LD-88-005, Draft C-E Sys 80+TM Std Design, Design Certification Licensing Review Bases.Response to NRC Comments on Licensing Document Encl
| ML20148D358 | |
| Person / Time | |
|---|---|
| Site: | 05000470 |
| Issue date: | 01/18/1988 |
| From: | ABB COMBUSTION ENGINEERING NUCLEAR FUEL (FORMERLY |
| To: | |
| Shared Package | |
| ML20148D327 | List: |
| References | |
| LD-88-005, LD-88-5, NUDOCS 8801250377 | |
| Download: ML20148D358 (95) | |
Text
9-Enclosure (1) g LD-88-005 1
, I
'i I
l COMBUSTION ENGINEERING, INC.
1 -
SYSTEM 80+D STANDARD DESIGN s
v ,
i i
i l
4 i l-
! I i
LO :
DESIGN CERTIFICATION .
i LICENSING REVIEW BASES I
i
! r i !
F t
l l
! JANUARY 18, 1988 i i i O i i
I s 8801250377 880119 !
i PDR ADOCK 05000470 i
A PDR ,
! I
{ -um p~--- e- =* * + -+4 -m-P --m_-*__--
EXECUTIVE
SUMMARY
Combustion Engineering has announced to the U.S. Nuclear Regulatec.'
Commission its intention to pursue a Design Certification for the System 80+D Standard M sign. This effort will proceed on a new docket that will I be established with all the past history and safety evaluation (including the FDA) of the current System 80, as described in CESSAR-F, as the starting point. The design enhancements and expanded scope for the System 80+ Standard Design will be fully described in CESSAR-Design Certification (CESSAR-DC) and are intended to yield a standard plant design that not only meets all current regulations but also satisfies the criteria of the Commission's Severe Accident and Standardization Policy Statements.
O In the absence of fully defined acceptance criteria for the review of standard plant designs against the Severe Accident and Standardization Policy Statements, these Licensing Review Bases will serve to (1) outline the development of appropriate acceptance criteria for key areas of the ,
Staff's review of the System 80+ Standard Design and (2) establish a clear definition of the schedule, process and administrative matters which will be used to review and certify the System 80+ Standard Design.
The Syster'. 80+ Standard Design includes the Nuclear Power Module plus Standardized Functional Descriptions. The Combustion Engineering scope of l supply is the Nuclear Power Module and is a major portion of a completa
\
l O -
13
%J nuclear power plant design. Combustion Engineering has also committed, however, to the provision of a sufficient level of detail on the remaining portions of the plant design via detailed Standardized Functional Descriptions to allow the Staff to make a complete and conclusive public health and safety determination for the System 80+ Standard Design. The Staff's review of CESSAR-DC, therefore, will close out all questions concerning the System 80+ 5'4 clear Power Module and will fully establish the requirements for the remaining portions of the Standard Design.
O O
,m
(_)
TABLE OF CONTENTS Section Page Executive Summary i 1.0 Introduction 1 1.1 Scope & Content of CESSAR-DC 5 1.2 Scope & Content of Future 7 Applications Referencing CESSAR-DC 2.0 Schedule 8 3.0 Content of Application 11 3.1 Oual Docket Approach 11 3.2 CESSAR-DC Format 11 3.3 CESSAR-DC Amenament Identification 13 4.0 Incorporation of New Issues 14 5.0 Review Procedures 16 5.1 Overview of NRC Staff Review 16 5.2 Format of Safety Evaluation Report 17 5.3 Questions and Responses 18 5.4 Integrated Review 20 6.0 ACRS Participation 21 7.0 Severe Accident Policy 22 7.1 Introduction 22 7.2 Compliance With General Licensing Criteria 23 7.3 Severe Accident Performance Goals 24 iii
i P_agg '!
- 8.0 Additional Issues 29 8.1 Physical Security and Sabotage 29 8.2 Site Envelope Parameters 29 8.3 Completeness of Design Documentation 30 0.4 Program for the Assurance of Quality 31 ,
8.5 Standard Functional Descriptions 31 8.6 Instrumentation and Controls 33 8.7 Genet.c letters and IE Bulletins 34 8.8 Maintenance and Surveillance 34 8.9 Safety Goal Policy Statement 34 8.10 Stand .1*dization Policy 35 4
9.0 Final Design Approval 36 10.0 Design Certification 37 -
Appendix A process for Resolution of A-1 -
USIs and GIs as Required by the Severe Accident Policy Statement O Appendix B Process for Probabilistic B-1 Risk Assessment as Required .
by the Severe Accident Policy Statement Appendix C Process for Degraded Core C-1 Evaluation as Required by the .
, Sovere Accident Policy Statement I
, Appendix 0 Instrumentation and Controls 0-1 i
> \
'l l f i
i iv ,
i
(:) .
+
i
/
LJ LIST OF TABLES Table Page 1 CESSAR-DC Submittal Schedule 9 A-1 Unresolved Safety Issues & High/ Medium A-7 Priority Generic Issues which were Evaluated for Applicability to System 80+
Design Certification C-1 Priliminary List of ARSAP Topic Papers C-5 i
LIST OF FIGURES Figure Page 1 System 80+ Standard Design 2 2 NRC Review Schr: dale 10 3 Dual Docket Approach 12 B-1 Major PRA Tasks B-6 C-1 The Severe Accident Resolution Process C-6 C-2 Identification and Resolution of Severe C-7 Accident Issues (Preliminary) v t
x_;
1.0 INTRODUCTION
Combustion Engineering has announced its intention to pursue a Design Certification in accordance with the Commission's Nuclear Power Plant Standardization Policy Statement of September 15, 1987.
The Commission's Standardization Policy Statement (52FR34884) declares that future reference system designs "are expected to be evolutions of existing proven LWR designs". Accordingly, Combustion Engineering is enhancing the System 80R standard design to meet the requirements of the NRC's Severe Accident and O Staadardizatioa eoiicv Statemeats. The scope of the imaroved design, called the System 80+ Standard Design, will include the Nuclear Steam Supply System, the emergency feedwater systere, the containment, and the control room (collectively refered to as the Nuclear Power Module) as well as detailed Standardized Functional 1
Descriptions for all other systems requiring regulatory review.
This expanded scope, depicted in Figure 1, will provide sufficient information to enable the Staff to conclusively reach the required public health and safety datermination for the System 80+ Standard Design.
O FIGURE 1 SCOPE OF THE SYSTEM 80+ STANDARD DESIGN O auc't^a aowea aoou's
- 2. Safety Injection System
- 3. Containment Isolation System
- 4. Engineered Safety Features Actuation System
- 5. Fuel Handling System
- 6. Chemical and Volume Control System
- 7. Shutdown Cooling System
- 8. Containment Spray System
- 10. Control Systems
- 11. Monitoring Systems
- 12. Nuclear Instrumentation
- 13. Control Room
- 14. Containment Buildin,
- 16. Safety Depressurization System
- 17. Main Steam and Feedwater Instrumentation and Component Control; STANDARDIZED FUNCTIONAL DESCRIPTIONS Detailed descriptions for all other plant systems to enable the Staff to reach the required public health and safety determination for the System 80+ Standard Design.
CONTAINMENT b -
h CONTROL ROOM STANDARDIZED FUNCTIONAL .
NSSSs MAYA t iiEE6641Fifi61iuV o x V EMERGENCY FF2DWATER SYSTEM 2-
The NRC Staff believes that the safety review of CESSAR-DC will proceed more smoothly if certain licensing review bases are established as early as possible. This Licensing Review Bases (LRB) document will, therefore, be used to outline the development of acceptance criteria for key. areas of the Staff's review of System 80+ and to establish a clear definition of the schedule, process and administrative matters which will be used to review and certify the System 80+ Standard Design. The LRB, in conjunction witn the acceptance criteria to be developed, is intended to serve as guidance for the NRC Staff review of material submitted in compliance with criteria that go beyond current regulations (e.g., the Severe Accident Policy).
The development of LRB is particularly important because:
(1) a Design Certification process has not yet been fully defined by the Commission, (2) System 80+ will be the first pWR standard design to proceed to Design Certification, (3) the System 80+ Standard Design will include features not required by the existing rules and regulations of the Commission as defined by the Severe Accident Policy Statement, O
O :'
(4) review procedures and acceptance criteria have not yet been established for a standard plar,t PRA, and ,
t (5) acceptance criteria have not been fully established for the ,
resolution of Unreviewed Safety Issues / Generic Issues (USIs/GIs) and degraded core issues, i
The staff fully supports the efforts of Combustion Engineering to P
i obtain Design Certification for the System 80+ Standard Design.
Once the design has been certified, it can be referenced by a i
number of applicants for use on a number of different sites without further design review. ,
f I
O To accomplish this objective, the design must be described in sufficient detail to ensure that all regulatory matters at issue ,
l are adequately addressed and closed prior to comoletion of the Design Certification process. This would ensure that, when an i
- applicant references the certified design, the staff can limit ,
t j its review to a compliance review which would confirm that the l
plant was built in accordance with tha System 80+ Standard Design (the Nuclear Power Module and the Standardized Functional I Descriptions) established and certified in CESSAR-DC. !
l
[
l '
?
O l j
j i
b
l I
I O
l 1.1 Scope and Content of CESSAR-0C i l
6 The System 80+ Standard Design will use, as a starting point, the ,
r design covered by the current FDA and described in CESSAR-F. By utilizing this "FDA Design *, Combustion Engineering is starting with a reference design which already complies with current NRC regulations and requirements for existing plants. This compliance is highlighted ;
by the fact that Palo Verde Units 1, 2 and 3 referenced the CESSAR FDA l in their successful operating license applications.
The expansion of the System 80 design to include the Nuclear Power Module and detailed Standardized Functional Descriptions will ensure ;
4 O that adeauate informatioa is provided to t8e Staff to eeabie aii l
safety issues for the System 80+ Standard Design to be fully addressed '
and closed during the Design Certification Process. Furthermore, experience in the previous review of System 80 for its current Final Design Approval (FDA) provides reasonable assurance that the Staff can !
receive all of the information needed to complete its review of the l
, System 80+ Standard Design with a level of detail sufficient to close out all applicable regulatory review issues, j Since the objective of this program is to certify the System 80+
I Standard Design prior to identificatim of the utility applicant, the l site or sub-suppliers, it is necessary that the level of detail i .,i ' e sufficient information to enable the Staff to complete its O !
- i 5-i
O review without posing anti-competitive constraints. Prior CESSAR-F-experience has shown that this should not represent a limitation on the Staff's ability to complete its review. The depth of design information needed to conduct this review is the level which demonstrates compliance with NRC regulations sufficient to close out all applicable safety issues.
As required by the Severe Accident Policy Statement (50FR32138),
CESSAR-DC will describe System 80+ changes required to demonstrate the technical resolution of all applicable Unresolved Safety Issues, the medium- and high-priority Generic IssJes, and other issues identified in the Severe Accident Policy Statement. As discussed in the previous O . ara ra,8. CESSAR-DC wiii contaia sufficieat iaformatioa to aermit 18e Staff to complete its review of the System 80+ Standard Design and, hence, to resolve all applicable saftty issues.
O O
1.2 Scope and Content of Future Applications Referencino CESSAR-DC !
3 When the certified System 80+ Standard Design is referenced in an application, the Staff's review of matters related to the approved !
design need consider only whether the site envelope parameters and the '
Standardized Functional Descriptions have been satisfied in the ,
referencing application. Specifically, for the site envelope and those areas in the remainder of the plant where CESSAR-0C has specified Standardized Functional Descriptions, the applicant will only have to demonstrate compliance with them. No further review of I the referenced design itself (the System 80+ Standard Design) will be i
required when the site envelope parameters fall within the design 0 #v ioa. ma ii st mo rdiz d r##ctiom i o scriatioa re s.tisfied.
4 I
t a
d f
i !
i i
) O i 1
) l 1
J
O 2.0 SCHEDULE i The schedule for submitting groups of CESSAR-DC chapters is shown in Table 1 and the schedule for NRC review of those submittals is shown in Figure 2. The review schedule shows an average review period of six months for each submittal group. This is an appropriate review :
period for CESSAR-DC chapters which describe the NSSS since the NSSS is based on System 80 which has already been reviewed and approved. ;
I Additional time may be required for review of the expanded scope items !
(the control room, emergency feedwater system and the containment).
To facilitate meeting this schedule, early meetings will be encouraged
- and any resulting schedule commitments will be documented by NRC in O "'n tiae iavt or ad -
i .
i i
- O ;
l i
l
O G,1 O CESSAR-DC Submittal Schedule Revision of Implementation CESSAR-DC Draft
- Subalttal CESSAR-DC of -Submittal SFR Group Description Chapter (Sections) EPRI Chapter Date Issues-Al General Descriptions and I (all) 1 Submitted March 1988 Requirements Sept. 1987 A2 Power Conversion System, 10 (10.1,10.3.10.4) 2 Submitted May 1988 Quality Assurance 17 (all) Nov. 1987 B Reactor Coolant System, 4 (all) 3&4 Feb. 1988 August 1988 Chemical and Volume Control 5 (5.1.5.2,5.4)
System, Process Sampling 9 (9.3)
- System, Boron Recycle System C
- Reactor Coulant System, 3 (3.1,3.2,3.6,3.9) 5 March 1988 Sept. 1988 Emergency Feedwater System, 5 (5.3,5.4.5A,58,5C)
Safety Injection System, 6 (6.1,6.3,6.6,6.7)
Shutdown Cooling System 10 (10.4)
!
- D Building Design & Site 2 (all) 6 & 10 Sept. 1988 March 1989 e Arrangements, Instrumenta- 3 (3.3-3.5.3.7,3.8,3.10 a
tion & Control Systems, 3.11,3A)
F m n Factors Engineering 5 (5.4) 6 (6.2,6.4,6.5,6A,6B) 7 (all), 18 (all)
E Fuel Handling Systems, 8 (all) 7 - 13 Dec. 1988 June 1989 Radioactive Waste Systems 9 (9.1.9.2,9.4,9.5) (except 10) i 10 (10.2.10.4) 11-14 (all)
F Safety Analyses, Probabi- 6 (6.3) -
June 1989 Dec. 1989 listic Risk Assessment, 15-16 (all)
Technical Specifications Appendices (all)
Integrated Review All -
June 1989 June 1990 Receive FDA Amendment - - -
June 1990 t
Receive Design Certification - - -
Sept. 1991 l
1
_ _ . . . , , - . . - - . - _ , _ _ - . .. _-__ . , , _- -- - -, .. . _ _,,, . . __..__ ,, _ _ _ _ _ _ . - _ . , ~ . - - ._. _ . - - - - . . _
! !' i l l l! - ;I.
O g 2
9 s -
Y F
s
- g DT EN UE E S SM I
O a
L N RN EE s 9
1 Y
U O I
T SM LA F
D A C
I A A N D I
8 E NF GIT FF l
H I
SR EE DC C : .
0 2
S a 9-Y F
E oWG I
F W
E
.* s g
_. I F V W D a E E E
I U 9 V S R
n . S a 8 E -
R E I
Y R F
_ D E C E T
A S
T i
_ R R G
e .
F A
R CL g
N E T
N C
i I
AI SM 8
,W
/. SB 8 B .
EU s Y
CS F
.5 A i j
2 i
7 8 -
s Y F
O I O
_,! )j' j
i
[
O !
3.0 CONTENT OF APPLICATION 3.1 Dual Docket Approach i
I 1
A second (separate) docket will be created which includes all of the
- existing information and history of the current System 80 docket, s
docket number STN 50-470. As shown in Figure 3, the new docket will i be utilized to describe the System 80+ Standard Design and to, thus, provide the basis for the Design Certification Rule. This approach will allow current System 80 users to reference the first (current) docket while, at the same time, allowing for development of the System i 80+ Design Certification Rule, l O :
3.2 CESSAR-DC Format l The safety review of the System 80+ Standard Design for Design i !
l Certification will be performed by NRC reviewers who are accustomed to 1 r working with the format and organization of the NRC's Standard Review l Plan (NUREG 0800) and Regulatory Guide 1.70 (Standard Format and Content of Safety Analysis Reports for Nuclear Power Plants). l
! CESSAR-F has already been reviewed and approved by the NRC Staff for the current FDA. Combustion Engineering will, therefore, make !
I revisions in CESSAR-DC in a format consistent with past review t experience and in full compliance with Section B.3 b of the i Commission's Severe Accident Policy Statement. !
O !
I !
- O O O
{
! FIGURE 3 t l
DUAL DOCKET APPROACH
]
i I
I l
l PV-1 PV-2 PV-3 WNP-3
-~
Docket No. STN 50 - 470: ll-,
CESSAR - F L__J l I
^
I A, FDA j PDA FDA-2 : Amendment i
! s i I
l ?
l l I
1 l l l
Design
- ^
f_ ,- - - - - - - - - - r_ _t - - - -
^
A A Certification DC Rule
) '
FDA Amendment -
a 4
4
O V
3.3 CESSAR-DC Amendment identification The CESSAR-0C submittals outlined in Table 1 will consist of changes to existing CESSAR-F material in Chapter-by-Chapter packages. Bars with amendment identifiers will be provided in the margins to indicate all areas of change relative to CESSAR-F and the CESSAR-DC amendment identifier and date will be provided at the bottom of each amended page, t
i 4
f O
13 -
.O 4.0 INCORPORATION OF NEW ISSUES As stated in the~ Severe Accident Policy Statement (Section 7), the Commission expects that future plant designs will meet current regulations and will address new issues such as the resolution of US!s and GIs, Probabilistic Risk Assessment, and degraded core analyses.
Combustion Engineering will address these new issues such that there are no open items when the NRC issues the FDA Amendment for CESSAR-DC (see Section 7 and Appendices A, B, and C for more detail).
Combustion Engineering is committed to full implementation of the Severe Accident Policy Statement and will include resolutions for all applicable USIs and High- and Medium-priority GIs in the System 80+
0 Standard oesign.
By issuing FDA-2 to Combustion Engineering and by issuing Operating Licenses to Palo Verde Units 1, 2, and 3, the Commission recorded its determination that the System 80 design meets the existing rules and regulations of the Commission and provides adequate protection to the health and safety of the public. Since the System 80 design has already received an FDA, the requirements of the Backfit Rule apply to NRC-required revisions to the design beyond those sponsored oy Combustion Engineering. That is, the final regulatory standard for Staff required changes beyond those offered by Combustion Engineering will be the cost-benefit provisions of the Backfit Rule. Combustion Engineering will be required to make additional changes to the design only if analyses show that the costs of such changes are justified by the increase in the overall protection of public health and safety that would be provided.
O O
O 5.0 REVIEW PROCEDURES j i
5.1 Overview of NRC Staff Review [
Each NRC reviewer will be provided a complete copy of the CESOAR-F Safety Evaluation Report (NUREG 0852 and supplements). After reviewing this report, NRC Staff will review the design changes identified in CESSAR-DC to confirm that compliar.ce with NRC rules and regulations remains valid; that is, equal to or more conservative than l what is stated in the existing CESSAR-F Safety Evaluation Reports.
The NRC Staff will then confirm that the design changes comply with
{
the guidance of the Standardization and Severe Accident Policy !
t O Statemeats. l t
Proposed acceptance criteria and design features suitable for [
resolution of all applicable USIs and High- and Medium-Priority G!s !
will be proposed and documented by Combustion Engineering in an appendix to CESSAR-DC. The NRC Staff will review the acceptance criteria and proposed resolutions to these USIs and Gls on a schedule !
consiscent with NRC review of CESSAR-DC chapters (Section 2). ,
Combustion Engineering has conunitted to the provision of a sufficient l level of information [through detailed Standardized Functional Descriptions (Section 8.3)] to allow the NRC Staff to complete its O l l t
- i
6 O
review of the System 80+ Nuclear Power Module and conclusively reach the required public health and safety determination. NRC Staff acceptance of the Standardized Functional Descriptions will fix the requirements for the remaining portions of the Standard Design outside the scope of the Nuclear Power Module.
5.2 Format of Safety Evaluation Report Because CESSAR-DC will be submitted as revisions to groups of chapters over a two year period, the Safety Evaluation Report will be issued initially in draft form and in sections (see Section 2, Figure 2 for O the sc8eduie). it wiii be imaartaat to carefoiis document o,ea issues that may be identified in the review process which cannot be resolved until the completion of later chapters. Each draft SER section will contain a full description of such issues and will be issued at the completion cf the Staff's review of each submittal. The Staff's final Safety Evaluation Report for the System 80+ Standard Design will be issued after an integrated review is completed and will be in the same form used for other reactor licensing applications. [ Combustion Engineering will maintain an updated checklist which identifies outstanding issues and the future chapter (s) in which resolution is anticipated. Open items identified by the Staff will be added to this tracking list by Combustion Engineering).
O i
O With respect to US!s and G!s, the draft SERs will address the acceptance criteria and proposed resolution and provide the Staff's preliminary concurrence as appropriate. Sta'f approval of these criteria and resolutions will be finalized when all CESSAR-DC chapters have been submitted and the integrated review has been completed.
5.3 Questions and Responses As the Staff's review progresses, there is likely to be a need for additional information from Combustion Engineering. The NRC procedure to be used is described below. This procedure will be applied to the O resoiution of aii NRC avestions. To imorove the efficieecx of t8e review, the NRC Staf' eticourages informal communication while assuring that resolntion of issues is formally documented. Throughout this process all written (formal) communications to Combustion Engineering will be directed to the Director of Nuclear Licensing and all informal communications will be directed to the Manager of Standard Plant Licensing, The steps are as follows:
- 1. After a CESSAR-DC submittal is received, reviewers will be I expected to review the revisions in detail and, if necessary, sutmit requests for additional information (RAls) to the NRC Project Manager (PM). Key RAI items will be submitted within one month and a complete RAI within two months after the CESSAR-DC chapters have been received.
h i
O !
l
- 2. The NRC PM will compile the RAls as they are received, and transmit them imediately to Combustion Engineering. Through i informal communications with Combustion Engineering, such as conference calls, the RAls will be further reviewed with some I being answered informally and/or withdrawn. Some RAls may include requests for information that is not expected to be available until the submittal of a later CESSAR-DC chapter, i These RAls will be deferred to future chapter submittals and the
.; l draft SER will be written accordingly. A final RAI transmittal t to Combustion Engineering will be completed within two weeks ,
after the RA!s have been subm'tted to the NRC PM (about two months after submittal of CESSAR-DC chapters). ;
O !
. 3. Combustion Engineering and the NRC Staff will mutually agree on a meeting schedule. The meetings are expected to begin during the third month after submittal of each CESSAR-DC chapter and should be completed during the fourth month. ;
i j
[
- 4. The NRC PM and the reviewer (s) will document the results of the l
- L meetings and Conibustion Engineering will formally respon( to the final RAI by the end of the fifth month, i
1
[
- 5. Staff reviewers will be expected to complete their sections of
- the SER within one more month so that a draft SER for each l CESSAR-DC submittal will be available within six months.
4
- is - !
! l
, , = _ . . _ _ . . _ . ,__--
l O l Every effort will be made to make the first rounci of RAls the only one (
! necessary. If the NRC Staff believes a second round of RAls is i
necessary, however, tite same procedure will oe followed, but it is expected that a shorter schedule will be used. For the first round of l t
RAls, the above schedule shows a 6 month review for each CESSAR-DC submittal group listed in Table 1. If a second round of RAls is i necessary, however, a total of approximately nine months may be required, i j
5.4 Integrated Review t
At the completion of the review of the individual CESSAR-DC chapters. [
O the same staff reviewers who condveted the individuai chapter reviews !
will perform an integrated review of the complete CESSAR-DC to ensure all open review issues are resolved. This review will complement the PRA and safety analysis reviews, in that it will be an overall l assessment of the design. The Staff will issue a composite final SER i
in accordance with the schedule described in Section 2. There will be i
no open issues at the completion of the NRC Staff review and issuance
]
of the FDA amendment.
) O f
.-_..7_
_ , ,__y_ ___-_ -,,.m____,, .-_m,- _ . _ _ ~r._ -. , ,
O 6.0 ACRS PARTICIPATION One step in the design review of a standard pi is the independent review by the Advisory Committee on Reactor Safeguards (ACRS). The NRC PM will keep the ACRS informed of the progress of the review and will forward co91es of CESSAR-DC chapters as they ar3 submitted, along with copies of the draft SERs as they are issued. In addition, the NRC PM will schedule a meeting with the ACRS to discuss the final SER.
O 4
l l
l l
O l
I
7.0 SEVERE ACCIDENT p0LICY 7.1 Introduction On August 8, 1985, the Commission issued a policy statement on severe accidents (50FR32138, "Policy Statement on Severe Reactor Accidents Regarding Future Designs and Existing Plants"). The policy statement provides general criteria and procedures for the licensing of new plants, and sets goals and a schedule for the systematic examination of existing plants. The Commission encouraged the development of new designs that might realize safety improvements and stated that the Commission intended to take all reasonable steps to reduce the chances O of occurrence of a severe accident and to mitigate the consequences of such an accident, should one occur. The Commission's general licensing criteria for future plants are specified in the policy statement.
The Commission further recognized the need to strike a balance between accident prevention and consequence mitigation, through a better understanding of containment performance, with the understanding that new performance criteria for containment systems might need to be established. The Commission also recognized the importance of potential contributors to severe accident risk such as human performance and sabotage, and determined that these issues
O should be carefully analyzed and considered in the design and operating procedures for the facility. As indicated below, Combustion Engineering will meet the guidance specified for new plants.
7.2 Compliance With General Licensing Criteria 7.2.1 TMI Requirements for New plants Combustion Engineering will comply with all regulations applicable to the System 80+ Standard Design which are listed in 10 CFR 50.34(f).
O 722 a soi#tio" of uSis and GSis The process for developing the resolution of USI's and GI's is provided in Appendix A.
7.2.3 probabilistic Risk Assessment The process of preparing and using the System 80+ Standaru Design PaA is provided in Appendix B.
O
7.2.4 NRC Staff Review The approach to the Staff review of CESSAR-DC is described in Sections 2 through 5 of this document. The process for the review of degraded core analyses complemented by PRA is discussed in Appendix C.
i 7.3 Severe Accident Performance Goals This section describes the goals, or approximate values, for severe accident performance criteria. These goals are consistent with the guidance of the NRC's Safety Geal PC '.:y. The NRC Staff O wiii use these soais durias the review of the System 80+ Standard Design, but they will be considered as guidance, not as firm r.riteria.
One of Combustion Engineering's objectives for the development of the System 80+ Standard Design is to be responsive to utility requirements for increased public safety and protection of plant investment. The approximate goals stated in the following sub-sections were developed to meet those utility requirements while remaining consistent with NRC guidance.
O s
O 7.3.1 Prevention of Core Damage Compliance with current regulations provides adequate protection of the public and the safety analyses ensure that the reactor core is protected consistent with those regulations. The EPRI ALWR Requirements Document provides Utility requirements for an improved nuclear plant. One of the broad objectives of these requirements is to provide adequate protection of plant investment. One of EPRI's criteria for increased protection of plant investment is the estimated mean annual core damage frequency target (including both internal and external events) of
-5 events per reactor year. Another of EPRI's less than 1 X 10 O cr4terie for increased protection of niant iavestmeat 4s thet ao core damage should be predicted to occur for a near instantaneous pipe break with an equivalent diameter of six inches (using best estimate methodology).
The above EPRI criteria are being applied by Combustion Engineering as goals in the development of the System 80+
Standard Design. The actual values finally used will depend on the methodology applied and the design improvements implemented (which will be discussed with the NRC during the review of CtSSAR-DC).
O
,, -r m - - --,-, .g ----
7.3.2 Mitigation of Core Damage Consistent with the defense-in-depth principle, the design of the System 80+ Nuclear Power Module will provide protection against containment failure in the event of a severe accident.
The expected containment design features will include:
- a. a large dry containment,
- b. measures to reduce the probability of early containment failure, O ;
- c. a conservative design basis accident (guillotine pipe break),
- d. severe accident hydrogen control (considering 75% active fuel-clad metal water rea: tion and a maximum hydrogen
, concentration of 13% by volume),
- e. measures to prevent containment damaging hydrogen I l
l detonation, I
l
- f. an in-containment refueling water storage tank, O
i l
O
- g. reliable containment heat removal systems, and
- h. consideration of severe accidents in design of the containment and the reactor vessel cavity configuration.
7.3.3 Offsite Consequences for Severe Accidents Compliance with current regulations provides adequate protection of the public and the safety analyses ensure that the reactor is protected consistent with those regulations. The EPRI ALWR Requirements Document provides additional Utility desires for an improved nuclear plant. Another broad objective of these O requirements is to increase public safety. Accordingly, the guidance for offsite consequences will be:
In the event of a severe accident, the dose beyond a one-half mile radius from the reactor is not expected to exceed 25 Rem to the whole body. The expected mean frequency of occurrence for higher off-site doses is expected to be less than once per million reactor years, considering both internal and external events.
O
. . = _. .. . .- . . . . .
The above EPRI input will be applied by Combustion Engineering as guidance in the development of the System 80+ Standard Design and ,
not as firm criteria. The actual values finally used will depend on the methodology applied and the design improvements implemented (which will be discussed with the NRC during the review of CESSAR-DC).
I O
r 6 i 8
O I
._, ~._. _ _--__ _ ._ _ _ _ - _ _ _ _ _ _ _ _ _ - _ _ _ _ _ _ . , ____ _ , . _ _ . _ _ _ _ _ . . , - . . _ _ . _ .
8.0 ADDITIONAL ISSUES 8.1 Physical Security and Sabotage The System 80+ Standard Design is being developed in accordance with all current NRC regulations and guidance regarding the physical security of nuclear power plants and the prevention of sabotage. It is intended that the final design be sufficiently complete in this respect, through either detailed design requirements, Standardized Functional Descriptions (Section 8.5), or general guidance supplemented by PRA results, to allow the development of a comprehensive security plan that will ensure the safety of the O es-built feciiity wili coatiaue to be acevretely described by the certified design.
8.2 Site Envelope parameters The System 80+ Standard Design is based on assumed site-related parameters, to be discussed in CESSAR-DC, that were selected so as to be applicable to the majority of potential nuclear power plant sites in the United States. Therefore, despite variai. ions in site parameters from the assumed values at most specific locations, the System 80+ Standard Design can be expected to meet the necessary regulatory requirements. A nearly identical site envelope was reviewed by the NRC for the CESSAR-F FDA and the NRC concluded in 0
l O
the Safety Evaluation Report that the site-related information provided in CESSAR-F adequately described the site parameters postulated for the design, and that the design had been adequately analyzed and evaluated in terms of such parameters.
8.3 Completeness of Desian Documentation The level of detail of information provided in CESSAR-DC will be that which is necessary and sufficient for assuring conformance to NRC regulations and for closing out all applicable CESSAR-DC review issues.
O Design documentetion for systems, structures and components with4n the System 80+ Standard Design will include, as appropriate:
- 1. Design Basis Criteria
- 2. Plant General Arrangements of Structures and Components
- 3. Process and Instrumentation Diagrams
- 4. Control Logic Diagrams
- 5. System Functional Descriptions
- 6. Supporting Design Data
- 7. Quality Assurance Program
- 8. Design Related Aspects for the Emergency Plans O
i I
O
- 9. Design Related Aspects for the Physical Security program
- 10. ALARA/ Radiation Protection Plan
- 11. Accident Analyses
- 12. Technical Specifications
- 13. Probabilisti: Risk Assessment In a limited number of cases where detailed design information is not available, information on methods, procedures, and acceptance criteria will be provided.
8.4 program for the Assurance of Quality in Design r
The Combustion Engineering Quality Assurance Program is described in topical report CENPD-210A, Revision 4, "Quality Assurance Program",
dated January, 1987, and letter LO-87-070, A. E. Scherer (C-E) to J. W. Roe (NRC), dated December 15, 1987. This program has been found to be compliant with the provisions of Appendix B to 10 CFR 50.
8.5 Standardized Functional Descriptions In order to ensure that all applicable regulatory issues are closed i
out during the NRC Review and Design Certification process, the Interface Requirements (irs) of the current CESSAR-F will be replaced by detailed Standardized Functional Descriptions (SFOs). These SFOs will provide significantly more information than the irs of CESSAR-F.
O O
The level of detail in the SFDs will be sufficient to enable the Staff ec to make the required public health and safety determinations for the System 80+ Standard Design. The SFDs will be located in CESSAR-DC consistent with the format guidance of Regulatory Guide 1.70 for "balance-of-plant" systems.
The SFDs will provide detailed descriptions for systems outside the scope of the Nuclear Power Module, which are relied upon to make safety determinations for the System 80+ Standard Design. The SFDs will identify the acceptance criteria that will ensure these safety determinations remain valid. The SFDs will begin with a discussion of the safety-related design bases of the system to which it applies. To O suggort these desion beses, the SFD wili eiederate further end provide a description of the system configuration and a detailed functional description of the system features necessary to meet NRC requirements.
These functional descriptions will include specific performance criteria, applicable codes and standards governing the system design, system arrangement criteria, pipe and valve performance criteria, I&C requirements, appropriate safety-related EPRI ALWR requirements, and installation requirements necessary to make the required health and safety determination for the System 80+ Standard Design. A safety evaluation will enumerate those acceptance criteria that will i 1
l 0
ii O
ensure that a system malfunction will not adversely impact Nuclear Power Module safety. Feedback from the System 80+ PRA may provide system reliability acceptance criteria which will be included in the SFDs. Additionally, the SFDs will provide the material selection requirements, fabrication requirements, testing and inspection requirements, and the appropriate chemistry requirements needad to ensure safe and reliable operation.
l The goal of the SFD is to provide the Staff reviewers with a f sufficient level of detail such that (1) the Staff can conduct a i
review of the System 80+ Standard Design and close out all applicable !
regulatory review issues and (2) the Staff's review of a future ,
() application referencing the System 80+ Standard Design can be limited to a simple compliance review (i.e., a review to confirm that all systems meet the certified acceptance criteria and interface requirements enumerated in the SFDs).
8.6 Instrumentation and C;ntrols The standards and criteria to be used by Combustion Engineering in the design of Instrumentation and Control Systems and by the Staff in the review of these systems are presented in Appendix D.
t I
v O ,
8.7 Generic Letters and IE Bulletins Combustion Engineering will evaluate lists of Generic Letters and Inspection and Enforcement Bulletins (IE) for possible consideration in the System 80+ Standard Design. This will help ensure that all potential Staff concerns are addressed in the design process.
8.8 Maintenance and Surveillance The development of detailed design requirements, standard technical specifications and Standardized Functional Descriptions, supplemented by an evaluation of PRA results, will ensure thit sufficient O maintenaace suidance wili be made aveilabie to the utiiity angiicant.
This documentation will allow the development of a comprehensive maintenance program that will ensure that the safety of the as-built facility will continue to be accurately described by the certified design.
8.9 Safety Goal policy Statement On August 4,1986, the Cownission published a Policy Statement on "Safety Goais for the Operation of Nuclear Power Piants" (51 FR 28044). This policy statement focuses on the risks to the public from nuclear power plant operations. Its objective is to establish goais that broadly define an acceptable level of radiological risk.
O
- 3a - ;
_y- _ _. . .,. . . - _ __ - _ . - - - . _ , , , . .,7
The implementation guidance that is developed by the Staff will -- as appropriate -- be applicable to the System 80+ Standard Design.
Combustion Engineering will apply the severe accident performance goals of Section 7.3 as approximate criteria (or targets) during the design and analysis of the System 80+ Standard Design.
8.10 Standardization Policy Statement Consistent with the Commission's Standardization Policy Statement, Combustion Engineering's System 80+ Design Certification Program emphasizes the development of a standard design based on the evolution of a proven technology. The System 80+ Design Certification Program O wili be conducted in accordance w4th the Standardizat4on Poiicy end any final Standardization Rule established by the Commission. It will be necessary, however, for the NRC Staff to keep Combustion Engineering informed concerning the nature of the pending Standardization Rule to avoid last minute delays.
! O i
O 9.0 FINAL DESIGN APPROVAL In August 1985, Combustion Engineering requested that the CESSAR FDA (FDA-2) be amended to permit forward referenceability in accordance with the NRC Severe Accident Policy Statement. Upon completion of NRC Staff review of that request, the Staff will issue a forward referenceable FDA Amendment that will be applicable to both dockets, as described in Section 3.1.
When the NRC Staff completes its review of CESSAR-DC, the FDA (on the new docket only) will be amended again to document the closeout of all applicable NRC review issues for the System 80+ Standard Design. The O emended FDA wiii be the bas 4 for a System 80+ Desisa Certificatioa Rule.
O
O 10.0 DESIGN CERTIFICATION As indicated in the Standard'.zation Policy Statement, the Commission believes that the use of pre-approved standard plant designs can benefit public health and safety by:
- 1. Concentrating the resources of designers, engineers, and vendors on particular approaches;
- 2. Stimulating standardized programs of construction practice and quality assurance; O a. improvino the traiains of nersonnel: and
- 4. Fostering more effective maintenance and improved operation.
The use of such pre-approved standardized designs can also permit more effective and efficient licensing and inspection by the NRC. The Design Certification concept provides for certifying a reference system design, such as the System 80+ Standard Design, through rulemaking. In this process, the Commission would certify a design r
O .
r.
j 1
(2) after rulemaking proceedings are completed. The Design Certification means that the System 80+ Standard Design has been found acceptable ,
for incorporation by reference in an individual license application. !
The conclusions of the certification rulemaking would be used and relied upon by the NRC Staff, the ACRS, the hearing boards, and the Commission in their reviews of applications that reference the design.
Combustton Engineering's Design Certification Program will be conducted in accordance with the Commission's Standardization Policy and any final Standardization Rule established by the Commission.
O f
i.
,L
() :
i I
-, .._,._,,,.n.,,,,-_ - - - . . . - , . - , , , _ _ _ _ _ , . _ _ , , , - . , . , - . , . , . , , , , . , . _ . . , , , _ , _ , , , . . _ . , . , , , . , , . . - . - - - ,
_ ,7 .- . - _ - , ,,,
-. - -~ - .-.
4 a
O APPENDIX A f i :
1 j.
1 Combustion Engineering Design Certification Program i
r
+
i i l
Process for Resolution of Unresolved and ~
> r
! Generic Safety Issues as Required by the l l
l Severe Accident Policy Statement. l t
4 O ;
2 i
I l
l t
I f l
l l
i i
8 a
l i
I O l 1
A-1 ; .
1 i
.___m-en.*e- w
.e---- - - - . . . e.----- -- - - ----.-me e----i
I O 1. Overview of Process for Resolution of USIs and GIs One of the major goals of Combustion Engineering's Design Certification Program is to develop and obtain NRC certification of a standard design (the System 80+D Standard Design) which meets the requirements of the Severe Accident Policy Statement (SAPS) for future plants. In order to comply with the SAPS, technical resolution of all applicable Unresolved Safety Issues (USIs) and Medium- and High-Priority Generic Issues (GIs) must be demonstrated for the System 80+ Standard Design.
Combustion Engineering will integrate input from related industry programs (e.g., the EPRI Regulatory Stabilization Program) and O '
implement resolutions to the USIs and GIs for the System 80+ Standard Design. Documentation of the acceptance criteria and design features for resolution of the USIs and G!s will be provided in an appendix to Combustion Engineering's Standard Safety Analysis Report - Design Certification (CESSAR-DC). It is expected that NRC Staff will request from Combustion Engineering information necessary to close out all applicable review issues so that a Design Certification rulemaking can be concluded without any open issues or conditions.
II. Acceptance Criteria for Resolution of USIs and GIs The USIs and GIs that are required to be addressed for compliance with the SAPS are identified in the NRC's Generic Issue Management Control A-2
_ - _ . _ _ =
- System (GIMCS). Some of the issues in GIMCS await prioritization (59 as of June 1987). Others have been prioritized into categories of USI, and High , Medium , and Nearly Resolved Generic Issues. Based on the GIMCS listings, the C-E Design Certification Program will identify and resolve the USI's and the High- and Medium-Priority GI's which are found to be applicable to the System 80+ Standard Design. A preliminary list of applicable issues is presented as an attachment to this appendix.
In order to resolve the applicable USIs and GIs, proposed acceptance criteria must first be documented (by either the NRC or by an applicant). Then, resolutions must be proposed and reviewed by NRC Staff. Combustion Engineering will integrate input from various sources (described below) and will coordinate all activities required to prepare proposed acceptance criteria and the corresponding resolutions. Each applicable issue will be resolved and documentation will be submitted on the CESSAR-DC docket. Some issues have already been resolved by the NRC and Combustion Engineering will implement, to the maximum extent possible, the NRC's documented resolutions. If, however, some revisions are necessary, Combustion Engineering will propose alternate resolutions appropriate for the System 80+ Standard Design.
Some issues have not yet been resolved. For those issues which are applicable to System 80+, C-E will review results of the EPRI Regulatory Stabilization Program and DOE's Advanced Reactor Severe Accident Program (ARSAP). To the maximum extent practical, results V
A-3
I from these prograrrs will be implemented for the System 80+ Standard Design.
The EPRI Regulatory Stabilization Program is developing Topic Papers on proposed acceptance criteria for resolution of the USis and GIs which are applicable to Advanced LWR designs. The primary purpose of these Topic Papers is to document criteria for resolution of applicable issues and incorporate NRC review comments into those criteria. The C-E Design Certification Program will address and resolve the USIs and GIs via design features which are expected to be consistent with the criteria in the Topic Papers. In this way, the issues can be closed out by NRC, based on documented criteria which have been reviewed by NRC.
O Topic Papers will also be generated in the ARSAP to address severe accident issues. ARSAP staff have reviewed current information related to severe accidents to identify a composite list of related issues for which Topic Papers will be produced. Some of these Topic Papers may also be applicable to resolution of the USIs and GIs which must be resolved for the System 80+ Standard Design. For these particular USIs and GIs, C-E will integrate input from the DOE ARSAP and present the proposed acceptance criteria and resolutions to the NRC for review and comments.
There may be some USIs and GIs, however, for which Topic Papers are not available from either the EPRI Regulatory Stabilization Program, the DOE ARSAP or from the NRC. For these USIs and GIs, C-E will O
v A-4
develop acceptance criteria and resolutions specific to the System 80+
Standard Design and will obtain NRC approval through documentation in CESSAR-DC.
III. NRC Review process and Documentation proposed acceptance criteria and design features for resolution of applicable USIs and G!s will be documented by Combustion Engbeering in an appendix to CESSAR-DC. The NRC will review this appendix and Combustion Engineering will provide any additional information necessary for preliminary NRC concurrence. Final NRC approval of the proposed resolutions will occur as part of the Design Certification q rulemaking. Combustion Engineering will provide sufficient V information in CESSAR-DC so that the appendix can serve as the primary documentation of acceptance criteria for USIs and GIs during NRC Staff and ACRS reviews.
The NRC will review the acceptance criteria and proposed resolutions to specific USIs and GIs on a schedule consistent with NRC review of the chapters of CESSAR-DC. The schedule for CESSAR-DC submittals to the NRC is provided in Section 2 of this Licensing Review Basis document.
NRC review results will be documented in draft Safety Evaluation Reports (SERs) on the schedule described in Section 2 of this O
A-5
document. The draft SERs will address the acceptance criteria for the USIs and GIs, as well as the resolutions (design features) proposed for the System 80+ Standard Design. NRC's preliminary concurrence with the acceptance criteria and resolutions will be provided in the draft SERs. The draft SERs will be. finalized when all CESSAR-DC chapters have been submitted and an integrated review has been completed by the NRC Staff.
IV. Summary Combustion Engineering's Design Certification Program for the System 80+ Standard Design will resolve all applicable USIs and G!s, as required in the Severe Accident Policy Statement. Input from related industry programs and existing NRC documentation will be reviewed and integrated in order to identify acceptance criteria for resolution of the USIs and GIs.
The resolution of USIs and G!s for System 80+ will be based primarily on acceptance criteria from EPRI ALWR and DOE ARSAP Topic Papers. C-E will integrate these inputs and develop additional criteria, if and where necessary. Documentation of the acceptance criteria and proposed design features for resolution of all applicable USIs and GIs will be provided in an appendix to CESSAR-DC. Combustion Engineering will provide whatever information is necessary to close the USIs and GIs for the System 80+ Standard Design. NRC's preliminary concurrence with the acceptance criteria and proposed resolutions will be documented in the CESSAR-DC draft Safety Evaluation Reports.
A-6
Table A-1 Peg 3 No. 1 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS 002 FAILURE OF PROTECTIVE GSI TO BE REP. 7.4 DEVICES ON ESSENTIAL EQUIPMENT 003 SETPOINT DRIFT IN GSI NEARLY RES 7.1.2 INSTRUMENTATION 012 BWR JET PUMP INTEGRITY GSI MEDIUM NA 014 PWR PIPE CRACKS GSI NEARLY RES 5.2.3 020 EFFECTS OF GSI NEARLY RES 7.1 ELECTROMAGNETIC PULSE ON NUCLEAR PLANT SYSTEMS 022 INADVERTANT BORON GSI NEARLY RES 5.4.6 DILUTION EVENTS 023 REACTOR COOLANT PUMP SEAL GSI O -
rAItURES HIGH 5.4.1 024 AUTOMATIC EMERGENCY CORE GSI TO BE REP. 6.3 COOLING SYSTEM SWITCH TO RECIRCULATION 029 BOLTING DEGRADATION OR GSI HIGH 5.2.3 FAILURIS IN NUCLEAR PLANTS 036 LOSS OF SERVICE WATER GSI NEARLY RES 9.2.1 038 POTENTIAL RECIRCULATION GSI TO BE DET. 6.1.2 FAILURE AS A CONSEQUENCE OF CONTAINMENT PAINT OR DEBRIS
! 040 SAFETY CONCERNS ASSOC. GSI NEARLY RES NA WITH BREAKS IN THE BWR SCRAM SYSTEM 045 INOPERABILITY OF GSI NEARLY RES 7.1 INSTRUMENTS DUE TO EXTREME COLD WEATHER
(
A-7
1 l
Pego No. 2 1
01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
()
j ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+ 1 DESIGN CERTIFICATION '
ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS 048 LCO FOR CLASS 1E VITAL GSI NEARLY RES 16 INSTRUMENT BUSES IN OPERATING REACTORS 049 INTERLOCKS AND LCO'S FOR GSI MEDIUM 7 OR 8 REDUNDANT CLASS 1E TIE BREAKER 050 REACTOR VESSEL LEVEL IN GSI NEARLY RES NA BWRS 051 PROP. REQ.FOR IMPROVING GSI MEDIUM 9 REL.0F OPEN CYCLE SER.WTR 055 FAILURE OF CLASS 1E GSI TO BE REP. 8.3 SAFETY RELATED SWITCHGEAR CIRCUIT BREAKER TO CLOSE ON DEMAND
() 057 EFFECTS OF FIRE GSI TO BE DET. 7 OR 9 PROTECTION SYSTEM ACTUATION ON SAFETY RELATED EQUIPMENT 061 SRV DISCHARGE LINE BREAK GSI MEDIUM NA INSIDE TO WETWELL AIRSPACE OF MARK I & III CONTAINMENT 062 REACTOR SYSTEMS BOLTING GSI TO bz 7FT. 5.2.3 APPLICATIONS 063 USE OF EQUIPMENT NOT GSI 4:c .t NA CLASSIFIED AS ESSENTIAL TO SAFETY IN BWR TRANSIENT ANALYSIS 065 PROBABILITY FO CORE MELT GSI HIGH PRA APPCX DUE TO COMPONENT COOLING WATER SYSTEM FAILURES 066 STEAM GENERATOR GSI NEARLY RES 5.4.2 REQUIREMENTS O
Pago No. 3 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WEF.E EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION l ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS 067 STEAM GENERATOR STAFF GSI MEDIUM 5.2 ACTIONS 067.7 STEAM GENERATOR STAFF GSI MEDIUM ACTIONS-EDDY CURRENT TESTS 068 POSTULATED LOSS OF AFWS GSI HIGH 10.4 RESULTING FROM TURBINE DRIVEN AFW PUMP ST2AM SUPPLY LINE BREAK 069 MAKE-UP NOZZLE CRACKING GSI NEARLY RES NA IN B&W PLANTS 070 PORV AND BLOCK VALVE GSI MEDIUM S RELIABILITY 071 FAILURE OF RESIN GSI O DEMINERALIZER SYSTEMS AND TO BE DET. 9.3 THEIR EFFECTS ON PLANT SAFETY 072 CONTROL ROD DRIVE GUIDE GSI TO BE DET. 4.5.2 TUBE SUPPORT PIN FAILURES 073 DETACHED THERMAL SLEEVES GSI TO BE DET. 5.4.3 075 GEN. IMPLICATIONS OF ATWS GSI NEARLY RES 7.1 EVENTS AT SALEM 077 FLOODING OF SAFETY GSI HIGH 6 EQUIPMENT COMPARTMENTS BY BACKFLOW 078 MONITORING OF FATIGUE GSI TO BE DET. 5.2 TRANSIENT LIMITS FOR REACTOR COOLANT SYSTEM 079 UNANALYZED REACTOR VESSEL GSI MEDIUM 5.3.2 THERMAL STRESS-COOLDOWN O
I
Pago No. 4 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
()' DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS 092 BEYOND DESIGN BASES GSI MEDIUM 9.1 ACCIDENTS IN SPENT FUEL POOLS 083 CONTROL ROOM KABITABILITY GSI NEARLY RES 18 084 CE PORVS GSI NEARLY RES 5.2 086 LONG RANGE PLAN FOR GSI NEARLY RES NA DEALING W/SSC IN BWR PIPING 087 FAILURE OF HPCI STEAM GSI HIGH NA LINE WITHOUT ISOLATION 088 EARTHQUAKE AND EMERGENCY GSI TO BE DET. 2 & 13 PLANNING 089 STIFF PIPE CLAMPS GSI TO BE DET. 5.4.3 091 MAIN CRANKSHAFT FAILURE GSI NEARLY RES 8 IN TRANSAMERICA DELAVAL EDG'S 093 STEAM BINDING OF GSI HIGH 10.9.4 AUXILIARY FEEDWATER PUMPS 094 ADDITIONAL LTOP FOR LIGHT GSI HIGH 5.3.2 WATER REACTORS 095 LOSS OF EFFECTIVE VOLUME GSI TO BE DET. 6.2.2 FOR CONTAINMENT RECIRCULATION 096 RHR SUCTION VALVE TESTING GSI TO BE DET. 5.4.7 099 RCS/RER SUCTION LINE GSI HIGH 5.4.7 INTERLOCKS ON PWRS 100 OTSG LEVEL GSI TO BE DET. NA 101 BWR WATER LEVEL GSI HIGH NA REDUNDANCY
() i
_ , - , - . - . - , -,e-.
.a, ,- ,,-,- , - - - - , __ __ - _-.
P0g3 No. 5 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIO RITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILIT) TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS 102 HUMAN ERROR IN EVENTS GSI NEARLY RES 18 INVOLVING WRONG UNIT OR WRONG TRAIN 103 DESIGN FOR PROBABLE GSI NEARLY RES 2 ,
MAXIMUM PRECIPATATION 104 REDUCTION OF BORON GSI TO BE DET. 15.4.6 DILUTION REQUIREMENTS 105 INTERFACING SYSTEMS LOCA GSI HIGH NA AT BWRS 106 PIPING AND USE OF HIGHLY GSI TO BE DET. 6 COMBUSTIBL2 GASES IN VITAL AREAS 107 GENERIC IMPLICATIONS OF GSI TO BE DET. 8 MAIN TRANSFORMER FAILURES 109 REACTOR VESSEL CLOSURE GSI TO BE DET. 15.6 FAILURE 110 EQUIPMENT PROTECTION GSI TO BE DET. 6.0 DEVICES ON ENGINEERED SAFETY FEATURES 113 QUALIFICATION TESTING OF GS*: TO BE DET.
3.9.2
) LARGE BORE HYDRAULIC
SSPS 116 ACCIDENT MANAGEMENT GSI TO BE DET. 18 117 ALLOWABE OUTAGE TIMES FOR GSI TO BE DET. 7 OR 16 DIVER!iE SIMULTANEOUS E Q U I P:.4 E N T O U T A G E S I
118 TENDON ANCHORAGE FAILURE GSI TO BE DET. '
3.8 I
t
(:)
Pago No. 6 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR 7PPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS i
120 ON-LINE TESTABILITY OF GSI TO BE DET. 3.9.6 PROTECTION SYSTEMS 121 HYDROGEN CONTROL FOR GSI HIGH 6.2 LARGE DRY PWR CONTAINMENTS 122.1A COMMON MODE FAILURE OF GSI HIGH 10.4.9 ISOLATION VALVES IN CLOSED POSITIONS i 122.1B RECOVERY OF AUXILIARY GSI MEDIUM 10.4.9 FEEDWATER 122.1C INTERRUPTION OF AUXILIARY GSI HIGH 10.a.9 FEEDWATER FLOW 122.2 INITIATING FEED AND BLEED GSI HIGH 9
() 123 -
DEFERRMENT IN THE REGULATIONS GOVERNING DBA GSI TO BE DET. 10.4
)
AND SINGLE FAILURE ,
CRITERION - DAVIS BESSE 124 AUXILIARY FEEDWATER GSI NEARLY RES 10.4.9 i
SYSTEM RELIABILITY 125.I.3 SPDS AVAILABILITY GSI TO BE DET. 18.2 I
125.I.5 SAFE'."Y SYSTEM TESTED IN GSI TO BE DET. 7 OR 16 ALL CONDITIONS REQUIRED BY DESIGN BASIS ANALYSIS 125.I.6 VALVE TORQUE LIMIT AAD GSI TO BE DET. 3.9.6 BYPASE SWITCH SETTINGS 125.I.7.a RECOVER FAILED EQUIPMENT GSI TO BE DET. TO BE DEI 125.I.8 PROCEDURES AND STAFFING GSI TO BE DET. NA FOR REPORTING TO NRC ,
EMERGENCY RESPONSE CENTER l
t
Pago No. 7 '
01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC 7,.
ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
(_) DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION "
AND STATUS 125.II.1.b REVIEW EXISTING AFWS FOR GSI HIGH 10 SINGLE FAILURE 125.II.11 RECOVERY OF MAIN GSI TO BE DET. 10.4 FEEDWATER AS AN ALTERNATIVE TO AFW 125.II.13 OPERATOR JOB AIDS GSI TO BE DET. 13 125.II.2 ADEQUACY OF EXISTING GSI TO BE DET. 5 MAINTENANCE REQUIREMENTS FOR 3AFETY RELATED SYSTEMS 125.II.5 THERMAL-HYDRAULIC GSI ?? NA EFFECTS-LOSS AND RESTORATION OF FDW ON PRIMARY SYSTEM COMPONENTS
() 125.II.7 REEVALUATE AUTO ISO OF FDW FROM SG DURING LINE GSI HIGH 15.2 BRK 126 RELIABILITY OF PWR MAIN GSI TO BE DET. 5.2 STEAM SAFETY VALVES 127 TESTING AND MAINTENANCE GSI TO BE DET. 3.9.6 OF MANUAL, VALVES IN SAFETY RELATED SYSTEMS 128 ELECTRICAL POWER GSI HIGH 8 OR ?RA RELIABILITY APPDX.
129 VALVE INTERLOCKS TO GSI TO BE DET. 5.4.7 PREVENT VESSEL DRAINAGE DURING SHUTDOWN COOLING 130 ESSENTIAL SERVICE WATER GSI HIGH 6 PUMP FAILUP.ES AT MULTIPLANT SITES 131 POTENTIAL SEISMIC GSI TO BE DET. NA IRTERACTION INVOLVING THE 4
MOVABLE INCORE FLUX MAP SYSTEM AT WESTINGHOUSE PLANTS
Pago No. 8 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/.4EDIUM PRIORITY GENERIC ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
()' DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS 132 RHR PUMPS INSIDE GSI TO BE DET. 5.4.7 CONTAIMENT
.134 DEGREE AND EXPERIENCE GSI HIGH NA REQ. FOR SENIOR OPERATORS 135 INTEGRATED STEAM GSI TO BE DET. 5.4.2 GENERATOR ISSUES 136 STORAGE AND USE OF LARGE GSI TO BE DET. 6 QUANTITIES OF CRYOGENIC COMBUSTIBLES 137 REFUELING CAVITY SEAL GSI TO BE DET. 9.1.4 FAILURES 138 DEINERTING UPON DISCOVERY GSI TO BE DET. 5& 16 OF RCS LEAKAGE
() 139 THINNING OF CARBON STEEL PIPING IN LWRS GSI TO BE DET. 3 OR 5 OR 10 ,
140 FISSION PRODUCT REMOVAL GSI TO BE DET. 6 B" CONTAINMENT SPRAYS OR POOLS A-01 WATER HAMMER USI USI 5.4.2 A-02 ASYMETRIC BLOWDOWN LOADS USI USI 15.6 ON RCS A-03 WESTINGHOUSE STEAM USI USI 5 GENERATOR TUBE INTEGRITY A-04 C-E STEAM GENERATOR TUBE USI USI 5.4.2 INTEGRITY A-05 B&W STEAM GENERATOR TUBE USI USI NA INTEGRITY A-09 ATWS US USI 15.8
Pcgo No. 9 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-CC -
TYPE PRIORITY SECTION AND STATUS A-10 BWR FEEDWATER NOZZLE USI USI NA CRACKING A-11 REACTOR VESSEL MATERIAL USI USI 5.3 TOUGHNESS A-12 FRACTURE TOUGHNESS OF USI USI 5.4.14 S.G. AND RCP SUPPORTS i
A-17 SYSTEMS INTERACTION USI USI 5 & 15 A-19 DIGITAL COMPUTER GSI TO BE REP. 7.2 PROTECTION SYSTEM A-24 QUALIFICATION OF CLASS 1E USI USI 7.1.2.5 SAFETY RELATED EQUIPMENT A-26 REACTOR VESSEL PRESSURE USI USI 5.3.2 TRANSIENT PROTECTION A-29 PLANT DESIGN FOR REDUCT. GSI MEDIUM 2 OF VULNER. TO SABOTAGE 1
A-31 RHR SHUTDOWN REQUIREMENTS USI USI 5.4.7 A-36 CONTRCL OF HEAVY LOADS USI USI 9 NEAR SPENT FUEL A-39 DETERMINATION OF SAFETY USI USI NA RELIEF VLV POOL DYN LOADS A-40 SEISMIC DESIGN--SHORT USI USI 3.7 TERM PROGRAM -
A-41 LONG TEF.M SEISMIC PROGRAM USI USI 3.7 A-42 PIPE CRACKS IN BOILING USI USI NA WATER REACTORS A-43 CONTAINMENT EMERGENCY USI USI 6.2 SUMP PERFORMANCE O
POg3 No. 10 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
() DESIGN CERTIFICATION ISSUE No. ISSUE TITLE ISSUE ISSUE CESSAR-0C TYPE PRIORITY SECTION AND STATUS A-44 STATION BLACKOUT USI USI 15.3 A-45 SKUTDOWN DECAY HEAT USI USI 5.4.7 REMOVAL REQUIREMENTS A-46 SEISMIC QUAL. OF USI USI NA EQUIPMENT IN OPERATING PLANTS A-47 SAFETY IMPLICATIONS OF USI USI 93 CONTROL SYSTEMS A-48 HYDROGEN CNTRL USI USI 6.2 MEASURES & EFFECTS OF HYDROGEN BURNS A-49 PRESSUR1 ZED THERMAL SHOCK USI USI 7.1 B-05 DUCTILITY OF TWO-WAY GSI MEDIUM 3.8 (s) SLABS AND SHELLS -STEEL CONTM B-06 LOAD, LOAD COMBINATIONS, GSI MIGH 3.9.3 STRESS LIMITS B-10 BEHAVIOR OF BWR MARK III GSI HIGH NA CONTAINMENTS B-17 CRITERIA FOR SAFETY GSI HIGH RELATED ACTIONS 5 OR 13 0 18 B-19 THERMAL-HYDRAULIC GSI NEARLY RES 4.4 STABILITY B-22 LWR FUEL GSI TO BE REP. 4.2 B-26 STRUCTURAL INTEGRITY OF GSI MEDIUM
' 6.2 CONTAINMENT PENETRATIONS B-29 EFFECTIVENESS OF ULTIMATE GSI TO BE REP. 6 OR 9 HEAT SINKS t
l l
1
P&go No. 11 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS B-31 DAM FAILURE MODEL GSI TO BE REP. 2.4.2 B-32 ICE EFFECTS ON SAFETY GSI TO BE REP. 9 RELATED WATER SUPPLIES B-53 LOAD BREAK SWITCH GSI NEARLY RES 8 B-54 ICE CONDENSER GSI MEDIUM HA CONTAINMENTS B-55 IMPROVE RELIABILITY OF GSI MEDIUM 5 TARGET ROCK SAFETY RELIEF VALVES B-56 DIESEL GENERATOR GSI MIGH 8 & PRA RELIABILITY APPDX.
B-58 PASSIVE MECMANICAL GSI MEDIUM 3 OR 15 0 FAILURES PRA B-60 LOOSE PARTS MONITORING GSI NEARLY RES S SYSTEM B-61 ALLOWABLE ECCS EQUIPMENT GSI MEDIUM G OR 16 OUTAGE PERIODS B-64 DECOMMISSIONING OF GSI NEARLY RES NA REACTORS C-08 MAIN STEAM LINE ISOLATION GSI HIGH NA VALVE LEAKAGE CNTRL SYS.
C-09 RHR HEAT EXCHANGER TUBE GSI TO BE REP. 5.4.7 FAILURES C-ll ASSESSMENT OF FAILURE AND GSI MEDIUM 3.9.6 RELIABILITY OF PUMPS AND VALVES C-14 STORM SURGE MODES FOR GSI TO BE DET. NA COASTAL SITES O
Pigo No. 12 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION '
ISSUE No. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS D-02 EMERGENCY CORE COOLING GSI TO BE REP. 6.3 SYSTEM CAPABILITY FOR FUTURE PLANTS HF 1 HUMAN FACTORS PROGRAM GSI HIGH 18 l PLAN HF 1.1 SHIFT STAFFING GSI HIGH 13 V
, HF 1.2 ENGINEERING EXPERTISE ON GSI HIGH 13 SHIFT j HF 1.3 GUIDANCE ON LIMITS AND GSI HIGH 13 i CONDITIONS OF SHIFT WORK HF 2 MAINTENANCE AND GSI HIGH 18 SURVEILLANCE PROGRAM PLAN ;
H7 4.1
() INSPECTION PROCEDURE FOR UPGRADING EMER. OP. PROC.
GSI HIGH 13
! HF 4.4
' GUIDELINES FOR UPGRADING GSI HIGH OTHER PROCEDURES
, HF 5.1 LOCAL CONTROL STATIONS GSI HIGH 18 NF 5.2 REVIEW CRITERIA FOR HF GSI HIGH 18 ASPECTS OF ADVANCED I&C HF 8 MAINTENANCE AND GSI HIGH
' 18 SURVEILLANCE PROGRAM I.A.1.4 LONG TERM UPGRADING OF GSI NEARLY RES NA OPERATING PERSONNEL I.A.2.2 TRAINING AND GSI HIGH 13 OR 13 QU.5LIFICATIONS OF U
OPERATING PERSONNEL I.A.2.6(1) REVISE REGULATORY GUIDE GSI HIGH NA 1.8 I
I(:) l
Pcg3 No. 13 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE No. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS I.A.2.6(4) OPERATOR WORKSHOPS GSI MEDIUM NA I.A.2.7 ACCREDITATION OF TRAINING GSI MEDIUM NA INSTITUTIONS I.A.3.3 REQUIREMENTS FOR OPERATOR GSI HIGH NA FITNESS I.A.3.4 LICENSING OF ADDITONAL GSI MEDIUM NA OPERATOR PERSONNEL I.A.4.2 RESEARCH ON TRAINING GSI HIGH NA SIMULATORS I.B.1 (1-4) ORGANIZATION AND GSI MEDIUM 13 MANAGEMENT - LONG TERM IMPROVEMENTS I.C.9 LONG TERM PLAN FOR GSI
() UPGRADING OF PROCEDURES MEDIUM 13 I.D.3 SAFETY SYSTEM STATUS GSI MEDIUM 18.2 MONITORING I.D.4 CONTROL ROOM DESIGN GSI MEDIUM 18.1 STANDARD I.D.5(3) ON-LINE REACTOR GSI NEARLY RES 7 OR 18 SURVEILLANCE SYSTEMS I.D.5(5) DISTURBANCE ANALYSIS GSI MEDIUM 18.1 SYSTEMS I.F.1 QUALITY ASSURANCE - GSI HIGH 17.1 EXPAND QUALITY ASSURANCE LIST I.G.2 SCOPE OF TEST PROGRAM GSI MEDIUM 14.2 II.A.1 SITING POLICY GSI MEDIUM 2 REFORMULATION O
Pigo No. 14 01/13/88 UNRESOLVED SAFETY ISSUES & HIGH/ MEDIUM PRIORITY GENERIC
() ISSUES WHICH WERE EVALUATED FOR APPLICABILITY TO SYSTEM 80+
DESIGN CERTIFICATION ISSUE NO. ISSUE TITLE ISSUE ISSUE CESSAR-DC TYPE PRIORITY SECTION AND STATUS II.B.5 EFFECT OF H2 BURNING AND GSI MEDIUM 6.2 EXPICSIONS ON CONT STRUCT II.B.6 RISK REDUCTION FOR GSI HIGH NA OPERATING REACTORS WITH SITES WITH HIGH POPULATION DENSITIES II.B.8 RULEMAKING PROCEEDINGS ON GSI HIGH 6.2.5 DEGRADED CCRE ACCIDENTS-HYDROGEN RULE, SEVERE ACCEDENT, ETC.
II.C.1 INTERIM RELIABILITY GSI HIGH NA EVALUATION PROGRAM II.C.2 CONTINUATION OF INTERIM GSI HIGH NA RELIABILITY EVALUATION PROGRAM II.C.4 RELIABILITY ENGINEERING TMI HIGH Nlt II.E.2.2 RESEARCH ON SMALL BREAK GSI MEDIUM C& 15.6 LOCAs AND ANOMALOUS TRANSIENTS II.E.4.3 CONTAINMENT INTEGRITY TMI HIGH CHECK 6& 16 II.E.5.2 B&W REACTOR TRANSIENT GSI NEARLY RES NA RESPONSE TASK FORCE II.E.6.1 TEST ADEQUACY STUDY GSI MEDIUM 5& 16 II.F.5 CLASSIFICATION OF I & C, GSI MEDIUM 7.1 AND ELECTRICAL EQUIPMENT II.H.2 OBTAIN DATA ON INSIDE TMI HIGH 6 COND. OF TMI CONTAINMENT II.J.4.1 REVISE DEFICIENCY REPORT GSI NEARLY RES NA REQUIREMENTS O
l O
APPENDIX B Combustion Engineering Design Certification Program l
Process for Probabilistic Risk 4
Assessment as Required by the Severe Accident Policy Statement l
l f
O B-1
!. Overview of process for Probabilistic Risk Assessment of System 80+
One of the requirements of the NRC's Severe Accident Policy Statement is that a Probabilistic Risk Assessment (PRA) must be performed for all future plants. To address these requirements, a System 80+
Standard Design Level !!! PRA is being performed as part of the DOE ALWR Design Verification Program.
The System 80+ Standard Design PRA has two primary purposes. The first purpose is to identify (1) the dominant contributors to severe accident risk and (2) the accident sequences which are insignificant.
The second purpose is to provide an analytical tool for evaluating the impact of design modifications on core damage probability and risk to the health and safety of the public.
s This PRA is being performed in two phases. In the first phase, Event Trees and Fault Tree Models are being developed for the current System 80 design. These models will be used to establish a baseline core damage frequency for the current System 80 design and to determine the dominant core damage contributors for System 80.
Tne second phase will be an interactive process in which these models will be modified to reflect system design changes proposed for System 80+. The models will be reevaluated to determine the impact of the design changes on core damage frequency and dominant core damage O
8-2 b
contributors. These impacts will be reviewed and additional design changes will be considered as appropriate to achieve the risk reduction requirements, phase One: Baseline System 80 pRA The baseline System 80 core damage frequency calculation performed for the DOE ALW1 Design Verification Program is a Level 1 PRA for the System 80 Nu;1 ear Steam Supply System (NSSS) described in CESSAR-F.
This PRA includes the identification and quantification of accident sequences attributable to internal initiators which lead to core damage. While the Balance of Plant (BOP) systems are outside of the System 80 NSSS scope, information on certain BOP systems is required in order to thoroughly evaluate the performance of the NSSS Systems.
O Where such information is required, functional system designs which
! meet CESSAR-F interface requirements and are consistent with support system configurations used in recent vintage C-E plants will be used in the analyses, i phase Two: System 80+ pRA j As the System 80 design evolves into the System 80+ Standard Design (the Nuclear Power Module and Standardized Functional Descriptions),
the baseline PRA will also evolve so as to provide input to the nnny I
design decisions that will be made. Based on the results of the i
Baseline PRA, initial system reliability targets will be established l
and potential system weak links will be identified.
l O B-3 l
i l
Recognizing that some system reliability targets will be more O difficult or expensive to meet than others, trade-offs will be called for and the evolving PRA will serve as an "accounting" tool to monitor the current status of the design with resnee.t to reliability and risk goals. These goals include reliability goals from Standard Review Plans, large-release frequency goals from the Safety Goal Policy Statement and EPRI ALWR Program core melt frequency objectives.
The baseline PRA will identify dominant accident sequences with occurrence frequencies high enough to preclude meeting the goals.
System 80+ Standard Design development efforts will then be focused on improving the reliability of systems or equipment involved in the dominant sequences. As design improvements are adopted, the PRA models will be updated so as to provide a current list of dominant O seqeences.
The final PRA for the System 80+ Standard Design will consist of the baseline PRA updated to include all of the design modifications that are implemented as a part of the ALWR Design Verification Program.
Additionally, with support from the DOE Advanced Reactor Severe Accident Program (ARSAP), the PRA will be upgraded to a Level Ill PRA and External Events will be addressed generically.
II. Acceptance Criteria and Methodology for 'fRA, 4
As stated in Section I, the objectives of PRA analyses are to calculate a baseline core damage frequency '/or a generic System 80 plant, to determine the dominant core damage contributors and to Q
B-4 i
i assess potential areas for design improvements in the System 80+
Standard Design and to document the System 80+ Standard Design PRA. i These analyses are equivalent to the Probabilistic Safety Analysis (PSA) described in the PSA Procedures Guide (NUREG/CR-2815). The methods employed in this analysis are consistent with methods outlined in the PSA Procedures Guide and methods described in the PRA Procedures Guide (NUREG/CR-2300). This work will use the small event tree /large fault tree approach. Figure B-1 shows the major tasks in this analysis. The following sections describe each of these tasks ,
and associated methodology. [
O i
I i
l
[
[
l-i h
o i 8-5 l
. O O O ,
i I
i FIGURE B-1 l
i MAJOR PRA TASKS I
1
)
i l
f '
l PLANI ACCIDINi ACCIDENT PRI5[fli AND ,
~* *
- SLQULNCE SEQUENCC INIERPRL1
.i fAMilIARllAIION D[fINIT10N QUANTIFiCATION RCSillIS l d i i k
]
1 r SYST[H DATA
=- !
MOMLING ASSESSMENT t
Plant Familiarization The objective of this task is to (1) collect the information necessary for identification of appropriate initiating events, (2) determine the success criteria for the front line systems required to prevent or mitigate the transients and accidents and (3) identify the dependence between the front line systems and the support systems which are required for prope'r functioning of the front line systems. This task is primarily an information gathering task.
The information collected in this task includes design information, operational information and information on plant responses to transients. CESSAR-F will be used to provide information on the design of systems within the basic NSSS scope and interface O requirements for the support systems. Where additional design detail is needed for support systems, typical system designs will be generated based on support system designs described in the FSARs of recent vintage C-E plants with similar NSSS designs.
Operator actions during plant transients will be evaluated and
! established based on " E's Emergency procedure Guidelines and discussions with licensed operators in C-E's Training Department and I at an operating System 80 plant. Surveillance requirements and I
operability definitions will be derived from C-E's Standard Technical Specifications and, where more specific detail is needed, from System 80 plant specific Technical Specifications. Maintenance information,
- where needed, will be based on common industry practices.
O B-7
i-The Reactor Safety Study, several other published PRA studies, and the O. 10COR IPE Procedures Guide will also be reviewed as part of the plant familiarization task. The objectives of these reviews are to provide ;
a broad overview of. areas to be addressed in this analysis and to identify potential problem areas.
Accident Seouence Definition 9
The objective of this task is to qualitatively identify those accident sequences which lead to core melt / core damage. This will be accomplished using event tree analysis. Event tree analysis involves
, defining a set of initiating events and constructing a set of system [
event trees which relate plant system responses to each defined I initiating event. Each system event tree represents a distinct set of ;
' O system accident sequences, each of which consists of an initiating i
event and a combination of various system successes and failures that i lead to an identifiable plant state. Procedures for developing system l event trees are described in detail in the PRA Procedures Guide. For [
this analysis, the small event tree /large fault tree approach will be j used. In this approach, only the front line systems which respond to i mitigate an accident or transient, will be addressed on the event tree. The impact of the support systems is addressed within the fault f tree models for the front line systems. -
l I
A Master Logic Diagram (MLD) will be constructed to guide the selection and grouping of the initiating events. An MLD is I
- essentially a top level tree in which the general conditions that {
O B-8 [
- ,- . ._. ~ . _ _ . . _ _ _ _ _
g could lead to the top level event are deductively determined. For V this analysis, the top event on the MLO is defined to be "offsite release" even though the scope of the analysis is limited to identifying core damage frequency and dominant contributors. This is to ensure completeness and to facilitate later extension of this analysis.
System Modeling Quantification of the system accident sequences requires knowledge of the failure probability or frequency of occurrence for each element of the system accident sequence. The initiating event frequency and the probability of failure for a system accident sequence element involving the failure of a single component can be quantified directly from the appropriate raw data. However, if the system accident sequence element represents a specific failure mode for a system or subsystem, a fault tree model of the system or subsystem will be constructed and quantified to obtain the desired failure probability.
The evaluation of each fault tree yields both qualitative and quantitative information. The quantitative evaluation of the fault trees yields several numerical measures of a systems failure probability, two of which are typically employed in the event tree quantification (i.e., the unavailability and unreliability).
O B-9
The unavailability is the probability that a system will not respond I when demanded. The unreliability is the probability that a system will fail (at least once) during a given required operating period. .
The unreliability is usually added to the unavailability when the ,
system accident sequence element represents the failure of a standby system to actuate and then run for a specified period of time.
Two types of human failures will be included in the fault tree analyses. They are "pre-existing maintenance errors" and failures of the operator to respond to various demands. Pre-existing maintenance errors are undetected arrors committed since the last periodic test of l
i a standby system. An example of this type of error is the failure to reopen a mini-flow valve which was closed for maintenance. A failure T of the operator to respond includes the failure of the operator to
- perform a required function at all or to perform it correctly. An ,
! example of this type of error is the failure of the operator to back-up the automatic actuation of a safety system.
For this PRA, failure of the operator to respond to various demands where there was a tin,, constraint will be quantified using the Human f
Cognitive Reliability Model. The human cognitive reliability model is a set of time dependent functions which describe the probability of a crew response in performing a task. The human cognitive reliability j i model permits the analyst to predict the cognitive reliability I l I I
associated with a non-response for a given task or series of related l i
tasks, once the dominant type of cognitive processing (skill-based, j l l
!O B-10 i
1
rule-based or knowledge-based), the medium response time for the task
/*
or tasks under nominal conditions and performance shaping factors such as stress levels or environment are identified. The inherent time dependence in this model makes it ideal for evaluating operator responses during a transient. The failure probability for "pre-existing maintenance errors" will be quantified using the Handbook of Human Reliability Analysic. The Handbook of Human Reliability Analysis is an extension of the human reliability analysis methodology developed for WASH 1400, the Reactor Safety Study, and is intended to provide methods, models and estimated human error probabilities to enable analysts to make quantitative or qualitative assessments of the occurrence of human errors that affect the availability or operational reliability of engineered safety systems and components. The emphasis is on tasks addressed in the Reactor O- Safety Study, calibration, maintenance and selected control room tasks related to engineered safety features availability. It is the best available source for evaluating human performance with respect to maintenance, calibration, testing and other tasks performed during normal plant operation. However, the time dependent model is not as thorough and explicit as that provided by the human cognitive reliability model.
For this PRA, the small event tree /large fault tree approach has been selected. The event trees developed for this PRA will address the response of the front line systems, that is, those systems directly I
involved in mitigating the various initiating events. The impact of l O i
B-11
the support systems will be modeled within the front line system
\
models. CESSAR-F contains interface requirements for the support systems but does not cantain any support system configurations or schematics. Therefore, in order to develop the support system models, I representative support system configurations will be developed using the CESSAR-F interface requirements, support system configurations for System 80 plants and the typical system configurations in the Nuclaar Plant Reliability Data System (NPROS) Reportable Scope Manual for C-E i
Plants.
i Once the baseline PRA models are established, they will be used in the reliability assurance program mentioned above. The models will identify where improvements are needed to assure .eliability, risk, and core melt frequency goals are met. If system designs evolve, for ,
O example, from two-train to four-train systems, the system models will be revised in order to provide an up-to-date assessment of where the design stands compared to the goals and to identify potential areas for improvement. As tN Standardized Functional Descriptions are I i
developed for CESSAR-DC, and as additional requirements from the EPRI l
ALWR Requirements Document are adopted, the system models will be updated to reflect those requirements. The System Reliability Models that result from this process will form the heart of the final System '
80+ Standard Design PRA.
i i
i I
f O
i B-12
1 Data Assessment Reliability data is needed for the quantification of the system fault trees and the system accident sequences which result in severe core damage. The data needed for this quantification includes:
1
- 1. initiating event frequencies,
- 2. component failure rates (demand and time-dependent),
- 3. component repair times and maintenance frequencies,
- 4. common cause failure rates, O 5. human failure prebabilities,
- 6. special ever.. probabilities (e.g., restoration of offsite l
power),and i
- 7. error factors for the items above.
I Because the analysis is for a generic System 80 plant, generic reliability data will be used in this analysis. The basic initiating i event frequencies will be extracted from the PSA Procedure Guide, EPRI I
. NP-2230 and the NREP Generic Data Base. The initiating event frequencies in the Zion PRA, the Oconee PRA and Calvert Cliffs IREP
! Report will also be considered.
O B-13
i Accident Secuence Quantification i j t
The basic objective of this analysis is to model baseline core damage [
t i
! frequency for a generic System 80 plant and then again for the System 1 i
4 80+ Standard Design. The total core damage frequency, due to internal l events, is the sum of the frequencies of the system level accident !
l sequence frequencies for those accident sequences which result in core i i i
! damage. i r
l
. i j The system level accident sequences leading to core damage will be I 1 l identified using event tree analysis. Each system level accident 4 sequence will consist of an initiating event and one or more '
additional elements, each representing either a front line system I
i failure or a special event such as failure to restore off site power O
within a given time or the most reactive rod sticking out of the core.
- The frequency for the system level accident sequence will be
! determined by quantifying the individual elements in the sequence and 1
J then combining the results in the appropriate manner. The frequencies >
1 1 for the initiating events and the special events are directly j calculable.
t The front line system failure probabilities will be calculated in the -
! baseline analysis using conditioned fault tree analysis. In the [
i i i System 80+ Standard Design PRA, fault tree linking will be used. The j J r first step in this process will be to construct a fault tree model for [
t i each front line system that appeared as an element in a system ;
a r i accident sequence. The models will include submodels for the i
< ?
appropriate support syster.is.
I !
B-14 I
The next step will be to perform a baseline quantification of each -
O fault tree using generic failure rates. For those front line systems appearing in the LOCA or steam line break sequences, base line quantifications will be made with and without offsite power. This quantification provids& a list of cutsets, the system unreliability and the system unavailability for each front line system. This quantification will be performed using CEREC, a fault tree analysis computer code. The third step in this process is to identify common elements in fault tree models appearing in any given event sequence and to calculate conditional failure probabilities for these elements.
Af ter all the conditioned component failure rates are c.alculated, the system fault trees will be requantified using the appropriate i conditioned component failure rates, thus yielding a set of system O failure probabilities specific to the initiating event classes.
The final stip in the quantification of the core damage frequency is to solve each system accident sequence equation using the appropriate initiating event, speciel event and system failure probabilities. ,
This will be done using CESAM, a Monte Carlo sampling code for equation solving. ,
Radionuclide Release and Transport The evaluation of environmental radionuclide release that result from severely degraded core accidents will involve four elements:
O i B-15 I
- 1. Radionuclide and structural material inventories; O 2. Radionuclide and structural material source term from the core; 3 Transport, deposition, and release in the primary system; and
- 4. Transport, deposition, and release in the containment.
The analysis will proceed in a sequential manner, starting with the radionuclide and structural material inventories. This will involve the determination of the quantities of radionuclides and structural materials that are present at the beginning of an accident. The next step will be the evaluation o, the radionuclide and structural material source term from the core. This will entall the determination of the quantities of radionuclides and structural materials released from the core to the primary system or to the containment. (Otreet releases of radionuclides and structural materials from the corium--the melted core and structural materials--to the containment can occur in meltdown accidents after the pressure vessel has melted through and the corium is interacting with the concrete basemat.) This source term will then be used in the analysis of radionuclide transport, deposition, and release in the primary system. The analysis will consider the various deposition processes that can occur in the prima *y system. The result will be the source term for release from the primary system to the containment; it is used in the analysis of transport, deposition, and O
B-16
release in the containment. This analysis will take account of the O various deposition processes that can occur in the containment, and it will determine the quantities of radionuclides released from the containment to the environment.
III. NRC Review Process and Documentation The System 80+ Standard Design Probabilistic Risk Assessment will be documented in an appendix to CESSAR-DC and submitted to the NRC in June 1989. In the meantime, however, Combustion Engineering will apprise the NRC and obtain NRC feedback on the System 80+ Standard Design PRA via meetings and draft reports. The purpose of these early interactions is to prov'de continuous NRC coments as the System 80+
Standard Design PRA is developed. Emphasis will be placed on 0 establishing NRC criteria for acceptance of the System 80+ PRA. These comments and preliminary criteria will be documented in meeting minutes issued by NRC.
Combustion Engineering will document, in the CESSAR-DC appendix all acceptance criteria and dr.scriptive information necessary to obtain NRC concurrence on the System 80+ Standard Design PRA. NRC concurrence on the CESSAR-DC PRA appendix will be provided in the Safety Evaluation Report.
O B-17
1 O :.
i 1
l APPENDIX C 4
L
! Combustion Engineering Design Certification Program s
i I Process for Degraded Core Evaluation as l Required by the Severe Accident Policy 1 Statement. [
i !,
I O i
! i
) i a
l 6 l
i t i !
J l !
4 i
1 I
I {
i r i
i L
4 1 3 O l C-1 ,
i t
4 I
,_ I. Overview of process for Degraded Core Evaluation The NRC Severe Accident Policy Statement (SAPS) requires that the design bases for future plants include consideration of both the prevention and mitigation of degraded core accidents, using an evaluation approach based on deterministic engineering analysis and j' dgement, complemented by Probabilistic Risk Assessment (PRA). Combustion Engincering, with support by the DOE Advanced Reactor Severe Accident Program (ARSAP), will include degraded core evaluation in the design of the System 80+ Standard Design (the Nuclear Power Module and Standardized Functional Descriptions). The proposed approach for this evaluation is to identify the severe accident issues applicable to the System 80+
Ste.ndard Design, to develop criteria for resolution of those O issues, and to develop the method of resolution of each issue for the System 80+ Standard Design. Cornpletion of the review of this evaluation (in supoort of the System 80+ Design Certification) will require NRC approval of (1) the completeness and apolicability of the list of issues identified, (2) the criteria for resolutin of the severe accident issues in this, list, and (3) the method of resolution of the issues in this list.
l l
l 1 II. Method of Evaluation l
ARSAP has identified severe accident issues on the basis of results of the Industry Degraded Core Rulemaking (10COR) Program i
C-2 l
and current research related to severe accidents. These issues A
V will be addressed in Topic Papers which document technical information on the subject issues and propose criteria for resolution of those issues. The resolution of severe accident issues will be applicable to advanced pressurized water reactors, and specifically to the System 80+ Standard Design. The resolution of issues for tne System 80+ Standard Design will be substantiated, as required, by plant specific. evaluations based on deterministic analysis and PRA. b pic Papers will be reviewed prior to submittal to the NRC by an Industry Technical Advisory Group organized by ARSAP. Figure C-1 shows the severe accident resolution process.
The proposed Topic Papers have been divided by ARSAP into six O
categories corresponding to subject area and sequence of preparation. The categories and preliminary schedule for preparation of Topic Papers are shown in Figure C-2. Table C-1 provides a preliminary list of the issues tnat are expected to be included in each category.
i l
Combustion Engineering and ARSAP have chosen the Modular Accident Analysis Program (MAAP) Version 3B as the methodology for deterministic analysis of the System 80+ Standard Design to support resolution of severe accident issues [ severe accidents l
l that are found to occur at a frequency below an established cut-off frequency (e.g., 1 x 10 -8 per reactor year) will not be l
O C-3 1
l _ _ _ _ , _ _ _ _ _
- .= _ ,
analyzed deterministically]. This methodology will be applied for design-specific anclyses of accident initiation, progression,
~
and containment response. MAAP 3B is a best-estimate method which uses a modular format for modeling plant systems and for predicting a quantified release of radioactive materials from containment corresponding to different postulated accident sequences. It will also be used in sensitivity analyses to investigate the effectiveness of alternative design features for mitigation of degraded core accidents.
It should be emphasize here that NRC approval of the MAAP code is not required. Technical disagreements between the MAAP 3B results and NRC . thods will be addressed on a case-by-case basis in accordance with the review procedures outlined in Section 5.0 O of the Licensing Review Bases.
l l
l o
1 i
C-4 l
l . - . . . - . - - . - __
Table C-1 Preliminary Listing of ARSAP Topic Papers set 1 RESOLVED IDCOR/NRC ISSUES - APPLICABILITY TO ALWRS o Reactor coolant system natural circulation (IDCOR Issue 2)
{ i o In-vessel steam explosions and alpha mode failure (IDCOR Issue 7) o Ex-vessel heat transfer models from molten core to concrete (IDCOR Issue 10) o Fission product release prior to vessel failure (IDCOR Issue 1) o Release model for control rod materials (IDCOR Issue 3) o Fission product and aerosol deposition from primary system (IDCOR Issue 3) o Ex-vessel fission product release (during core-concrete interactions)
(IDCOR Issue 9) o Fission product and aerosol deposition in containment (IDCOR Issue 12) o Amount and time of suppression pool bypass (IDCOR Issue 13a) o Revaporization of fission products (IDCOR 11) o Secondary containment performance (IDCOR issue 16) (Resolved by design) o Modeling of emergency response (IDCOR Issue 14)
Set 2 PLANT RESPONSE UNDER SEVERE ACCIDENT CONDITIONS o In-vessel hydrogen generation (IDCOR Issue 5) o Core melt progression and vessel failure (IDCOR Issue 6) l o Direct containment heating by ejected core materials (IDCOR Issue 8) l o Containment performance (capability, failure modos, isolation, bypass)
(IDCOR Issue 15; f o Hydrogen ignition and burning (IDCOR Issue 17) o Fission product release during high pressure core ejection Set 3 PROBABILISTIC METHODS o External events -- seismic (Fire and flood resolved by (esign) o Human factors -- required operator actions q o Human factors -- unexpected operator actions with potential adverse effect #
Q o Human factors -- quantification of h'iman error probabilities o Success criteria -- partial success and mission time o Common cause failures o Identification of dcminant sequences Set 4 RISK REDUCTION MEASURES o Essential equipment performance (IDCOR Issue 13) o Severe accident management -- plant equipment /information system capability o Severe accident management -- conditions for safe stable states c Mitigation features Set 5 RISK RESULTS o Consensus on integrated severe accident analysis code capability, validation, and application o Safety goal implementation -- interpretation of goals and usage of PRA results in comparison with goals, including interpretation of uncertainties o Uncertainties in plant risk -- effects of system analysis uncertainties o Uncertainties in plant risk -- effects of uncertainties in severe accident an11ysis (Phenomenology, plant damage states, methodology) o Uncertainties in plant risk -- treatment of propagation of unce,tainties o Uncertainties in plant risk -- completeness of choice of sequences and cutoff probabilities Set 6 APPLICATIONS OF METHODS o Effect of severe accident issues on regulations -- probabilistic accident design bases Q o Effect of severe accident issues on regulations -- assessment of regulatory U compliance alternatives o Effect of severe accident issues on regulations -- effectiveness of technical specifications C-5
I O nouac c-1 THE SEVERE ACCIDENT RESOLUTION PROCESS CONSENSUS ON DEFINITION OF ISSUE RESOLUTION v
PRODUCE ARSAP 4 TOPIC PAPER REVIEW WITH CE & ITAG O AND MODIFY TOPIC PAPERg y CONDUCT NRC REVIEW AND INTERIM ANALYSIS / DESIGN GUIDANCE ___
MODS.
a NO ISSUE RESOLVED YES w
FINAL RESOLUTION DOCUMENTED BY NRC O
C-6
~O O O Figure C-2 Identificaticn and Resolution of Severe Accident Issues (Preliminary)
EY-87 FY-68
[5 4 5 5 4 I I 5 5 l 4 [ i t I i 5 5 5 5 1 y I g 5 g O N D J F M A H J3JlA .
S O N D J F M A M J J A S
_L_ _1._ _._ L _ . __ t a _n n i a L L_L J. - _L_ i n i a i l s a e i e i i
~
S/A Ignaae 34esolution Activit ice
- Itatt S/A lb.olution Plan Heview & Apptrwal j am a Ived 944Q/1 DOOR Is
- ,naes i
Set 1*
i ___ .._ L. R . .I _ . _ . _ . _ _1 I
O 1 2 3 4 i n l l O Set 2: Hesponse tarxler S/A Oanditions
, gpgp I I 1._.l _ _ __ ._.I l 0 1 2 3 4
- O - Initia1 !)raf t Ctag>1etix!
1 - AKAP I4cview Ocepleted, Trsromit to IDG Set 3: PrrinehilistiC _h 2 - ITAG Heetinj II I -- I 1 - laeviraxi Draf t Stdsmitteri to h_stion O 1 2 3 4 l n rjismx riss; 4 - Tatyet nste f or tutC 14esgr.xn;c Set 4: Risit paartion Measures l _I _ l _l-- 10/88 m E sr:<-nami TIME luum tsriMutu) am tcc o 1 2 3 HisttsciE IHL1i111S TlME 1W KJ1211TE ININT(DIS WI'lil #64C STA1T, Wilot WilL Lil(E1X 1)F't!TR fEDE AIIII1GehL Set 5: Risk paannits ASSE;'Nt2fr AND ANAIXSIS !!Y A3 GAP SIRFF. AT DE ISE) OF l-lMMm 12/88 111AT TIME IUt10D IT IS EX1tCTED 'I1WF NRC AND CE/ARSAP O 1 2 3 WIIL HAVE EVollfW AND ODNOBUQD UR34 A PADERY *:D l HE X)LITrlW OR WILL llAVE AG12D 'IllAT '111E ISSN IS Set 6: Application of Methods 14ESOI E . l M aume!am! 3/89 0 1 2 3
III. Criteria for Degraded Core Evaluation The resalution of severe accident issues to be documented in Topic Papers will be consistent with NRC guidance on implementation of the SAPS and with the NRC Safety Goal Policy Statement (SGPS). The SGPS includes the general performance guideline that the overall mean frequency of large releases of radioactive material to the environment as a result of reactor
-6 per year of reactor operation.
accidents should be less than 10 Procedural criteria for degraded core evaluations are expected to be issued in future regulatory documentation. The following criteria are currently proposed by the NRC staff:
- the tvaluatior, should use realistic prediction of radioactive material releases commensurate with the ever,t; for each design, the more likely of severe accidents needs to be considered in the design and licensing of thr plant; evaluation of severe accident consequer.ces does not need to use conservative engineering practice common for design basis events; consequences of more likely severe accidents should not represent a threat to the public; and, l
extremely unlikely events need not be considered in C-8 i
l
_ computing consequences, but should be assured of extremely low probability of occurrence.
IV. NRC Review process The proposed resolution of severe accident issues for the System 80+ Standard Ocsign will be documented in Topic Papers and submitted for NRC review as an appendix to CESSAR-DC, using the same process as described in Appendix A of this paper for NRC review of Unresolved Safety Issues and Generic Issues. The NRC Staff will provide interim guidance as to the appropriateness of each resolution submitted so that the design process can proceed on schedule. It is possible that the NRC Staff may desire additional information, including results of deterministic O analyses for degraded core accidents, to support their review.
This information will, therefore, be provided through informal interactions as required. Revision of the Topic Paper submittals will be made as necessary and sufficient information will be provided by Cortbustion Engineering and ARSAP to enable the resolution of all severe accident issues applicable to the System 80+ Standard Design.
NRC review results will be documented in draft Safety Evaluation Reports (SERs) following completion of initial review resulting i in resolution of the issue or agreement on an achievable pathway for resolution. The SERs will address the acceptability of resolutions for severe accident issues including criteria applied O
C-9
, for the System 80+ Standard Design and methods of evaluation.
The SERs will be finalized upon completion of an integrated review of CESSAR-DC by the NRC staff.
IV. Summary The System 80+ Standard Design degrded core evaluation will address severe accident issues applicable to advanced pressurized water reactors. The resolution of severe accident issues will be based on the requirement to demonstrate safety acceptability in compliance with the NRC severe accident and safety goal policy statements. Combustion Engineering and ARSAP will propose criteria for resolution of severe accident issues by means of Topic Papers and an appendix to CESSAR-DC submitted on the CESSAR-DC docket. The NRC 5taff will provide interim guidance on the appropriateness of the proposed resolution and will request 1
additional information, as requirr.d, sufficient for resolution of each issue. Results of NRC review will be documented in the CESSAR-DC Safety Evaluation Report. .
i O
C-10 l
'O APPENDIX 0 COMBUSTION ENGINEERING DESIGN CERTIFICATION PROGRAM INSTRUMENTATION AND CONTROLS (LATER) l O l
t l
l -O l
l
.c +
l Enclosure (2) i LD-88-005 '
Page 1 of 3 RESPONSE TO NRC COMMENTS ON LRB (OCTOBER 29, 1987 VERSION) i The following is a listing of NRC comments on the October 29, 1987, version of the Licensing Review Bases with reference made to the appropriate section or sections of the current version where Combustion Engineering has addressed that particular comment.
- 1. a. If there would be technical disagreement between the NRC method of analysis and the MAAP code, C-E should propose an alternate solution.
Reference:
Section 5.0, Appendix B and Appendix C
- b. C-E should propose a method to compute potential consequences of fission product release.
Reference:
Section 7.3.3, Appendix B and Appendix C
- 2. Severe Accident Goals
- a. C-E should propose a core damage frequency goal.
Reference:
Section 7.3.1
- b. No mitigation of Core Damage is proposed. C-E should address:
- 1. Measures to reduce early failure of containment
- 2. Measures to accommodato hydrogen production
- 3. Heat removal systems for containment
- 4. Mee.sures to prevent hydrogen detonation
Reference:
Section 7.3.2
- c. C-E should address dose limits and maximum probability per year of experiencing the limits considering internal and external events. Containment design should have a failure frequency of equal to or less than 1/10.
Reference:
Section 7.3.3
- 3. C-E should address Physical Security. Consideration should be given to specific design requirements such as:
Physical Security Organization Detection Aids L
Enclosure (2)
LD-88-005 Page 2 of 3 Testing and Maintenance Communication Requirements Response Requirements
Reference:
Section 8.1
- 4. C-E should provic.s discussions on site parameters or soil-structure interaction analysis.
Reference:
Section 8.2
- 5. C-E should address details on defining major design components and include the result of sufficient engineering to identify:
Design basis criteria Analysis and design niathods Physical arrangement of auxiliary, BOP and NSSS systems Physical arrangement of plant Performance rp?cifications
Reference:
Section 8.3
- 6. C-E should address details on instrumentation and controls.
Reference:
Section 8.6 and Appandix D (later) 7 C-E should address details on dcsigning for maintenance and surveillance.
Reference:
S. action 8.8
- 8. C-E should address QA.
Reference:
Section 8.4
- 9. C-E's Safety Goal Policy Statement provides no concrete commitment.
C-E should be more specific, i
Reference:
Section 8.9 l 10. C-E should address the application of 10 CFR 50.34(g), the Standard l Review Plan, in the review.
l
Reference:
Section 3.2 and Section 5.1 l
l l
\
1 l
Enclosure (2)
LD-88-005 Page 3 of 3 '
- 11. The LRB should define the scope of the System 80+ Design which is proposed for design certification, i.e. , those systems which will be included and those systems which represent the remainder of the plant.
Reference:
Section 1.0
- 12. The LRB should discuss in greater detail the Standard Functional Requirements of the balance of the plant.
Reference:
Section 8.5 P
1 t
(
l l
- . - ,. . - - , - . _ . - _ . - , . - _ - - . . - - - -