IR 05000361/2011010

From kanterella
Jump to navigation Jump to search
IR 05000361-11-010, 05000362-11-010, on 06/20/2011 - 09/13/2011, San Onofre Nuclear Generating Station, Units 2 and 3, Baseline Inspection, NRC Inspection Procedure 71111.21, Component Design Basis Inspection.
ML112870563
Person / Time
Site: San Onofre  Southern California Edison icon.png
Issue date: 10/14/2011
From: Thomas Farnholtz
Region 4 Engineering Branch 1
To: Peter Dietrich
Southern California Edison Co
References
IR-11-010
Download: ML112870563 (59)
v  d  e


Text

UNITE D S TATE S NUC LEAR RE GULATOR Y C OMMI S SI ON ber 14, 2011

SUBJECT:

SAN ONOFRE NUCLEAR GENERATING STATION - NRC COMPONENT DESIGN BASES INSPECTION NRC REPORT 05000361/2011010 and 05000362/2011010

Dear Mr. Dietrich:

On September 13, 2011, the US Nuclear Regulatory Commission (NRC) completed a Component Design Bases Inspection at your San Onofre Nuclear Generating Station, Units 2 and 3 facility. The enclosed report documents our inspection findings. The preliminary findings were discussed on July 22, 2011, with Mr. P. Dietrich, Senior Vice President & Chief Nuclear Officer and other members of your staff. After additional in-office inspection, a final telephonic exit meeting was conducted on September 13, 2011, with Mr. R. St. Onge, Director, Nuclear Regulatory Affairs, and others of your staff.

The inspection examined activities conducted under your license as they relate to safety and compliance with the Commission's rules and regulations and with the conditions of your license.

The team reviewed selected procedures and records, observed activities, and interviewed cognizant plant personnel.

Based on the results of this inspection, the NRC has identified six findings that were evaluated under the risk significance determination process. Violations were associated with all of the findings. All six of the findings were found to have very low safety significance (Green) and the violations associated with these findings are being treated as noncited violations, consistent with the NRC Enforcement Policy.

If you contest any of the noncited violations, or the significance of the violations you should provide a response within 30 days of the date of this inspection report, with the basis for your denial, to the US Nuclear Regulatory Commission, ATTN: Document Control Desk, Washington, DC 20555-0001, with copies to the Regional Administrator, U.S. Nuclear Regulatory Commission, Region IV, 612 East Lamar Blvd., Suite 400, Arlington, Texas 76011;

Southern California Edison Company -2-the Director, Office of Enforcement, US Nuclear Regulatory Commission, Washington, DC 20555-0001; and the NRC Resident Inspector at the San Onofre Nuclear Generating Station, Units 2 and 3 facility. The information you provide will be considered in accordance with Inspection Manual Chapter 0305. In addition, if you disagree with the characterization of the cross-cutting aspect assigned to any finding in this report, you should provide a response within 30 days of the date of this inspection report, with the basis for your disagreement, to the Regional Administrator, Region IV, and the NRC Resident Inspector at San Onofre Nuclear Generating Station, Units 2 and 3 facility.

In accordance with Code of Federal Regulations, Title 10, Part 2.390 of the NRC's Rules of Practice, a copy of this letter and its enclosure will be available electronically for public inspection in the NRC Public Document Room or from the Publicly Available Records (PARS)

component of NRC's document system (ADAMS). ADAMS is accessible from the NRC Web site at http://www.nrc.gov/reading-rm/adams.html (the Public Electronic Reading Room).

Sincerely,

/RA/

Thomas R. Farnholtz, Chief Engineering Branch 1 Division of Reactor Safety Docket Nos. 50-361, 50-362 License Nos. NPF-10, NPF-15

Enclosure:

NRC Inspection Report 05000361/2011010 and 05000362/2011010 w/Attachment:

1 - Supplemental Information

REGION IV==

Docket: 50-361, 50-362 License: NPF-10, NPF-15 Report: 05000361/2011010 and 05000362/2011010 Licensee: Southern California Edison Co. (SCE)

Facility: San Onofre Nuclear Generating Station, Units 2 and 3 Location: 5000 S. Pacific Coast Hwy San Clemente, California Dates: June 20, 2011 through September 13, 2011 Team Leader: R. Kopriva, Senior Reactor Inspector, Engineering Branch 1, Region IV Inspectors: J. Drake, Senior Reactor Inspector, Plant Support Branch 2, Region IV J. Watkins, Reactor Inspector, Engineering Branch 2, Region IV S. Pindale, Senior Reactor Inspector, Engineering Branch 1, Region I Accompanying H. Campbell, Ph.D., Mechanical Contractor, Beckman and Associates Personnel: S. Kobylarz, Electrical Contractor, Beckman and Associates W. Sherbin, Mechanical Contractor, Beckman and Associates Approved By: Thomas R. Farnholtz, Branch Chief Engineering Branch 1-1- Enclosure

SUMMARY OF FINDINGS

IR 05000361/2011010, 05000362/2011010; 06/20/2011 - 09/13/2011; San Onofre Nuclear

Generating Station, Units 2 and 3, baseline inspection, NRC Inspection Procedure 71111.21,

Component Design Basis Inspection.

The report covers an announced inspection by a team of four regional inspectors and three contractors. Six findings were identified. All of the findings were of very low safety significance.

The final significance of most findings is indicated by their color (Green, White, Yellow, Red)using Inspection Manual Chapter (IMC) 0609, Significance Determination Process. Findings for which the significance determination process does not apply may be Green or be assigned a severity level after NRC management review. The NRC's program for overseeing the safe operation of commercial nuclear power reactors is described in NUREG-1649, Reactor Oversight Process, Revision 4, dated December 2006.

NRC-Identified Findings

Cornerstone: Mitigating Systems

Green.

The team identified a Green noncited violation of 10 CFR 50, Appendix B,

Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions. Specifically, from initial construction until July 22, 2011, the licensee had not properly evaluated the seismic qualification of the buried emergency diesel generator fuel oil storage tanks, to ensure that the tanks structures would not fail during a seismic event. The calculation did not accurately reflect the actual installed condition of the fuel oil tanks.

The team determined that failure of the tanks to remain intact would impact the capability of the safety related emergency diesel generators to perform their design function following the event. This finding was entered into the licensees corrective action program as Nuclear Notification NN-201548802.

The team determined that the failure to have an adequate seismic calculation for emergency diesel generator fuel oil storage tanks was a performance deficiency.

The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. Specifically, the inadequate design analysis of these components could have resulted in structural failure, preventing continued operation of the emergency diesel generators after an earthquake. In accordance with Inspection Manual Chapter 0609, Attachment 4,

"Phase 1 - Initial Screening and Characterization of Findings," the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee performed a preliminary re-evaluation of the tank shell stresses due to the concrete structures, and determined that the tank stresses were still within the American Society of Mechanical Engineers (ASME) Code allowable stresses following a Safe Shutdown Earthquake (SSE). The team reviewed the evaluation, and concurred that the stresses were below those allowed by ASME Boiler and Pressure Vessel Code. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance (Section 1R21.2.9).

Green.

The team identified a Green noncited violation of 10 CFR Part 50, Appendix B, Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions. Specifically, as of July 22, 2011, the licensee failed to evaluate that the voltage available at the emergency diesel generator diesel engine air start solenoid would be sufficient to ensure starting the diesel engine under design basis conditions. The licensee failed to incorporate the required minimum operating voltage for the emergency diesel generator air start solenoids into Calculation E4C-017. This finding was entered into the licensees corrective action program as Nuclear Notifications NN-201513266 and NN-201566686.

The team determined that the failure to incorporate the required minimum operating voltage for the emergency diesel generator air start solenoids into Calculation E4C-017 was a performance deficiency. The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. In accordance with Inspection Manual Chapter 0609, Attachment 4,

"Phase 1 - Initial Screening and Characterization of Findings," the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee performed subsequent analyses and actual tests of the air start solenoids, which demonstrated that the emergency diesel generator air start solenoids would function as required to mitigate an accident. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance (Section 1R21.2.13).

Green.

The team identified a Green non-cited violation of 10 CFR 50, Appendix B,

Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions. Specifically, as of July 22, 2011, the licensee did not incorporate the vendor required amperage limit, identified in engineering change package ECP-040201281-2, for bus load limit requirements, into 480 Volt Switchgear Operating Instructions SO23-6-3. This finding was entered into the licensees corrective action program as Nuclear Notification NN201570846.

The team determined that the failure to incorporate the vendor required amperage limit, identified in engineering change package ECP-040201281-2, for bus load limit requirements, into 480 Volt Switchgear Operating Instructions SO23-6-3 was a performance deficiency. The finding was more that minor because it was associated with the mitigating systems cornerstone attribute of design control, to ensure the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences (i.e., core damage). In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings," the finding was determined to have very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee had never implemented 480 Volt Switchgear Operating Instructions SO23-6-3 for the purpose of cross tying busses in an emergency, where the limiting load on the bus may have been exceeded. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance (Section 1R21.2.14).

Green.

The team identified a Green noncited violation of 10 CFR 50, Appendix B,

Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions. Specifically, as of July 22, 2011, the licensee failed to incorporate the fuse resistance, fuse clips resistance, and cable temperature and resistance effects (for Auxiliary Feedwater High Energy Line Breaks only), into Calculations E4C-084 and E4C-085, for degraded voltage conditions. This finding was entered into the licensees corrective action program as Nuclear Notification NN-201546570 and NN-201550186.

The team determined that the failure to fully evaluate the circuit load in determining design limits in electrical calculations for degraded voltage conditions was a performance deficiency. The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. In accordance with NRC Inspection Manual Chapter 0609,

Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings," the team determined that the finding was of very low safety significance (Green)because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee performed subsequent preliminary analyses which demonstrated that the control circuits, where marginal voltage was available, would function as required to mitigate an accident. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance (Section 1R21.2.15).

Green.

The team identified a Green noncited violation of 10 CFR 50.65,

Requirements for monitoring the effectiveness of maintenance at nuclear power plants, which states in part: Each holder of a license to operate a nuclear power plant shall monitor the performance or condition of structures, systems, or components, against licensee-established goals, in a manner sufficient to provide reasonable assurance that such structures, systems, and components, are capable of fulfilling their intended functions, and when the performance or condition of a system, structure, or component, does not meet established goals, appropriate corrective actions shall be taken. Specifically, as of July 22, 2011, the licensee failed to adequately monitor the condition of the Flood Level Detecting system in a manner to provide reasonable assurance the system could perform its intended function. The licensee failed to properly evaluate Maintenance Rule Functional Failures and take appropriate corrective actions to improve system performance.

These level switches are connected to control room annunciation to warn the control room of flooding in a space that has safety-related or important to safety components. This has been entered into the licensees corrective action program as Nuclear Notifications NN-201567315 and NN-201570575.

The team determined that the failure to properly maintain the flood level sensors which are used for control room annunciation to warn the control room of flooding of a space that has safety related or important to safety components, was a performance deficiency. The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. Specifically, the licensee did not maintain flood level sensors appropriately to provide reasonable assurance that the components would be capable of fulfilling their intended function. In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings, the team determined that the finding represented the degradation of equipment and functions specifically designed to provide notification to the control room of flooding of spaces with safety related or important to safety equipment and components. Therefore, the finding was potentially risk significant and a Phase 3 analysis was required. The preliminary significance determination was based on Inspection Manual Chapter 0609, Appendix M, Significance Determination Process Using Qualitative Criteria. The senior reactor analyst determined qualitatively that the risk was very low for the following reasons: (1) the frequency of internal flooding is very low, (2) floods in most of the problem areas would not cause a transient, (3)redundant indications of flooding exist, including fire and sump pump operations, and (4) none of the potentially flooded areas would likely affect more than one train of safety equipment. This finding involved a cross-cutting aspect in the area of Human Performance, Resources, because the licensee failed to assure that equipment and other resources were available and adequate to assure nuclear safety. Specifically, the licensee was not able to maintain the flood level switches adequately to assure nuclear safety due to long-standing equipment issues H.2(a)(Section 1R21.3.2).

Green.

The team identified a Green non-cited violation, with multiple examples, of 10 CFR 50, Appendix B, Criterion VI, Document Control, which states in part:

Measures shall be established to control the issuance of documents, such as instructions, procedures, and drawings, including changes thereto, which prescribe all activities affecting quality. These measures shall assure that documents, including changes, are reviewed for adequacy and approved for release.

Specifically, on June 23, 2011, the team identified numerous drawing inconsistencies where changes to certain components were not changed on all affected drawings and procedural errors where changes were not made to all affected documents. The licensee has entered the errors into their corrective action program under numerous Nuclear Notifications listed in section 4AO2.

The team identified that collectively, from a program perspective, the failure to properly incorporate design changes of components in the plant to all affected drawings, procedures, or instructions, was a performance deficiency. The finding was more than minor because if left uncorrected, the performance deficiency had the potential to lead to a more significant safety concern. In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings, the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, none of the documents with the identified errors had been used in response to any events or plant perturbations.

This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance (Section 4OA2).

Licensee-Identified Violations

No finding were identified.

REPORT DETAILS

REACTOR SAFETY

Inspection of component design bases verifies the initial design and subsequent modifications and provides monitoring of the capability of the selected components and operator actions to perform their design bases functions. As plants age, their design bases may be difficult to determine and important design features may be altered or disabled during modifications. The plant risk assessment model assumes the capability of safety systems and components to perform their intended safety function successfully.

This inspectable area verifies aspects of the Initiating Events, Mitigating Systems and Barrier Integrity cornerstones for which there are no indicators to measure performance.

1R21 Component Design Bases Inspection

Main article: IP 71111.21

To assess the ability of the San Onofre Nuclear Generating Station equipment and operators to perform their required safety functions, the team inspected risk significant components, and the licensees responses to industry operating experience. The team selected risk significant components for review, using information contained in the San Onofre Nuclear Generating Station Probabilistic Risk Assessment and the U. S.

Nuclear Regulatory Commissions (NRC) standardized plant analysis risk model. In general, the selection process focused on components that had a risk achievement worth factor greater than 1.3 or a risk reduction worth factor greater than 1.005. The items selected included components in both safety-related and nonsafety related systems including pumps, circuit breakers, heat exchangers, transformers, and valves.

The team selected the risk significant operating experience to be inspected based on its collective past experience.

.1 Inspection Scope

To verify that the selected components would function as required, the team reviewed design basis assumptions, calculations, and procedures. In some instances, the team performed calculations to independently verify the licensee's conclusions. The team also verified that the condition of the components was consistent with the design bases and that the tested capabilities met the required criteria.

The team reviewed maintenance work records, corrective action documents, and industry operating experience records to verify that licensee personnel considered degraded conditions and their impact on the components. For the review of operator actions, the team observed operators during simulator scenarios, as well as during simulated actions in the plant.

The team performed a margin assessment and detailed review of the selected risk-significant components to verify that the design bases have been correctly implemented and maintained. This design margin assessment considered original design issues, margin reductions because of modifications, and margin reductions identified as a result of material condition issues. Equipment reliability issues were also considered in the selection of components for detailed review. These included items such as failed performance test results; significant corrective actions; repeated maintenance;

10 CFR 50.65(a)1 status; operable, but degraded, conditions; NRC resident inspector input of problem equipment; system health reports; industry operating experience; and licensee problem equipment lists. Consideration was also given to the uniqueness and complexity of the design, operating experience, and the available defense in-depth margins.

The inspection procedure requires a review of 15 to 25 samples that include risk-significant and low design margin components, containment related components, and operating experience issues. The sample selection for this inspection was 18 components, one of which is containment related, two operating experience items, and two Event Scenario-Based activities. The selected inspection and associated operating experience items supported risk significant functions including the following:

a. Electrical power to mitigation systems: The team selected several components in the offsite and onsite electrical power distribution systems to verify operability to supply alternating current (AC) and direct current (DC) power to risk significant and safety-related loads in support of safety system operation in response to initiating events such as loss of offsite power, station blackout, and a loss-of-coolant accident with offsite power available. As such the team selected:

  • 4160 Volt Bus 2A06 to Bus 3A06 Cross-Tie
  • 480 Volt Load Center Transformer 3B06X b. Seismic concern on components: The team reviewed several components required to minimize the effects of seismic activity as an initiating event. These components were required to provide cooling and mitigate the consequences of analyzed events. As such the team selected:
  • Salt Water Outfall (Discharge)
  • Refueling Water Tank Outlet Valve 2HV9301

.2 Results of Detailed Reviews for Components

.2.1 Unit 3 Low Pressure Safety Injection Pump (P016)

a. Inspection Scope

The team reviewed portions of the Updated Final Safety Analysis Report, Technical Specifications, system description and design bases documents to determine the system

design and performance criteria for the Unit 3 Low Pressure Safety Injection pump P016.

The team also performed a walkdown of the pump area to examine the installed configuration and general material condition of the pump. Further the team held discussions with cognizant licensee individuals with focus on pump performance and testing procedures. Specifically the team reviewed:

  • Piping and instrument diagrams of the as built pump configuration, and associated flow, pressure and temperature instruments
  • Specifications of the orifice plates used to determine Low Pressure Safety Injection flow during performance of Inservice Test (IST) surveillances
  • Instrument uncertainty Calculations which evaluated Instruments used in the Inservice Testing Program, (shutdown cooling temperature, suction and discharge pressure indicators, flow indications)
  • Calculations used to evaluate Inservice Testing and design basis test performance requirements, (includes instrument uncertainties coupled with performance requirements)
  • Quarterly and Full Flow surveillances procedures and test results used to verify required Residual Heat Removal pump performance and potential pump degradation
  • Nuclear Notifications (corrective action documents) addressing pump performance, maintenance and operability evaluations

b. Findings

No finds were identified.

.2.2 Unit 2 Salt Water Cooling Pump

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, Technical Specifications, system design criteria to determine the system design and performance criteria for the Unit 2 Salt Water Cooling Pump P307. Further, selected drawings, operating procedures, and past Nuclear Notification reports for pump P307 were reviewed. After a walkdown of the Salt Water Cooling pump and nearby areas, the team discussed the current health and condition of the pump with the system engineer. Specifically the team reviewed:

  • Piping and instrument diagrams of the as built pump configuration and associated flow, pressure and temperature instruments
  • Schematics of the intake structure, including the layout of the Salt Water Cooling and Circulating Water pumps
  • Instrument uncertainty calculations, which evaluated Instruments, used in the Inservice Testing Program, (shutdown cooling temperature, suction and discharge pressure indicators, flow indications)
  • Quarterly and Full Flow surveillances procedures and test results used to verify required Residual Heat Removal pump performance and potential pump degradation
  • Nuclear Notifications addressing pump performance, maintenance and operability evaluations

b. Findings

No findings were identified.

.2.3 Reactor Coolant Pump P001 Seal Heat Exchanger

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, Reactor Coolant System Design Basis Document and Reactor Coolant System Description, and selected drawings for the Reactor Coolant Pump P001 Seal Heat Exchanger to determine the design and performance criteria for the Reactor Coolant Pump P001 Seal Heat Exchanger. Further, the team discussed the history of the major change in design and implementation of the current seal heat exchangers with the cognizant system engineers. Specifically, the team reviewed:

  • Nuclear Notifications leading to decisions for implementing design changes to the reactor coolant pump seal heat exchangers
  • Piping and instrument diagrams of the reactor coolant pumps and associated seal heat exchangers
  • Sectional drawings of the currently installed as-built reactor coolant pump seal heat exchangers
  • Design change package, which implemented removal of the high temperature component cooling water return lockout circuitry

b. Findings

No findings were identified.

.2.4 Refueling Water Tank Outlet Valve (2HV9301)

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating and test procedures for refueling water tank outlet motor-operated valve (MOV) 2HV9301. The team also performed walkdowns, held discussions with cognizant licensee individuals, and reviewed corrective action documents. Specifically, the team reviewed:

  • Motor-operated valve diagnostic and stroke-time test results
  • Calculations that determined motor-operated valve settings such as torque and limit switch settings
  • The motor-operated valve weak link calculations to ensure the ability of the motor-operated valves to remain structurally functional while stroking under design basis conditions
  • Valve design and operating analyses to determine maximum differential pressure expected across the valves during worst case operating conditions
  • Thermal binding and pressure locking analyses
  • Degraded voltage conditions, thermal overload sizing, and voltage drop calculation results to confirm that the motor-operated valves would have sufficient voltage and power available to perform their safety function at degraded voltage conditions
  • Vendor manuals to ensure adequate maintenance and operation of the valves
  • Inservice Test basis documents and associated test results
  • Maintenance activities to ensure the components were being maintained in accordance with vendor recommendations

b. Findings

No findings were identified.

.2.5 Emergency Core Cooling System Suction Header Check Valve (S21204MU001)

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and maintenance and test procedures for emergency core cooling system suction header check valve S21204MU001. The team also performed walkdowns, held discussions with cognizant licensee individuals, and reviewed corrective action documents. Specifically, the team reviewed:

  • Inservice Test basis documents and associated test results, including forward flow and leakage rate test results
  • Calculations that provided the bases for the IST test criteria
  • Vendor manuals and associated maintenance activities to ensure the valves were being maintained in accordance with vendor recommendations

b. Findings

No findings were identified.

.2.6 Auxiliary Feedwater Check Valve S21305MU124 (for SG089) from Motor-Driven

Pump 141

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and maintenance and test procedures for auxiliary feedwater check valve S21305MU124. The team also held discussions with cognizant licensee individuals and reviewed corrective action documents. Specifically, the team reviewed:

  • Inservice test basis documents and associated test results, including forward flow and leakage rate test results
  • Calculations that provided the bases for the inservice test criteria
  • Vendor manuals and associated maintenance activities to ensure the valves were being maintained in accordance with vendor recommendations

b. Findings

No findings were identified.

.2.7 Containment Emergency Sump Outlet Isolation Valve (2HV9302)

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating and test procedures for containment emergency sump outlet motor-operated valve 2HV9302. The team also performed walkdowns, held discussions with cognizant licensee individuals, and reviewed corrective action documents. Specifically, the team reviewed:

  • Motor-operated valve diagnostic, logic and stroke-timing test results
  • Calculations that determined motor-operated valve settings such as torque and limit switch settings
  • The motor-operated valve weak link calculations to ensure the ability of the motor operated valves to remain structurally functional while stroking under design basis conditions
  • Valve design and operating analyses to determine maximum differential pressure expected across the valves during worst case operating conditions
  • Degraded voltage conditions, thermal overload sizing, and voltage drop calculation results to confirm that the motor-operated valves would have sufficient voltage and power available to perform their safety function at degraded voltage conditions
  • Vendor manuals to ensure adequate maintenance and operation of the valves
  • Inservice test basis documents and associated test results
  • Maintenance activities to ensure the components were being maintained in accordance with vendor recommendations

b. Findings

.

No findings were identified.

.2.8 Emergency Diesel Generator Emergency Supply Fan (S21503MA274)

a. Inspection Scope

The emergency diesel generator building supply fan operates to provide ambient air to remove heat generated by the emergency diesel generator and auxiliaries. The team reviewed the system design criteria, selected drawings, test and maintenance requirements for the emergency diesel generator building supply fan. The team also performed walkdowns, and held discussions with cognizant licensee individuals.

Specifically the team reviewed:

  • Piping and instrumentation drawings
  • Fan sizing calculation to ensure adequate air flow for heat removal
  • Fan start/stop control logic
  • Seismic qualification of the fan, and associated ductwork
  • Required specifications for fan and ductwork
  • Airflow measurement test to ensure fan capacity was in accordance with design airflow

b. Findings

No findings were identified.

.2.9 Emergency Diesel Generator Fuel Oil Tank (S22421MTO35)

a. Inspection Scope

The emergency diesel generator fuel oil storage tanks are buried structures, sized to provide seven days of fuel oil for the site emergency diesel generators. There are four tanks for both units, with one tank per emergency diesel generator. The team reviewed the system design criteria, selected drawings, and maintenance requirements for the emergency diesel generator fuel oil storage tank. The team also performed walkdowns, and held discussions with cognizant licensee individuals. Specifically the team reviewed:

  • Piping, instrumentation and structural drawings
  • Fuel oil tank sizing related to meeting Technical Specification requirements for adequate volume
  • Instrumentation calculations and completed calibrations for tank level measurement
  • Seismic qualification of the tank
  • Required specifications for buried tank
  • Completed surveillances performed to satisfy Technical Specifications Surveillance Requirements for oil sampling, sediment, and tank internal inspection
  • Required fuel oil transfer pump submergence to prevent vortexing
  • Seismic interaction between the buried tank and adjacent structures

b. Findings

Inadequate Assessment of Seismic Qualification of Emergency Diesel Generator Buried Fuel Oil Tanks

Introduction.

The team identified a Green noncited violation of 10 CFR 50, Appendix B, Criterion III, Design Control, because the licensee had not properly evaluated the seismic qualification of the buried emergency diesel generator fuel oil storage tanks, to ensure that the tanks structures would not fail during a seismic event. The calculation did not accurately reflect the actual installed condition of the fuel oil tanks.

Description.

The four emergency diesel generator fuel storage tanks are located underground. Each has a capacity of 55,000 gallons. During a walkdown of the Unit 2 and Unit 3 buried fuel oil tank area, the team observed concrete structures above the

tanks. Above one end of each tank there is a concrete vault, with the roof above plant grade, which houses the instruments, fuel oil transfer pumps, and one of the manways.

Above the other end of the tank is a concrete structure housing the filling station, and another manway. Following the walkdown, the team requested the licensee to provide the seismic analysis for the tanks, including the seismic interaction analysis of the concrete structures installed above the tanks. The team was given the tank vendor seismic evaluation, calculation number SO23-407-7-9, Seismic Design Analysis of Diesel Fuel Oil Storage Tanks. It states that the tanks are designed to Seismic Class I for nuclear service in accordance with American Society of Mechanical Engineers (ASME) Boiler and Pressure Vessel Code Section III, Subsection ND, for Class 3 components. The team reviewed the evaluation, and determined that the evaluation was non-conservative for the following reasons:

  • The calculation stated that the tanks were surrounded 100 percent by soil, and that the load was uniformly distributed. Actually, there are two concrete structures of substantial weight on top of each end of the tanks, with about 9 inches of soil between the tank top and the structures.
  • The stress analysis of the tank shell assumed the tank centerline was buried to a depth of 11 feet of soil. The centerline is actually buried under 16 feet of soil. This would increase the soil pressure by about 50 percent over what was evaluated.

The team was concerned that the seismic evaluation of record did not represent the earthquake loading conditions of the installed tanks. As a result of the teams concern, the licensee entered the issue into their corrective action program as Nuclear Notification NN-201548802, and performed a preliminary re-evaluation of the tank shell stresses due to the concrete structures, and determined that the tank stresses are still within the ASME Code allowable stresses following a Safe Shutdown Earthquake. The team reviewed the evaluation, and concurred that the stresses are below those allowed by ASME Code. A re-evaluation of the stresses due to the additional five feet of soil loading was not necessary because the calculation stated that there is 100 percent margin in the tank stresses due to soil loading, and the actual soil loading increase was approximately 50 percent.

Analysis.

The team determined that the failure to have an adequate seismic calculation for the emergency diesel generator fuel oil storage tanks was a performance deficiency.

The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. Specifically, the inadequate design analysis of these components could have resulted in structural failure, preventing continued operation of the emergency diesel generators after an earthquake. In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings," the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee performed a preliminary re-evaluation of the tank shell stresses due to the concrete structures, and determined that

the tank stresses were still within the ASME Code allowable stresses following a Safe Shutdown Earthquake. The team reviewed the evaluation, and concurred that the stresses were below those allowed by ASME Boiler and Pressure Vessel Code. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance.

Enforcement.

The team identified a Green noncited violation of 10 CFR 50, Appendix B, Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions. Contrary to the above, the licensee failed to assure that regulatory requirements and the design basis were correctly translated into specifications, drawings, procedures, and instructions.

Specifically, from initial construction until July 22, 2011, the licensee had not properly evaluated the seismic qualification of the buried emergency diesel generator fuel oil storage tanks, to ensure that the tanks structures would not fail during a seismic event.

The calculation did not accurately reflect the actual installed condition of the fuel oil tanks. The team determined that failure of the tanks to remain intact would impact the capability of the safety related emergency diesel generators to perform their design function following the event. This finding was entered into the licensees corrective action program as Nuclear Notification NN-201548802. Because this violation was of very low significance (Green) and has been entered into the licensees corrective action program, this violation is being treated as a noncited violation consistent with the NRC Enforcement Policy: NCV 05000361/2011010-01, Inadequate Assessment of Seismic Qualification of Emergency Diesel Generator Buried Fuel Oil Tanks.

.2.10 Component Cooling Water Surge Tank (S21203MT004)

a. Inspection Scope

The component cooling water surge tank provides an inventory of water at sufficient pressure to provide the component cooling water pump net positive suction head (NPSH), and sufficient water for component cooling water system leakage makeup. The team reviewed the system design criteria, selected drawings, test and maintenance requirements for the component cooling water surge tank. The team also performed walkdowns, and held discussions with cognizant licensee individuals. Specifically the team reviewed:

  • Piping and instrumentation drawings
  • Surge tank sizing related to meeting component cooling water leakage requirements, and meeting component cooling water pump net positive suction head requirements
  • Instrumentation calculations for tank pressure measurement instruments
  • Seismic qualification of the tank
  • Required specifications for component cooling water tank
  • Completed surveillances performed to satisfy Technical Specifications Surveillance Requirements for backup nitrogen supply capability

b. Findings

No findings were identified.

.2.11 Salt Water Outfall (Discharge)

a. Inspection Scope

The saltwater outfall is the discharge line to the ultimate heat sink (Pacific Ocean) for the saltwater cooling system. An emergency discharge line, common to Units 2 and 3, is provided in the event of blockage of the normal discharge line. The team reviewed the system design criteria, selected drawings, test and maintenance requirements for the Salt Water Outfall. The team also performed walkdowns of the outfall area, and held discussions with cognizant licensee individuals. Specifically the team reviewed:

  • Piping and structural drawings
  • Tsunami evaluation of the outfall area
  • Evaluation that determined seismic failure of the outfall would not block safety-related salt water cooling flow
  • Operating and maintenance procedures for the emergency discharge line, and valves

b. Findings

No findings were identified.

.2.12 4160 Volt Bus 2A06 to Bus 3A06 Cross-Tie

a. Inspection Scope

The team reviewed the system design criteria, selected drawings, design calculations and operating procedures for the Bus 2A06 to Bus 3A06 cross-tie. The team also performed walkdowns, reviewed Nuclear Notifications (condition reports) for recurrence of adverse conditions affecting reliability, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • One line diagrams of the cross-tie breakers and cable
  • Schematic diagrams for the cross-tie breakers
  • Surveillance and maintenance tests for the cross-tie
  • Operations test for the cross-tie
  • Cross-tie cable sizing calculation
  • Design basis load requirement for cross-tie
  • Cross-tie breaker protective relay setting calculation

b. Findings

No findings were identified.

.2.13 Emergency Diesel Generator 2G002 Start and Trip Functions

a. Inspection Scope

The team reviewed selected emergency diesel generator operating devices that under design basis conditions provided for starting the diesel engine and also that provided for the generator breaker to close and automatically trip. The team also performed walkdowns, reviewed Nuclear Notifications for recurrence of adverse conditions affecting reliability, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • Engine Systems, Inc. Report No. 10CFR21-0077, Graham-White Air Start Solenoid Valves #712-015 & #712-065
  • System one line and schematic diagrams
  • Vendor rating specifications for diesel engine air start solenoids and generator breaker close and trip devices
  • Calculated voltage available at diesel generator air start solenoids and generator breaker close and trip devices
  • Surveillance test results of diesel generator air start solenoids and generator breaker close device and trip devices enabled during accident conditions

b. Findings

Failure to evaluate that sufficient voltage would be available at the Emergency Diesel Generator air start solenoid

Introduction.

The team identified a Green noncited violation of 10 CFR Part 50, Appendix B, Criterion III, Design Control, because the licensee failed to evaluate that the voltage available at the emergency diesel generator diesel engine air start solenoid would be sufficient to ensure starting the diesel engine under design basis conditions.

Description.

The team performed walkdowns of Emergency Diesel Generator 2G002 to verify the vendor nameplate data for the generator and the diesel engine air start solenoid valves. The diesel engine air start solenoid valves were evaluated by the licensee under SEE No. 990010, based on Engine Systems, Inc. Report No. 10CFR21-0077 that resulted from NRC 10 CFR Part 21 Report 1998-12-0. The team also reviewed design calculation E4C-017.1, Class 1E 125 Vdc System Data/Loading, to verify the adequacy of the voltage available at the engine air start solenoid valve terminals during design basis conditions. The licensee had calculated transient voltage available (between approximately 81 and 85 Vdc) during start attempts of the diesel engine. The team found that the calculated available voltage to the solenoid was less than the minimum value specified on the solenoid valve vendor nameplate, 90 Vdc, and

that no analysis had been performed within the licensees calculation to justify the adequacy of the available voltage. The team found that the licensee failed to include vendor cut sheets in the calculation that indicated the minimum operating voltage and determined that the licensee did not evaluate the availability of sufficient voltage at the solenoids during design basis conditions. During the inspection, the licensee tested spare solenoid valves from their warehouse that were the same type and model as the solenoid valves that were installed on the emergency diesel generators. The testing results were satisfactory, providing reasonable assurance of operability for the solenoid valves during transient conditions when there would be less than rated voltage available.

In addition, the licensee performed a preliminary calculation that determined that the minimum continuous voltage available at the solenoid would meet the manufacturers tested and specified minimum value.

Analysis.

The team determined that the failure to incorporate the required minimum operating voltage for the emergency diesel generator air start solenoids into Calculation E4C-017 was a performance deficiency. The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings," the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee performed subsequent analyses and actual tests of the air start solenoids, which demonstrated that the emergency diesel generator air start solenoids would function as required to mitigate an accident. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance

Enforcement.

The team identified a Green noncited violation of 10 CFR Part 50, Appendix B, Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions.

Contrary to the above, the licensee failed to assure that applicable regulatory requirements and the design basis were correctly translated into specifications, drawings, procedures, and instructions. Specifically, as of July 22, 2011, the licensee failed to evaluate that the voltage available at the emergency diesel generator diesel engine air start solenoid would be sufficient to ensure starting the diesel engine under design basis conditions. The licensee failed to incorporate the required minimum operating voltage for the emergency diesel generator air start solenoids into Calculation E4C-017. This finding was entered into the licensees corrective action program as Nuclear Notifications NN-201513266 and NN-201566686. Because this violation was of very low significance (Green) and has been entered into the licensees corrective action program, this violation is being treated as a noncited violation consistent with the NRC Enforcement Policy: NCV 05000361/2011010-02, Failure to Evaluate that Sufficient Voltage Would be Available at the Emergency Diesel Generator Air Start Solenoid.

.2.14 480 Volt Load Center Transformer 3B06X

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating procedures for 480 Volt Load Center Transformer 3B06X. The team also performed walkdowns, reviewed Nuclear Notifications (condition reports) for recurrence of adverse conditions affecting reliability, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • One line diagrams for transformer 3B06X and load center 3B06
  • Transformer and load center vendor nameplate data
  • Engineering Change Package (ECP) 040201281-2 for installation of 3B06X cooling fans
  • Calculation for transformer and load center bus overcurrent protection settings
  • Load flow calculation for design basis transformer loading
  • Surveillance test of transformer overcurrent relays
  • Operating Instruction and Emergency Operating Instruction for load restrictions on load center 3B06

b. Findings

Failure to Incorporate Design Requirements into Procedures and Instructions

Introduction.

The team identified a Green noncited violation of 10 CFR Part 50, Appendix B, Criterion III, Design Control, because the licensee did not incorporate the design basis requirement from the vendor nameplate for maximum allowable amperage for load center 3B06, identified and required by Engineering Change Package ECP 040201281-2, in Operating Instruction SO23-6-3.

Description.

The team reviewed Updated Final Safety Analysis Report subsection 8.3.1.1.3.9, Class 1E Equipment Capacities, part B. 480 Volt Load Centers, 1.

Transformer, which showed the 3B06X transformer rating as 1500/2000 kVA, AA/FA.

The team also reviewed engineering change package ECP 040201281-2 for installation of load center transformer 3B06X cooling fans, which extended and increased the transformer rating from 1500 kVa AA to 1500/2000 kVa AA/FA. The engineering change package stated in the Description of Change, that, The rated (FA) current capability delivered by the Transformer will exceed the 2000 amperage rating of the 480 volt Circuit Breaker and bus bars of the Load center, therefore, the load on the transformer shall be limited to 1663 kVa (2000 amperes). This restriction will also be added in 480 Volt Switchgear Operating Instruction SO23-6-3. The team reviewed plant Operating Instruction SO23-6-3 and determined that the load restriction was not incorporated as required by the engineering change package. The team also reviewed Emergency Operating Instruction SO23-12-11 attachments for cross-connecting Class 1E 480 volt buses between units. Operating Instruction SO23-12-11, Attachment 23, can be utilized to cross-connect Load Center Bus 3B06 to Load Center Bus 2B06 and

supply 480 volt power to bus 2B06. The team found that the instruction did not restrict Load Center Bus 3B06 loading to 1663 kVa (or 2000 amperes) during the bus cross-tie condition in order to maintain the load center within the design basis rating. The team determined that due to the lack of information in operating instructions to limit load, plant operators may not maintain Load Center Bus 3B06 within the maximum current rating during plant upset conditions, which could result in the potential for load center damage or failure.

Analysis.

The team determined that the failure to incorporate the vendor required amperage limit, identified in engineering change package ECP-040201281-2, for bus load limit requirements, into 480 Volt Switchgear Operating Instruction SO23-6-3 was a performance deficiency. The finding was more that minor because if left uncorrected, the performance deficiency had the potential to lead to a more significant safety concern.

In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings," the finding was determined to have very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee had never implemented 480 Volt Switchgear Operating Instruction SO23-6-3 for the purpose of cross tying busses in an emergency, where the limiting load on the bus may have been exceeded. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance.

Enforcement.

The team identified a Green non-cited violation of 10 CFR 50, Appendix B, Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions.

Contrary to the above, the licensee failed to assure that applicable regulatory requirements and the design basis were correctly translated into specifications, drawings, procedures, and instructions. Specifically, as of July 22, 2011, the licensee did not incorporate the vendor required amperage limit, identified in engineering change package ECP-040201281-2, for bus load limit requirements, into 480 Volt Switchgear Operating Instruction SO23-6-3. This finding was entered into the licensees corrective action program as Nuclear Notification NN-201570846. Because this violation was of very low significance (Green) and has been entered into the licensees corrective action program, this violation is being treated as a noncited violation consistent with the NRC Enforcement Policy: NCV 05000361/2011010-03, Failure to Incorporate Design Requirements into Procedures and Instructions.

.2.15 Auxiliary Feedwater Pump 2P-141 Discharge Flow Control Valve 2HV4713 Motor

Starter

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating procedures for discharge flow control valve 2HV4713 motor starter. The team also performed walkdowns, reviewed Nuclear Notifications

(condition reports) for recurrence of adverse conditions affecting reliability, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • Schematics and wiring diagrams for valve 2HV4713 motor starter
  • Calculation for minimum voltage available at motor terminals during design basis degraded voltage conditions
  • Calculation for minimum voltage at motor starter contactor coils during design basis degraded voltage conditions
  • Preventive maintenance performed on 2HV4713 motor starter and Limitorque motor operator

b. Findings

Failure to Evaluate the Effects of Fuse Resistance and High Energy Line Break Conditions on Control Circuit Voltage

Introduction.

The team identified a Green noncited violation of 10 CFR Part 50, Appendix B, Criterion III, Design Control, because the licensee failed to incorporate into Design Calculations E4C-084 and E4C-085 the control power transformer circuit fuse resistance, including fuse clip resistance, and the temperature effects on cable resistance due to Auxiliary Feedwater Building area High Energy Line Break.

Description.

The team reviewed Calculation E4C-084, Unit 2 MCC Control Circuit Voltage Analysis, and found the calculation failed to consider the resistive load of the circuit fuses and fuse clips on the control power transformer control circuit, which were assumed to have negligible resistance. When questioned by the team, the licensee measured control power fuses, which included the fuse holder resistance. The licensee confirmed by measurement that the 1 ampere and 2 ampere fuse in series in the 2HV4714 contactor control circuit added approximately 2.5 ohms resistance to the control circuit. The team considered the additional 2.5 ohms resistance to be significant relative to the total resistance of the control circuit cable and contacts, which was approximately 10.3 ohms. Also, during a plant walkdown, the team identified that the licensees calculation had also not considered the effect on control circuit cable resistance due to a high energy line break conditions in the auxiliary feedwater building when they determined the cable resistance in the control circuit voltage analysis. A preliminary analysis by the licensee during the inspection found that adequate voltage was available for the 2HV4713 contactor when the above noted deficiencies were corrected.

However, in reviewing the extent of condition for the fuse resistance deficiency, the licensee performed interim calculations which determined that 15 additional contactor control circuits would not meet the minimum voltage acceptance criteria based on the assumed conservative value for the control power transformer turns ratio. The licensee performed an additional interim calculation that took credit for a less conservative control power transformer turns ratio, but which was considered to be representative of the installed control power transformers. The less conservative control power transformer turns ratio, which was assumed based on the specifications for replacement control power transformers, improved the calculated voltage available to an acceptable value, which the licensee considered to provide a reasonable basis for immediate operability.

Subsequent to the inspection, the licensee verified the actual, installed, control power transformer turns ratio by field tests, and found the turns ratio to be acceptable for the 15 control circuits that were initially found to not meet the minimum voltage analytical limit for contactor operation.

Analysis.

The team determined that the failure to fully evaluate the circuit load in determining design limits in electrical calculations for degraded voltage conditions was a performance deficiency. The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. In accordance with NRC Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings," the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, the licensee performed subsequent preliminary analyses which demonstrated that the control circuits, where marginal voltage was available, would function as required to mitigate an accident. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance.

Enforcement.

The team identified a Green noncited violation of 10 CFR 50, Appendix B, Criterion III, Design Control, which states in part: Measures shall be established to assure that applicable regulatory requirements and the design basis are correctly translated into specifications, drawings, procedures, and instructions. Contrary to the above, the licensee failed to assure that applicable regulatory requirements and the design basis were correctly translated into specifications, drawings, procedures, and instructions. Specifically, as of July 22, 2011, the licensee failed to incorporate the fuse resistance, fuse clips resistance, and cable temperature and resistance effects (for Auxiliary Feedwater High Energy Line Breaks only), into Calculations E4C-084 and E4C-085, for degraded voltage conditions. This finding was entered into the licensees corrective action program as Nuclear Notification NN-201546570 and NN-201550186.

Because this violation was of very low significance (Green) and has been entered into the licensees corrective action program, this violation is being treated as a noncited violation consistent with the NRC Enforcement Policy: NCV 05000362/2011010-04, Failure to Evaluate the Effects of Fuse Resistance and High Energy Line Break Conditions on Control Circuit Voltage.

.2.16 Safety Related Instrumentation Inverter 3Y002

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating procedures for safety related instrument inverter 3Y002. The team also performed walkdowns, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • The inverter capacitor replacement program
  • 120 Vac vital instrument power one-lines
  • Vendor manuals and supplements for the 125 Vac inverter
  • Vendor schematics, wiring diagrams, and layout drawings for the inverter
  • Maintenance activities to ensure the components are being maintained in accordance with vendor recommendations
  • Calculations of record that determine and identify the loading margins for design basis conditions
  • Calculations of record that determine and identify minimum and maximum operating temperature limits, minimum and maximum voltages at the terminals of the inverters for design basis conditions
  • Last 3 system health reports covering these inverters; include supporting condition reports and any associated operability evaluations and root / apparent cause evaluations
  • Summary listing of condition reports associated with all vital inverters
  • Summary listing of replacement history for these inverters (starting with original equipment) and any design modifications associated with these inverters
  • The last three completed surveillance and preventative maintenance procedures performed

b. Findings

No findings were identified.

.2.17 Reserve Auxiliary Transformer 2XR1 Fans, Pumps, and Controls

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating procedures for Reserve Auxiliary Transformer 2XR1 fans, pumps, and controls. The team also performed walkdowns, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • Calculation and vendor data sheets for auxiliary device settings
  • Drawings, single line and distribution panel, showing plant electrical power feeds to the transformer control panel, pumps, and fans, including feeder cable sizes
  • Vendor data - transformer tests, bushing tests, and surge arrestor tests
  • Vendor schematics, wiring diagrams, and layout drawings for transformer components, controls and auxiliaries
  • Condition monitoring procedure/requirements and results/trend data (since unit installation) for transformer, bushings, and surge arrestors
  • Maintenance activities to ensure the components are being maintained in accordance with vendor recommendations
  • The last PM/calibration test on control power feeder breaker(s) to transformer auxiliaries

b. Findings

No findings were identified.

.2.18 Class1E 600 Volt Cable

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating procedures for Class 1E 600 Volt Cable. The team also performed walkdowns, and held discussions with cognizant licensee individuals.

Specifically, the team reviewed:

  • Latest Calculation(s) for Class 1E 600 Volt Power Cable Ampacity including any scheduled changes
  • Latest Calculation(s) for 480 Volt Power Circuit Breaker settings
  • Copies of modifications, on 480 Volt Load Centers or 480 Volt Motor Control Centers, within the last 5 years include Modification Summary and Technical Evaluation sections only
  • Maintenance activities to ensure the cables are being maintained in accordance with vendor recommendations

b. Findings

No findings were identified.

.3 Results of Reviews for Operating Experience

.3.1 Operating Experience Smart Sample FY2008-01 - Negative Trend and Recurring

Events Involving Emergency Diesel Generators

a. Inspection Scope

NRC Operating Experience Smart Sample (OpESS) FY 2008-01 is directly related to NRC Information Notice (IN) 2007-27, Recurring Events Involving Emergency Diesel Generator Operability. The team performed a detailed review of this operating experience item to verify that the licensee had appropriately assessed potential applicability to site equipment and initiated corrective actions where necessary. The team independently walked down the Unit 2 and Unit 3 emergency diesel generators on several occasions to inspect for indications of vibration-induced degradation on emergency diesel generator piping and tubing and for any type of leakage (e.g., air, fuel oil, lube oil). The team performed also held discussions with cognizant licensee individuals and reviewed corrective action documents. Specifically, the team reviewed:

  • The licensees evaluation of IN 2007-27 and associated corrective actions

b. Findings

No findings were identified.

.3.2 Inspection of Generic Letter 2007-01 - Inaccessible or Underground Power Cable

Failures that Disable Accident Mitigation Systems or Cause Plant Transients

a. Inspection Scope

The team reviewed the Updated Final Safety Analysis Report, system design criteria, selected drawings, and operating procedures for submergence of cable, including flood protection systems and the flood level sensors. The team also performed walkdowns, and held discussions with cognizant licensee individuals. Specifically, the team reviewed:

  • Listing of manholes inspected, date inspected and any photos taken during inspections
  • The design basis for monitoring water in the vaults (i.e., level alarms)
  • List of the cable vaults/tunnels/manholes and a listing of the cables and level switches inside
  • Maintenance activities to ensure the level switches are being maintained in accordance with vendor recommendations
  • Engineering evaluations and engineering changes associated with the flood detection system

b. Findings

Failure to maintain equipment important to safety

Introduction.

The team identified a Green noncited violation of 10 CFR Part 50.65, Requirements for monitoring the effectiveness of maintenance at nuclear power plants, in that appropriate corrective actions were not taken when the performance or condition of structures, systems, or components did not meet established goals. Specifically, the licensee failed to adequately monitor the condition of the Flood Level Detecting system in a manner to provide reasonable assurance the system could perform its intended function. The licensee also failed to properly evaluate Maintenance Rule Functional Failures and take appropriate corrective actions to improve system performance.

Description.

The Flood Protection System at the San Onofre Nuclear Generating Station consists of both passive and active components. The passive components are culverts, surface grading, subsurface drains, watertight doors, and the seawall. The passive components minimize flooding damage due to excessive rainfall, high tides, and wind generated waves. These passive components also handle seismic generated waves and ruptures of pipe and tanks. The active components of the Flood Protection System are the flood level sensors which are comprised of a: 1) float water level sensor, 2) switch, and 3) the associated alarm system. When area water levels begin to rise, these floor mounted devices actuate and provide annunciation at control room panels 2(3) CR57 to warn the control room operators, and local indication at

panels 2(3) ZL9480-1 and or panels 2(3) ZL9481-2, that local flooding has exceeded the ability of the normal sump system.

There are 92 flood level detector sensors installed in separate areas and rooms located throughout the plant in both units. The licensees Maintenance Rule Function Report MR-INST-01 identifies 37 different areas as having safety related flood level switches whose functional failures should be monitored. The Flood Protection subsystem is in the scope of 10 CFR 50.65, Maintenance Rule, because the flood sensors are safety-related (Quality Class II) as well as its function to mitigate accidents. The arrangement is that a single room location associated with a specific Train may have one or two flooding sensors. In the case where there is one sensor in a room, a single component failure would render the flooding detection system for that Train inoperable. Rooms having two sensors require both sensors to fail before flooding detection for that Train would be considered inoperable. Due to several documented failures the licensee has placed these components in 10 CFR 50.65(a)(1) status since September 2005.

There have been several modes of failure documented for the flood level sensors including: corrosion, stuck floats, switch mechanisms stuck, both float and switch mechanism stuck, moisture intrusion, and switches that would not activate when the float was in close proximity to the switch. Maintenance personnel have been able to free up the float and or switch mechanisms by cleaning, lubricating and exercising the mechanisms. From June 23, 2005 to January 16, 2007, five flood level sensors failed their respective surveillances and required cleaning and exercising in order to pass the surveillance test.

On January 23, 2006 the licensees Maintenance Rule Expert Panel directed the Action Request Committee (ARC) to perform an operability review of these failed switches.

The Action Request (corrective action document) which identified switches that had failed on June 23, 2005 and July 1, 2005, described a degraded condition where the equipment that had failed to operate on the initial test, were cleaned and lubricated, and the mechanisms exercised, and then functioned correctly. The Action Request did not identify the cause of the initial failure or actions to correct future problems. Therefore, the ARC concluded that the functional capability of the equipment was in question and it may not perform its intended function when required. The licensee concluded since the flood detectors failed the initial surveillance test and required pre-conditioning to yield acceptable test results that the switches identified in the Action Request were considered inoperable. The licensee set interim goals to 1) determine the cause of the failures, 2) replace detectors that had previously failed, and 3) sample a population of flood detectors to identify the possibility of a generic failure mechanism. The licensee also developed a plan to test the degraded flood level sensors every six months and required that the degraded flood level sensors must pass the tests without pre-conditioning every six months until appropriate corrective action was taken. On February 3, 2006 the first re-test was performed on the previously four failed units with following results: two of the switches passed, and two switches failed. Due to the subsequent failure of two of the units, the licensee took immediate action to replace both units and to continue the six month surveillance interval for the two units that had passed. These two units continued to be monitored every six months until they were replaced on January 25, 2008. On January 16, 2007, 3LSH9472-2, Safety Equipment Building Piping Tunnel Flood Detector Level failed its respective surveillance test and

was placed into the same six month monitoring program until it was replaced on January 21, 2008. On March 28, 2008 the Operability Assessment that required the six month monitoring interval was closed since all the units that were in the program had been replaced.

During the same time frame four additional switches failed. Two of the switches were replaced, but due to lack of replacement parts, Flood Level Detectors 2LSH9500-1, Diesel Generator Building Piping Trench Area Flood Detector Level, and 2LSH9462-1, Charging Pump P190 Area Flood Detector Level, were documented as being mechanically exercised, but were not placed in the accelerated monitoring program.

The team identified that on April 25, 2009, another flood level sensor, 2LSH9477-2, failed its surveillance test, was cleaned and exercised and placed back in service without being placed in an accelerated monitoring program. The failure and preconditioning was documented in NN-200404926 without identifying any other compensatory actions. As of July 22, 2011, all three of these flood level detectors had not been replaced or looked at since being placed back in service on or before April 25, 2009, and not placed into an accelerated inspection plan.

The team also identified that in the licensees corrective action document AR-0507006401, page 2 of 15 in the summary of results section, that the Flood and Sensor Alarm System did not meet its Maintenance Rule functional failure Performance Criterion Exceedence value of two per unit over a 36-month period ending July 2005.

During this period, four flood sensors failed to actuate. Two of the failures together constitute a single maintenance rule functional failures, and the other two failures were individual maintenance rule functional failures. Thus the total number of maintenance rule functional failures for this 36 month period was three. On June 28, 2011, the Maintenance Rule Expert Panel decided to revise the performance criteria and changed it from an exceedence value of two functional failures to an exceedence value of three functional failures or 1 repeat (same root cause) functional failure over a 36-month period. This was documented in licensee document MR-INST-01. The team further identified in MR-INST-01 that the establishment of three functional failures was based upon a review of the Maintenance Orders for the period April 1, 1998 to March 31, 2011 and a review of Nuclear Notifications (corrective action documents) found three functional failures per unit per 36 month monitoring period. This would have been acceptable with the new, revised exceedence value of three, but the team identified that one of the failures identified for Unit 2 was actually a Unit 3 failure and that seven additional Unit 2 failures were not identified and three additional Unit 3 failures were not identified. Also, six of these identified failed flood level switches were not captured by Maintenance Work Orders or Nuclear Notification (corrective action documents). These failed switches should have been identified as Maintenance Rule Functional Failures and appropriate corrective actions taken.

The team also identified that five flood level sensors appeared to be beyond their required three year surveillance interval plus a 25 percent extension (3 years and 9 months). The team reviewed written information that the surveillance interval for these switches had been extended for a period not to exceed four years, without any conclusive justification, as documented in Nuclear Notification NN-200822111. Currently these five level switches are beyond the four year inspection interval. The extension of the surveillance places these units beyond their calculated calibration drift surveillance

interval of once every four years,. The licensee further asserts that these particular switches are scheduled to be replaced within the next year. The team determined that the surveillance interval had been extended even though these types of switches have had a history of frequent failures. The team did not identify any additional compensatory measures or justifications for the five identified switches where their surveillance frequency had now been extended to 4 years, Engineering has decided to conservatively replace all flood level switches as they have concluded that the failures appear to be related to aging of the sensors. The plan is to replace all the switches between two and four years during their scheduled preventative maintenance activities.

Analysis.

The team determined that the failure to properly maintain the flood level sensors which are used for control room annunciation to warn the control room of flooding of a space that has safety related or important to safety components, was a performance deficiency. The finding was more than minor because it was associated with the mitigating systems cornerstone attribute of design control, and affected the cornerstone objective of ensuring the availability, reliability, and capability of systems that respond to initiating events to prevent undesirable consequences. Specifically, the licensee did not maintain flood level sensors appropriately to provide reasonable assurance that the components would be capable of fulfilling their intended function. In accordance with Inspection Manual Chapter 0609, Attachment 4, "Phase 1 - Initial Screening and Characterization of Findings, the team determined that the finding represented the degradation of equipment and functions specifically designed to provide notification to the control room of flooding of spaces with safety related or important to safety equipment and components. Therefore, the finding was potentially risk significant and a Phase 3 analysis was required. The preliminary significance determination was based on Inspection Manual Chapter 0609, Appendix M, Significance Determination Process Using Qualitative Criteria. The senior reactor analyst determined qualitatively that the risk was very low for the following reasons:

(1) the frequency of internal flooding is very low,
(2) floods in most of the problem areas would not cause a transient, (3)redundant indications of flooding exist, including fire and sump pump operations, and
(4) none of the potentially flooded areas would likely affect more than one train of safety equipment. This finding involved a cross-cutting aspect in the area of Human Performance, Resources, because the licensee failed to assure that equipment and other resources were available and adequate to assure nuclear safety. Specifically, the licensee was not able to maintain the flood level switches adequately to assure nuclear safety due to long-standing equipment issues. H.2(a).
Enforcement.

The team identified a Green noncited violation of 10 CFR 50.65, Requirements for monitoring the effectiveness of maintenance at nuclear power plants, which states in part: Each holder of a license to operate a nuclear power plant shall monitor the performance or condition of structures, systems, or components, against licensee-established goals, in a manner sufficient to provide reasonable assurance that such structures, systems, and components, are capable of fulfilling their intended functions, and when the performance or condition of a system, structure, or component, does not meet established goals, appropriate corrective actions shall be taken.

Contrary to the above, the licensee failed to take appropriate corrective actions when the performance or condition of a system, structure, or component, did not meet established

goals. Specifically, as of July 22, 2011, the licensee failed to adequately monitor the condition of the Flood Level Detecting system in a manner to provide reasonable assurance the system could perform its intended function. The licensee failed to properly evaluate Maintenance Rule Functional Failures and take appropriate corrective actions to improve system performance. These level switches are connected to control room annunciation to warn the control room of flooding in a space that has safety-related or important to safety components. This has been entered into the licensees corrective action program as Nuclear Notifications NN-201567315 and NN-201570575. Because this violation is of very low safety significance and has been entered into the licensees corrective action program, this violation is being treated as a non-cited violation consistent with the NRC Enforcement Policy: NCV 05000361/2011010-05, Failure to Maintain Equipment Important to Safety.

.4 Results of Reviews for Operator Actions:

The team selected risk-significant components and operator actions for review using information contained in the licensees probabilistic risk assessment. This included components and operator actions that had a risk achievement worth factor greater than two or Birnbaum value greater than 1E-6.

a. Inspection Scope

For the review of operator actions, the team observed operators during simulator scenarios associated with the selected components as well as observing simulated actions in the plant.

The selected operator actions were:

  • Loss of component cooling water to the Reactor Coolant Pumps seals due to a loss of instrument air system
  • Loss of Offsite Power with Emergency Diesel Generator malfunctions requiring unloading of vital DC buses and establishing ventilation of the Engineered Safety Features Switchgear rooms

b. Findings

No findings were identified.

OTHER ACTIVITIES

4OA2 Identification and Resolution of Problems

a. Inspection Scope

The team reviewed actions requests associated with the selected components, operator actions and operating experience notifications.

b. Findings

Failure to Adequately Control Document Changes

Introduction.

The team identified multiple examples of a Green non-cited violation of 10 CFR 50, Appendix B, Criterion VI, Document Control, because the team identified numerous drawing inconsistencies where changes to certain components were not changed on all affected drawings, and procedural errors where changes were not made to all affected documents.

Description.

The team started the inspection with one week of in-office preparation, reviewing documentation related to the components selected, and continued this review when the team arrived on site. During the review of drawings, procedures, and calculations, the team noted numerous errors within the documents. References to incorrect sections in procedures, drawings that did not reflect changes due to modifications, drawings that were not accurate from one drawing to another drawing depicting the same components, and inconsistent component requirements between vendor recommendations and stress analysis calculations, were noted. Within the first week of the inspection the team had noted at least nine examples of documentation errors.

Example 1 On June 23, 2011 while reviewing wiring diagram SO23-302-4-2-268, the team identified a white indicating light found on the diagram was not included on elementary diagram 30956 Sheet 1. The licensee further identified that the white indicating light was also omitted from control circuit loading calculation E4C-084.

Nuclear Notification NN-201511720 Example 2 Incorrectly marked NO box with respect to a change impacting PRA with respect to removal of the level switch low-low trip contact for emergency diesel generator fuel transfer pump. Nuclear Notification NN-201510143 Example 3 A modification removed diesel fuel storage tank low-low level bi-stables.

Figure III-1 on page 135 still shows a /Y1 symbol, where the LSLL5903 symbol should only contain the X1 suffix. Nuclear Notification NN-201510265 Example 4 Current revision 13 of One Line Drawing 30127 shows the cable size from 2B1305 to MCC 2BC as 3-1/C 350 MCM. Current Revision 23 of One Line Drawing 30135 shows the same cable as 3-1/C500 MCM. Nuclear Notification NN-201512987 Example 5 Procedure SO23-V-3.4 page 121 of 126 on attachment 9, the formula for LnRWST Temp and Ln_RCS_Temp are identical. The formulas for the two values should be different and the formulas should reflect it. Nuclear Notification NN-201513110 Example 6 Emergency Diesel Generator air start solenoid air valves 2(3)HY5955A1, B1,C1, D1,A2, B2, C2, D2, are incorrectly shown on drawing SO23-403-12-44 and in the associated SAP Master Data functional location records. Nuclear Notification NN-201513112

Example 7 Section 8.5.10 of current revision 15 of electrical calculation E4C-042 points to an incorrect reference. Reference 6.24 should be reference 6.23.

Nuclear Notification NN-201513415 Example 8 Main One Line Drawing 30101 only shows the lower rating of 1500 kVA for transformer 3B06X, whereas One Line Drawing 32120 shows both the lower 1500 kVA and higher 2000 kVA rating for transformer 3B06X. Nuclear Notification NN-201546498 Example 9 CCW Surge Tank Vendor Drawing # 5782 calls out anchor bolt material to be SA-145, Grade B7, whereas stress analysis calculation C-259, Section 2.03.04, Revision 0 calls out A-307 for the bolt material. Nuclear Notification NN-201571137 Individually, the errors were not significant. Collectively, these document errors demonstrated a weakness in the licensees program for review and approval of controlled documents that were used in the plant. Other errors were also noted throughout the inspection, and were captured by the licensee in their corrective action program.

Analysis.

The team identified that collectively, from a program perspective, the failure to properly incorporate design changes of components in the plant to all affected drawings, procedures, or instructions, was a performance deficiency. The finding was more than minor because if left uncorrected, the performance deficiency had the potential to lead to a more significant safety concern. In accordance with Inspection Manual Chapter 0609, 4, "Phase 1 - Initial Screening and Characterization of Findings, the team determined that the finding was of very low safety significance (Green) because it did not represent a design issue resulting in the loss of function, did not represent an actual loss of a system safety function, did not result in exceeding a Technical Specification allowed outage time, and did not affect external event mitigation. Specifically, none of the documents with the identified errors had been used in response to any events or plant perturbations. This finding did not have a crosscutting aspect because the most significant contributor did not reflect current licensee performance

Enforcement.

The team identified a Green non-cited violation with multiple examples of 10 CFR 50, Appendix B, Criterion VI, Document Control, which states in part:

Measures shall be established to control the issuance of documents, such as instructions, procedures, and drawings, including changes thereto, which prescribe all activities affecting quality. These measures shall assure that documents, including changes, are reviewed for adequacy and approved for release. Contrary to the above, the licensee failed to assure that documents, including changes, were reviewed for adequacy and approved for release. Specifically, on June 23, 2011, the team identified numerous drawing inconsistencies where changes to certain components were not changed on all affected drawings and procedural errors where changes were not made to all affected documents. The licensee has entered the errors into their corrective action program under numerous Nuclear Notifications listed above. Because this violation is of very low safety significance and has been entered into the licensees corrective action program, this violation is being treated as a non-cited violation consistent with the NRC Enforcement Policy: NCV 05000361,05000362/2011010-06, Failure to Adequately Control Document Changes.

4OA6 Meetings, Including Exit

On July 22, 2011, the team leader presented the preliminary inspection results to Mr. P.

Dietrich, Senior Vice President and Chief Nuclear Officer, and other members of the licensees staff. On September 13, 2011, the team leader conducted a telephonic final exit meeting with Mr. Mr. R. St. Onge, Director, Nuclear Regulatory Affairs, and other members of the licensee's staff. The licensee acknowledged the findings during each meeting. While some proprietary information was reviewed during this inspection, no proprietary information was included in this report.

4OA7 Licensee Identified Violations

No findings were identified.

s: 1 - Supplemental Information

ATTACHMENT 1

SUPPLEMENTAL INFORMATION

KEY POINTS OF CONTACT

Licensee personnel

D. Axline, Project Manager, Nuclear Regulatory Affairs
D. Bauder, VP & Station Manager
M. Carr, Manager, NFM/PRA
J. Dahl, Manager, Operations
P. Dietrich, SVP & Chief Nuclear Officer
S. Dornseif, Technical Specialist, Nuclear Regulatory Affairs
M. Farmer, Manager, Health Physics
J. Hays, Engineer, DEO Mechanical
K. Johnson, Manager, Design Engineering
G. Kline, Sr Director, Engineering
J. Kolons, Engineer, Nuclear Regulatory Affairs
D. LeGare, Engineer, Plant Engineering
J. Madigan, Director, Nuclear Safety Culture and Site Recovery
L. McCann, Manager, Chemistry
T. McCool, Plant Manager
R. McWey, Manager, Oversight
C. Miller, Manager, Operations
V. Nazareth, Supervisor, NFM
D. Nougier, Engineer, DEO Mechanical
R. Pettus, Technical Specialist, Nuclear Regulatory Affairs
L. Rafner, Engineer, Nuclear Regulatory Affairs
C. Robinson, Engineer, Nuclear Regulatory Affairs
P. Schofield, Engineer, DEO Mechanical
B. Sholler, Director, Maintenance & Construction
J. Sills, Project Manager, Performance Improvement
R. St. Onge, Director, Nuclear Regulatory Affairs
R. Trapp, Engineer, DEO Mechanical
R. Treadway, Manager, Nuclear Regulatory Affairs
S. Atkins, Engineer, DEO Electrical
G. Hansen, Engineer, IST Program
E. Mensa-Wood, Plant Engineer
G. Segich, Plant Engineer
R. Taylor, Plant Engineer
D. Tuttle, Supervisor, EDG Team
R. Urena, Program Engineer
T. Yackle, Assistant Plant Manager

NRC personnel

S. Achen, Resident Inspector
G. Warnick, Senior Resident Inspector,

-1- Attachment

LIST OF ITEMS OPENED, CLOSED, AND DISCUSSED

Opened and Closed

05000361/2011010-01 NCV Inadequate Assessment of Seismic Qualification of Emergency Diesel Generator Buried Fuel Oil Tanks.

(1R21.2.9)

05000361/2011010-02 NCV Failure to Evaluate that Sufficient Voltage would be Available at the Emergency Diesel Generator Air Start Solenoid. (1R21.2.13)
05000361/2011010-03 NCV Failure to Incorporate Design Requirements into Procedures and Instructions. (1R21.2.14)
05000362/2011010-04 NCV Failure to Evaluate the Effects of Fuse Resistance and High Energy Line Break Conditions on Control Circuit Voltage. (1R21.2.15)
05000361/2011010-05 NCV Failure to Maintain Equipment Important to Safety.

(1R21.3.2)

05000361; NCV Failure to Adequately Control Document Changes.
05000362/2011010-06 (4OA2)

LIST OF DOCUMENTS REVIEWED

Retrieved from "https://kanterella.com/w/index.php?title=IR_05000361/2011010&oldid=2284344"