Significant ................................................... 7 Threshold PRA AOT ................................................... 7 Train Level SSC ................................................... 8 Trip Mitigation SSC ................................................... 8 Trip Risk .................................................. 8:

8 PRECAUTIONS AND LIMITATIONS ................................................... 8 INSTRUCTIONS ................................................... 8 Developing the 12 Week Rolling Matrix ................................................... 8 Managing Risk in the Maintenance Planning Phase .................................................. 10 Managing Risk in the Maintenance Execution Phase (Real Time) .................................................. 11 Plant Trip Risk Assessment ................................................... 11 Probabilistic Risk Assessment .................................................. 12 Safety Function Degradation Assessment .................................................. 13 REFERENCES .................................................. 14 RECORDS .................................................. 15 ATTACHMENTS .................................................. 15 SPONSOR .................................................. 15

1. SCOPE 1.1 This procedure provides guidance for managing plant trip, probabilistic, and safety function degradation risk from on-line maintenance, external or internal conditions, as required by 10 CFR 50.65(a)(4) of the Maintenance Rule.

01339207.DOC 01B 1024.0728

f_**4 UNCONTROLLED PROCEDURE- DO NOT USE TO PERFORM WORK or ISSUE FOR USE,*j..,

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 2 OF 15 TITLE: On-Line Maintenance Risk Management 1.2 These instructions shall be used for risk management when the unit is in MODES 1, 2, 3 and 4. Risk management in MODES 5 and 6 is addressed in AD8.DC50 through AD8.DC55.

1.3 Risk in the transitional MODE 4 will be controlled as follows:

1.3.1 Any maintenance on risk significant Systems, Structures, or Components (SSCs) in MODE 4 will require specific authorization of the operations manager.

1.3.2 Risk significant equipment removed from service in accordance with Tech Spec requirements (e.g., isolating a CCP and the SIPs per SR 3.4.12.1 and SR 3.4.12.2) does not require special authorization.

1.3.3 Qualitative evaluation based on Key Safety Function degradation should be performed for risk significant equipment removed from service in MODE 4.

No quantitative core damage frequency values should be used since the probabilistic risk analysis is based on a full power model.

1.4 Certain risk significant components cannot be taken out of service for on-line maintenance or result in very short Tech Spec action statements. In these cases, risk insights provide limited value. Therefore, this procedure will limit itself to assessing probabilistic and safety function degradation risk on SSCs listed in Attachment 9.1. See also reference 7.7 for bases.

2. DISCUSSION 2.1 Risk from performing maintenance on-line is minimized by:

2.1.1 Performing only those preventative and corrective maintenance items on-line required to maintain the reliability of the structure, system, or component (SSC).

2.1.2 Minimizing cumulative unavailability of safety-related and risk significant SSCs by limiting the number of at-power maintenance outage windows (MOW) per cycle per train/component. Refer to AD7.1D4.

2.1.3 Minimizing the total number of SSCs out-of-service (OOS) at the same time.

2.1.4 Minimizing the risk of initiating plant transients (trips) that could challenge safety systems by implementing compensatory measures.

2.1.5 Avoiding higher risk combinations of OOS SSCs using Probabilistic Risk Assessment (PRA) insights.

2.1.6 Maintaining "defense in depth" by avoiding combinations of OOS SSCs that are related to similar safety functions or that affect multiple safety functions.

01339207.DOC OIB 1024.0728

La-' **LUCONTROLTEDBPROCEDURE-f'DONOTLUSETOPERF ORMWORK or ISSUEFOR.IISE!'..ii PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 3 OF 15 TITLE: On-Line Maintenance Risk Management 2.2 Scheduling the SSCs in the 12 week rolling matrix according to their Train/Bus/Set relationship minimizes a large part of the Tech Spec conflict and risk factor. Refer also to AD7.1D4.

2.3 Risk is managed as follows:

2.3.1 Plant trip risk activities or conditions are evaluated qualitatively and mitigated by:

a. Taking appropriate compensatory measures; and/or
b. Ensuring defense-in-depth for safety systems that are challenged by a plant trip.

2.3.2 Risk significant equipment OOS configurations (singles and pairs of components) affecting Core Damage Frequency (CDF) have been quantitatively pre-analyzed by probabilistic risk methods.

2.3.3 The ability of SSCs to support Key Safety Functions (KSFs) that protect the fission product barriers (clad, RCS, and containment) is evaluated qualitatively.

2.3.4 Compensatory measures and management authorization may be required to allow higher risk configurations for planned maintenance. Management notification may be required for emergent higher risk situations.

3. RESPONSIBILITIES 3.1 The engineering director is responsible for overall administration of the Maintenance Rule per MAI.1D17.

3.2 The scheduling supervisor is responsible for overall coordination of scheduling on-line maintenance in accordance with this instruction and AD7.1D4.

3.3 The cognizant manager is responsible for identifying and proposing compensatory measures for HIGH or VERY HIGH risk activities performed by their groups per MAI.DC10 and MAI.DCII.

3.4 The operations manager is responsible for approving higher risk OOS configurations as identified by this instruction.

3.5 The operations work control supervisor and the daily scheduling supervisor are responsible for overall implementation of the on-line risk management program.

3.6 The operations work week manager (or, in his absence, an OPS Shift Manager) is responsible for ensuring risk assessments for planned maintenance are completed in accordance with this instruction and AD7.1D4.

3.7 The operations shift foreman is responsible for:

  • Verifying risk assessments for planned activities are valid; and for
  • Performing risk assessments for emergent conditions affecting the plant in accordance with this instruction and AD7.1D4.

01339207.DOC ORB 1024.0728

- . ***UNCONTROLLEDWPKROCE~dITUSETOPERFORM__ WORKorSSUEFORUS E**

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 4 OF 15 TITLE: On-Line Maintenance Risk Management 3.8 The PRA supervisor is responsible for:

  • Providing the risk insights and numerical risk values for this procedure; and for
  • Maintaining the ORAM-Sentinel software.
4. DEFINITIONS 4.1 Compensatory Measures - Actions taken to mitigate the risk from planned or emergent plant equipment conditions or external or internal conditions. Examples include:

NOTE: Deferral of elective work to avoid unacceptable risk is an assumed option.

4.1.1 Risk Awareness

  • Tailboards, PA announcements, Plan of the Day, special notices, etc.
  • Direct supervisory oversight.
  • Upper Management authorization.
  • Abnormal or infrequent evolution briefings.

4.1.2 Minimize duration of the activity or condition

  • Pre-planning - Tailboards, pre-job walkdowns, pre-staging equipment and supplies, mock-up training.
  • Contingency planning - Canned tailboards, JIT simulator training, temporary procedures, call-out lists, back-out criteria, etc. (plan for failure).
  • Augmented coverage - Working two (2) shifts/day, around-the-clock coverage.

4.1.3 Mitigate Consequences

  • Protect redundant equipment - barricading OPERABLE DEGs during redundant DEG MOWs, offsite power outages, or grid instability; restricting activities in the 500ckV and 230kV yards when DEGs are out of service.

4.2 Core Damage Frequency (CDF) - The instantaneous risk of a core damaging accident's occurrence expressed as occurrences per year.

4.2.1 The plant specific Probabilistic Risk Analysis (PRA) calculates CDF for various plant configurations and accident scenarios.

a. For example, the CDF for operating the plant with all safety systems available (no maintenance case) is about IE-5/yr; that is, a core damaging accident might be expected to occur about once every 100,000 years.
b. If startup power were to be removed from service for the whole year, the CDF would increase by about a factor of 10 to about IE-4/yr, or once every 10,000 years.

01339207.DOC OIB 1024.0728

2,<.*;UNCONTROLLEDPROCEDURE.S.-DONOT USE TOPERFORMWORKor'ISSUEFORUSE* **

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 5 OF 15 TITLE: On-Line Maintenance Risk Management 4.2.2 Because the PRA model evaluates individual component failures, the CDF for Train Level SSCs in this procedure are sometimes composite values representative of the train vice specific components.

4.3 Core Damage Probability (CDP) - The product of the CDF and the out-of-service duration. This represents the actual risk of a core damaging event occurring during a given period of time.

4.3.1 From the above example, if startup power was to be out-of-service for six (6) hours, the core damage probability would be:

(I E - 4/yr) (6 hrs) 6.9E-8 8760 hrs/yr 4.4 Degraded - SSC condition or performance is below nominal. May still be considered OPERABLE, but operation may be curtailed or under increased monitoring. Examples include:

  • SSCs in Maintenance Rule (a)(1) (goal setting) status or approaching performance criteria limits.
  • SSCs on the Predictive Maintenance "Equipment Watch List."
  • SSCs on alert frequency Surveillance Testing (PX ALRT ARs).
  • SSCs with other significant existing deficiencies (CM or AT EQPR or EVAL ARs, operator workarounds, etc.).

4.5 External Risk - Trip Risks from factors originating outside the plant boundaries.

Severity of trip risk will be evaluated qualitatively on a case-by-case basis. The following examples should be classified as High Trip Risks:

4.5.1 Offsite power system induced trip risks:

NOTE: External risks affecting offsite power may also affect plant trip mitigation SSCs.

  • Peak power demand (i.e., CAISO stage 3 or higher grid emergencies).
  • Fires threatening offsite power source lines.
  • Storms (wind, rain, etc.).

4.5.2 Direct trip risk from storms:

  • High ocean swell varning. (Refer to OP 0-28, "Intake Management.")
  • Lightning strikes, etc.

4.5.3 Seismic risk factors.

  • Tsunami warning. (Refer to CP M-5, "Tsunami Warning.")

01339207.DOC OIB 1024.0728

E t-i**UNCONTROLLEDPROCEDURE- DONOTUSE TOPERFORMWORKorISSUEFORUSE 1*<. -

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 6 OF 15 TITLE: On-Line Maintenance Risk Management 4.6 Internal Risk - Risks from operations, maintenance, and environment originating inside the plant boundaries.

4.6.1 Examples of environmental effects include fire, flooding, high and medium energy line breaks.

4.6.2 So long as compensatory measures are put in place per the Equipment Control Guideline actions for degraded engineered features, risk to adjacent components is considered insignificant.

4.6.3 Failure to implement ECG actions within the required time limits should require an after the fact risk assessment by the PRA Group. This includes:

  • Fire protection - Barriers, doors, detection, suppression, etc. (ECG 18).
  • Flooding - Doors, barriers, drains, etc. (ECG 80).
  • High and Medium Energy Line Breaks - Doors, blow-out panels, etc.

(ECG 80).

4.7 Key Safety Function (KSF) - A function required to protect the fission product barriers.

Degradation of "defense in depth," the ability to maintain the KSF, is evaluated by the use of logic trees when removing Risk Significant SSCs from service for maintenance. This assessment is independent of the PRA AOT method.

4.7.1 These KSFs correspond to the critical safety functions in the Emergency Operating Procedures (EOP) Function Restoration Guidelines (FRGs) that mitigate extreme - RED, or severe - MAGENTA, challenges to the barriers.

NOTE: The RCS inventory critical safety function in the FRGs was not included because there are no RED or MAGENTA paths in that series of procedures.

4.7.2 Two additional support functions, Component Cooling and Vital Electric Power, were created in addition to those in the FRGs. Many individual components can be affected by a degradation of these support systems. For ease of use, rather than evaluate the affect on each supported component, the new KSFs were created.

4.7.3 Similar to the FRGs, KSF defense in depth degradation is represented by a color.

a. GREEN KSF fully satisfied
b. YELLOW Moderate degradation
c. ORANGE Significant degradation
d. RED Severe degradation 01339207.DOC OIB 1024.0728

.***'UlNCONTROLLEDPROCEDURE- DO OT USE TO PERFORM WORK orISSUEFOR USE -*t_

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 7 OF 15 TITLE: On-Line Maintenance Risk Management 4.8 Large Early Release Frequency (LERF) - The instantaneous risk to the public from releases via penetration failures three (3) inch diameter and larger before the plant's emergency response plan has been implemented in an accident scenario. The only release pathway this large that could be affected by maintenance is the vacuum/pressure relief or containment purge and exhaust valves.

4.8.1 LERF risk is evaluated qualitatively under the Containment Key Safety Function.

a. For example, venting of containment for pressure relief should be avoided if a Train Level SSC affecting CDF was OOS giving a yellow Core Cooling or Containment Key Safety Function color (e.g., RHRP give yellow for both).
b. Alternatively, the example above would be acceptable if compensatory measures to mitigate the risk were implemented such as increased risk awareness tailboards, contingency planning in the event of a leak, etc.
c. If an inoperable penetration is isolated to comply with Tech Spec 3.6.3 actions, those compensatory measures are sufficient to mitigate the LERF risk. No other risk management actions would be required.

4.9 Probabilistic Risk Assessment Allowable Outage Time (PRA AOT) - The number of hours a single or combination of Risk Significant Train Level SSCs may be OOS before the time-integrated risk addition to the "no maintenance case" Core Damage Probability (CDP) exceeds 1E-6. Industry PRA guidelines define a change of less than IE-6 as "insignificant risk increase." The PRA AOT is used as a "ruler" to compare the relative risk of removing Risk Significant Train Level SSCs from service.

4.10 Risk Significant - As defined by MAI.1D17, a SSC is deemed to be risk significant if:

4.10.1 It is a significant contributor to the plant specific PRA; 4.10.2 If it provides or supports a Key Safety Function; or 4.10.3 It has been judged to be risk significant by the Maintenance Rule expert panel.

NOTE: Certain risk significant components cannot be taken out of service for on-line maintenance or result in very short Tech Spec action statements. In these cases, risk insights provide limited value. Therefore, this procedure will limit itself to assessing probabilistic and safety function degradation risk on SSCs listed in Attachment 9.1. See also reference 7.7 for bases.

4.11 Threshold PRA AOT - The PRA AOT of the riskiest single Risk Significant Train Level SSC normally allowed to be removed from service for on-line maintenance. It is reasoned that any combination of Risk Significant Train Level SSCs may be removed from service as long as it is allowed by Tech Specs, OPi .DC 17, and the combination is no riskier than the riskiest single Risk Significant Train Level SSC.

01339207.DOC 01B 1024.0728

L .,; /CONEROLLEO.P.ROCEDURE'OJJON1USE.TOPERFMORMjWORKorjSSUMFOffUSE.*;.i PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 8 OF 15 TITLE: On-Line Maintenance Risk Management 4.12 Train Level SSC (TLS) - Equipment name that represents the train affected by individual component maintenance or failure. For example:

OOS Component TLSSC FCV-95 AFWPI 8803A CCPI 8807B SIP2 Opposite Unit ASW pp FCV-601 4.13 Trip Mitigation SSC - The primary SSCs that are immediately challenged during a normal plant trip (no safety injection). Loss of redundancy for these SSCs present significant complications in the event of a plant trip:

  • Offsite power sources (230kV initially, 500kV with delayed access)
  • Auxiliary Saltwater trains 4.14 Trip Risk - Any activity that could lead to a reactor or turbine trip. Turbine and reactor trips represent the most likely transient initiators leading to core damaging and large early release events.

4.14.1 HIGH risk activities evaluated per MAL.DC10 or MAI.DCI I are considered Trip Risks by this procedure only if they might lead to a transient having a significant effect on reactor power (>2%RTP). See Reference 7.9.

5. PRECAUTIONS AND LIMITATIONS 5.1 The 12 week rolling matrices shown in Attachment 9.2 are FOR INFORMATION ONLY. The Daily Work Coordination Group (DWC) keeps current versions of the matrices for each unit.

5.2 Current PRA AOT values are found using the on-line risk assessment computer program ORAM-Sentinel. PRA AOT values for single configurations are documented on Attachment 9.1.

5.3 The SFATs are based on the equipment importance in accident mitigation as described in the EOP background documents. SFATs are displayed using ORAM-Sentinel software.

6. INSTRUCTIONS 6.1 Developing the 12 Week Rolling Matrix 6.1.1 The 12 Week Rolling Matrix (Matrix) is based on the STPs performed in MODE I for all the major risk significant SSCs. (Refer to Attachment 9.1, List of Risk Significant Systems.)

01339207.DOC OIB 1024.0728

    • UP/CONTROtLEDPROCEDURE-DO NOT USE TOPERFORM WORKorISSUEFORUSE ***

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 9 OF 15 TITLE: On-Line Maintenance Risk Management 6.1.2 The weeks are categorized by 3 methods.

a. SSPS Train relation - A, B, or A/B
b. Vital bus relation - F, G, H, or Non-bus
c. Protection Set relation - 1, II, III, IV
d. Thus, the 4 week sub-cycle within the 12 week cycle is:
1. Train A/B Bus H
2. Train B Bus G
3. Train A Bus F
4. Train A/B Non-bus
e. Protection set weeks are spread over the full 12 week cycle.

6.1.3 Each week is further subdivided into two work windows; Tuesday-Wednesday, Thursday-Friday - each 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> long.

a. This is consistent with the AD7.1D4 requirement that T.S. SSCs out-of-service (OOS) duration be scheduled not to exceed 1/2 the Tech Spec Action Allowable Outage Time (AOT). For most ESF components, this is 1/2 of 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />s: 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />.
b. This also provides time separation for working two safety related SSCs in the same week.

6.1.4 Compile a listing of the quarterly and monthly STPs for the major SSCs.

6.1.5 Classify the SSCs by SSPS train, vital bus and protection set as described above and spread out the STPs through the 12 week cycle in their appropriate train/bus/set weeks (refer to Attachment 9.2, Sample 12 Week Rolling Matrix).

a. Group the STPs at the train level if possible, for example slave relay test with pump test and associated valve tests.
b. Levelize for daily work loading, cross-discipline support required for test performance, opposite unit testing schedule, test instrumentation requirements. etc.

6.1.6 Analyze weeks for possible trip risks, train level probabilistic risk, and safety function degradation conflicts as described below and correct as required.

6.1.7 Revisions to the matrix should be minimized.

a. If changes are found to be necessary, follow above guidance and analyze for risk similarly.
b. STP performance should be short cycled as required to avoid use of surveillance interval grace period during transition to the revised matrix.

(Refer to AD13.DC1 .)

01339207.DOC O1B 1024.0728

-

  • 4*{UNCO TROLLED PROCED URE.: DO NOTgUSETO PERFORMWORK orISSUEFOR ***

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 10 OF 15 TITLE: On-Line Maintenance Risk Management 6.1.8 The Matrix Coordinator should mark up a long-term matrix spreadsheet (example: Attachment 9.3) or schedule with planned MOWs from the PIMS PM RTS due dates and other Daily Work Coordination (DWC) reports.

a. Identify all MOWs on the spreadsheet to help visualize the SSCs OOS at the same time for risk assessment and workload levelization.
b. Verify Risk Significant SSC MOWs are correctly scheduled in their train/bus/set week to align with the component STP. Correct the PIMS/P3 schedule if necessary or obtain Work Week Manager (WWM) approval for deviation.
c. Schedule so that the STP provides the PMT for the maintenance on the SSC.

6.2 Managing Risk in the Maintenance Planning Phase 6.2.1 The OPS work week managers shall ensure risk management actions are completed for planned work considering:

a. Expected plant conditions during the week.
b. Expected external conditions due to seasonal effects (e.g., storm or fire season, summer peak loads, etc.).

6.2.2 Determine the activities scheduled for the week that are Trip Risks.

6.2.3 Determine the Risk Significant SSCs that are scheduled to be OOS. Classify them at the train level (TLS). Refer to Attachment 9.1.

a. For each TLS, determine its current unavailability and health of its redundant train.
1. The cognizant system engineer and/or maintenance manager should give concurrence to schedule or consider deferral of maintenance.

a) If the TLS is approaching or will exceed 75% of its Maintenance Rule Availability Performance Criteria; or b) If the TLS's redundant train is Degraded.

6.2.4 If a Trip Risk is scheduled concurrently with OOS or degraded trip mitigation TLSs, attempt to separate the activities.

6.2.5 If two or more TLSs are scheduled to be OOS in the same week, attempt to separate the work to avoid overlap.

6.2.6 Determine the risk configurations during the week (unique plant states where one or a combination of trip risks or TLSs will be OOS).

6.2.7 Manage the trip risk, probabilistic risk, and/or safety function degradation associated with each configuration as described in Steps 6.4, 6.5 and 6.6.

01339207.DOC OIB 104.72 1024.0728

UNC0NTR0LLEDPR0CMO E ED _PqkDONOTUSE PERFORM WORKor SSUEFOR PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 11 OF 15 TITLE: On-Line Maintenance Risk Management 6.2.8 Propose risk mitigation compensatory measures, as appropriate.

6.2.9 Document risk management actions for each configuration on a TS sheet per OPI.DC17.

6.3 Managing Risk in the Maintenance Execution Phase (Real Time) 6.3.1 The SFM shall evaluate and manage the risk of all activities or conditions based on the current plant state:

a. Before any planned OR emergent maintenance is to be performed.
b. As soon as possible when an emergent plant condition is discovered.
c. As soon as possible when an external or internal event or condition is recognized.

6.3.2 Verify if the activity or condition is a Trip Risk and manage per step 6.4.

6.3.3 Determine if the activity removes a TLS from service, and

a. Manage probabilistic risk per step 6.5.
b. Manage safety function degradation per step 6.6.

6.3.4 If the redundant train remaining in service is degraded, implement additional compensatory measures.

6.3.5 If the evaluation reveals unacceptable risk, determine course of action based on restoration of safety function first, PRA aspects second.

6.3.6 Document risk management actions for each configuration on a TS sheet per OPl.DC17.

6.4 Plant Trip Risk Assessment 6.4.1 For pre-planned trip risk activities:

a. Ensure the work group proposing Trip Risk activities completes the appropriate authorization form from MA 1.DC 10 or MA 1.DC 11.
b. Concur with or propose compensatory measures to mitigate the trip risk, as appropriate.
c. Check for concurrent OOS or degraded plant trip mitigation TLSs using ORAM-Sentinel or TS Sheet review (offsite power, DEGs, AFW, or ASW). If present:
1. Obtain OPS manager authorization for concurrent performance.
2. Implement additional compensatory actions, as appropriate
3. Document condition and basis for approval on the appropriate TS Sheet.

01339207.DOC O1B4 1024.0728

OB

  • '*UNCONTROLLED T PROCEDURE~-

U 2S E TO IO DO' NOTUISETOPERFORM Umor 6S~f WORK A:USE, SSUE FORUS r **Do 4*

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 12 OF 15 TITLE: On-Line Maintenance Risk Management 6.4.2 For emergent plant trip risk activities or conditions:

NOTE: Emergent External Conditions should be treated as Trip Risks.

a. Implement immediate compensatory measures, as appropriate.
b. Check for concurrent OOS or degraded plant trip mitigation TLSs using ORAM-Sentinel or TS Sheet review. If present:
1. Implement additional compensatory measures to mitigate risk, as appropriate.
2. Notify the operations manager.
3. Document condition in an Action Request.

6.5 Probabilistic Risk Assessment NOTE: If the OOS TLS is a Trip Mitigation TLS, also check for concurrent Trip Risk using ORAM-Sentinel or TS sheet review and evaluate per step 6.4.

6.5.1 Determine the PRA AOT for the single or combination of TLSs OOS by using ORAM-Sentinel. If ORAM-Sentinel is not available, determine PRA AOT as follows:

a. Use Attachment 9.1 to obtain PRA AOT values for a single TLS OOS.
b. Contact the PRA group for any multiple TLSs OOS.

6.5.2 If the scheduled duration of work is less than the PRA AOT, determine and implement appropriate compensatory measures.

6.5.3 If the PRA AOT is less than the threshold PRA AOT:

a. Verify operations manager approval (or notification for emergent conditions) regardless of the scheduled duration. Scheduled duration is a factor that will be of importance in the decision process.
b. Basis for approval should be documented.
c. Determine and implement additional compensatory measures, as appropriate
d. Document the higher risk configuration in on the TS sheet.

6.5.4 If the scheduled duration of work is greater than the PRA AOT, then:

NOTE: If the duration of work exceeds the PRA AOT then, by definition, the risk increase is no longer insignificant.

a. Verify operations manager approval (or notification for emergent conditions).
b. Document basis for approval.

01339207.DOC 01B 0402 1024.0728

-m*rUNCON TROLLEDPROCEDURE: DONOTUSETOPERFORMWORKorISSUE FOR USE * *m PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 13 OF 15 TITLE: On-Line Maintenance Risk Management

c. Determine and implement additional compensatory measures, as appropriate.
d. Document the higher risk configuration in an action request.

6.6 Safety Function Degradation Assessment - For each configuration determined above, assess and manage the degradation of Key Safety Functions.

6.6.1 Determine the Key Safety Functions that are affected by the OOS TLS(s) by using the PC program ORAM-Sentinel. If ORAM-Sentinel is not available, use Attachment 9.1 to determine KSF score for a single SSC TLS, or contact the PRA group.

6.6.2 Determine the degree of degradation (color) of each affected Key Safety Function by selecting the affected TLS in ORAM-Sentinel.

6.6.3 If any TLS OOS combination results in a RED terminus.

a. The condition is not normally allowed and may be a Tech Spec violation.
b. Prior PSRC approval (operations manager notification for emergent conditions) is required.
c. Document the RED KSF configuration in an Action Request.

6.6.4 If any TLS OOS combination results in an ORANGE terminus:

a. Verify operations manager approval (or notification for emergent conditions).
b. Document basis for approval.
c. Determine and implement additional compensatory measures, as appropriate.
d. Document emergent ORANGE configuration in an Action Request.

01339207.1DOC OIB3 1024.0728

i. 7.7*- UNCONTROLLED PROCEDURE-"Do NOT USE O E WORKor SSUEFOUSE .**;

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 14 OF 15 TITLE: On-Line Maintenance Risk Management 6.6.5 If an OOS TLS or combination results in one or more YELLOW terminuses, evaluate as follows:

a. The Key Safety Functions yellow terminuses are assigned weighting factors in accordance wfth their importance IAW EOP FR F-0:
1. Subcriticality =5
2. Core Cooling =4
3. Heat Sink =3
4. RCS Integrity =2
5. Containment =1
6. Vital Power =5
7. Component Clg =5
b. If the sum of the weighting factors for the YELLOW terminuses is 8 or greater, then:
1. Verify operations manager approval (or notification for emergent conditions).
2. Document basis for approval.
3. Determine and implement additional compensatory measures, as appropriate.
4. Document emergent configurations with KSF 2 8 in an Action Request.
c. If the sum of the weighting factors for the YELLOW terminuses is less than 8, determine and implement compensatory measures, as appropriate.
7. REFERENCES 7.1 10 CFR 50.65 "The Maintenance Rule."

7.2 ERIN Engineering, "Equipment Out -of -Service Monitoring for the Maintenance Rule at Diablo Canyon - Technical Basis Document," dated 10/95.

7.3 NUMARC 93-01, "Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants," dated 7/2000.

7.4 NRC Inspection Manual, Inspection Procedure 62706, "Maintenance Rule," dated 8131/95.

7.5 AD7.1D4, "On-Line Maintenance Scheduling."

7.6 OPI.DC17, "Control of Plant Equipment Required by the Technical Specifications or Other Designate Programs."

01339207.DOC OIB 1024.0728

' '** CONTROLLEDPROCEDU-REDOAOTUSE;TOPERFORM WORKor iSSUEFOR USE  !

PACIFIC GAS AND ELECTRIC COMPANY NUMBER AD7.DC6 DIABLO CANYON POWER PLANT REVISION 7 PAGE 15 OF 15 TITLE: On-Line Maintenance Risk Management 7.7 Procedure History Sheet for AD7.DC6 Rev 1, "Bases For Attachment 9.1, "Risk Significant Train Level SSCs."

7.8 PG&E PRA Calculation File C13, Revision 1, "PRA Evaluation of Various Maintenance Configuration to Support the On-Line Maintenance Risk Assessment Procedure (AD7.DC6)," 08/31/01.

7.9 Action Request A055 1882, "AD7.DC6, RISK MANAGEMENT VS. MAI .DCI 1, WORK RISK ASSESSMENT'.

8. RECORDS None
9. ATTACHMENTS 9.1 "Risk Significant Train Level SSCs," I 1/08/01 9.2 "Sample 12 Week Rolling Matrix," 05/23/96 9.3 "Sample MOW Planning Spreadsheet," 05/23/96 9.4 "On-Line Risk Management Summary," 11/08/01
10. SPONSOR A.J. Chitwood 01339207.DOC OIB 1024.0728

.: ..UNCONTROLLED PROCEDURE- DOGNOTEUSE. TO PERFORM WORK.orSSUE FOR. USE-.*. -^Ase 11/08/01 Page 1 of I DIABLO CANYON POWER PLANT AD7.DC6 ATTACHMENT 9.1 TITLE: Risk Significant Train Level SSCs Sys Trn Bus Train Level Risk PC1 SFAT PRA PRA Sub Core Heat RCS Ctmt Vital Comp SF Train Level SSC Signif- AOT critical. Cool- Sink Integ- Power Cool- Score SSC (See Notes) icant ity ing rity ing (See Notes) 3 AB Non AFWP 1 y y y y 993 = 3 3 AFWP 1 3 B H AFWP 2 y y y y 3432 3 3 AFWP 2 3 A F AFWP 3 y y y y 2559 - 3 3 AFWP 3 7 PCV-455C y y y y >8760 3 2 - - 5 PCV-455C 7 PCVV456 y y y y >8760 3 2 = 5 PCV456 8 A F CCPI y y y y 2770 5 4 3 2 = 14 CCP 1 8 B G CCP2 y y y y 2459 5 4 3 2 14 CCP 2 9 A F SIP y y y y > 87601 4 3 7 SIP 1 B H SIP 2 y y y y 8656 4 3 7 SIP 2 10 B G RHRP 1 y y y y 4704 4 1 5 RHRP 1 10 A H RHRP 2 y y y y 4755 4 1 5 RHRP 2 12 B G CSP 1 y y y y > 8760 1 1 CSP 1 12 A H CSP 2 y y y y > 8760 1 - 1 CSP 2 14 CCWHE1 y y y y 336 - 5 5 CCWHE 1 14 - CCWHE2 y y y y 370 = = = 5 5 CCWHE2 14 A F CCWPI y y y y 1144 - - - 5 5 CCWP 1 14 B G CCWP 2 y y y y 1609 _____ 5 5 CCWP 2 14 AIB H CCWP 3 y y y y 689 = = = =5 5 CCWP 3 17 A F ASP I y y y y 336 5 5 ASP 1 17 B G ASP 2 y y y y 370 5 5 ASP 2 17 FCV-601 y y y y 502 5 5 FCV.601 21 AIB H DEG 1(21 y y y y 823 5 5 DEG 1 21 B G DEG2W11 y y y y 457 5 = 5 DEG2 21 A F DEG 3 y y y y 408 5 = 5 DEG 3 21 H- DFOTP1 y y y y 1150 = = = 5 5 DFOTP1 21 G- DFOTP2 y y y y 1023 _ 5 5 DFOTP2 23 - CFCU X n n y y >8760 = - = 1 - 1 CFCU X 23 CRVS S-35 y y n y >8760 O CRVS S-35 23 CRVS S-36 y y n y >8760 0 CRVS S-36 38 A = SSPS A y y y y 759 Orange NA SSPS A 38 B = SSPS B y y y 728 Orange ==NA SSPS B 67 = F BTCI y y y y 5000 =_= = 5 5 BTC 1 67 G BTC 2 y y y Y 1398 =_= = 5 5 BTC 2 67 H BTC 32 y y y y 1541 5 5 BTC 32 69 - SIU Pwr y y 119 5 5 SIUPwr 70T = 500kV OSP n n y _ 990 5 5 500kVDSP RS - Risk significant per Maintenance Rule AND can be worked On Line PCI - Unavailability hours tracked as performance criteria SFAT - Included inSafety Function logic trees PRA - Modeled inPRA AOT spreadsheet PRA AOT - Single component AOT to 1E-6 additional COF NOTES: Only those Risk Significant SSC's that are modeled in the DCPP PRA, have PC1 availability AOT's assigned, AND can be removed from service for maintenance on-line are included inthis table. Examples of Risk Significant SSC's not in the table include RCS, Pzr safeties, MSIV's, SIG's, RWST, CST, etc. See reference 7.7 for bases.

01339207.DOC 01B 1024.0728

. ** UNCONTROLLE0DPROCEDUR:E. DO NOTUSETO PERFORM.WORK or ISSUE FOR USE<.*.:

05/23/96 Page I of I DIABLO CANYON POWER PLANT AD7.DC6 ATTACHMENT 9.2 TITLE: Sample 12 Week Rolling Matrix UNIT ONE TWEL VEWEEKROLLINGMA TRIX MONDAY TUESDAY WEDNESDAY THURSDAY FRIDAY SATURDAY SUNDAY WEEK I TRAIN DAYSHIFT: U-9A DG11 P-13BFIREPPD2 OAYSHIFT: P-AFW-12V-3PB Lc U-S1ALLCFCUsP-12BI AMBUSH M-7A FIREVALVES DPC-1 SEC. PLANT M-9C F V110-113 DFDPP0 IREEXT DAYSHIFT; P-24LTCWF 01 WEEK2TRAIN V-3H12 RCV16 U-26 CCWHX12 P-CCP-12 M-1EBB M-6HB P-UUW-02 P-122 DFOPP02 BUS G DAYsHmIFT: U-BA DG12 *P-CSP-i DAYSHIFT:

M-67AFIREVALVES V-3HII `V-3EIl s6D3AbB *V-313s9D0A P-24LTCWPP02 LCV9 b 70 DAYSHIFT: DAYSHIFT:

CNTNMT ENTRY SPS-312SSECDG

  • SEALTABLE INSP. U-B69CO 2 WEEK3TRAIN DAYSHIFT: U-9A D013 14-54SEALFLOWDAYS P-SIP-11 P138 FIREPPOI P-AFW-13 P-CCW-i ABUSF V-3R1lC%DUUPSU4-7A F HIFT: V-3O s923AbB DAYSHIFT: U-1K IREVALVES U-9 ECCS VENTING V-3L2E82UA&B m49A FIREEXT *v-3s4 V-3L3 807A&B *V-3s3 u-2s CCW HXI I DAYSHIFT:

P-24 LTCWPP03 WEEK 4 TRAIN M-21A P-SIP-12 U-1BJ OWNVLVS M-16P2 DAYSHIFT: M-4 ABVS JSBBUSNON DAYSHIFT: DAYSHIFT: U-1BNBLDNIAFW PAINThWELWRESTRICTION MU-6CHOSE REELS M-5 FHBYS M-67AFIREVALVES R-1ARODS *V-3s2 BLDNIC s M-IDA DFOST U4-A CRVS

  • P-AFW-11 FORWEEKEND TESTING FV-3PS LEV106-109 DAYSHIFT:

FV-3RS FNV9S CNTNUT ENTRY FV-3R6FCV-37838 SmP 0-10?

WEEKSTRAIN DAYSHIFT: M-BA O 1 P-13BFIREPP02 DAYSHIFT: P-AFW-12 U-S1ALLCFCUS AIBBUSH U4-7AFIREVALVES DPC-1 SEC. PLANT DAYSHIFT.

U4-9CFIREEXT P24 LTCWPPO1 U-16HA

  • P-CSP-12
  • V-31391OB WEEKSTRAIN V-3K58146.8147 PF78ASWPP12 PAINTUWELDRESTRICTI U-BAD0 12 U-160 P-CCW-12 P-BAT-12 BBUSG F-3K68166,8187 U-2B CCWHX12 DNSFOR U-IBD F-3s6 FCV361 *P-fRlHR-Il U-ll DAYSHTFi: V-3J1 BLOCKVLVS DAYSHmIF: *FV-3SPH.AVLVS I-67A FIREVALVES DAYSHIFT SP S-312SSEC DG *V-3s7PH.AYVLVS CNTMNT ENTRYSEALTAB U-BIB CO2 *V-3s8 PH.AVLVS LEINSP. DAYSHIFT:

P-24LTCW FD02 WEEK 7 TRAIN V-3P4AFWVLVS V-3G1 ODTs U-54 SEALFLOW U-25 CCW HXII P-13BFIREPP01 U-IRE DAYSHIFT:

ABUSF DAYSHIFT: U-BADG13 P-CCP-i1 P-7BASWPP1I DAYSHIFT: *P-AFW-13 P-24 LTEWPFC3 U4-TAFIREVALVES DAYSHIFT: V-3FIFCV495 m6AF iREEXT U-8s ECCS VENTING V-3F2FCV498 V-3F3FCVEOI V-3F4FCV602 V-3FS FCVN03 WEEK 8 TRAIN U-21A U-16P4 FPAFW-i1 I PAINTWELD DAYSHIFT: M-4 ABVS DAYSHIFT:

AJBBUSNON DAYSHImT: F-3D3DFOVLVS RESTRICTIONSF06IESTINU-IDA DFOST M-S FHBVS P-12B3 UM-7AFIREVALVES DAYSHIFT: S UM-6CHOSEREELS MU-ACRVS PfT.DFO PP01 R-IA RODS DAYSHIFT CNTUNT ENTRY

__ _ _ _ _ _ _ _ __ __ STP I-1 D _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

WEEK 9 TRAIN PAINTIWELD RESTRICTIONS U-1iA P-13BFIREPP02 U-lEC U-ISF M-S1 ALLCFCUs AIB BUSH FORTESTING FORSTPUM-1B 'M-A DG011 *P-RHl-12 *P-AFW-12 DAYSHIFT:

U *V-3E9EBDlAbB DAYSHIFT P-24LTCWPP01 DAYSHIFT: U1iBU DPC-1SECPLANT UM-6AFIREVALVES *V-3s5 PH.A UC FIRE EEXT VLVS PAINTIWELD RESTRICTI ONSFOR U-16I WEEK10TRAI DAYSHIFT: U-25 CCWHX12 STP-MUW-(I U-9A D012 -1BM P-178 CP13 V-3El FCVllCA NB BUSS M4-7AFIREVALVES *V-3UI WTRVLVS DAYSHIFT: *-3TI CVIVLVS V-3E2FCVI 1ICB

  • V-3U2WYTRVLVS CNTMNT ENTRYSEALTAB P-SFP-12 V-3ES8104,445 LEINSP. DAYSHIFTl V3EB FCN123 SPS-312s SEC DS DAYSHIFn:

MU-9B CO 2 P-24 LTCWPP02 WEEK I1 TRAI DAYSHIFT: M-l6BA u-s4 SEALFLOW U-2OCCWHXI1l U-1iE DUUP INTRLK P-AFW-13 P-BAT-Il N ABUSF U-41AFIREVALVES 'U-9A 0G13 DAYSHIFTn P-13BFIRE nF01 DAYSHIFTi u-8s ECCS VENTING DAYSHIFT: P-24LTCWFD3

_ _ _ _________ _ _ _ __ _ _ _ _ __ _ _ _ _ _ _ _ _ _ _ rn-CA FIRE EXT _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

WEEK12TRAI U-21A DAYSHIFT: P-AFW-II V-3H7S CCWVLVS P-SFP-II AF4 ABVS F CCW-13 N AJBBUSNO DAYSHIFT: R-1ARODS V-3M1,.4 RHRVLVS U-16P U-S FHBVS P1284 N U-17AFIREVALVES PAINTCWERESTRICTION *V-3R3BLON IC U-BA CRVS PORTDFOn 02 s *V-3R4USIVBYP DAYSHIFT: DAYSHIFT:

CNTMNT ENTRY U-1DADFOST

_STPI-1O MU-7C HOSEREELS 01339207.DOC OIB 1024.0728

  • ^*..LUNCONTROLLEDPROCEUREXONOTUSETOPERFORA.WORK i orISSUEFOR
  • USE .;*

05/23/96 Page 1 of I DIABLO CANYON POWER PLANT AD7.DC6 ATTACHMENT 9.3 TITLE: Sample MOW Planning Spreadsheet Date 10129195 1115195 11112195 11119195 11126195 1213195 12110195 12117195 12124195 12131195 117196 1114196 Events 1R7 1111 Thksgvg_ Chrstms New Yrs DWC Week 8544 9545 9546 9547 9548 9549 9550 9551 9552 9601 9602 9603 12WMtxWk 1 2 3 4 5 6 7 8 9 10 11 12 Train AIM B A AIB AM B A AiB AIB B A AIB Bus H 6 F Non H 6 F Non H a F Non System I 001 I-1D I-lD I-10 02 03A AFWP3 03B AFWP2 03AIB AFWP1 AFWP1 AFWP1 04 07 _ _ M-54 R-IA _ M-54 R-IA _ M-54 R-1A 081 PDP3 08A CCPl BATPI 08B CCP2 BATP2 09 M89 M-89 M-89 09A SIPM 099 SIP2 1OA _ _ _ _ _ RHRP2 _

109° = = = = = RHRI = = = = ==

12A CSP2 1 2B CSP1 13 SFP2 SFP1 14A CCWP1 14EB CCWP2 _

14AIB CCWP3 14HEA CCWHE1 CCWHE1 CCWHE1 14HEB _ CCWHE2 _ _ CCWHE2 _ _ CCWHE2 15 16 MUWTP2 MUWTP _

16 LTCWP1 LTCWP2 LTCWP3 LTCWPI LTCWP2 LTCWP3 LTCWP1 LTCWP2 LTCWP3 17_

17A_ ASPI 1 7B CCWHX2 _ _ _ ASP2 _ _

18 FP2 FP1 FP2 FP1 FP2 FP1 19 20 M-21A M-21A M-21A 21 DFOTPI DFOTP2 _ SACIB _ _ POFOP1 _ PDFOP2 21A_ DEG3 _ DEG3 DEG3 21B DEG2 DEG2 DEG2 21AIB DE61 DEG1 DEG1 22_

23 CFCS _ _ _ CFCS CFCS 23 23ABV _ M-4 M-4 M-4 23FHB_ M-5 M-5 M-5 23CRV M-6A M-BA M-6A 24 25 26 27 OWS1 451 CTMT CTMT ICTMT I ICTMT CTMT CTMT 661 SECDEG ISECDEG I. SECDEG 671 01339207.DOC OIB 1024.0728

I 1/08/01 Page I of I DIABLO CANYON POWER PLANT AD7.DC6 ATTACHMENT 9.4 TITLE: On-Line Risk Management Summary Evaluate risk for all planned or emergent activities, equipment OOS, or external conditions as follows:

NOTE 1: For all steps below, deferring elective activities to avoid unacceptable risk is an assumed option.

NOTE 2: If all steps are answered "NO," risk evaluation documentation is not required.

Step 1. Is the activity or condition a Trip Risk?

  • Emergent Trip Risk - implement compensatory measures; YES
  • Planned Trip Risk - concur with comp measures per MA I .DC 10 or I 1;
  • AND GO TO Step 2.

NO GO TO Step 3 Step 2. Is there a Trip Risk concurrent with degraded or out of service Trip Mitigation SSCs?

  • Verify OPS manager concurrenceornotificationto allo and 2 concurrently; YES
  • AND implement compensatory measures;
  • AND GO TO Step 3.

NO GO TO Step 3 N/A GO TO Step 3 Step 3. Is the SSC out of service Risk Significant for CDF or LERF?

  • Evaluate PRA and KSF; YES
  • Implement compensatory measures;
  • If the OOS SSC is a Trip Mitigation SSC, THEN verify Step 2 is complete;
  • AND GO TO Step 4.

NO GO TO Step 4 Step 4. Is the remaining in-service redundant train Degraded?

YES Implement additional compensatory measures.

NO Risk evaluation complete.

This checklist may be summarized as a lamicoid at the SFM desk for reference.

01339207.DOC OIB 1024.0728

Retrieved from "https://kanterella.com/w/index.php?title=DCL-03-178,_Response_to_NRC_Request_for_Additional_Information_Regarding_License_Amendment_Request_03-07,_Revision_to_Technical_Specifications_(TS)_3.8.1_AC_Sources_-_Operating_%26_3.8.4_DC_Sources_-_Operating_Surveillance_Requirements.&oldid=2687503"