Information Notice 1994-20, Common-Cause Failures Due to Inadequate Design Control and Dedication

From kanterella
Jump to navigation Jump to search
Common-Cause Failures Due to Inadequate Design Control and Dedication
ML031060589
Person / Time
Site: Beaver Valley, Millstone, Hatch, Monticello, Calvert Cliffs, Dresden, Davis Besse, Peach Bottom, Browns Ferry, Salem, Oconee, Mcguire, Nine Mile Point, Palisades, Palo Verde, Perry, Indian Point, Fermi, Kewaunee, Catawba, Harris, Wolf Creek, Saint Lucie, Point Beach, Oyster Creek, Watts Bar, Hope Creek, Grand Gulf, Cooper, Sequoyah, Byron, Pilgrim, Arkansas Nuclear, Braidwood, Susquehanna, Summer, Prairie Island, Columbia, Seabrook, Brunswick, Surry, Limerick, North Anna, Turkey Point, River Bend, Vermont Yankee, Crystal River, Haddam Neck, Ginna, Diablo Canyon, Callaway, Vogtle, Waterford, Duane Arnold, Farley, Robinson, Clinton, South Texas, San Onofre, Cook, Comanche Peak, Yankee Rowe, Maine Yankee, Quad Cities, Humboldt Bay, La Crosse, Big Rock Point, Rancho Seco, Zion, Midland, Bellefonte, Fort Calhoun, FitzPatrick, McGuire, LaSalle, Fort Saint Vrain, Shoreham, Satsop, Trojan, Atlantic Nuclear Power Plant, Crane  Entergy icon.png
Issue date: 03/17/1994
From: Grimes B
Office of Nuclear Reactor Regulation
To:
References
IN-94-020, NUDOCS 9403110132
Download: ML031060589 (11)
v  d  e


UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

WASHINGTON, D.C.

20555

March 17, 1994

NRC INFORMATION NOTICE NO. 94-20:

COMMON-CAUSE FAILURES DUE TO INADEQUATE

DESIGN CONTROL AND DEDICATION

Addressees

All holders of operating licenses or construction permits for nuclear power

reactors.

Purpose

This information notice is being provided to alert addressees to potential

common-cause failures resulting from inadequate design control and dedication

measures implemented for the replacement of electromechanical relays with

digital microprocessor-based relays.

It is expected that recipients will

review the information for applicability to their facilities and consider

actions, as appropriate, to avoid similar problems. However, suggestions

contained in this information notice do not constitute NRC requirements;

therefore, no specific action or written response is required.

Description of Circumstances

A common-cause failure at the Beaver Valley Unit 2 Power Station rendered

inoperable multiple trains of a system designed to mitigate the consequences

of an accident. On November 4, 1993, during testing of the Train A, 2-1 emergency diesel generator (EDG) load sequencer, the sequencer failed to

automatically load safety-related equipment onto the emergency bus.

Two

suspect relays were replaced and the surveillance test was successfully

repeated. On November 6, 1993, during surveillance testing, the Train B, 2-2 EDG load sequencer failed to automatically load safety-related equipment onto

the emergency bus. An NRC Augmented Inspection Team was sent to the site to

review the circumstances surrounding these events (Inspection Report

50-412/93-81).

Discussion

The EDG load sequencers control the sequence in which safety-related equipment

starts after the EDG restores power when normal power is lost on the emergency

busses. Timer/relays are used to load the safety-related equipment in six

discrete steps during a 1-minute period. The same type of timer/relay is also

used to reset the diesel generator load sequencer if a safety injection or a

9403110132 PbR

'tE

V40Nv+

9u-oCo

Cqc3I

u3/\\

IN 0,-0O

March 17, 1994 containment isolation Phase B signal is received. Resetting the load

sequencer allows necessary emergency core cooling system equipment to be

loaded. The load sequencers originally used electromechanical timer/relays

to generate the timed steps and sequencer reset function. The electro- mechanical timer/relays were replaced with microprocessor-based timer/relays

during the second refueling outage, in November 1990.

Each train of the load

sequencer has eight Model 365A digital microprocessor-based timer/relays

manufactured by Automatic Timer Controls Inc. The timer/relays were purchased

as commercial-grade items and dedicated for safety-related service.

A review of these events indicated that the microprocessor-based timer/relay

failed as a result of the voltage spikes that were generated by the auxiliary

relay coil controlled by the timer/relay. The voltage spikes, also referred

to as "inductive kicks," were generated when the timer/relay time-delay

contacts interrupted the current to the auxiliary relay coil. These spikes

then arced across the timer/relay contacts. This arcing, in conjunction with

the inductance and wiring capacitance, generated fast electrical noise

transients called "arc showering" (electromagnetic interference). The peak

voltage noise transient changes as a function of the breakdown voltage of the

contact gap, which changes as the contacts move apart and/or bounce. These

noise transients caused the microprocessor in the timer/relay to fail. The

failure of the microprocessor-based timer/relay caused the time-delay contacts

to reclose shortly after they had properly opened as part of the load

sequencer operation. Closing the time-delay contact locked out (deenergized)

the load sequencer master relay and prevented the load sequencer from

operating. To correct the identified problem, the licensee installed diodes

across the auxiliary relay coils to suppress the voltage spike that had caused

the microprocessor-based timer/relay failure. This modification was confirmed

to correct the problem through successful testing of the EDG load sequencer.

The design control for the selection and review for suitability of the

microprocessor timer/relays for this application was not adequate. The

modification design data did not identify the potential for voltage spiking by

the auxiliary relays and translate that potential into electromagnetic

interference requirements for the equipment purchase specification and the

dedication testing specification. As a result of inadequate design control, a

common-cause failure mechanism was introduced into the diesel generator load

sequencers.

This event highlights the need to ensure proper design control activities when

replacing discrete component electrical or electromechanical devices with

digital microprocessor-based electronic devices. Specifically, the event

IN 9"-iO

March 17, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response. If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical contacts: John Calvert, RI

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachment:

List of Recently Issued NRC Information Notices

Attk.-hment

IN 94-20

March 17, 1994 LIST OF RECENTLY ISSUED

NRC INFORMATION NOTICES

Information

Date of

Notice No.

Subject

Issuance

Issued to

94-19

94-18

94-17

94-16

94-15

Emergency Diesel

Generator Vulnerability

to Failure from Cold

Fuel Oil

Accuracy of Motor- Operated Valve Diag- nostic Equipment

(Responses to Sup- plement 5 to Generic

Letter 89-10)

Strontium-90 Eye Appli- cators: Submission of

Quality Management Plan

(QMP), Calibration, and

Use

Recent Incidents Resulting

in Offsite Contamination

Radiation Exposures during

an Event Involving a Fixed

Nuclear Gauge

Failure to Implement

Requirements for Biennial

Medical Examinations and

Notification to the NRC

of Changes in Licensed

Operator Medical Conditions

Intersystem LOCA

Outside Containment

03/16/94

03/16/94

03/11/94

03/03/94

03/02/94

02/24/94

02/22/94

All holders of OLs or CPs

for nuclear power reactors.

All holders of OLs or CPs

for nuclear power reactors.

All U.S. Nuclear Regulatory

Commission Medical Use

Licensees.

All U.S. Nuclear Regulatory

Commission material and fuel

cycle licensees.

All U.S. Nuclear Regulatory

Commission licensees author- ized to possess, use, manu- facture, or distribute

industrial nuclear gauges.

All holders of OLs or CPs

for nuclear power and non- power reactors and all

licensed reactor operators

and senior reactor

operators.

All holders of OLs or CPs

for nuclear power reactors.

94-14

92-36, Supp. 1 OL = Operating License

CP = Construction Permit

IN 4-20

March 17, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response. If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

odginal signed by

Brian K. Grimes, Director Brian LGnmeI

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical contacts:

John Calvert, RI

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachment:

List of Recently Issued Information Notices

  • SEE PREVIOUS CONCURRENCE

OFFICE

  • OGCB
  • REGION I
  • REGION I l *REGION I

NAME

CVHodge

RSanders

JCalvert

JTrapp

JWiggins

DATE

0126/94

01/25/94

01/26/94

01/26/94

01/26/94

  • HICB/DRC H
  • C:HICB/NRR
D
  • DSSA/NRR
  • AC:OC/R

D:D

ELee

JSWermiel

ACThadani

AJKugler

01/21/94

01/27/94

02/14/94

02/07/94

03/// /94

  • D:DRIL/NRR

CERossi

03/01/94 DOCUMENT NAME: 94-20.IN

-IN4-XX

February xx, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response.

If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical Contacts:

John Calvert, Region I

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachments:

1. List of Recently Issued Information Notices

  • SFF PRFVTOUS CONCURRENCE

OFFICE

  • OGCB
  • REGION I
  • REGION I
  • REGION I

NAME

CVHodge

RSanders

JCalvert

JTrapp

JWiggins

DATE

01/26/94

01/25/94

01/26/94

01/26/94

01/26/94

  • HICB/DRCH
  • C:HICB/NRR

l D:DSSA/NRR , *AC:OGCB/NRR

D:DORS/NRR

ELee

JSWermiel

ACThadaniW

AJKugler

BKGrimes

01/27/94

01/27/94

02/J/94

02/07/94

02/ /94 lAMIIMFNT Mr.

fl0TI1VFIV

TNIIF

fQ,

.

g 1 I

AA]

Vd

Uvvu%1JLII I

Urs

1IL.

LO A MLLI

. .- w

bCO

I

~~ 4,~ A-

_

onuV

IN i4-XX

February xx, 1994 shows that safety-significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based replacement

equipment is compatible for the specific application and service environment.

This information notice requires no specific action or written response.

If

you have any questions about the information in this notice, please contact

one of the technical contacts listed below or the appropriate Office of

Nuclear Reactor Regulation (NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor Support

Office of Nuclear Reactor Regulation

Technical Contacts:

John Calvert, Region I

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachments:

1. List of Recently Issued Information Notices

  • SEE PREVIOUS CONCURRENCE

OFFICE

  • OGCB
  • REGION I
  • REGION I
  • REGION I

NAME

CVHodge

RSanders

JCalvert

JTrapp

JWiggins

DATE

01/26/94

01/25/94

01/26/94

01/26/94

01/26/94

  • HICB/DRCH
  • C:HICB/NRR

I AC:OGCB/NRR

I D:DORS/NRR

ELee

JSWermiel

AJKuglert! I BKGrimes

01/27/94

01/27/94

02/ 1/94 I 02/

/94

.^^.

.s

_

DAIw

W CUMLNI NAML:

UIlKLLAY.Nl-

I

IN 94-XX

February xx,

1994 electronic devices.

Specifically, the event shows that safety- significant, common-mode failures can occur when the design

review does not ensure that the digital, microprocessor-based

replacement equipment is compatible for the specific application

and service environment.

This information notice requires no specific action or written

response.

If you have any questions about the information in

this notice, please contact one of the technical contacts listed

below or the appropriate Office of Nuclear Reactor Regulation

(NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor

Support

Office of Nuclear Reactor

Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachments:

1. List of Recently Issued

Information Notices

  • SEE PREVIOUS CONCURRENCE

OFFICE

  • OGCB
  • REGION I
  • REGION I *REGION I

NAME

CVHodge

RSanders

JCalvert

JTrapp

JWiggins

DATE

01/26/94 j 01/25/94

01/26/94

01/26/94

01/26/ 94

  • HICB/DRCH I*C:HICB/NRR I C:OGCB/NRR I D:DORS/NRR

IELee

JSWermiel

GHMarcus

BKGrimes

01/27/94

01/27/94

01/

/94

01/

/94 TT Tt .l~m

X 1SF._

_

o

Tb

V1 T T--

VLkCUM!;N'1 iAmzI;:

Ul~x.t!;LAYX.J.NJV

Is ,

IN 94-XX

February xx, 1994 This information notice requires no specific action or written

response.

If you have any questions about the information in

this notice, please contact one of the technical contacts listed

below or the appropriate Office of Nuclear Reactor Regulation

(NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor

Support

Office of Nuclear Reactor

Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachments:

1.

List of Recently Issued

Information Notices

  • SEE PREVIOUS CONCURRENCE

-

OFFICE

  • OGCB
  • REGION I
  • REGION I *REGION I

NAME

CVHodge

RSanders

JCalvert

JTrapp

JWiggins

DATE

01/26/94

01/25/94

01/26/94

101/26/94.

01/26/94

  • HICB/DRCH

.C:1JI1P1v/4R

C:OGCB/NRR

D:DORS/NRR

E~ee

JS/f'm

t 'P

ELee

I GHMarcus

BKGrimes

01/27/94

0

01/2.7/94

01/

/94

01/

/94 UDOUMENT NAME:

1GRELAY.INF

I

IN 94-XX

February xx, 1994 This information notice requires no specific action or written

response.

If you have any questions about the information in

this notice, please contact one of the technical contacts listed

below or the appropriate Office of Nuclear Reactor Regulation

(NRR) project manager.

Brian K. Grimes, Director

Division of Operating Reactor

Support

Office of Nuclear Reactor

Regulation

Technical Contacts: John Calvert, Region I

(610) 337-5194

Eric Lee, NRR

(301) 504-3201 Attachments:

1. List of Recently Issued

Information Notices

'e.Az*VVV 1 4

£4 eCmewwr bi

Iosu i

  • SET

W

DrTAT1T

t"(WrTTDDPWNOT

-

--

--

e'u'

Im

v

@F-F

-

WI I

VW

OFFICE

OGCB V

REGION I

REGION I

REGION I

NAME

CVHodge

RSanders

JCalvert

JTrapp

JWiggins

DATE___

0

94

01/25/94

01_//94

01/2. /94

01/ZL/94 HICB/DRCH

C:HICB/NRR

C:OGCB/NRR

D:DORS/NRR

E44Le

j

JSWermiel

GHlarcus

BKGrimes

01/77/94

01/

/94

01/

/94

[01/ /94 DOCUMENT NAME:

DIGRELAY.INF

  • SEE PREVIOUS CONCURRENCE

OFFICE

OGCB

TECH ED.

REGION I

REGION I

REGION I

NAME

CVHodge

%L4k

JCalvert

JTrapp

JWiggins

DATE

01/

/94

01/'f/94

01/

/94

01/

/94

01/

/94

_

_

_

_

_

_

_

_ _ _ _

_

_

_ _

_

_ _ _ _

_ _ _

5I

HICB/DRCH

C:HICB/NRR IC:OGCB/NRR

D:DORS/NRR

ELee

JSWermiel

GHMarcus

BKGrimes

01/

/94

01/

/94

01/

/94

01/

/94 DOCUMENT NAME:

DIGRELAY.INF


Retrieved from "https://kanterella.com/w/index.php?title=Information_Notice_1994-20,_Common-Cause_Failures_Due_to_Inadequate_Design_Control_and_Dedication&oldid=5422724"