DCL-11-059, Diablo Canyon Units 1 & 2, License Amendment Request 11-04, Revision to Technical Specification 3.6.6, Containment Spray and Cooling Systems, TS 3.7.5, Auxiliary Feedwater System, TS 3.8.1, AC Sources-Operating, TS 3.8.9, Distribution Sys

From kanterella
Jump to navigation Jump to search
Diablo Canyon Units 1 & 2, License Amendment Request 11-04, Revision to Technical Specification 3.6.6, Containment Spray and Cooling Systems, TS 3.7.5, Auxiliary Feedwater System, TS 3.8.1, AC Sources-Operating, TS 3.8.9, Distribution Syste
ML111530114
Person / Time
Site: Diablo Canyon  Pacific Gas & Electric icon.png
Issue date: 06/01/2011
From: Becker J R
Pacific Gas & Electric Co
To:
Document Control Desk, Office of Nuclear Reactor Regulation
References
DCL-11-059
Download: ML111530114 (90)
v  d  e


Text

Pacific Gas and Electric Company June 1, 2011 PG&E Letter DCL-11-059 U.S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D.C. 20555-0001 Diablo Canyon Units 1 and 2 Docket No. 50-275, OL-DPR-80 Docket No. 50-323, OL-DPR-82 License Amendment Request 11-04 James R. Becker Site Vice President Diablo Canyon Power Plant Mail Code 104/5/601

p. O. Box 56 Avila Beach, CA 93424 805.545.3462 Internal:

691.3462 Fax: 805.545.6445 10 CFR 50.90 Revision to Technical Specification (TS) 3.6.6, "Containment Spray and Cooling Systems," TS 3.7.5, "Auxiliary Feedwater (AFW) System," TS 3.8.1, "AC Operating," TS 3.8.9, "Distribution Systems -Operating," and TS Example 1.3-3 Dear Commissioners and Staff: Pursuant to 10 CFR 50.90, Pacific Gas and Electric Company (PG&E) hereby requests approval of the enclosed proposed amendment to Facility Operating License Nos. DPR-80 and DPR-82 for Diablo Canyon Power Plant (DCPP), Units 1 and 2, respectively.

The license amendment request (LAR) revises Technical Specification (TS) 3.7.5, "Auxiliary Feedwater (AFW) System," to incorporate changes consistent with the following NRC-approved TechnicaJ Specification Task Force (TSTF) Travelers:

  • TSTF-412, Revision 3, "Provide Actions for One Steam Supply to Turbine Driven AFW/EFW Pump Inoperable"
  • TSTF-439, Revision 2, "Eliminate Second. Completion Times Limiting Time From Discovery of Failure To Meet an LCO" The purpose of the TSTF-245 and TSTF-340 proposed changes is to clarify the operability of an AFW train during alternate alignments and to provide added flexibility in Mode 3 to repair and test the turbine driven AFW pump following a refueling outage. The purpose of the TSTF-412 proposed changes is to establish Conditions, Required Actions, and Completion Times for the Condition where one steam supply A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Ono.fre
  • Wolf Creek Document Control Desk June1,2011 Page 2 PG&E Letter DCL-11-059 to the turbine driven AFW pump is inoperable concurrent with an inoperable motor driven AFW (MDAFW) train. The availability of the TSTF-412 technical specification improvements was announced in the Federal Register on July 17,2007, as part of the consolidated line item improvement process. The purpose of the TSTF-439 proposed changes is to remove second completion times from TSs. Second Completion Times were included in the TSs for certain Conditions/Required Actions to establish a limit on the maximum time allowed for any combination of Conditions that result in a single continuous failure to meet the Limiting Condition for Operation. The TSTF-439 changes are necessary to address a proposed change to TS 3.7.5 discussed below that would be further complicated by the continued inclusion of second completion times in theTSs. Consistent with TSTF-439, the proposed changes would also revise TS 3.6.6, "Containment Spray and Cooling Systems," TS 3.8.1, "AC Sources -Operating," TS 3.8.9, "Distribution Systems -Operating," and TS Example 1.3-3. The TSTF-439 proposed changes to TS 3.8.1 Required Action A.2 Second Completion Time also addresses a discrepancy between the NRC and DCPP controlled copies. An additional proposed change to TS 3.7.5 would add a new Condition B , Required Actions, and Completion Times. The purpose of this change is to address a design feature of the AFW system that has not been previously reviewed by the NRC. This change would provide specific actions to be taken when automatic control of the MDAFW level control valves is not functional.

This change is also being pursued to clarify the DCPP licensing basis with respect to operating AFW level control valves in manual control. The above changes are separated into two separate enclosures to assist review of the proposed changes. Enclosure 1 addresses the proposed changes based on TSTFs 245, 340, 412, and new TS 3.7.5 Condition B. The enclosure contains a description of the proposed changes, the supporting technical analyses, and the no significant hazards consideration determination.

Enclosure 2 addresses the proposed changes based on TSTF-439.

The enclosure contains a description of the proposed changes, the supporting technical analyses, and the no significant hazards consideration determination.

Enclosure 3 includes the following attachments:

A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Onofre
  • South T exas Project
  • Wolf Creek Document Control Desk June 1,2011 Page 3 PG&E Letter DCL-11-059 Attachments 1 and 2 contain marked-up and retyped (clean) TS pages, respectively.

Attachment 3 contains proposed changes to the TS Bases, and is submitted for . information only. Attachment 4 contains a summary of regulatory commitments.

Attachment 5 contains proposed Final Safety Analysis Report Update (marked-up) pages, and is submitted for information only. PG&E has determined that this LAR does not involve a significant hazard consideration as determined per 10 CFR 50.92. Pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment needs to be prepared in connection with the issuance of this amendment.

The changes in this LAR are not required to address an immediate safety concern. PG&E requests approval of this LAR no later than April 27, 2012, to be implemented within 90 days from the date of issuance of the license amendments.

PG&E is making regulatory commitments (as defined by NEI 99-04) in this letter. Enclosures 1 and 2 contain regulatory commitments which are summarized in Attachment 4 of Enclosure

3. This letter includes no revisions to existing regulatory commitments.

If you have any questions or require additional information, please contact Mr. Tom Baldwin at 805-545-4720.

I state under penalty of perjury that the foregoing is true and correct. Executed on June 1,2011. A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway

  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Onofre
  • Wolf Creek Document Control Desk June 1,2011 Page 4 mjrm/4557 150329767 150308213/50304209 PG&E Letter DCL-11-059 cc/enc: Gary W. Butner, Branch Chief, California Department of Public Health Elmo E. Collins, NRC Regional Administrator, Region IV Michael S. Peck, NRC, Senior Resident Inspector James T. Polickoski, NRC Licensing Project Manager Alan B. Wang, NRR Project Manager cc: Diablo Distribution Enclosures and Attachments Enclosure 1 Evaluation of the Proposed Change for TSTF-245, 340, 412, and an Additional Change to TS 3.7.5 Enclosure 2 Evaluation of the Proposed Change for TSTF-439 Enclosure 3 Attachments
1. Proposed Technical Specification Changes (Markups)
2. Proposed Technical Specification Changes (Retyped)
3. Proposed Technical Specification Bases Changes (Markups) (for information only) 4. Summary of Regulatory Commitments
5. Proposed Final Safety Analysis Report Update Changes (Markups) (for information only) A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway
  • Comanche Peak
  • Diablo Canyon
  • Palo Verde
  • San Onofre

SUMMARY

DESCRIPTION

2. DETAILED DESCRIPTION
3. TECHNICAL EVALUATION
4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 4.2 Precedent 4.3 No Significant Hazards Consideration Determination 4.4 Conclusions
5. ENVIRONMENTAL CONSIDERATION
6. REFERENCES EVALUATION
1.

SUMMARY

DESCRIPTION Enclosure 1 PG&E Letter DCL-11-059 This evaluation supports a request to amend Operating License Nos. DPR-80 and DPR-82 for Units 1 and 2 of the Diablo Canyon Power Plant (DCPP), respectively.

The proposed amendment revises Technical Specification (TS) 3.7.5, "Auxiliary Feedwater (AFW) System," to incorporate changes consistent with the following NRC-approved Technical Specification Task Force (TSTF) Travelers:

  • TSTF-412, Revision 3, "Provide Actions for One Steam Supply to Turbine Driven AFW/EFW Pump Inoperable" Changes based on TSTF-439 are addressed in Enclosure
2. An additional change to add a new TS 3.7.5 Condition B and the associated TS bases section is included for a failure of automatic level control affecting level control valves (LCVs) on motor driven AFW (MDAFW) trains. 2. DETAILED DESCRIPTION TSTF-245 and TSTF-340 The purpose of the TSTF-245 and TSTF-340 proposed changes is to clarify the operability of an AFW train during alternate alignments and to provide added flexibility in Mode 3 to repair and test the turbine driven AFW (TDAFW) pump following a refueling outage. Consistent with TSTF-245, the following Note is added to SR 3.7.5.1, SR 3.7.5.3, and SR 3.7.5.4: "AFW train(s) may be considered OPERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation." The AFW System is a dual use system which is sometimes used for steam generator level control or during transient conditions.

As a result, during Modes 2, 3, and 4 when used for steam generator (SG) level control or in Mode 1 during a transient (e.g., loss of main feed pump), AFW valves may not be in their AFW required positions.

Adding the note to SR 3.7.5.1 would clarify the intended Enclosure 1 PG&E Letter DCL-11-059 flexibility allowed and prevent unnecessary entry into TS Required Actions. The NRC has made a previous determination that the AFW trains remain operable during these conditions in the manual mode of operation (Reference 4). Consistent with TSTF-340, TS 3.7.5 is modified as follows: Condition A is modified by using an "OR" logical connector to address the inoperability of the turbine driven AFW pump in MODE 3 following a refueling outage. The changed portion of Condition A is modified by a Note which limits its applicability to when the unit has not entered MODE 2 following a refueling outage. A deviation from the TSTF-340 wording is included in the proposed changes as shown: "G-Ae !Turbine driven AFW pump inoperable in MODE 3 following refueling." The word "One" is not included since each unit only has one turbine driven auxiliary feedwater (TDAFW) pump, and the redundant word could cause confusion about why it is specified.

This proposed change will reduce the number of unnecessary reactor MODE changes and requests for enforcement discretion during startup following refueling by allowing additional time in MODE 3, prior to entering MODE 2, to repair and retest the TDAFW pump if the pump is declared inoperable because the surveillance requirements could not be met. TSTF-412 The purpose of the TSTF-412 proposed changes are to establish Conditions, Required Actions, and Completion Times for the Condition where one steam supply to the TDAFW pump is inoperable concurrent with an inoperable MDAFW train. The availability of the TSTF-412 technical specification improvements were announced in the Federal Register on July 17, 2007, as part of the consolidated line item improvement process (CLlIP). Consistent with TSTF-412, TS 3.7.5 is modified as follows:

For new Condition D, Required Action D.1 requires restoration of the inoperable steam supply to OPERABLE status in 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. New Required Action D.2 requires restoration of the inoperable MDAFW train within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. 2 Enclosure 1 PG&E Letter DCL-11-059

  • Existing Condition C becomes Condition E, and is modified to not be applicable for two AFW trains inoperable when new Condition D applies.
  • Existing Condition D becomes Condition F.
  • Existing Condition E becomes Condition G. Changes to the affected TS Bases pages will be incorporated in accordance with TS 5.5.14, "Technical Specifications (TS) Bases Control Program." New TS 3.7.5 Condition B The purpose of this change is to address a design feature of the AFW system that has not been previously reviewed by the NRC. This change would provide specific actions to be taken when automatic control of one or more of the MDAFW pump level control valves is inoperable, but manual operation from the control room remains available.

This change addresses an issue identified regarding the event described in PG&E Letter DCL-09-061, "Licensee Event Report 1-2009-002-00, Two Trains of Auxiliary Feedwater Inoperable Due to Protection System Failure," dated August 28, 2009. PG&E has determined that the DCPP Final Safety Analysis Report Update (FSARU) and TS do not address operation of one or more AFW LCVs in manual control when automatic control is inoperable.

TS 3.7.5 is modified as follows:

  • A new Condition B is added to state: "One or more motor driven AFW trains with automatic control of one motor driven AFW level control valve per train inoperable."
  • New Required Action B.1 is added to state, "Place affected AFW level control valve(s) in manual control with valve demand full open." This action is modified by a note: "No change in valve demand is required if AFW is being relied upon for SG level controL" The purpose of this note is to preclude introducing transients when the AFW system is actively being relied upon.
  • New Required Action B.2 is added with an OR connector to state: "Declare the associated AFW train inoperable."
  • The existing Condition B becomes Condition C. Bases for new TS 3.7.5 Action B.1 is included as follows: While the AFW system is in standby mode with automatic control of motor driven AFW level control valve(s) inoperable, the affected AFW pump(s) 3 Enclosure 1 PG&E Letter DCL-11-059 may be inoperable.

Immediate action is necessary because a failure mechanism exists where inputs to automatic control can fail as-is, where the demand signal on the LCVs, upon an AFW actuation, could be anywhere from 0 percent to 100 percent open based on calculated demand at the time of failure. Placing the affected AFW LCV(s) in manual with the valve demand full open will restore operability to the affected motor driven AFW pump(s) if inoperable due to inoperable automatic control. Only one AFW LCV automatic control per motor driven pump train may be inoperable.

If automatic control for both AFW LCVs on a single motor driven train are inoperable, the affected train must be declared inoperable.

Required Action B.1 is modified by a note that states, "No change in valve demand is required if AFW is being relied upon for SG level controL" The purpose for this note is to preclude making an adjustment that could cause a transient when the AFW system is being relied upon for SG level control. If Required Action B.1 cannot be completed, then the associated AFW train must be declared inoperable per Required Action B.2 and the appropriate TS condition must be entered. While in the manual mode of operation, pump runout protection is not provided by the affected LCV. Runout protection is required for one AFW LCV per motor driven AFW pump train to preclude runout of the motor driven AFW pump under certain scenarios.

MODE transition is permitted under TS 3.0.4.a provided Action B.1 has been completed.

Operators may adjust AFW level control valves as needed to control steam generator level. TS Bases and FSARU markup pages are included in Attachments 3 and 5 respectively of Enclosure

3. Changes to the affected TS Bases pages will be incorporated in accordance with TS 5.5.14, "Technical Specifications (TS) Bases Control Program." 3. TECHNICAL EVALUATION System Description The AFW system automatically supplies feedwater to the SGs to remove decay heat from the reactor coolant system (RCS) upon the loss of normal feedwater supply. The AFW pumps take normal suction on the single suction line from the condensate storage tank (CST) and pump to the SG secondary side via separate and independent connections to the main feedwater piping outside containment.

The SGs function as a heat sink for core decay heat. The heat load is dissipated 4

Enclosure 1 PG&E Letter DCL-11-059 by releasing steam to the atmosphere from the SGs via the main steam safety valves (MSSVs) or Atmospheric Dump Valves (ADVs). If the main condenser is available, steam may be released via the condenser steam dump valves and recirculated to the CST. The AFW system consists of two MDAFW pumps and one steam turbine driven pump configured into three trains. Each motor driven pump provides 100 percent of the feedwater flow required for removal of decay heat from the reactor based on "better estimate" conditions.

The better estimate evaluation provides a reliability basis for assuming availability of both motor driven pumps for accident analyses.

The turbine driven pump provides 200 percent of the capacity of a motor driven pump. The TDAFW pump supplies a common header capable of feeding all SGs with vital AC powered control valves. Thus, the requirement for diversity in motive power sources for the AFW System is met. The AFW System is capable of supplying feedwater to the SGs during normal unit startup, shutdown, hot standby, and hot shutdown conditions.

The AFW System supplies sufficient water to the SG(s) to remove decay heat with SG pressure at the lowest setpoint of the MSSVs. The AFW System supplies sufficient water to cool the unit to residual heat removal entry conditions, with steam released through the ADVs. The AFW System (one turbine driven and two MDAFW trains) actuates automatically upon actuation of the anticipated transient without scram mitigating system actuation circuitry.

The motor driven pumps are additionally actuated by: (1) safety injection; (2) an associated bus transfer to the diesel generator signal; (3) a trip of both main feedwater pumps; or (4) SG water level-low-low in one of four SGs. The turbine driven pump is actuated by 12 kV bus undervoltage or SG low-low level in two of four SGs via the Emergency Safety Feature Actuation System. 5 Enclosure 1 PG&E Letter DCL-11-059 Figure 1 -Auxiliary Feedwater Simplified System Diagram AUXILfARY FEEDW ATER SIMPLIFIED SYSTEM DIAGRAM I I I PUI-P TURBINE r-AFW CONDENSATE STORAGE TANK RAW WATER RESERVOIR 1!'IR£ WATER TRANSFER TANK MAIN FEEOWATER LINES M r:cv AND ISOLAT[ON VALVES SIC r No.3 ';---e.&o::J-------,-----

SIC I No.4 SIC No.2 SIC No. I AFW -, REtIRC.LINE

  • CONDENSATE STORAGE The AFW System is discussed in the DCPP FSARU, Section 6.5. Changes consistent with TSTF-245 Changes consistent with TSTF-245 clarify the OPERABILITY of an AFW train during alternate alignments.

The AFW System is a dual use system. AFW valves may not be in their AFW required position during Modes 2, 3, and 4 when used for steam generator level control or in Mode 1 during a transient (e.g., loss of main feed pump). Adding the Note that an AFW train may be considered OPERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation would 6 Enclosure 1 PG&E Letter DCL-11-059 clarify the intended flexibility allowed and prevent unnecessary Required Action entry. This exception allows the AFW System to be out of its normal standby alignment and temporarily incapable of automatic initiation without declaring the train(s) inoperable.

Since AFW may be used during startup, shutdown, hot standby, and hot shutdown operations for steam generator level control, and these manual operations are an expected function of the AFW System, OPERABILITY should be maintained during these operations.

Following a reactor trip, AFW flow provides the source of makeup to the steam generators.

If excessive RCS cooldown is experienced and it is caused by a large amount of AFW flow, the TDAFW pump may be stopped in an attempt to limit RCS cooldown.

However, the TDAFW pump remains available for SG level control and can be restored by the operator.

With regard to this proposed change for the AFW System, the NRC staff has already made a determination of when manual versus automatic operation is permissible (Reference 4). The NRC recognizes this system may be used during startup of the plant, normal shutdown, hot standby, and hot shutdown conditions and that it is control band operated during these conditions in the manual mode of operation.

In such situations, the AFW System is considered OPERABLE with regards to the Limiting Condition for Operation and the TS definitions of OPERABLE/OPERABILITY.

Changes Consistent with TSTF-340 Changes consistent with TSTF-340 provide added flexibility by allowing additional time in MODE 3, prior to entering MODE 2 following a refueling outage, to repair and retest the TDAFW pump if the pump is declared inoperable because the Surveillance Requirements could not be met. For the inoperability of a steam supply to the TDAFW train, the 7 day Completion Time is reasonable due to the minimal decay heat levels prior to entering MODE 2, and since there is a redundant steam supply line for the TDAFW pump. With one steam supply inoperable, the TDAFW train is considered inoperable but is still capable of performing its specified function.

Changes Consistent with TSTF-412 PG&E has reviewed the safety evaluation published on July 17, 2007, (72 FR 39089) as part of the CLlIP. This verification included a review of the NRC staff's evaluation as well as the supporting information provided to support TSTF-412, Revision 3. PG&E has concluded that the justifications presented in the TSTF proposal and the safety evaluation prepared by the NRC staff are applicable to DCPP, Units 1 and 2, and justify this amendment for the incorporation of the changes to the DCPP TS. 7 Enclosure 1 PG&E Letter DCL-11-059 PG&E has determined that under the scenario with one steam supply for the TDAFW pump inoperable and one MDAFW pump inoperable, a feedline or steam line rupture could challenge the capability of the AFW system to provide feedwater.

Consistent with the model safety evaluation prepared as part of the CUI P for TSTF-412, PG&E is requesting a 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time for the new TS 3.7.5 Condition D. PG&E is not proposing any variations or deviations from the TS changes described in TSTF-412, Revision 3, or the NRC staff's model safety evaluation published in the Federal Register on July 17, 2007 (72 FR 39089). New TS 3.7.5 Condition B A new Condition, Required Action, and Completion Time are proposed to be added to TS 3.7.5. B. One or more motor driven B.1 AFW trains with automatic No change in valve control of one motor demand is required if driven AFW level control AFW is being relied upon valve per train inoperable.

for SG level control. --------------------------

Place affected AFW level Immediately control valve(s) in manual control with valve demand full open. OR B.2 Declare the associated AFW train inoperable.

Immediately This change will address inoperable automatic control of MDAFW pump LCVs, including a failure mechanism of Eagle 21 where failure of a Loop Calculation Processor (LCP) card from a rack lock-up affects automatic SG LCV control on both MDAFW pump trains. The intended design response to an Eagle 21 LCP failure is to lock-up the control output in a "fail-as-is" status to minimize plant transients as a result of a single failure. An Eagle 21 rack lock-up affects automatic control of one LCV on each of the MDAFW pump trains. In the event of failure of an Eagle 21 rack that supplies the SG level signal to the MDAFW pump discharge LCV control circuits, current plant operating procedures OP AP-5 and OP 0-2 and operator training specify that the MDAFW LCV controls be placed in manual with an operator stationed at the controls.

8 Enclosure 1 PG&E Letter DCL-11-059 The MDAFW train LCVs are designed to have manual operator control override capability by manual intervention at the manual/auto controller in the control room. When the LCV controller is placed in manual, automatic pump runout protection is not provided by that LCV. The other AFW LCV in automatic will continue to provide runout protection for that MDAFW train, precluding pump runout. The valve demand signal must be manually set so LCVs will appropriately open and provide adequate flow upon AFW actuation.

Although an operator is stationed at the controls to manually adjust the valves to prevent pump runout, prevention of pump runout is not necessary to mitigate any design basis accident.

The runout protection system provides additional reliability for the AFW system, preventing a consequential failure of the motor driven pump feeding a faulted SG. Placing the LCVs in manual does not affect automatic actuation of the AFW system. If operation of LCVs is transferred to the Hot Shutdown Panel, the runout protection capability is bypassed and only the automatic level control or manual operation is available.

System Safety Analysis Basis DCPP FSARU Section 6.5.1.1, "Design Conditions," identifies that the following reactor plant conditions impose safety-related performance requirements on the AFW System: (1) Loss of main feedwater transient (a) Loss of main feedwater with offsite power available (b) Loss of main feedwater without offsite power available (2) Secondary system pipe ruptures (a) Feedline rupture (b) Steam line rupture (3) Loss of all AC power (4) Loss-of-coolant accident (LOCA) (5) RCS Cooldown 9 Enclosure 1 PG&E Letter DCL-11-059 The AFW functions for the Loss of all AC power, LOCA, and RCS Cooldown are not impacted by placing the MDAFW pumps in manual with the valve demand full open. The Loss of all AC power evaluation only requires flow from the TDAFW pump, which is not impacted.

The LOCA and RCS Cooldown functions only credit long term AFW decay heat removal with flow requirements that are bounded by the FSARU design basis accident analysis.

Therefore, these AFW functions do not require any further detailed evaluation for this change. For the accidents that require evaluation below for acceptable AFW function while in the applicable proposed Technical Specification Action due to inoperable automatic control of MDAFW LCVs, no additional equipment failures are required to be postulated when demonstrating the safety function is still maintained.

Loss of Main Feedwater Transient The limiting accident for AFW flow demand is a loss of main feedwater event, requiring 600 gpm to four steam generators.

This will be met by either the turbine driven AFW pump or by both of the MDAFW pumps. Placing the affected MDAFW LCV(s) in manual control will defeat the runout protection provided by that LCV. Runout protection is not a concern for a Loss of Main Feedwater Transient, since there is no faulted generator to cause a pump runout condition.

Du ring the longer term cooldown and depressu rization of the RCS, the MDAFW pumps are precluded from experiencing runout by the other OPERABLE automatic LCV on each MDAFW pump train. In addition, manual LCV control is a commonly trained task for licensed operators.

AFW flow, SG level, and SG pressure indications are all provided to the operator in the control room to perform LCV adjustments.

Both MDAFW pumps, with the controls for one LCV per motor driven pump train in manual and valves full open as directed by plant operating procedures in response to inoperable automatic AFW LCV control will successfully mitigate the Loss of Main Feedwater Transient.

The flow from the TDAFW pump will provide additional AFW capacity and defense in depth. Thus, the required 600 gpm would be provided to four steam generators.

10 Secondary System Pipe Ruptures Feedline Rupture Enclosure 1 PG&E Letter DCL-11-059 A feed line rupture or feed line break (FLB) event could potentially result in an RCS cooldown or RCS heatup depending on the assumed plant conditions.

The FLB is not analyzed for an RCS cooldown since this event is bounded by the main steam line break (MSLB) analysis discussed below. Since the FLB RCS heatup analysis in FSARU 15.4.2.2 results in a faulted SG, the analysis conservatively does not credit any AFW flow until the operators have isolated the faulted SG at ten minutes. At this time the operators are assumed to establish the minimum required AFW flow of 390 gpm to two intact SGs. Since the FLB RCS heatup event is bounding based on assuming minimum AFW flow, the analysis assumes a limiting single failure of the TDAFW pump along with the conservatively bounding assumption to credit only one of the two MDAFW pumps for feeding two intact SGs. One MDAFW pump could potentially experience runout conditions if the inoperable LCV is on the faulted SG. However, it has been established that the MDAFW pump feeding two intact steam generators will not experience runout conditions.

As discussed earlier, additional equipment failures need not be postulated while in the proposed TS Action due to inoperable automatic control of the MDAFW LCV(s). Therefore, one MDAFW pump will be available to provide the minimum AFW flow to two intact SGs and ensure that the existing FSARU analysis remains bounding.

Steam Line Rupture MSLB In the event of a MSLB with LCVs in manual control, the MDAFW pump feeding the faulted steam generator line could experience a runout condition if the affected LCV is on that lead. However, since maximum AFW flow is more limiting for the MSLB analysis, the runout protection is conservatively assumed to fail for the strongest AFW pump to maximize the secondary side mass and energy release. The second MDAFW pump would provide sufficient flow for long term decay heat removal in accordance with the licensing basis analysis since it would not experience runout when feeding two intact steam generators.

Since AFW flow to two intact steam generators provides a sufficient heat sink to mitigate the accident, 11 Enclosure 1 PG&E Letter DCL-11-059 operation of the AFW LCVs in manual is bounded by the FSARU accident analysis.

FCV-95 The failure of the steam supply line to the TDAFW pump upstream of FCV-95 and downstream of FCV-37 and FCV-38 can result in a harsh environment in the GE/GW area that could fail the non-EO valves LCV-113 and LCV-115 to their open position.

Additionally LCV-110 or LCV-111 (and LCV-113 or LCV-115) could have their runout protection and automatic control capabilities disabled due to being in manual. Pump runout will not be a concern for MDAFW pump No.2, due to the operable runout protection on one LCV. The failure of this steam supply line would be mitigated by the closure of FCV-37 and FCV-38 within 10 minutes. With LCV-113 and LCV-115 assumed to be failed open, MDAFW pump NO.3 can additionally provide feedwater to SGs as needed by starting and stopping the pump. This event was analyzed for potential MDAFW pump failure prior to the 10 minute operator action. The analysis concluded the NPSH available is greater than the NPSH required, therefore the failure of the steam supply line continues to be bounded by the MSLB analysis.

PG&E has performed calculations and evaluations to demonstrate that the AFW system performance with one LCV per MDAFW train in manual control can still mitigate all design basis accidents such that the FSAR safety analyses remain bounding.

PG&E believes it is prudent to take action to protect an AFW pump feeding feedwater to a faulted steam generator.

PG&E is making the following regulatory commitment as defined in NEI 99-04: If AFW LCV control is placed in manual alignment due to a failure of automatic control, PG&E will assign an operator for manual operation.

Changes to the DCPP FSARU are provided in Enclosure 3, Attachment

5. No changes are required to FSARU Table 6.5-1 or 6.5-2 as a result of the change to TS 3.7.5. 4. REGULATORY ANALYSIS The proposed changes revise the requirements in Technical Specification (TS) 3.7.5, "Auxiliary Feedwater (AFW) System," to clarify the OPERABILITY of an AFW train during alternate alignments, to provide added flexibility in MODE 3 to repair and test the turbine driven AFW pump following a refueling outage, to clarify the OPERABILITY of the turbine driven AFW train with one steam supply 12 Enclosure 1 PG&E Letter DCL-11-059 inoperable, and to add a new action for inoperable automatic control of motor driven auxiliary feedwater (MDAFW) level control valves (LCVs). 4.1 Applicable Regulatory Requirements/Criteria The Diablo Canyon Power Plant (DCPP) units are designed to comply with the Atomic Energy Commission (now the Nuclear Regulatory Commission, or NRC) General Design Criteria (GDCs) for Nuclear Power Plant Construction Permits, published in July 1967. The following 1967 GDC and discussion following are applicable to the changes in this license amendment request: Criterion 11 -Control Room The facility shall be provided with a control room from which actions to maintain safe operational status of the plant can be controlled.

Adequate radiation protection shall be provided to permit access, even under accident conditions, to equipment in the control room or other areas as necessary to shut down and maintain safe control of the facility without radiation exposures of personnel in excess of 10 CFR 20 limits. It shall be ' possible to shut the reactor down and maintain it in a safe condition if access to the control room is lost due to fire or other cause. AFW system instruments and controls are located in the control room, as well as the hot shutdown panel. Criterion 12 -Instrumentation and Control Systems Instrumentation and controls shall be provided as required to monitor and maintain variables within prescribed operating ranges. AFW system instruments and controls are located in the control room, as well as the hot shutdown panel. Criterion 15 -Engineered Safety Features Protection Systems Protection systems shall be provided for sensing accident situations and initiating the operation of necessary engineered safety features.

An important safety function of the reactor protection system is that of processing signals used for ESF actuation and generation of the actuation demand. 13 Enclosure 1 PG&E Letter DCL-11-059 The AFW system automatically supplies feedwater to the steam generators to remove decay heat from the reactor coolant system upon the loss of normal feedwater supply. Criterion 20 -Protection Systems Redundancy and Independence Redundancy and independence designed into protection systems shall be sufficient to assure that no single failure or removal from service of any component or channel of a system will result in loss of the protection function.

The redundancy provided shall include, as a minimum, two channels of protection for each protection function to be served. Different principles shall be used where necessary to achieve true independence of redundant instrumentation components.

Sufficient redundancy and independence is designed into the protection systems to ensure that no single failure nor removal from service of any component or channel of a system will result in loss of the protection function.

The minimum redundancy is exceeded in each protection function that is active with the reactor at power. Functional diversity and consequential location diversity are designed into the systems. DCPP uses the Westinghouse Eagle 21 Process Protection System. Criterion 21 -Single Failure Definition Multiple failures resulting from a single event shall be treated as a single failure. When evaluating the protection systems, the ESF, and their support systems, multiple failures resulting from a single event are treated as a single failure. Criterion 22 -Separation of Protection and Control Instrumentation Systems Protection systems shall be separated from control instrumentation systems to the extent that failure or removal from service of any control instrumentation system component or channel, or of those common to control instrumentation and protection circuitry, leaves intact a system satisfying all requirements for the protection channels.

The protection systems comply with the requirements of IEEE-279, 1971, Criteria for Protection Systems for Nuclear Power Generating Stations, although construction permits for the DCPP units were issued prior to issuance of the 1971 version of the standard.

14 Enclosure 1 PG&E Letter DCL-11-059 Each protection system is separate and distinct from the respective control systems. The control system is dependent on the protection system in that control signals are derived from protection system measurements, where applicable.

These signals are transferred to the control system by isolation amplifiers that are classified as protection system components.

The adequacy of system isolation has been verified by testing or analysis under conditions of all postulated credible faults. Isolation devices that serve to protect Instrument Class IA instrument loops have all been tested. For certain applications where the isolator is protecting an Instrument Class IB instrument loop, and the isolation device is a simple linear device with no complex failure modes, the analysis was used to verify the adequacy of the isolation device. The failure or removal of any single control instrumentation system component or channel, or of those common to the control instrumentation system component or channel and protection circuitry, leaves intact a system that satisfies the requirements of the protection system. Criterion 23 -Protection Against Multiple Disability of Protection Systems The effects of adverse conditions to which redundant channels or protection systems might be exposed in common, either under normal conditions or those of an accident, shall not result in loss of the protection function.

Physical separation and electrical isolation of redundant channels and subsystems, functional diversity of subsystems, and safe failure modes are employed in design of the reactors as defenses against functional failure through exposure to common causative factors. The redundant logic trains, reactor trip breakers, and ESF actuation devices are physically separated and electrically isolated.

Physically separate channel trays, conduits, and penetrations are maintained upstream from the logic elements of each train. The protection system components have been qualified by testing under extremes of the normal environment.

In addition, components are tested and qualified according to individual requirements for the adverse environment specific to their location that might result from postulated accident conditions.

Criterion 26 -Protection Systems Fail-Safe Design The reactor protection systems shall be designed to fail into a safe state or into a state established as tolerable on a defined basis if conditions such as disconnection of the system, loss of energy (e.g., electric power, 15 Enclosure 1 PG&E Letter DCL-11-059 instrument air), or adverse environments (e.g., extreme heat or cold, fire, steam, or water) are experienced.

The protection systems are designed with due consideration of the most probable failure modes of the components under various perturbations of the environment and energy sources. Each reactor trip channel is designed on the de-energize-to-trip principle, so loss of power, disconnection, open channel faults, and the majority of internal channel short circuit faults cause the channel to go into its tripped mode. Additional defenses against loss of function are discussed under Criterion

23. Criterion 37 -Engineered Safety Features Basis for Design Engineered safety features shall be provided in the facility to back up the safety provided by the core design, the reactor coolant pressure boundary, and their protection systems. As a minimum, such engineered safety features shall be designed to cope with any size reactor coolant pressure boundary break up to and including the circumferential rupture of any pipe in that boundary assuming unobstructed discharge from both ends. Engineered safety features are provided to cope with any size reactor coolant pipe break up to and including the circumferential rupture of any pipe in that boundary assuming unobstructed discharge from both ends, and to cope with any steam-or feedwater line break up to and including the main steam or feedwater headers. Limiting the release of fission products from the reactor fuel is accomplished by the emergency core cooling system (ECCS) which, by cooling the core, keeps the fuel in place and substantially intact and limits the metal-water reaction to an acceptable amount. A reinforced concrete, steel-lined containment structure is provided and encloses the entire RCS. It is designed to sustain, without loss of required integrity, all effects of gross equipment failures up to and including the rupture of the largest pipe in the RCS. Criterion 38 -Reliability and Testability of Engineered Safety Features All engineered safety features shall be designed to provide high functional reliability and ready testability.

In determining the suitability of a facility for a proposed site, the degree of reliance upon and acceptance of the inherent and engineered safety afforded by the systems, including engineered safety features, will be influenced by the known and the demonstrated performance capability and reliability of the systems, and by the extent to which the operability of such systems can be tested and inspected where appropriate during the life of the plant. 16 Enclosure 1 PG&E Letter DCL-11-059 A comprehensive program of testing has been formulated for all equipment and instrumentation vital to the functioning of ESFs. The program consists of startup tests of system components and integrated tests of the system. Periodic tests of the activation circuitry and system components, throughout the station lifetime, with maintenance performed as necessary, ensure that the initially high reliability will be maintained and that the system will perform on demand. Details of the test program are provided in the Technical Specifications.

Criterion 41 -Engineered Safety Features Performance Capability Engineered safety features such as emergency core cooling and containment heat removal systems shall provide sufficient performance capability to accommodate partial loss of installed capacity and still fulfill the required safety function.

As a minimum, each engineered safety feature shall provide this required safety function assuming a failure of a single active component.

The overall capacity of the ESF meets the requirements of 10 CFR 100 for the occurrence of any rupture of a reactor coolant or steam system pipe, including the double-ended rupture of a reactor coolant pipe, known as the design basis accident (DBA). Criterion 42 -Engineered Safety Features Components Capability Engineered safety features shall be designed so that the capability of each component and system to perform its required function is not impaired by the effects of a loss of coolant accident.

Instrumentation, motors, cables, and penetrations located inside the containment are selected to meet the most adverse accident conditions to which they may be subjected.

These items are either protected from containment accident conditions or are designed to withstand, without failure, exposure to the worst combination of temperature, pressure, and humidity expected during the required operational period. The ECCS pipes serving each loop are anchored at the missile barrier in each loop area to restrict potential accident damage to the portion of piping beyond this point. The anchorage is designed to withstand, without failure, the thrust force exerted by any branch line severed from the reactor coolant pipe and discharging fluid to the atmosphere, and to withstand a bending moment equivalent to that producing failure of the piping under the action of a free-end discharge to atmosphere or motion of the broken reactor coolant pipe to which the emergency core cooling pipes are connected.

This prevents possible failure at any point upstream from 17 Enclosure 1 PG&E Letter DCL-11-059 the support point including the branch line connection into the piping header. Eagle 21 is designed to be fail safe for all safety-related channels.

If a rack were to lose power or otherwise fail, watchdog circuitry is provided that automatically sends a trip signal to the safety-related outputs to the Solid State Protection System (SSPS). However, non-safety related outputs such as those used for indication and control are designed to fail "as-is" or freeze at the current value to prevent perturbing the plant. Failure of an Eagle 21 LCP will not affect automatic actuation of the AFW system. As described above, the Eagle 21 LCP failure will also not impair the capability of the system from performing its safety functions.

There are no changes being proposed such that compliance with any of the regulatory requirements above would come into question.

The evaluations documented above confirm that PG&E will continue to comply with all applicable regulatory requirements.

4.2 Precedent TSTF-245 and TSTF-340 The NRC accepted TSTF-245 in January, 1999 (Reference 5), and accepted TSTF-340 in March, 2000 (Reference 6). Changes consistent with TSTF-245 were approved for Comanche Peak Steam Electric Station in Amendments No. 126 for Units 1 and 2 on April 24, 2006. (Reference

8) (ADAMS Accession Number ML 060860258).

Changes consistent with TSTF-340 were approved for Palo Verde Nuclear Generating Station in Amendments No. 134 for Units 1, 2 and 3 on March 29, 2001. (Reference

9) (ADAMS Accession Number ML 010930242).

4.3 No Significant Hazards Consideration Determination TSTF-412 PG&E has reviewed the proposed no significant hazards determination published on July 17, 2007 as part of the CLIIP. PG&E has concluded that the proposed determination presented in the notice is applicable to DCPP and the determination is hereby incorporated by reference to satisfy the requirements of 10 CFR 50.91 (a). TSTF-245, TSTF-340, and New TS 3.7.5 Condition B PG&E has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three 18 Enclosure 1 PG&E Letter DCL-11-059 standards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below: 1. Does the proposed amendment involve a significant increase in the probability or consequences of an accident previously evaluated?

Response:

No. The proposed change revises the requirements in Technical Specification (TS) 3.7.5, "Auxiliary Feedwater (AFW) System," to clarify the OPERABILITY of an AFW train during alternate alignments, to provide added flexibility in MODE 3 to repair and test the turbine driven AFW pump following a refueling outage, and to clarify the OPERABILITY of the turbine driven AFW train with one steam supply inoperable.

The AFW System is not an initiator of any design basis accident or event, and therefore the proposed change does not increase the probability of any accident previously evaluated.

The AFW System is used to respond to accidents previously evaluated.

The proposed change affects only the actions taken when portions of the AFW System are unavailable and does not affect the design of the AFW System. The change to TS 3.7.5 adding actions for inoperable automatic control of level control valves does not change any of the assumptions in accidents previously evaluated and would not have an impact on accident consequences.

No physical changes are made to the plant. The proposed change does not significantly change how the plant would mitigate an accident previously evaluated.

Therefore, the proposed change does not represent a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different kind of accident from any accident previously evaluated?

Response:

No The proposed change does not result in a change in the manner in which the AFW System provides plant protection.

The AFW System will continue to supply water to the steam generators to remove decay heat and other residual heat by delivering at least the minimum required flow rate to the steam generators.

There are no design changes associated with the proposed changes. The changes to the Conditions and Required Actions do not change any existing accident scenarios, nor create any new or different accident scenarios.

The change does not involve a physical alteration of the plant (Le., no new or different type of equipment will be installed).

The change does not alter 19 Enclosure 1 PG&E Letter DCL-11-059 assumptions made in the safety analysis.

The proposed change is consistent with the safety analysis assumptions and current plant operating practice.

Manual control of AFW level control valves is not an accident initiator.

Therefore, it is concluded that the proposed change does not create the possibility of a new or different kind of accident from any accident previously evaluated.

3. Does the proposed change involve a significant reduction in a marg in of safety? Response:

No The proposed change does not alter the manner in which safety limits, limiting safety system settings or limiting conditions for operation are determined.

The safety analysis acceptance criteria are not impacted by this change. The proposed change will not result in plant operation in a configuration outside the design basis. Therefore, it is concluded that the proposed change does not involve a significant reduction in a margin of safety. Conclusion Based on the above, PG&E concludes that the proposed amendment does not involve a significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and, accordingly, a finding of "no significant hazards consideration" is justified.

4.4 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. 5. ENVIRONMENTAL CONSIDERATION TSTF-245, TSTF-340, and New TS 3.7.5 Condition B PG&E has evaluated the proposed amendment and has determined that the proposed amendment does not involve (i) a significant hazards consideration, (ii) a significant change in the types or significant increase in the amounts of any 20 Enclosure 1 PG&E Letter DCL-11-059 effluents that may be released offsite, or (iii) a significant increase in individual or cumulative occupational radiation exposure.

Accordingly, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).

Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.

TSTF-412 PG&E has reviewed the environmental evaluation included in the model safety evaluation published in the Federal Register on July 17, 2007 (72 FR 38909) as part of the CLlIP. PG&E has concluded that the NRC staff's findings presented in that evaluation are applicable to DCPP and the evaluation is hereby incorporated by reference for this application.

6. REFERENCES
1. Technical Specification Task Force (TSTF) Standard Technical Specification Change Traveler, TSTF-412, Revision 3, "Provide Actions for One Steam Supply to Turbine Driven AFW/EFW Pump Inoperable" 2. Technical Specification Task Force (TSTF) Standard Technical Specification Change Traveler, TSTF-340, Revision 3, "Allow 7 Day Completion Time for a Turbine-driven AFW Pump Inoperable" 3. Technical Specification Task Force (TSTF) Standard Technical Specification Change Traveler, TSTF-245, Revision 1, "AFW Train Operable when in Service" 4. Letter dated May 23, 1997 from USNRC to S. E. Quinn, "Manual vs. Automatic Operation as it Relates to Auxiliary Feedwater Operability at Indian Point Nuclear Generating Unit No.2 (TAC No. M98056)".
5. Letter dated January 13, 1999, from USNRC to Technical Specifications Task Force 6. Letter dated March 16, 2000, from USNRC to Technical Specifications Task Force 7. Federal Register Notice 72 FR 39089, July 17, 2007 8. NRC Letter dated April 24. 2006, Amendment Nos. 126 to Facility Operational License Nos. NPF-87 and NPF-89 for the Comanche Peak Steam Electric Station. 21 Enclosure 1 PG&E Letter DCL-11-059
9. NRC Letter dated March 29, 2001, Amendment Nos. 134 to Facility Operational License Nos. NPF-41, NPF-51 and NPF-71 for the Palo Verde Nuclear Generating Station. 22 Enclosure 2 PG&E Letter DCL-11-059 License Amendment Request 11-04 Revision to Technical Specification (TS) 3.6.6, "Containment Spray and Cooling Systems," TS 3.7.5, "Auxiliary Feedwater (AFW) System," TS 3.8.1, "AC Sources -Operating," TS 3.8.9, "Distribution Systems -Operating," and TS Example 1.3-3 Evaluation of the Proposed Change for TSTF -439 1.

SUMMARY

DESCRIPTION

2. DETAILED DESCRIPTION
3. TECHNICAL EVALUATION
4. REGULATORY EVALUATION 4.1 Applicable Regulatory Requirements/Criteria 4.2 Precedent 4.3 No Significant Hazards Consideration Determination 4.4 Conclusions
5. ENVIRONMENTAL CONSIDERATION
6. REFERENCES 1

EVALUATION 1.0

SUMMARY

DESCRIPTION Enclosure 2 PG&E Letter DCL-11-059 This letter is a request to amend Operating Licenses DPR-80 and DPR-82 for Units 1 and 2 of the Diablo Canyon Power Plant (DCPP), respectively.

The proposed changes would revise the Operating Licenses to delete second Completion Times from the affected Technical Specification (TS) Required Actions. It also revises TS Example 1.3-3 to remove the second Completion Times and to revise the discussion in that Example. The proposed change is consistent with Technical Specification Task Force (TSTF) Traveler TSTF-439, Revision 2, "Eliminate Second Completion Time From Discovery of Failure To Meet an LCO." TSTF-439, Revision 2, was approved by the NRC in a letter dated January 11,2006, to the TSTF. 2.0 DETAILED DESCRIPTION TS Example 1.3-3 is revised to eliminate the second Completion Times in Conditions A and B, and to replace the discussion regarding second Completion Times with the following: "It is possible to alternate between Cond itions A, B, and C in such a manner that operation could continue indefinitely without ever restoring systems to meet the LCO. However, doing so would be inconsistent with the basis of the Completion Times. Therefore, there shall be administrative controls to limit the maximum time allowed for any combination of Conditions that result in a single contiguous occurrence of failing to meet the LCO. These administrative controls shall ensure that the Completion Times for those Conditions are not inappropriately extended." The following is deleted from the TS Example 1.3-3 description: "Example 1.3-3 illustrates one use of this type of completion time. The 10-day Completion Time specified for Conditions A and B in Example 1.3-3 may not be extended." A second Completion Time is included for certain Conditions/Required Actions to establish a limit on the maximum time allowed for any combination of Conditions that result in a single continuous failure to meet the limiting condition for operation (LCO). These Completion Times henceforth referred to as, "second Completion Times," are joined by an "AND" logical connector to the Condition 2

Enclosure 2 PG&E Letter DCL-11-059 Specific Completion Time and state, "X hours/days from discovery of failure to meet the LCO". The second Completion Times associated with TS 3.6.6 Required Actions A.1 , A.2, and C.1, TS 3.7.5 Required Actions A.1 and B.1, TS 3.8.1 Required Actions A.2 and B.4, and TS 3.8.9 Required Actions A.1, B.1, and C.1 are being deleted. On March 12, 2010, the NRC identified a discrepancy between the NRC copy of DCPP TS 3.8.1 Action A.2 second Completion Time and the DCPP TS control copy, where the NRC copy has a 10 day second completion time and the DCPP controlled TS copy has 14 days. DCPP License Amendment (LA) 167/166 revised the TS 3.8.1 A.2 second completion time to 14 days from discovery of failure to meet LCO (LAR was submitted on May 29, 2003 and was approved on April 12, 2004). The LAR was submitted using a markup of the TS page current on the date of the submittal.

DCPP LA 169/170 added the note stating "LCO 3.0.4b is not applicable to the DGs" (LAR was submitted on 9/26/03 and was approved on 5/12/04).

The LAR was submitted using a markup of the TS page current on the date of the submittal.

The discrepancy regarding the TS 3.8.1 A.2 completion time between NRC and DCPP versions stems from separate license amendments on the same TS being in the review process at the same time. The two LARs were both prepared from the same TS page, but when one was approved, the second LAR, which was still in the review process, did not have a new markup submitted for the safety evaluation issuance.

This LAR, through TSTF-439, proposes to remove the second completion time, thereby eliminating the discrepancy.

The 14 day completion time will be retained for the Required Action B.4 Completion Time. Proposed revisions to the TS Bases are also included in the application.

The changes to the affected TS Bases pages will be incorporated in accordance with TS 5.5.14, "Technical Specification (TS) Bases Control Program." BACKGROUND Between July and December of 1991, the NRC and the Improved Standard Technical Specification (ISTS) lead plants discussed an issue affecting a small number of TSs that could theoretically allow indefinite operation of the plant while not meeting a LCO. If an LCO requires OPERABILITY of two systems, it is possible to enter the Condition for one inoperable system and before restoring the first system, the 3 Enclosure 2 PG&E Letter DCL-11-059 second system becomes inoperable.

With the second system inoperable, the first system is restored to OPERABLE status. Before restoring the second system, the first system becomes inoperable again, and so on. Under this scenario, it would be theoretically possible to operate indefinitely without ever meeting the LCO. This also could occur with LCOs which require only one system to be OPERABLE, but for which the Conditions describe two or more mutually exclusive causes of inoperability.

An NRC internal memo dated August 5, 1991, described the issue. As stated in the memo, "In these Specifications the following phrase was added in the Completion Time column of the Conditions that could extend the AOT: '[10 days] from discovery of failure to meet the LCO.' The [10-day] Completion Time cap is found by adding the maximum Completion Times from the two Conditions that could extend the AOT." The decision to add the second Completion Time is summarized in a memo from the NRC to the industry lead plant representatives dated December 16, 1991. It is important to note that this issue of "flip flopping" between Conditions only applies if the LCO is not met. If the LCO requirements are met, even if for an instant, this issue does not occur. This is a highly unlikely scenario and the Industry argued that it would never occur, but the NRC believed it should be addressed when developing the ISTS because there were no other regulatory processes in place at that time which could prevent or respond to such a situation, should it occur. Section 1.3 of the ISTS, Example 1.3-3, describes the use of this type of second Completion Time. The ISTS NUREGs contain these types of second Completion Times in the following Specifications:

  • AC Sources -Operating
  • Distribution Systems -Operating
  • Auxiliary Feedwater System The addition of these second Completion Times did not originally create an operational restriction because the likelihood of experiencing concurrent failures such that the second Completion Time is limiting is very remote. However, these second Completion Times became a problem when the Industry proposed risk-informed Completion Times for some of the Specifications which contained the second Completion Times, Industry/Technical Specification Task Force (TSTF) Traveler number TSTF-409, "Containment Spray System Completion Time Extension," and TSTF-430, "AOT Extension to 7 Days for LPI 4 Enclosure 2 PG&E Letter DCL-11-059 and Containment Spray." These Travelers extended a Completion Time and, following the methodology described in the August 5, 1991 memo, the second Completion Time was extended by the same amount (Le., the second Completion Time continued to be the sum of the two Completion Times.) However, in letters to the TSTF dated November 15, 2001, and September 10, 2002, the NRC stated that the extension of the second Completion Time in TSTF-409 and TSTF-430 was inappropriate because one of the two Completion Times added to obtain the second Completion Time limit was risk based and the other was deterministic.

On September 10, 2002, the NRC provided a letter making a similar statement regarding TSTF-430.

Eventually, the NRC accepted that it was acceptable to add these two Completion Times and TSTF-409 and TSTF-430 were approved.

However, second Completion Times complicate the presentation of the ISTS and complicate the implementation of risk-informed Completion Times. In addition, other regulatory requirements, not present when the ISTS NUREGs were originally developed, eliminate the need for these second Completion Times. 3.0 TECHNICAL EVALUATION The adoption of a second Completion Time was based on an NRC concern that a plant could continue to operate indefinitely with an LCO governing safety significant systems never being met by alternately meeting the requirements of separate Conditions.

In 1991, the NRC could not identify any regulatory requirement or program which could prevent this misuse of the TSs. However, that is no longer the case. There are now two programs which would provide a strong disincentive to continued operation with concurrent multiple inoperabilities of the type the second Completion Times were designed to prevent. The Maintenance Rule: 10 CFR 50.65 (a)(1), the Maintenance Rule, requires each licensee to monitor the performance or condition of structures, systems, and components (SSCs) against licensee-established goals to ensure that the SSCs are capable of fulfilling their intended functions.

If the performance or condition of an SSC does not meet established goals, appropriate corrective action is required to be taken. The NRC Resident Inspectors monitor the licensee's Corrective Action process and could take action if the licensee's maintenance program allowed the systems required by a single LCO to become concurrently inoperable multiple times. The performance and condition monitoring activities required by 10 CFR 50.65 (a)(1) and (a)(2) would identify if poor maintenance practices resulted in multiple entries into the ACTIONS of the TSs and unacceptable unavailability of these SSCs. The effectiveness of these performance monitoring activities, and associated corrective actions, is evaluated at least every refueling cycle, not to exceed 24 months per 10 CFR 50.65 (a)(3). 5 Enclosure 2 PG&E Letter DCL-11-059 Under the TSs, the Completion Time for one system is not affected by other inoperable equipment.

The second Completion Times were an attempt to influence the Completion Time for one system based on the condition of another system, if the two systems were required by the same LCO. However 10 CFR 50.65(a)(4) is a much better mechanism to apply this influence as the Maintenance Rule considers all inoperable risk-significant equipment, not just the one or two systems governed by the same LCO. Under 10 CFR 50.65(a)(4), the risk impact of all inoperable risk-significant equipment is assessed and managed when performing preventative or corrective maintenance.

The risk assessments are conducted using the procedures and guidance endorsed by Regulatory Guide 1.182, "Assessing and Managing Risk Before Maintenance Activities at Nuclear Power Plants." Regulatory Guide 1.182 endorses the guidance in Section 11 of NUMARC 93-01, "Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants." These documents address general guidance for conduct of the risk assessment, quantitative and qualitative guidelines for establishing risk management actions, and example risk management actions. These include actions to plan and conduct other activities in a manner that controls overall risk, increased risk awareness by shift and management personnel, actions to reduce the duration of the condition, actions to minimize the magnitude of risk increases (establishment of backup success paths or compensatory measures), and determination that the proposed maintenance is acceptable.

This comprehensive program provides much greater assurance of safe plant operation than the second Completion Times in the TSs. The Reactor Oversight Process: NEI 99-02, "Regulatory Assessment Performance Indicator Guideline," describes the tracking and reporting of performance indicators to support the NRC's Reactor Oversight Process (ROP). The NEI document is endorsed by Regulatory Issue Summary (RIS) 2001-11, "Voluntary Submission Of Performance Indicator Data." NEI 99-02, Section 2.2, describes the Mitigating Systems Cornerstone.

NEI 99-02 specifically addresses emergency AC Sources (which encompasses the AC Sources and Distribution System LCOs), and the Auxiliary Feedwater system. Extended unavailability of these systems due to multiple entries into the ACTIONS would affect the NRC's evaluation of the licensee's performance under the ROP. In addition to these programs, a requirement is added to Section 1.3 of the TSs to require licensees to have administrative controls to limit the maximum time allowed for any combination of Conditions that result in a single contiguous occurrence of failing to meet the LCO. These administrative controls should consider plant risk and shall limit the maximum contiguous time of failing to meet the LCO. 6 Enclosure 2 PG&E Letter DCL-11-059 PG&E will revise procedure OP1.DC17, "Control of Equip Required by Technical Specifications or Designated Programs." The administrative controls will ensure that a single contiguous occurrence of failing to meet the LCD will not be extended beyond the additive Completion Times of the two Required Actions for restoration unless a risk evaluation is performed, and the risk impact is managed. This TS requirement, when considered with the regulatory processes discussed above, provide an equivalent or superior level of plant safety without the unnecessary complication of the TSs by second Completion Times on some Specifications.

Each of the TSs affected are discussed below. AC Sources -Operating Specification 3.8.1, AC Sources -Operating, has a 72-hour Completion Time for one required offsite circuit inoperable (Condition A) and a 14-day Completion Time for one DG inoperable (Condition B). Both Condition A and Condition B have a second Completion Time of, "14 days from discovery of failure to meet LCD." The second Completion Time limits plant operation when Condition A or B is entered, and before the inoperable system is restored, the other Condition is entered, and then the first inoperable system is restored, and before the remaining inoperable system is restored, the other Condition is entered again. This highly improbable scenario is further limited by Condition D which applies when one required offsite circuit and one DG are inoperable.

It limits plant operation in this Condition to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br />. See Example 1 for an illustration (Example 1 below is from TSTF-439, which has Condition A and B reversed from DCPP. This does not affect the analysis).

Time = 0 , ' ... I I , ' ... , , Limited by second Completion Time to 6 days : ., Less than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Diesel Inoperable Condition A ... Less than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Diesel Inoperable Condition A Inoperabilities must overlap and must .--__ --==========-,------1 be less than 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> by Condition D ... Offsite Circuit Inoperable Condition B Less than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Example 1 7 Enclosure 2 PG&E Letter DCL-11-059 As stated above, the ROP monitors the availability of mitigating systems, including the emergency AC sources (DG unavailability).

Such frequent, repeated failures of the AC sources would be reported to the NRC and this represents a strong disincentive to such operation.

Distribution Systems -Operating Specification 3.8.9, Distribution Systems -Operating, has an 8-hour Completion Time for one AC electrical power distribution subsystem inoperable (Condition A), and a 2-hour Completion Time for one 120 VAC vital bus subsystem inoperable (Condition B) or one DC electrical power distribution subsystem (Condition C) inoperable.

Conditions A, B, and C have a second Completion Time of 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> from discovery of failure to meet the LCO. Condition E applies if two required Class 1 E AC, DC, or 120 VAC vital buses are inoperable with an inoperable distribution subsystems that result in a loss of safety function, and LCO 3.0.3 must be entered immediately.

See Example 2. TIme=O 1 1 :... Limited by second Completion Time to 16 hours1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> 1 I .1 1 ! 1 Less than 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> Less than 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> ... ... __________ 1 AC subsystem inoperable Condition A VitalAC bus inoperable Condition B or DC subsystem inoperable Condition C ... Lets than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> AC subsystem inoperable Condition A Example 2 Inoperabilities must overlap. If loss of safety function, enter LCO 3.0.3 immediately by Condition E The second Completion Time is not needed. First, it is unusual for an AC electrical power subsystem or AC vital bus to be inoperable without causing a reactor trip. Secondly, Completion Times are very short (8 and 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />) providing little time to restore systems such that the Conditions overlap and multiple inoperabilities occur. Lastly, should any overlapping inoperabilities that result in a loss of safety function occur, a plant shutdown in accordance with LCO 3.0.3 is required.

8 Containment Spray and Cooling Enclosure 2 PG&E Letter DCL-11-059 Specification 3.6.6, Containment Spray and Cooling Systems, has a 72-hour Completion Time for one containment spray train inoperable (Condition A) and a 7 -day Completion Time for one required containment fan cooler unit (CFCU) system inoperable such that a minimum of two CFCUs remain OPERABLE (Condition C). Conditions A and C have a second Completion Time of 10 days from discovery of failure to meet the LCO. Condition A also has an additional second completion time of 14 days that applies for unplanned corrective maintenance or inspections.

Condition F also applies if two containment spray trains are inoperable or with one containment spray train inoperable and two CFCU systems inoperable such that one or less CFCUs remain OPERABLE or one or less CFCUs OPERABLE (LCO 3.0.3 must be entered immediately.

See Example 3 for an illustration of TS 3.6.6 (Example 3 is from TSTF-439, and uses "containment cooling train" instead of CFCU. This does not affect the analysis) 1 Time=O 1 1 1 : Limited by second Completion Time to 10 days: *1 1 I 1 Less than 7 days Less than 7 days *

  • than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> One containment cooling train inoperable Condition C Example 3 Inoperabilities must overlap. If any combination of three or more trains, enter LCO 3.0.3 immediately by Condition F The second Completion Time is not needed. Any combination of two of the four trains can perform the safety function.

Adverse combinations require entry into LCO 3.0.3. The second Completion Time restricts operation with only one train inoperable, but that is unnecessary because when one train is inoperable, there are still three operable trains and only two trains are needed to perform the safety function.

Therefore, the second Completion Time is overly restrictive.

9 Enclosure 2 PG&E Letter DCL-11-059 Auxiliary Feedwater System Specification 3.7.5, Auxiliary Feedwater System has a 7 -day Completion Time for one steam supply to a turbine driven AFW pump inoperable (rendering the turbine driven AFW pump inoperable) (Condition A) and a 72-hour Completion Time for one AFW train inoperable in MODE 1, 2, or 3 for reasons other than Condition A (Condition B). Conditions A and B have a second Completion Time of 10 days from discovery of failure to meet the LCO. In order for the second Completion Time to be limiting, entry into and out of Conditions A and B must occur, which requires the turbine driven and motor driven AFW pumps to be concurrently inoperable.

However, Condition C states that if Required Action and associated Completion Time for Condition A or B not met OR two AFW trains are inoperable in MODE 1, 2, or 3, the plant must be in MODE 3 in 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and MODE 4 in 18 hours2.083333e-4 days <br />0.005 hours <br />2.97619e-5 weeks <br />6.849e-6 months <br />. See Example 4. I Time=O I I I : Limited by second Completion Time to 10 days: I I I Less than 7 days Less than 7 days

  • One steam driven AFW train inoperable Condition A One steam driven AFW train inoperable Condition A I BUT I Inoperabilities must overlap. One motor driven AFW train inoperable Condition B ... Less
  • than 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Two trains inoperable requires immediate shutdown by Condition C Example 4 The second Completion Time is not needed. For the second Completion Time to be limiting, Conditions A and B must be entered concurrently.

However, Condition C requires an immediate shutdown when two trains are inoperable.

Therefore, the second Completion Time will never be limiting and can be removed. In addition, the Rap monitors the availability of the AFW system. Such frequent, repeated failures of the AFW system would be reported to the NRC and this represents a strong disincentive to such operation.

10 Enclosure 2 PG&E Letter DCL-11-059 Based on the above discussions, the concern regarding multiple continuous entries into Conditions without meeting the LCD is addressed by the system unavailability monitoring programs described above and the administrative controls required by Section 1.3 of the TSs. Therefore, this potential concern is no longer an issue and the TSs can be simplified by eliminating the second Completion Times with no detriment to plant safety. 4.0 REGULATORY ANALYSIS 4.1 Applicable Regulatory Requirements/Criteria 10 CFR 50.36, "Technical Specifications." 10 CFR 50.36(c)(2) states, "When a limiting condition for operation of a nuclear reactor is not met, the licensee shall shut down the reactor or follow any remedial action permitted by the technical specifications until the condition can be met." The revised Actions continue to meet the requirements of this regulation.

10 CFR 50.65, "Requirements for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants." The overall objective of this performance-based rule is to ensure that nuclear power plant structures, systems, and components (SSCs) will be maintained so that they will perform their intended function when required.

4.2 Precedent By letter (Reference

2) dated July 30, 2010, the NRC issued a license amendment to Exelon Nuclear to revise the Peach Bottom Atomic Power Station TS, adopting the proposed changes in TSTF-439.

4.3 No Significant Hazards Consideration Determination The Technical Specifications (TS) for Diablo Canyon Power Plant (DCPP) are modified.

Completion Times Example 1.3-3 is revised to eliminate the second completion times and to replace the discussion regarding s,econd Completion Times with a new discussion.

The second Completion Time associated with TS 3.6.6 Required Actions A.1, A.2, and C.1, TS 3.7.5 Required Actions A.1 and B.1, TS 3.8.1 Required Actions A.2 and B.4, and TS 3.8.9 Required Actions A.1, B.1, and C.1 are being deleted. The Bases associated with these Required Actions are also being revised to delete the discussion of the second Completion Time. PG&E has evaluated whether or not a significant hazards consideration is involved with the proposed amendment by focusing on the three 11 Enclosure 2 PG&E Letter DCL-11-059 standards set forth in 10 CFR 50.92, "Issuance of amendment," as discussed below: 1. Does the proposed change involve a significant increase in the probability or consequences of an accident previously evaluated?

Response:

No. The proposed changes eliminate certain Completion Times from the Technical Specifications.

Completion Times are not an initiator to any accident previously evaluated.

As a result, the probability of an accident previously evaluated is not affected.

The consequences of an accident during the revised Completion Time are no different than the consequences of the same accident during the existing Completion Times. As a result, the consequences of an accident previously evaluated are not affected by this change. The proposed changes do not alter or prevent the ability of structures, systems, and components from performing their intended function to mitigate the consequences of an initiating event within the assumed acceptance limits. The proposed changes do not affect the source term, containment isolation, or radiological release assumptions used in evaluating the radiological consequences of an accident previously evaluated.

Further, the proposed changes do not increase the types or amounts of radioactive effluent that may be released offsite, nor significantly increase individual or cumulative occupational/public radiation exposures.

The proposed changes are consistent with the safety analysis assumptions and resultant consequences.

Therefore, the proposed change does not involve a significant increase in the probability or consequences of an accident previously evaluated.

2. Does the proposed change create the possibility of a new or different accident from any accident previously evaluated?

Response:

No. The changes do not involve a physical alteration of the plant (Le., no new or different type of equipment will be installed) or a change in the methods governing normal plant operation.

The changes do not alter any assumptions made in the safety analysis.

Therefore, the proposed change does not create the possibility of a new or different accident from any accident previously evaluated.

12 Enclosure 2 PG&E Letter DCL-11-059

3. Does the proposed change involve a significant reduction in a margin of safety? Response:

No. The proposed change to delete the second Completion Time does not alter the manner in which safety limits, limiting safety system settings or limiting conditions for operation are determined.

The safety analysis acceptance criteria are not affected by this change. The proposed changes will not result in plant operation in a configuration outside of the design basis. Therefore, the proposed change does not involve a significant reduction in a margin of safety. Based on the above evaluation, PG&E concludes that the proposed change presents no significant hazards consideration under the standards set forth in 10 CFR 50.92(c), and accordingly, a finding of "no significant hazards consideration" is justified.

4.4 Conclusions In conclusion, based on the considerations discussed above, (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendment will not be inimical to the common defense and security or to the health and safety of the public. 5.0 ENVIRONMENTAL CONSIDERATION PG&E has evaluated the proposed amendment and has determined that the proposed amendment does not involve, (1) a significant hazards consideration, (2) a significant change in the types or significant increase in the amounts of any effluents that may be released offsite, or (3) a significant increase in individual or cumulative occupational radiation exposure.

Accordingly, the proposed amendment meets the eligibility criterion for categorical exclusion set forth in 10 CFR 51.22(c)(9).

Therefore, pursuant to 10 CFR 51.22(b), no environmental impact statement or environmental assessment need be prepared in connection with the proposed amendment.

13

6.0 REFERENCES

Enclosure 2 PG&E Letter DCL-11-059

1. Industry/Technical Specification Task Force (TSTF) Standard Technical Specification Change TSTF-439, Revision 2, "Eliminate Second Completion Time From Discovery of Failure To Meet an LCO," June 20, 2005. 2. NRC Letter "Peach Bottom Atomic Power Station, Units 2 AND 3 -Issuance of Amendments Re: Adoption of Technical Specification Task Force (TSTF) Traveler 439, Revision 2, 'Eliminate Second Completion Times Limiting Time From Discovery of Failure to Meet an LCO [Limiting Condition for Operation],' (TAC NOS. MD9449 AND MD9450)," dated July 30,2010. 14 Enclosure 3 PG&E Letter DCL-11-059 License Amendment Request 11-04 Revision to Technical Specification (TS) 3.6.6, "Containment Spray and Cooling Systems," TS 3.7.5, "Auxiliary Feedwater (AFW) System," TS 3.8.1, "AC Sources -Operating," TS 3.8.9, "Distribution Systems -Operating," and TS Example 1.3-3 Attachments
1. 2. 3. 4. 5. Attachments Proposed Technical Specification Changes (Markups)

Proposed Technical Specification Changes (Retyped)

Proposed Technical Specification Bases Changes (Markups) (for information only) Summary of Regulatory Commitments Proposed Final Safety Analysis Report Update Changes (Markups) (for information only)

Enclosure 3 Attachment 1 PG&E Letter DCL-11-059 Proposed Technical Specification Changes (Markups)

INSERT 1 A. Turbine driven AFW train inoperable due to one inoperable steam supply. OR Only applicable if MODE: 2 has not been entered following refueling.

Turbine driven AFW pump inoperable in MODE: 3 following refueling.

INSERT 2 E:nclosure 3 Attachment 1 PG&E: Letter DCL-11-059 B. One or more motor driven B.1 AFW trains with automatic control of one motor driven AFW level control valve per train inoperable. change in valve demand is required if AFW is being relied upon for SG level control. Place affected AFW level Immediately control valve( s) in manual control with valve demand full open. B.2 Declare the associated AFW train inoperable.

2 Immediately INSERT 3 O. Turbine driven AFW train inoperable due to one inoperable steam supply. One motor driven AFW train inoperable.

INSERT 4 Enclosure 3 Attachment 1 PG&E Letter OCL-11-059 0.1 Restore the steam supply to the turbine driven train to OPERABLE status. 0.2 Restore the motor driven AFW train to OPERABLE status. 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours AFW train(s) may be considered OPERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation.

INSERT 5 AFW train(s) may be considered OPERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation.

INSERT 6 It is possible to alternate between Conditions A, B, and C in such a manner that operation could continue indefinitely without ever restoring systems to meet the LCO. However, doing so would be inconsistent with the basis of the Completion Times. Therefore, there shall be administrative controls to limit the maximum time allowed for any combination of Conditions that result in a single contiguous occurrence of failing to meet the LCO. These administrative controls shall ensure that the Completion Times for those Conditions are not inappropriately extended.

3 1.3 Completion Times DESCRIPTION (continued)

Completion Times 1.3 The total Completion Time allowed for completing a Required Action to address the subsequent inoperability shall be limited to the more restrictive of either: a. The stated Completion Time, as measured from the initial entry into the Condition, plus an additional 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />; or b. The stated Completion Time as measured from discovery of the subsequent inoperability.

The above Completion Time extensions do not apply to those Specifications that have exceptions that allow completely separate entry into the Condition? (for each train, subsystem, component, or variable expressed in the Condition) and separate tracking of Completion Times based on this re-entry.

These exceptions are stated in individual Specifications.

The above Completion Time extension does not apply toa Completion Time with a modified IItime zero.1I This modified IItime zero ll may be expressed as a repetitive time (Le., lIonce per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />,1I where the Completion Time is referenced from a previous completion of the Required Action versus the time of Condition entry) or as a time modified by the phrase IIfrom discovery

... 11 . t -l:lse-e fi ts Y f>B -

l=ujit;i oo s..A-aflef-B

  • trE-;m mpte . -marno t x t S R OOQ (continued)

DIABLO CANYON -UNITS 1 & 2 1.3-2 Unit 1 -Amendment No. 6ej' Un it 2 -A m e n d m e n t N o.

1.3 Completion Times EXAMPLES ( continued)

EXAMPLE 1.3-3 ACTIONS CONDITION A. One Function X train inoperable.

B. One Function Y train inoperable.

C. One Function X train inoperable.

AND One Function Y train inoperable.

DIABLO CANYON -UNITS 1 & 2 REQUIRED ACTION A.1 Restore Function. X train to OPERABLE status. B.1 Restore Function Y train to OPERABLE status. C. 1 Restore Function X train to OPERABLE status. OR C.2 Restore Function Y train to . OPERABLE status. Completion Times 1.3 COMPLETION TIME 7 days G-9.a¥s-i t: O llJ d i SC Q'.L aet-f aHt:Jf-e-ffi-ffie et 4P re ... -I=Gf)--ez.....

72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 1\ f\ I f"U:2.. .

,...,... """C\JCI 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 72 hours ( continued) 1.3-5 Un it 1 -Amendment No.-t3"5") Unit 2 -Amendment No.

1.3 Completion Times EXAMPLES EXAMPLE 1.3-3 (continued)

Completion Times 1.3 When one Function X train and one Function Y train are inoperable, Condition A and Condition B are concurrently applicable.

The Completion Times for Condition A and Condition B are tracked separately for each train starting from the time each train was declared inoperable and the Condition was entered. A separate Completion Time is established for Condition C and tracked from the time the second train was declared inoperable (i.e., the time the situation described in Condition C was discovered).

If Required Action C.2 is completed within the specified Completion Time, Conditions Band C are exited. If the Completion Time for Required Action A.1 has not expired, operation may continue in accordance with Condition A.""'Rl GeREHtie ¬. p erable 'i e j i oit ial eo i-J:.Y-iI+te-Gefle

  1. i eR-4olo ,..\---The Compl ion Times of Conditions A and Bare IJ).Q Ified by a logical connector witll eparate 10 day Completion inle measured from the time it was discover he LCO was not . In this example, without the separate Completion . e, it wou e possible 'to alternate between Conditions A , B, and . uch a manner that operation could continue indefinitely without e r res ing systems to meet the LCO. The separate Completion

'me modifie the phrase "from discovery of failure to meet the 0" is designed to pr ent indefinite continued operation while I)P meeting the LCO. This Com etion Time allows for an exceptio l)Jo1 he normal "time zero" for beginnin e Completion Time "cI eJ<". In this instance , the Completion Time "ti zero" is spe W ed as commencing at the time the LCO was initially not met, instead of at the time the associated Condition was entered .. ( continued)

DIABLO CANYON -UNITS 1 & 2 1.3-6 Un it 1 -Ame n dmen t No. 4a5'-.. Unit 2 -Amendment No. 4-8-5; 3.6 CONTAINMENT SYSTEMS Containment Spray and Cooling Systems 3.6.6 3.6.6 Containment Spray and Cooling Systems LCO 3.6.6 The containment fan cooling unit (CFCU) system and two containment spray trains shall be OPERABLE.

APPLICABILITY:

MODES 1, 2, 3, and 4. ACTIONS CONDITION A. One containment spray train inoperable.

B. Required Action and associated Completion Time of Condition A not met. C. One required CFCU system inoperable such that a minimum of two CFCUs remain OPERABLE.

DIABLO CANYON -UNITS 1 & 2 A. 1 OR A.2 B.1 AND B.2 C.1 REQUIRED ACTION Restore containment spray train to OPERABLE status. Restore containment spray train to OPERABLE status Be in MODE 3. Be in MODE 5. Restore required CFCU system to OPERABLE status. COMPLETION TIME 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 40 days f t:&

m eeH ftet l-OC-J-------------NOT E ------------

For planned maintenance or inspections, the Completion Time is 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The Completion Times of Required Action A.2 are for unplanned corrective maintenance or inspections.

14 days 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> 84 hours 7 days ( continued) 3.6-13 Unit 1 -Amendment No. U nit 2 -A m e nd m e nt No. -\ --t 3.7 PLANT SYSTEMS 3.7.5 Auxiliary Feedwater (AFW) System AFW System 3.7.5 LCO 3.7.5 Three AFW trains shall be OPERABLE.

NoTE---------------------------------------------------

Only one AFW train, which includes a motor driven pump, is required to be OPERABLE in MODE 4. APPLICABILITY:

MODES 1, 2, and 3, MODE 4 when steam generator is relied upon for heat removal. ACTIONS LCO 3.0.4b is not applicable.

CONDITION A. One steam supply to A.1 turbine driven AFW pump inoperable.

\ tJ i.} 2--:} c jf. One AFW train inoperable in MODE 1, 2 or 3 for c.. reasons other than Condition A.

e¢. @ Req uired Action and associated Completion Tim§...f Condition A-e not met. > ( __ c, " .2 -j ) Ov-V OR. E Two AFW trains inoperable in MODE 1,2 or 3. D I ABLO CA NY O N -U N ITS 1 & 2 REQUIRED ACTION COMPLETION TIME Restore 0 7 days OPERABLE status. Restore AFW train to OPERABLE status. Be in MODE 3. Be in MODE 4. 9-t}ayS-f . -ffiSst *Fle-bGG--'-*seeveFy-e f-fa.i.k:ife-: ffleet-tMe,-I-I-:.t-l-'

-6 hours 18 hours2.083333e-4 days <br />0.005 hours <br />2.97619e-5 weeks <br />6.849e-6 months <br /> ( continued) 3.7-10 U nit 1 -Amendmen t N o. Unit 2 -Amendment No. +3a, J -I r ACTION S (continued)

CONDITION F ;P5. Three AFW trains J?f.1 inoperable in MOD E 1, 2 , or t 3. f Required AFW train inoperable in MOD E 4. If DIABLO CANYON -UNITS 1 & 2 REQUIR E D AC T ION -----------NOT E-------------

--LCO 3.0.3 and all other LCO Required Actions requiring MODE changes are suspended until one AFW train is restored to OPERABLE status. ----------------------------------Initiate action to restore one AFW train to OPERABLE status Initiate action to restore AFW train to OPERABL E status. AFW System 3.7.5 COMPLETION TIM E Immediately Immediately 3.7-11 Unit 1 Amendment No. +a5j Unit 2 -Amendment No. 48'5; \

AFW System 3.7.5 SURVEILLANCE REQUIREMENTS SR 3.7.5.1 SR 3.7.5.2 SR 3.7.5.3 SR 3.7.5.4 SR 3.7.5.5 SURVEILLANCE erify each AFW manual, power operated, and automatic valve in each water flow path, and in both steam supply flow paths to the steam turbine driven pump, that is not locked, sealed, or otherwise secured in position, is in the correct position.

N()lIE-----------------------------

Not required to be performed for the turbine' driven AFW pump until 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after 2 650 psig in the steam generator.

Verify the developed head of each AFW pump at the flow test point is greater than or equal to the required developed head. FREQUENCY In accordance with the Surveillance Frequency Control Program In accordance with the Inservice lIest Program. -----------------------------N()lIE----------------------------Verify each AFW automatic valve that is not locked, sealed, or otherwise secured in position, actuates to the correct position on an actual or simulated actuation signal. -----------------------------

N () 11 E S ---------------------------

.1. Verify each AFW pump starts automatically on an actual or simulated actuation signal. Not used. In accordance with the Surveillance Frequency Control Program In accordance with the Surveillance Frequency Control Program D IA BLO C AN Y()N -UNl lIS 1 & 2 3.7-12 U nit 1 -Amendment No. Unit 2 -Amendment No. \

AC Sources -Operating 3.8.1 3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC Sources -Operating LCO 3.8.1 The following AC electrical sources shall be OPERABLE:

a. Two qualified circuits between the offsite transmission network and the onsite Class 1 E AC Electrical Power Distribution System; and b. Three diesel generators (DGs) capable of supplying the onsite Class 1 E power distribution subsystem(s);

and c. Two supply trains of the diesel fuel oil (DFO) transfer system. APPLICABILITY:

MODES 1, 2, 3, and 4. ACTIONS -----------------

NOTE-------

LCO 3.0Ab is not applicable to DGs. CONDITION A. One required offsite circuit A.1 inoperable.

DIABLO CANYON -UNITS 1 & 2 AND A.2 REQUIRED ACTION Perform SR 3.8.1.1 for required OPERABLE offsite circuit. Restore req uired offsite circuit to OPERABLE status. COMPLETION TIME 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> . A"-.J.--14 d a'Y s fro d ise e v er=y-ef-fai

-m eet . --( continued) 3.8-1 Unit 1 -Amendment No. U ni t 2 -A m e n d m e n t No.

ACTIONS (continued)

CONDITION B. One DG inoperable.

DIABLO CANYON -UNITS 1 & 2 REQUIRED ACTION B.1 Perform SR 3.8.1.1 for the required offsite circuit(s).

AND ------------NOTE-------------

In MODE 1, 2, and 3, TDAFW pump is considered a required redundant feature. ---------------------------------

B.2 Declare required feature(s) supported by the inoperable DG inoperable when its required redundant feature(s) is inoperable.

B.3.1 Determine OPERABLE DG(s) is not inoperable due to common cause failure. B.3.2 Perform SR 3.8.1.2 for OPERABLE DG(s). AND BA Restore DG to OPERABLE status. AC Sources -Operating 3.8.1 COMPLETION TIME 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> AND Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from discovery of Condition B concurrent with inoperability of redundant required feature(s).

24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 24 hours 4-&a y f-r"6 l4 -EHsee>'very-offatmr e-r o -m eet ( continued) 3.8-2 Un it 1 -Amendme n t No. U nit 2 -A m e n d m e nt N o.

3.8 ELECTRICAL POWER SYSTEMS 3.8.9 Distribution Systems-Operating Distribution Systems -Operating 3.8.9 LCO 3.8.9 The required Class 1 E AC, DC, and 120 VAC vital bus electrical power distribution subsystems shall be OPERABLE.

APPLICABILITY:

MODES 1, 2, 3, and 4. ACTIONS CONDITION A. One AC electrical power distribution subsystem inoperable.

B. One 120 VAC vital bus subsystem inoperable.

C. One DC electrical power distribution subsystem inoperable.

D. Required Action and associated Completion Time not met. E. Two required Class 1 E AC, DC, or 120 VAC vital buses with inoperable distribution subsystems that result in a loss of safety function.

D IA BLO C ANY O N -U NI TS 1 & 2 A.1 B.1 C.1 0.1 AND 0.2 E.1 REQUIRED ACTION Restore AC electrical power distribution subsystem to OPERABLE status. Restore 120 VAC vital bus subsystem to OPERABLE status. Restore DC electrical power distribution subsystem to OPERABLE status. Be in MODE 3. Be in MODE 5. Enter LCO 3.0.3. COMPLETION TIME 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> mSeeV-8f-Y-GF il u re to>-2 hours 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> 6 hours 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> Immediately 3.8-2 9 U nit 1 -A m e ndment N o. U nit 2 -A m e ndment N o. -Sj -l -\

Enclosure 3 Attachment 2 PG&E Letter DCL-11-059 Proposed Technical Specification Changes (Retyped)

Remove Page 1.3-2 1.3-5 1.3-6 3.6-13 3.7-10 3.7-11 3.7-12 3.8-1 3.8-2 3.8-29 1 Insert Page 1.3-2 1.3-5 1.3-6 3.6-13 3.7-10 3.7-10a 3.7-11 3.7-12 3.7-12a 3.8-1 3.8-2 3.8-29 1.3 Completion Times DESCRIPTION ( continued)

Completion Times 1.3 The total Completion Time allowed for completing a Required Action to address the subsequent inoperability shall be limited to the more restrictive of either: a. The stated Completion Time, as measured from the initial entry into the Condition, plus an additional 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />; or b. The stated Completion Time as measured from discovery of the subsequent inoperability.

The above Completion Time extensions do not apply to those Specifications that have exceptions that allow completely separate entry into the Condition (for each train, subsystem, component, or variable expressed in the Condition) and separate tracking of Completion Times based on this re-entry.

These exceptions are stated in individual Specifications.

The above Completion Time extension does not apply to a Completion Time with a modified "time zero." This modified "time zero" may be expressed as a repetitive time (i.e., "once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />," where the Completion Time is referenced from a previous completion of the Required Action versus the time of Condition entry) or as a time modified by the phrase "from discovery

... " ( continued)

DIABLO CANYON -UNITS 1 & 2 1.3-2 Unit 1 -Amendment No. -lJa, Unit 2 -Amendment No. -lJa, 1.3 Completion Times EXAMPLES ( continued)

EXAMPLE 1.3-3 ACTIONS CONDITION A. One Function X train inoperable.

B. One Function Y train inoperable.

C. One Function X train inoperable.

AND One Function Y train inoperable.

DIABLO CANYON -UNITS 1 & 2 REQUIRED ACTION A.1 Restore Function X train to OPERABLE status. B.1 Restore Function Y train to OPERABLE status. C.1 Restore Function X train to OPERABLE status. OR C.2 Restore Function Y train to OPERABLE status. Completion Times 1.3 COMPLETION TIME 7 days 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 72 hours 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> ( continued) 1.3-5 Unit 1 -Amendment No. Unit 2 -Amendment No.

1.3 Completion Times EXAMPLES EXAMPLE 1.3-3 (continued)

Completion Times 1.3 When one Function X train and one Function Y train are inoperable, Condition A and Condition B are concurrently applicable.

The Completion Times for Condition A and Condition B are tracked separately for each train starting from the time each train was declared inoperable and the Condition was entered. A separate Completion Time is established for Condition C and tracked from the time the second train was declared inoperable (Le., the time the situation described in Condition C was discovered).

If Required Action C.2 is completed within the specified Completion Time, Conditions Band C are exited. If the Completion Time for Required Action A.1 has not expired, operation may continue in accordance with Condition A. -1 It is possible to alternate between Conditions A, B, and C in such a manner that operation could continue indefinitely without ever restoring systems to meet the LCO. However, doing so would be inconsistent with the basis of the Completion Times. Therefore, there shall be administrative controls to limit the maximum time allowed for any combination of Conditions that result in a single contiguous occurrence of failing to meet the LCO. These administrative controls shall ensure that the Completion Times for those Conditions are not inappropriately extended. (continued)

DIABLO CANYON -UNITS 1 & 2 1.3-6 Unit 1 -Amendment No. Unit 2 -Amendment No.

3.6 CONTAINMENT SYSTEMS Containment Spray and Cooling Systems 3.6.6 , 3.6.6 Containment Spray and Cooling Systems LCO 3.6.6 The containment fan cooling unit (CFCU) system and two containment spray trains shall be OPERABLE.

APPLICABILITY:

MODES 1, 2, 3, and 4. ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. One containment spray A.1 train inoperable.

OR A.2 B. Required Action and B.1 associated Completion AND Time of Condition A not met. B.2 C. One required CFCU system C.1 inoperable such that a minimum of two CFCUs remain OPERABLE.

DIABLO CANYON -UNITS 1 & 2 Restore containment 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> spray train to OPERABLE status. ---------NOTE------------

For planned maintenance or inspections, the Completion Time is 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The Completion Times of Required Action A.2 are for unplanned corrective maintenance or inspections.

Restore containment 14 days spray train to OPERABLE status Be in MODE 3. 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> Be in MODE 5. 84 hours9.722222e-4 days <br />0.0233 hours <br />1.388889e-4 weeks <br />3.1962e-5 months <br /> Restore required CFCU 7 days system to OPERABLE status. (continued) 3.6-13 Unit 1 -Amendment No.

Unit 2 -Amendment No.

3.7 PLANT SYSTEMS 3.7.5 Auxiliary Feedwater (AFW) System AFW System 3.7.5 LCO 3.7.5 Three AFW trains shall be OPERABLE.

NOTE---------------------------------------------------

Only one AFW train, which includes a motor driven pump, is required to be OPERABLE in MODE 4. APPLICABILITY:

MODES 1, 2, and 3, MODE 4 when steam generator is relied upon for heat removal. ACTIONS --------------------------------------------NOTE------------------------------------------------------

LCO 3.0.4b is not applicable.

CONDITION A. Turbine driven AFW train inoperable due to one inoperable steam supply. OR ------------NOTE-------------

Only applicable if MODE 2 has not been entered following refueling.

Turbine driven AFW pump inoperable in MODE 3 following refueling.

DIABLO CANYON -UNITS 1 & 2 A.1 REQUIRED ACTION Restore affected equipment to OPERABLE status. COMPLETION TIME 7 days ( continued) 3.7-10 Unit 1 -Amendment No.

Unit 2 -Amendment No.

ACTIONS (continued)

CONDITION B. One or more motor driven B.1 AFW trains with automatic control of one motor driven AFW level control valve per train inoperable.

OR B.2 C. One AFW train inoperable C.1 in MODE 1, 2 or 3 for reasons other than Condition A. D. Turbine driven AFW train 0.1 inoperable due to one inoperable steam supply. AND One motor driven AFW 0.2 train inoperable.

E. Required Action and E.1 associated Completion AND Time of Condition A, C, or o not met. E.2 OR Two AFW trains inoperable in MODE 1, 2 or 3 for reasons other than Condition D. DIABLO CANYON -UNITS 1 & 2 REQUIRED ACTION -----------NOTE-------------

No change in valve demand is required if AFW is being relied upon for SG level control. --------------------------------

Place affected AFW level control valve(s) in manual control with valve demand full open. Declare the associated AFW train inoperable.

Restore AFW train to OPERABLE status. Restore the steam supply to the turbine driven train to OPERABLE status. OR Restore the motor driven AFW train to OPERABLE status. Be in MODE 3. Be in MODE 4. AFW System 3.7.5 COMPLETION TIME Immediately Immediately 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> 24 hours 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> 6 hours 18 hours2.083333e-4 days <br />0.005 hours <br />2.97619e-5 weeks <br />6.849e-6 months <br /> (continued) 3.7-10a Unit 1 -Amendment No.

Unit 2 -Amendment No. +Je.,++G, I -l ACTIONS (continued)

CONDITION F. Three AFW trains F.1 inoperable in MODE 1, 2, or 3. G. Required AFW train G.1 inoperable in MODE 4. DIABLO CANYON -UNITS 1 & 2 REQUIRED ACTION -----------NOTE---------------

LCO 3.0.3 and all other LCO Required Actions requiring MODE changes are suspended until one AFW train is restored to OPERABLE status. ----------------------------------

Initiate action to restore one AFW train to OPERABLE status Initiate action to restore AFW train to OPERABLE status. AFW System 3.7.5 COMPLETION TIME Immediately Immediately 3.7-11 Unit 1 -Amendment No. Unit 2 -Amendment No.

SURVEILLANCE REQUIREMENTS SR 3.7.5.1 SR 3.7.5.2 SR 3.7.5.3 SURVEILLANCE

N()TE----------------------------

AFW train(s) may be considered

()PERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation.

Verify each AFW manual, power operated, and automatic valve in each water flow path, and in both steam supply flow paths to the steam turbine driven pump, that is not locked, sealed, or otherwise secured in position, is in the correct position.

N()TE-----------------------------

Not required to be performed for the turbine driven AFW pump until 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after :2: 650 psig in the steam generator.

Verify the developed head of each AFW pump at the flow test point is greater than or equal to the required developed head. -----------------------------N()TE-----------------------------

AFW train(s) may be considered

()PERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation.

Verify each AFW automatic valve that is not locked, sealed, or otherwise secured in position, actuates to the correct position on an actual or simulated actuation signal. AFW System 3.7.5 FREQUENCY I n accordance with the Surveillance Frequency Control Program I n accordance with the Inservice Test Program. I n accordance with the Surveillance Frequency Control Program ( continued)

DIABL() CANY()N -UNITS 1 & 2 3.7-12 Unit 1 -Amendment No.

Unit 2 -Amendment No.

SURVEILLANCE REQUIREMENTS (continued)

SR 3.7.5.4 SR 3.7.5.5 SURVEILLANCE

N()TES---------------------------

1. Not required to be performed for the turbine driven AFW pump until 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> after :2: 650 psig in the steam generator.
2. AFW train(s) may be considered

()PERABLE during alignment and operation for steam generator level control, if it is capable of being manually realigned to the AFW mode of operation.

Verify each AFW pump starts automatically on an actual or simulated actuation signal. Not used. AFW System 3.7.5 FREQUENCY In accordance with the Surveillance Frequency Control Program DIABL() CANY()N -UNITS 1 & 2 3.7-12a Unit 1 -Amendment No. 135, Unit 2 -Amendment No.

AC Sources -Operating 3.8.1 3.8 ELECTRICAL POWER SYSTEMS 3.8.1 AC Sources -Operating LCO 3.8.1 The following AC electrical sources shall be OPERABLE:

a. Two qualified circuits between the offsite transmission network and the onsite Class 1 E AC Electrical Power Distribution System; and b. Three diesel generators (DGs) capable of supplying the onsite Class 1 E power distribution subsystem(s);

and c. Two supply trains of the diesel fuel oil (DFO) transfer system. APPLICABILITY:

MODES 1,2,3, and 4. ACTIONS -------------------------------------NOTE---------------------------------------------------

LCO 3.0.4b is not applicable to DGs. CONDITION A. One required offsite circuit A.1 inoperable.

AND A.2 DIABLO CANYON -UNITS 1 & 2 REQUIRED ACTION COMPLETION TIME Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> required OPERABLE AND offsite circuit. Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter:

Restore required offsite 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> circuit to OPERABLE status. ( continued) 3.8-1 Unit 1 -Amendment No.

Unit 2 -Amendment No.

ACTIONS {continued}

CONDITION B. One DG inoperable.

B.1 AND B.2 AND B.3.1 B.3.2 AND B.4 DIABLO CANYON -UNITS 1 & 2 AC Sources -Operating 3.8.1 REQUIRED ACTION COMPLETION TIME Perform SR 3.8.1.1 for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> the required offsite AND circuit( s). Once per 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> thereafter.

NOTE-------------

In MODE 1, 2, and 3, TDAFW pump is considered a required redundant feature. ---------------------------------

Declare required 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> from feature( s) supported by discovery of Condition the inoperable DG B concurrent with inoperable when its inoperability of required redundant redundant required feature( s) is inoperable.

feature(s).

Determine OPERABLE 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> DG( s) is not inoperable due to common cause failure. OR Perform SR 3.8.1.2 for 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> OPERABLE DG( s). Restore DG to 14 days OPERABLE status. ( continued) 3.8-2 Unit 1 -Amendment No.

Unit 2 -Amendment No.

3.8 ELECTRICAL POWER SYSTEMS 3.8.9 Distribution Systems-Operating Distribution Systems -Operating 3.8.9 LCO 3.8.9 The required Class 1E AC, DC, and 120 VAC vital bus electrical power distribution subsystems shall be OPERABLE.

APPLICABILITY:

MODES 1, 2, 3, and 4. ACTIONS CONDITION A. One AC electrical power distribution subsystem inoperable.

B. One 120 VAC vital bus subsystem inoperable.

C. One DC electrical power distribution subsystem inoperable.

D. Required Action and associated Completion Time not met. E. Two required Class 1E AC, DC, or 120 VAC vital buses with inoperable distribution subsystems that result in a loss of safety function.

DIABLO CANYON -UNITS 1 & 2 A.1 B.1 C.1 D.1 AND D.2 E.1 REQUIRED ACTION COMPLETION TIME Restore AC electrical 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> power distribution subsystem to OPERABLE status. Restore 120 VAC vital 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> bus subsystem to OPERABLE status. Restore DC electrical 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> power distribution subsystem to OPERABLE status. Be in MODE 3. 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> Be in MODE 5. 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> Enter LCO 3.0.3. Immediately 3.8-29 Unit 1 -Amendment No. 46$, Unit 2 -Amendment No. 46$,

Enclosure 3 Attachment 3 PG&E Letter DCL-11-059 Proposed Technical Specification Bases Changes (Markups) (for information only)

BASES (continued)

Containment Spray and Cooling Systems B 3.6.6 ACTIONS A.1 With one containment spray train inoperable, the inoperable containment spray train must be restored to OPERABLE status within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. In this Condition, the remaining OPERABLE spray and cooling trains are adequate to perform the iodine removal and containment cooling functions.

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time takes into account the redundant heat removal capability afforded by the Containment Spray System, reasonable time for repairs, and low probability of a DBA occurring during this period. The 10 day portion of the Completion Time for Required /\ction A.1 is based upon engineering judgment.

It takes into account the 10VI probability of coincident entry into hvo Conditions in this Specification coupled \vith the ImN probability of an accident occurring during this time. Refer to Section 1.3, "Completion Times," for a more detaileE!

E!iscussion of the purpose of the "from E!iscovery of failure to meet the LCO" portion of the Completion Time. The Completion Time is modified by a Note stating that for planned maintenance or inspections, the Completion time is 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The Completion Times of Required Action A.2 are for unplanned corrective maintenance or inspections.

A.2 With one containment spray train inoperable, the inoperable containment spray train must be restored to OPERABLE status within 14 days. This Required Action applies to unplanned corrective maintenance or inspections.

In this Condition, the remaining OPERABLE spray and cooling trains are adequate to perform the iodine removal and containment cooling functions.

The 14-day Completion Time is based on PRA analysis and has taken into account the redundant heat removal capability afforded by the Containment Spray System, reasonable time for repairs, and low probability of a DBA occurring during this period. These Required Action and Completion Time were added to the TS by LA 202 for Unit 1 and LA 203 for Unit 2. The 14-day Completion Time is intended to be used for unplanned corrective maintenance or inspections.

The 14 days from discovery of failure to meet the LCO portion of the -i Completion Time for Required Action A.2 is based upon PRA analyses and engineering juE!gment.

It takes into account the lo\;v probability of coincident entry into hvo Conditions in this Specification coupled '!lith the IO'.N probability of an accident occurring during this time. Refer to Section 1.3, "Completion Times/' for a more detaileE!

discussion of tho purpose of the "from discovery of failure to meet the LCOI! portion of tho Completion Time. ( continued)

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.6.6 markup.Doc 40 Revision 6 -R6 BASES ACTIONS (continued)

C.1 Containment Spray and Cooling Systems B 3.6.6 With one CFCU system inoperable such that a minimum of two CFCUs remain operable, restore the required CFCUs to OPERABLE status within 7 days. The components in this degraded condition are capable of providing at least 100% of the heat removal needs. The 7 day Completion Time was developed taking into account the redundant heat removal capabilities afforded by combinations of the Containment Spray System and Containment Cooling System and the low probability of DBA occurring during this period. The 10 day portion of the Completion Time for Required Action C.1 is -1 based upon engineering judgment It takes into account the lo\v probability of coincident entry into two Conditions in this Specification coupled vvith the low probability of an accident occurring during this time. Refer to Section 1.3 for a more detailed discussion of tho purpose of the "from discovery of failure to meet the LCO" portion of the Completion Time. D.1 and D.2 With one train of containment spray inoperable and the CFCUs system inoperable such that a minimum of two CFCUs remain OPERABLE, restore one required train of containment spray or CFCU system to OPERABLE status within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. The components remaining in OPERABLE status in this degraded condition provide iodine removal capabilities and are capable of providing at least 100% of the heat removal needs after an accident.

The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time was developed taking into account the redundant heat removal capabilities afforded by combinations of the Containment Spray System and Containment Cooling System, the iodine removal function of the Containment Spray System, and the low probability of DBA occurring during this period. E.1 and E.2 If the Required Action and associated Completion Time of Condition C or D of this LCO are not met, the plant must be brought to a MODE in which the LCO does not apply. To achieve this status, the plant must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner and without challenging plant systems. F.1 With two containment spray trains or one containment spray train inoperable and two CFCU systems inoperable such that one or less CFCUs remain OPERABLE or one or less CFCUs are OPERABLE, the unit is in a condition outside the accident analysis.

Therefore, LCO 3.0.3 must be entered immediately.

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.6.6 markup.Doc 43 Revision 6 -R6 BASES LCO (continued)

APPLICABILITY ACTIONS AFW System B 3.7.5 each powered by a separated vital bus, be OPERABLE in two diverse paths, each supplying AFW to separate steam generators.

The turbine driven AFW pump is required to be OPERABLE with redundant steam supplies from each of two main steam lines upstream of the MSIVs, and shall be capable of supplying AFW to any of the steam generators.

The piping, valves, instrumentation, and controls in the required flow paths also are required to be OPERABLE.

The LCO is modified by a Note indicating that one AFW train, which includes a motor driven pump, is required to be OPERABLE in MODE 4. This is because of the reduced heat removal requirements and short period of time in MODE 4 during which the AFW is required and the insufficient steam available in MODE 4 to power the turbine driven AFW pump. In MODES 1, 2, and 3, the AFW System is required to be OPERABLE in the event that it is called upon to function when the MFW is lost. In addition, the AFW System is required to supply enough makeup water to replace the steam generator secondary inventory, lost as the unit cools to MODE 4 conditions.

In MODE 4 the AFW System may be used for heat removal via the steam generators.

In MODE 5 or 6, the steam generators are not normally used for heat removal, and the AFW System is not required.

A Note prohibits the application of LCO 3.0.4.b to an inoperable AFW train. There is an increased risk associated with entering a MODE or other specified condition in the Applicability with an AFW train inoperable and the provisions of LCO 3.0.4.b, which allow entry into a MODE or other specified condition in the Applicability with the LCO not met after performance of a risk assessment addressing inoperable systems and components, should not be applied in this circumstance.

A.1 If one of the tVtJO steam supplies to the turbine driven AFW train is inoperable due to one inoperable steam supply, or if a turbine driven pump is inoperable for any reason while in MODE 3 immediately following refueling.

action must be taken to restore OPERABLE status within 7 days. The 7 day Completion Time is reasonable, based on the following reasons: a. For the inoperability of a steam supply to the turbine driven AFW pump due to one inoperable steam supply. the 7 day Completion Time is reasonable since there is a redundant steam supply line for the turbine driven pump and the turbine driven train is still capable of performing its specified function for most postulated events;The redundant OPERI\BLE steam DIABLO CANYON -UNITS 1 & 2 Revision 6 supply to tho turbine driven AFVV pump; DIABLO CANYON -UNITS 1 & 2 AFW System B 3.7.5 ( continued)

Revision 6 BASES ACTIONS AFW System B 3.7.5 A.1 (continued)

b. For the inoperability of a turbine driven AFW pump while in MODE 3 immediately subsequent to a refueling.

the 7 day Completion Time is reasonable due to the minimal decay heat levels in this situation.The availability of redundant OPERABLE motor driven AFVV pumps; and c. For both the inoperability of a steam supply line to the turbine driven pump due to one inoperable steam supply and an inoperable turbine driven AFW pump while in MODE 3 immediately following a refueling outage, the 7 day Completion Time is reasonable due to the availability of redundant OPERABLE motor driven AFW pumps, and due to the low probability of an event requiring the use of the turbine driven AFW pump.The low probability of an event occurring that requires the inoperable steam supply to the turbine driven AFV\l The second Completion Time for Required Action A.1 establishes a limit on the maximum time allo'Ned for any combination of Conditions to be inoperable during any continuous failure to meet this LCO. If Condition A, an inoperable steam supply to the turbine driven /\FVV pump, is entered 'lihUe, for instance, motor driven AF'l\/ pump 1 2 is inoperable and the motor driven AFVV pump 1 2 is subsequently returned to an OPERABLE condition shortly after Condition A is entered, the LCO may already have not been met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This could lead to a total of up to 10 days for restoration of the motor driven AFW pump 1 2 and the turbine driven /\FVV pump steam supply. If before the steam supply is returned OPERABLE motor driven AF'.ftl pump 1 3 becomes inoperable, the APl"l system could be inoperable for as long as 13 days. The 1 0 day Completion Time provides a limitation time allovJed in this specified Condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in \ivhich Conditions A and B are entered concurrently.

The 8J:!Q connector behveen 7 days and 10 days dictates that both Completion Times apply simultaneously, and the more restrictive must be met. Condition A is modified by a Note which limits the applicability of the Condition to when the unit has not entered MODE 2 following a refueling.

Condition A allows one AFW train to be inoperable for 7 days vice the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time in Condition C. This longer Completion Time is based on the reduced decay heat following refueling and prior to the reactor being critical.

B.1 While the AFW system is in standby mode with automatic control of motor driven AFW pump level control valve(s) inoperable, the DIABLO CANYON -UNITS 1 & 2 Revision 6 AFW System B 3.7.5 affected AFW pump(s) may be inoperable.

Immediate action is necessary because a failure mechanism exists where inputs to automatic control can fail as-is, where the demand signal on the LCVs, upon an AFW actuation, could be anywhere from 0 percent to 100 percent open based on calculated demand at the time of failure. Placing the affected AFW LCV(s) in manual with the valve demand full open will restore operability to the affected motor driven AFW pump(s) if inoperable due to inoperable automatic control. Only one AFW LCV automatic control per motor driven pump train may be inoperable.

If automatic control for both AFW LCVs on a single motor driven train are inoperable, the affected train must be declared inoperable.

Required action 8.1 is modified by a note that states, "No change in valve demand is required if AFW is being relied upon for SG level control." The purpose for this note is to preclude making an adjustment that could cause a transient when the AFW system is being relied upon for SG level control. If Required Action B.1 cannot be completed, then the associated AFW train must be declared inoperable per Required Action B.2 and the appropriate TS condition must be entered. While in the manual mode of operation, pump runout protection is not provided by the affected LCV. Runout protection is required for one AFW LCV per motor driven AFW pump train to preclude runout of the motor driven AFW pump. MODE transition is permitted under TS 3.0.4.a provided Action B.1 has been completed.

Operators may adjust AFW level control valves as needed to control steam generator level. BC.1 With one of the required AFW trains (pump or flow path) inoperable in MODE 1,2, or 3 for reasons other than Condition A, action must be taken to restore OPERABLE status within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This Condition includes the loss of two steam supply lines to the turbine driven AFW pump. The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time is reasonable, based on the redundant capabilities afforded by the AFW System, the time needed for repairs, and the low probability of a DBA occurring during this time period. The second Completion Time for Required Action B.1 establishes a -1 limit on the maximum time allo'Ned for any combination of Conditions to be inoperable during any continuous failure to meet this LCO. The 10 day Completion Time provides a limitation time allovled in this specified Condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in 'Nhich Conditions A and B are entered concurrently.

The connector betvveen 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> and 4G-days dictates that both Completion Times apply simultaneously, and DIABLO CANYON -UNITS 1 & 2 Revision 6 the more restrictive must be met. 0.1 and 0.2 AFW System B 3.7.5 With one of the required motor driven AFW trains (pump or flow path) inoperable and the turbine driven AFW train inoperable due to one inoperable steam supply, action must be taken to restore the affected equipment to OPERABLE status within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. Assuming no single active failures when in this condition, the accident (a FLWB or MSLB) could result in the loss of the remaining steam supply to the turbine driven AFW pump due to the faulted SG. In this condition, the AFW system may no longer be able to meet the required flow to the SGs assumed in the safety analysis.

due to the remaining AFW pump having to feed a faulted SG. The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> Completion Time is reasonable based on the remaining OPERABLE steam supply to the turbine driven AFW pump, the availability of the remaining OPERABLE motor driven AFW pump, and the low probability of an event occurring that would require the inoperable steam supply to be available for the turbine driven AFW 2!:!!!l2.:.

In MODE 4 with two AFW trains inoperable.

operation is allowed to continue because only one motor driven pump AFW train is required in accordance with the Note that modifies the LCO. Although not required, the unit may continue to cool down and initiate RHR. (continued)

DIABLO CANYON -UNITS 1 & 2 Revision 6 BASES ACTIONS ( continued)

GE.1 and EG.2 AFW System B 3.7.5 When Required Action A.1.l.-Bf M, C.1! 0.1, or 0.2 cannot be completed within the required Completion Time, or if two AFW trains are inoperable in MODE 1, 2, or 3 for reasons other than Condition 0, the unit must be placed in a MODE in which the LCO does not apply. To achieve this status, the unit must be placed in at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and in MODE 4 within 18 hours2.083333e-4 days <br />0.005 hours <br />2.97619e-5 weeks <br />6.849e-6 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging unit systems. In MODE 4 with two AFW trains inoperable, operation is allowed to continue because only one motor driven pump AFW train is required in accordance with the Note that modifies the LCO. Although not required, the unit may continue to cool down and initiate RHR. QF.1 If all three AFW trains are inoperable in MODE 1, 2, or 3, the unit is in a seriously degraded condition with no safety related means for conducting a cooldown, and only limited means for conducting a cooldown with non-safety related equipment.

In such a condition, the unit should not be perturbed by any action, including a power change, that might result in a trip. The seriousness of this condition requires that action be started immediately to restore one AFW train to OPERABLE status. Required Action D.1 is modified by a Note indicating that all required MODE changes or power reductions are suspended until one AFW train is restored to OPERABLE status. In this case, LCO 3.0.3 is not applicable because it could force the unit into a less safe condition.

  • G.1 In MODE 4, either the reactor coolant pumps or the RHR loops can be used to provide forced circulation.

This is addressed in LCO 3.4.6, "RCS Loops-MODE 4." With one required AFW train inoperable,'

action must be taken to immediately restore the inoperable train to OPERABLE status. The immediate Completion Time is consistent with LCO 3.4.6. (continued)

DIABLO CANYON -UNITS 1 & 2 Revision 6 BASES (continued)

SURVEILLANCE REQUIREMENTS SR 3.7.5.1 AFW System B 3.7.5 Verifying the correct alignment for manual, power operated, and automatic valves in the AFW System water and steam supply flow paths provides assurance that the proper flow paths will exist for AFW operation.

The AFW System flow paths consist of the direct flow paths from the fluid source (e.g., CST, steam generators) to the supplied safety-related components (e.g., steam generator, turbine driven AFW pump) and portions of any branch line flow path off a direct flow path that a valve misposition could result in degradation of the system safety function.

This SR does not apply to valves that are locked, sealed, or otherwise secured in position, since they are verified to be in the correct position prior to locking, sealing, or securing.

This SR also does not apply to valves which are closed and secured by a cap or blind flange (e.g., manual test, vent, and drain valves), to valves that cannot be inadvertently misaligned (e.g., check valves), or to valves in instrument or sample lines. This Surveillance does not require any testing or valve manipulation; rather, it involves verification that those valves capable of being mispositioned are in the correct position.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. The valves in the flowpath from the CST to the AFW pump suction are verified to be in the correct position prior to use of the AFW system for normal startup, and are subsequently controlled by a sealed valve checklist.

Use of AFW for normal startups and shutdowns, and performance of the quarterly pump surveillance tests confirms that the CST flowpath to the AFW pump suction is properly aligned. The SR is modified by a Note that states one or more AFW trains may be considered OPERABLE during alignment and operation for steam generator level control. if it is capable of being manually (1. e .. remotely or locally, as appropriate) realigned to the AFW mode of operation, provided it is not otherwise inoperable.

This exception allows the system to be out of its normal standby alignment and temporarily incapable of automatic initiation without declaring the train( s) inoperable.

Since AFW may be used during startup, shutdown, hot standby operations, and hot shutdown operations for steam generator level control, and these manual operations are an accepted function of the AFW system, OPERABILITY (Le.! the intended safety function) continues to be maintained.

SR 3.7.5.2 Verifying that each AFW pump's developed head at the flow test point is greater than or equal to the required developed head ensures that AFW pump performance has not degraded during the cycle. Flow and differential head are normal tests of centrifugal pump performance required by the ASME OM Code (Ref 2). The ASME OM Code DIABLO CANYON -UNITS 1 & 2 Revision 6 BASES SURVEILLANCE REQUIREMENTS SR 3.7.5.2 (continued)

AFW System B 3.7.5 This SR is modified by a Note indicating that the SR for the driven AFW pump should be deferred until suitable test conditions are established.

This deferral is required because there is insufficient steam pressure to perform the test. SR 3.7.5.3 This SR verifies that AFW can be delivered to the appropriate steam generator in the event of any accident or transient that generates an ESFAS, by demonstrating that each automatic valve in the flow path actuates to its correct position on an actual or simulated actuation generated by an auxiliary feedwater actuation signal. This Surveillance is not required for valves that are locked, sealed, or otherwise secured in the required position under administrative controls.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. The SR is modified by a Note that states one or more AFW trains may be considered OPERABLE during alignment and operation for steam generator level control, if it is capable of being manually (i. e., remotely or locally, as appropriate) realigned to the AFW mode of operation, provided it is not otherwise inoperable.

This exception allows the system to be out of its normal standby alignment and temporarily incapable of automatic initiation without declaring the train( s) inoperable.

Since AFW may be used during startup, shutdown, hot standby operations, and hot shutdown operations for steam generator level control, and these manual operations are an accepted function of the AFW system, OPERABILITY (i.e .. the intended safety function) continues to be maintained.

This SR is modified by a Note that states the SR is not required in MODE 4 v/hen the steam generator is being relied upon for heat removal. In MODE 4, the required AFVV train may already be aligned and operating.

SR 3.7.5.4 This SR verifies that the AFW pumps will start in the event of any accident or transient that generates an ESFAS by demonstrating that each AFW pump starts automatically on an actual or simulated actuation generated by an auxiliary feedwater actuation signal in MODES 1, 2, and 3. In MODE 4, the required pump is already operating and the autostart function is not required.

The Surveillance Frequency is based on operating experience, equipment reliability, and plant risk and is controlled under the Surveillance Frequency Control Program. This SR is modified by two Notes. Note 1 indicates that the SR for the turbine-driven pump can be deferred until suitable test conditions are DIABLO CANYON -UNITS 1 & 2 Revision 6 AFW System B 3.7.5 established.

This deferral is required because there is insufficient steam pressure to perform the test. Note 2 states that one or more AFW trains may be considered OPERABLE during alignment and operation for steam generator level control, if it is capable of being manually (L e., remotely or locally, as appropriate) realigned to the AFW mode of operation, provided it is not otherwise inoperable.

This exception allows the system to be out of its normal standby alignment and temporarily incapable of automatic initiation without declaring the train(s) inoperable.

Since AFW may be used during startup, shutdown, hot standby operations.

and hot shutdown operations for steam generator level control, and these manual operations are an accepted function of the AFW system, OPERABILITY (i. e., the intended safety function) continues to be maintained.

Note 2 states that the SR is not required in MODE 4. In MODE 4, the -1 required motor driven pump is already operating and the autostart function is not required.

In MODE 4, the heat removal requirements would be less providing more time for operator action to manually start the required AFV",/ pump. SR 3.7.5.5 Not Used. ( continued)

DIABLO CANYON -UNITS 1 & 2 Revision 6 BASES ACTIONS A.2 (continued)

AC Sources -Operating B 3.8.1 The 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. The second Completion Time for Required Action A.2 establishes a limit on the maximum time allowed for any combination of required /\G pOl.ver sources to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition

/\ is entered 'Nhile, for instance, a DG is inoperable and that DG is subsequently returned OPERABLE, the LCO may already have been not met for up to 14 days. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the offsite circuit. At this time, a DG could again become inoperable, the circuit restored OPERABLE, and an additional 14 days (for a total of 31 days) allovled prior to complete restoration of the LCO. The 14 day Completion Time provides a limit on the time allowed in a specified condition after discovery of failure to meet the LCO. This limit is supported by probabilistic risk assessment considerations and is considered reasonable for situations in which Conditions 1\ and B are entered concurrently.

The connector betvleen 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> and 1 4 day Completion Times means that both Completion Times apply simultaneously, and the more restrictive Completion Time must be met. The Completion Time allovJs for an exception to the normal "time zero ll for beginning the allovv'ed outage time "clock." This '"vill result in establishing the "time zero ll at the time that the LCO Vlas initially not met, instead of at the time Condition l\ 'Nas entered. B.1 To ensure a highly reliable power source remains with an inoperable DG, it is necessary to verify the availability of the offsite circuits on a more frequent basis. Since the Required Action only specifies "perform," a failure of SR 3.8.1.1 acceptance criteria does not result in a Required Action being not met. However, if a circuit fails to pass SR 3.8.1.1, it is inoperable.

Upon offsite circuit inoperability, additional Conditions and Required Actions must then be entered. B.2 Required Action B.2 is intended to provide assurance that a loss of offsite power, during the period that a DG is inoperable, does not result in a complete loss of safety function of critical systems. These features are powered from the three AC electrical power distribution subsystems (buses). Required features are redundant safety-related systems, subsystems, trains, components, and devices that depend on the diesel generators as a source of emergency power. Redundant required feature failures consist of inoperable features associated with one of the other Class 1 E AC electrical power distribution subsystems, redundant to the subsystem associated with the inoperable DG. DIABLO CANYON -UNITS 1 & 2 TS Bases 3.8.1 and 3.8.9 markup.Doc

-R6a 6 Revision 6a BASES ACTIONS ( continued)

B.3.1 and B.3.2 AC Sources -Operating B 3.8.1 Required Action B.3.1 provides an allowance to avoid unnecessary testing of OPERABLE DGs. If it can be determined that the cause of the inoperable DG does not exist on the OPERABLE DGs, SR 3.8.1.2 does not have to be performed.

If the cause of inoperability exists on other DGs, the other DGs would be declared inoperable upon discovery and Condition E of LCO 3.8.1 would be entered. Once the failure is repaired, the common cause failure no longer exists, and Required Action B.3.1 is satisfied.

If the cause of the initial inoperable DG cannot be confirmed not to exist on the remaining DGs, performance of SR 3.8.1.2 suffices to provide assurance of continued OPERABILITY of those DGs. If a DG has already started and loaded on a bus, it is not necessary to shutdown the DG and perform SR 3.8.1.2. The DG is verified OPERABLE since it is performing its intended function.

In the event the inoperable DG is restored to OPERABLE status prior to completing either B.3.1 or B.3.2, the plant corrective action program will continue to evaluate the common cause possibility.

This continued evaluation, however, is no longer under the 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> constraint imposed while in Condition B. According to Generic Letter 84-15 (Ref. 7), 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is reasonable to confirm that the OPERABLE DGs are not affected by the same problem as the inoperable DG. B.4 Operation may continue in Condition B for a period that should not exceed 14 days. This Completion Time was revised from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 7 days by License Amendment (LA) 44 for Unit 1 and LA 43 for Unit 2 and from 7 days to 14 days by LA 166 for Unit 1 and LA 167 for Unit 2. In accordance with Reference 17, the 14-day Completion Time is intended to be used for planned maintenance or inspections at a frequency of no more than once per DG per operating cycle for each DG. For all other DG maintenance or inspections, the Completion Time is expected to remain at 7 days. This is consistent with the Completion Times assumed in References 17 and 18. In Condition B, the remaining OPERABLE DGs and offsite circuits are adequate to supply electrical power to the onsite Class 1 E Distribution System. The 14 day Completion Time takes into account the capacity and capability of the remaining AC sources, a reasonable time for repairs, and the low probability of a DBA occurring during this period. The 14 day Completion Time for Required Action B.4 establishes a -1 limit on the maximum time allovled for any combination of required AC f}0wer sources to be inoperable during any single contigtJB-US occurrence of failing to meet the LCO. If Condition 8 is entered 't1vhile, ( continued)

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.8.1 and 3.8.9 markup.Doc

-R6a 9 Revision 6a BASES ACTIONS B.4 (continued)

AC Sources -Operating B 3.8.1 for instance, an onsile circuit is inoperable and that circuit is subsequently restored OPERABLE, the LCO may already have been not met for up to 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. This could lead to a total of 17 days, since initial failure to meet the LCO, to restore the DG. At this time, an offsite circuit could again become inoperable, the DG restored OPERABLE, and an additional 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (for a total of 20 days) allowed prior to complete restoration of the LCO. The 14 day Completion Time provides a limit on time allowed in a specified condition after discovery of failure to meet the LCO. This limit is considered reasonable for situations in which Conditions 1\ and B are entered concurrently.

As in Required Action B.2, the Completion Time allows for an exception to the normal "time zero" for beginning the allowed time "clock." This will result in establishing the "time zero" at the time that the LCO was initially not met, instead of at the time Condition B was entered. C.1 and C.2 Required Action C.1, which applies when two offsite circuits are inoperable, is intended to provide assurance that an event with a coincident single failure will not result in a complete loss of redundant required safety functions.

The rationale for the reduction to 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> for Required Action C.1 is that Regulatory Guide 1.93 (Ref. 6) allows a Completion Time of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for two required offsite circuits inoperable, based upon the assumption that two complete safety trains are OPERABLE.

When a concurrent redundant required feature failure exists, this assumption is not valid, and a shorter Completion Time of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is appropriate.

Required features are redundant safety-related systems, subsystems, trains, components, and devices that depend on the DGs as a source of emergency power. These features are powered from the three Class 1 E AC electrical power distribution subsystems.

Examples of required features would include, but are not limited to, auxiliary saltwater pumps, centrifugal charging pumps, or motor-driven auxiliary feedwater pumps. The Completion Time for Required Action C.1 is intended to allow the operator time to evaluate and repair any discovered inoperabilities.

This Completion Time also allows for an exception to the normal "time zero" for beginning the allowed outage time "clock." In this Required Action the Completion Time only begins on discovery that both: a. All required offsite circuits are inoperable; and b. A required feature is inoperable.

If at any time during the existence of Condition C (two offsite circuits inoperable) a required feature becomes inoperable, this Completion Time begins to be tracked. (continued)

DIABLO CANYON -UNITS 1 & 2 radE82B3.DocgS9IEA06.D 10 Revision 6a GA-R6a BASES ACTIONS A.1 (continued)

Distribution Systems -Operating B 3.8.9 distribution subsystems by stabilizing the unit, and on restoring power to the affected subsystem.

The 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> time limit before requiring a unit shutdown in this Condition is acceptable because of: a. The potential for decreased safety if the unit operator's attention is diverted from the evaluations and actions necessary to restore power to the affected subsystem, to the actions associated with taking the unit to shutdown within this time limit; and b. The potential for an event in conjunction with a single failure of a redundant component in the other AC electrical power distribution subsystems with AC power. The second Completion Time for Required Action A.1 establishes a -1 limit on the maximum time allovved for any combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance, a DC bus is inoperable and subsequently restored OPERABLE, the LCO may already have been not met for up to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the l\C distribution system. At this time, a DC circuit could again become inoperable, and AC distribution restored OPERABLE.

This could continue indefinitely.

The Completion Time allovvs for an exception to the normal "time zero" for beginning the allovved outage time "clock." This vllill result in establishing the "time zero" at the time the LCO vvas initially not met, instead of the time Condition A was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.

B.1 With one 120 VAC vital bus subsystem inoperable, the remaining OPERABLE 120 VAC vital buses are capable of supporting the minimum safety functions necessary to shut down the unit and maintain it in the safe shutdown condition.

Overall reliability is reduced, however, since an additional single failure could result in the minimum required ESF functions not being supported.

Therefore, the required AC vital bus subsystem must be powered from an alternate source within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> by powering the bus from the associated inverter via inverted DC, inverter using internal AC source, or Class 1 E ( continued)

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.8.1 and 3.8.9 markup. Doc -R6a 85 Revision 6a BASES ACTIONS B.1 (continued)

Distribution Systems -Operating B 3.8.9 constant voltage transformer.

The required AC vital bus subsystems must then be re-powered by restoring it's associated inverter to OPERABLE status within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> under LCO 3.8.7. ACTION A.1. Condition B represents one 120 VAC vital bus without power; potentially both the DC source and the associated AC source are nonfunctioning.

In this situation, the unit is significantly more vulnerable to a complete loss of all noninterruptible power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining vital buses and restoring power to the affected 120 VAC vital bus subsystem.

This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that are without adequate 120 VAC power. Taking exception to LCO 3.0.2 for components without adequate vital 120 VAC power, that would have the Required Action Completion Times shorter than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> if declared inoperable, is acceptable because of: a. The potential for decreased safety by requiring a change in unit conditions (i.e., requiring a shutdown) and not allowing stable operations to continue;

b. The potential for decreased safety by requiring entry into numerous Applicable Conditions and Required Actions for components without adequate vital 120 VAC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected subsystem; and c. The potential for an event in conjunction with a single failure of a redundant component.

The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time takes into account the importance to safety of restoring the 120 VAC vital bus to OPERABLE status, the redundant capability afforded by the other OPERABLE 120 VAC vital buses, and the low probability of a DBA occurring during this period. The second Completion Time for Required Action B.1 establishes a -I limit on the maximum allovled for any combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered 'Nhile, for instance, an AC bus is inoperable and subsequently returned ( continued)

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.8.1 and 3.8.9 markup. Doc -R6a 86 Revision 6a BASES ACTIONS B.1 (continued)

Distribution Systems -Operating B 3.8.9 OPERABLE, the LCO may already have been not met for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the 120 'lAC vital bus distribution system. At this time, an /\C bus could again become inoperable, and 120 VAC vital bus distribution restored OPERABLE.

This could continue indefinitely.

This Completion Time allovvs for an exception to the normal "time zero" for beginning the allO'tNed outage time "clock." This vvill result in establishing the "time zero" at the time the LCO vvas initially not met, instead of the time Condition B 'Nas entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.

C.1 With one DC electrical power distribution subsystem inoperable, the remaining portions of the DC electrical power distribution subsystem are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining portion of the DC electrical power distribution subsystems could result in the minimum required ESF functions not being supported.

Therefore, the DC buses must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> by powering the bus from the associated battery or charger. Condition C represents one DC electrical power distribution subsystem without adeq uate DC power; potentially both with the battery significantly degraded and the associated charger nonfunctioning for the affected bus. In this situation, the unit is significantly more vulnerable to a complete loss of all DC power. It is, therefore, imperative that the operator's attention focus on stabilizing the unit, minimizing the potential for loss of power to the remaining DC electrical power distribution subsystems and restoring power to the affected subsystem.

This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that would be without power. Taking exception to LCO 3.0.2 for components without adequate DC power, which would have Required Action Completion Times shorter than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, is acceptable because of: a. The potential for decreased safety by requiring a change in unit conditions (Le., requiring a shutdown) while allowing stable operations to continue; ( continued)

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.8.1 and 3.8.9 markup. Doc -R6a 87 Revision 6a BASES ACTIONS Distribution Systems -Operating B 3.8.9 C.1 (continued)

b. The potential for decreased safety by requiring entry into numerous applicable Conditions and Required Actions for components without DC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected subsystem; and c. The potential for an event in conjunction with a single failure of a redundant component.

The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time for DC buses is consistent with Regulatory Guide 1.93 (Ref. 3). The second Completion Time for Required Action C.1 establishes a -i limit on the maximum time allovled for any combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition C is entered vvhile, for instance, an AC bus is inoperable and subsequently returned OPERABLE, the LCO may already have been not met for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO, to restore the DC distribution system. At this time, an AC bus could again become inoperable, and DC distribution restored OPERABLE.

This could continue indefinitely.

This Completion Time allovvs for an exception to the normal"time zero" for beginning the allovved outage time "clock." This "lvill result in establishing the "time zero" at the time the LCO vvas initially not met, instead of the time Condition C vvas entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LCO indefinitely.

D.1 and D.2 If the inoperable distribution subsystem cannot be restored to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LCO does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems. ( continued)

DIABLO CANYON -UNITS 1 & 2 TS Bases 3.8.1 and 3.8.9 markup. Doc -R6a 88 Revision 6a Commitments:

Enclosure 3 Attachment 4 PG&E Letter DCL-11-059 Summary of Regulatory Commitments

1) If steam generator level control is placed in manual alignment due to a failure of automatic control, PG&E will assign an operator for manual operation.
2) PG&E will revise procedure OP1.DC17, "Control of Equip Required by Technical Specifications or Designated Programs." The administrative controls will ensure that a single contiguous occurrence of failing to meet the LCO ,will not be extended beyond the additive Completion Times of the two Required Actions for restoration unless a risk evaluation is performed, and the risk impact is managed. This TS requirement, when considered with the regulatory processes discussed above, provide an equivalent or superior level of plant safety without the unnecessary complication of the TSs by second Completion Times on some Specifications.

Enclosure 3 Attachment 5 PG&E Letter DCL-11-059 Proposed Updated Final Safety Analysis Report Update (Markups) (for information only) 6.5.5 INSTRUMENTATION REQUIREMENTS As shown in Figures 7.3-8 and 7.3-17 the motor driven AFW pumps are started by closure of the solid-state protection system (SSPS) output relay and one of the timers. The relay is actuated by safety injection initiation or low-low level in any steam generator.

The timers provide automatic starting sequences after bus transfer either with or without safety injection.

Each pump is started by a separate relay or timer from redundant SSPS trains A or B. The motor driven pumps are also automatically started by trip of both main feedwater pumps, or an AMSAC signal. The turbine driven AFWS pump is started by opening a steam supply valve. As shown in Figure 7.3-18, this valve is opened by one of the SSPS output relays. One of these relays starts on loss of offsite power and the other on low-low level in any two steam generators.

The turbine driven pump is also started by an AMSAC signal. The initiating sensors are powered from separate and redundant nuclear instrumentation and control panels, each of which is supplied by either onsite emergency generators or station emergency batteries.

Each of the two redundant SSPS trains is supplied by a separate safety-grade power source. Instrumentation is provided in the motor driven pump discharge to sense low pump discharge pressure indicative of a depressurized steam generator.

In a low pump discharge situation, control valves are automatically throttled to prevent pump runout. This automatic action limits flow to any depressurized steam generator.

Automatic control of one level control valve per motor driven train will provide pump runout protection.

Operator action may be used to provide pump runout protection if in manual control. No such instrumentation is provided for the turbine driven AFW pump. Manual action by the plant operator is required to terminate flow to a depressurized steam generator.

Manual initiation for each train exists in the control room. The manual initiation system is installed in the same manner as the automatic initiation system. No single failure in the manual initiation portion of the circuit can result in the loss of AFWS function (see Figures 7.3-17 and 7.3-18 for the circuitry).

One AFW flow indicator is provided for each of four steam generators.

The indicators are safety-grade.

Indication is provided at the main control board and the hot shutdown panel.

Enclosure 3 Attachment 5 PG&E Letter DCL-11-059 Two separate critical instrument power buses are used for the four flow indicators, with two flow indicators on each bus. The flow from the turbine driven auxiliary feedwater pump is monitored by the same indicators that monitor the motor driven AFW pump flow. Additional indication of AFW flow is provided by the safety-grade steam generator wide-range level indication.

This provides recording on the main control board and indication on the hot shutdown panel. It is powered from the same bus that powers two of the flow indicators.

7.3.2.10.2 Steam Break Protection Additional protection against a steam break accident is provided by closure of all steam line isolation valves to prevent uncontrolled blowdown of all steam generators.

Generation of the protection system signal is again short compared to the time to trip the fast acting steam line isolation valves that are designed to close in less than 5 seconds. Instrumentation is provided in the motor driven auxiliary feedwater pump discharge line to sense low pump discharge pressure.

This automatically closes valves to provide pump runout protection while maintaining required feedwater flow. Automatic control of one level control valve per motor driven train will provide pump runout protection.

Manual action by the operator is required to terminate flow from the turbine driven auxiliary feedwater pump to a depressurized steam generator.

Operator action may be used to provide pump runout protection if in manual control. No mention of manual operator action for MDAFW pumps. 15.2.8 LOSS OF NORMAL FEEDWATER 15.2.8.1 Identification of Causes and Accident Description The motor driven AFW pumps are connected to vital buses and are supplied by the diesels if a loss of offsite power occurs. The turbine driven pump utilizes steam from the secondary system and exhausts it to the atmosphere.

The controls are designed to start both types of pumps within 1 minute even if a loss of all ac power occurs simultaneously with loss of normal feedwater.

The AFW pumps take suction from the condensate storage tank for delivery to the steam generators.

Instrumentation is provided in the motor driven pump discharge to sense low pump discharge pressure indicative of a depressurized steam generator.

If low pump discharge pressure should occur, control valves automatically throttle down to prevent pump runout. This automatic action ensures that the required flow is maintained.

However, no such instrumentation is provided for the turbine driven pump and remote-manual action by the plant operator is required to terminate its flow to a depressurized steam generator.

Operator action may be used to provide pump runout protection if in manual control.

Retrieved from "https://kanterella.com/w/index.php?title=DCL-11-059,_Diablo_Canyon_Units_1_%26_2,_License_Amendment_Request_11-04,_Revision_to_Technical_Specification_3.6.6,_Containment_Spray_and_Cooling_Systems,_TS_3.7.5,_Auxiliary_Feedwater_System,_TS_3.8.1,_AC_Sources-Operating,_TS_3.8.9,_Distribution_Sys&oldid=1051580"