Information Notice 2012-12, HVAC Design Control Issues Challenge Safety System Function

From kanterella
Jump to navigation Jump to search
HVAC Design Control Issues Challenge Safety System Function
ML12115A012
Person / Time
Issue date: 07/24/2012
From: Laura Dudes, Mcginty T
Division of Construction Inspection and Operational Programs, Division of Policy and Rulemaking
To:
Garmon-Candelaria D
References
IN-12-012
Download: ML12115A012 (5)
v  d  e


ML12115A012 UNITED STATES

NUCLEAR REGULATORY COMMISSION

OFFICE OF NUCLEAR REACTOR REGULATION

OFFICE OF NEW REACTORS

WASHINGTON, DC 20555-0001

July 24, 2012

NRC INFORMATION NOTICE 2012-12:

HVAC DESIGN CONTROL ISSUES CHALLENGE

SAFETY SYSTEM FUNCTION

ADDRESSEES

All holders of an operating license or construction permit for a nuclear power reactor or a

non-power (research or test) reactor issued under Title 10 of the Code of Federal Regulations

(10 CFR) Part 50, Domestic Licensing of Production and Utilization Facilities, except those

who have permanently ceased operations and have certified that fuel has been permanently

removed from the reactor vessel.

All holders of and applicants for a power reactor early site permit, combined license, standard

design certification, standard design approval, or manufacturing license under 10 CFR Part 52, Licenses, Certifications, and Approvals for Nuclear Power Plants.

PURPOSE

The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform

addressees about certain events involving heating, ventilation, and air conditioning (HVAC)

system design control issues that challenged, or potentially challenged, safety system functions.

The NRC expects recipients to review the information contained within for applicability to their

facilities and consider actions, as appropriate, to avoid similar occurrences. Suggestions

contained within this IN are not NRC requirements; therefore, no specific action or written

response is required.

DESCRIPTION OF CIRCUMSTANCES

Susquehanna Steam Electric Station (Susquehanna) HVAC Controller

On January 3, 2011, PPL, the licensee for Susquehanna, identified a single-point vulnerability in

the reactor building HVAC system. The vulnerability was that a failure of a nonsafety-related

temperature controller coincident with outside ambient air temperatures below 10 degrees

Fahrenheit (oF) could result in a spurious steam leak detection (SLD) system isolation on high

differential temperature (T), causing simultaneous isolation of main steam isolation valves

(MSlV), the high pressure coolant injection system, and the reactor core isolation cooling

system. This vulnerability was common to both Susquehanna Units 1 and 2 and had been in

existence since the plants began licensed operations.

PPL initially reported the issue through an event notification (EN) (EN 46519) under

10 CFR 50.72, Immediate Notification Requirements for Operating Nuclear Power Reactors, as an unanalyzed condition (10 CFR 50.72 (b)(3)(ii)(B)) and an accident mitigation concern

(10 CFR 50.72 (b)(3)(v)(D)). However, on February 28, 2011, PPL submitted an updated EN

that removed the accident mitigation consideration based on the low likelihood of a reactor building temperature controller failure during a period when outside temperature was below

10 oF (both conditions are required for the deficient SLD system isolation on high T to occur).

PPL provided additional information pertaining to this issue in the form of a 10 CFR 50.73, License Event Report [LER] System, for an unanalyzed condition (LER 3872011001). The

LER stated that the single-point vulnerability was discovered during the preparation of a

10 CFR 50.59, Changes, Tests and Experiments, determination for an engineering change to

remove the SLD high T isolation function to address obsolescence of the functions

components. The licensee attributed the issue to a less than adequate single-failure analysis

performed during the original plant design.

The original single-failure analysis was performed consistent with accepted practices during the

period of the initial plant design. In 2007, Susquehanna engineers received training on failure

modes and effects analysis (FMEA) techniques. This training updated the expectations for

FMEAs performed on nonsafety systems. Consequently, Susquehanna engineers used the

new techniques when evaluating the impact of removing the SLD isolation function and, in the

process, identified the single-point vulnerability deficiency.

The corrective actions for this issue included removing the isolation function of the SLD system

T instrumentation and performing a FMEA on all nonsafety systems that could cause an

isolation of the emergency core cooling system or MSIVs as an extent of condition assessment.

The report, Susquehanna Steam Electric Station - NRC Integrated Inspection Report 05000387/2011003 and 05000388/2011003 and Exercise of Enforcement Discretion, dated

August 10, 2011 (Agencywide Documents Access and Management System (ADAMS)

Accession No. ML112220409), provides the results of the NRC inspection related to this issue.

Diablo Canyon Power Plant Auxiliary Building Ventilation System Actuation Logic

Diablo Canyon Nuclear Power Plant (DCNPP) completed modifications to its auxiliary building

ventilation systems (ABVS) in November 2010. These modifications included replacement of

relay-based actuation logic with a programmable logic controller (PLC). The licensee

implemented the modification to address problems with reliability and availability (i.e.

obsolescence). The licensee reviewed the modification design to ensure applicable

single-failure criteria were met. Notwithstanding the licensees review, on January 10, 2011, during containment spray pump quarterly testing, a deficiency in the actuation logic of the

recently installed PLC resulted in a complete loss of the Unit 2 ABVS when a damper failed to

open as required because of leakage past a piston seal. This led one of the two ABVS exhaust

fans to trip and prevented the other exhaust fan from starting; thus ABVS became inoperable.

The loss of the ABVS required the licensee to take action in accordance with Technical

Specification Limiting Condition for Operation 3.0.3 (i.e., action statement to reduce mode of

plant operation) for approximately 20 minutes until operators restored the ABVS system through

manual actions. The failure of the piston seal was attributed to using the seal beyond its

defined service life, contrary to the requirements of the licensees preventive maintenance

program for the seal.

DCNPP initially reported this event through a 10 CFR 50.72 EN (EN 46531) as an unanalyzed

condition (10 CFR 50.72(b)(3)(ii)(B)) and an accident mitigation concern

(10 CFR 50.72(b)(3)(v)(D)). The licensee provided additional information in the form of a

10 CFR 50.73 LER for an unanalyzed condition and safety system functional failure

(LER 2752011002). In the LER, the licensee incorrectly attributed the cause of the loss of the ABVS to a nonconforming single-failure vulnerability in the ABVS system design that existed as

part of the original design for both DCNPP Units. It was later determined that the 2010

modifications to the ABVS control logic introduced a single-failure vulnerability, where ABVS

exhaust fans tripped when a system damper was not fully opened.

The corrective actions for this issue consisted of modifying the design of both DCNPP units to

satisfy the single-failure design criteria, revising the design change process to include a design

evaluation of new and old failure modes based on the current licensing and design bases, and

revising the licensing basis.

The report, Diablo Canyon Power Plant - NRC Integrated Inspection Report 05000275/2011002 and 05000323/2011002, dated May 11, 2011 (ADAMS Accession

No. ML111310608), provides the results of the NRC inspection related to this issue.

Point Beach Nuclear Plant (Point Beach) Control Room Emergency Filtration Fan Thermal

Overload

On February 3, 2007, Point Beach lost operability of the control room emergency filtration

system (CREFS) because of an inadequately designed modification (LER 2662007001). In

October 2006, the licensee installed a modification (high efficiency CREFS fan motors) for the

purpose of increasing the low flow margin. During the design of this modification, an incorrect

assumption was made that outside temperature had a negligible effect on motor current draw, so no compensation for low temperature was included in the motor thermal overload design.

On February 3, 2007, with outside temperature at 6 oF, a CREFS fan tripped during a Technical

Specification surveillance test because of a thermal overload relay trip. After evaluating the

cause of the trip, the licensee declared both CREFS fans inoperable because the fan motors

had inadequately sized thermal overload heater elements.

The corrective actions for this issue included replacing the overload heater elements with

elements having trip current setpoints adjusted to values that considered design requirements.

The report, Point Beach Nuclear Power Plant, Units 1 and 2, NRC Integrated Inspection Report 05000266/2007002 and 05000301/2007002, dated April 12, 2007 (ADAMS Accession No.

ML071020081), provides the results of the NRC inspection related to this event.

BACKGROUND

Criterion III of Appendix B to 10 CFR Part 50 requires, in part, that licensees ensure that

applicable regulatory requirements and design basis are correctly translated into specifications, drawings, procedures, and instructions. Furthermore, design changes, including field

changes, shall be subject to design control measures commensurate with those applied to the

original design...

DISCUSSION

In each event described in this IN, a safety systems function was challenged or potentially

challenged because of design control issues. In the first case, a long-standing design control

issue was finally identified after the licensee adopted updated methods of analyzing nonsafety

system designs for single failures. In the second and third cases, actual safety system

functional failures occurred as a result of licensees implementing deficient modifications. These

events illustrate the importance of evaluating modifications rigorously to verify that design-basis

requirements are satisfied.

CONTACT

This IN requires no specific action or written response. Please direct any questions about this

matter to the technical contacts listed below or to the appropriate Office of Nuclear Reactor

Regulation or Office of New Reactors project manager.

/RA by JLuehman for/

/RA by SBahadur for/

Laura A. Dudes, Director

Timothy J. McGinty, Director

Division of Construction Inspection

Division of Policy and Rulemaking

and Operational Programs

Office of Nuclear Reactor Regulation

Office of New Reactors

Technical Contacts: Samir Darbali, NRR

301-415-3730

E-mail: Samir.Darbali@nrc.gov

David Garmon, NRR

301-415-3512 E-mail: David.Garmon@nrc.gov

Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under NRC Library/Document Collections.

ML12115A012 *via e-mail TAC ME7683 OFFICE NRR/DIRS/IOEB*

Tech Editor* NRR/DE/EICB* NRR/DIRS/IOE

B/BC*

NRR/DE/EIC

B/BC*

NRR/DPR/PRL

B/BC*

NAME

DGarmon

CHsu

SDarbali

HChernoff

(EThomas for)

JThorp

JQuichocho

DATE

6/14/12

4/30/12

6/20/12

6/18/12

6/20/12

7/5/12 OFFICE

NRR/DE/D

NRR/DPR/PG

CB/LA*

NRR/DPR/PG

CB/PM

NRR/DPR/PGC

B/BC

NRR/DPR/P

GCB/LA

NRO/DCIP/D

NRR/DPR/D

NAME

PHiland

(MCheok for)

CHawes

ARussell

DPelton

CHawes

LDudes

(JLuehman for)

TMcGinty

(SBahadur for)

DATE

6/28/12

7/10/12

7/12/12

7/18/12

7/18/12

7/24/12

7/24/12


Retrieved from "https://kanterella.com/w/index.php?title=Information_Notice_2012-12,_HVAC_Design_Control_Issues_Challenge_Safety_System_Function&oldid=5260335"