IA-97-166, Forwards SE Re Request to Establish Requirements for Audits of TS Subject to Provisions of App B to 10CFR50.Request Left Unsolved Pending Further NRC Review

From kanterella
Jump to navigation Jump to search
Forwards SE Re Request to Establish Requirements for Audits of TS Subject to Provisions of App B to 10CFR50.Request Left Unsolved Pending Further NRC Review
ML20141M649
Person / Time
Site: Beaver Valley
Issue date: 10/04/1996
From: Stolz J
NRC (Affiliation Not Assigned)
To: Cooper R
NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I)
Shared Package
ML20140H749 List:
References
FOIA-97-166 TAC-M96187, TAC-M96188, NUDOCS 9610150007
Download: ML20141M649 (30)
v  d  e


Text

_ _ _ _ __ _ .___ _ _ ____..__..._ _. _.__ _ ______._ _ _ ___ -_

l .. .'

f.mg E ~ns . -

j -

e '.

j -

( j UNITED STATES NUCLEAR REGULATORY COMMISSK)N

'47 '3.k[ //)

! . e wasmanton, o c. -i

%.,,,, October 4, 1996 l l 4

l MEMORANDUM TO: Richard W. Cooper, !!, Director

Division of Reactor Projects i

! Region ! l I . f = '

\

j FROM: John F. Stolz, Director d -/ l j Project Directorate I-2 trLW / ' ,

1 Division of Reactor Projects - 1/II .

j Office of Nuclear Reactor Regulation )

SUBJECT:

RESPONSE TO TASK INTERFACE AGREEMENT REGARDING REGULATORY l l

REQUIREMENTS FOR AUDITS of TECHNICAL SPECIFICATIONS ACTIVITIES SUBJECT TO THE PROVISIONS OF APPENDIX 8 TO 10 CFR PART 50, 1

8EAVER VALLEY POWER STATION, UNIT NOS. 1 AND 2 (TAC NOS.

l M96187 AND M96188)

In a memorandum dated July 24, 1996, Region I requested assistance to establish the requirements for quality assurance audits of the Onsite Safety

} Comiittee (OSC) at Beaver Valley Power Station, Unit Nos. I and 2 (BVPS-1 and I BVPS-2). The assistance was requested following completion of inspection i

l procedure 40500 at BVPS-1 and BVPS-2. The results of that inspection were

documented in inspection report 50-334/96-05 and 50-412/96-05. White

{ conducting that inspection, the inspection team identified that the Ouquesne i Light Company (DLC) had performed annual audits of the OSC activities until

! 1992. DLC stopped performing these audits based on their assessment that the

audits were not providing significant findings.

Subsequent to the staff's inspection at SVPS-1 and BVPS-2, DLC has stated that

, they believe that a specific audit of the OSC activities is not required by

! the Technical Specifications (TSs). According to DLC, the annual audits

! performed until 1992 were performed as an " initiative" and were not intended

! to meet TS requirements. This issue was left unresolved pending further NRC

! review.

We have now completed our evaluation of regulatory requirements for audits of tl

activities delineated in the DLC's BVPS-1 and 8VPS-2 TSs (Attachment 2) as  !

requested by Region 1. As stated in our safety evaluation (Attachment 1), we j have determined that DLC's decision to not perform audits of activities 3

CONTACT: D. Brinkman .,/

j (301) 415-1409 J

4 e

i 110147 NRC FILE CfNTER COPY soep,946&ff

\ / \

l1

, AblolGood? W _ . . . .

e, 1

R. Cooper performed by the OSC under the cognizance of the offsite review committee since 1992 constitutes a violation of Beaver Valley TS 6.5.2.8.d. Critert'a 1 XVill of Appendix 8 to 10 CFR Part 50, and of 10 CFR 50.54(a)(3). J Docket Nos. 50-334/412 orir,inal simux! hv J. 9 017

{ Attachments: 1. Safety Evaluation

' 2. Excerpts from the BVPS-1 and 8VPS-2 TSs and Section 12.4 of the BVPS-1

' Updated Final Safety Analysis Report (UFSAR) and 13.4 of the 8VPS-2 UFSAR

' 1 cc w/atts: E. Merschoff, RGN-!! l W. Axelson, RGM-l!! l J. Dyer, RGM-IV l l

DISTRIBUTION

Dccket file P01-2 Reading SVarga/JZwolinskt
JRoe/EAdensam

! JStolz

  • i M0'8rien TLiu 4 08rinkman JPeralta 581ack l CLyon, SRI

, PEselgroth, RCN-!

l AChaffee 3

OFFICE P0tht/Lil P01-2/PM/jf PO!M/D NAME M0hh- DBrinkman:me JSto' }-

DATE /h/96 s c / J /96 f / )/96 0FFICIAL RECORD COPY DOCUMENT MAME: 8V96187.TIA

o R. Cooper I performed by the OSC under the cognizance of the offstte review committee since 1992 constitutes a violation of Beaver Valley TS 6.5.2.8.d, Criterton XVill of Appendix 8 to 10 CFR Part 50, and of 10 CFR 50.54(a)(3).

Docket Mos. 50-334/412 ,

Attachments: 1. Safety Evaluation

2. Excerpts from the 8VPS-1 and BVPS-2 TSs and Section 12.4 of the BVPS-1 Updated Final Safety Analysis Report (UFSAR) and 13.4 of the BVFS-2 UFSAR ,

cc w/atts: E. Merschoff, RGM-!!

W. Axelson, RGM-Ill J. Dyer, RGN-IV i

i I

- 1 i

Wwee*

j -

1

,f.seene,'<,% UNITED STATES j j* '* j e

NUCLEAR HEGULATORY COMMISSION wasmamotoes. o.c senes.mei

%. ../

! SAFETY EVALUATION BY THE OFFICE OF NUCLEAR REACTOR REGULATION j REGARDING REGULATORY REQUIREMENTS FOR AUDITS OF TECHNICAL SPECIFICATIONS i

. 6GJVITIES SUBJECT TO THE PROVISIONS OF APPENDIX B TO 10 CFR PART 50 LICENSE NOS. DPR-66 AM) NPF-73

, DUQUESNE LIGHT COMPANY )

, OHIO EDISON COMPANY l l

PENNSYLVANIA POWER COMPANY I THE CLEVELAND ELECTRIC ILLUMINATING COMPANY THE TOLEDO EDISON COMPANY l

BEAVER VALLEY POWER STATION. UNIT N05. 1 AND 2

{

DOCKET NOS. 50-334 AND 50-412 4

1.0 INhJ00CT10N in a memorandum dated July 24, 1996 (Reference 13), the Division of Reactor Projects, Region 1, requested NRR's assistance in determining the nature of l any requirements for quality assurance audits of the onsite safety committee

! (OSC) activities at Duquesne Light Company's (DLC's) Beaver Valley Power i Station, Unit Mos. I and 2 (BVPS-1 and BVPS-2). Section 6.5.2.8, " Audits," of the BVPS-1 and BVPS-2 technical specifications (TSs) requires that audits of i factitty activities be performed under the cognizance of the offsite review i

{ committee (ORC).

j While conducting an inspection in accordance with inspection procedure 40500

at BVPS-1 and BVPS-2, the inspection team identified that OLC had performed

! annual audits of the OSC activities until 1992. OLC stopped perfornirq these audits based on their assessment that the audits were not providing significant findings.

l . Subsequent to the staff's inspection at 8VPS-1 and BVPS-2, DLC has stated that they believe that a specific audit of the OSC activities is not required by TS 6.5.2.8.a. According to DLC, the annual audits performed until 1992 were 3

performed as an " initiative' and were not intended to meet TS requirements.

This issue was left unresolved pending further NRC review.

AliACHM(N1 1

g. _ _ _ _ _ . . _ . _ _ _ _ _ _ . _ _ . _ . _ . _ _ _ _ . _ . . _ _ _ - ~ . _ _ . _

{ .

l  !

2.0 EVAttlATION i

l 2.1 Regulatory Requirveents Related to the Review and Audit Provisions in

Technical Specifications Paragraph (b)(4)(it) of 6 50.34, " Contents of appitcations; technical

{ information,' requires that the facility's final safety analysis report i include, concerning factitty operation, the ' Managerial and administrative

} controls to be used to assure safe operation.' This paragraph also states:

i "Appendia 8 ' Quality Assurance Criteria for Nuclear Power Plants and Fuel I

, Reprocessing Plants,' sets forth the requirements for such controls for j

nuclear power plants and fuel reprocessing plants. The information on the l l controls to be used for a nuclear power plant or a fuel reprocessing plant l shall include a discussion of how the applicable requirements of Appendix B i will be satisfied.' '

i Criterien I, " Organization," of Appendix 8 to 10 CFR Part 50, states, in part.

!i that "The quality asserance functions are those of (a) assuring that an l

i appropriate quality assurance program is established and effectively executed and (b) verifying, such as by checking, auditing, and inspection, that

, activities affecting the safety-related functions have been correctly

{ performed."

Regulatory Guide (RG) 1.33, " Quality Assurance Program Requirements
(Operation),* Revision 2 (February 1978) describes a method acceptable to the

! NRC staff for compliance with the provisions of Appendix B to 10 CFR Part 50 for the operation phase of nuclear power plants. RG 1.33 conditionally endorses the American national Standards Institute (ANSI)/American Nuclear Society (ANS) standard ANSI N18.7-1976/ANS-3.2, "American National Standard -

Administrative Controls and Quality Assurance for the Operational Phase of Nuclear Power Plants.* Section 4 of ANSI N18.7/ANS-3.2 provides that programs for reviews and for audits of activities affecting safety shall be established, and that such programs for reviews and audits shall, themselves, be perledically revleued for effectiveness. Section 4.4, " Review Activities of the Onsite Operattag Organization

  • of ANSI N18.7/ANS-3.2 states, in part, "The onsite operating organization shall provide, as part of the normal duties of plant supervisory personnel, timely and continuing monitoring of operating activities to assist the Plant Manager in keeping abreast of general plant conditions and to verify that day-to-day operating activities are conducted safely and in accordance with applicable administrative controls. These continuing monitoring activities are considered to be an integral part of the routine supervisory function and are important to the safety of plant operatten." Section 4.4 also states that "The onsite operating organization should screen subjects of potential concern to independent reviewers and perform preliminary levestigations (see 4.3.4).*

The Duquesne L1 5 ht Campany's quality Assurance (QA) progras description in its Updated Final Safety Analysis Report (UFSAR) includes a coenitment to ANSI N18.7-1976/ANS-3.2, as endorsed by RG 1.33, in order to comply with the requirements of Appendia 5 to 10 CFR Part 50.

.. . ; q.. 7, ,, .

~

._1*p, '- ,

3-Chapter 12.4, " Review and Audit,* of the 8VPS-1 UFSAR states "The Onsite Safety Committee (OSC) advises the General Manager Nuclear Operations on all

matters related to nuclear safety. The function, composition.

l responsibilities, authority, quorum and meeting requirements of the OSC are j given in the Technical Specifications. The Offsite Review Committee (ORC)

provides independent review and audit of designated activities [eephasis l added). The function, composition, responsibilities, authority, quorum and meeting requirements of the ORC are given in the Technical Specifications."

l Chapter 13.4,

  • Review and Audit,' of the 8VPS-2 UFSAR states "A review and
l. audit program has been established by DLC to Assure (sic) that operations of l.

Its nuclear power plants are performed in a safe manner consistent with license provisions, approved procedt..as, and company policy. The review program is the responsibility of the Onsite Safety Cosmittee (OSC) and the j Offsite Review Committee (ORC). The audit program is the responsibility of j the Operations Quality Assuran;e Department. The functions of the review and l audit program are detailed as follows: 1. Review proposed changes, tests, i experiments, and implementing procedures pursuant to the criteria established in 10 CFR 50.59; 2. Verify that unusual events are promptly investigated and I corrected; 3. Detect trends of conditions that may not be apparent to a day-to-day observer "

Section 13.4.1, "Onsite Review," of BVPS-2 UFSAR states "The OSC has been established to advise the General Manager, Nuclear Operations, on all matters related to nuclear safety. In this capacity, the OSC will review plant operations, changes, experiments, tests, and procedures that have nuclear l safety significance [ emphasis added). The OSC also functions to determine what itees censtitute an unreviewed safety question and will request review of

,j these items by the ORC."

i, Section 13.4.2, " Independent Review,' of BVPS-2 UFSAR states "The ORC has

, been established to review and audit [eephasis added] all matters that involve

. safety considerations relating to the operation of BVPS (Beaver Valley Power l Station]. The primary purpose of the committee is to ensure that the station is operated in a manner consistent with the terms of the operating license and i: in accordance with applicable regulations that are designed to safeguard the

! health and well-being of station personnel and the general public."

Paragraph (c)(5), % 'in. strative controls" of i 50.36, " Technical specifications," stQs M

  • Administrative controls are the provisions l relating to organizattor. eved management, procedures, recordkeeping, review and audit [sephasis added), and reporting necessary to assure operation of the facility in a safe manner.' The following requirements related to OSC and ORC activities are specified by BVPS-1 and BVPS-2 TS 6.5, ' Review and Audit *:

l

4 4 .

1

a. OSC (1) TS 6.5.1.1 "The OSC shall function'to advise the General Manager, Nuclear Operations es all matters related to nuclear safety and shall provide review capability in the areas of: a. nuclear power plant  ;

operations; b. radiological safety; c. maintenance; d. nuclear  ;

engineering; e. nuclear power plant testing; f. technical advisory engineering; g. cheelstry; h. quality control; and 1. instrumentation and control."

(2) TS 6.5.1.6 "The OSC shall be responsible for: a. Review of 1) all procedures required by Specification 6.8 and changes of intent there to, 2) any other proposed procedures or changes thereto as ,

determined by the General Manager Nuclear Operations to affect nuclear safety; b. Review of all proposed tests and expertments that affect nuclear safety; c. Review of all proposed changes to the Technical Specifications; d. Feview of all proposed changes or modifications to plant systees or equipment that affect n .iear safety; investtgations of all violations of the Technical Specifications including the preparation and forwarding of reports covering evaluations and recommendations to prevent recurrence to thw General Manager, Nuclear Operations and to the Chairman of the Offsite-Review Committee; f. Review of all REPORTABLE EVEfsTS (sic); g. Review of facility operations to detect potential safety hazards; and h. Perfor.aance'of spitclal reviews, investigations or analyses and reports thereon as requested by the Chairman of the Offsite  ?

Review Committee.*; and (3) TS 6.5.1.7 "The OSC shall: a..Reconnend to the General Manager, Nuclear Operations written approval or disapproval of itees considered under 6.5.1.6.a through .e above; b. Render determinations in writing ,

with regard to whether or not each ites considered under 6.5.1.6.a through .e above constitutes an unreviewed safety question; and c.

Provide written notification within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to the Senior Vice '

j President Ruclear Power Division and the Offsite Review Committee of

, disagreement between the OSC and the General Manager, Nuclect Operations;

! however, the General Manager, Nuclear Operations shall have responsibility for resolution of such disagreements pursuant to 6.1.

above."

b. ORC 1

(1) TS 6.5.2.8 - Audits of facility act'sitics, encompassing (in part) l the following, shall be performed under the cognizarte of the ORC *[TS 6.5.2.8.]d. The performance of activities required by the Quality l

Assurance Program to met the criteria of Appendix 'B',10 CFR 50.* -

(2) TS 6.5.2.7 "The ORC d.all review: a. The safety evaluations for

1) changes to procedures, equipment, or systems and 2) tests or experiments cospleted under the provisions of Section 50.59, 10 CFR, to i verify that such actions did not constitute an unreviewed safety C~ ~

i

_ . _ _ _ _ _ . . . _ . _ __.__._._.m . _ _ _ _ _ - _ _ _ _ _ _ . . _

s 1

i o I

question; b. Proposed changes to procedures, equipment or systems which
involve an unreviewed safety question as defined in Section 50.59, 10 l

CFR; c. Proposed tests or experiments which involve an unreviewed safety

question as defined in Section 50.59, 10 CFR; d. Proposed changes in l Technical Specifications or licenses; e. Violations of applicable i statutes codes, regulations, orders, Technical Specifications, license i

require ents, or of tr,ternal procedures or instructions having nuclear safety significance; f. Significant operating abnormaittles or deviations

! from normal and espected performance of plant equipment that affect

nuclear safety; g. ALL REPORTA8tE EVENTS (sic); h. All recognized j Indications of an unanticipated deficiency in scoe aspect of design or  ;

j operation of safety-related structures, systems, or components; i. I

! Reports and meeting minutes of the OSC; and J. The results of the l Radio:ogical Environmental Monitoring Program prior to submittal of the annual report provided in accordance with Specification 6.9.1.10."

! Accordingly, OSC and ORC activities are an inheten' part of the administrative l i ccntrols provisions necessary to assure operation of the facility in a safe i i manner pursuant to i 50.34(b)(6)(ii) and, as described in BVPS-1 and BYPS-2 TS '

i and UFSAR, such activities are reautred by the Quality Assurance ProotAp__b j meet the criteria of Anoendix B to 10 CJ1_M.

f

! Based on ; above, NRR disagrees with DLC's conclusion that the audits performed until 1992 were performed as an " initiative" and not intended to seet TS requirements and, therefore, DLC's failure to perform audits of OSC l activities under the cognizance of the ORC constitutes a violation of BVPS-1 and BVPS-2 TS 6.5.2.8.d.

2.2 Regulatory Requirements Related to Audit Provisions in BVPS-1 and BVPS-2 Quality Assurance Program Description Paragraph (b)(6)(ti) of f 50.34 "Cor. tents of applicanes; technical information," requires that the facility's safety analp is report include, concerning facility operation, the " Managerial and administrative controls to be used to assure safe operation. Appendix 8, to 10 CFR 50, ' Quality

, Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants,'

I sets forth the requirements for such controls for nuclear power plants and fuel. reprocessing plants. The information on the controls to be used for a nuclear power plants or a fuel reprocessing plant shall include a discussion of how the applicable requirements of appendix 8 will be satisfied."

Criterion IVI!!, " Audits.* of Appendix 8 to 10 CFR 50 states, in part, "A

comprehensive system of planned and periodic audits shall be carried out to verify compliaece with all aspects of the quality assurance program and to i determine the effectiveness of the program."

section 13.4.3, ' Audit Program," of BVPS-2 UFSAR states "A comprehensive system of planned and documented audits will be instituted at 8VPS-2 to verify compliance with the following: 1. Regulatory rcquirements, 2. License provisions 3. Opu ating procedures, and 4. Operations quality assurance

i t i

! l.

I j l program administrative controls." Section 13.4.3.1, " Responsibility," states, I i in part, " Additionally, the ORC will conduct technically oriented audits within the Nuclear Division as delineated by the Operations Quality Assurance Program."

! Section 13.4.3.2, " General Description," of BVPS-2 UFSAR states, in part, 1

"The audit program will include a system of internal audits of station qualit; j related activities, including quality control activities, to assure conformance to the Operations Quality Assurance Program."

DLC's QA program description in its UFSAR includes a commitment to RG 1.144,

' Auditing of Quality Assurance Programs for Nuclear Power Plants," Revision 1

, I (Septembsr 1980) which provides the licensee's methodology for complying with

, the audit provisions of Appendix 8 to 10 CFR 50. RG 1.144 conditionally l endorses ANSI /American Society of Mechanical Engineers (A5ME) standard l N45.2.12-1977, " Requirements for Auditing of Quality Assurance Programs for

Nuclear Power Plants." RG 1.144 provides that for internal licensee audits L during tie operational phase, the relevant guidance in RG 1.33 should be 1 l followed for the identification of operational activities and/or areas to be i audited.

L As stated above, DLC's QA program description in its UFSAR also includes a i commitment to ANSI N18.7-1976/ANS-3.2, as endorsed by RG 1.33, in order to i comply with the requirements of Appendix 8 to 10 CFR 50 during the operational phase. Section 4.5, " Audit Program," of ANS! N18.7-1976/ANS-3.2' states, in i

part, "A comprehensive system of planned and documented audits shall be carried out to verify compliance with all aspects of the administrative i

controls and the quality assurance program. Audits of selected aspects of i operational phase activities shall be performed with a frequency connensurate l- with their safety significance and in such a sanner as to ensure that an audit i of all safety-related functions f s completed within a period of two years."

i Section 4.5 also states that " Periodic reviews of the audit program sbail be l performed by the independent review body or by a sanagement represeut'ive at i least seelannually to assure that audits are being accomplished in srdance

! with requirements of technica'l specifications [sephasis added) and of this

. Standard."

Additionally,Section IV.B., " Quality Smices Audit Program," of DLC Procedure NPDAP 8.21, " Quality Service Audit. Surveillance, inspection.

Examination and Assessments Programs," currently provides, in part, that the Quality Services Audit and Surveillance Department shall audit company groups, departments and programs, and that a twelve (12) sonth audit schedule shall be developed and maintained by Quality Services Supervisors which lists all areas scheduled to be audited.

Based on the above, NRR concludes that the Quality k rvices Audit and Surveillance Department's failure to perform an aud.t (under the cognizance of the ORC) of OSC activities at BVPS-1 cmi BVPS-2 since 1992 constitutes a violation of Criterion XVill of Appeno.- b ?o 10 CFR Part 50.

. - . - _ - . - ~ - .- . . . . . - - . - - . - - - - - - . -

1 .

l

  • 3 j

2.3 Regulatory Requirements Related to Control of Changes in QA Program l Descriptions Previously Approved by the NRC l Paragraph (a)(1) of f 50.54, " Conditions of licenses," states that "Each

nuclear power plant or fuel reprocessing plant licensee subject to the quality l i

j assurance criteria in Appendix B nf this part shall laplement, pursuant to 5 '

jg 50.34(b)(6)(11) of this part, the quality assurance program described or )

te referenced in the Safety Aralysis Report, including changes to that report."

4 I

Additionally, paragraph (a)(3) of i 50.54 states, in part, "After March 11, l

. 1983, each licensec described in paragraph (a)(1) of this section may make a i change to a previously accepted quality assurance program description included or referenced in the Safety Analysis Report, provided the change does not reduce the cosmitments in the program description previously accepted by the NRC."

NRR's interpretation of the language in i 50.54(a)(3) is that if a QA program

~

1 description commitment 'which defines r requirement for a specific activity (e.g., periodic audits of OSC activities) is being changed by a licensee, and if that particular requirement was being eliminated by the change, the resulting change would constitute a reduction in coenitments and would require NRC approval prior to its implementation. Furthermore, NRR believes that if a QA program commitment being changed or modified permits new or alternative options to be used, commitments" the chtn9,e and NRC approvr.would alsobeconstitute muld still required,aeven

" reduction in new or when such alternative options are kamed acentable. or eouivalent in ef fect to the OA {

coenitment beino chanced or modifitd. by the licensee. .

As stated above, DLC's QA progrev description in its UFSAR includes a commitment to ANSI N18.7-1976/ANS-3.2, as endorsed by RG 1.33, in order to comply with the requirements of Appendix B to 10 CFR Part 50. Based on this '

comitment DLC (i.e., the Quality Services Audit and Surveillance Department) ,

is required to periodically perform audits of selected aspects of operational phase activities with a frequency commensurate with their safety significance, i.e., within a period of 2 years, i

Based on the above, NRR concludes that DLC's decision of no' performing audits of OSC activities since 1992 constitutes a ' reduction in cosmitments" in the QA program description previously accepted by the NRC. Such a reduction in commitments has effected a change in implementation not currently described in SVPS-1 and 8VPS-2 QA program description. Pursuant to i 50.54(a)(3), DLC was required to infom the NRC of this reduction in commitments in its QA program description and should have sought approval prior to its implementation. As such, the licensee's actions in this area constitute a violation to 10 CFR 50.54(a).

1 1

i j

i  !

i

3.0 CONCLUSI0h i

j Based on the above. NRA concludes that (1) activities spectfled in TS 6.5.1.7, j and performed by the OSC, are activities reautred by the BVPS-1 and BVPS-2 QA program to meet the criteria of Appendix 5 to 10 CFR Part 50, (2) TS 6.5.2.8.d i reautres that such activities be audited oeriodically (at least once every 2

, years) under the coonizance of the ORC and (3) pursuant to 150.54(a), DLC's  !

1 decision of not performing audits of OSC activities since 1992 constitutes a I

reduction in commitments in the SVPS-1 and SVPS-2 QA program description J' previously accepted by the NRC.

Therefore, NRR corroborates the conclusions reached by the inspectors in l inspection report 50-334/96-05 and 50-412/96-05, and finds that OLC's decision

to not perform audits of activities performed by the OSC under the cognizance of the ORC since 1992 constitutes a violation of the BVPS-1 and BVPS-2 TS 6.5.2.8.d. Criterion XVill of Appendix B to 10 CFR Part 50, and of 10 CFR i 50.54(a)(3). l Principal Contributor
J. Peralta Date: October 4,1096 i

s

l

! l i

l l

I i

a r

l .- - - . . - _ . - . . . . . . .

i

<l .

l L '

4.0 REFERINCES

1. 650.36, " Technical specifications"
2. 550.34, ' Contents of applications; technical information"
3. 550.54, " Conditions of licenses *
4. Appendix 8 to 10 CFR Part 50, " Quality Assurance Criteria for Nuclear Power Plants and Fuel Reprocessing Plants"
5. 'Guldance on Cuality Assurance Requirements During the Operations Phase of Nuclear Power Plants" (Red Book) October 26, 1973
6. Section 13.4, *0perational Review," of MUREG-0800, " Standard Review Plan *
7. Regulatory Guide 1.33, *Q'uality Assurance Proyam Requirements (Operation)," Revision 2 (February 1978)
8. Regulatory Guide 1.144, " Auditing of Quality Assurance Programs for Nuclear Power Plants," Revision 1 (September 1980)
9. ANSI N18.7-1976/ANS-3.2, "American National Standard - Administrative Controls and Quality Assurance for the Operational Phase of Nuclear Power Plants'
10. ANSI /ASME M45.2.12-1977, " Requirements for Auditing of Quality Assurance l Programs for Nuclear Power Plants" i
11. Memorandue dated March 9,1990, from John A. Zwolinski, Acting Assistant Director for Region V Reactors. Olvirlon of Reacter Projects 111, IV, V I and Special Projects, NRR, to Ross C. Scarano, Otrector, Division of Radiation Safety & Safeguards, Regim V, " Clarification of Technical Specification Requirements with Retpct to Audits of Performance, Training and Qualifications of Unit Staff (TAC #75076)
12. Letter dated August 31, 1995, from Donald S. Brishman, NRC, to J. E.

Cross, Duquesne Light Company, '8eaver Valley Pouer Station, Unit Mos. I and 2 (TAC tos. M90466 and M90467)"

13. Nemorandue dated July 24, 1996, from Richard W. '. oper, II, Director, Division of Reactor Projects, Region I, to Steven A. Varga, Director. .

Division of Reactor Projects - 1/11 NRR, ' Proposed Task Interface Agreement (TIA) Regarding Quality Assurance Audits of the Beaver Valley Onsite Safety Casalttee" l 14. Inspection Procodure 40500. " Effectiveness of Licassee Controls in Identifying, Resolving, and Preventing Problems" (August 25, 1995)

15. Inspection Procedure 40301, " safety Committee Activity" (September 30,

! 1994) I 4

g

., l I ,_

4 o ., .

DPR-66 a

ADMINISTRATIVE CONTROLS

, 6.3 FACILITY STAFF OUALTFICATIONS 1

6.3.1 Each member of the facility and Radiation Protection staff shall meet or exceed the minimum qualifications of ANSI N18.1-1971 i for comparable positions, except for the Health Physics Manager who i shall meet or exceed the qualifications of Regulatory Guide 1.8, i September 1975, and the technical advisory engineering l representative who shall have a bachelor's degree or equivalent in a j scientific or engi.ieering discipline with specific training in plant

des 4gn and response analysis of the plant for transients and accidents.

6.4 TRAI M 4.4.1 A retraining and replacement training

  • program for the
facility staff shall be maintained under the direction of the

}' Nuclear Training Manager and shall meet or exceed the requirements and recommendations of Section 5.5 of ANSI N18.1-1971 and 10 CTR Part 55.

6.5 REVIEW AND AUDIT -.

4.5.1 ONSITE RAFETY COMMITTEE (CSC) fufCTIQM 6.5.1.1 The osc shall function to advise the General Manager, Nuclear Operations on all matters related to nuclear safety and sh411 provide review capability in the areas of:

i

a. nuclear power plant operations '
b. radiolegical safety
c. maintenance
d. nuclear engineering
e. nuclear power plant testing
f. technical advisory engineering
g. cheuistry
h. quclity control
i. ir.strumentation and control l CQHPQ31T1325 6.S.1.2 The Onsite Safety Committee Supervisor is the OSC Chairman and s.4all r appoint all members of the osc. The membership shall .

cons 19t of a minimum of one individual from each of the areas designated in 6.5.1.1.

OSO members and alternates shall meet or exceed the minimum qualifications of AMsI Wis.1-1971 section 4.4 for comparable positions. The nuclear power plant operations individual shall meet the qualifications of Section 4.2.2 and th9 maintenance individual shall meet the qualifications of section 4.2.3.

BEAVER VI.LLEY - UNIT 1 6-5 Amendment No.191 AttachusHt f

~f i DPR-66 ADMINISTRATIVE CONTROLS 1 4

AUTHORITY 6.5.1.7 The OSC shall:

! a. Recommend to the General Manager, Nuclear Operations written approval or disapproval of items considered under 6.5.1.6.a through .d above.

b. Render determinations in writing with regard to whether or not each item considered under 6.5.1.6.a through .e above

! constitutes an unreviewed safety question.

c. Provide written notification within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to the Senior

! Vice President, Nuclear . Power Division and the Offsite l

Review Committee of disagreement between~ the OSC and the

General Manager, Nuclear Operations; .however, the General

( Manager, Nuclear Operations shall have responsibility for j resolution of such disagreements pursuant to 6.1.1 above.

i 4

RECORDS __

j 6.3.1.8 The OSC shall maintain written minutes of each meeting and

~

copiec shall be provided to the General Manager, Nuclear Operations l

and Chairman of the Offsite Review Committee.

{ 6.5.2 OFFSITE REVIEW COMMITTEE (ORC) l FUNCTION 6.5.2.1 The ORC shall function 'to provide independent review and j audit of designated activities in the areas of:

l a. nuclear power plant operations i b. nuclear. engineering

c. chemistry and radiochemistry
d. metallurgy
e. instrumentation and control
f. radiological safety
g. mechanical and electrical engineering
h. quality assurance pte,t!.ces 9

BEAVER VALLEY - UNIT 1 6-7 Amendment No.191

[

' ACMitil 51 W I V t, C Liel k .,;.5

" COMPOS ITIOff

, 4.5.2.2 The chairman and all members of the ORC shall be appointed

by the Senior Vice President, Nuclear Power Division. The l i membership shall consist of a minimum of five individuals who j collectively possess a broad based level of experience and
competence enabling the committee to review and audit those j activities designated in 6.5.2.1 above and to recognise when it is j

necessary to obtain technical advice and counsel. An individual may possess expertise in more than one specialty area. .The i collective competence of the committee will be maintained as changes j to the membership are made.

1

] ALTERNATES

6.5.2.3 'All alternate members shall be appointed in writing by the

! ORC Chairman to serve on a temporary basis; however, no more than two alternates shall participate as voting members in CRC activities at any one time.

i j CONSULTANTS --

6.5.2.4 Consultants shall be utilized as determined by the CRC j Chairman to provide expert advice to cne ORC.

J, i

s j

i i

t I l 1

e

+

BEAVER VALLEY - UNIT 1 63 Amendment No.*P

DPR-66 6.

l ADMINISTRATIVE CONTROLS i

f AUDITS

. \

! 6.5.2.8 Audits of facility activities shall be performed under the cognizan'ce of the ORC.

t These audits shall encompass: gg gyy}

'~

a. The conformance of facility operation to provisions

! contained within the Technical specifications l- applicable license conditions. and

l I b. The performance, training and qualifications of the entire j facility staff.

4 I

! c. The results of actions taken to correct

' occurring in facility equipment, structures, deficiencies sy_ stems, or methods of operation that affect nuclear safety. I i B d. The performance of activities required by the Quality jf Assurance Program to meet the criteria of Appendix "B", 10

.s CFR 50.

I I

i e. Not used. --

l 5k l

1 -

f. Not used.

! h l l , g. Any other area of facility operation considered appropriate by the ORC or Senior Vice President, Nuclear Power

Division.

i

! h. The Facility Fire Protection Program and implementing

{ procedures at least once per 24 months.

j i. An independent fire protection and loss prevention program

inspection and audit shall be performed at least once per I

12 months utilizing either qualified off-site licensee j personnel or an outside fire protection firm.

4

j. An inspection and audit of the fire protection and loss l

prevention program shall be performed by a qualified l

, outside fire consultant at least once per 36 months.

k. The OFFSITE DOSE CALCULATION MANUAL and implementing procedures.
1.

. BEAVER VALLEY - UNIT 1 6-10 Amendment No.191

.. . - ._ - - _- . .- .. - - .. - - - - . -....~.. - -. - ... - - .- ~ . _ _ - - . - .

t I . OpA=44 1-ADMitf!STRATIVE CONTROLS

\

& EiGIlIl j 4.9.3.9 The ORC shall report to and advise the Gentor Vice i

president. Nuclear power Otvision on those areas of responeth111ty specified in Section 4.5.2.7 and 4.9.3.8.

1 1

l 11C2128  !

} 4.9.3.10 Recorde of ORC activities shall be prepared, epproved and  !

j 4

distributed as indicated by the following:

)

a. Minutes of each ORC seating shall be prepared for and
approved by the CRC Chairman er vlee. chairmen within 14 i days following each meeting.

! e. Reports of reviews enoespassed by seetten 4.t.3.7 above.

j shall be deeunented in the CRC seating ennutes.

! c. Audit reporte ensempassed by saatten 4.l.3.s above.'shall j De forwarded to the Senter Vlee preendent, Nuolear Power

! Division and to the management posittene reopenethis for j the areas audited within 30 days after seaplation of the

audit.

a.a arecaTAalf fVDtT ACTION

! 4.4.1 The following actlene shall be taken for RfroRTABLE rVINTsi i

a. The Commission shall be notified in asserdanee with 10 cra l 90.73 and/or a report be subeatted pursuant to the  !

requiremente of feetten 90.?3 to 10CFR part to, and l

l b. Rach REPORTA8LE EVDf? shall be reviewed by the 000, and

i. results of thne review shall be subetsted to the one.

I j a.7 1AFETY LIMIT V101ATinM t

j 4.7.1 The following settene shall to taken in the event a safety Lleit le violated:

a. The feellity shall be placed in at least NOT NTApoeV within one (1) hour.
h. The Safety Limit violetten shall be reported to the .

Ceemiselen within one hour and to the General Manager, Nuclear Operationa and to the ORC within 84 hours9.722222e-4 days <br />0.0233 hours <br />1.388889e-4 weeks <br />3.1962e-5 months <br />.

SEAvt3 VALLEY = UNIT 1 Gall h ad**"" "" '"

NPF-73 ADMINISTRATIVE CONTROLS X 6.3 FACILITY STAFF OUALIFICATIONS i 6.3.1 Each member of the facility and Radiation Protection staff shall meet or exceed the minimum qualifications of ANSI N18.1-1971 for comparable positions, except for the Health Physics Manager who shall meet or exceed the qualifications of Regulatory Guide 1.8, September 1975, and the technical advisory engineering representative who shall have a bachelor's degree or equivalent in a scientific or

! engineering discipline with specific training in plant design and response analysis of the plant for transients and accidents.

6.4 TRAINING i

6.4.1 A retraining and replacement training program for the facility staff shall be maintained under the direction of the Nuclear i

Training hanager and shall meet or exceed the requirements and recommendations of Section 5.5'of ANSI N18.1-1971 and 10 CFR Part 55. I!

6.5 REVIEW AND AUDIT l

6.5'1

. ONSITE SAFETY COMMITTEE (OSC) i FUNCTION ,

6.5.1.1 The OSC shall function to advise the General Manager, Nuclear Operations on all matters related to nuclear safety and shall i i provide review capability in the areas of: I l

a. nuclear power plant operations j
b. radiological safety {
c. maintenance i
d. nuclear engineering }

. e. nuclear power plant testing i

f. technical advisory engineering l
g. chemistry
h. quality control l
i. instrumentation and control  :

I COMPOSITION l 6.5.1.2 The Onsite Safety Committee Supervisor is the OSC Chairman j and shall appoint all members of the OSC. The membership shall '

- consist of a minimum of one individual from each of the areas designated in 6.5.1.1.

OSC members and alternates shall meet or exceed the minimum i qualifications of ANSI N18.1-1971 Section 4.4 for comparable l po'sitions. The nuclear power plant operations individual shall meet l the qualifications of Section 4.2.2 and the maintenance individual l shall meet the qualifications of Section 4.2.3. l l

l BEAVER VALLEY - UNIT 2 6-6 Amendment No. 74

{ aamtefITeaYtw cc-T- ; c i

i

CWM51T1911 (Continued) , _ _ , _ , _ , , , ., _ _ , , _ _ . . . . . . . _ l i

j aLTIAllATES I 8. 5.1. 3 All alternate aesbers shall. be appointed in writing Dy the 05C i

Chef reen to serve en a tasperary basis; homever, no more than tue alternates shall partfelpate as voting meshers in OSC activities at any one tfas. .

I IEET!ssE FREQUDICY

}

l 6.5.1.4 The OSC shall meet at least once per calendar month and as convened

. Dy the OSC Chatraen or his designated alternata.

! EEEE l 1

1 4.5.1.5 A guerue of the OSC shall consist of the chairman er his designated

} alternata and at least one half of the sombers including alternstes.

1

RESPOILSIBILITIES j 6. 5.1. 6 The 05C shall be responsible for
s. Review of 1) all precedures required by Specification 6.8 and changes l l

j of intent therste, 2) any other proposed precedures er c % ps thereto es dotarvined by the General 8 tanager fluclear Operet' ens te l l affect nuclear safety.

I i b. Review of all preposed tests and emperiments that affect nuclear

safety.

i j c. Review of all proposed changes ta the Technical $pecifications.

1 i d. Review of all preposed changes or modifications ta plant systems er

! equignost that affect nuclear safety.

i j e. Investigation of all vielstions of the Technical Specifications j

including the preparation and formerting of reports covering evalue-I tien and recommendations te prevent recurrence to the General plenager, fluclear Operations and to the Chairman of the Offsita bewiew Cear ttas.

j f. Reeies of all MPORTAALE EVEIIT1.

4 j g. Review of facility operetiens ta detect potential safety hasards.

h. Performance of special reviews, investigations or analyses and reports theroes as requested by the Chattues of tite Offsite Revice Committee.

SEAVER WALLEY - talIT 2 6-7 Amenesamt Its. M

..- -.--. -.-..___l. -

M f?

4i NPF-73  ;

' ADMINISTRATIVE CONTROLS j

AUTHORITY \  ;

6.5.1.7 ,

The OSC shall:

a. Recommend to the-General Manager, Nuclear Operations writtar. I )

approval or disapproval of items considered under 6.5.1.6.a. i through d above.

b. Render determinations in writing with regard to whether or not each item considered under 6.5.1.6.a through e above i constitutes an unreviewed safety question. j
c. Provide written notification within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to the Senior Vice President, Nuclenr Power Division and th.e Offsite Review Committee of disagreement between the OSC and the General Manager, Nuclear Operations; however, the General Manager, Nuclear Operations shall have responsibility for resolution of such disagreements pursuant to 6.1.1 above.

RECORDS ~-

6.5.1.8 The; OSC shall maintain written minutes of each meeting and copies shall be provided to the General Manager, Nuclear Operations l and Chairman of the Offsite Review Committee.

6.5.2 OFFSITE REVIEW COMMITTEE (ORC)

FUNCTION 6.5.2.1 The ORC shall function "to provide independent review and )

audit of designated activities in the areas of: j

a. nuclear power plant operations l
b. nuclear engineering
c. chemistry and radiochemistry
d. metallurgy
e. instrumentation and control f., radiological safety
g. mechanical and electrical engineering

.h. quality assurance practices l

l f

BEAVER VALLEY - UNIT 2 6-8 Amendment No.74

NPF *J ADMINISTRAT8'JE CONTROLS COMPOSITION 4.5.2.2 The chairman and all members of the ORC shall be appointed by the Senior Vice President, Nuclear Power The membership shall consist of a minimum of five Division. individuals who I

, collectively possess a broad cased level of experience and

' competence enabling the cosaittee to review and audit those activities designated in necessary to obtain technical 6.5.2.1advice aboveand and to recognize when it is #

counsel.

may possess expertise An individual in more than one specialty area. The collective competence of the committee will be maintained as changes to the membership are made.

ALTE1LNATts 6.5.2.3 All alternate members shall be appointed in writing by the ORC Chairman to serve on a temporary basis; however, no more than two alternates shall participate as voting members in ORC activities at any one time.

l CONSULTANTS -

l -.

l 6.5.2.4 Consultants shall be utilized as determined by the ORC l Chairman to provide expert advice to the ORC.

j MEETING FREQUENCY l 4.5.2.5 The ORC shall aset at least once per calendar quarter during the initial year of f acility operation following fuel loading and at least once per six months thereafter.

=

1 6.5.2.6 A quorum of CRC shall consist of the Chairman or his designated alternate and at least four members including l alterne tes. No more than a minority of the quorum shall have line ,

responsibility for operation of the facility. l REVIEW I 6.5.2.7 The ORC shall review:

a. The safety evaluations for 1) changes to procedures, equipment, or systems and 2) tests or experiments completed .

under the provision of Section 50.59, 10 CFR, to verify that such actions did not constitute an unreviewed safety question.

i

! i i

i l SEAVER VALLEY - UNIT 2 6-9 Amendment No.74 1

4 1

_ . . ~ .

4_ . - . , , ,

-g 1 NPF s ADMINISTRATIVE CONTROLS REVIEW (Continued)

b. Proposed changes to procedures, equipment or systems which

' involve an unreviewed safety question as defined in section 50.59, 10 CFR.

c. Proposed tests or experiments which involve an unreviewed safety question as defined in Section 50.59, 10 CFR.
d. Proposed changes in Technical Specifications or licensess of applicable statutes, codes, regulations,
e. Violations orders, Technical Specifications, license requirements, having. nuclear or of internal procedures or instructions '

safety significance.

.Significant operating abnormalities or deviations- from f.

normal and expected performance of plant equipment that affect nuclear safety,

~~

g. All REPORTABLE EVENTS.

recognized indications of an unanticipated deficiency

h. All or operation of safety-related in some aspect of design structures, systems, or components. .
1. Reports and meeting minut'es of the OSC.
j. The results of the Radi.ological Environmental Monitoring l Program prior to submittal of the annual report provided in accordance with Specification 6.9.1.10.

AUDITS 6.5.2.8 Audits of facility activities shall be performed under the cognizance of the ORC. These audits shall encompass:

conformance of facility operations to provisions

t. The within the Technical Specifications and I .I contained applicabla license conditions.

The performance, training, and qualifications of the entire g

b. l facility staff.

actions taken to correct deficiencies The results of c.

facility equipment, structures, systems, or i

occurring in IJ methods of operation that affect nuclear safety.

Quality l required by the

d. The performance of toactivities meet the critoria of Appendix "B", 10  ;

Assurance Program I1

}

}

CFR 50.

i i

6-10 Amendment No. 74 BEAVER VALLEY - UNIT 2

. Apr-7) g j ,.

ADMIw!STRATIvt CowTRoLS 1 . . _

[

gggI3 (Continued) l e. Wot used. l '

i

f. Not used. l i

l

Any g.

by other area of facility operation considered appropriate the ORC or

}

the Sanier Vice President, Nuclear Power Division.

i i h. The Facility Fire protection prograe and implementirq

{ procedures at Isaat once per 24 monthe.

4

1. An independent fire protection and lose prevention program i inspection and audit shall be performed at 1oest once per j 12 months utilising either qualified off-site licensee personnel er an outside fire protection firm.

1 i

). An inspection and audit of the fire protection and lose l

I

} prevention program shall be performed by a qualified '

! outside fire consultant at leest once per 36 monthe. --

i

k. The .OFFSITE DOSE CALCUlX' TOW MANUAL and implementing i procedures.

f 1. The PROCESS CONTROL PROGRAM and implementing procedures for l

processing and packaging of radioactive waste.

i l l AITMORITY l s.S.2.9 The ORC shall report to and advise the Senior Vice

! President, Nuclear power Division on those armas of responsibility specified in section 6.5.2.7 and 6.5.2.8.

5 j RICORDS j 6.5.2.10 Records of ORC activities shall be prepared, approved and i

distributed as indicated by the followings

a. Minutes of each CRC meeting aball be prepared for and ,

. approved by the CRC Chairman or Vice chairman within 14 '

j days following each meeting.

j b. Reports of reviews ==aampaamad by seation 6.s.2.7 above, shall be documented in the ORC meeting minutes.

t

c. Audit reporte ee' _-4 e r d by section 6.S.2.8 above, shall l' be forwarded to the senior Vice presidene., raclear Pcwer Division and to the management posities.1 tosponelh M for the areas audited within 20 days after ccupletion of the audit.

SEAVER VALIJY - UNIT 2 6-11 Amendment No.74

---.-,w - + ~ ,

-y w- ..

__7__...

EVPS-1-UPDATED FSAR '- rov. 8 (1/90) 12.4 REVIEW AND AUDIT l The Onsite Safety Committee (OSC) advises the General Manager Nuclear. Operations on all matters related to nuclear safety. The function, composition, responsibilities, authority, quorum and meeting requirements of the OSC are given in the Technical Specifications. .

The Offsite Review Committee (ORC) providas independent review and l

audit of designated activities. Tht. function, composition, responsibilities, authority, quorum and moeting requirements of the ORC are given in the Technical Specificatio.'ts. ,

1 l

4 l

l l

l l

t

[ 12.4-1 _.

l

4 1 i

1 NTFS-2 UFShR Rev. 8 13.4 anvImp nam blEIT i

, b retier and medit program has been estahltshed by Degpamene Ligtet  !

] compemy (314) to haeure that operations of its nuclear power plants i are performed is a safe meneer consistent with license previsiens,

! approved y.n: ^2-se, and company policy. The review program is the responsibility of the casite safety committee (Osc) and the off;ite Aevie" committee (cac). The audit program is the reopensibility of the Operations Osality hasuramoe Department. The functimam of the j review and audit program are detailed as follows:

=1. Review proposed plast champos, . tests, experiments, and  :

implementing procedarse pursuant to the critaria I j established La 10 CFR S0.89.  !

4~

2. Verify that umasual evaats are promptly investigated and eerroeted. i 1
3. Detect trends of esaditimme that may not he apparent to a day-to-day observer. ,

j 13.4.1 Oasite Review i

j The OSC has been established to advise the General Manager, Nuclear 3

operations, se all mattare relater to nuclear safety. In this j capacity, the Osc will review plant operations, changes, arperfammets, j teste, and procedures that have nuclear safety significance. he Osc.

j ales fmactions te determias what itene constitute an unreviewed j aafet? Teestion and will reqpacet review of these items by the CRC.

! 13.4.1.1 organisation i

The OSC reporta to the Geestal Manager, Nuclear Operatione, La accordanes with the Beaver Valley power staties - Unit 2 (BVPS-2)

! T=eh=8*=1 specifications. The erWaaisation of the OeC is identified i la the BVPS-2 Technical specifications (Chaptar 16). The i goalificatise of the cec members will meet the intent of section 4.4 of hB82 N18.11971, as endermed by Angulatory Guide 1.8.

23.4.1.3 meetinge Meetinge will he held monthly and as convened by the Osc chairperoom or the designated alternate. Kiantes of osc meetings will be documented and distributed te osc emmbers, appropriate management per - 1, Fleet Manager, and the One Chairperson. I 13.4.1.3 mesposeihility The Cec is responsible for the following dutises

1. Review of procedures and chaages therete that affoot nuclear safety.

13.4-1

v , . w. .

,,, . O

j. EVPS-2 UPSAR Rev. 5

} .'

2 j 2.

Review of all proposed tests and experimonce that affect -

nuclear safety.

3,.'

l ' Review of all proposed changes to the 3778-2 Technical l Specifications.

J

4. Review of proposed changes or modifications to plant i systees or equipment that affect nuclear safety. .

! 5. Investigation of all violations of the EVPS-2 Technical I Specifications. l Recn==aadations to prevent recurrence will l be forwarded to the General Manager, Nuclear Operations and

! the Chairperson of the ORC. {'

i l

, 6. Review of those reportable occurrences requiring

+

notification to the U.S. Nuclear Regulatory Cosimission {

(USNRC) pursuant to 10 CFR 50.72.

7. Review of facility operations to detect potential safety hasards.

1

8. Performance of special reviews, investigations, or analyses '

1 and submittal of reports, upon request, to the Chairperson of the ORC. #

l

9. Review of the Security Plan and implementing procedures.
10. Review of the Emergency Plan and implementing procedures.

13.4.2 Independent Review '

The CRC has been established to review and audit all matters that involve safety considerations relating to the operation of BVPS. The primary purpose of the ccanittee is to ensure that the station is operated in a manner' consistent with the t.orms of the operating license and in accordance with applicable regulations that are designed to safeguard the health and well-being of station personnel and the general public.

13.4.2.1 organisation I

The CRC reports to the Senior Vice President, Nuclear Power Division, and advissa him on those areas of responsibility specified in the BVPS-2 Technical Specifications. The ORC will be composed of selected individuals from within the DLC organisation. The Chairperson of the ORC is required'to possess a Bachelor's Degree (or equivalent) in Engineering or related esience and 6 years of professional level emperienc.e in the power field. Members of the ORC are required to possess. a Bachelor's Degree (or equivalent) in Engineering or related science and 5 years of professional level experience in their field of speciality. Each member of the ORC isill

~

13.4-2

. . -- . .. - .. - . - - - . . . . . ~. . . . - . . . . -...._.-.. ._- -

i "_ _

vu _

. . _ _ _ l

] ' . SVPS-2 U SAR Rev. 5 i j . poseees qualif4catione c - aurate with the position to which they-are seeigned La the DLC organisatise. Personnel assigned to the orc

] ,

. will collectively have orporience and competence to meet the intent of section 4.3.1 of ANs! N18.7, as endereed by Regulatory oulde 1.33.

j The organisation of the ORC is identified in the SVPS-2 Technical l specifications (Chapter 16).

13.4.2.2 Meetinge ,

i *

! Meetings of the CRC will be held at least once par calendar quarter j during the initial year of facility operation and at least once per 6 j monthe thereafter.

], Minutes of ORC emetings will be documented and distributed to orc i l

-! < eubcommittee members and appropriate t.anagement personnel.  !

l i 13.4.2.3 Responsibilittee The ORC will review all matters involving safety consideratione relating to the operation of BVPS-2. If indicated, the ORC will verify that corrective action is initiated. Spe:1fically, the one will review the following subjects:

1. safety evaluations for changes to procedures, equipment, or systems. ,

l

2. Teste or experimente completed under the provision of l 10 CFR 50.59.
3. Proposed changes in Technical specifications or licenses. l i
4. Violations of applicable statutes, codes, regulations, orders, Technical specifications, license requiremente, and intr.rnal procedures or instructions having nuclear safety significance.
5. significant deviation from normal and aspected performance of plant equipment and operating abac4salities that affect nuclear safety.
6. Reportable occurrences requiring' notification to the USNRC pursuant to 10 CFR 50.72.
7. Recognised indications of an unsaticipated deficiency in eene aspect of design or operation of safety-related structures, systems, or components.

S. Reporte and meeting minutes of the OSC.

13.4-3 l

- . .- . . - - - . - . - - . . . - . - - . - . . - - - - - - . . - . - . - - . - . . -. .~

BVPS-2 UFSAR l

\

At times, situations arise during the course of operation or l-maintenance activities that are so unusual in nature that assistance in their solution requires expert advice. In such cases, on the recommendation of the ORC, DLC obtains the services of well qualified consultants to assist in arriving at a satisfactory resolution. The qualifications and participation of outside consultants is determined prior to obtaining their services.

13.4.3 Audit Program A comprehensive system of planned and documented audits will be instituted at BVPS-2 to verify compliance with the following:

1. Regulatory requirements,
2. License provisions, ,

1

3. Operating procedures, and '
4. Operations quality assurance program administrative controls.

13.4.3.1 Responsibility l The Quality Assurance Department is responsible for auditing DLC departments as well as participating vendors and contractors to assure the organizations . meet the requirements of the Operations

) Quality, Assurance Program. Additionally', the ORC will conduct technically oriented audits within the Nuclear Division as delineated by the Operations Quality Assurance Program.

13.4.3.2 General Description Audits shall be conducted, in accordance with written procedures, by personnel not having direct responsibility for the area being audited. Follow-up action, including re-audit of deficient areas, will be taken as necessary to assure that all deficiencies or nonconformances noted have been corrected. The frequency of the audits will be in accordance with the requirements of the Operations Quality Assurance Program and will consider the safety significance of the area being audited, he audit program will include a system of internal audits of station quality related activites, including quality control activities, to assure conformance to the Operations Quality Assurance Program.

A more detailed description of the DIE Audit Program for the

, operational phase of BVPS-2 is contained in Section 17.2.

I i

i i

i I

l 13.4-4 i

\ ,- . _ . - _ , _ .-_ r

=

l 2

h- . m_ . ._ _ . _ _ -

4 i .

aves-2 ur$An 4 .

I 13.4.4 Indopendast Safety Evaluation Group e . . . . . . . . . . . . . . . - . . - . . .. .... -- l ne function of the Independent Safety Evaluation Group (ISEG) is to 1

perform independent reviews of activities associated with the

operation of the Beaver Valley Power Station Units 1 and 2. The ISEG
will make detailed recommendations to management on the means to improve the overall quality and safety of nuclear operations.
13.4.4.1 Organisation 1

l The ISEG consists of at least five dedicated, full-time engineers who j are located on sita. no ISEG will be fully implemented 10 days

prior to initial feel load.

h

ne supervisor of 'the ISEG shall have a baccalaureate or advanced l degree in Engineering or related sciences, and shall have 10 years experience in the operation, design, technical support, or licensing

] of a nuclear facility. The resalains nesbers of the ISEG shall have l a baccalaureate or advanced degree - in Engineering or related

! sciences, or the equivalent, and shall have 2 to 4 years experience

in the operation, design, technical support, or licensing of a l nuclear facility.

i 13.4.4.2 Responsibility

. The !$EG will ===ine industry activities and operating experience

! information for the improvement of plant safety. The ISEG will also j independently review station activities . prograss, procedures, j modifications, operational problems, and maintain surveillance of a plant operations to advise management on overall quality and safety i of the Beaver Valley Power Stations, no ISEG will not be

{ responsible for sign-off functions such that it becomes involved in j the operating organisation.

l I

)

i l

l 1

6 13.4-5 1

DC Sources-Shutdown i B 3.8.5

. BASES 3

tf ACTIONS A.1. A.2 1. A.2 2. A.2.3. and A.2.4 (continued) power subsystem (s) support the DC electrical power distribution subsystem (s) recuired by LC0 3.8.10.

" Distribution Systems - Shutcown," and are capable of supporting sufficient systems to allow continuation of CORE ALTERATIONS and fuel movement. By allowing the option to declare required features inoperable with the associated DC power source (s) inoperable, a]propriate restrictions will be implemented in accordance wit 1 the affected required features LC0 ACTIONS. In many instances, this option may involve undesired administrative efforts. Therefore, the allowance for sufficiently conservative actions is made (1.e., to suspend CORE ALTERATIONS, movement of irradiated fuel assemblies, and operations involving positive reactivity additions). The Required Action to suspend positive reactivity additions does not preclude actions to maintain or increase reactor vessel inventory, provided the required SDM is maintained.

Suspension of these activities shall not preclude completion of actions to establish a safe conservative condition. These actions minimize probability of the occurrence of postulated events.- It is further required to immediately initiate action to restore the required DC electrical power subsystems and to continue this action until restoration is accomplished n in order to provide the necessary DC electrical power to the unit safety systems.

} The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required DC electrical pcwer subsystems should be completed as quickly as possible in order to minimize the time dwing which the unit safety systems may be without sufficient power.

SURVEILLANCE SR 3.8.5.1 REQUIREMENTS SR 3.8.5.1 requires performance of all Surveillances required by SR 3.8.4.1 through SR 3.8.4.8. Therefore, see the corresponding Bases for LC0 3.8.4 for a discussion of each SR.

1 This SR is modified by a Note. The reason for the Note is to I; preclude requiring the OPERABLE DC sources from being discharged below their capability to provide the required l power supply or otherwise rendered inoperable during the performance of an SR,. This note does not except the requirement for the battery to be capable of performing the

.particular function, just that the capability need not be  :

demonstrated while that source of power is being relied on to l meet the LCO.

J (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-53 I

l

'. ?,i DC -Sources - Shutdown  ;

B 3.8.5-l BASES 4.#

oe

' REFERENCES ~ 1. FSAR, Chapter 6.

.2. FSAR. Chapter 15.

i l

t-4 J 4

t i

i

!I J.

I e

I j

t

^

t s e

i 1

A i

}-

4

l .'

)'

i i'

1 1

1' l

4 a

i i

j N --- '. l

'[ DIABLO CANYON - UNITS.1 & 2 B 3.8-54 j 't.:', .

f-

..a .., . a . , - , . _ .

Battery Cell Parameters B 3.8.6 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.6 Battery Cell Parameters BASES BACKGROUND This LCO delineates the limits on electrolyte temperature, level, float voltage, and specific gravity for the DC power source batteries. A discussion of these batteries and their OPERABILITY requirements is provided in the Bases for LC0 3.8.4. "0C Sources -Operating." and LCO 3.8.5, "DC Sources - Shutdown. "

APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the FSAR. Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature systems are OPERABLE. The DC electrical power system provides normal l and emergency DC electrical power for the diesel generators, emergency auxiliaries, and control and switching during all MODES.of operation. I The OPERABILITY of the DC subsystems is consistent with the initial assumptions of the accident analyses and is based upon meeting the design basis of the unit. This includes

('

maintaining the required DC electrical power subsystem (s)

OPERABLE during accident conditions, in the event of:  !

1

a. An assumed loss of all offsite AC power or all onsite AC power; and
b. A worst case single failure. 1

. Battery cell parameters satisfy the Criterion 3 of 10 CFR 50.36(c)(2)(11).

LC0 Battery cell parameters must remain within acceptable limits to ensure availability of the required DC power to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence or a postulated DBA.

Electrolyte limits are conservatively established, allowing continued DC electrical system function even with Category A and B limits not met.

APPLICABILITY The battery cell parameters are required solely for the support of the associated DC electrical power subsystems. Therefore, battery OPERABILITY is only required when the DC power source is required to be OPERABLE. Refer to the Applicability discussion in Bases for LC0 3.8.4 and LC0 3.8.5.

Q Q

(continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-55

Battery Cell Parameters B 3,B.6 BASES' ACTIONS A.1. A.2. and A.3 With one or more cells in one or more batteries not within limits (i.e., Category A limits not met, Category B limits not met, or Category A and B limits not met) but within the Category C limits specified in Table 3.8.6-1 in the accompanying LCO, the battery is degraded but there is still sufficient capacity to perform the intended. function.

Therefore, the affected battery is not required to be considered inoperable solely as a result of Category A or B limits not met and operation is permitted for a limited period.

The pilot' cell electrolyte level and float voltage are required to be verified to meet the Category C limits within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> (Required Action A.1). This check will provide a quick indication of the status of the remainder of the battery cells. One hour provides time to verify the electrolyte level and to confirm the float voltage of the pilot cells. One hour is considered a reasonable amount of time to perform the required verification.

Verification that the Category C limits are met (Required Action A.2) providerassurance that during the time needed to restore the parameters to the Category A and B limits, the battery is still capable of performing its intended function.

A period of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is allowed to complete the initial O verification because specific gravity measurements must be obtained for each connected cell. Taking into consideration both the time required to perform the required verification and the assurance that the battery cell parameters are not severely degraded, this time is considered reasonable. The verification is repeated at 7 day intervals until the parameters are restored to Category A or B limits. This periodic verification is consistent with the normal Frequency of pilot cell Surveillances.

Continued operation is only permitted for 31 days before battery cell parameters must be restored to within Category A and B limits. With the consideration that, while battery capacity is degraded, sufficient capacity exists to perform the intended function and to allow time to fully restore the battery cell parameters to normal limits, this time is acceptable prior to declaring the battery inoperable.

L.1 With one or more batteries with one or more battery cell parameters outside the Category C limit for any connected cell, sufficient capacity to sup)1y the maximum expected load requirement is not assured and tie corresponding DC electrical power subsystem must be declared inoperable.

Additionally, other potentially extreme conditions, such as not completing the Required Actions of Condition A within (continue 0)

DIABLO CANYON - UNITS 1 & 2 B 3.8-56

Battery Cell Parameters B 3.8.6 l l

BASES A

O ACTIONS B,1 (continued) l the required Completion Time or average electrolyte j temperature of representative cells less than 60 F. are also ,

cause for immediately declaring the associated DC electrical '

power subsystem inoperable.

SURVEILLANCE SR 3.8 6.1 REQUIREMENTS This SR verifies that Category A battery cell parameters on a 31-day frequency are consistent with IEEE-450 (Ref. 3),

which recommends regular battery inspections (at least one per month) including voltage, specific gravity, and electrolyte temperature of pilot cells.

SR 3.8 6 2 The quarterly inspection of specific gravity is more conservative than IEEE-450 (Ref. 3), which requires a yearly frequency. In addition, within 7 days of a battery discharge

< 118.V or a battery overcharge > 145 V, the battery must be demonstrated to meet-Category B limits. Transients, such as motor starting transients. which may momentarily cause battery voltage to drop to 118 V do not constitute a battery discharge provided the battery terminal voltage and float current return to pre-transient values. This inspection is V also consistent with IEEE-450 (Ref. 3), which recommends special inspections following a severe discharge or overcharge, to ensure that no significant degradation of the ,

4 battery occurs as a consequence of such discharge or i overcharge.

SR 3 8.6.3 This Surveillance verification that the average temperature of representa'ive cells is a 60 F, is consistent with a recommendation of IEEE-450 (Ref. 3), that states that the tempe'ature of electrolytes in representative cells should be deternined on a quarterly basis.

Lower than normal temperatures act to inhibit or reduce battery capacity. This SR ensures that the operating temperatures remain within an acceptable operating range.

This limit is based on battery sizing calculations .

Table 3.8 6-1 This table delineates the limits on electrolyte level, float voltage, and specific gravity for three different categories.

The meaning of each category is discussed below.

Category A defines the normal parameter limit for the DIABLO CANYON - UNITS 1 & 2 B 3.8-57

Battery Cell Parameters B 3.8.6 BASES j SURVEILLANCE Table 3.8.6-1 (continued) )

REQUIREMENTS designated pilot cell in each battery. The cell selected as the pilot cell is that whose temperature, voltage, and electrolyte specific gravity approximate the state of charge of the entire battery.

The Category A limits specified for electrolyte level are based on manufacturer recommendations and are consistent with the guidance in IEEE-450 (Ref. 3), with the extra !( inch allowance above the high water level indication for operating margin to account for temperatures and charge effects. In i addition to this allowance, footnote a to Table 3.8.6-1 permits the electrolyte level to be above the specified maximum level during equalizing charge, provided it is not overflowing. These limits ensure that the plates suffer no i physical damage, and that adequate electron transfer l capability is maintained in the event of transient I conditions. IEEE-450 (Ref. 3) recommends that electrolyte level readings should be made only after the battery has been at float charge for at least 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.

The Category A limit specified for float voltage is a 2.13 V per cell. This value is based on the recommendations of IEEE-450 (Ref. 3), which states that prolonged operation of cells < 2.13 V can reduce the life expectancy of cells.

O The Category A limit specified for specific gravity for each pilot cell is a 1.195 (0.015 below the manufacturer minimum fully charged specific gravity or a battery charging current j that had stabilized at a low value). This value is .

characteristic of a charged cell with adequate capacity.

According to IEEE-450 (Ref. 3). the specific gravity readings are based on a temperature of 77'F (25 C). l The specific gravity readings are corrected for actual l electrolyte temperature and level. The correction factors 1 are provided by the battery manufacturer. The specific gravity of the electrolyte in a cell increases with a loss of water due to electrolysis or evaporation.

i Category B defines the minimum normal parameter limits for each connected cell. The term " connected cell" excludes any battery cell that may be jumpered out.

The Category B limits specified for electrolyte level and float voltage are the same as those specified for Category A and have been discussed above. The Category B limit specified for specific gravity for each connected cell is a 1.190 (0.020 below the manufacturer minimum fully charged specific gravity) with the average of all connected cells >

1.200 (0.010 below the manufacturer minimum fully charged .

specific gravity). These values are based on manufacturer's  ;

recomendations. The minimum specific gravity value (continued)

DIABLO CANYON - UNITS 1 & 2 8 3.8-58

Battery Cell Parameters B 3.8.6 BASES i

G SURVEILLANCE Table 3.8.6-1 (continued)

REQUIREMENTS required for each cell ensures that the effects of a highly charged or newly installed cell will not mask overall degradation of the battery.

Category C defines the minimum allowable limits for each connected cell. These values, although reduced. provide assurance that sufficient capacity exists to perform the intended function and maintain a margin of. safety. When any battery parameter is outside the Category C limits, the assurance of sufficient capacity described above no longer exists, and the battery must be declared inoperable.

The Category C limits specified for electrolyte level (above the top of the plates and not overflowing) ensure that the plates suffer no physical damage and maintain adequate electron transfer capability. The Category C limits for float voltage is based on IEEE-450 (Ref. 3) which states that a cell voltage of 2.07 V or below. under float ,

f conditions and not caused by elevated temperature of the j cell. indicates internal cell problems and may require cell i replacement.

The Category C limit of average specific gravity 2 1.190 1s

, based on manufacturer recommendations (0.020 below the manufacturer recommended minimum fully charged specific gravity). In addition to that limit, it is required that the

% specific gravity for each connected cell must be no less than 0.020 below the average of all connected cells. This limit ensures that the effect of a highly charged or new cell does not mask overall degradation of the battery.

The footnotes to Table 3.8.6-1 are applicable to Category A, B. and C specific gravity. Footnote (b) to Table 3.8.6-1 recuires the above mentioned correction for electrolyte level anc temperature, with the exception that level correction is not required when battery charging current is < 2 amps on float charge. This current provides, in general, an indication of a battery in a charged condition.

Because of specific gravity gradients that are produced during the recharging process, delays of several days may occur while waiting for the specific gravity to stabilize. A stabilized charger current is an acceptable alternative to specific gravity measurement for determining the state of c1arge. This phenomenon is discussed in IEEE-450 (Ref. 3).

Footnote (c) to Table 3.8.6-1 allows the float charge current to be used as an alternate to specific gravity for up to 7 days following a battery recharge. Within 7 days, each connected cell's specific gravity must be measured to confirm the state of charge. Following a minor battery recharge (such as equalizing charge that does not follow a deep (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-59

Battery Cell Parameters B 3.8.6 l 1

BASES (O. Table 3.8.6-1 (continued) l L/ SURVEILLANCE i

. REQUIREMENTS discharge) specific gravity gradients are not significant, and confirming measurements may be made in less than 7 days.

REFERENCES 1. FSAR, Chapter 6. i 1

2. FSAR. Chapter 15.  !

l

3. IEEE-450- 1995.

1 1

1 1

I i

+

't).

l l

v DIABLO CANYON - UNIIS 1 & 2 8 3.8-60

a r e-Inverters -Operating B 3.8.7

~

B 3.8 ELECTRICAL POWER SYSTEMS

'B 3.8.7 Inverters -Operating

-BASES BACKGROUND The Class 1E UPS inverters are the preferred source of power for the AC vital buses because of the stability and reliability they achieve. The function of the inverter is to provide AC electrical power to the vital buses. The inverters can be powered from an internal AC source / rectifier or from the station battery. The station battery provides an uninterruptible power source for the instrumentation and controls for the Reactor Protective System (RPS) and the Engineered Safety Feature Actuation System (ESFAS). Specific details on inverters and their operating characteristics are found in the FSAR, Chapter 7 (Ref. 1).

APPLICABLE The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transi.ent analyses in the FSAR, Chapter 6 (Ref. 2) and Chapter 15 (Ref. 3) -assume Engineered Safety Feature systems are OPERABLE. The inverters are designed to provide the required capacity. capability, redundancy, and reliability to ensure the availability of necessary power to the RPS and ESFAS instrumentation and controls so that the fuel, Reactor

(,)/

( Coolant System, and containment design limits are not exceeded. These limits are discussed in more detail in the Bases for Section 3.2. Power Distribution Limits:

Section 3.4, Reactor Coolant System (RCS); and Section 3.6.

Containment Systems.

The OPERABILITY of the inverters is consistent with the initial assumptions of the accident analyses and is based on meeting the design basis of the unit. This includes maintaining required AC vital buses OPERABLE during accident conditions in the event of:

a. An assumed loss of all offsite AC electrical power or all onsite AC electrical power; and 4
b. A worst case single failure.

Inverters are a part of the distribution system and, as such, satisfy Criterion 3 of 10 CFR 50.36(c)(2)(ii).

l LCO The Class 1E UPS inverters ensure the availability of AC '

electrical mer for the systems instrumentation recuired to shut down t1e reactor and maintain it in a safe concition after an anticipated operational occurrence (A00) or a postulated DBA.

- q (g (continued)

DIABLO CANYON - UNITS 1 & 2- B 3.8-61

Inverters -Operating B 3.8.7 BASES A

U LC0 (continued)

Maintaining the required inverters OPERABLE ensures that the redundancy incorporated into the design of the RPS and ESFAS instrumentation and controls is maintained. The four inverters ensure an uninterruptible supply of AC electrical

)ower to the 120 VAC vital buses even if the 4.16 kV safety auses are de-energized.

Operable inverters require the associated 120 VAC vital bus to be powered by the inverter with output voltage within tolerances, and power input to the inverter from a 125 VDC station battery. Alternatively, power supply may be from an internal AC source via rectifier as long as the station battery is available as thc uninterruptible power supply.

APPLICABILITY The inverters are required to be OPERABLE in MODES 1. 2. 3.

and 4 to ensure that:

a. Acceptable fuel design limits and reactor coolant pressure boundary limits are not exceeded as a result of A00s or abnormal transients and
b. Adequate core cooling is provided, and containment OPERABILITY an& other vital functions are maintained in the event of a postulated DBA. 1 1

Inverter requirements for MODES 5 and 6 are covered in the l Bases for LCO 3.8.8. " Inverters - Shutdown."

ACTIONS .A_1 With a required inverter inoperable. Its associated 120 VAC vital bus becomes inoperable until it is re-energized from ,

its Class 1E constant voltage source transformer.  !

l For this reason a Note has been included in Condition A l requiring the entry into the Conditions and Required Actions i of LCO 3.8.9. " Distribution Systems-Operating." This ensures that the 120 VAC bus is re-energized within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />.

Required Action A.1 allows 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to fix the inoperable inverter and return it to service. The 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> limit is based upon engineering judgment, taking into consideration the time required to repair an inverter and the additional risk to which the unit is exposed because of the inverter inoperability. This has to )e balanced against the risk of an immediate shutdown, along with the potential challenges to safety systems such a shutdown might entail. When the 120 VAC vital bus is powered from its constant voltage source, it is relying upon interruptible AC electrical power sources (offsite and onsite). The uninterruptible inverter source to (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-62

I Inverters -Operating .

B 3.8.7 BASES j

,CN Cl ACTIONS A.J (continued) the 120 VAC vital buses is the preferred source for powering instrumentation trip setpoint devices.

B.J and B.2 If the inoperable devices or components cannot be restored to l OPERABLE status within the required Completion Time, the unit l must be brought to a MODE in which the LC0 does not apply.

To achieve this status, the unit must be brought to at least l MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />. The allowed Completion Times are reasonable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.

I SURVEILLANCE SR 3 8 7.1 )

REQUIREMENTS This Surveillance verifies that the inverters are functioning proper.ly with all required circuit breakers closed and 120 VAC vital buses energized from the inverter. The verification of proper voltage output ensures that the required power is readily available for the instrumentation of the RPS and ESFAS connected to the AC vital buses. The 7 day Frequency takes into account the redundant capability i w of the inverters and other Indications available in the control room that alert the operator to inverter malfunctions.  !

l REFERENCES 1. FSAR Chapter 7.

2. FSAR. Chapter 6. j
3. FSAR, Chapter 15.

f%

Y DIABLO CANYON - UNIIS 1 & 2 B 3.8-63

Inverters -Shutdown B 3.8.8

' ^\ B 3.8 ELECTRICAL POWER SYSTEMS (d - B 3.8.8 Inverters -Shutdown BASES BACKGROUND A description of the inverters is provided in the Bases for LC0 3.8.7, " Inverters -Operating."

1 APPLICA$tE The initial conditions of De. sign Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the FSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature systems -

are OPERABLE. The Class 1E UPS inverters are designed to provide the required capacity, capability, redundancy. and reliability to ensure the availability of necessary )ower to the Reactor Protective System and Engineered Safety reatures Actuation System instrumentation and controls so that the fuel. Reactor Coolant System and containment design limits are not exceeded.

~

The OP'ERABILITY of the inverters is consistent with the initial assumptions of the accident analyses and the i requirements for the supported systems' OPERABILITY.

'l The OPERABILITY of the minimum inverters to each 120 VAC

\ vital bus during MODES 5 and 6 ensures that:

a. The unit can be maintained in the shutdown or refueling condition for extended periods;
b. Sufficient instrumentation and control capability is available for monitoring and maintaining the unit status; and
c. Adequate power is available to mitigate events postulated during shutdown such as a fuel handling accident.

The inverters were previously identified as part of the ,

distribution system and, as such, satisfy Criterion 3 of 10 i CFR 50.36(c)(2)(ii). l I

LC0 The Class IE UPS inverters ensure the availability of electrical power for the instrumentation for systems required I to shut down the reactor and maintain it in a safe condition after an anticipated operational occurrence or a postulated DBA. The battery powered inverters provide uninterruptible i supply of AC electrical power to the 120 VAC vital buses even '

if the 4.16 kV safety buses are de-energized. OPERABILITY of the Class 1E 120 VAC vital bus requires that the 120 VAC (continued)

DIABLO CANYON - UNITS 1 & 2 8 3.8-64

Inverters - ShutdowT1 B 3.8.8 BASES

/O V LC0 (continued) vital bus be powered by the inverter. An OPERABLE Class 1E dPS inverter is one that is connected to an OPERABLE DC subsystem (see B 3.8.5). The resulting circuit is not required to be single failure resistant. This ensures the availability of sufficient inverter power sources to operate the unit in a safe manner and to mitigate the consequences of postulated events during shutdown (e.g., fuel handling accidents).

APPLICABILITY The inverters required to be OPERABLE in MODES 5 and 6 and during movement of irradiated fuel assemblies provide assurance that:

a. Systems to provide adecuate coolant inventory makeup are available for the irraciated fuel in the core;
b. Systems needed to mitigate a fuel handling accident are available;
c. Systems necessary to mitigate the effects of events that can lead to core damage during shutdown are available; and -
d. Instrumentation and control capability is available for monitoring and maintaining the unit in a cold shutdown condition or refueling condition.

Inverter requirements for MODES 1. 2. 3. and 4 are covered in l LC0 3.8.7.

ACTIONS LC0 3.0.3 is not applicable while in MODE 5 or 6. However.

since 1rradiated fuel assembly movement can occur in MODE 1 l 2, 3. or 4. the ACTIONS have been modified by a Note statin l that LCO 3.0.3 1s not applicable. If moving irradiated fue >

assemblies while in MODE 5 or 6. LC0 3.0.3 would not specify I any action. If moving irradiated fuel assemblies while in MODE 1. 2. 3. or 4. the fuel movement is independent of reactor operations. Therefore, in either case, inability to suspend movement of irradiated fuel assemblies would not be j sufficient reason to require a reactor shutchwn. 1 l

A.1. A.2.1. A.2 2. A.2.3. and A.2.4 One or more Class 1E UPS inverters may be inoperable provided that the remaining OPERABLE inverters support the Class 1E 120 VAC vital bus electrical power distribution subsystem (s) required by LC0 3.8.10. " Distribution Systems-Shutdown," and are capable of supporting sufficient required features to allow continuation of CORE ALTERATIONS.

'Q t,g (continued)

UIABLO CANYON - UNII5 1 & 2 8 3.8-65

Inverters-Shutdown B 3.8.8 BASES ACTIONS A.1. A.2.1. A.2.2. A 2.3. and A.2.4 (continued) fuel movement, and operations with a potential for positive reactivity additions. By the allowance of the option to declare required features inoperable with the associated Class 1E UPS inverter (s) inoperable, appropriate restrictions will be implemented in accordance with the affected required features LCOs' Required Actions. In many instances, this option may involve undesired administrative efforts.

Therefore, the allowance for sufficiently conservative actions is made (i.e.. to suspend CORE ALTERATIONS, movement of irradiated fuel assemblies, and operations involving positive reactivity additions). The Required Action to suspend positive reactivity additions does not preclude actions to maintain or increase reactor vessel inventory, provided the required SDM is maintained.

Suspension of these activities shall not preclude completion of actions to establish a safe conservative condition. These  ;

actions minimize the probability of the occurrence of postulated events. It is further required to immediately )

initiate action to restore the required Class 1E UPS 1 inverters and to continue this action until restoration is accomplished in order to provide the necessary Class 1E UPS inverter power to the unit safety systems. j The Completion Time of immediately is consistent with the (q-) required times for actions requiring prompt attention. The restoration of the required inverters should be completed as quickly as possible in order to minimize the time the unit safety systems may be without power or powered from a constant voltage source transformer. l SURVEILLANCE SR 3.8 8.1 REQUIREMENTS This Surveillance verifies that the inverters are functioning properly with all required circuit breakers closed and AC vital buses energized from the inverter. The verification of proper voltage output ensures that the required power is readily available for the instrumentation connected to the 120 VAC vital buses. The 7 day Frequency takes into account the redundant capability of the inverters and other indications available in the control room that alert the operator to inverter malfunctions.

/

( (continued)

DIABLO CANYON - UNIIS 1 & 2 B 3.8-66

Inverters - Shutdown B 3.8.8-t-

BASES REFERENCES 1.- FSAR, Chapter 6.-

2. 'FSAR, Chapter 15.

1

} >

I l

l 4

.l

! I 4

4

'O 4

i

?

J 4 -

a 1

1 1

4 O

DIABLO CANYON UNIT 5 1 & 2 B 3.8-67 l l

l

)

1'

, .- .n - , ,. - - - - ,

Distribution Systems-Operating B 3.8.9 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.9 Distribution Systems-Operating BASES BACKGROUND The onsite Class 1E electrical power distribution system is designed with three 4160 V and 480 V vital buses (F. G. and H) and three 125 V DC vital buses. The plant protection system (PPS) is designed with four input channels (l. II.

III, and IV) powered from four 120 VAC vital buses (1. 2. 3.

and 4). The four channels provide input to the solid state protection system (SSPS) Trains A and B. Each SSPS train l actuates engineered safety feature (ESF) equipment in the three vital AC and DC buses and certain non-vital equipment in the non-vital AC and DC buses, j

There are three AC electrical power subsystems, each comprised of a primary ESF 4.16 kV bus and secondary 480 and l 120 V buses, distribution panels, motor control centers and l load centers. Each 4.16 kV ESF bus has two separate and I independent offsite source of power as well as a dedicated i onsite diesel generator (DG) source. Each 4.16 kV ESF bus is normally connected to the 500 kV offsite source. After a loss of this normal 500kV offsite power source to a 4.16 kV ESF bus, a transfer to the alternate 230 kV offsite source is

/o) accomplished by utilizing a time delayed bus undervoltage d relay. If all offsite sources are unavailable, the onsite i emergency DG supplies power to the 4.16 kV ESF bus. Control j power for the 4.16 kV breakers is supplied from the Class 1E "

Datteries. Additional description of this system may be i found in the Bases for LCO 3.8.1 "AC Sources-Operating."

and the Bases for LC0 3.8.4. "DC Sources-Operating." i The secondary 480 VAC electrical power distribution system for each bus includes the safety related motor control centers shown in Table B 3.8.9-1.

The 120 VAC vital buses are arranged in four buses and are normally powered from the inverters. The alternate power supply for the 120 VAC vital buses are Class 1E constant voltage source transformers powered from the same bus as i the associated inverter, and its use is governed by LC0 3.8.7. " Inverters - Operating." Each con tant voltage source transformer is powered from a Class 1E AC bus. In addition. each inverter can be powered from a bus other than its associated bus.

There are three independent 125 VDC electrical power distribution subsystems (one for each bus).

The list of all required distribution buses is presented in Table B 3.8.9-1.

(continued)

DIABLO CANYON - UNIIS 1 & 2 B 3.8-68 i

b

}- Distribution Systems-Operating B 3.8.9 BASES APPLICABLE' The initial conditions of Design Basis Accident (DBA) and SAFETY ANALYSES transient analyses in the FSAR, Chapter 6 (Ref. 1), and in

the FSAR, Chapter 15 (Ref. 2), assume ESF systems are OPERABLE. The Class 1E AC, DC, and 120 VAC vital bus 3

electrical power distribution systems are designed to provide

!' sufficient capacity, capability, redundancy, and relia)ility to ensure the availability of necessary power to ESF systems 50 that the fuel, Reactcr Coolant System. and containment

design limits are not exceeded. These limits are discussed i' . in more detail in the Bases for Section 3.2. Power Distribution Limits: Section 3.4 Reactor Coolant System j (RCS); and Section 3.6, Containment Systems.

The OPERABILITY of the Class 1E AC, DC, and 120 VAC vital bus i

electrical power distribution systems is consistent with the initial assumptions of the accident analyses and'is based i upon meeting the design basis of the unit. This includes maintaining power di.stribution systems OPERABLE during accident conditions in the event of:

(

i a. An assumed loss of all offsite power or all onsite AC electrical power; and

b. worst case single failure.

The distribution systems satisfy Criterion 3 of 10 CFR i 50.36(c)(2)(ii).

i. LC0 The required power distribution subsystems listed in i Table B 3.8.9-1 ensure the availability of Class IE AC, DC, l

,'- and 120 VAC vital bus electrical power for the systems l required to shut down the reactor and maintain it in a safe l

condition after an anticipated operational occurrence (A00) i or a postulated DBA. The Class 1E AC, DC, and 120 VAC vital bus electrical power distribution subsystems are required to be OPERABLE.
Maintaining the Class 1E AC, DC, and 120 VAC vital bus electrical power distribution subsystems OPERABLE ensures that the redundancy incorporated into the design of ESF is
not defeated. Therefore, a single failure within any system l or within the electrical power distribution subsystems will not prevent safe shutdown of the reactor,

! OPERABLE Class IE' AC electrical power distribution subsystems require the associated buses and motor control centers to be energized to their proper voltages. OPERABLE Class IE DC electrical aower distribution subsystems require the associated )uses to be energized to their proper voltage from either the associated battery or charger. OPERABLE 120 VAC Vital bus electrical power distribution subsystems require l (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-69 ]

1

I Distribution Systems-Operating B 3.8.9 BASES LC0 the associated buses to be energized to their p oper voltage (continued) from the associated inverter via inverted DC voltage.

inverter using internal AC source, or Class 1E constant voltage transformer.

In addition, tie breakers between redundant safety related Class 1E AC DC. and 120 VAC vital bus power distribution subsystems, if they exist, must be open. This prevents any electrical malfunction in any power distribution subtystem from propagating to the redundant subsystem. that could cause the failure of a redundant subsystem and a loss of essential safety function (s). If any tie breakers are closed. the affected redundant electrical power distribution subsystems are considered inoperable. This applies to the onsite, safety related redundant electrical power distribution subsystems. It does not, however, preclude redundant Class 1E 4.16 kV buses from being powered from the same offsite circuit.

l APPLICABILITY The electrical power distribution subsystems are required to be OPERABLE in MODES 1. 2. 3. and 4 to ensure that:

a. Accept 30le fuel design limits and reactor coolant pressure bound 6ry limits are not exceeded as a result of A00s or abnormal transients; and
b. Adequate core cooling is provided, and containment OPERABILITY and other vital functions are maintained in the event of a postulated DBA.

Electrical power distribution subsystem requirements for MODES 5 and 6 are covered in the Bases for LCO 3.8.10.

" Distribution Systems - Shutdown. "

ACTIONS 6_1 With one or more required Class 1E AC electrical power subsystems inoperable and a loss of function has not yet occured. the remaining portions of the AC electrical power distribution subsystems are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure. The overall reliability is reduced, however, because a single failure in the remaining portions of the power distribution subsystems could result in the minimum required ESF functions not being supported. Therefore, the required Class 1E AC buses, load centers, and motor control centers must be restored to OPERABLE status within 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />.

Condition A worst scenario is one AC electrical power distribution subsystem without AC power (i.e., no offsite

~ / h (v) (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-70

Distribution Systems-Operating 8 3.8.9 BASES ACTION A.1 (continued) power to the 4160 V ESF bus and the associated DG inoperable). In this Condition, the unit is more vulnerable to a complete loss of AC power. It is, therefore, imperative that the unit operator's attention be focused on minimizing the potential for loss of power to the remaining AC electrical power distribution subsystems by stabilizing the unit, and on restoring power to the affected subsystem. The 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> time limit before requiring a unit shutdown in this Condition is acceptable because of:

a. The potential for decreased safety if the unit operator's attention is diverted from the evaluations and actions necessary to restore power to the affected subsystem, to the actions associated with taking the unit to shutdown within this time limit: and
b. The potential for an event in conjunction with a single failure of a redundant component in the other AC electrical power distribution subsystems with AC power.

The second Completion Time for Required Action A.1 establishes a limit en the maximum time allowed for any combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition A is entered while, for instance. a DC bus is inoperable and subsequently restored O' -

OPERABLE. the LC0 may already have been not met for up to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since initial failure of the LCO. to restore the AC distribution system. At this time, a DC circuit could again become inoperable, and AC distribution restored OPERABLE. This could continue indefinitely.

The Completion Time allows for an exception to the normal

" time zero" for beginning the allowed outage time " clock."

This will result in establishing the " time zero" at the time the LC0 was initially not met, instead of the time Condition A was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LC0 indefinitely, fLl_

With one or more 120 VAC vital bus subsystems inoperable and a loss of function has not yet occured, the remaining OPERABLE 120 VAC vital buses are capable of supporting the minimum safety functions necessary to shut down the unit and maintain it in the safe shutdown condition. Overall reliability is reduced, however since an additional single failure could result in the minimum required ESF functions not being supported. Therefore, the required AC vital bus (continued)

DIABLO CANYON - UNITS 1 & 2 8 3.8-71

Distribution Systems-Operating B-3.8.9 ,

BASES-

' ACTIONS 4 B.1 (continued) subsystems must b6 powered from an alternate source within ,

2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> by powerir.g the bus from the associated inverter via inverted DC.-inverter using internal AC source, or Class 1E constant voltage transformer. The required AC vital bus subsystems must then be re-powered by restoring it's associated inverter to OPERABLE status within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> under LC0 3.8.7. ACTION A.1.

Condition B represents cne 120 VAC vital bus without power:

potentially both the DC source and the associated AC source are nonfunctioning. In this situation, the unit is significantly more vulnerable to a complete loss of all noninterruptible power, It is, therefore, imperative that the operator's attention focus on stabilizing.the unit, minimizing the potential for loss of power to the remaining vital buses and restoring power to the affected 120 VAC vital bus subsystems.

This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that are without adequate 120 VAC power. Taking exception to LC0 3.0.2 for components without adequate vital 120 VAC power, that would  ;

have the Recuired Action Completion Times shorter than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> if ceclared inoperable, is acceptable because of:

O a. The potential for decreased safety by requiring a change in unit conditions (i.e., requiring a shutdown) and not allowing stable operations to continue;

b. The potential for decreased safety by requiring entry into numerous Applicable Conditions and Required Actions for components without adequate vital 120 VAC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected subsystem , and
c. The potential for an event in conjunction with a single l failure of a redundant component.

l The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time takes into account the importance to safety of restoring the 120 VAC vital bus to OPERABLE status, the redundant capability afforded by the other OPERABLE 120 VAC vital buses, and the low probability of a DBA occurring during this period.

The second Completion Time for Required Action B.1 establishes a limit on the maximum allowed for any I combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition B is entered while, for instance, an AC bus is inoperable and subsequently returned OPERABLE the LC0 may already have been not met for up to (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-72 l

I Distribution Systems-Operating B 3.8.9 S B.1 (continued) 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />, since inir.ial failure of the LC0. to restore the 120 VAC vital bus distribution system. At this time. an AC bus could again become inoperable, and 120 VAC vital bus distribution restored OPERABLE. This could continue indefinitely.

Tnis Completion Time allows for an exception to the normal time zero" for beginning the allowed outage time " clock."

This will result in establishing the " time zero" at the time the LCO was initially not met, instead of the time Condition 8 was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an ac:eptable limitation on this potential to fail to meet the LCO indefinitely. .

[l' 4

Witt one or more DC electrical power distribution subsystems inoperable and a loss of function has not yet occured, the remaining portions of the DC electrical power distribution subsystems are capable of supporting the minimum safety functions necessary to shut down the reactor and maintain it in a safe shutdown condition, assuming no single failure.

The oserall reliability is reduced, however, because a single failure in the remaining portion of the DC electrical power distribution subsystems could result in the minimum required O ESF functions not being supported. Therefore, the DC buses must be restored to OPERABLE status within 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> by powering the bus from the associated battery or charger.

Condit1cn C represents one or more DC electrical power distribution subsystems without adequate DC power:

potentially both with the battery significantly degraded and the associated charger nonfunctioning for the affected bus (es). In this situation, the unit is significantly more vulnerable to a complete loss of all DC power. It is, i therefore, imperative that the operator's attention focus on i stabilizing the unit, minimizing the potential for loss of J power to the remaining DC electrical power distribution subsystems and restoring power to the affected subsystems .

This 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> limit is more conservative than Completion Times allowed for the vast majority of components that would be without power. Taking exception to LC0 3.0.2 for components without adequate DC power, which would have Required Action Completion Times shorter than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br />, is acceptable because of:

- .a. The potential for decreased safety by requiring a change in unit conditions (i.e., requiring a shutdown) while
allowing stable operations to continue

(continued)

DIABLO CAMON - UNITS 1 & 2 B 3.8-73 i

-~v =.me-- ,- , . - . . - - . - - . _ - . - , - - - + - > , , 4 ,-- , . ,,,- &----

Distribution Systems-0perating B 3.8.9

,s BASES-ACTIONS C.1 (continued)

b. The potential for decreased safety by requiring entry into numerous applicable Conditions and Required Actions for components without DC power and not providing sufficient time for the operators to perform the necessary evaluations and actions for restoring power to the affected subsystem; and
c. The potential for an event in conjunction with a single failure of a redundant component.

The 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> Completion Time for DC buses is consistent with Regulatory Guide 1.93 (Ref. 3).

The second Completion Time for Required Action C.1 2 establishes a limit on the maximum time allowed for any

, combination of required distribution subsystems to be inoperable during any single contiguous occurrence of failing to meet the LCO. If Condition C is entered while, for instance, an AC bus is inoperable and subsequently returned OPERABLE. the LCO may already have been not met for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. This could lead to a total of 10 hours1.157407e-4 days <br />0.00278 hours <br />1.653439e-5 weeks <br />3.805e-6 months <br />. since initial failure of the LCO, to restore the DC distribution system. At this time, an AC bus could again become inoperable, and DC distribution restored OPERABLE. This could continue indefinitely.

This Completion Time allows for an exception to the normal

" time zero" for beginning the allowed outage time " clock."

This will result in establishing the " time zero" at the time the LC0 was initially not met, instead of the time Condition C was entered. The 16 hour1.851852e-4 days <br />0.00444 hours <br />2.645503e-5 weeks <br />6.088e-6 months <br /> Completion Time is an acceptable limitation on this potential to fail to meet the LC0 indefinitely.

D.1 and 0 2 If the inoperable distribution subsystem cannot be restored ~

to OPERABLE status within the required Completion Time, the unit must be brought to a MODE in which the LC0 does not apply. To achieve this status, the unit must be brought to at least MODE 3 within 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> and to MODE 5 within 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br />.

The allowed Completion Times are reasorable, based on operating experience, to reach the required unit conditions from full power conditions in an orderly manner and without challenging plant systems.

E.1 Condition E corresponds to required Class 1E AC, DC, or 120 VAC vital buses with inoperable distribution subsystems that result in a loss of safety function, adequate core cooling, containment OPERABILITY and other vital functions for DBA n

(Continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-74

- . .- . ~.. . . . _ . . . . - .. - - . ... . .. .- .. - - - .- -

- Distribution Systems -Operatira B 3.8.9 BASES ACTIONS E.1 (continued) mitigation would be compromised, and immediate plant shutdown in accordance with LC0 3.0.3 is required.

SURVEILLANCE . SR 3.8 9.1 REQUIREMENTS This Surveillance verifies that the required Class 1E AC DC.

and 120 VAC vital bus electrical power distribution systems are functioning properly. with the correct circuit breaker-alignment -The correct breaker alignment ensures the appropriate separation and independence of the electrical divisions is maintained, and the appropriate voltage is available to each required bus. The verification of proper voltage availability on the buses ensures that the required voltage is readily available for motive as well as control functions for critical system loads' connected to these buses.

The 7 day Frequency takes into account the redundant capability of the AC DC, and 120 VAC vital bus electrical power distribution subsystems, and other indications  ;

available in the control room that alert the operator to subsystem malfunctions.

Table B 3 8.9-1 Table on next Jage define the general features of the AC and

( DC Electrical )ower Distribution System.

i l

REFERENCES 1. FSAR. Chapter 6. j

2. FSAR, Chapter 15. l
3. Regulatory Guide 1.93. December 1974.

l I I DIABLO CANYON - UNITS 1 & 2 B 3.8-75 e e, , g w w. m , - - ~ .

Distribution Systems-Operating B 3.8.9 l

BASES g

,U Table B'3.8.9-1 (page 1 of 1) I AC and DC Electrical Power Distribution Systems l LCO 3.8.9 CONDITION A 4160 VAC and 480 VAC 1 VOLTAGE BUS F BUS G BUS H MAJOR ESF LOADS MAJOR ESF LOADS MAJOR ESF LOADS )

(TRAIN A) (TRAIN B) (TRAIN A&B) 4160 VAC ASW PP 1 ASW PP 2 AFW PP 2 (B)

AFW PP 3 CS PP 1 CS PP 2 (A)

CCP PP 1 RHR PP 1 RHR PP 2 (A)

CCW PP 1 CC PP 2 51 PP 2 (B)

SI PP 1 CCW PP 2 CCW PP 3 (A&B) 480 VAC BUS F 480 VAC BUS G 480 VAV BUS H  ;

480 VAC

  • CFCU 1 CFCU 3 CFCU 4 (A&B) l CFCU 2 CFCU 5 l
  • Partial listing of loads LC0 3.8.,9 CONDITION B 120 VAC l

BUS 1 BUS 2 BUS 3 BUS 4 l

[- PY11 (21)** PY12 (22)** PY13 (23)** PY14 (24)** l k PY11A (21A)** PY13A (23A)** j I

IY Powered by: IY1 Powered by: IY Powered by: IY Powered by:

480 VAC BUS F/DC 480 VAC BUS G/DC 480 VAC BUS H/DC 480 VAC BUS H/DC BUS 1 BUS 2 BUS 3 BUS 2 or or or or TRY1 Powered by: TRY2 Powered by: TRY3 Powered by: TRY1 Powered by:

480 VAC BUS F 480 VAC BUS G 480 VAC BUS H 480 VAC BUS H i or Backup or Backup or Backup or Backup 480 VAC BUS G 480 VAC BUS F 480 VAC BUS G 480 VAC BUS F

    • Unit 2 in parentheses j LC0 3.8.9 CONDITION C 125 VDC DC BUS 1 - Powered DC BUS 2 - Powered From: DC BUS 3 - Powered From: i From: l l

Battery 1 and Battery 2 and Battery 3 and ,

Batery Charger 11 Battery Charger 12 Batery Charger 131 l (21)** or (22)** or (231)** or l Battery Charger 121 Battery Changer 121 Battery Charger 132 (221)** (221)** (232)**

"* Unit 2 in Parentneses v

DIABLO CANYON - UNITS 1 & 2 B 3.8-/6

Distribution Systems-Shutdown B 3.8.10

(~} B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.10 Distribution Systems-Shutdown BASES BACKGROUND A description of the Class 1E AC, DC, and 120 VAC vital bus electrical power distribution systems is provided in the Bases for LCO 3.8.9 " Distribution Systems -Operating."

APPLICABLE The initial conditions of Design Basis Accident and SAFETY ANALYSES transient analyses in the FSAR, Chapter 6 (Ref. 1) and Chapter 15 (Ref. 2), assume Engineered Safety Feature (ESF) systems are OPERABLE. The Class 1E AC. DC. and 120 VAC vital bus electrical pow?r distribution systems are designed to provide sufficient capacity, capability, redundancy, and reliability to ensure the availability of necessary power to ESF systems so that the fuel.

Reactor Coolant System, and containment design limits are not exceeded.

The OP$RABILITY of the Class 1E AC. DC. and 120 VAC vital bus electrical power distribution system is consistent with the initial assumptions of the accident analyses and the requirements n for the supported systems' OPERABILITY.

The OPERABILITY of the minimum Class 1E AC, DC, and 120 VAC vital bus electrical power distribution subsystems during MODES 5 and 6. and during movement of irradiated fuel assemblies ensures that:

a. The unit can be maintained in the shutdown or refueling condition for extended periods:
b. Sufficient instrumentation and control capability is available for monitoring and maintaining the unit status:

and

c. Adequate power is provided to mitigate events postulated during shutdown, such as a fuel handling accident.

The Class 1E AC. DC. and 120 VAC electrical power distribution systems satisfy Criterion 3 of 10 CFR 50.36(c)(2)(11).

LC0 Various combinations of subsystems, equipment, and components are required OPERABLE by other LCOs. depending on the specific plant condition. An OPERABLE AC subsystem shall consist of a 4kV vital bus powered from at least one energized offsite power source with the capability of being powered from an OPERABLE DG. The DG may be the DG associated wit 1 that bus or, with administrative n

gj (continued)

DIABLO CANYON - UNITS 1 & 2 8 3.8-/7

- - . .- .. - . - .- . - - -.- . . - .-. _. .~.,

gi Distribution Systems-Shutdown B 3.8.10 i

BASES U LCO controls in place, a DG that can be cross-tied (via the startup (continued) cross-tie feeder breakers) to another bus. However, credit for

this cross-tie capability cannot be taken credit for in those

. LCOs which specifically require an OPERABLE emergency power source. The latter ensures that the 4 kV bus will be immediately

!.. available after a LOOP without operator action. An OPERABLE DC

subsystem consists of an OPERABLE DC bus (see B 3.8.5). An OPERABLE Class 1E 120 VAC subsystem consists of a vital 120 VAC bus that is powered by its OPERABLE inverter which is connected to an OPERABLE DC bus, or except as precluded by LCO 3.8.8. one-that is powered from its associated vital 120 VAC regulating transformer that is selected to be powered from an OPERABLE AC i- vital bus. This ensures that the vital 120 VAC bus is capable of supplying either uninterruptable power from its associated 4.

inverter. or with administrative controls in place, from its vital 120 VAC regulating transformer after a brief time delay for i the DG to load the bus following a LOOP. The 120 VAC regulating i transformer must be capable of being energized without any operator action. Implicit in those requirements is the required i OPERABILITY of necessary support required features. This LC0 explicitly requires energization of the portions of the

electrical distribution system necessary to support OPERABILITY j of required systems. equipment. and components-all specifically addressed in each LC0 and implicitly required via the definition
of OPERABILITY.

3 Maintaining these portions of the distribution system energized 4 ensures the availability of sufficient power to operate the unit in a safe manner to mitigate the consequences of postulated events during shutdown (e.g. , fuel handling accidents).

APPLICABILITY The AC. DC and 120 VAC electrical power distribution subsystems required to be OPERABLE in MODES 5 and 6. and during movement of irradiated fuel assemblies, provide assurance that

,, a. Systems to provide adecuate coolant inventory makeup are

' available for the irraciated fuel in the core;

b. Systems needed to mitigate a fuel handling accident are available i

4

c. Systems necessary to mitigate the effects of events that
can lead to core damage during shutdown are available
and
d. Instrumentation and control capability is available for monitoring and maintaining the unit in a cold shutdown

[ condition and refueling condition.

The AC. DC and '120 VAC vital bus electrical power distribution subsystems requirements for MODES 1. 2. 3. and 4 are covered in

, LC0 3.8.9.

1 (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.8-78

Distribution Systems-Shutdown B 3.8.10 BASES ACTIONS LC0 3.0.31s not applicable while in MODE 5 or 6. However, since irradiated fuel assembly movement can occur 'in MODE 1, 2. 3. or-4, the ACTIONS have been modified by a Note stating that LC0 3.0.3 is not applicable. If moving irradiated fuel assemblies-while in MODE 5 or 6. LCO 3.0.3 would not specify any action. If moving irradiated fuel assemblies while in MODE 1. 2. 3. or 4, the fuel movement is independent of reactor operations.

Therefore, in either case, the movement of tiradiated fuel assemblies would not be sufficient reason to require a reactor shutdown.

A.1. A.2.1. A.2.2. A.2.3. A.2.4. and A.2.5 Although redundant' required features may require redundant subsystems of electrical power distribution systems to be OPERABLE, one OPERABLE distribution subsystem may be capable of supporting sufficient required features to allow continuation of '

CORE ALTERATIONS and fuel movement. By allowing the option to declare required features associated with an inoperable distribution subsystem inoperable, appropriate restrictions are implemented in accordance with the affected distribution subsystem LC0's Required Actions. In many instances, this option may involve undesired administrative efforts. Therefore. the allowance for sufficiently conservative actions is made (i.e., to suspend CORE ALTERATIONS. movement of irradiated fuel assemblies, and operations involving positive reactivity additions).

Suspension of these activities does not preclude completion of

\ actions to establish a safe conservative condition. These actions minimize the probability of the occurrence of postulated events. It is further required to imediately initiate action to restore the required AC DC, and 120 VAC electrical power distribution subsystems and to continue this action until  !

restoration is accomplished in order to provide the necessary I power to the unit safety systems.

Notwithstanding performance of the above conservative Required

. Actions, a required residual heat removal (RHR) subsystem may be inoperable. In this case, Required Actions A.2.1 through A.2.4 do not adequately address the concerns relating to coolant circulation and heat removal. Pursuant to LC0 3.0.6. the RHR ACTIONS would not be entered. Therefore. Required Action A.2.5 is provided to direct declaring RHR inoperable, which results in taking the appropriate RHR actions.

The Completion Time of immediately is consistent with the required times for actions requiring prompt attention. The restoration of the required distribution subsystems should be completed as quickly as possible in order to minimize the time

'the unit safety systems may be without power.

(continued)

L ,DIABLO CANYON - UNITS 1 & 2. B 3.8-79

.. , x , .. _. _ .. __ _ . _ .

Distribution Systems-ShutdowT)

B 3.8.10 BASES 3

,,d SURVEILLANCE SR 3.8.10.1 REQUIREMENTS This Surveillance verifies that the Class 1E AC, DC, and 120 VAC vital bus electrical power distribution subsystems are functioning properly, with all the buses energized. The verification of proper voltage availability on the buses ensures that the required power is readily available for motive as well as control functions for critical system loads connected to these buses. The 7 day Frequency takes into account the capability of the electrical power distribution subsystems, and other indications available in the control room that alert the operator to subsystem malfunctions.

REFERENCES 1. FSAR. Chapter 6.

2. FSAR. Chapter 15.

1 O

DIABLO CANYON - UNIIS 1 & 2 B 3.8-80

. . . . . ,. - . . .. - - - = . .- ..~ ._.

Boron Concentration B 3.9.1 A B 3.9 1 REFUELING OPERATIONS V B 3.9.1 Boron Concentration 4

BASES 4

~

BACKGROUND The limit on the boron concentrations of the Reactor Coolant System- -

l (RCS) the refueling canal, and the refueling cavity during refueling ensures that the reactor remains subcritical during MODE 6.

Refueling boron concentration is the soluble baron concentration in

- the coolant in each of these volumes having direct access to the

reactor core during refueling.

1 The soluble boron concentration offsets the core reactivity and is measured by chemical analysis of a representative sample of the '

coolant in each of the volumes. The refueling boron concentration limit is specified in the COLR. The refueling boron concentration is

-- sufficient to maintain shutdown margin (SDM) with the most adverse conditions of fuel assembly and control rod position allowed by plant-precedures. The boron concentration that is maintained in Mode 6 is sufficient to maintain kg s 0.95 with the most reactive rod control

-assembly completely remov,e,d from its fuel assembly.

[

GDC 26 of 10 CFR 50.' Appendix A. requires that two independent >

reactivity control, systems of different design principles be provided 2 (Ref. 1). One of these systems must be capable of holding the

'l reactor core subcritical under cold conditions. The Chemical and i Volume Control System (CVCS) is the principle system ca)able of 4 maintaining the reactor subcritical in cold conditions ?y maintaining the boron concentration.

The reactor is brought to shutdown conditions before beginning operations to open the reactor vessel for refueling. After the RCS is cooled and depressurized and the vessel head is unbolted. the head is slowly removed to form the refueling cavity. The refueling canal and the refueling cavity are then flooded with refueling grade borated water from the liquid hold up tanks or the refueling water i storage tank . l The pumolng action of the RHR System in the RCS and the natural circulation due to thermal driving heads in the reactor vessel and i refueling cavity mix the added concentrated boric acid with the water 1 in the refueling canal. The RHR System is in operation during refueling (see LC0 3.9.5. " Residual Heat Removal (RHR) and Coolant

- Circulation-High Water Level," and LC0 3.9.6. " Residual Heat Removal (RHR) and Coolant Circulation-Low Water Level") to provide forced circulation cooling in the RCS and assist in maintaining the boron 4

concentrations uniformity in the RCS. the refueling canal, and the refueling cavity above the COLR limit.

M (continued)

- DIABLO CANYON - UNITS 1 & 2-- B 3.9 .

- e e gr

Boron Concentration B 3.9.1 L BASES-4 APPLICABLE During refueling operations, the reactivity condition of the core is SAFETY ANALYSIS consistent with the initial conditions assumed for the boron dilution j accident in the accident analysis and is conservative for MODE 6.

, The boron concentration limit specified in the COLR is based on the

! core reactivity at the beginning of each fuel cycle (the end of i refueling) and includes an uncertainty allowance.

The required boron concentration and the plant refueling procedures that verify the correct fuel loading plan (including core mapping) ensure that the k,,, of the core will remain s 0.95 during the refueling operation. Hence at least a 5% Ak/k margin of safety is established during refueling.

During refueling, the water volume in the spent fuel pool, the transfer canal, the refueling canal, the refueling cavity, and the reactor vessel form a single mass. As a result, the soluble boron <

concentration is relatively the same in each of these volumes.

The limiting boron (iilution accident analyzed occurs in MODE 5 (Ref. 2). It is based upon a maximum dilution flow of 300 g.p.m.

and prompt identification and operation preclude the event from i proceeding to a boron dilution accident. Prompt identification is l i assured through audible count rate instrumentation, a high count rate '

, alarm and a high source range flux level alarm.

l. # The RCS boron concentration satisfies Criterion 2 of l- 10CFR50.36(c)(2)(ii).

i LCO The LC0 requires that a minimum boron concentration be maintained in 4

the RCS the refueling canal, and the refueling cavity while in MODE 6. The boron concentration limit specified in the COLR ensures that a core k of s 0.95 is maintained during fuel handling

. operations. YlolationoftheLC0couldleadtoaninadvertent criticality during MODE 6.

APPLICABILITY This LC0 is applicable in MODE 6 to ensure that the fuel in the 4

reactor vessel will remain subcritical. The required boron s 0.95. Above MODE 6. LC0 3.1.1.

concentration

" SHUTDOWN MARGIN ensures (SDM)a." k,5.,C0 1 3.1.6. " Shutdown Bank Insertion Limits." and LC0 3.1.7. " Control Bank Insertion Limits." ensures that ,

an adequate amount of negative reactivity is available to shut down the reactor and maintain it subcritical 1

d

{ (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.9-2 4

4

.,.e - - , ,

1 4.

l Boron Concentration ,

~

B 3.9.1

- BASES ACTIONS A.1 and A 2

[, Continuation of CORE ALTERATIONS or positive reactivity additions 4

(including actions to reduce boron concentration) is contingent upon maintaining the unit in compliance with the LCO. If the boron concentration of any coolant volume in the RCS. the refueling canal,

or the refueling cavity is less than its limit, all operations i . involving CORE ALTERATIONS or positive reactivity additions must be suspended imediately.

! Suspension'of CORE ALTERATIONS and positive reactivity additions l

shall not preclude moving a component to a safe position.

b.1 4

In addition to immediately suspending CORE ALTERATIONS or positive

reactivity additions, boration to restore the concentration must be l initiated immediately.

1 In determining the required combination of boration flow rate and concentration, no unique Design Basis Event must be satisfied, The

'_ only.r'ecuirement is to restore the boron concentration to its requirec value as soon as possible. In order to raise the boron a

concentration as soon as possible, the operator should begin boration with the best source available for unit conditions. j Once actions have been initiated, they must be continued until the boron concentration is restored. The restoration time depends on the amount of boron that must be injected to reach the required concentration. ,

SURVEILLANCE SR 3 9.1.1 '

t REQUIREMENTS

This SR ensures that the coolant boron concentration in the RCS, the refueling canal, and the refueling cavity is within the COLR limits.

The boron concentration of the coolant in each volume.is determined

i. periodically by chemical analysis.

! A minimum Frequency of once every 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> is a reasonable amount of

! time to verify the boron concentration of representative samples.

The Frequency is based on operating experience, which has shown

72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to be adequate.

e REFERENCES 1. 10 CFR 50, Appendix A,-GDC 26.

2. FSAR, Chapter 15,,Section 15.2.4

, DIABLO CANYON - UNITS 1 & 2 B 3.9-3  ;

w -,a.- . ,-e, , . - ,

Nuclear Instrumentation B 3.9.3 p B 3.9 REFUELING OPERATIONS

  1. B 3.9.3 Nuclear Instrumentation BASES BACKGROUND The source range neutron flux monitors are used during refueling I operations to monitor the core reactivity condition. The installed source range neutron flux monitors are part of the Nuclear Instrumentation System (NIS). These detectors are located external to the reactor vessel and detect neutrons leaking from the core.

The installed source range neutron flux monitors are BF3 detectors operating in the proportional region of the gas filled detector characteristic curve. The detectors monitor the neutron flux in counts per second. The instrument range (source range drawer) covers six decades of neutron flux (10 to 1E+6 cps) with a 13% instrument accuracy. The detectors also provide continuous visual indication in the control room and an audible alarm and count rate to alert operators to a possible dilution accident. The NIS is designed in  ;

accordance with the criteria presented in Reference 1.

APPLICABLE Two OPERABLE source range neutron flux monitors are required to SAFETY ANALYSIS provide a signal to alert the operator to unexpected changes in core

/3 reactivity such as with a boron dilution accident (Ref. 2) or an C/ improperly loaded fuel assembly. Prompt identification is required to assure sufficient time for operator action to preclude the event from proceeding to a Boron Dilution Accident. Prompt identification is assured through audible count rate indication, a high count rate alarm and a high source range flux level alarm in the control room.

The source range neutron flux monitors satisfy Criterion 3 of 10CFR50.36(c)(2)(ii).

LC0 This LC0 requires that two source .2nge neutron flux monitors be OPERABLE to ensure that redundant monitoring capability is available to detect changes in core reactivity. To be OPERABLE each monitor must prpovide visual indication and at least one of the two monitors must provide an audible alarm and count rate functions in the Control Room. Therefore, with no audible alarm and count rate functions from at least one monitor, both monitors are inoperable.

1 APPLICABILITY in MODE 6. the source range neutron flux monitors must be OPERABLE to determine changes in core reactivity. There are no other direct means available to check core reactivity levels. In MODES 2. 3, 4 and 5. these same installed source range detectors and circuitry are (o (continued)

DIABLO CANYON - UNITS 1 & 2 8 3.9 4

.- .- - - - .. - -. ._- -_ . ~ - . - . . . -

Nuclear Instrumentation B 3.9.3

~N BASES (continued)~

(Q -

i I APPLICABILITY also required to be OPERABLE by LC0 3.3.1. '" Reactor Trip System

.(continued) (RTS) Instrumentation" and LCO 3.3.9. "BDPS.*

ACTIONS' A.1 and A.2 With only one source range neutron flux monitor OPERABLE redundancy i has been lost. Since these instruments are the only direct means of

, monitoring core reactivity conditions. CORE ALTERATIONS and positive reactivity additions must be suspended immediately. The exception given in A.1 for the process of latching / unlatching control rods and friction testing of control rods is provided to allow completion of head. installation prior to replacing a failed source range detector.

RCCA latching and friction testing is conducted with the reactor vessel upper internals in place, thereby preventing the lowering of a temporary source range detector into the region of the core. This NOTE allows control rod movement with only one source range in place.

. Friction testing involves fully withdrawing and reinserting each rod in turn, which could change core reactivity by as much as one percent ,

for the most reactive rod. The increase'in count rate would be one to two counts per second. The core coupling in this configuration

would allow one source range detector to detect significant

reactivity changes associated with control rod movement.

Performance of Required Action A.1 shall not preclude completion of

. movement of a component to a safe position or normal cooldown of a coolant volume for the purpose of system temperature control.

Bl With no source range neutron flux monitor OPERABLE including no OPERABLE audible alarm and count rate functions action to restore a ]

monitor to OPERABLE status shall be initiated immediately. Once  :

initiated, action shall be continued until a source range neutron ]

flux monitor including no OPERABLE audible alarm and count rate ,

functions is restored to OPERABLE status. J With no source range neutron flux monitor OPERABLE, there are no direct means of detecting changes in core reactivity. However, since j CORE ALTERATIONS and positive reactivity additions are not to be  !

made, the core reactivity condition is stabilized until the source j range neutron flux monitors are OPERABLE. This stabilized condition  :

is determined by performing SR 3.9.1.1 to ensure that the required boron concentration exists.

1 The Completion Time of once per 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> ensures that unplanned changes in baron concentration would be identified. The 12 hour1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> Frequency is reasonable, considering the low probability of a change 4

in core reactivity during this time period. l J

b( (continued)

'DIABLO CANYON - UNITS 'l & 2' B 3.9-5 1 1

l

^

Nuclear Instrumentation B 3.9.3

'q BASES -(continued) b

, SURVEILLANCE SR 3.9 3.1 L REQUIREMENTS SR 3.9.3.1 is the performance of a CHANNEL CHECK which is a

! comparison of the parameter indicated on one channel to a similar i parameter on other channels. It is based on the assumption that the two indication channels should be consistent with core conditions.

Changes-in fuel loading and core geometry can result in significant i differences between source range channels, but each channel should be j consistent with its local conditions. For core reload the first i CANNEL CHECK for each channel may be performed using the first fuel

assembly as a source, prior to unlatching it in the core.

3 i The Frequency of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is consistent with the CHANNEL CHECK Frequency specified similarly for the same instruments in LC0 3.3.1.

i SR 3 9.3.2 1

SR 3.9.3.2 is the performance of a CHANNEL CALIBRATION every 18 months. This SR is modified by a Note stating that neutron detectors are excluded from the CHANNEL CALIBRATION. The CHANNEL CALIBRATION for the source rar.ge neutron flux monitors consists of obtaining the detector plateau or preamp discriminator curves, evaluating those curves, and comparing the curves to the

manufacturer's data. The CHANNEL CALIBRATION also includes i verification of the audible alarm and count rate functions on a 4 simulated or actual boron dilution flux doubling signal. The 18 month Frequency is based on the need to perform this Surveillance under the conditions that apply during a plant outage. Operating experience has shown these components usually pass the Surveillance when performed at the 18 month Frequency.
REFERENCES 1. 10 CFR 50. Appendix A. GDC 13. GDC 26. GDC 28. and GDC 29.
2. FSAR . Section 15.2.4.

l l,'

t E l 1

(continued)

DIABLO CANYON - UNITS 1 & 2 B 3.9-6

~

Containment Penetrations ,

B 3.9.4 B 3,9 REFUELING OPERATIONS B 3.9.4' Containment Penetrations a

BASES

' BACKGROUND During CORE ALTERATIONS or movement of irradiated fuel assemblies

within containment, a release of fission product radioactivity within
containment will be restricted from escaping to the environment when 4 the LC0 requirements are met. In MODES 1. 2. 3. and 4, this is accomplished by maintaining containment OPERABLE as described in LC0 3.6.1. " Containment " In MODE 6. the potential for. containment pressurization as a result of an accident is not likely; therefore,
requirements to isolate the containment from the outside atmosphere

' can be less stringent. The LC0 requirements are referred to as

" containment closure" rather than " containment OPERABILITY."

Containment closure means that all potential escape paths are closed

~

or capable of being closed by automatic means. Since any potential for containment pressurization yields very low levels, the 10CFR50.

! Appendix J 1eakage criteria and tests are not required. (Ref. 1) 4 The containment serves to contain fission product radioactivity that may be' released frontthe reactor core following an accident, such that offsite radiation ex)osures are maintained well within the requirements of 10CFR100. Additionally, the containment provides 1

radiation shielding from the fission products that may be present in the containment atmosphere following accident conditions.

The containment equipment hatch, which is part of the containment pressure boundary, provides a means for moving large equipment and components into and out of containment. During CORE ALTERATIONS or movement of irradiated fuel assemblies within containment, the L equipment hatch must be held in place by at least four bolts. Good engineering practice dictates that the bolts required by this LCO be approximately equally spaced.

The containment air locks, which are also part of the containment pressure boundary, provide a means for personnel access during MODES 1. 2. 3, and 4 unit operation in accordance with LCO 3.6.2. 1

" Containment Air Locks." Each air lock has a door at both ends. The  !

doors are normally interlocked to prevent simultaneous opening when l containment OPERABILITY is required. During periods of unit shutdown when containment closure is not required, the door interlock mechanism may be disabled, allowing both doors of an air lock to remain open for extended aeriods when frequent containment entry is necessary. During CORE A TERATIONS or movement of irradiated fuel assemblies within containment, containment closure is required;  !

therefore, the door interlock mechanism may remain disabled, but one

- _ air lock door must always remain closed for normal entry and exit. j The requirements for containment penetration closure ensure that a release of fission product radioactivity within containment will be l l

! (Continued)

DIABLO CANYON - UNITS 1 & 2 8 3.9-7 ,

Containment Penetrations B 3.9.4 ,

BASES

O BACKGROUND restricted from escaping to the environment. The closure restrictions ,

! -(continued) are sufficient to restrict fission product radioactivity release from <

containment due to a fuel handling accident during refueling.

] l

! The Containment Purge and Exhaust System includes two subsystems. The  !

normal subsystem includes a 48 inch purge penetration and a 48 inch i

exhaust penetration in whichthe flow path is limited to being open 200

hour or less per calendar year. The second subsystem, a pressure equalization system provides a single 12 inch supply and exhaust penetration. The three valves in the 12 inch pressure equalization penetration can be opened intermittently. Each of these system are j qualified to closed automatically by the Engineered Safety Features Actuation System (ESFAS). Neither of the subsystems ~ 1s subject to a Specification in MODE 5.

, In MODE 6. large air exchangers are necessary to conduct refueling operations. The normal 48 inch purge system is used for this purpose, and all four valves are closed by the ESFAS in accordance with LCO 3.3.2. " Engineered Safety Feature Actuation System (ESFAS)

Instrumentation."

The pressure equalization system is disassembled and used in MODE 6
for other outage functions.

i j The other containment penetrations that provide direct access from containment atmosphere to outside atmosphere must be isolated on at i i least one side. Isolation may be achieved by an OPERABLE automatic

1 solation valve, or by a manual isolation valve, blind flange, or i equivalent. The fuel transfer tube is open but closure is provided by
- an equivalent isolation of a water loop seal. Equivalent 1 solation
methods must be approved and may include use of a material that can  !

, provide a temporary, ventilation barrier for the other containment  ;

penetrations ouring fuel movements (Ref. 1).

APPLICABLE During CORE ALTERATIONS or movement of irradiated fuel assemblies SAFETY ANALYSIS within containment, the most severe radiological consecuences result from a fuel handling accident. The fuel handling accicent is a postulated event that involves damage to irradiated fuel (Ref. 2). ,

Fuel handling accidents, analyzed in Reference 2. consists of I dropping a single irradiated fuel assembly The requirements of LCO 3.9.7. " Refueling Cavity Water Level." and the minimum decay time of 100 hours0.00116 days <br />0.0278 hours <br />1.653439e-4 weeks <br />3.805e-5 months <br /> prior to CORE ALTERATIONS ensure that the release of fission product radioactivity, subsequent to a fuel handling accident, results in doses that are well within the guideline values specified in 10 CFR 100. Standard Review Plan. Section 15.7.4. Rev. 1 (Ref. 3). ,

l defines "well within" 10 CFR 100 to be 25% or less of the 10 CFR 100 values. The acceptance limits for offsite radiation exposure will be L 25% of 10 CFR 100 values

! Containment penetrations satisfy Criterion 3 of 10CFR50.36(c)(2)(ii).

(continued)

DIABLO CANYON.- UNITS 1 & 2 6 3.9-8 i

Containment Penetrations B 3.9.4 BASES

,,m

' This LC0 limits the consequences of a fuel handling accident in LCO containment by limiting the potential escape paths for fission product radioactivity released within containment. The LCO requires any penetration providing direct access from the containment atmosphere to the outside atmosphere to be closed except for the OPERABLE containment purge and exhaust penetrations. For the OPERABLE containment purge and exhaust penetrations, this LC0 ensures that these penetrations are isolable by the Containment Purge and Exhaust Isolation System. The OPERABILITY requirements for this LC0 ensure that the automatic surge and exhaust valve closure times specified in the FSAR can be aclieved and, therefore, meet the assumptions used in the safety analysis to ensure that releases through the valves are terminated, such that radiological doses are within the acceptance limit.

LCO 3.9.4.c is modified by a Note allowing penetration flow paths with direct access from the containment atmosphere to the outside atmosphere to be unisolated under administrative controls.

Administrative controls ensure that 1) Appropriate personnel are aware of the open status of the penetration flowpath during CORE ALTERATIONS or movement of irradiated fuel assemblies within containment and 2) soecified individuals are designated and readily available to isolate the flowpath in the event of a fuel handling accident.

O APPLICABILITY The containment penetration requirements are applicable during CORE V ALTERATIONS or movement of irradiated fuel assemblies within containment because this is when there is a potential for a fuel l

l handling accident. In MODES 1, 2, 3. and 4, containment penetration i requirements are addressed by LC0 3.6.1. In MODES 5 and 6, when CORE )

ALTERATIONS or movement of irradiated fuel assemblies within containment are not being conducted, the potential for a fuel handling i' accident d3es not exist. Therefore, under these conditions no requiremen:s are placed on containment penetration status.

ACTIONS A.1 and A.2 If the containment equipment hatch, air locks, or any containment penetration that provides direct access from the containment atmosphere to the outside atmosphere is not in the required status, including the Containment Purge and Exhaust Isolation System not capable of automatic actuation when the purge and exhaust valves are open, the unit must be placed in a condition where the isolation function is not needed. This is accomplished by immediately suspending CORE ALTERATIONS and movement of irradiated fuel assemblies within containment. Performance of these actions shall not preclude completion of movement of a component to a safe position.

,- ) (continued)

DIABLO CANYON - UNITS 1 & 2 8 3.9-9

Containment Penetrations B 3.9.4

(~3 BASES (continued)

'd SURVEILLANCE SR 3.9.4.1 REQUIREMENTS This Surveillance demonstrates by inspection or administrative means that each of the containment penetrations required to De in its closed position is in that position. The Surveillance on the open purge and exhaust valves will demonstrate that the valves are not blocked from closing. Also the Surveillance will demonstrate that each valve operator has motive power, which will ensure that each valve is capable of being closed by an OPERABLE automatic containment purge and exhaust isolation signal. The SR specifies that containment penetrations that are open under administrative controls are not required to meet the SR during the time the penetrations are open.

The Surveillance is performed every 7 days during CORE ALTERATIONS or movement of irradiated fuel assemblies within containment. The Surveillance interval is selected to be commensurate with the normal duration of time to complete fuel handling operations. A s'arveillance before the start of refueling operations will provide two o" three surveillance verifications during the applicable period for this LCO.

As such, this Surveillance ensures that a postulated fuel ;1andling accident that releases fission product radioactivity wit'nin the containment will not result in a release of fission protet radioactivity to the environment.

, SR 3.9.4.2 This Surveillance demonstrates that each containment purge and exhaust valve actuates to its isolation position on manual initiation or on an actual or simulated high radiation signal. The 18 month Frequency maintains consistency with other similar ESFAS instrumentation and valve testing requirements. In LC0 3.3.6. the Containment Purge and Exhaust Isolation instrumentation requires a CHANNEL CHECK every 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> and a COT every 92 days to ensure the channel 0PERABILITY during refueling operations. Every 18 months a CHANNEL CALIBRATION is performed. The system actuation response time is demonstrated every 18 months, during refueling, on a STAGGERED TEST BASIS. SR 3.6.3.5 demonstrates that the isolation time of each valve is in accordance with the Inservice Testing Program requirements. These Surveillances performed during MODE 6 will ensure that the valves are capable of closing after a postulated fuel handling accident to limit a release of fission product radioactivity from the containment.

REFERENCES 1. Design Criteria Memorandum T-16. Containment Functions.

2. FSAR Section 15.4.5.
3. NUREG-0800. Section 15.7.4. Rev. 1. July 1981.

m.

v DIABLO CANYON - UNITS 1 & 2 B 3.9-10

RHR and Coolant Circulation-High Water Level B 3.9.5 B 3.9 REFUELING OPERATIONS B 3.9.5 Residual Heat Removal (RHR) and Coolant Circulation-High Water Level BASES

~

BACKGROUND The purpose of the RHR System in MODE 6 is to remove decay heat and sensible heat from the Reactor Coolant System (RCS), as required by GDC 34. to provide mixing of borated coolart and to prevent boron stratification (Ref. 1). Heat is removed from the RCS by circulating reactor coolant through the RHR heat exchanger (s), where the heat is transferred to the Component Cooling Water System. The coolant is then returned to the RCS via the RCS cold leg (s). Operation of the RHR System for normal cooldown or decay heat removal is manually accomplished from the control room. The heat removai rate is adjusted by controlling the flow of reactor coolant through the RHR heat exchanger (s) and the bypass lines. Mixing of the reactor coolant is maintained by this continuous circulation of reactor coolant through the RHR System.

APPLICABLE If the' reactor coolapt temperature is not maintained below 200 F.

SAFETY ANALYSIS boiling of the reactor coolant could result. This could lead to a loss of coolant in the reactor vessel. Additionally, boiling of the reactor coolant could lead to boron plating out on components near i O the areas of the boiling activity. The loss of reactor coolant and

! the reduction of baron concentration in the reactor coolant would eventually challenge the integrity of the fuel cladding, which is a fission product barrier. One train of the RHR System is required to be operational in MODE 6, with the water level 2 23 ft above the top of the reactor vessel flange, to prevent this challenge. The LCO does permit de-energizing the RHR pump for short durations, under the condition that the boron concentration is not diluted. This  :

conditional de-energizing of the RHR pump does not result in a 1 challenge to the fission product barrier.

Although the RHR System does not meet a specific criterion of the NRC Policy Statement , it was identified in 10CFR50.36(c)(2)(ii) as an '

important contributor to risk reduction. Therefore, the RHR System l 1s retained as a Specification. j l

LC0 Only one RHR loop is required for decay heat removal in MODE 6. with the water level a 23 ft above the top of the reactor vessel flange.

Only one RHR loop is required to be OPERABLE, because the volume of 1 water above the reactor vessel flange provides backup decay heat I

(continued)

DIABLO CANYON - UNITS 1 & 2 8 3.9-11 i

l

' RHR and Coolant Circulation-High Water Level B 3.9.5 BASES O .LC01 removal capability. At least one RHR loop must be OPERABLE and in (continued) operation to provide:

a. Removal of decay heat;
b. Mixing of borated coolant.to minimize the possibility of criticality: and
c. Indication of reactor coolant temperature.

An OPERABLE RHR loop includes an RHR pump, a heat' exchanger, valves, j piping, instruments, and controls to ensure an OPERABLE flow path and to determine the low end temperature. The flow path starts in one of the RCS hot legs and is. returned to the RCS cold legs.

.The LC0 is modified by a Note that allows the required operating RHR loop to be removed from. service for up to I hour per 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> period, provided no operations are permitted that would cause a reduction of the RCS boron concentration. Boron concentration reduction is prohibited because uniform concentration distribution cannot be ensured without forced circulation. This permits operaticns such as.

valve testing, core mapping, or alterations in the vicinity of the reacto'r vessel hot 1.eg nozzles. During this I hour period decay heat is removed by natural convection to the large mass of water in the refueling cavity.

The LC0 is also modified by a second Note that allows the required O- RHR Loop to be removed from service for up to 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> per 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> period to support surveillance leak rate testing of the RCS to RHR suction isolation valves, provided that no operations are permitted which might result in reduction of boroa concentration. During this 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> period, decay heat is removed by natural convection to the large mass of water in the refueling cavity and the RCS.

APPLICABILITY One RHR loop must be OPERABLE and in o>eration in MODE 6 with the water level a 23 ft above the top of t1e reactor vessel flange, to provide decay heat removal. The 23 ft water level was selected ,

because it corresponds to the 23 ft requirement established for fuel movement in LCO 3.9.7." Refueling Cavity Water Level." Requirements for the RHR System in other MODES are covered by LCOs in Section 3.4 Reactor Coolant System (RCS), and Section 3.5. Emergency Core Coolin Systems (ECCS). RHR loop requirements in MODE 6 with the water leve ,

< 23 ft are located in LC0 3.9.6. " Residual Heat Removal (RHR) and

' Coolant Circulation-Low Water Level."

' ACTIONS RHR loop requirements are met by having one RHR loo) OPERABLE and in operation, except as permitted in the Notes to the _CO.

t (Continued)

~0!ABLO CANYON - UNITS.1 &'2 B 3.9-12 f

-- & -c ,% v-,s s , ,,m . , . .

I f.-

I RHR and Coolant Circulation-High Water Level B 3.9.5 ,

BASES I iO ACTIONS- M 1 .(continued) >

If RHR loop requirements are not met, there will be no forced l circulation to provide mixing to establish uniform boron i

! cMcentrations. The suspension of any operation involving a reduction  !

in reactor coolant boron concentration will reduce the likelihood of i stratification of the boron concentration developing within the RCS. l i, U If RHR loop requirements are not met, actions shall be taken 1

immediately to suspend loading of irradiated fuel assemblies in the ,
core. With no forced circulation cooling, decay heat removal from

, the core occurs by natural convection to the heat sink provided by the water above the core. A minimum refueling water level of 23 ft l above the reactor vessel flange provides an adequate available heat sink. Suspending any operation that would increase decay heat load.  :

such as loading an irradiated fuel assembly, is a prudent action '

j under this condition.

l U

i If RHR' loop requirements are not met, actions shall be initiated and continued in order to satisfy RHR loop requirements. With the unit in MODE 6 and the refueling water level a 23 ft above the top of the i reactor vessel flange, corrective actions shall be initiated immediately, u  :

If RHR loop requirements are not met, all containment penetrations i providing direct access from the containment atmosphere to the i outside atmosphere must be closed within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />. With the RHR loop recuirements not met, the potential exists for the coolant to boil )

anc release radioactive gas to the containment atmosphere. Closing containment penetrations that are open to the outside atmosphere ensures dose limits are not exceeded.

1 The Completion Time of 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> is reasonable, based on the low probability of the coolant boiling in that time.

! SURVEILLANCE SR 3.9.5.1 F REQUIREMENTS This Surveillance demonstrates that the RHR loop is in operation and circulating reactor coolant. The flow rate of 3000 gpm is determined l by the flow rate necessary to provide sufficient decay heat removal capability and to prevent thermal and boron-stratification in the core prior to 57 hours6.597222e-4 days <br />0.0158 hours <br />9.424603e-5 weeks <br />2.16885e-5 months <br /> of core subcriticality. The second part of

. - this Surveillance serves the same function but with 57 hours6.597222e-4 days <br />0.0158 hours <br />9.424603e-5 weeks <br />2.16885e-5 months <br /> or more

of core subcriticality. The flow rate of 1300 gpm is determined by t

(Continued)

DIABLO CANYON - UNITS 1 & 2 .B 3.9-13

.r t

y- - - - vn -

.- r nv - . - . y

RHR and Coolant Circulation-High Water Level B 3.9.5 BASES O SURVEILLANCE the flow rate necessary to 3rovide sufficient decay heat removal RE0VIREMENTS- capability and to prevent tiermal and boron stratification in the (continued) core. Both of these flow rates are points of the same flow rate verses decay heat curves. The Frequency of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is sufficient, considering the flow, temperature, pump control, and alarm indications available to the operator in the control room for monitoring the RHR System (Ref. 2).

REFERENCES 1. FSAR , Section 5.5.7

2. LAR 88-01, dated 4/21/88 submitted by "RHR System Flow Rate Reduction,~

DCL 88-067.

V o

N]

DIABLO CANYON - UNITS 1 & 2 B 3.9-14

RHR and Coolant Circulation-Low Water Level B 3.9.6 c

\

B 3.9 REFUELING OPERATIONS i 8 3.9.6 Residual Heat Removal (RHR) and Coolant Circulation-Low Water Level l BASES l BACKGROUND The purpose of the RHR System in MODE 6 is to remove decay heat and i sensible heat from the Reactor Coolant System (RCS), as required by l GDC 34 to provide. mixing of borated coolant, and to prevent boron stratification (Ref.1). Heat is removed from the RCS by circulating reactor coolant through the RHR heat exchangers where the heat is transferred to the Component Cooling Water System. The coolant is then returned to the RCS via the RCS cold leg (s). Operation of the RHR System for normal cooldown decay heat removal is manually accomplished from the control room. The heat removal rate is adjusted by controlling the flow of reactor coolant through the RHR heat exchanger (s) and the bypass lines. Mixing of the reactor coolant is maintained by this continuous circulation of reactor coolant through the RHR System.

APPLICABLE If the reactor coolant temperature is not maintained below 200 F.

SAFETY ANALYSIS boiling of the reactpr coolant could result. This could lead to a loss of coolant in the reactor vessel. Additionally, boiling of the reactor coolant could lead to boron plating out on components near the areas of the boiling activity. The loss of reactor coolant and O the reduction of baron concentration in the reactor coolant will V eventually challenge the integrity of the fuel cladding, which is a fission product barrier. Two trains of the RHR System are required to be OPERABLE, and one train in operation, to prevent this challenge.

Although the RHR System does not meet a specific criterion of the NRC Policy Statement, it was identified in .10CFR50.36(c)(2)(ii) as an important contributor to risk reduction. Therefore, the RHR System is I retained as a Specification.

LC0 In MODE 6, with the water level < 23 ft above the top of the reactor vessel flange, both RHR loops must be OPERABLE. Additionally, one loop of RHR must be in operation in order to provide:

a. Removal of decay heat;
b. Mixing of borated coolant to minimize the possibility of criticality: and
c. Indication of reactor coolant temperature.

An OPERABLE RHR loop consists of an RHR pump, a heat exchanger, valves, piping instruments arid controls to ensure an OPERABLE flow path and to determine the low end temperature. The flow path starts in one of the RCS hot legs and is returned to the RCS cold legs. One

/^N (g (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.9-15

RHR and Coolant Circulation-Low Water Level B 3.9.6

- BASES LCO. . .

or both RHR pumps maybe aligned to the RWST to support filling the (continued) refueling cavity or for performance of required testing (Ref. 2).

~ APPLICA8ILITY Two RHR loops are required to be OPERABLE, and one RHR loop must be in operation in MODE 6, with the water level < 23 ft above the top of the reactor vessel flange, to provide decay heat removal. Requirements for the RHR System in other MODES are covered by LCOs in Section 3.4 Reactor Coolant System (RCS), and Section 3.5. Emergency Core Cooling Systems (ECCS). RHR loop requirements in MODE 6 with the water level a 23 ft are located in LC0 3.9.5. " Residual Heat Removal (RHR) and Coolant Circulation-High Water Level."

ACTIONS A.1 and A.2 If less than the required number of RHR loops are OPERABLE action shall be innediately initiated and continued until the RHR loop is restored to OPERABLE status and to operation or until a 23 ft of water level 'is established above the reactor vessel flange. When the water level is a 23 ft above the reactor vessel flange, the Applicability changes to that of LCO 3.9.5. and only one RHR loop is required to be OPERABLE and in operation. An immediate Completion Time is necessary for an operator to initiate corrective actions.

u If no RHR loop is in operation, there will be no forced circulation to provide mixing to establish uniform boron concentrations. Reduced boron concentrations cannot occur by the addition of water with a lower boron concentration than that contained in the RCS, because all l of the unborated water sources are isolated.

s M

1 If no RHR loop is in operation, actions shall be initiated

. immediately, and continued, to restore one RHR loop to operation.

Since the unit is in Conditions A and B concurrently, the restoration

, of two OPERABLE RHR loops and one operating RHR loop should be accomplished expeditiously.

4 I M i

! If no RHR loop is in operation, all containment penetrations providing direct access from the containment atmosphere to the outside atmosphere must be closed within 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />. With the RHR loop requirements not met, the potential exists for the coolant to boil and release radioactive gas to the containment atmosphere. Closing (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.9-16 e

t

l RHR and Coolant Circulation-Low Water Level B 3.9.6 l

(~T BASES l

V i containment penetrations that are open to the outside atmosphere ensures that dose limits are not exceeded.

The Completion Time of 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> is reasonable, based on the low probability of the coolant boiling in that time.

SURVEILLANCE SR 3.9.6.1 REQUIREMENTS This Surveillance demonstrates that one RHR loop is in operation and circulating reactor coolant. The flow rate of more than 3000 gpm is determined by the flow rate necessary to provide sufficient decay heat removal capability and to prevent thermal and boron stratification in the core prior to 57 hours6.597222e-4 days <br />0.0158 hours <br />9.424603e-5 weeks <br />2.16885e-5 months <br /> subcritical. The second part of this Surveillance serves the same function but with 57 hours6.597222e-4 days <br />0.0158 hours <br />9.424603e-5 weeks <br />2.16885e-5 months <br /> or more of core subcriticality and provides a reduced flow rate of 1300 gpm based upon a reduced decay heat load. Both of these flow rates are points of the same flow rate verses decay heat curves. The 1300 gpm limit also precludes exceeding the 1675 gpm upper flow limit to prevent vortexing and air entrainment of the RHR piping system. RHR pump vortexing (failure to meet pump suction requirements) during mid-loop operation may result in RHR pump failure and non-conservative RCS level indication. The Frequency of 12 hours1.388889e-4 days <br />0.00333 hours <br />1.984127e-5 weeks <br />4.566e-6 months <br /> is sufficient, m considering the flow, temperature, pump control, and alarm indications

/T available to the operator for monitoring the RHR System in the control d room (Ref. 3).

SR 3.9.6.2 ,

l Verification that the required pump is OPERABLE ensures that an  ;

additional RHR pump can be placed in operation, if needed, to maintain decay heat removal and reactor coolant circulation.

Verification is performed by verifying proper breaker alignment and i power available to the required pump. The Frequency of 7 days is i considered reasonable in view of other administrative controls available and has been shown to be acceptable by operating experience.

l l

REFERENCES 1. FSAR , Section 5.5.7

2. WOG Standard Technical Specification Change Traveler TSTF-21.
3. LAR 88-01. dated 4/21/88, submitted by "RHR System Flow Rate Reduction."

DCL 88-067.

l O, l DIABLO CANYON - UNITS 1 & 2 B 3.9-17 l

Cavity Water Level B 3.9.7

(] B 3.9 REFUELING OPERATIONS 8 3.9.7 Refueling Cavity Water Level BASES BACKGROUND The movement of irradiated fuel assemblies or performance of CORE ALTERATIONS. except during latching and unlatching of control rod drive shafts, or friction testing of individual control rods within containment requires a minimum water level of 23 ft above the top of the reactor vessel flange. During refueling, this maintains sufficient water level in the containment, refueling canal, fuel transfer canal, refueling cavity, and spent fuel pool. _ Sufficient water is necessary to retain iodine fission product activity in the water in the event of a fuel handling accident (Refs. I and 2).

Sufficient iodine activity would be retained to limit offsite doses from the accident to < 25% of 10 CFR 100 limits, as provided by the guidance of Reference 3 APPLICABLE During CORE ALTERATIONS and novement of irradiated fuel assemblies.

SAFETY ANALYSIS the water level in the refueling canal and the refueling cavity is an initial condition design parameter in the analysis of a fuel handling accident in containment, as postulated by Regulatory Guide 1.25 ,

(Ref. 1). A minimum water level of 23 ft (Regulatory Position C.1.c '

l of Ref.1) alkws a 'Jecontamination factor of 100 (Regulatory

( . Position C.1 g of Ref. 1) to be used in the accident analysis for iodine. This relates to the assumption that 99% of the total iodine released from the pellet to cladding gap of all the dropped fuel assembly rods is retained by the refueling cavity water. The fuel pellet to cladding gap is assumed to contain 10% of the total fuel rod iodine inventory (Ref. 1).

The fuel handling accident analysis inside containment is described in Reference 2. With a minimum water level of 23 ft and a minimum decay time of 100 hours0.00116 days <br />0.0278 hours <br />1.653439e-4 weeks <br />3.805e-5 months <br /> prior to fuel handling, the analysis and test 3rograms demonstrate that the 1odine release due to a postulated fuel landling accident is adequately captured by the water and offsite doses are maintained well within allowable limits (Refs. 4. and 5.).

Refueling cavity water level satisfies Criterion 2 of 10CFR50.36(c)(2)(ii).

LCO- A minimum refueling cavity water level of 23 ft above the reactor vessel flange is required to ensure that the radiological consequences of a postulated fuel handling accident inside containment are within acceptable limits, as provided by the guidance of Reference 3.

O b (continued)

DIABLO CANYON - UNITS 1 & 2 B 3.9 18

- - -- . . . ---- . . . _ . _ . . _ - , - ~ _ . . -- .. . - . . ~

Refueling Cavity Water Level l 8 3.9.7 BASES  ;

j APPLICABILITY LC0 3.9.7 is applicable during CORE ALTERATIONS. except during latching and unlatching of control rod drive shafts, and when moving i: irradiated fuel assemblies within containment. The LC0 minimizes the

] possibility of a fuel handling accident in containment that is beyond the assumptions of the safety analysis. If irradiated fuel assemblies are.not present in containment, there can be no significant radioactivity release as a result of a postulated fuel handling accident. Requirements for fuel. handling accidents in the

spent fuel pool are covered by LCO 3.7.15. " Fuel Storage Pool Water

! Level."

1 ACTIONS A1 i

With a water level of < 23 ft above the top of the reactor vessel

flange, all operations involving CORE ALTERATIONS or movement of j irradiated fuel assemblies within the containment shall be suspended

.immediately to ensure that a fuel handling accident cannot occur.

I-I The suspension of CORE ALTERATIONS and fuel movement shall not 4 preclude completion of movement of a component to a safe position.

4 SURVEILLANCE SR 3.9 7.1

REQUIREMENTS Verification of a minimum water level of 23 ft above the top of the 4 reactor vessel flange ensures that the design basis for the analysis i of the postulated fuel handling accident during refueling operations
is met. Water at the required level above the top of the reactor
vessel flange limits the consequences of damaged fuel rods that are i postulated to result from a fuel handling accident inside containment (Ref. 2).

, The Frequency of 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> is based on engineering judgment and is i considered adequate in view of the large volume of water and the normal procedural controls of valve positions, which make significant

- unplanned level changes unlikely.

i V

j REFERENCES 1. Regulatory Guide 1.25, March 23, 1972.

. 2. FSAR, Section 15.4.5.

3. NUREG 0800, Section 15.7.4.

[

4. 10 CFR 100.10.

1

5. Malinowski . D. D. , Bell, M. J. , Duhn, E. , and Locante. J. ,

WCAP-828, Radiological Consequences of a Fuel Handling j; Accident, December 1971.

' 0IABLO CANYON - UNITS 1 & 2 B 3.9-19 y , ,. ~+ ., s .,.r. . . . + . . . . , - , . , , , , - - . . .-

Retrieved from "https://kanterella.com/w/index.php?title=IA-97-166,_Forwards_SE_Re_Request_to_Establish_Requirements_for_Audits_of_TS_Subject_to_Provisions_of_App_B_to_10CFR50.Request_Left_Unsolved_Pending_Further_NRC_Review&oldid=2937342"