LD-94-048, Forwards Certified Design Matl Related to Design Reliability Assurance Program & Corresponding Errata Pages for CESSAR-DC (Section 1.0,17.3 & 19.15) Amend W,To Resolve NRC Comments Received by Telcon Over Past Two Wks
| ML20071H781 | |
| Person / Time | |
|---|---|
| Site: | 05200002 |
| Issue date: | 07/12/1994 |
| From: | Brinkman C ABB COMBUSTION ENGINEERING NUCLEAR FUEL (FORMERLY, ASEA BROWN BOVERI, INC. |
| To: | NRC OFFICE OF INFORMATION RESOURCES MANAGEMENT (IRM) |
| References | |
| LD-94-048, LD-94-48, NUDOCS 9407210061 | |
| Download: ML20071H781 (114) | |
Text
{{#Wiki_filter:_ l ABd l July 12, 1994 LD-94-048 Docket No. 52-002 Attn: Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555
Subject:
Design Reliability Program CDM Submittal
Reference:
NRC Letter, " Comments on the ABB-CE System 80+" Certified Design Material," dated June 30, 1994
Dear Sirs:
At the request of Mr. Dennis Crutchfield, ABB-CE submits, as Enclosure I, the Certified Design Material (CDM) relate to the Design Reliability Assurance Program (D-RAP) for System 80+(. Also enclosed, as Enclosure II, are the corresponding errata pages for CESSAR-DC (Sections 1.10, 17.3, and 19.15), Amendment W. Other CDM revisions requested by NRC staff in the referenced letter are included in Enclosure I. CESSAR-DC, Amendment W, errata pages are also included in Enclosure II to resolve NRC comments received by telephone over the past two weeks. This material is submitted with the affidavit (Enclosure III) required by 10 CFR 50.30(b) to allow the staff to complete an action item based on a Commission Staff Requirement Memorandum which addresses the Commission's policy on Reliability Assurance Programs for ALWRs. The thirty-seven printed copies required by 10 CFR 50.4 (b) will be transmitted shortly. Very truly yours, COMBUSTION ENGINEERING, INC. b
- C. B. Brinkman Director Nuclear Systems Licensing ser/lw
Enclosures:
As Stated 1 cc: P. Lang (DOE) J. Trotter (EPRI) T. Wambach (NRC) , ABB Combustion Engineering Nuclear Power Corntustupi Cryrermy inc P O. Box 500 Teleptryie (203) (68-1911 g7 Y 9407210061 940712 E$I7$Ns PDR ADDCK 05200002 A PDR
A ENCLOSURE I TO LD-94-048 i
1 SYSTEM 80+" TAHLE OF CONTENTS (Continued) r 2.9 Radioactive Waste Management 2.9.1 Liquid Waste Management System 2.9.2 Gaseous Waste Management System 2.9.3 Solid Waste Management System 2.9.4 Process and Effluent Radiological Monitoring and Sampling Systems 2.10 Technical Support Center and Operations Support Center 2.11 In!:ial Test Program 2.12 Human Factors 2.12.1 Main Control Room 2.12.2 Remote Shutdown Room O 3.0 Non System Based Design Descriptions and ITAAC 3.1 Piping Design 3.2 Radiation Protection 3.3 Design Reliability Assurance Program 4.0 Interface Requirements 4.1 Offsite Power System 4.2 Ultimate llent Sink 4.3 Station Service Water Pump Structure 4.4 Station Service Water Pump Structure Ventilation System l 5.0 Site Parameters (v) 06- 7-*4 ote . est
SYSTEM 80+"
/G AHHREVIATION LIST (Continued)
V Abbreviation Meaning DIAS-P Discrete Indication and Alarm System - Channel P DNBR Departure From Nucleate Boiling Ratio DPS Data Processing System D-RAP Design Reliability Assurance Program j DVI Direct Vessel Injection DWMS Demineralized Water Makeup System l l EAB Exclusion Area Boundary l ECW Essential Chilled Water ECWS Essential Chilled Water System EDG Emergency Diesel Generator EDT Equipment Drain Tank EFAS Emergency Feedwater Actuation Signal O eros EFW e se<vme#< e=a rieer orei se s vetem Emergency Feedwater EFWS Emergency Feedwater System EFWST Emergency Feedwater Storage Tank ENS Emergency Notification System l EPDS Electrical Power Distribution System ! ESF Engineered Safety Features ESFAS Engineered Safety Features Actuation System l ESF-CCS Engineered Safety Features - Component Control System EWT Equipment Waste Tank ! FBOC Fuel Building Overhead Crane FBVS Fuel Building Ventilation System FDT Floor Drain Tank FilS Fuel Handling System p FTC Fuel Temperature Coefficient O FTS Fuel Transfer System 1.3 w u mo.en l 1
SYSTEM 80+" Normal plant operation (including dead loads, live loads, lateral earth pressure i loads, and equipment loads, including the effects of temperature and. I' equipment vibration); External events (including rain, snow, wind, flood, tornado, tornado generated missiles, and earthquake); and
-1 Internal events (including flood, pipe rupture, equipment failure, and ,
equipment failure generated missiles). i The NI Structures, shown on Figures 2.1.1-1 through 2.1.1-12, are Seismic Category I, except as noted on Figure 2.1.1-12. Flood barriers and fire barriers are shown on Figures 2.1.1-1 through 2.1.1-12. Flood i doors shown on Figures 2.1.1-1 through 2.1.1-12 have sensors with open and closed ; status displays provided at a central fire alarm station. .! In f ctions, Tests, Analyses, and Acceptance Criteria Table 2.1.1-1 specifies the inspections, tests, analyses, and associated acceptance criteria for the Nuclear Island Structures.
'The location of the NI Structures relative to the Turbine Building, the Component Cooling Water System Heat Exchanger Structure, the Diesel Fuel Storage Structures, and the Radwaste Building is described in Sections 2.1.2,2.1.3,2.1.4, and 2.1.5, respectively.
2The building dimensions and clevations provided in Figures 2.1.1-1 through 2.1.1-12 are provided for information only and are not part of the certified design information.
- Containment isolation devices are addressed in Section 2.4.5, Containment 1 solation System.
f. I LO [ 2.1.1 u-n-u me, on -
rw SYSTEM 80+"
\
/ 2.4.7 ]N-CONTAINMENT WATER STORAGE SYSTEM Design Description The In-containment Water Storage System (IWSS) includes the in-containment refueling water storage tank (IRWST) which is an integral part of the Nuclear Island structures, the holdup volume tank (HVT) which is an integral part of the NI structures, and the cavity flooding system (CFS). The IRWST provides borated water for the safety injection system (SIS) and the containment spray system (CSS). It is the primary heat sink for discharge:, ham the reactor coolant system (RCS) pressurizer safety valves and the safety depressurization system (SDS) rapid depressurization subsystem. It is the source of water for the CFS. It is the source of water to fill the refueling pool via the SIS and CSS. The IRWST and IRW3T instrumentation are safety-related except as noted in Figure 2.4.7-1. The HVT collects water released in Containment during design basis events and returns water to the IRWST through spillways. It also collects component leakage not routed to other drain systems inside Containment and receives water discharged from the IRWST by the CFS. The CFS is used to provide water to flood the reactor cavity in response to beyond () p design basis events. FS valves located in the holdup volume are designed such that they may be actuated hile submerged. The IWSS is located in the Containment. The Basic Configuration of the IWSS is as shown on Figure 2.4.7-1 and locations of IRWST and HVT are shown on Figure 2.1.1-1 in Section 2.1.1, Nuclear Island i Structures. I The IRWST has a volume above the SIS / CSS pump suction line penetrations to 1 permit proper SIS and CSS operation following design basis events. The IRWST has a total volume that permits dilution of radionuclides from core and RCS release following design basis loss-of-coolant accidents (LOCAs). The IRWST can be vented to allow communication between the IRWST and the containment atmosphere. ; Stainless steel baskets containing trisodium phosphate are located in the HVT. The ASME Code Section III Class for the IWSS pressure retaining components is as shown on Figure 2.4.7-1. (% \ s 2A.7 -I- o6.i7.,4 ot . oi3
r\ (~ %; O 4 > v' SYSTEM 80. T, CHANNEL _A_ _ _ _ _ _ _ ,
, REACTOR COOLANT SYSTEM
, _ NUCLEAR INSTRUMENTATION,
, NOT & CCtD leo TEMP. g
-PRESSURIZER PRESSURE g -NUCLEAR POWER r""
g - RCP FLOW t
- CEA PO5 MON - RCP SPEED
*' MA!N 1 %STEAM "". OAND ~.FEED
~. ". *. % 't I
1 . . ; ;1 CONTAINMENT SYSTEM
.SG PRESSURE g- , .
,_ 3 ;SG, LEVEL, , , , , , _ CONTAINMENT
_ _ _ _ _ _ _ PRESSURE 3-DISCRETE INDICATION & ~ ~ ~ ~ ~ ~
- ALARM.SY_ STEM.
- - - - CHANNEL PI
~l Ulrir1r REDUNDANT CHANNELS B,C & D
,_ ESP.CCS_ _ _ _ _ , - _ _ _ _
g'
,.- ,,h, t_ DIVISION A__ _ _ _ ,, ,, ,, ,, , CH ANNEL A SIGNAL CONDmONING L
MAINTENANCE % HARDORWlRED OATA LINK g g AND TEST PANEL
' jk NO m m PROCESS COMPONENT ~g e CONTROL SYSTEM g
*~ 1r
~ "
pt[R[ESGN4 "
- - - - - - - - - I TO/FROM ITP*S (E O FtBER OPDC)
+ ___44-
_ _ _ _ _ 4h _ _ _ - l(l - WIN OTHER
~ ~
POWER CONTROL SYSTEM _~g g MULTPLEXER I INTERFACE AND { ISOMTION 8 TEST - 'k PHYS! CAL S!~ ~ . PROCESSOR 1 SEPARATION
- l BETWEEN CHANNELS pp) g- - - - - - - - i 1F1r 1r 1r OlSCRETE INDICATION " ~ " ~ ~
3" & ALARM SYSTEM 4HANNEL N e SISTABLE CORE 8 _" ., _ ", _ ",,, ,, , - 7 TRIP PROCESSORS PROTECTION CALCULATOR M~ ~ ~ U.!"-
'_ DATA Ph0
_ _ _ _ _CESSING _ SYSTEM _I ggT g _ l l - >-8 TO COINCIDENCE T iA . l l_ p.C PROCESSORS IN OTHER CHANNELS MAIN CONTROL PANEL 1r y -- l 3, t i I g
+ .b'--B FROM BISTABLES I '- - J COINCIDENCE PROCESSORS + _- _- w AND CPCS IN
= - ibI _-CD t _
l OPERATOR'S MODULE Ml g C ~ OTHER CH ANNELS I g I l MANUALINmATIONS li ' II
. _ _ _ _ . IN!TIATION INmATION
..g I % LOCICS LOGICS g REMOTE SHUTDOWN PANEL g I g- -
--3 l +5
' 5 - TO OTHER
,. 2'
_ _ _ DIVISIONS OF g l OPERATOR'S MODULE lg h 3r g , "_m. D ESF-CCS PPS ppg A ,8 3 I MANUALINITIATIONS l: ct+A , c,4g g 4, PPS RTSS PPS I
]$ FROM OTHER f~ " C PPS CHANNEL I *I ; +D y - - - '
MAIN CONTROL ROOM t TRANSFER SWITCH I ll l __ _ _, f"CEb_MC_S _ ' g
- - - - - - - (* ESP-CCS
- t. _ _ _ _ _ _ _-p OnnSiON Ai '
~ ~ - -
FIGURE 2.5.1-2 PLANT PROTECTION SYSTEM INTERCONNECTIONS O*-ir-** REv. ei
O O SYSTEM 80+" TABLE 2.5.1-1 (Continued) PLANT PROTECTION SYSTEM Inspections. Tests. Analyses and Acceptance Criteria Design Commitment Inspections. Tests. Analyses Acceptance Criteria 9.a) A reactor trip initiation signal from a 9.a) Testing of the as-built reactor trip 9.a) The reactor trip initiation signal from PPS channel results in actuation of the switchgear actuation circuits will be each PPS channel actuates the correct correct reactor trip switchgear breaker. conducted. single reactor trip switchgear breaker. 9.b) Each reactor trip switchgear breaker can 9.b) Testing will be performed separately for 9.b) Each reactor trip switchgear breaker be tripped by either an under voltage or the under voltage trip and the shunt trip trips for either an under voltage trip or a shunt trip. for each reactor trip switchgear breaker. a shunt trip.
- 10. The RTSS can be tripped muually from 10. Testing of manual reactor trip from 10. Actuation of either pair of reactor trip the Main Control Room or the Remote Main Control Room and Remote switches at the Main Control Room or Shutdown Room. Shutdown Room will be performed. either pair of trip switches at the Remote Shutdown Room interrupts power to the CEDMCS.
I1.a) The following ESFAS signals can be ll.a) Testing of manual ESF actuation from II.a) Actuation of either pair of ESFAS actu-manually actuated at the Main Control Main Control Room will be performed.- ation switches for an ESF function at the Room. Main Control Room initiates the assoc-isted ESFAS signal input to the ESF-Safety Injection Actuation Signal CCS. Containment Spray Actuation Signal Containment Isolation Signal Main Steam Isolation Signal Emergency Feedwater Actuation Signal 11.b) A Main Steam Isolation Signal can be i1.b) Testing of manual MSIS actuation from 11.b) Following transfer of control from the manually actuated at the Remote Shut- the Remote Shutdown Room will be Main Control Room to the Remote Shut-down Room, performed. down Room actuation of either pair of MSIS actuation switches at the Remote Shutdown Room initiates a MSIS input to the ESF-CCS. 2.5.1 es.i7-94 tue . et>
O O O SYSTEM 80 + - -------
! ESF INITIATING SIGNALS l
, FROM 4 CHANNELS OF PPS ,
y A B C D l MAIN CONTROL ROOM l DIVISION y 1 r 1r KEY: 1r l CONTROL & DISPLAY 4 .g.... INTERFACE DEVICES g HARD WIRED OR g MAINTENANCE SELECTIVE
& TEST PANEL 2-OUT-OF-4 DATA LINK E
MASTER TRANSFER , . . qi j - E g LOGIC l SWITCH '
, e a h NOMEGNG B DATA LINK OR I DIVERSE MANUAL E I II 1 DISCRETE SIGNAL ACTUATION SWITCHES ' E E mee> (E.G. FIBER OPTIC)
I mTE n B.....
- a iSOuTiO,.
l PHYSICAL SEPARATION i IREMOTE SHUTDOWN ROOM------.g BETWEEN CHANNELS i l l
- CTn"j,*olSg!
n *= - li l = = - - - - - > COMPONENT u-------- CONTROL LOGIC l DIAS - CHANNELN . . .... l TO ONE
+ .j;,' y ESF-CCS l IDATA PROCESSING SYSTEM h. m = = = = m as a = l DMS!ON l
_ _ _ _ _ _ . .I = IPS_ _____ g r,,,,. E g NOTE 1: IMPLEMENTED IN TWO
.. > h DivlSIONS
!_ PRO _ CESS-CCS_ _ _ _ _ _ .g .
___4 ===% ...
. . . . . . . . .m . =....-- un m a a SIGNAL CONDITIONING l_ POWER CONTROL SYSTEM _ _ _ - - - .4
=_ g ===-
I=DIApANNEL P .i . . . . . . . . . - - a _1L_
# 's ! _ESF SENSORS &
(s) l COMPONENTS FIGURE 2.5.2-2 ENGINEERED SAFETY FEATURES-COMPONENT CONTROL SYSTEM ONE DIVISION AND INTERCONNECTIONS n-nm nev.oi
SYSTEM 80 + O O O PROCESS CONTROL EQUIPMENT l MAIN CONiRO5 ROOM I KEY: CONTROL & DISPLAY +-E---> > HARD WIRED OR g INTERFACE DEVICES DATA LINK
~
l MASTER TRANSFER
--g---> D TA UN OR g DISCRETE SIGNAL (E.G. FIBER OPTIC) lREuOTE SHUTDOWN ROOu 'l COMPONENT : eOwER SuPety l *'
CONTROL NS"EI"SENEviCs + -- - -
- LOGIC D iSOLAmN
- ~~~~~
DIAS DISCRETE INDICATION & I DATA PROCESSING SYSTEM ! + _ g ,,,,, _ _ _ ALARM SYSTEM
~ " " " " ~ ~ ~ ~ ~ '
MCC MOTOR CONTROL
- ~ ~ " " " " ~ ~ " "
CENTERS l~ DIAS - CHANNEL N -S---- L- ----- I RTSS REACTOR TRIP SWITCHGEAR l I l l PROTECTION SYSTEMS CEDMCS CONTROL ELEMENT DRIVE l "" - "" l l MECHANISM SIGNAL ! SIGNAL CONTROL SYSTEM
;"" SIGNAL l l-- -@ - - -> VALIDATION y l CONDITIONING qy gCONDITIONING
--- I CEDMCS l l_ _, _ l jk POWER I k MCC
,..g SUPPLY l l l 1r (sj j _ g
!_RTSS ' e* N l
-y- (sj I
I l 1 r { - - m - - - - -- - - - - - l_ WIRED I g
._OR_ ,
-, 1r l~MCC l 1 f 1r
"" f"-
l og lbHB E ! ME GENCYFEEDWATER 5
. 3 NTROLS ._ PUMy & VALV_ES _ ,
FIGURE 2.5.4-2 PROCESS CONTROL EQUIPMENT AND INTERCONNECTIONS ..,,.,yREV. o,,
O O O SYSTEM 80+" TAllLE 2.6.1-1 (Continued) AC ELECTRICAL POWER DISTRIBUTION SYSTEM Inspections. Tests. Analyses. and Acceptance Criteria Design Commitment Inspections. Tests. Analyses Acceptance Criteria
- 16. For the EPDS, Class IE power is 16.a) Testing on the as-built EPDS will be 16.a) A test signal exists in only the Class IE supplied by two independent Class IE performed by providing a test signal in Division under test in the EPDS.
Divisions. Independence is rrdntained only one Class IE Division at a time. between Class IE Divisions and % tween Class IE Divisions and non-Class IE 16.b) Inspection of the as-built EPDS Class 16.b) In the EPDS, physical separation or equipment. IE Divisions will be conducted. electrical isolation exists between Class IE Divisions. Physical separation or electrical isolation exists between these Class IE Divisions and non-Class IE equipment.
- 17. Class IE medium voltage switchgear, 17. Inspection of the as-built EPDS Class 17. As-built Class IE medium voltage low voltage switchgear, and MCCs are 1E medium voltage switchgear, low vol- switchgear, low voltage switchgear, and identified according to their Class IE tage switchgear, and MCCs will be con- MCCs are identified according to their Division. ducted. Class IE Division.
- 18. Class IE medium voltage switchgear, 18. Inspection of the as-built Class IE 18. As-built Class IE medium voltage low voltage switchgear, and MCCs are medium voltage switchgear, low voltage switchgear, low voltage switchgear, and located in Seismic Category I structures switchgear, and MCCs will be MCCs are located in Seismic Category and in their respective Divisional areas. conducted. I structures and in their respective Divisional areas.
- 19. Class IE EPDS cables and raceways are 19. Inspection of the as-built Class IE 19. As-built EPDS cables and raceways are identified according to their Class IE EPDS Divisional cables and raceways identified according to their Class IE Division. will be conducted. Division.
2.6.1 es. 7.,4 in . ei,
~
O O SYSTEh! 80+" TABLE 2.6.2-1 (Continued) EMERGENCY DIESEL GENERATOR SYSTEM InsDections. Tests. Analyses, and AcceDiance Criteria Design Commitment Inspections. Tests. Analyses Acceptance Criteria
- 10. Electrical independence is provided 10.a) Testing will be performed on each EDG 10.a) A test signal exists only in the EDG and between Class I E Divisions and between and support systems by providing a test support systems Division under test.
the Class IE Divisions and non-Class signal in only one Class IE Division at t IE equipment. a time. 10.b) Inspection of the as-installed Class 1E 10.b) Physical separation exists between Class Divisions of the EDG System will be IE Divisions of the EDG system. performed. Separation exists between Class IE Divisions and non-Class IE equipment in the EDG system. I1. A loss-of-power to a Class 1E medium i1. Testing for the actuation and connection i 1. As-built EDGs automatically start on voltage safety bus automatically starts its of each EDG will be performed using a receiving a LOOP signal and attain a respective EDG and load sheds both signal that simulates a loss-of-power. voltage and frequency in 5: 20 seconds Class IE buses within the affected which will assure an operating voltage Division. Following attainment of and frequency at the terminals of the required voltage and frequency, the Class IE equipment that is within the EDO automatically connects to its equipment's tolerance limits, respective Divisional buses. After the automatically connect to their respective EDG connects to its iespective buses, Divisional buses, and sequence their the non-accident loads are automatically non-accident loads onto their Divisional sequenced onto the buses. buses.- 2.6.2 *n-w at . ou
i O O SYSTEh! 80+" TABLE 2.6.2-1 (Continued) EMERGENCY DIESEL GENERATOR SYSTEM Inspections. Tests. Analyses. and Acceptance Criteria Desien Commitment Inspections. Tests. Analyses Acceptance Criteria
- 12. Each EDG receives an automatic start 12. Testing for the actuation of each EDG 12. Each EDG receives a start signal in signal in response to a safety injection will be performed using signals that response to each of the following actuation signal (SIAS), a containment simulate a SIAS, a CSAS, and a EFAS. simulated signals; a SIAS, a CSAS, and spray actuation signal (CSAS), or an a EFAS, but does not automatically emergency feedwater actuation signal connect to its Divisional buses if the (EFAS). An EDG does not Divisional buses are energized.
automatically connect to its Divisional buses, if the Divisional Class IE buses are energized.
- 13. For a loss-of-power to a Class IE 13. Testing on the as-built EDG Systems 13. In the as-built EDG Systems, when medium voltage safety bus condition will be performed by providing SIASICSAS/EFAS and loss-of-power concurrent with a Design Basis Accident simulated SIAS/CSAS/EFAS and loss- signals exist, the EDG automatically condition (STAS /CSAS/EFAS), each of-power signals. starts, attains required voltage and EDG automatically starts and load frequency and is connected to its shedding of both Class IE buses within Divisional buses within 20 seconds.
the affected Division occurs. Following Following connection, the automatic attainment of required voltage and load sequence begins. Upon application frequency, the EDG automatically of each load, the voltage on these buses connects to its respective buses and does not drop more than 20% measured loads are sequenced onto the buses. at the buses. Frequency is restored to within 2% of nominal, and voltage is restored to within 10% of nominal within 60% of each load sequence time intervat. The SI, CS, and EFW loads are sequenced onto the buses in s; 40 seconds total time from initiating SIAS/CSAS/EFAS. 2.6.2 5 m me. oo
SYSTEM 80+= l 2.63 AC INSTRUMENTATION AND CONTROL POWER SYSTEM AND DC POWER SYSTEM DESIGN DESCRIPTION The AC Instrumentation and Control (I&C) Power System and DC Power System consist of Class 1E and non-Class 1E power systems. The non-Class 1E AC I&C Power System and DC Power System have non-Class 1E batteries, inverters, electrical distribution panels, and battery chargers. The non-Class 1E AC I&C Power System and DC Power System provide power to non-Class 1E equipment. The Class 1E AC Instrumentation and Control (I&C) Power System (also referred to as the Vital AC I&C Power System) and the Class 1E DC Power System (also referred to as the Vital DC Power System) consist of Class IE uninterruptible power supplies, their respective alternating current (AC) and direct current (DC) distribution centers, along with power, instrumentation and control cables to the distribution system loads. The Class 1E AC I&C Power System and the Class 1E DC Power System include the protection equipment provided to protect the AC and DC distribution equipment. The containment equipment hatch trolley, the reactor cavity flood valves, the holdup volume flood valves, and the hydrogen ignitors are the only electrical loads classified O as non-Class 1E which are directly connectable to the Class IE buses. Class 1E equipment is classified as Seismic Category I. The Basic Configuration of the Class 1E AC Instrumentation and Control Power System and Class 1E DC Power System is as shown on Figures 2.6.3-1 and 2.6.3-2. Class 1E AC Instrumentation and Control Power System The Class 1E AC I&C Power System consists of two Division (Division I and II) and i four Channel (A, B, C, D) unintemiptible power supplies, with their respective distribution panels. Each Class 1E AC I&C power supply is a constant voltage constant frequency inverter i power supply unit, which in normal operating mode receives Class 1E direct current (DC) power from its respective Class 1E DC distribution center. Each Class 1E inverter power supply unit also has capability to automatically and manually transfer from its respective Class 1E DC distribution center to an alternate source of alternating current (AC) power to directly supply the Class IE AC I&C Power System loads while maintaining continuity of power during transfer from the inverter power supply unit to the alternate power supply. This alternate power source is a voltage regulating device which is supplied power from the same AC power source as the 2.6.3 o5:7.,4 cx.v. cii 4
SYSTEM 80+" battery charger associated with the Class IE DC distribution center sersicing the inverter power supply unit. Each Class 1E inverter power supply unit is sized to provide powet to its respective distribution center loads. Class 1E inverter power supply units and their respective distribution centers are identified according to their Class 1E Division / Channel and are located in Seismic Category I structures and in their respective Division / Channel areas. Independence is provided between Class 1E Divisions. Independence is provided between Class 1E Channels. Independence is provided between Class 1E Divisions / Channels and non-Class 1E equipment. Class 1E AC I&C Power System distribution panels and their circuit breakers, disconnect switches, and fuses are sized to supply their load requirements. Distribution panels and disconnect switches are rated to withstand fault currents for the time tequired to clear the fault from its power source. Circuit breakers and fuses are rated to interrupt fault currents. Class 1E AC I&C Power System interrupting devices (circuit breakers and fuses) are coordinated so that the circuit interrupter closest to the fault opens before other p %J devices. Class IE AC I&C Power System cables are sized to supply their load requirements and are rated to withstand fault currents for the time required to clear the fault from its power source. The Class 1E AC I&C Power System supplies an operating voltage at the terminals of the Class 1E equipment which is within the equipment's voltage tolerance limits. Class 1E AC I&C Power System cables and raceways are identified according to their Class 1E Division / Channel. Class 1E cables are routed in Seismic Category I structures and in their respective Division or Channel raceways. Class 1E equipment is classified as Seismic Category I. Class 1E DC Power System The Class 1E DC Power System consists of two Divisional (Division I and II) and four Channel (A, B, C, D) batteries (2 Channel batteries per Division) with their respective DC electrical distribution panels and battery chargers. The Class 1E DC distribution system provides DC power to Class IE DC equipment and instrumentation and control circuits. 2.6.3 05:7 94 (nev. on
O O O " i SYSTEM 80+* SAFETY-RELATIO AND SEISMIC CATEGORY 1 NON-SAFETY-RELATED AND NON-SEISMIC CATEGORY 1
, - TO ATMOSPHERE A LA L Ak l
g______________.I v ELECTRICAL l g AREAS SERVED BY NON- s ROOM SMOKE OUTSIDE ESSENTIAL RECIRCULATING I
, , PURGE FAN AIR h
N ' ' d l 3 l A/C UNITS, FOR EXAMPLE, g NON-ESSENTIAL ELECTRICAL kW I 1.OUVER NOTE 2 I ROOMS, COMPUTER ROOM, L g i NON-SAFETY BATTERY ROOM, l ! w g CASUALTY AND SECURITY ROOM , y - SUBSPHERE g - g VENTILATION "u"^M^g _ - _ _ _ _ - - - - _'_ _ - _ 1 SYSTEM I_ g_ ____ ___ . I AREAS SERVED BY I ESSENTIAL RECIRCULATING A/C l l UNITS, FOR EXAMPLE, g 1 ESSENTIAL ELECTRICAL I ROOMS, I i lVITALINSTRUMENT AND g EQUIPMENT ROOMS FOR
- NOTES- t
- - CHANNELS A AND C, ls 4 NOTE 3
- 1. REMOTE SHUTDOWN ROOM HAS A - l REMOTE SHUTDOWN ROOM (NOTE 1) g REDUNDANT COOLING UNIT AND BATTERY ROOMS RECEIVING CHILLED WATER AND I CLASS 1E POWER FROM DIVISION 2. l y { l
? '
b, I
- 2. DAMPER TO BE CLOSED DURING /
TORNADO WARNING I -,- 5 lm r
- 3. SMOKE PURGE LINES AND DOWN STREAM COMPONENTS ARE NON-l k g" t SAFETY-RELATED AND NON-SEISMIC I !y ,
CATEGORY 1. I g l
- 4. SAFETY-RELATED ELECTRICAL ._ _ _ _ _ _ _ _ _ _ _ _ _ _ . ,
EQUIPMENT IS CLASS 1E. p ; CONTROL COMPLEX VENTILATION SYSTEM (BA1.ANCE OF CCVS-DIVISION 1) - 06-17-94 (REV.01) i
'~ O O O : SYSTEM 80+ SAFETY-RELATED AND SEISMIC CATEGORY 1 I NON-SAFETY RELATED AND NON-SEISMIC CATEGORY L TO ATMOSPHERE y JL JL Ik
,. ELECTRICAL !
ROOM SMOKE j t OUTSIDE 7 T, T, T, I l d. URGE FAN AIR 3
/ / -- / '
? AREAS SERVED BY NON-
W
/ j j jI I ESSENTIAL RECIRCULATING I \
l l A/C UNITS, FOR EXAMPLE, LOUVER NOTE 1 l l NON-ESSENTIAL ELECTRICAL 1 I ROOMS, AND NON-SAFETY I q I I BATTERY ROOM - j ; i I I ,gxy g ra,4 ; I I I NON-SAFETY-RELATED I AREAS, FOR EXAMPLE, I [ SUBSPHERE g
"I PERSONNEL DECONTAMINATION
$"T s ROOMS, BREAK ROOM, i l SHIFT ASSEMBLY OFFICES I l OPERATIONS SUPPORT CENTER, l g
AND RADIATION ACCESS 9E' TO CONTROL
) )3 ATMOSPHERE l ~~l NOTES: I I
- 1. DAMPER TO BE CLOSED l l l DURING TORNADO WARNING. h ' '
- 2. SMOKE PURGE LINES AND DOWN l AREAS SERVED BY q
STREAM COMPONENTS ARE NON- ESSENTIAL RECIRCULATING _ g SAFETY-RELATED AND NON-SEISMIC l A/C UNITS, FOR EXAMPLE, gg m CATEGORY 1. IESSENTIAL ELECTRICAL samwnooT. I -
- 3. SAFETY-RELATED ELECTRICAL ROOMS, VITAL INSTRUMENT 4 l
EQUIPMENT IS CLASS 1E. l AND EQUIPMENT ROOMS = IFOR CHANNELS B AND D, I
!^". 8^"_ERY ROOMS __________,,3 FIGURE 2.7.17-3 :
CONTROL COMPLEX VENTILATION SYSTEM (BALANCE OF CCVS-DIVISION 2) 06-17-94 (REV. 01) .; _._ _ . _ _ _ _ _ ___, . _ m __- __ -
O O O SYSTEM 80+ THE EXHAUST SUBSYSTEM IS SAFETY-RELATED UNLESS IDENTIFIED OTHERWISE. FAN -------- l SUBSPHERE l
- NOTE 3 i MN"" l ,--g
_ 7 JENT \.
- o FAN u g
\ 9 9-e l- i l
' STATUS
" " N3TE 1 h T > -- FILTRATION --
l 2 UNIT x -i l g PI b $"sE^$' h -' I I I I STA S I I OUTSIDE AIR l -I l FROM CONTROL g COMPLEX DUCT dk ! SHAFT AIR l l S P" ^" 7 STATUS I ! Nli AIR SUPPLY g '"I g SUBSYSTEM THE SUPPLY SUBSYSTEM IS NON-SAFETY RELATED. ~
-{ !
1r O S ! I NOTES:
- 1. THE DUCT WORK FROM THE BUILDING EXIT UP TO AND INCLIJDING THE ISOLATION DAMPER i
IS QUALIFIED FOR THE TORNADO DIFFERENTIAL PRESSURE.
- 2. SAFETY-RELATED ELECTRICAL EQUIPMENT OF THE AIR EXHAUST SUBSYSTEM IS CLASS 1 E.
- 3. THE RADIATION DETECTOR INSTRUMENTATION IS NON-SAFETY-RELATED.
FIGURE 2.7.20-1 SUBSPHERE BUILDING VENTILATION SYSTEM (ONE OF TWO DIVISIONS) *
. 06-17-94 (REV. 01)
O O O SYSTEM 80+* R
. . . . - .APAT)O.N,St,GNAL ,,,.
" O -
F _ NUCLEAR ANNEXI I s[ATus DIVISION 1
=
f , s . i I NOTE 1 r- 1
- I I O 2 O UNIT ] 3k @ I
-i 8 I
--9 VENT g I q g
~
s - -
- s[ATus c c '
( -- v"Nd " -- I l [ i I 7
~
1 I d o" ' l4 l b@ .itTu," l l l l I I I k I o" S i l i E**" _ uo .o,,mv UNIT
,A,.
STATUS
= l I q l
l I I y O
- K S
l-i NOTE:
- 1. THIS DAMPER IS MANUALLY CLOSED DURING A TORNADO WARNING.
FIGURE 2.7.23-1 NUCLEAR ANNEX VENTILATION SYSTEM o ,, <ney. ,, (DIVISION 1) .
SYSTEM 80+ O " I*"".***^.' O O FAN STATUS
- ~
~
NOTE 1 . n c O N
~ ~
UNIT T 1 N-I < s - - FAN 1f ][ STATUS c [- FR.TgION __ 4_
- k. \
2 - 2 O - --- T
. aAD8^To's sGNAL ,
r........., I sTA . t NUCLEAR ANNEX ' h _ s - DIVISION 2 s .
~ ' '
NOTE 1 . O jk Oa e UNIT e VENT 1 e
* * -h(- FAN status :
1I s s FILTRATON UNIT --g C C 8 e j u \ N
' -g ~
a a e 2 O m s
-i l
e e l T , , FAN s , STATUS , ,
' e
-== 5 e e i O $ '
OUTSIDE y '
#" FAN m j AIR SUPPLY m 7 8 r UNIT -
STATUS e K - u
- _i '
notes: O 3 .
- t. THIS DAMPER IS MANUALLY CLOSED DURING A TORNADO WARNING FIGURE 2.7.23-2 NUCLEAR ANNEXVENTILATION SYSTEM *****'"
(DIVISION 2)
SYSTEM 80+" 3.3 DESIGN RELIABILITY ASSURANCE PROGRAM The Design Reliability Assurance Program (D-RAP) is a program that will be perfonued during the detailed design and equipment specification phase prior to initial fuel load. The D-RAP evaluates and prioritizes the structures, systems and components (SSCs) in the design, based on their degree of risk significance. The D-RAP will identify the dominant failure modes for the risk-significant SSCs. The D-RAP will also identify the key assumptions and risk insights for the risk-significant SSCs. The D-R.AP scope includes risk-significant SSCs as determined by probabilistic, , deterministic, or other methods used for design certification to identify and prioritize risk-significant SSCs. The D-RAP purpose is to provide reasonable assurance that the plant design proceeds in a manner that is consistent with the original bases and design assumptions for the risk insights for the risk-significant SSCs. The D-RAP objectives are to provide reasonable assurance that the plant is designed such that: (1) it is consistent with the assumptions and risk insights for these risk-significant SSCs, (2) the risk-significant SSCs will not degrade to an unacceptable level during their design life, (3) the frequency of transients that challenge these O d SSCs will be acceptably low, and (4) these SSCs will function reliably when challenged. Inspections, Tests, Analyses, and Acceptance Criteria Table 3.3-1 specifies the inspections, tests, analyses, and associated acceptance criteria for the Design Reliability Assurance Program. O b 3.3 wn.u m . n , l l
O O O SYSTEM 80+" TABLE 33-1 1 l DESIGN RELIABILITY ASSURANCE PROGRAM InsDections. Tests. Analyses and Acceptance Criteria Design Commitment inspections. Tests. Analyses Acceptance Criteria
- 1. The Design Reliability Assurance 1. Inspections of the design reliability 1.a) Documentation exists that describes the Program (D-RAP) includes: scope, assurance program will be conducted. scope, purpose, and objectives of D-purpose, objectives; the process used to RAP used during plant design, and evaluate and prioritize the structures, concludes that the detailed design of risk systems and components (SSCs); and th'e significant SSCs is consistent with the list of SSCs designated as risk. D-RAP Design Description.
significant. For those SSCs designated as risk-significant, the process used to b) Documentation exists and concludes that determine dominant failure modes the process (probabilistic, deterministic, considered industry experience, or other) used to evaluate and prioritize analytical models, and applicable the SSCs in the design is based on the requirements. Also, for those SSCs risk-significance of the SSCs. designated as risk-significant, the key assumptions and risk insights considered c) A list of SSCs exists that is based on the operations, maintenance, and monitoring risk-significance of the SSCs. activities. d) For those SSCs designated as risk-significant: (i) Documentation exists and concludes that the process to determine dominant failure modes considered industry experience, analytical models, and applicable requirements. 3.3 es-it-s4 cue . ein
O O O . SYSTEM 80+" TABLE 33-1 (Continuedl DESIGN RELIABILITY ASSURANCE PROGRAM Inspections. Tests. Analyses, and Acceptance Criteria Design Commitment Inspections. Tests. Analyses Acceptance Criteria
- 1. (Continued) 1.d) (Continued)
(ii) Documentation exists and concludes that the key assumptions and risk insights from probabilistic, deterministic, or other methods considered operations, maintenance, and monitoring activities. i r 3.3 Sn.u m . .i,
- s. 4 & > - e ,a I
ENCLOSURE II To LD-94-048 f
+
.1 i
D
CESSAR Hinnem,. TABLE 1.10-1 (Sheet 3 of 7) COL LICENSE INFORMATION COL No. FSER No. Section Subject 9-2 9.2.1-1 9.2.1.1.4, Organic fouling and inorganic buildup in the 9.2.1.4, 9.2.5.4 SSWS (including GS-151) 9-3 9.2.1-2 9.2.1.2.1.2 Station service water system pump structure l 9-4 9.2.4-1 9.2.4.2 Potable and sanitary water systems l 9-5 9.3.4.1.4 Structures housing boric acid storage tank, l reactor makeup water tank, and holdup tank 9-6 9.5.1-1 9.5.1 Safety-grade provisions for the fire-protection l systems 9-7 9.5.1.5-1 9.5.1.11 Administrative controls for BTP CMEB 9.5-1 19.15.3.2 conformance and fire brigade 9-8 9.5.1.12 Fire Hazards Analysis l 9-9 9.5.2-1, 9.5.2.2.5, Communications systems 9.5.2-2, 9.5.2.1, l 9.5.2-3 9.5.2.2.6 9-10 9.5.3.2.2 Security lighting system l 9-11 9.5.4.1-1 8.3.1.1.4.11 Diesel operator training l ) 9-12 9.5.4.1-2, 9.5.4.2.1, Diesel generator auxiliary support systems 9.5.4.2-1, 9.5.5.2, 9.5.4, 9.5.5-1, 9.5.6.5,
,- 9.5.5-2, 9.5.6.2.2, 9.5.6-1, 9.5.7.2, 9.5.6-2, 9.5.8.?.1, 9.5.7-1, 9.5.9.2,9.5.9.4, 9.5.8-1, 9.5.9.5 9.5.9-1 9-13 9.2.5-1 9.2.5.1.3 Protected area perimeter abutting or crossing a l body of water 9-14 9.5.1.2.1.2-1 9.5.1.2 Procedures and training for using transfer l switches l 10-1 10.2 1 10.2.1 Turbine valve closing time 10-2 10.3-1 10.3.2.2 Steam hammer prevention i 10-3 10.4.4-1 10.4.4.2.4.1 Pressure drops between the steam generator l nozzles and each system valve l
Amendment W - 06/17/94
CESSAR insneuiu l TABLE 1.10-1 (Sheet 4 of 7) COL LICENSE INFORMATION I l COL No. FSER No. Section Subject l 104 10.4.7-2, 10.4.7.2.5, Avoidance of water hammer in the condensate, I 10.4.9-2 10.4.9.1.2 feedwater, and emergency feedwater systems i l 10-5 10.4.9-3 10.4.9.5.2 Steam binding in the emergency feedwater pump 11-1 11.1-1, 11.1, 11.5.1.1 Conformance with Appendix B to 10 CFR 20, 11.5-1 Appendix I to 10 CFR 50, ANSI N13.1, R.G. 1.21 and R.G. 4.15 11-2 11.4-1 11.4.1.1 Site-specific solid waste management system operating procedures l 11-3 11.5-2 11.5.1.4 Procedures in accordance with Position C of R.G. 4.15 l 11-4 11.2.1-1 11.2.5 Setpoints for radiation monitors l 11-5 11.5.1-1 11.5.2.6 Operation and maintenance manual for monitoring and sampling liquid and gaseous process and effluent streams 12-1 12.1.1-1 12.1.1.2 Operational ALARA policy l 12-2 12.1.2-1 12.2.3 Shielding analysis (including TMI II.B.2) 12-3 12.1.3-1 12.1.3 New regulatory guides 12-4 12.2.2.1 Radiation protection design acceptance criteria l 12-5 12.3.1-1 12.3.1.8 List of vital areas 12-6 12.3.4-1 12.3.4 Area radiation monitor location l 12-7 12.3.4-2 . 12.3.4 Portable airborne iodine monitor (TMI Ill,D.3.3) 12-8 12.4.5-1 12.4.5 Dose assessment 12-9 12.5-1 12.5 Health physics organization 13-1 13.1-1 13.1 Organizational structure of the site operator (including TMI 1.A.I.4, II.J.3.1) 13-2 13.3-1 13.3.2 Site-specific emergency planning 13-3 13.3.3.1.7 TSC communication equipment Amendment W - 06/17/94
CESSAR ENOicari:= TABLE 1.10-1 (Sheet 5 of 7) COL LICENSE INFORMATION COL No. FSER No. Section Subject 13-4 13.3-2 13.3.3.2, TMI III.A.1.2, " Upgrade Licensee Emergency
- 13.3.3.2.3, Support Facilities" 13.3.3.2.6, 13.3.3.4.1, 13.3.3.6.1, 13.3.3.6.5 13-5 13.4-1 13.4 Review and audit l 13-6 13.5-1 13.5 Plant procedures (TMI I.C.1, I.C.5, & I.C.9) l 13-7 1.2.13, 13.6 Site security and sabotage protection l 13-8 13.2-1 13.2 Training [TMI I.A.4.2, I.A.4.l(2), II.K.1(26)) l 13-9 13.5-2 13.5.2 Admmistrative Control Procedures TMI II.J.4.1, l II.K.1(10) 14-1 14.2.2.1 Organization and Staffing l 14-2 14.2.3-1, 14.2.1.1, 14.2.3, Testing program procedures and schedules 14.2.3-2, 14.2.4, 14.2.10, including scoping documents, startup 14.2.3-3, 14.2.11 administrative manual, test conditions, test 14.2.3-4, methodologies data collection and reduction, 14.2.4-1, reconciliation methods, and initial fuel load and 14.2.10-1, criticality procedures 14.2.11-1 14-3 14.2.6-1 14.2.6 Retention of Test Records l l 14-4 14.2.9-1 14.2.9 Trial use of plant operating and emergency j procedures i 14-5 14.2.12.2-1 14.2.7.1.3 Testing of personnel monitors and radiation survey instruments 14-6 14.2.13-1 14.2.7.5 Security system detailed description, tests, and acceptance criteria ;
14-7 14.3 ITAAC for site-specific design features l 15-1 15.7.3.4 Liquid tank failure minimum dilution flow l 15-2 15. A.3.2-1 6.1.2.2 Quantity of electrical cable insulation 17-1 17.1-1, 17.1, 17.2 Constmetion and Operation QA (including TMI 17.2-1 I.F.2, II.J.3.1) l
- Amendment W - 06/17/94 l
CESSAR !!nama TABLE 1.10-1 (Sheet 6 of 7) COL LICENSE INFORMATION COL No. FSER No. Section Subject 17-2 17.3.1-1, 17.3.1, 17.3.5, D-RAP completion l 17.3.5-1 17.3.7 i 17-3 17.3.9-1, 17.3.7, 17.3.9, Operations reliability assurance process ! 17.7 17.3.10, 17.3.13 implementation 18-1 18.9.3.2 Validation of operating ensemble 18-2 18.6.1.3.4-1 13.2 Operator training on " Plant Safety Parameter Display Console" 19-1 19.1, 19.15.3.1 Vulnerability of the intake structure due to 19.1.2.2.2-1 tornado-generated debris 19-2 19.1.2.2.3-1 19.7.5.3 Elements of the plant affecting the performance of systems in seismic events 19-3 19.1.2.4-4, 19.15, 20.2.56 Details of the layout of the critical components 19.5, 19.6, for fire and flood, interaction of internal flood 19.7 sources, and effects of fire suppression systems on other systems 19-4 19.8 19.7.5.3 Development of detailed seismic walkdown procedures to verify as-built SSC HCLPFs 19-5 19-10, 19-11 19.11.3.8 Calculation of specific flow rate and consideration of shielding requirements for local operator actions for the emergency containment spray backup system 19-6 19.1.2.2.6-1, 19.7.5.3, 19.15, Update of PRA to include final design detail and 19.1.4-1, Chapter 20 site-specific information including examination of l l 19.1.2.4-1, all external event hazards and analysis using site-19.1.2.4-2, specific spectra 19.1.2.4-3, 19.12 , 19-7 19.14 19.15.6 List of risk significant SSCs for D-RAP and operations reliability assurance process 19-8 19.15, 19-16, 19.15.6 Consideration of risk important operator actions ! 19.19 in developing procedures, training and human reliability related programs, and systems to l address in severe accident management and aligning the alternate AC source (AAC) procedures l Amendment W - 06/17/94
i CESSARE!ainem i l I 3.8 DESIGN OF CATEGORY I STRUCTURES The COL applicant referencing the System 80+ Standard Design will provide site and plant-specific structural design information. Information provided will include:
- Site related design parameters, j
- Foundation mat construction procedures,
- Allowable loads for designated laydown areas,
- Final electrical layout drawings to verify load allowances for cable trays,
- Procedures for quality control inspections,
- Documentation of radiographic examination of welds,
- Site-specific design specifications, including expansion anchors,
- A steel containment vessel as-built structural analysis report, and
- A Seismic Category I structural analysis report.
]
)
3.8.1 CONCRETE CONTAINMENT l l This section is not applicable to the System 80+ Standard Design. For a description of the containment, see Section 3.8.2. For a description of the containment shield building, see Section 3.8.4. 3.8.2 STEEL CONTAINNENT 3.8.2.1 Description of the Containment 3.8.2.1.1 General The containment is a spherical welded steel structure supported by embedding a lower segment between the containment internal structures concrete and the reactor building subsphere concrete. There is no structural connection between the free standing portion of containment and the adjacent structures other than penetrations and their supports. The lateral loads due to seismic and other forces are transferred to the foundation concrete by shear bars, friction and bearing. The diameter of containment is 200 ft. The plate nominal thickness is.1.75 inches. The transition region, where the free standing portion of the steel containment vessel enters the concrete, has a plate thickness of 2 inches. The cont ainment is shown . on the plans and elevations of Figures 1.2-2, 1.2-3, 1.2-5, 1.2-6, 1,2-7 and 1.2-9.
-The arrangement of the Nuclear Island structures, which includes containment and defines critical dimensions, flood barriers, and fire barriers, is shown in Figure 3.8-5.
The spherical shell plate segments will be shop fabricated and field welded. These plates will be approximately 25 feet long and 13 feet wide and can weigh as much as ten tons each; however, Amendment W 3.8-1 June 17, 1994
CESSAR E!!Encui:n l THIS PAGE INTENTIONALLY BLANK l Amendment W 3.8-la Jutte 17, 1994
CESSAR Emincum
- 4. Design documents for the structure.
Deviations from the design are acceptable provided the following acceptance criteria are met:
- 1. An evaluation consistent with the methods and procedures of Sections 3.7 and 3.8 is performed (depending on the extent of the deviations, the evaluation may range from the documenting of an engineering judgement to performance of a revised analysis and design), and
- 2. The structural design meets the acceptance criteria l specified in Section 3.8, and
- 3. The seismic floor response spectra of the as-built structure does not exceed the design basis floor response spectra by j more than 10%.
The structural analysis report will summarize the results of the reviews, evaluations, and corrective actions, as applicable, and conclude that the'as-built structure is in accordance with the design. 3.8.4.6 Material, Ouality Control, and Special Construction Techniques The Category I structures are poured-in-place reinforced concrete structures. The major materials that will be used in the construction are concrete, reinforcing bars and structural steel. A brief description of these materials is given below. 3.8.4.6.1 Material 3.8.4.6.1.1 Concrete The basic ingredients of concrete are cement, fine aggregates, coarse aggregates, and mixing water. Admixtures will be used if needed. Cement will be Type I or Type II conforming to " Standard Specification for Portland Cement," ASTM C150. For special circumstances, other approved cements will be used. Aggregates will conform to " Standard Specification for Concrete Aggregate," ASTM C33. Water used in mixing concrete will be clean and free from-injurious amounts of oils, acids, alkalis, salts, organic materials or other substances that may be deleterious to concrete or steel. A comparison of the proposed mixing water properties will be made with distilled water by 1.erforming the following tests: A. Soundness, in accordance with " Standard Test Method for Autoclave Expansion of Portland Cement," ASTM C151. The results obtained for the proposed mixing water will not exceed those obtained for distilled water by more than ten percent. Amendment V 3.8-37 April 29, 1994
CESSAR E! Enc == i B. Time of setting, in accordance with " Standard Test Method for Time of Setting of Hydraulic Cement by Vicat Needle," ASTM C191. The results obtained for the proposed mixing water will be within ten minutes for initial setting time and one hour for final setting time of those obtained for distilled water. C. Compressive strength, in accordance with " Standard Test Method for Compressive Strength of Hydraulic Cement Mortars (using 2 in. cube specimens) , " ASTM C109. The results obtained for the proposed mixing water will not be lower by more than five percent of those obtained for distilled water. _ The water used to make ice for concrete pours in hot weather will conform to the requirements for mixing water described above. Admixtures, if used and as determined by detailed mix design, will conform with the applicable ASTM standard: A. Air-entraining admixtures. " Standard Specification for Air-Entraining Admixtures for Concrete," ASTM C260. B. Water reducing, retarding, and accelerating admixtures.
" Standard Specification for Chemical Admixtures for Concrete," ASTM C494.
C. Pozzolanic admixtures. " Standard Specification for Fly Ash and Raw or Calcined Natural Pozzolan for use as a Mineral Admixture in Portland Cement Concrete," ASTM C618. D. Slag cement. " Standard Specification for Blended Hydraulic Cements," ASTM C595. E. Plasticizing admixtures. " Standard Specification for Chemical Admixtures for Use in Producing Flowing Concrete," ASTM C1017. The combined chloride content of the admixtures and mixing water will not exceed 250 ppm. The ingredient materials will be stored in accordance with the detailed recommendations presented in ACI 304 (Reference 10). Concrete mixes will be designed in accordance with ACI 301 (Reference 9). The batching, mixing and transporting of concrete will conform to ACI 301. The placement of concrete, consisting of preparation before placing, conveying, depositing, protection and bonding will be in accordance with ACI 301. Amendment N 3.8-38 April 1, 1993
CESSAR !!Minc m 11.1.7 OTHER REQUIREMENTS The building is to be founded on competent structural backfill as defined in Section 10.1 of this appendix. The bearing pressure shall not exceed the allowable value given in Table 2.0-1. 11.2 COMPONENT COOLING WATER HEAT EXCHANGER STRUCTURE 11.2.1 BUHEING CLASSIFICATION
- Quality Class 1
- Safety Class 3
- Seismic Category I 11.
2.2 DESCRIPTION
There are two Component Cooling Water (CCW) Heat Exchanger Structures, each structure houses two heat exchangers. The CCW system is a redundant system with only two heat exchangers required for plant operation. The first floor houses the heat exchanger, while the basemat levels contains pipirig and equipment. l I Each structure is a two story reinforced concrete structure approximately 34 ft high, from the top of the mat,110 ft long, and 44 ft wide founded on a four foot thick reinforced concrete mat located 17' - 0" below grade. The walls are 2' - 3" thick and the roof is two feet thick. The first floor of the structure is three feet thick and is supported by three rows of columns approximately twenty two feet on center with the two outer rows located directly under the two heat exchangers. The center row of these columns is continued through the first floor to provide additional support for the roof. The roof supports two fan rooms on one end of the building and two air inlet rooms on the opposite end of the building. Both of these rooms extend the width of the building and are approximately 23 { i feet wide with a partially open face covered with a bird screen. A concrete overhang is provided and i serves as a missile barrier for the open face. The outside doors are protected against tornado missiles by concrete missile barriers. CCW heat exchanger maintenance sumps are located in the basemat at one end of the structure. The sump has a capacity equal to the fluid contents of the shell inside of one heat exchanger. There are floor ctrain sumps located at the opposite end of the structure. The CCW Heat Exchanger Structures shall be located a minimum of 50 feet away from any hydrogen storage area to preclude loading to the structure from a potential hydrogen burn. An underground tunnel is connected to each CCW Heat Exchanger Structure from the Nuclear Annex for the CCW piping. The top of the tunnels basemat is at the same elevation as the top of the CCW Heat Exchanger Structure basemat. Amendment W 3.8A-45 June 17,1994
CESSAR !!nincamn ! 11.2.3 ELEVATIONS
- El.121'-9" Top of roof of fan / air filter room a El.111'-9" Top of Roof
- El. 91'-9" Top of the first floor (1 foot above grade)
- El. 73'-9" Bottom of basemat 11.2.4 CODES AND STAhTARDS The codes and standards applicable to Seismic Category I buildings shall be met.
11.2.5 LOADS In addition to the minimum design loads requirements of Section 5.1 of this appendix, the following additional specific load requirements shall be met. Should conflicting values occur between this section and Section 5.1 of this appendix, the values specified in this section apply. , 11.2.5.1 Dead Load (D) The weight of each heat exchanger when full of water is approximately 250 Kips excluding the heat exchanger saddle and leg supports. The heat exchanger support is not covered by this criteria and shall be designed in accordance with the rules of ASME Boiler and Pressure Vessel Code, Section III, Division I, Subsection NF. 11.2.5.2 Live Load (L) The CCW Heat Exchanger Structure shall be designed for the following live loads. It_m Live Load
- Fan and Air inlet Room 150 psf
- Roof 100 psf
- First floor 150 psf
- Basemat 250 psf 11.2.5.3 Tempprature Loads (T)
The nonnal concrete surface operating temperature within the building ranges from 60*F to 90'F. The ambient temperature range outside of the building shall be assumed to range from -10'F to 100*F (See Section 5.1.1.5 of this appendix). Site specific provisions may be taken to minimize the effects of the structural temperature gradient produced by these conditions. 11.2.5.4 Seismic Loads (E') The seismic accelerations shall be as specified in the Table 3.8A-3.
^
Amendment V 3.8A-46 April 29,1994
=. -
(""" ' ' ) CESSARHnincm. EFFECTIVE PAGE LISTING CHAPTER S Table of contents Pace Amendment i I 11 R iii I iv I v U vi U vii I viii T t ix R I x R xi T xii R xiii I xiv R xv I Text Pace Amendment Pace Amendment Pace Amendment 5.1-1 N 5.2-27 N 5.3-21 N i 5.1-2 V 5.2-28 U 5.3-22 N 5.1-3 N 5.2-29 U 5.3-23 I 5.1-4 N 5.2-30 W 5.4-1 N 5.1-5 V 5.2-31 U 5.4-2 N 5.2-1 U 5.2-32 U 5.4-3 T 5.2-2 N 5.2-33 U 5.4-4 T , 5.2-3 Q 5.2-34 U 5.4-5 Q 5.2-4 Q 5.2-35 U 5.4-6 Q 5.2-5 U 5.2-36 U 5.4-7 , 5.2-6 Q 5.2-37 U 5.4-8 T 5.2-7 Q 5.3-1 V 5.4-9 T 5.2 -8 Q 5.3-2 V 5.4-10 N 5.2-9 W 5.3-3 R 5.4-11 Q 5.2-10 U 5.3-4 R 5.4-12 N 5.2-11 i? 5.3-5 E 5.4-13 J 5.2-12 W 5.3-6 E 5.4-14 Q 5.2-13 W 5.3-7 E 5.4-15 W 5.2-14 T 5.3-8 R 5.4-16 N 5.2-15 W 5.3-9 I 5.4-17 N V i 5.2-16 W 5.3-10 D 5.4-18 5.2-17 V 5.3-11 R 5.4-19 Q 5.2-18 D 5.3-12 V 5.4-20 I 5.2-19 V 5.3-13 S 5.4-21 U 5.2-20 V 5.3-14 N 5.4-22 T , 5.2-21 V 5.3-15 R 5.4-23 Q 5.2-22 N 5.3-16 E 5.4-24 Q 5.2-23 N 5.3-17 E 5.4-25 V J 5.2-24 W 5.3-18 N 5.4-25a V 5.2-25 U 5.3-19 N 5.4-25b Q 5.2-26 U 5.3-20 N 5.4-26 Q ! l l Amendment W l June 17, 1994 l
(Sheat 2 of 3) CESSAR CESION CERTIFICAT1%N , 1 EFFECTIVE PAGE LISTING (Cont'd) CEkPTER 5 Text (Cont'd) Page Amendment Page Amendment 5.4-27 V . 5.4.27a V 5.4.27b V 5.4-28 W 5.4-29 W 5.4-30 W 5.4-31 Q 5.4-32 W 5.4-32a W 5.4-32b W
.5.4-33 U 5.4-33a U 5.4-33b R 5.4-34 T 5.4-34a T ,
5.4-34b R 5.4-35 N 5.4-36 N 5.4-37 T 5.4-38 U L 5.4-39 5.4-40 5.4-41 N 5.4-42 Q 5.4-43 N 5.4-44 I 5.4-45 D 5.4-46 D 5.4-47 W Tables Amendment Tables Amendment 5.1.1-1 V 5.4.2-1 (Sheet 1) Q 5.1.1-2 V 5.4.2-1 (Sheet 2) N ; 5.1.1-3 V 5.4.7-1 (Sheet 1) I ' 5.2-1 U 5.4.7-1 (Sheet 2) T 5.2-2 (Sheet 1) V 5.4.7-1 (Sheet 3) I 5.2-2 (Sheet 2) W 5.4.7-2 (Sheet 1) I
- 5.2-2 (Sheet 3) V 5.4.7-2 (Sheet 2) N 5.2-2 (Sheet 4) V 5.4.7-2 (Sheet 3) I 5.2-2 (Sheet 5) W 5.4.7-2 (Sheet 4) N l 5.2-3 R 5.4.7-2 (Sheet 5) V 5.3-1 E 5.4.7-2 (Sheet 6) I 5.3-2 E 5.4.7-2 (Sheet 7) V 5.3-3 N 5.4.10-1 N i
5.3-4 N 5.4.10-2 5.3-5 D 5.4.13-1 N 5.3-6 5.4.13-2 W 5.3-7 V 5.4.1-1 T knendment W June 17, 1994 l-
i C E S S A R n!Mnca m n 1 To prevent halide-induced intergranular corrosion which could I occur in aqueous environment with significant quantities of dissolved oxygen, flushing water is inhibited via additions of hydrazine. Results of tests have proven these inhibitors to be completely effective. Operational chemistry specifications restrict concentrations of halide and oxygen, both prerequisites of intergranular attacks (refer to Section 9.3.4). ; 5.2.3.4.1.3 Characteristics and Mechanical Properties of Cold-Worked Austenitic stainless steels for RCPB Componauts Cold-worked austenitic stainless steel is not utilized for components of the RCPB. 5.2.3.4.2 Control of Welding 5.2.3.4.2.1 Avoidance of Hot Cracking A. NSSS Components
- 1. Regulatory Guide 1.31 In order to preclude microfissuring in austenitic stainless steel welds, RCPB components are consistent with the recommendations of Regulatory Guide 1.31 as follows:
The delta ferrite content of each lot and/or heat of weld filler metal used for welding of austenitic stainless steel code components shall be determined for each process to be used in production. Delta ferrite determinations for consumable inserts, electrodes, rod or wire filler metal used with the gas tungsten arc welding process, and deposits made with the plasma arc welding process ray be determined by either of the alternative methuds of magnetic measurement or chemical analysis descr!. bed in Section III of the ASME Code. Delta ferrite verification should be made for all other processes by tests using the magnetic measurement method on undiluted weld deposits described by Section III of the ASME Code. The average ferrite content shall meet the acceptance limits of SFN to 15FN for l weld rod or filler metal. .;
- 2. Regulatory Guide 1.34 Regulatory Guide 1.34 is discussed in Section 5.2.3.3.2.2. ,
I Amendment N 5.2-23 April 1, 1993
CESSAR Hnine-
- 3. Regulatory Guide 1.71 Regulatory Guide 1.71 is discussed in Section 5.2.3.3.2.3.
5.2.4 INSERVICE INSPECTION AND TESTING OF REACTOR COOLANT PRESSURE BOUNDARY An Inservice Inspection (ISI) program will be provided for the
- examination of the Reactor Coolant Pressure Boundary (RCPB) components and supports defined as Code Class 1. The program will reflect the principles and intent embodied in the ASME Boiler and Pressure Vessel Code, Section XI. Specific Code Editions and addenda required by 10 CFR 50.55a are referenced in the Preservice Inspection (PSI) and ISI programs, however, the PSI program will meet all requirements for Section XI of the same edition as the ASME Code used for construction, and the ISI program will meet the ASME Code Section XI in effect in accordance with 10 CFR 50.55a(g). The purpose of the inservice inspection program is to periodically monitor the systems or components requiring Inservice Inspection in order to identify and to repair those indications which do not meet acceptance standards.
The ISI Program consists of three subprograms as follows: A. The Component Inspection Program, which includes piping system welds, hangers, supports, internal inspection of pump and valve bodies and bolting. This includes ultrasonic testing in accordance with Appendix VIII of ASME Section XI, Edition and Addenda required by 10 CFR 50.55a. B. The Pump and Valve Inservice Test (IST) Program, which requires operability testing of selected pumps and valves, and C. The Hydrostatic Test Program. The development of the PSI and ISI program plans is the responsibility of the COL applicant and will be based on the ASME . Code Section XI, Edition and Addenda specified in accordance with 10 CFR 50.55a. For design certification, the NSSS designer is , responsible for designing the reactor coolant pressure boundary j for accessibility to perform the preservice and inservice inspections. Responsibility for designing other components for preservice and inservice inspection is the responsibility of the COL applicant. The COL applicant is also responsible for , specifying the Edition of the ASME Code Section XI to be used, i based on the procurement date of the component per 10 CFR 50.55a. ' ASME Boiler and Pressure Vessel Code, Section XI, Subsection IWH has-not been formally approved and issued for use by the nuclear industry. After approval and prior to implementation of the System 80+ pre-service inspection and in-service inspection programs, the COL applicant shall review the B&PV Code Subsection IWH to ensure appropriate compliance of these inspection programs. The provisions of 10 CFR 50. 55a (a) (3 ) (i) and (ii) shall apply in cases where the System 80+ design does not practically accommodate full adherence to Subsection IWH. l Amendment W 5.2-24 June 17, 1994
CESSAR inEnc m. 5.2.4.6 System Leakage and Hydrostatic Tests l 1 The hydrostatic and system leak tests for the reactor pressure l vessel and reactor coolant pressure boundary will be conducted in l accordance with the requirements of Articles IWA-5000 and IWB-5000 of ASME Section XI. Examinations performed during these ; tests will be conducted without the removal of insulation. Technical Specifications requirements on operating limits during heatup, cooldown, and system hydrostatic pressure testing shall be employed for these tests. 5.2.4.7 Code Exemptions As provided in ASME Section XI, IWB-1220, certain portions of Class 1 systems are exempt from the volumetric and surface examination requirements of IWB-2500. The following components (or parts of components) are exempt from the volumetric and surface examination requirements of IWB-2500:- (a) components that are connected to the reactor coolant system and part of the reactor coolant pressure boundary, and that are of such a size and shape so that upon postulated rupture the resulting flow of coolant from the reactor coolant system under normal plant operating conditions is within the capacity of makeup systems which are operable from on-site emergency power; (b) (1) piping of 1 inch nominal pipe size and smaller, except for steam generator tubing; (2) components and their connections in piping of 1 inch , nominal pipe size and smaller; (c) reactor vessel head connections and associated piping, 2 inch nominal pipe size and smaller, made inaccessible by control rod drive penetrations. I Amendment U 5.2-29 December 31, 1993
CESSARnnince 5.2.5 REACTOR COOLANT PRESSURE BOUNDARY (RCPB) LEAKAGE DETECTION SYSTEMS Heans for the C.tection of leakage from the Reactor Coolant Pressure Boundary are provided to alert operators to the existence of leakage above acceptable limits, which may indicate an unsafe condition for the facility. The leakage detection systems are sufficiently diverse and sensitive to meet the criteria of Regulatory Guide 1.45 for leaks from identified and unidentified sources. The leakage detection systems are capable of performing their functions following seismic events that do not require plant shutdown. 5.2.5.1 Leakage Detection Methods 5.2.5.1.1 Unidentified Leakage The methods employed to detect unidentified leakage are presented in the following sections. 5.2.5.1.1.1 Inventory Methods Total leakage from the Reactor Coolant System (RCS) can be determined by net level changes in the pressurizer and volume control tank over a measured time period since the RCS and the Chemical and Volume Control System (CVCS) represent a closed-loop system. Since letdown flow and the reactor coolant pump seal controlled bleedoff flow are collected and recycled back into the RCS by the CVCS, the net inventory in the RCS and CVCS under normal operating conditions should be constant. Transient changes in letdown flow rate or RCS inventory are accommodated by changes in the volume control tank level. By monitoring reactor drain tank and equipment drain tank level changes during the same time period, the portion of the total RCS leakage considered identified can be determined. Subtracting this identified leakage value from the total leakage value (corrected for any RCS contraction) results in the RCS unidentified leak rate. This procedure is in accordance with NUREG-1107 (RCSLK9: Reactor Coolant System Leak Determination for PWRs, December 1984). Makeup flow rate also pi.vides a means of detecting leakage from the RCS through measurement of the net amount of makeup flow to the system. The net makeup to the system under no-leakage steady state conditions should be zero. The makeup flow rates and the integrated makeup flow from the CVCS are continuously monitored and recorded. Analysis of the integrated makeup flow recorders over a period of steady state operation can provide detection of abnormal leakage. An increasing trend in the amount of makeup required will indicate an abnormal leak which is increasing in rate. Leaks occurring suddenly will be indicated by a step increase in the amount of makeup which does not decrease as would be.the case for a purely transient condition. Amendment W 5.2-30 June 17, 1994
(Shoot 1 of 8) CEl"CC E&6MElA CERTIFICATl!N B EEsl1N EFFECTIVE PAGE LISTING CHAPTER 6 Table of contents Page Amendment Page 5mendment Pace Amendment i I xiv N xxvii N 11 G xv V xxviii U iii G xvi G xxix I iv G xvii T xxx N v Q xviii T xxxi N vi I xix W xxxii I vii U xx G xxxiii I vili J xxi G xxxiv I ix T xxii J xxxv W x J xxiii U xxxvi W xi N xxiv I xxxvii W xii W xxv I xiii U xxvi 7. Text Pace Amendment Pace Amendment Pace &mendment 6.1-1 I 6.2-30 G 6.2-61 K 6.1-2 I 6.2-31 G 6.2-62 Q ! 6.1-3 V 6.2-32 Q 6.2-63 K 6.1-4 N 6.2-33 Q 6.2-64 T 6.1-5 W 6.2-34 N 6.2-65 U 6.1-6 V 6.2-35 N 6.2-66 U 6.2-1 Q 6.2-36 N 6.2-67 Q 6.2-2 N 6.2-37 N 6.2-68 Q , 6.2-3 G 6.2-38 N 6.2-69 U J 6.2-4 G 6.2-39 I 6.2-70 K 6.2-5 Q 6.2-40 W 6.2-71 W 6.2-6 N 6.2-41 Q 6.2-72 K 6.2-7 V 6.2-42 V 6.2-73 J 6.2-8 U 6.2-43 Q 6.2-74 Q 6.2-9 N 6.2-44 N 6.2-75 Q 6.2-10 Q 6.2-45 E 6.2-76 Q 6.2-11 0 6.2-46 J 6.3-1 Q 6.2-12 V 6.2-47 Q 6.3-2 T 6.2-13 Q 6.2-48 T 6.3-3 Q 6.2-14 N 6.2-49 J 6.3-4 Q 6.2-15 G 6.2-50 S 6.3-5 Q 6.2-16 N 6.2-50a U 6.3-6 Q 6.2-17 G 6.2-50b s 6.3-7 N 6.2-18 G 6.2-51 J 6.3-8 I 6.2-19 G 6.2-52 U 6.3-9 U i 6.2-20 G 6.2-53 U 6.3-10 U j 6.2-21 G 6.2-53a U 6.3-11 Q ! 6.2-22 N 6.2-53b T 6.3-12 N l 6.2-23 G 6.2-54 N 6.3-13 I 6.2-24 G 6.2-55 J 6.3-14 V 6.2-25 N 6.2-56 N 6.3-14a T 6.2-26 G 6.2-57 K 6.3-14b V 6.2-27 G 6.2-58 K 6.3-15 Q 6.2-28 G 6.2-59 U 6.3-16 N 6.2-29 G 6.2-60 Q 6.3-17 Q Amendment W June 17, 1994
l
.(Shoot 2'of 8) i CERR E.G GMAERD CERTIFICAT!*
cEsitN N I EFFECTIVE PAGE LISTING (Cont'd) ) i CHAPTER 6 Text (Cont'd) Page Amendment Pace Amendment Page Amendment 6.3-18 V 6.5-11 W 6.7-19 N 6.3-19 V 6.5-12 U 6.7-20 N 6.3-20 W 6.5-13 S 6.7-21 N 6.3-21 Q 6.5-14 N 6.7-22 0 6.3-22 Q 6.5-15 Q 6.8-1 W 6.3-23 N 6.5-16 V 6.8-2 N 6.3-24 N 6.5-17 V 6.8-3 U 6.3-25 U 6.5-18 N 6.8-4 U 6.3-26 N 6.5-19 S 6.8-5 U 6.3-27 N 6.5-20 S 6.8-6 U 6.3-28 N 6.5-21 S 6.8-7 U 6.3-29 N 6.5-22 S 6.8-7a U 6.3-30 N 6.5-23 V 6.8-7b U 6.3-31 N 6.5-24 V 6.8-8 U 6.3-32 N 6.5-25 R 6.8-9 N 6.3-33 S 6.5-26 W 6.8-10 V 6.3-34 N 6.5-27 W !. 6.3-35 W 6.5-28 W 6.3-36 S 6.5-29 N 6.3-37 R 6.5-30 Q 6.3-38 R 6.5-31 Q 6.3-39 N 6.5-32 W 6.3-40 N 6.5-33 W 6.3-41 N 6.6-1 V l 6.3-42 V 6.6-2 W 6.3-43 V 6.6-3 U 6.3-44 Q 6.6-4 U 6.3-45 I 6.6-5 U 6.3-46 Q 6.6-6 W 6.3-47 Q 6.7-1 N 6.3-48 U 6.7-2 N 6.3-49 I 6.7-3 N 6.4-1 Q 6.7-4 U 6.4-2 W 6.7-4a T 6.4-3 T 6.7-4b U 6.4-4 T 6.7-5 N 6.4-5 T 6.7-6 N 6.4-6 T 6.7-7 V 6.5-1 W 6.7-8 N 6.5-2 U 6.7-9 N 6.5-3 W 6.7-10 N 6.5-4 I 6.7-11 I 6.5-5 W 6.7-12 N 6.5-6 N 6.7-13 N 6.5-7 I 6.7-14 N 6.5-8 N 6.7-15 N 6.5-9 I 6.7-16 W
- 6.5-10 V 6.7-17 U 6.7-18 U l Amendment W June 17, 1994
L ( CESSAR Macam,. 6.6 . INSERVICE INSPECTION OF CLASS 2 AND 3 COMPONENTS 6.6.1 COMPONENTS SUBJECT TO EXAMINATION A Preservice Inspection (PSI) Program and an Inservice Inspection (ISI) Program will be provided for the examination of Code Class 2, Code Class 3 and other safety-related components in accordance with Section XI of the ASME Boiler and Pressure Vessel Code. The PSI Program will meet all requirements for Section XI of the same edition as the ASME Code used for construction, and the ISI Program will meet the ASME Code Section XI in effect in accordance with 10 CFR 50.55a(g). CESSAR-DC Table 3.2-1 specifies the Safety Classes for components that have a safety function in accordance with ASME Code, Section III, Article NCA-2000; CESSAR-DC Section 3.2.2 defines the relationship between these Safety Classes and the Regulatory Guide 1.26, Rev. 3, Quality Groups. The purpose of the inservice inspection program is to periodically monitor the systems or components requiring inservice inspection in order to identify and to repair those indications which do not meet acceptance standards. Class 2 and 3 pressure retaining components are examined in accordance with the requirements of ASME Code Section XI Articles IWC-2500 and IWD-2500, respectively. A detailed inservice inspection program, including information on areas subject to examination, method of examination, and extent frequency of examination will be provided as required by 10 CFR 50.55a(g). The ISI Program consists of three subprograms as follows: A. The Component Inspection Program, which includes piping system welds, hangers, supports, internal inspection of pump and valve bodies and bolting. This includes Ultrasonic Testing in accordance with Appendix VIII of ASME Section XI, 1989 Addenda. B. The Pump and Valve Inservice Test (IST)- Program, which requires operability testing of selected pumps and valves, and C. The Hydrostatic Test Program, which requires flow testing and hydrostatic testing of systems. The development of the PSI and ISI program plans is the responsibility of the COL applicant and will be based on the ASME Code Section XI, Edition and Addenda specified in accordance with 10 CFR 50.55a. The COL applicant will be responsible for l designing components for preservice and inservice inspection. The COL applicant will be responsible for specifying the edition Amendment V 6.6-1 April 29, 1994
CESSAR E!Mema of the ASME Code Section XI to be used, based on the procurement dates of Class 2 and 3 components, per 10 CFR 50.55a. ASME Boiler and Pressure Vessel Code, Section XI, Subsection IWH has not been formally approved and issued for use by the nuclear industry. After approval and prior to implementation of the System 80+ pre-service inspection and in-service inspection l programs, the COL applicant shall review the B&PV Code Subsection i IWH to ensure appropriate compliance of these inspection ! programs. The provisions of 10 CFR 50. 55a (a) (3) (i) and (ii) shall apply in cases where the System 80+ design does not practically accommodate full adherence to Subsection IWH. 6.6.2 ACCESSIBILITY AND INSPECTABILITY Accessibility to equipment for maintenance, testing, and inspection is a basic element of the System 80+ design process, l as indicated in Table 1.2-1 (Item A.2) . Provisions have been ! made in the design and layout of Code Class 2 and 3 Systems to l allow for compliance with the inservice inspection requirements contained in ASME Code Section XI, Articles IWC-2000 and IWD-2000, and as defined in the inservice inspection program. Code class 2 and 3 components requiring inspection will be l designed for and be provided with access to enable the performance of Section XI inspections onsite. Systems and components are designed such that design, materials, and geometry do not restrict inspections required by Section XI of the ASME Code. Welds and other areas requiring periodic inspection are made , I accessible. Reinforcing pads, supports, piping and equipment have been located not to obstruct welds. Insulating materials are removable to provide accessibility for the required in-service inspection. 6.6.3 EXAMINATION TECHNIQUES AND PROCEDURES The examination techniques to be used for inservice inspection will include radiographic, ultrasonic, magnetic particle, liquid penetrant, eddy current, and visual examination methods. For all examinations, both remote and manual, specific procedures will be prepared describing the equipment, inspection technique, operator qualifications calibration standards, flaw evaluation, and records. These techniques and procedures will meet the requirements of Articles IWC-2000 and IWD-2000 in the ASME Code, Section XI edition in effect as stated in Section 6.6.1. Pre-service Inspection (PSI) and subsequent Inservice Inspection (ISI) will be conducted with equivalent equipment and techniques. For the preservice inspection, all of the items selected for inservice inspection shall be performed once in accordance with the ASME Code Section XI, Subsections IWC-2200 and IWD-2200, with the exception of the examinations specifically excluded by ASME Section XI from preservice requirements, such as the VT-2 examinations for Category C-H. Amendment W 6.6-2 June 17, 1994
CESSARnnincum For Class 2 and 3 piping systems. subject to volumetric and surface examination, the following piping designs are not used:
- 1. Valve to valve
- 2. Valve to reducer
- 3. Valve to tee
- 4. Elbow to elbow
- 5. Elbow to tee
- 6. Nozzle to elbow
- 7. Reducer to elbow
- 8. Tee to tee
- 9. Pump to valve l 1
6.6.4 INSPECTION INTERVALS i l The examination program for the 120-month inspection interval will be defined in the in-service inspection plan. The in-service inspection plan for all Code Class 2 and 3 systems and components will be in accordance with the requirements of the ASME Code Section XI edition in effect, per 10 CFR 50.55a, 12 months prior to the issuance of an operating license (initial interval). l .6.6.5 EXAMINATION CATEGORIES AND REQUIREMENTS The examination categories and requirements shall meet Section XI in effect as stated in Section 6.6.1 except where specific relief has been requested in accordance with NRC guidelines. 6.6.6 EVALUATION OF EXAMINATION RESULTS Evaluation of nondestructive examination results for Code Class 2 and 3 systems and components will be made in accordance with Articles IWC-3000 and IWD-3000 of Section XI and as defined in the inservice inspection program. Where acceptance standards for a particular component or Examination Category are in the course of preparation, evaluation will be based on acceptance standards for materials, and welds specified in the Section III edition applicable to the construction of the component. The results of the examinations and ovaluations will be documented in accordance with Article IWA-6000 of Section XI. Amendment U 6.6-3 December 31, 1993
CESSAR inEncavi:n Repair procedures for Code Class 2 and Class 3 components and the extent of their agreement with IWC-4000 and IWD-4000 respectively will be described in the inservice inspection program. 6.6.7 SYSTEM PRESSURE TEST Class 2 systems subject to system pressure tests will be tested in accordance with Articles IWA-5000 and IWC-5000 and Table IWC-2500-1, of ASME Code Section XI. Class 3 systems subject to system pressure tests will be tested in accordance with the requirements of Articles IWA-5000, IWD- - 5000, and Table IWD-2500-1, of ASME Code Section XI. 6.6.8 AUGMENTED IN-SERVICE INSPECTION Main steam, main feedwater, steam generator blowdown and emergency feedwater piping located in the containment penetration areas and designated break exclusion piping is subject to N
\
augmented in-service inspection in accordance with SRP 6.6, BTP ASB 3-1 and BTP MEB 3-1. Information concerning areas subject to examination, method of examination and frequency of examination is contained in the In-service Inspection Program. 6.6.9 CODE EXEMPTIONS As provided in ASME Code Section XI, Subsection IWC-1220, the following Class 2 components or parts of Class 2 components are exempted from the volumetric and surface examination requirements of IWC-2500: I. Components within Shutdown Cooling, Safety Injection, and Containment Spray Systems or portions of Systems A. For the Shutdown Cooling System and Containment Spray System:
- 1. Piping NPS 4 and smaller
- 2. Vessels, pumps, and valves and their connections in piping NPS 4 and smaller. Piping is defined as having a cumulative inlet and a cumulative outlet pipe cross-sectional area neither of which exceeds the nominal OD cross-sectional area of the designated size.
Amendment U 6.6-4 December 31, 1993
'CESSAR Ennncam,.
B. For the Safety Injection System:
- 1. Piping NPS 1 1/2 and smaller
- 2. Vessels, pumps, and valves and their connections in piping HPS 1 1/2 and smaller. Piping is defined as having a cumulative inlet and a cumulative outlet pipe cross-sectional area neither of which exceeds the nominal OD cross-sectional area of the designated size.
C. Vessels, piping, pumps, valves, other components, and component connections of any size in statically , pressurized, passive (i.e., no pumps) Safety Injection System Safety Injection Tanks (SITS). D. Piping and other components of.any, size beyond the last shutoff valve in open ended portions of systems that do not contain water during normal plant operating conditions. II. Components within systems or portions of systems other than Shutdown Cooling, Safety Injection, and Containment Spray Systems A. Piping NPS 4 and smaller B. Vessels, pumps, and valves and their connections in piping NPS 4 and smaller. Piping is defined as having a cumulative' inlet and a cumulative outlet pipe cross-sectional area neither of which exceeds the nominal OD cross-sectional area of the designated size. C. Vessels, piping, pumps, valves, other components, and component connections of any size in systems or portions of systems that operate (when the system function is required) at a pressure equal to or less than 275 psig and at a temperature equal to or less than 200*F. ; D. Piping and other components of any size beyond the last shutoff valve in open ended portions of systems that do i not contain water during normal plant operating , conditions. l l III. Integral Attachments Integral attachments of supports and restraints that are inaccessible due to being encased in concrete, buried , i underground, or encapsulated by guard pipe. Such cases will l l be minimized by design. i Amendment U 6.6-5 December 31, 1993
1 i CESSAR !!nine-w l l As provided in ASME Code Section XI, Subsection IWD-1220, the following Class 3 components or parts of Class 3 components are exempted from VT-3 visual examination requirements of IWD-2500: l i A. For systems, except the Emergency Feedwater System: '
- 1. Piping NPS 4 and smaller
- 2. Vessels, pumps, and valves and their connections in piping NPS 4 and smaller. Piping is defined as having a cumulative inlet and a cumulative outlet pipe cross- >
sectional area neither of which exceeds the nominal OD cross-sectional area of the designated size. B. For the Emergency Feedwater System:
- 1. Piping NPS 1 and smaller
- 2. Vessels, pumps, and valves and their connections in piping NPS 1 and smaller. Piping is defined as having a cumulative inlet and a cumulative outlet pipe cross-sectional area neither of which exceeds the nominal OD cross-sectional area of the designated size.
C. Components that operate at a pressure of 275 psig or less and at a temperature of 200'F or less in systems (or portions of systems) whose function is not required in support of the Shutdown Cooling System, Containment Spray System, or Safety Injection System. l D. Integral attachments of supports and restraints that are inaccessible due to being encased in concrete, buried i I underground, or encapsulated by guard pipe. Such cases will be minimized by design. Amendment W
- 6.6-6 June 17, 1994
CESSARsanc-14.3.3 CDM SECTION 3.0: ADDITIONAL CERTIFIED DESIGN MATERIAL Entrica in this section of the CDM have the same stmeture as the system material discussed in Section 14.3.2; i.e., design description text and figures and a table ofITAAC entries. The objective of this CDM material is to address selected design and construction activities which are applicable to more than one system and cannot appropriately be covered in the system-by-system information presented in Section 2.0 of the CDM. There are only three entries in Section 3.0 of the CDM: Piping Design, Radiation Protection, and the Design Reliability Assurance Program (see Section 17.3). Selected areas of the design are the subject of rapidly changing technology. These areas include the detailed instrumentation and control designs and the human factors engineering design of the Main Control Room and the Remote Shutdown Room. For these two areas of rapidly changing technology, applicable plans with appropriate acceptance criteria are specified in the CDM in the applicable systems of the System 80+ Standard Design. The Instrumentation and Controls design is specified as defm' ed systems; e.g., Plant Protection System, in Section 2.0 of the CDM in the same manner as other systems, structures, and components. The I&C system designs including applicable program plans; e.g., the Schware Development Plan, have been completed and approved. The aspects of the design which are not l completely specified relate to the components to be used in the as-built system. For these aspects, detailed plans have been developed, reviewed, and approved. This includes a software program manual governing verification and validation activities, an equipment qualification plan, and a plan specifying safety system dedication of commercial products. This level of design detail combined with the completion of the required detailed planning documents provides the basis for a positive safety determination and the ability to specify ITAAC to assure that the as-built I&C system conforms to the cenified design. Improvements in I&C technology are still readily accommodated into the I&C systems at the component level without affecting the certified design. Human factors design is incorporated in the design of the Main Control Room (MCR) and the Remote Shutdown Room (RSR) which are contained in Section 2.0 of the CDM. Design details, features, and characteristics, including applicable planning documents are completed such that only human factors verification and validation of the as-built configurations of the MCR and RSR are required to complete specified ITAAC. Design details for the MCR configuration, integrating display (IPSO), and six standard man-machine interface features used throughout the MCR and RSR designs were reviewed and approved. The human factors process review included the eight HFE Program Review model elements.. Four PRM clements were completed. Procedures development, the fifth element, is performed by a COL applicant. The remaining three elements were addressed with detailed plan and human factors guidance documents which were reviewed and approved. Consequently, the ITAAC specified in the CDM for the MCR and the RSR relate only to the human factors verification and validation evaluations of the as-built configurations with the detailed evaluation methods and acceptance criteria specified in CESSAR-DC and its referenced plans. This level of detail in the design and the completeness of the supporting plans and guidance documents provide the bases for a positive safety determination and the ability to specify ITAAC that would demonstrate conformance with the certified design. 14.3-11 Amendment W - 06/17/94
CESSAR !!nL= Piping Desien l 14.3.3.1 The piping design section of the CDM defines the processes by which System 80+ standard plant piping will be designed and evaluated. The material applies to piping systems that are classified as nuclear safety-related. In general, these piping systems are designated as Seismic Category I and are further classified as ASME Code Section III, Class 1, 2 or 3. The section also addresses the consequential effects of pipe rupture such as jet impingement, potential missile generation, and pressure / temperature effects. Certification of plant safety-related piping systems via design processes rather than via certification of specific design features is necessitated and justified by the following: (1) Piping design is based on detailed piping arrangement information as well as the geometry and dynamic characteristics of the as-procured equipment that forms part of the piping system. This detailed plant-specific information is unavailable at the time of design certification and cannot therefore be used to develop detailed design information. This precludes certification of specific piping designs. (2) An extensive definition of design methodologies is contained in Chapter 3 of CESSAR-DC. l These methodologies are not considered to be part of the CDM but are one of several methods
- for executing the design process steps defined in the piping design CDM. In addition, sample l design calculations have been performed with these methods to provide confidence that they are complete and yield acceptable design information.
l (3) Piping design for nuclear plants is a well-understood process based on straightforward engineering principles. This, together with the methodology dermition and sample calculations, provides confidence that future design work by individual applicants / licensees will result in acceptable designs that properly implement the applicable requirements. The technical material in the piping design CDM entry was selected using the criteria and methodology as discussed above for the Section 2.0 system entries. l 14.3.3.2 Radiation Protection > The radiation protection s.ection of the CDM defines the processes by which it will be confmned that the as-built facility has radiation protection features that maintain exposures for both plant personnel and the general public below allowable limits. The material applies to the radiological shielding and ventilation design of buildings within the scope of the certified design. Certification of plant radiation protection features via process dermition rather than via certification of specific design features is necessitated and justified by the following: (1) Actual radiological source terms are dependent upon the characteristics of the as-built, as-installed equipment. For example, such parameters as equipment sizes, geometry, and valve stem leakage rates influence source terms. Consequently, final radiological evaluation cannot 1 14.3-12 Amendment V - 04/29/94
i Inverters - Shutdown 3.8.8 3.8 ELECTRICAL POWER SYSTEMS i 3.8.8 Inverters - Shutdown j LC0 3.8.8 Inverter (s) shall be OPERABLE to support the onsite Class IE $ AC vital bus electrical power distribution subsystem (s) ! required by LC0 3.8.10, " Distribution Systems - Shutdown." APPLICABILITY: MODES 5 and 6 - ACTIONS CONDITION REQUIRED ACTION COMPLT. TION TIME A. One or more required A.1 Declare affected Imnediately inverters inoperable, required feature (s) inoperable. E \ A.2.1 Suspend CORE Immediately . ALTERATIONS. : AND q A.2.2 Suspend movement of Immediately i irradiated fuel assemblies. ! l SiD 1
.(continued) 1 l
l SYSTEM 80+ 3.8-39 06/17/94-Amendment W 16.3 Tech Spec l
Inverters - Shutdown 3.8.8 ACTIONS CONDITION REQUIRED ACTION COMPLETION TIME A. (continued) A.2.3 Initiate action to Immediately suspend operations with a potential for draining the reactor vessel. AND A.2.4 Initiate action to Immediately suspend operations involving positive reactivity additions. AND A.2.5 Initiate action to Immediately restore required s inverters to OPERABLE status. SURVEILLANCE REQUIREMENTS SURVEILLANCE FREQUENCY SR 3.8.8.1 Verify correct inverter voltage, 7 days [ frequency, vital buses]. and alignments to required AC SYSTEM 80+ 3.8-40 16.3 Tech Spec 06/17/94-Amendment W
DC Sources - Shutdown 1 B 3.8.5 BASES (continued) i l i REFERENCES 1. CESSAR-DC, Chapter 6.
- 2. CESSAR-DC, Chapter 15.
l [ j l l l I l l i SYSTEM 80+ B 3.8-71 06/17/94 Amendment W 16A Tech Spec Bases 1
Battery Cell Parameters B 3.8.6 B 3.8 ELECTRICAL POWER SYSTEMS B 3.8.6 Battery Cell Parameters BASES BACKGROUND LC0 3.8.6, " Battery Cell Parameters", utilizes Table 3.8.6-1 to delineate the limits on electrolyte level, float voltage, and specific gravity for the DC Power Source batteries. A discussion of these batteries and their OPERABILITY requirements are provided in the Bases for LC0 3.8.4, "DC [ Sources - Operating", and LC0 3.8.5, "DC Sources - l Shutdown". Within this table, Category A defines the limits l for each designated pilot cell and Category B does the same j for each connected cell. The Category A limits for the designated pilot cell's float voltage 2 [2.13] volts and a specific gravity of 2 [1.200] (0.015 below the manufacturer's fully charged nominal specific gravity) or a battery charging current that had stabilized at a low value) is characteristic of a charged cell with adequate capacity. The limits on electrolyte level ensures no physical damage to the plates occurs and adequate electron transfer capability is maintained in the event of transient conditions. The Category B limits for each connected cell's float voltage and specific gravity 2 [2.13] volts and a specific gravity of 2 [1.195] (0.020 below the manufacturer's fully charged nominal specific gravity with an average specific gravity of all the connected cells 2 [1.205] (0.010 below the manufacturer's fully charged nominal specific gravity) ensures the OPERABILITY and capability of the battery. The i limits on electrolyte level ensure no physical damage to the plates occurs and adequate electron transfer capability is maintained in the event of transient conditions. The. limits are based upon manufacturer's recommended values to ensure the OPERABILITY and capability of the battery. The specific gravity limits assure a manufacturer's recommended fully charged nominal specific gravity of 1.215. I Specific gravity must be corrected for electrolyte l temperature and level, and the float voltage limits may be corrected for average electrolyte temperature. These Notes l (continued) SYSTEM 80+ B 3.8-72 06/17/94 Amendment W 16A Tech Spec Bases 1
P E'CC ACERTIFICAT12N D CESI"N (Sheet 1 of 1) wEw&MNE EFFECTIVE PAGE LISTING CHAPTER 17 Table of contents Page Amendment i W 11 U ' 111 W iv W Text Page Amendment i 17.1-1 W ' 17.1-2 W 17.1-3 W 17.2-1 W 17.3-1 W 17.3-2 W 17.3-3 W 17.3-4 W 17.3-5 V , 17.3-6 U 17.3-7 W 17.3-8 W 17.3-9 W 17.3-10 W 17.3-11 W 17.3-12 W 17.3-13 W 17.3-14 W ' 17.3-15 W 17.3-16 L Tables Amendment I 17.3-1 (Sheet 1) , L j 17.3-1 (Sheet 2) L 17.3-1 (Sheet 3) L 17.3-2 (Sheet 1) L 17.3-2 (Sheet 2) L 17.3-3 W 17.3-4 W Fioures Amendment Floures Amendment 17.3-1 R 17.3-9 L l 17.3-2 W 17.3-10 L l 17.3-3 W 17.3-4 L 17.3-5 L 17.3-6 L 17.3-7 W 17.3-8 L AInendment W June 17, 1994
i CESSAR !!!L"icana l TABLE OF CONTENTS CHAPTER 17 Section Subiect Pace No. 17.0 OUALITY ASSURANCE PROGRAM 17.1-1 17.1 OUALITY ASSURANCE DURING THE 17.1-1 DESIGN PHASE 17.1.1 VERIFICATION PROCESS FOR DESIGN 17.1-1 BASIS EVENTS 17.2 OUALITY ASSURANCE DURING THE 17.2-1 OPERATIONS PHASE 17.3 RELIABILITY ASSURANCE PROGRAM 17.3-1 DURING THE DESIGN PHASE 17.
3.1 INTRODUCTION
17.3-1 17.3.2 SCOPE 17.3-1 17.3.3 PURPOSE 17.3-2 17.3.4 OBJECTIVE 17.3-2 17.3.5 ABB-CE ORGANIZATION FOR D-RAP 17.3-2 17.3.6 SSC IDENTIFICATION /PRIORITIZATION 17.3-4 Level I Analysis ' 17.3.6.1 17.3-5 17.3.6.2 Level II Analysis 17.3-6 17.3.6.3 External Events 17.3-6 17.3.6.4 Shutdown Analysis 17.3-7 17.3.6.5 Other Sources 17.3-7 17.3.7 DESIGN CONSIDERATIONS 17.3-7 17.3.8 DEFINING FAILURE MODES 17.3-9 17.3.9 OPERATIONS RELIABILITY ASSURANCE 17.3-9 ACTIVITIES l 17.3.10 OPERATIONS RELIABILITY 17,3-10 i ASSURANCE PROCESS l 17.3.11 D-RAP IMPLEMENTATION 17.3-11 l Amendment W . i June 17, 1994 l
CESSAR !!nificui:. TABLE OF CONTENTS (Cont'd) CHAPTER 17 Section Subiect Pace Nb. 17.3.11.1 CCWS Function 17.3-11 17.3.11.2 Earlier CCWS Desian 17.3-11 17.3.11.3 System Redesian 17.3-11 L 17.3.11.4 Failure Mode Identification 17.3-12 17.3.11.5 Identification of Maintenance 17.3-13 Beauirements , 17.3.12 GLOSSARY OF TERMS AND ACRONYMS 17.3-14 l 17.3.13 COL INFORMATION 17.3-15 17.3.14 REFERENCES 17.3-16 l l Amendment U ii December 31, 1993
l CESSARanam, 1 l I i LIST OF TABLES l CHAPTER 17 Table Subiect 17.3-1 Example of Component Importance for an ALWR for Internal Events 17.3-2 Example of Risk-Significant Ranking of SSCs for the CCWS Train 1 17.3-3 Example of CCWS Failure Modes & Operations Reliability Assurance Process Activities 17.3-4 CESSAR Locations Where D-RAP Systems and Equipment are Specified Amendment W iii June 17, 1994
CESSAR !!ninc m. I l i LIST OF FIGURES CHAPTER 17 Fiqure subiect 17.3-1 Example of System 80+ Design Functional Project I Organization l 17.3-2 Design Evaluation for SSCs 17.3-3 Process for Determining Dominant Failure Mode l of Risk-Significant SSCs 17.3-4 Use of Failure History to Define Failure Modes 17.3-5 Analytical Assessment to Define Failure Modes 17.3-6 Inclusion of Maintenance Requirements in the Definition of Failure Modes l17.3-7 Identification of Risk-Significant SSC Operations i Reliability Assurance Process Activities 17.3-8 Example of Early CCWS Design 17.3-9 Example of Improved CCWS Design 17.3-10 Example of Fault Tree for CCWS Train 1 Amendment W iv June 17, 1994
CESSARSEncm 17.3 RELIABILITY ASSURANCE PROGRAM DURING THE DESIGN PHASE This section presents the System 80+ Design Reliability Assurance Program (D-RAP). 17.
3.1 INTRODUCTION
The System 80+ Design Reliability Assurance Program (D-RAP) is a program that will be performed by the designers during detailed design and specific equipment specification phases to assure that l the important System 80+ reliability assumptions of the Probabilistic Risk Assessment (PRA) will be identified and considered throughout the plant life. The PRA evaluates the plant response to initiating events to assure that plant damage has a very low probability and risk to the public is very low. The PRA also evaluates improvements in overall plant safety relative to previous designs, and identifies the relative risk significance of the plant's structures, . systems and components (SSCs) . Input to the PRA includes details of the plant design and assumptions about the reliability of the plant risk-significant SSCs. The plant owner / operator will complete the site specific D-RAP and will have an operations reliability assurance process. The COL applicant / holder should incorporate the operational reliability assurance process objectives into existing programs (e.g. , quality assurance or maintenance) that will monitor equipment oerformance to provide reasonable assurance that the plant is operated and maintained with an acceptably low risk commensurate with PRA assumptions. [ COL Item 17-3]. The D-RAP will include the design evaluation of the System 80+. It will identify relevant aspects of plant operation, maintenance, and performance monitoring of important plant SSCs for owner / operator consideration in assuring safety of the equipment, maintenance of critical functions, and limited risk to the public. The policy and implementation precedures will be specified by the owner / operator (See Section 17.3.13). Also included in this explanation of the D-RAP is a descriptive example of how the D-RAP will apply to one potentially important plant system, the Component Cooling Water System (CCWS). The CCWS example shows how the principles of D-RAP will be applied to other' systems identified by the PRA as being significant with respect to risk. 17.3.2 SCOPE l The System 80+ D-RAP will include the design evaluation of the System 80+, and it will identify relevant aspects of plant operation, maintenance and performance monitoring of plant risk-significant SSCs. The PRA fol- the System 80+ and other industry sources will be used to identify and prioritize those SSCs that are important to prevent or mitigate plant transients or other events that could present a risk to the public, Amendment W 17.3-1 June 17, 1994
CESSAR sinincum. 17.3.3 PURPOSE The purpose of the D-RAP is to assure that the plant safety, as estimated by the PRA, is maintained as the detailed design evolves throughout the implementation and procurement phases and that pertinent information is provided in the design documentation to the future owner / operator. It is expected that the COL applicant will use this information so that equipment reliability and availability, as it affects plant safety, can be maintained through operation and maintenance during the entire plant life. 17.3.4 OBJECTIVE The objective of the D-RAP is to identify those plant SSCs that are significant contributors to risk, as shown by the PRA or other sources, and to assure that, during the implementation phase,'the plant design continues to utilize risk-significant SSCs whose reliability is commensurate with the PRA assumptions. The D-RAP will also identify key assumptions regarding any operation, maintenance and monitoring activities that the owner / operator should consider in developing its operations reliability assurance process to assure that such SSCs can be expected to operate , throughout plant life with a reliability consistent with that l assumed in the PRA. A major factor in plant reliability assurance is risk-focused maintenance (Reference 17.3-1). Maintenance resources are focused on those SSCs that enable the System 80+ risk-significant systems to fulfill their safety-related functions and maintain the safety margins. Also, maintenance is focused on SSCs whose failure may directly initiate challenges to risk-significant systems. All plant modes are considered, including equipment directly relied upon in emergency operating procedures (EOPs). Such a focus of maintenance will help to maintain an acceptably low level of risk consistent with the PRA. 17.3.5 ABB-CE ORGANIZATION FOR D-RAP The project organization used for the detailed design of System 80+, shown in Figure 17.3-1, was integrated and the responsibility I to meet the D-RAP objectives rests with the Project Director. l Regular meetings are scheduled to coordinate all the design and l D-RAP activities with participation of Engineering Manager, PRA and ! D-RAP Program Manager, the Project Integration Manager, the Quality , Assurance Manager, Regulatory Conformance Manager and other managers as necessary. During these meetings, design changes and the impact on the overall plant performance are identified, and discussions about the impact of these changes on plant risk are , held. Management meetings are also held in which programmatic , issues affecting the System 80+ design are discussed. The l responsibilities of each organization in the D-RAP plan are as follows: Amendment W 17.3-2 June 17, 1994 i
l CESSAR MEncma l The Project Director is responsible for the programmatic aspects of the plant design as well as the overall direction of the project, certification and licensing issues. The NSSS Design Manager is , responsible for the design of the nuclear steam supply system. The j Regulatory Conformance Manager has the responsibility of addressing ' any regulatory concerns and bringing these concerns to the attention of the Project Integration Manager and PRA and D-RAP Program Manager. The Nuclear Steam Supply System (NSSS) Design Engineering organization is the core of the RAP and it is responsible for the design of the System 80+ NSSS. It is in this group where the NSSS design and drawings are developed with inputs from the mechanical, Instrument and Controls, Reactor, and Fluid Systems subgroups. It I is also in this organization where the PRA models are developed as well as the Technical Specifications and plant procedures. The PRA and D-RAP Program Manager is responsible for managing and ) integrating the D-RAP Program and has direct access to the System 80+ Project Integration Manager and is responsible for keeping him abreast of D-RAP critical items, program needs and status. The PRA l l and D-RAP Program Manager or his designee will attend all of the design review and progress meetings. He has organizational freedom to: 1 I A. Identify D-RAP problems; , I B. Initiate, recommend or provide solutions to problems through l designated organizations; l C. Verify implementation of solutions; and D. Function as an. integral part of the design team and final design process. The PRA and D-RAP Program Manager is in the Reliability Analysis-Services Department which performs reliability analyses, risk assessments and PRAs. This group is part of AbB FE Nuclear Services and reports to the NSSS Design Manager, tlo % the PRA and D-RAP Program Manager (Figure 17.3-1). The PR7 i 7.t to the D-RAP and any of the System 80+ reliability anay 3 a will be performed in this organization and will be integrated into the System 80+ design. The Quality Assurance organization provides quality control by performing regular audits and participating in the scheduled meetings to discuss System 80+ issues. The COL applicant completing detailed design and equipment selection during the design phase, should submit its specific D-RAP organization for the NRC to review (See Section 17.3.13) [ COL Item 17-2). l Amendment W 17.3-3 June 17, 1994
CESSAREnne= 17.3.6 SSC IDENTIFICATION /PRIORITIZATION The PRA prepared for the System 80+ will be the primary source for identifying risk-significant SSCs that should be given special consideration during the detailed design and procurement phases and/or considered for inclusion in the operations reliability assurance process. The method by which the PRA is used to identify risk-significant SSCs is described below. The PRA insights are summarized in Section 19.15 and the system and component importance is given in Sections 19.9.4.1 and 19.9.4.2. It is also possible that some risk-significant SSCs will be identified from sources other than the PRA, such as nuclear plant operating experience, other industrial experience and relevant component failure data bases. Table 17.3-4 gives the sections in CESSAR-DC where systems and equipment are specified to be included in the D-RAP. The primary source for ~ the identification of systems and equipment to be included in the D-RAP is the PRA (Section 19). A Level III Probabilistic Risk Assessment (PRA) has been performed for the System 80+ design. The PRA evaluates the plant response to initiating events to assure that the risk to the public is also very low. Input to the PRA includes details of the plant design and assumptions about the reliability of the plant risk-significant Systems, Structures, and Components (SSCs). The results of the PRA include such things as core damage frequencies and the combination of equipment failures that lead to core damage or large releases. The primary analytical measure used is the Risk Achievement Worth (RAW). It represents how the Core Damage Frequency (CDF) would increase if the system or component always failed (i.e., failure probability of 1.0/ demand) . It gives an extreme measurement of how the risk would be affected if a system or component were poorly designed, selected, installed, maintained, or operated. This measure is given in Table 19.9.4-2 for internal events. For example, the steam generator atmospheric dump valves have a RAW of 5.14. If these valves were incapable of performing their task, the total core damage frequency would increase by a factor of 5.14. The ALWRs in general have a CDF that is approximately an order of magnitude lower than the existing plants. For the D-RAP program, risk significant SSCs are those SSCs that have a RAW of five or greater. The equipment not included in D-RAP will have a RAW less than 5. This means that if the excluded equipment is poorly designed, selected, or installed so that it has a near zero reliability, the predicted CDF would still be lower than that of the average existing plant by a factor of two. In the example of the atmospheric dump valves, because of the relative sensitivity (RAW 2: 5), the D-RAP would include them to assure the proper design, selection, installation, and maintenance, l 1 Amendment W 17.3-4 June 17, 1994 l l
CESSAR Huania. Another analytical measure to identify risk significant SSCs is the Risk Reduction Worth (RRW). This is a measure of how the CDF would be reduced if the component had a perfect reliability (failure probability 0.0/ demand) . The measure given is the ratio of the base CDF divided by the RRW CDF and is greater than 1.0. In the shutdown PRA, the inverse value is given. The third analytical measure is the Fussell-Vesely Worth (FVW). This gives the fraction of the base CDF that failure of the component contributes to the CDF. It is the best estimate for the importance of a component in the current design. Risk Significant SSCs are also selected based on regulations and engineering judgment. For example, equipment specified in 10CFR50.62 is considered. Risk significant SSCs as described in Section 3.3.1.4 of ANSI /ANS-51.1 are considered in the equipment classified as QC-2 in Table 3.2-1. 17.3.6.1 Level I Analysis The Level I analysis follows an accident sequence from an initiating event through failures of various safety functions to an end state which results in core damage. The Level I also predicts the frequency and dominant contribution to core damage. Table 19.9.4-2 gives the component importance for System 80+ for - internal events using different . importance measurements. As discussed above, components with a RAW (RAW, change in risk if failure rate is 1.0) greater than five have been selected for the D-RAP program. Table 19.9.4-2 highlights the components with RAWS greater than 5. Table 19.9.4-2 gives the Risk Reduction Worth for the components for internal events. The RRWs represent the reduction of risk with a component having a zero failure rate. The components with the. RRWs greater than 1.1 have been selected for the D-RAP and have been highlighted. All but four of these components were already included in the D-RAP because of their RAW and the four new components were noted in the table. .SSCs with a RAW between 2.0 and 5.0 were selected if their RRS was greater than 1.05. There were no SSCs which fell into this selection category. The Fussell-Vesely Worth (FVW) is a measure of what fraction of the CDF the component failure contributes. Table 19.9.4-2 gives the ' FVW for the components and failure modes. Using a selection criteria of 10%, seven components were selected for the D-RAP. All seven were already identified using the other two worths. 1 l Amendment V i 17.3-5 April 29, 1994 l l
CESSAR innncari - 17.3.6.2 Level II Analysis The Level II analysis predicts vessel failure, the containment response, and ascertains the likelihood, magnitude, and timing of radiological releases to the environment. Sections 19.11 and 19.14 describe a containment response and sensitivity analysis for the Level II of the PRA. The containment sprays were added to D-RAP
. bases on discussions in Section 19.11.3. Table 19.15.2-13 shows the sensitivity of the risk consequences to various Level II assumptions. Only one assumption (failure to isolate containment) showed a noticeable effect (sensitivity case / base case > 5) on releases. Failure to isolate the containment increases the risk consequences by a factor of 8.3. The other assumptions increase the risk by a factor of three or less.
17.3.6.3 External Events External events are described in Section 19.7 of the CESSAR-DC and include tornado, fire, flooding, and seismic events. The CDF due to tornado strike events is calculated to be 2.5E-7/ year. The event is modeled as loss of offsite power for 24 hours with the alternate AC source also being unavailable. Section 19.15.3.1 of CESSAR-DC describes the insights from this event. Failure of the diesels is the dominant cause and the designers are reminded of the importance of this safety equipment. Clogging of the SSW intake structure with tornado generated debris was also found to be important and the intake structure design has been included in D-RAP. The risks associated with fires are discussed in Section 19.7.3 of CESSAR-DC (CDF = 3.1E-8/ year) . Fires represent a small risk to the plant as long as the three hour fire barriers are designed and maintained between the divisions (Section 19.15.3.2). Fire barrier design has been included in D-RAP. Flood analysis is presented in Section 19.7.4 and the insights are given in Section 19.15.3.3. In a scoping analysis, the CDF from flooding was estimated as 1.3E-8/ year. The existence of the flood barriers dominates the risk and has been added to the D-RAP. The seismic analysis is presented in Section 19.7.5 of the l CESSAR-DC. The first dominant contributor to the plant HCLPF (High l Confidence of Low Probability of Failure) is seismically induced
]
gross structural failure due to a seismically induced i failure / overturning of the containment vessel, which is assumed to lead directly to core damage and containment failure. The second dominant contributor to the plant HCLPF is a seismically induced LOCA in excess of ECCS capacity caused by a seismically induced failure of the RCP supports. l l I Amendment U 17.3-6 December 31, 1993
CESSAR HMincum There are three sequences where the contributor to the plant HCLPF due to " mixed cutsets" is potentially significant. A " mixed f cutset" contains both seismic failures and random failures. These sequences are SEIS-SBO, EQA-15 and EQA-9. SEIS-SBO is a seismic , induced loss of offsite power with random failures of the diesels l and alternate AC source leading to a station blackout and battery I depletion. EQA-15 is a seismically induced ATWS early in the core f i life. The ATWS was assumed to be caused by seismic deformation of I the upper guide structure and leads to a small LOCA from failed check valves. EQA-9 is another ATWS sequence with failure of the charging system to provide long term reactivity control. The Safety Depressurization System also fails so that the SIS can not be used for reactivity control. The structures and equipment , associated with these external events have been added to the D-RAP. ! l 17.3.6.4 Shutdown Analysis l The shutdown risk assessment is presented in.Section 19.8 and the j insights are presented in Section 19.15.4 of CESSAR-DC. An importance analysis (Table 19.8.6-la) was performed for the branch points of the event trees. The branch points contain initiating events, the operator errors, and the equipment failures (fault tree cut sets) for the systems. The branch points with RAW values greater than five or RRWs less than O.8 or FVW greater than 0.1 have been included in D-RAP. 17.3.6.5 Other Sources On October 4-6, 1993, a panel of engineers from ABB-CE met to establish important PRA-based safety insights for System 80+ and recommend at what tier in the licensing environment they should be addressed. Recommendations for D-RAP and operations reliability assurance process were made (see Table 19.15-1). Design engineers have chosen to place their equipment into the D-RAP program. The references for this equipment are given in Table 17.3-4. 17.3,7 DESIGN CONSIDERATIONS The reliability of risk-significant SSCs, which are identified by the PRA, will be evaluated at the detailed design stage by appropriate design reviews and reliability analyses. Current data bases will be used to identify appropriate values for failure rates of equipment as designed, and these failure rates will be compared with those used in the PRA. Normally, the failure rates will be similar, but in some cases they may differ because of recent design t or data base changes. Whenever failure rates of designed risk-significant SSCs are significantly greater than those assumed in the PRA, an evaluation will be performed to determine if the equipment is acceptable or if it must be redesigned to achieve the appropriate reliability. Amendment W 17.3-7 June 17, 1994
CESSAREHL - For those risk-significant SSCs, as indicated by the PRA or other sources, component redesign (including selection of a different component) will be considered as a way to reduce the Core Damage Frequency (CDF) contribution. (If the system unavailability or the CDF is acceptably low, less effort will be expended toward redesign). If there are practical ways to redesign a risk-significant SSC, it will be redesigned and the change in system fault tree results will be calculated. Following any redesign, dominant SSC failure modes will be identified so that protection against such failure modes can be accomplished by appropriate activities during plant life. The design considerations that will go into determining an acceptable, reliable design and the SSCs that should be considered for the operations reliability assurance process are illustrated in Figure 17.3-2. l Using the PRA or other design documents, the designer will identify l to the COL applicant / holder the risk-significant SSCs, their associated failure modes and consequence, and reliability and availability assumptions, including any pertinent bases and uncertainties considered in the PRA. The designer will also provide this information for the COL applicant / holder to consider in developing an operations reliability assurance process to help assure that the PRA results will be achieved over the life of the l plant. This information can be used by the COL applicant / holder for establishing appropriate reliability and availability targets and the associated maintenance practices for achieving them. The COL applicant / holder shall develop, as part of the D-RAP and operations reliability asurance process, a life-cycle management plan to aid in the design and operation activities intended to l achieve the design life objectiveF. The life-cycle management plan I shall be initiated early enough in the design completion process to; 1) aid in the application, selection, and procurement of components with optimum design life characteristics, and 2) develop l an aging management plan capable c f assuring the plant's original l design basis throughout its life. The aging management plan shall cover (but not necessarily be limited to) containment structures, liner plates, embedded or
- buried structural components, piping, and other components. The l plan shall consider the potential causes of corrosion which ultimately may be present at the site, including the potential corrosion from copper ground mats. The plan should be initiated early in the design process so that adequate provisions for mitigation measures can be made.
In developing the life-cycle management plan, the COL applicant / holder shall consider the design life requirements prescribed in Section 11.3 [" Design Life"] of the EPRI Utility Requirements Document (URD) and the insights gained from the Nuclear Plant Aging Research Program (e.g., NUREG/CR-4731 and NUREG/CR-5314). Amendment W 17.3-8 June 17, 1994 1
l CESSAR !!nincari n 17.3.8 DEFINING FAILURE MODES The determination of dominant failure modes of risk-significant SSCs will include historical information, analytical models and , existing requirements. Many PWR systems and components have compiled a significant historical record, so an evaluation of that record comprises Assessment Path A in Figure 17.3-3. Details of Path A are shown in Figure 17.3-4. I For those SSCs for which there is not an adequate historical basis to identify critical failure modes, an analytical approach is necessary, shown as Assessment Path B in Figure 17.3-3. The details of Path B are given in Figure 17.3-5. The failure modes identified in Paths A and B are then reviewed, including the existing maintenance activities in the industry and the maintenance requirements (Assessment path C in Figure 17.3-3). Detailed steps in Path C are outlined in Figure 17.3-6. 17.3.9 OPERATIONS RELIABILITY ASSURANCE-ACTIVITIES Once the dominant failure modes are determined for risk-significant SSCs, an assessment should be used to determine suggested operations reliability assurance process activities that will l assure acceptable performance during plant life. Such activities may consist of periodic surveillance inspections or tests, monitoring of SSC performance, and/or periodic preventive maintenance (Reference 17.3-1). An example of a decision tree that would be applicable to these activities is shown in Figure 17.3-7. As indicated, some SSCs may require a combination of activities to assure that their performance is consistent with the PRA. l Periodic testing of SSCs may include startup of standby systems, surveillance testing of instrument circuits to assure that they will respond to appropriate signals, and inspection of passive SSCs (such as tanks and pipes) to show that they are available to perform as designed. Performance monitoring, including condition monitoring, can consist of measurement of output (such as pump flow rate or heat exchanger temperatures), measurement of magnitude of an important variable (such as vibration or temperature), and testing for abnormal conditions (such as oil degradation or local hot spots). Periodic preventive maintenance is an activity performed at regular ; intervals to preclude problems that could occur before the next ' preventative maintenance (PM) interval. This could be regular oil changes, replacement of seals and gaskets, or refurbishment of i equipment subject to wear or age-related degradation. The designer ; could provide the COL applicant with recommended reliability I activities such as providing limitations for assuring reliability, 1 and methods to determine service life, if known. ! l Planned maintenance activities should be integrated with the I regular operating plans so that they do not disrupt normal ) l Amendment W 17.3-9 June 17, 1994 i
l l CESSAR inEncmm operation. Maintenance that will be performed more frequently than refueling outages must be planned so as to not disrupt operation or be likely to cause reactor scram, engineered safety feature (ESF) actuation, or abnormal transients. Maintenance, planned for performance during refueling outages, must be conducted in such a way that it will have little or no impact on plant safety, on outage length, or on other maintenance work. As plant experience data accumulates, the failure rates and human l error rates in the operations reliability assurance process should be updated. These failure rates were used by the designer in the PRA. The COL applicant should provide a complete operations reliability assurance process description to be reviewed by the NRC (see Section 17.3.13) [ COL Item 17-3]. 1 l 17.3.'10 OPERATIONS RELIABILITY ASSURANCE PROCESS The operations reliability assurance process that is expected to be prepared and implemented by the COL applicant [ COL Item 17-3), should make use of the information provided by the designer. This information will help the owner / operator determine activities that should be included in the operations reliability assurance process. Examples of elements that might be included are as follows: Reliability Performance Monitoring -- Measurement of the
- performance of equipment to determine that it is accomplishing its goals and/or that it will continue to operate with low probability of failure and high availability. Monitoring should preferably be predictive in nature to prevent loss of critical functions.
Reliability Methodology -- Methods by which the plant / operator can compare plant data to the SSC data in the PRA. Problem Prioritization -- Identification, for each of the risk- significant SSCs, of the importance of that item as a contributor to its system unavailability and assignment of priorities to problems that are detected with such equipment. Root Cause Analysis -- Determination, for N.ohlems that occur l regarding reliability of risk-significant 30s, t< the root causes, those causes which, after correction, will not recur to again degrade the reliability of equipment. Corrective Action Determination -- Identification of corrective actions needed to restore equipment to its required I functional capability and reliability, based on the results of problem identification and root cause analysis. Corrective Action Implementation -- Carrying out identified corrective action on risk-significant equipment to restore equipment to its intended function in such a way that plant safety is not compromised during work. Amendment W 17.3-10 June 17, 1994
CESSAREMecm. Corrective Action Verification -- Post-corrective action tasks to be followed af ter maintenance on risk-significant equipment to assure that such equipment will perform its intended functions. Plant Aging -- Some of the risk-significant equipment is expected to undergo age related degradation that will require equipment replacement or refurbishment. Feedback to Designer -- The plant owner / operator should periodically compare performance of risk-significant equipment to that specified in the PRA and D-RAP, and, at its discretion, may send SSC performance data to plant or equipment designers in those cases that consistently show performance below that specified. The plant owner / operator should consider participation in the CEOG. Programmatic Interfaces -- Reliability assurance interfaces related to the work of the several organizations and personnel groups working on risk-significant SSCs. Maintenance Rule Integration -- The plant owner / operator should consider the integration or interface of operations reliability assurance process and the requirements of 10 CFR 50.65 which require the operator to develop a maintenance program for risk significant SSCs or SSCs that could produce trips or transients. The plant owner's operations reliability assurance process should l address the interfaces with construction, startup testing, operations, maintenance, engineering, safety, licensing, quality assurance and procurement of replacement equipment. 17.3.11 D-RAP IMPLEMENTATION An example of implementation of the D-RAP is given for the Component Cooling Water System (CCWS). This system was selected as an example because it was a support system and was found in the ; earlier System 80 PRA to contain risk-significant components. ] Because of this finding, and through the D-RAP organization i described in Section 17.3.5, the design was changed. The design l and analytical results, as presented in this chapter, is presented i only as a D-RAP example and does not necessarily correspond to the l current System 80+ design. 17.3.11.1 CCWS Function The Component Cooling Water System (CCWS) is a closed loop system , that provides cooling water flow to remove heat released from plant I systems, structures, and components. The CCWS functions to cool the safety-related and non-safety-related reactor auxiliary loads. Heat transferred by these components to the CCWS is rejected by the Station Service Water System (SSWS) via the CCWS heat exchangers. ! Amendment W 17.3-11 June 17, 1994
CESSAR inMCATl!N 17.3.11.2 Earlier CCWS Desian The System 80+ Design is an evolutionary plant and improvements were included with input from the earlier System 80 PRA. The earlier CCWS design is shown in Figure 17.3-3 and described in more detail in section 5.3.19 of Reference 17.3-2. It consisted of two independent, closed loop, safety trains. Each train contained one pump that was on standby. One of the major insights of the System 80 PRA (Section 8.2 of Reference 17.3-2) was that loss of the CCWS was a dominant cause of front-line system failure. Failure of the CCWS pumps to start and run were one of the dominant failure modes. 17.3.11.3 System Redesian To more easily meet the desired CDF for the ALWR, the CCWS probably required a redesign as represented in Figure 17.3-2. This redesign was also helped by design review meetings where the Project Manager for the RAP and PRA discussed with the designers the PRA results, including failure modes and importance of support systems to front line safety systems. An example of an improved CCWS design is given in Figure 17.3-9 and an example of analytical results are presented in Tables 17.3-1 and 17.3-2. Details of the actual System 80+ CCWS design and reliability analysis is given in Section 6.3.3 of the System 80+ PRA and do not necessarily correspond to the example presented here. The improved CCWS design contain two trains (only one is shown in Figure 17.3-9). Each train contains two pumps and one pump is kept running at all times. This design eliminated the important failure mode of the CCWS pump failing to start which was observed in the earlier design. Table 17.3-1 gives an example of the components importance for internal events for an ALWR. The Fussell-Vesley i Importance is the fraction of the CDF that the component failure contributes to. In this example, the components in the CCWS are underlined. The first CCWS component is only ranked 59th in importance based on this measure. The components in the improved CCWS meets the criteria that they have a small impact on risk (bottom of Figure 17.3-2) and can be considered in an operations j reliability assurance process. l 17.3.11.4 Failure Mode Identification Figure 17.3-3 gives two methods for operations reliability assurance process evaluation, using failure history or analytical I methods. For this example an analytical method as represented in l Figure 17.3-5 was used. Figure 17.3-10 gives an example of the upper level fault tree to analyze failure modes for Train 1 of an improved CCWS. Table 17.3-2 gives an example of the ranking of the risk significant SSCs for Train 1. There is also a second train l not evaluated in this table. Because this CCWS design is an evolutionary design using standard components, a search of the operational data bases for component failure rates and operations experience is also possible using Figure 17.3-4, but was not used l in this example. Amendment W 17.3-12 June 17, 1994
CESSAR UnLui:. l l i I Following the flow chart of Figure 17.3-5, the designer would I determine more details about each failure mode, including I piecepa-ts most likely to fail and the frequency of each failure mode category oc piecepart failure. This would result in a list of I the dominant failure modes to be considered in the operations l reliability assurance process. ASME Section XI requirements for l inspection and other mandated inspections and tests would be l identified, as indicatead in Figure 17.3-6. Examples of the types of failure modes that could impact reliability of these identified components are shown in Table 17.3-3. The example is not a complete listing of the important failure modes, but is intended to indicate the types of failures that would be considered. 17.3.11.5 Identification of Maintenance Requirements For each identified failure mode, the appropriate maintenance tasks will be identified to assure that the failure mode will be (1) avoided, (2) rendered insignificant, or (3) kept to an acceptably low probability. The type of maintenance and the maintenance frequencies are both important aspects of assuring that the equipment failure will be consistent with that assumed for the PRA. As indicated in Figure 17.3-7, the designer would consider periodic testing, performance testing or periodic preventive maintenance as possible operations reliability assurance process activities to l keep failure rates acceptable. For the CCWS, one pump in each train is in operation and all the va..ves are in that flow path are open. An example of the possible maintenance and testing follows and is summarized in Table 17.3-3. Minor PM on the pumps will be performed based on the recommendations of the vender (8000 hrs of operation for example) and a major overhaul would be performed every 50,000 hrs of operation. Only maintenance on one pump will be performed at a time during Modes 1 through 4. The most frequent surveillance requirement for the CCWS might be to verify that each CCW manual, power-operated or automatic valve in the flow path servicing essential equipment, that is not locked, sealed, or otherwise secured in position, is in its correct position. This-test is performed every 31 days. Additionally, there is a surveillance requirement that every 18 months, it must be demonstrated that each CCW automatic valve actuates and each CCW pump starts on an actual or simulated actuation signal. Example of maintenance activities and frequencies are shown in Table 17.3-3 for each identified failure mode. The D-RAP will include documentation of the basis for each suggested operations reliability assurance process l activity. Amendment W 17.3-13 June 17, 1994
i i CESSAR HE"icui:n 17.3.12 GLOSSARY OF TERMS AND ACRONYMS ALWR Advanced Light Water Reactor ASME American Society of Mechanical Engineers CCWS Component Cooling Water System CDF Core Damage Frequency, as calculated by the probabilistic risk assessment. CEOG Combustion Engineering plant Owners Group. CFR Code of Federal Regulations CL Combined License D-RAP Design Reliability Assurance Program, Performed by the plant designer to assure that the plant is designed so that it can be operated and maintained in such a way that the reliability assumptions of the probabilistic risk assessment apply throughout plant life. EOP Emergency Operating Procedure l EPRI Electric Power Research Institute ESF Engineered Safety Features I&C Instruments & Controls l Owner / Operator The utility, COL applicant, or other organization that owns and operates the System 80+ following construction. PM Preventative Maintenance PRA Probabilistic Risk Assessment -- Performed to identify and quantify the risk associated i with the System 80+ l l PWR Pressurized Water Reactor RAP Reliability Assurance Program RCM Reliability Centered Maintenance Risk-Significant Those structures, systems and components which are identified as contributing significantly to the system unavailability. SSC Structures, Systems, and Components SSWS Station Service Hater System i l l l Amendment W 17.3-14 June 17, 1994 l
CESSAR innncam. 17.3.13 COL INFORMATION A. Policy and Implementation Procedures for D-RAP The COL applicant will specify the policy and implementation procedures for using D-RAP information. (See Subsection 17.3.1) [ COL Item'17-2] l B. D-RAP Organization The COL applicant completing its detailed design and equipment selection during the design phase, must submit its specific D-RAP organization for NRC review. (See Subsection 17.3.5) [ COL Item 17-2] l C. Provision for Operations Reliability Assurance Process l The COL applicant will implement an operations reliability assurance process, to be reviewed by the NRC in the plant's maintenance program, QA program, or other existing programs. (See Subsection 17.3.9)[ COL Item 17-3] c Amendment W 17.3-15 June 17, 1994
CESSAR !!nL m. = 17.3.14 REFERENCES 17.3-1 Lofgren, E. V., et al., "A Process for Risk-Focused Maintenance," SAIC. NUREG/CR-5695, March 1991 17.3-2 Finnicum, D. J. , et al, " Base Line Level 1 Probabilistic Risk Assessment for the System 80 NSSS Design," ABB-CE, January, 1988. Amendment L 17.3-16 February 28, 1993
TABLE 17.3-3 EXAMPLE OF CCNS FAILURE MODES & OPERATIONS RELIABILITY ASSURANCE PROCESS ACTIVITIES l Recommended Maintenance Component Failure Mode /Cause' Maintenance Intervals Basis CCWS pump fails to start, electrical functional test pump 18 months experience with other pumps fails to run, mechanical functional test 18 months experience with other pumps minor PM 8000 op. hrs pump vendor major PM 50000 op. hrs pump vendor ',. leaking seals, gaskets visual inspection 31 days ASME Code CCWS MOV fails to open functional test 31 days experience with MOVs manual vlv fails to remain open inspect viv interior 5 yrs corrosion experience left closed, op. error functional test after maintenance operating experience heat exchanger fails, leakage walkdown 31 days operating experience fouling monitor AP, AT , 7 day trending operating experience f 5 Amendment W Jun'e 17, 1994
h Management Project Advisory Board Director i m Assur nce En n '9 ng Chara eristics a> Manager Manager 5E zy "m Project Re ulatory
$o' Integration Con ormance Project Controls Manager O erations &
a nienance O$ Manager Manager aa 4m o E 3$ 0+ zS NSSS Gen rator Reactor Building Balance of Plant gg Design Mariager Design Manager Design Manager Design Manager 5 E I z PRA & D-RAP u3 Program Manager EB ca E O O. a3 88 4 2! '" E
'E 6'
i a
RISK SIGNIFICANT l SSCs IDENTIFIED BY PRA l SSC REDESIGN SYSTEM C FAULT TREE OR PROCEDURE + RECALCULATION CHANGE 1 f RELIABILITY ASSESSMENT ARE PRA RESULTS IN DESIGN PHASE: YES SIGNIFICANTLY CHANGED YES ARE FAILURE RATES > BY HIGHER FAILURE - THOSE IN PRA? RATE? NO NOl l 1 f l IS COMPONENT DOES SSC FAILURE HAVE YES REDESIGN FEASIBLE YES A LARGE IMPACT ON PRACTICAL AND COST C SYSTEM UNAVAILABILITY? EFFECTIVE? NO NO 1 r SSCs FOR OPERATIONS RELIABILITY ASSURANCE PROCESS l l Amendment W- 6/17/94 f DESIGN EVALUATION FOR SSCs l
RISK-SIGNIFICANT SSCs FOR OPERATIONS RELIABILITY ASSURANCE PROCESS 1 r ASSESSMENT PATH A DOES FAILURE HISTORY IDENTIFY CRITICAL FAILURE MODES AT PIECEPART LEVEL? NO 1 r i f ASSESSMENT PATH B
^
IDENTIFY EXISTING IDENTIFY CRITICAL FAILURE Z MAINTENANCE RELATED MODES AT PIECEPART LEVEL ACTIVITIES AND USING ANALYTICAL METHODS REQUIREMENTS l
+ + l DEFINE DOMINANT FAILURE MODES TO IDENTIFY MAINTENANCE j DEFEND AGAINST REQUIREMENTS l l
l I Amendment W- 6/17/94 j JFJ /O PROCESS FOR DETERMINING DOMINANT FAILURE MODES OF RISK-SIGNIFICANT SSCs Figure 17.3-3 )
c, INFORMATION NEEDED ASSESSMENT PATH A
. INPUT FROM ACCEPTED I DATA ASSESSMENTTO INDUSTRY DATA BASES ESTABLISH FAILURE HISTORY . CONSULTATION WITH f
KNOWLEDGEABLE ENGINEERING, OPERATIONS Y AND MAINTENANCE PERSONNEL DETERMINE THE ANALYSIS BOUNDARY (INDIVIDUAL
. ROOT CAUSE ANALYSIS COMPONENT, COMPONENT TYPE . DESIGN REVIEWS IN SIMILAR APPLICATIONS, ETC.) . SYSTEM WALKDOWNS -
1 f FROM FAILURE HISTORY, CONSTRUCT LIST OF FAILURE MODES /CAUSES AT PIECEPART LEVEL 1 f IF APPROPRIATE, DEVELOP FAILURE MODE CATEGORIES AND ASSIGN EACH PIECEPART FAILURE TO A CATEGORY 1 f OBTAIN OCCURRENCE FREQUENCY OF EACH CATEGORY (OR PIECEPART FAILURE) 1 r DEFINE THE DOMINANT FAILURE MODE LIST FROM DATA CONSIDERATIONS Amendment L - 2/28/93 f USE OF FAILURE HISTORY TO DEFINE FAILURE MODES ,
)
DOMINANT FAILURE MODES OF RISK-SIGNIFICANT SSCs 1 P DOES SSC REQUIRE YES -
" SPECIFY REQUIRED PERIODIC TESTING? TESTS NO 1 r DOES SSC REQUIRE YES_ SPECIFY PERFORMANCE TESTING? -
' PERFORMANCE MONITORING NO ;
1 f DOES SSC REQUIRE YES SPECIFY PERIODIC PERIODIC PREVENTIVE pg MAINTENANCE? NO m 1 r DOCUMENT FOR OWNER / OPERATOR MAINTENANCE ACTIVITIES AND BASES, PLUS UNCERTAINTIES, FOR THE RISK-SIGNIFICANT SSCs. l Amendment W- 6/17/94 IDENTIFICATION OF RISK-SIGNIFICANT SSC Figure j OPERATIONS RELIABILITY ASSURANCE PROCESS ACTIVITIES 17.3-7
HCV71 HCV72 ECWS HEAT . ECWS HEAT EXCHANGER EXCHANGER i- ,, EWA-E01 EWB-E01 HCV135 - - HCV136 HCVS HCV6 ECWS PUMP ECWS PUMP EWA-P01 EWB-P01 i TO NCWS FROM NCWS u 2 M m W ( n Uv65
% UV145 HCV146
- HCv66 l HCVS3 HCV54 u v
^ '
' SHUTDOWN W '
' SHUTDOWN HEAT EXCHANGER HEAT EXCHANGER l
SIA-E01 SIB-E01 HCV41 HCV42 t i t v ,, u ,, a n l l Amendment L- 2/28/93 f EXAMPLE OF EARLY CCWS DESIGN
(****' " ' ) CESSAR aninc m. i EFFECTIVE PAGE LISTING (Cont'd) CHAPTER 19 Text (Cont'd) Pace Amendment Pace Amendment Page Amendment 19.7-39 V 19.8-11 P 19.8-56 M 19.7-40 Q 19.8-12 M 19.8-57 W 19.7-41 U 19.8-13 M 19.8-58 M 19.7-42 Q 19.B-14 M 19.8-59 M 19.7-43 U 19.8-15 V 19.8-60 M 19.7-44 W 19.8-16 M 19.8-61 M 19.7-45 Q 19.8-17 M 19.8-62 M 19.7-46 U 19.8-18 V 19.8-63 M 19.7-47 U 19.8-19 M 19.8-64 M 19.7-48 U 19.8-20 V 19.8-65 M 19.7-49 U 19.8-21 M 19.8-66 M 19.7-50 U 19.8-22 M '19.8-67 M i 19.7-51 U 19.8-23 P 19.8-68 M , , 19.7-52 U 19.8-24 M 19.8-69 M ' 19.7-53 U 19.8-25 M 19.8-70 M 19.7-54 Q 19.8-26 W 19.8-71 P 19.7-55 U 19.8-27 M 19.8-72 M 19.7-56 U 19.8-28 M 19.8-73 M 19.7-57 U 19.8-29 M 19.8-74 M 19.7-58 U 19.8-30 M 19.8-75 M 19.7-59 U 19.8-31 M 19.8-76 M 19.7-60 U 19.8-32 M 19.8-77 M 19.7-61 U 19.8-33 S 19.8-78 S 19.7-62 V 19.8-33a S 19.8-79 V 19.7-63 V 19.8-33b M 19.8-80 M 19.7-64 U 19.8-34 S 19.8-81 P 19.7-65 V 19.8-35 M 19.8-82 V 19.7-66 Q 19.8-36 P 19.9-1 V 19.7-67 U 19.8-37 S 19.9-2 H 19.7-68 U 19.8-38 S 19.9-3 M 19.7-69 U 19.8-39 M 19.9-4 P 19.7-70 U 19.8-40 M 19.9-5 H 19.7-71 V 19.8-41 V 19.9-6 M 19.7-71a U 19.8-42 U 19.9-7 S 19.7-71b V 19.8-42a U 19.9-8 M 19.7-72 U 19.8-42b U 19.9-8a V 19.7-73 U 19.8-42c U 19.9-8b V 19.7-74 U 19.8-42d U 19.9-9 V 19.7-75 W 19.8-42e U- 19.9-10 M 19.7-76 W 19.8-42f V 19.9-11 S 19.7-77 U 19.8-43 V 19.9-12 M 19.8-1 P 19.8-44 M 19.9-13 S 19.8-2 M 19.8-45 V 19.9-14 M 19.8-3 W 19.8-46 M 19.9-15 H 19.8-3a W 19.8-47 V 19.9-16 M 19.8-3b S 19.8-48 V 19.9-17 V 19.8-4 U 19.8-49 W 19.9-18 V 19.8-5 S 19.8-50 M 19.9-19 V 19.8-6 V 19.8-51 M 19.9-20 S 19.8-7 V 19.8-52 M 19.9-21 S 19.8-8 M 19.8-53 M .19.9-22 M 19.8 V 19.8-54 M 19.9-23 S 19.8-10 M 19.8-55 M Amendment W June 17, 1994
* * * ' ' )
CESSAR Uninc mM EFFECTIVE PAGE LISTING (Cont'd) CHAPTER 19 Text (Cont'd) Pace Amendment Page Amendment Page Amendment 19.9-24 M 19.11-7 Q 19.11-58 Q 19.9-25 S 19.11-8 V 19.11-59 Q 19.9-26 M 19.11-9 V 19.11-60 Q 19.9-27 V 19.11-10 V 19.11-61 Q 19.9-28 M 19.11-11 Q 19.11-62 N 19.9-29 S 19.11-12 U 19.11-63 V 19.9-30 M 19.11-13 V 19.11-64 V 19.9-31 M 19.11-14 V 19.11-65 V 19.9-32 M 19.11-15 U 19.11-66 V 19.9-33 V ( 19.9-34 V 19.11-16 19.11-17 N U 19.11-67 19.11-68 Q t Q 19.9-35 V 19.11-18 U 19.11-69 Q 19.9-35a V 19.11-19 U 19.11-70 Q 19.9-35b U 19.11-20 U 19.11-71 N 19.9-35c W 19.11-21 V 19.11-72 Q 19.9-35d U 19.11-22 V 19.11-73 Q 19.9-35e U 19.11-23 W 19.11-74 N 19.9-35f U 19.11-24 Q 19.11-75 Q 19.9-36 U 19.11-25 W 19.11-76 Q l 19.9-37 T 19.11-26 N 19.11-77 Q 19.9-38 V 19.11-27 V 19.11-78 Q 19.9-39 T 19.11-28 Q 19.11-79 Q 19.9-40 T 19.11-29 W 19.11-80 Q 19.9-41 M 19.11-30 W 19.11-81 Q 19.9-42 T 19.11-31 U 19.11-82 V 19.9-43 T 19.11-32 V 19.11-83 V 19.9-44 T 19.11-33 V 19.11-84 V 19.9-45 V 19.11-34 N 19.11-85 Q 19.9-46 M 19.11-35 N 19.11-86 V 19.10-1 T 19.11-36 V 19.11-87 V 19.10-2 W 19.11-37 U 19.11-88 V 19.10-3 T 19.11-38 N 19.11-89 V 19.10-4 T 19.11-39 N 19.11-90 Q l 19.10-5 T 19.11-40 N 19.11-91 N l 19.10-6 M 19.11-41 U 19.11-92 Q l 19.10-7 M 19.11-42 N 19.11-93 V 19.10-8 M 19.11-43 V 19.11-94 Q 19.10-9 P 19.11-44 Q 19.11-95 V 19.10-10 V 19.11-45 V 19.11-96 V 19.10-11 T 19.11-46 Q 19.11-97 V 19.10-12 V 19.11-47 V 19.11-98 V 19.10-13 T 19.11-48 Q 19.11-99 .V , 19.10-14 V 19.11-49 V 19.11-100 V
-19.10-15 V 19.11-50 Q 19.11-101 V 19.10-16 T 19.11-51 Q 19.11-102 V 19.11-1. U 19.11-52 V 19.11-103 V 19.11-2 U 19.11-53 V 19.11-104 V 19.11-3 V 19.11-54 V 19.11-105 V 19.11-4 U 19.11-55 Q 19.11-106 Q 19.11-4a 0 19.11-56 W 19.11-107 V 19.11-4b U 19.11-57 V 19.11-108 V 19.11-5 V 19.11-109 y 19.11-6 Q 19.11-110 V Amendment W June 17, 1994
( """' ' ' ) C E S S A R En n cam w EFFECTIVE PAGE LISTING (Cont'd) CHAPTER 19 Text (Cont'd) Pace Amendment Pace Amendment Page Amendment 19.15-46 U 19.15-61 S 19.16-6 M 19.15-47 V 19.15-62 V 19.16-7 M 19.15-48 U 19.15-63 V 19.16-8 M 19.15-49 U 19.15-64 V 19.16-9 U 19.15-50 S 19.15-65 V 19.16-10 M 19.15-51 W 19.15-66 V 19.16-11 M 19.15-52 U 19.15-67 V 19.16-12 M 19.15-53 U 19.15-68 P 19.16-13 Q 19.15-54 S 19.15-69 U 19.16-14 Q 19.15-55 U 19.15-70 W 19.16-15 Q 19.15-56 U 19.15-71 U 19.16-16 Q 19.15-57 U 19.15-73 U -19.16-17 U 19.15-58 S 19.15-74 U 19.16-18 V 19.15-59 U 19.15-75 W 19.17-19 V 19.15-60 S 19.15-76 W 19.15-60a U 19.15-77 V 19.15-60b U 19.16-1 M 19.16-2 M 19.16-3 M 19.16-4 V 19.16-5 M Tables Amendment Tables Amendment 19.3.2-1 (Sheet 1) M 19.5-1 (Sheet 2) M 19.3.2-1 (Sheet 2) M 19.5-1 (Sheet 3) U 19.3.2-2 (Sheet 1) M 19.5-1 (Sheet 4) M 19.3.2-2 (Sheet 2) M 19.5-1 (Sheet 5) M 19.3.2-2 (Sheet 3) M 19.5-2 (Sheet 1) R 19.3.2-2 (Sheet 4) V 19.5-2 (Sheet 2) M 19.3.2-3 (Sheet 1) M 19.5-2 (Sheet 3) M 19.3.2-3 (Sheet 2) M 19.5-2 (Sheet 4) M 19.3.2-4 (Sheet 1) M 19.5-2 (Sheet 5) R 19.3.2-4 (Sheet 2) M 19.5-2 (Sheet 6) S 19.3.2-5 M 19.5-2 (Sheet 7) M 19.3.2-6 (Sheet 1) M 19.5-2 (Sheet 8) M 19.3.2-6 (Sheet 2) M 19.5-2 (Sheet 9) M 19.3.2-7 (Sheet 1) M 19.5-2 (Sheet 10) M 19.3.2-7 (Sheet 2) M 19.5-2 (Sheet 11) M 19.3.2-7 (Sheet 3) M 19.5-2 (Sheet 12) M 19.3.2-7 (Sheet 4) M 19.5-2 (Sheet 13) M 19.3.2-7 (Sheet 5) M 19.5-2 (Sheet 14) M 19.3.2-7 (Sheet 6) M 19.5-2 (Sheet 15) M 19.3.2-7 (Sheet 7) M 19.5-2 (Sheet 16) H 19.3.2-8 (Sheet 1) M 19.5-2 (Sheet 17) M 19.3.2-8 (Sheet 2) M 19.5-2 (Sheet 18) R 19.3.2-8 (Sheet 3) M 19.5-2 (Sheet 19) M 19.3.3-1 M 19.5-2 (Sheet 20) S 19.3.3-2 U 19.5-2 (Sheet 21) S 19.4.14-1 T 19.5-2 (Sheet 22) S 19.5-1 (Sheet 1) M 19.5-3 (Sheet 1) V Amendment W June 17, 1994
(""*** * ' ) CESSAR!EncmM EFFECTIVE PAGE LISTING (Cont'd) CHAPTER 19 Tables (Cont'd) Tables Amendment Tables Amendment 19.5-3 (Sheet 2) V 19.6.3.7-1 (Sheet 3) M 19.5-3 (Sheet 3) M 19.6.3.7-1 (Sheet 4) M 19.5-4 M 19.6.3.7-2 (Sheet 1) W 19.5-5 (Sheet 1) S 19.6.3.7-2 (Sheet 2) M 19.5-5 (Sheet 2) S 19.6.3.7-2 (Sheet 3) M 19.5-6 S 19.6.3.7-2 (Sheet 4) M 19.5-7 M 19.6.3.8-1 (Sheet 1) W 19.5-8 (Sheet 1) M 19.6.3.8-1 (Sheet 2) M 19.5-8 (Sheet 2) M 19.6.3.8-1 (Sheet 3) M 19.5-9 M 19.6.3.8-2 (Sheet 1) W 19.5-10 (Sheet 1) M 19.6.3.8-2 (Sheet 2) M , 19.5-10 (Sheet 2) M 19.6.3.9-1 (Sheet 1) W 19.5-11 S 19.6.3.9-1 (Sheet 2) M 19.6.1-1 (Sheet 1) M 19.6.3.9-1 (Sheet 3) M 19.6.1-1 (Sheet 2) M 19.6.3.9-1 (Sheet 4) M , 19.6.1-1 (Sheet 3) M 19.6.3.10-1 (Sheet 1) V 19.6.1-1 (Sheet 4) M 19.6.3.10-1 (Sheet 2) V 19.6.1-1 (Sheet 5) M 19.6.3.13-1 (Sheet 1) W 19.6.1-1 (Sheet 6) M 19.6.3.23-1 (Sheet 2) V 19.6.1-1 (Sheet 7) M 19.6.3.13-1 (Sheet 3) V 19.6.1-1 (Sheet 8) M 19.6.3.13-1 (Sheet 4) M 19.6.1-1 (Sheet 9) M 19.6.3.13-1 (Sheet 5) M 19.6.1-1 (Sheet 10) M. 19.6.3.13-1 (Sheet 6) M 19.6.1-1 (Sheet 11) M 19.6.3.13-1 (Sheet 7) M 19.6.1-1 (Sheet 12) P 19.6.3.13-1 (Sheet 8) M 19.6.3.1-1 (Sheet 1) V 19.6.3.13-1 (Sheet 9) V 19.6.3.1-1 (Sheet 2) M 19.6.3.13-1 (Sheet 10) M 19.6.3.1-1 (Sheet 3) P 19.6.3.13-1 (Sheet 11) M 19.6.3.1-1 (Sheet 4) R 19.6.3.13-1 (Sheet 12) M 19.6.3.1-1 (Sheet 5) P 19.6.3.13-1 (Sheet 13) M i 19.6.3.1-1 (Sheet 6) P 19.6.3.13-1 (Sheet 14) M 19.6.3.1-1 (Sheet 7) M 19.6.3.13-1 (Sheet 15). M 19.6.3.1-2 M 19.6.3.13-1 (Sheet 16) M , 19.6.3.6-1 P 19.6.3.14-1 (Sheet 1) W 19.6.3.6-2_(Sheet 1) W 19.6.3.14-1 (Sheet 2) M 19.6.3.6-2 (Sheet 2) M 19.6.3.14-2 (Sheet 1) W 19.6.3.6-2 (Sheet 3) M 19.6.3.14-2 (Sheet 2) V 19.6.3.6-3 W 19.6.3.14-2 (Sheet 3) V 19.6.3.6-4 (Sheet 1) W 19.6.3.14-2 (Sheet 4) V 19.6.3.6-4 (Sheet 2) M 19.6.3.14-2 (Sheet 5) V 19.6.3.6-4 (Sheet 3) M 19.6.3.14-2 (Sheet 6) v 19.6.3.6-4 (Sheet 4) M 19.6.3.14-2 (Sheet 7) M 19.6.3.6-5 (Sheet 1) W 19.6.3.15-1 W 19.6.3.6-5 (Sheet 2) M 19.6.3.16-1 (Sheet 1) V 19.6.3.6-5 (Sheet 3) M 19.6.3.16-1 (Sheet 2) V 19.6.3.6-5 (Sheet 4) M 19.6.3.17-1 (Sheet 1) W 19.6.3.6-5 (Sheet 5) M 19.6.3.17-1 (Sheet 2) M 19.6.3.6-6 (Sheet 1) W 19.6.3.17-1 (Sheet 3) M 19.6.3.6-6 (Sheet 2) M 19.6.3.17-1 (Sheet 4) M 19.6.3.6-6 (Sheet 3) M 19.6.3.17-1 (Sheet 5) M 19.6.3.6-6 (Sheet 4) M 19.6.3.17-1 (Sheet 6) M 19.6.3.7-1 (Sheet 1) W 19.6.3.17-1 (Sheet 7) M 19.6.3.7-1 (Sheet 2) M 19.6.3.17-1 (Sheet 8) M Amendment W June 17, 1994
CESSAR HELAmu EFFECTIVE PAGE LISTING (Cont'd) CHAPTER 19 Tables (Cont'd) Tables Amendment Tables Amendment 19.12.1-5 (Sheet 2) T 19.12.2.3-5A (Sheet 3) T 19.12.1-5 (Sheet 3) T 19.12.2.3-6 (Sheet 1) S 19.12.1-5 (Sheet 4) T 19.12.2.3-6 (Sheet 2) T 19.12.1-5 (Sheet 5) T 19.12.2.3-6 (Sheet 3) N 19.12.1-5 (Sheet 6) T 19.12.2.3-6A (Sheet 1) T 19.12.1-5 (Sheet 7) N 19.12.2.3-6A (Sheet 2) T 19.12.1-6 (Sheet 1) V 19.12.2.3-6A (Sheet 3) T 19.12.1-6 (Sheet 2) T 19.12.2.3-7 (Sheet 1) N 19.12.1-6 (Sheet 3) T 19.12.2.3-7 (Sheet 2) T 19.12.1-6 (Sheet 4) T 19.12.2.3-7 (Sheet 3) N 19.12.1-7 (Sheet 1) T 19.12.2.3-8 (Sheet 1) N 19.12.1-7 (Sheet 2) V 19.12.2.3-8-(Sheet 2) N 19.12.1-7 (Sheet 3) T 19.12.2.3-9 (Sheet 1) T 19.12.2.2.3-1 N 19.12.2.3-9 (Sheet 2) T 19.12.2.2.4-1 (Sheet 1) N 19.12.2.3-9 (Sheet 3) T 19.12.2.2.4-1 (Sheet 2) N 19.12.2.3-10 (Sheet 1) T 19.12.2.2.4-1 (Sheet 3) N 19.12.2.3-10 (Sheet 2) T 19.12.2.2.4-1 (Sheet 4) N 19.12.2.3-10 (Sheet 3) T 19.12.2.2.4-1 (Sheet 5) N 19.12.2.3-11 (Sheet 1) T , 19.12.2.2.4-1 (Sheet 6) N 19.12.2.3-11 (Sheet 2) T 19.12.2.2.4-1 (Sheet 7) S 19.12.2.3-11 (Sheet 3) T 19.12.2.2.4-1 (Sheet 8) N 19.12.2.3-12 (Sheet 1) T 19.12.2.2.4-1 (Sheet 9) N 19.12.2.3-12 (Sheet 2) T 19.12.2.2.4-1 (Sheet 10) S 19.12.2.3-12A (Sheet 1) T 19.12.2.2.4-1 (Sheet 11) N 19.12.2.3-12A (Sheet 2) T 19.12.2.2.4-1 (Sheet 12) S 19.12.2.3-13 (Sheet 1) T 19.12.2.2.4-2 N 19.12.2.3-13 (Sheet 2) N 19.12.2.2.6-1 N 19.12.2.3-14 (Sheet 1) T 19.12.2.2.6-2 N 19.12.2.3-14 (Sheet 2) T 19.12.2.2.6-3 N 19.12.2.3-15 (Sheet 1) T 19.12.2.2.6-4 N 19.12.2.3-15 (Sheet 2) T 19.12.2.2.7-1 N 19.12.2.3-16 (Sheet 1) T 19.12.2.2.7-2 N 19.12.2.3-16 (Sheet 2) T 19.12.2.2.10-1 N 19.12.2.3-16A (Sheet 1) T 19.12.2.3-1 (Sheet 1) S 19.12.2.3-16A (Sheet 2) T 19.12.2.3-1 (Sheet 2) S 19.12.2.3-17 (Sheet 1) T 19.12.2.3-1 (Sheet 3) S 19.12.2.3-17 (Sheet 2) T 19.12.2.3-1 (Sheet 4) S 19.12.2.3-17A T 19.12.2.3-1 (Sheet 5) S 19.12.2.3-18 (Sheet 1) T 19.12.2.3-2 (Sheet 1) N 19.12.2.3-18 (Sheet 2) T 19.12.2.3-2 (Sheet 2) N 19.12.2.3-18A T 19.12.2.3-2 (Sheet 3) N 19.12.2.3-19 T 19.12.2.3-3 (Sheet 1) S 19.12.2.3-20 T 19.12.2.3-3 (Sheet 2) T 19.12.2.3-21 (Sheet 1) W 19.12.2.3-3 (Sheet 3) N 19.12.2.3-21 (Sheet 2) W 19.12.2.3-4 (Sheet 1) N 19.12.2.3-21 (Sheet 3) W 19.12.2.3-4 (Sheet 2) N 19.12.2.3-21 (Sheet 4) W 19.12.2.3-4 (Sheet 3) N 19.12.2.3-21 (Sheet 5) W 19.12.2.3-5 (Sheet 1) N 19.12.2.3-21 (Sheet 6) W l 19.12.2.3-5 (Sheet 2) T 19.12.2.3-21 (Sheet 7) W l 19.12.2.3-5 (Sheet 3) T 19.12.2.3-21 (Sheet 8) W l 19.12.2.3-5A (Sheet 1) T 19.12.2.3-21 (Sheet 9) W : 19.12.2.3-5A (Sheet 2) T 19.12.2.3-21 (Sheet 10) W ) l Amendment W I June 17, 1994 1
CESSAR nninc m EFFECTIVE PAGE LISTING (Cont'd) CIUkPTER 19 Tables (Cont'd) Tables Amendment Tables Amendment 19.12.2.3-21 (Sheet 11) W 19.15-1 (Sheet 8) U 19.12.2.3-21 (Sheet 12) W 19.15-1 (Sheet 9) V 19.12.2.3-21 (Sheet 13) W 19.15-1 (Sheet 10) V 19.12.2.3-21 (Sheet 14) W 19.15-1 (Sheet 11) U 19.12.2.3-21 (Sheet 15) W 19.15-1 (Sheet 12) V 19.12.2.3-21 (Sheet 16) W 19.15-1 (Sheet 13) W 19.12.2.3-21 (Sheet 17) W 19.15-1 (Sheet 14) W 19.12.2.3-21 (Sheet 18) W 19.15-1 (Sheet 15) W 19.12.2.3-21 (Sheet 19) W 19.15-1 (Sheet 16) W 19.12.2.3-21 (Sheet 20) W 19.15-1 (Sheet 17) W 19.12.2.3-21 (Sheet 21) W 19.15-1 (Sheet 18) V 19.12.2.3-22 (Sheet 1) W 19.15.1-1 V 19.12.2.3-22 (Sheet 2) W 19.15.2-1 U 19.12.2.3-22 (Sheet 3) W 19.15.2-2 (Sheet 1) V 19.12.2.3-22 (Sheet 4) W 19.15.2-2 (Sheet 2) V 19.12.2.3-22 (Sheet 5) W 19.15.2-2 (Sheet 3) V 19.12.2.3-22 (Sheet 6) W 19.15.2-3 (Sheet 1) V 19.12.2.3-22 (Sheet 7) W 19.15.2-3 (Sheet 2) V 19.12.2.3-22 (Sheet 8) W 19.15.2-4 T 19.12.2.3-22 (Sheet 9) W 19.15.2-4A T 19.12.2.3-22 (Sheet 10) W 19.15.2-5 T 19.12.2.3-22 (Sheet 11) W 19.15.2-6 (Sheet 1) T 19.12.2.3-22 (Sheet 12) W 19.15.2-6 (Sheet 2) T 19.12.3-1 (Sheet 1) T 19.15.2-6 (Sheet 3) T l 19.12.3-1 (Sheet 2) V 19.15.2-6 (Sheet 4) T 19.12.3-2 (Sheet 1) T 19.15.2-6 (Sheet 5) T l 19.12.3-1 (Sheet 2) T 19.15.2-6 (Sheet 6) T 19.12.3-3 (Sheet 1) 19.15.2-6 (Sheet 7) N T 19.12.3-3 (Sheet 2) N 19.15.2-6 (Sheet 8) T 19.12.3-3 (Sheet 3) W 19.15.2-7 U 19.12.3-4 (Sheet 1) W 19.15.2-8 U 19.12.3-4 (Sheet 2) W 19.15.2-9 U 19.13-1 (Sheet 1) P 19.15.2-10 (Sheet 1) U 19.13-1 (Sheet 2) P 19.15.2-10 (Sheet 2) U 19.13-1 (Sheet 3) U 19.15.2-11 (Sheet 1) U 19.13-1 (Sheet 4) U 19.15.2-11 (Sheet 2) U 19.13-1 (Sheet 5) U 19.15.2-12 (Sheet 1) U l 19.13-2 (Sheet 1) P 19.15.2-12 (Sheet 2) U 19.13-2 (Sheet 2) P 19s15.2-13 U 19.13-2 (Sheet 3) U 19: 15.3-1 S 19.13-2 (Sheet 4) U iS 15.3-2 R 19.13-2 (Sheet 5) U 19.16.4-1 P 19.13-3 U 19.15.4-2 U 19.14.1-1 (Sheet 1) U 19.15.4-3 P 19.14.1-1 (Sheet 2) V 19.15.4-4 ? 19.14.2-1 U 19.15.5-1 (Sheet 1) U 19.15-1 (Sheet 1) W 19.15.5-1 (Sheet 2) U 19.15-1 (Sheet 2) V 19.15.6-1 (Sheet 1) V 19.15-1 (Sheet 3) W 19.15.6-1 (Sheet 2) V , 19.15-1 (Sheet 4) W 19.15.6-1 (Sheet 3) V l 19.15-1 (Sheet 5) W 19.15.6-1 (Sheet 4) V 19.15-1 (Sheet 6) V 19.15.6-1 (Sheet 5) V L 19.15-1 (Sheet 7) W 19.15.6-1 (Sheet 6) V l Junendment W f June 17, 1994 i
CESSAR HiWiews HCLPF values were computed using the Conservative Deterministic l Failure Margin (CDFM) approach presented in EPRI NP-6041-SL . HCLPF calculations were performed with reference to a Review Level Earthquake 21s (RLE) of 0.6g. The CMS 3 (modified NUREG/CR-0098 spectral shape) was used as the RLE spectral shape. HCLPF computations were performed for rock site conditions since this is one of the governing site conditions for design basis. l HCLPF computations were performed for three groups: 1) buildings I and structures, 2) electrical and mechanical components and 1
- 3) major NSSS components. HCLPF computations were performed in accordance with the procedures identified in the EPRI seismic margin approach (EPRI NP-6041-SL2 ) . This methodology calls for the best estimate of the seismic demand and a conservative estimate of the failure mechanism (hence called the Conservative Deterministic Failure Margin approach) . This approach quantifies the differences between the code allowables and a conservative estimate of actual failure by recognizing higher component damping values, energy absorbing factors associated with ductile failure modes as well as potential load re-distribution between various structural elements of a structural ~ system.
The HCLPFs for the following structures / structural elements were determined: A. Nuclear Island (including the Interior Structure, Shield Building and Steel Containment Vessel) . B. Nuclear Annex (including the Fuel Building, CVCS area, Control Areas, Diesel Generator Areas and the Emergency Feedwater Areas). The lateral load resisting capacity of the primary elements were determined using the methodology described in Appendices L and N of EPRI NP-6041-SL. 2 The HCLPFs for the electrical and mechanical equipment were determined by reviewing the applicable design basis qualification 1 criteria against those permitted by the CDFM approach. For equipment qualified by testing, the response spectra curves for i the 0.3g Design Basis (DB) earthquake were reviewed against the 0.6g CMS 3 spectra, the RLE for the seismic margin review. Based l J Amendment U 19.7-43 December 31, 1993
CESSARnn%== - on the ratio of the DB to RLE and the criteria outlined in EPRI NP-6041-SL"', the HCLPF was determined. Generic Equipment Ruggedness Spectra (GERS) were used where applicable. Solid state switching devices and electromechanical relays will be used in the NUPLEX 80+ protection and control systems. Solid state switching devices are inherently immune to mechanical switching discontinuities such as contact chatter. Robust electromechanical relays are selected for NUPLEX 80+ applications such that inherent mechanical contact chatter is within the requisite system performance criteria. Therefore, contact chatter has no effect on system operation and was, therefore, not included in the seismic analysis. The COL must confirm the use " of seismically robust electromechanical relays in the engineered l safety features actuation and control systems. [ COL Item 19-10] Similarly, for equipment qualified by analysis, the design basis parameters, including damping and anchorage safety factors as well as response spectra, were assessed to determine seismic margins. For example, a seismic margin exists for an equipment item that is seismically qualified using 3% damping, if a higher 5% damping is permitted in the CDFM approach. Margins for each of the significant parameters were determined, and considered with inelastic energy absorption capability for ductile failure modes, to calculate HCLPFs. Seismic fragilities for equipment items that are inherently rugged were based on available industry data. The NSSS components that were reviewed include: A. Reactor Vessel B. Steam Generators C. Reactor Coolant Pumps D. Reactor Internals E. Pressurizer F. NSSS Piping These NSSS components were assessed by reviewing the various design basis parameters to identify seismic margins. The stress margins were determined by comparing the loads from the System 80+ RCS analysis and those in existing stress reports. Load combinations in-accordance with Section 6 of EPRI NP-6041-SL"' were evaluated. The HCLPF values were calculated using the CDFM approach and the equations discussed above. Table 19.7.5.1-1 lists all components that are in the seismic models and presents either the failure rates for independent failures or the ;omponent or structure HCLPF value for seismic failures. Table 19.7.5.1-2 lists the structural fragilities calculated for the System 80+ structures and the NSSS component fragilities. All HCLPF values are presented in terms of peak ground acceleration. Amendment W 19.7-44 June 17, 1994
CESSARiEnc- ! l 1 1 l capability sequence. The results of these sensitivity analyses are summarized in Table 19.7.5.3-2. This table defines the i component or component group for which the HCLPF is being changed, presents the base component HCLPF and the changed component HCLPF, and presents the new " Min Sequence" HCLPF and the new plant HCLPF. These sensitivity analyses basically confirmed the intuitive importance of the component HCLPFs. That is, if the HCLPF for a component that appears as a dominant contributor to a sequence HCLPF is decreased below the plant or " Min Sequence" HCLPF values, the plant and/or " Min Sequence" HCLPF value will decrease to the lower value. On the other hand, if the HCLPF for that component or group of components is increased, the plant and " Min Sequence" HCLPF values do not change. None of the seismic core damage sequences had a HCLPF less than two times the design basis earthquake. In addition, the dominant sequence is a seismically induced failure of the containment vessel which leads to core damage and containment failure. Therefore, no additional containment isolation failure analyses were performed. ; The COL applicant will be required to verify that key assumptions for structures, systems and components considered in the SMA are valid for the as-built plant conditions [ COL Item 19-4]. This l Will include evaluation of HCLPF values for structures which house non-safety related equipment relied upon in the SMA evaluations such as the combustion gas turbine. The verification process will' include a seismic walkdown, including development of detailed procedures, [ COL Item 19-4] to ensure that as-built l conditions conform to the assumptions used in the SMA and to assure that proper anchorage for equipment has been provided and that the potential for seismic spatial system interaction does not exist. Deviations from assumptions will be evaluated to determine if vulnerabilities have been introduced. Also, if equipment is qualified for site-specific requirements (Appendix 3.9A, Section 1.4.3.2.1.2, Option 4), the impact on the SMA HCLPF will be evaluated. The details for verifying that key assumptions for structures, systems, and components considered in the SMA are valid for as-built plant conditions should be modeled after approved NRC SMA procedures and should incorporate insights from SMAs conducted at operating plants. The verification process is expected to consist of the following steps:
- 1. Preparation for Plant Walkdown
- 2. Plant Seismic Logic Model Walkdown
- 3. Assessment of As-Built SMA HCLPF Values Amendment W 19.'7-75 June 17, 1994
CESSAR !!ninem:n
- 4. Seismic Plant Walkdown
- 5. Validation of Plant Level HCLPF Calculations These steps will ensure that as-built plant design characteristics are evaluated; critical component, structural, and sequence HCLPF values are reviewed; and deviations from design assumptions and vulnerabilities which could reduce the -l plant level HCLPF value below 0.5g are exposed.
In Section 19.1.2.2.3 (page 19-149) of the Draft Safety Evaluation Report for CESSAR-DC, it stated: i "As the seismic analysis is being redone, there is a need to I augment the internal events model to the extent possible, by ! explicit inclusion of structural and other passive failures l that were excluded from the internal events model." ' l This is COL action Item 19-2. As part of the model development i for the Seismic Margins Analysis, the internal events model was updated to include structural and passive failures. This completes COL action item 19-2. The Draft Safety Analysis Report for CESSAR-DC contained an l additional COL Item, 19.1.2.2.6-1, (Item 19-6 in Table 1.10-1) which stated that the COL Applicant should factor site-specific spectra into the analysis and verify the layout and anchorage of critical components. This COL Item is covered by the SMA and the seismic walkdown to be performed by the COL applicant as discussed above. Amendment W 19.7-76 June 17, 1994
CESSARUnscu,. D. The concept of defense in depth applies to shutdown modes as well as Mode 1. The more ways that the operator can maintain coolant inventory and remove decay heat, the lower the risk. The presence of SIS capability in shutdown is an example of added defense in depth. E. The ability of the operator to be able to align the SCS train for makeup of inventory or to use for a feed and bleed operation is important for defense in depth. F. There are two trains of SCS and it is important that the COL applicant maintain a configuration management system for maintenance activities on the SCS and its support systems. Configuration control is important because all plant risks, all accidents and incidents, and all accident precursors arise because of critical configurations which have occurred. If configurations were managed so that critical, high-risk configurations did not occur, then the risks would be small and accidents or incidents would occur rarely. Table 19.8.1-4 (developed from the more extended dependency Table 19.6.1-1) is an example of the systems that support each SCS train. The COL applicant should identify the systems, structures and components (SSCs) that support DHR (as well as other safety functions). The COL applicant should consider the overall effect of removing SSCs identified above from service on the DHR safety function. The COL applicant should limit normal maintenance on combinations of equipment so that an additional single or common cause failure would not cause total loss of DHR. A configuration management system should help to insure the availability of the standby SCS. G. If one train is lost because of fire, flood, or random component failure, it is important that the other train have the highest possible availability. The COL applicant should develop procedures and a configuration management strategy to handle the period of time when one of the two DHR paths is unavailable. In this case (a technical specification violation) the operator should suspend the maintenance and testing activities on equipment that support the operating SCS train. Given failure of one train, the operator should restore any systems that support the other train and are out for maintenance. H. During plant shutdown, risk can be minimized by appropriate outage management, administrative controls, procedures and operator knowledge of plant configuration. The COL applicant should develop the appropriate administrative controls, procedures and operator training for shutdown operations. (See also insights F and G above.) [ COL Item 19-9] l Amendment W 19.8-3 June 17, 1994
CESSAR insincam. I. During plant shutdown operation, the integrity of fire and flood barriers between areas in the same division, such as { quadrants, where systems comprising the alternate shutdown are I located should be maintained. The COL applicant should )j incorporate in its configuration control program a requirement that, during Modes 4, 5, and 6, the water t!7ht flood doors and fire doors will be maintained closed on at least one quadrant within the subsphere (containing either an SCS or CSS pump) to help prevent common-mode failures from internal floods or fires. The SCS or CSS pump in this quadrant shall l- be operable. If the flood or fire doors to this quadrant must be opened for reasons other than to permit normal access, a fire watch will be established for the affected door. ) (COL Item 19-9] l I Loss of DHR Insichts A. Reduced inventory is the most critical operation. The operator should be aware of this and plant activities should ) be scheduled accordingly. Use of nozzle dans is encouraged as l a method of limiting the time spent in this mode. l l Amendment W 19.8-3a June 17, 1994
I l CESSARMENuc,. I I l 19.15
SUMMARY
OF PRA-BASED DESIGN INSIGHTS This section of the report summarizes the PRA-based insights for the System 80+ design. The System 80+ PRA was performed to satisfy the objectives required for the Advanced Light Water Reactor design certification PRA. These objectives, as they relate to the System 80+ design, are: A. To assess, as realistic as possible, the risk profile of the proposed design in terms of the frequency of severe core damage accidents and their consequences. B. To develop better understanding r.ad insights about the design strengths and relative weaknesses beyond those identified through deterministic analyses. C. To support pre- and post-certification regulatory activities which include Design Acceptance Criteria (DAC) ; Inspection, Testing, Analyses, and Acceptance Criteria (ITAAC); Reliability Assurance Program (RAP); and technical specifications. Since the System 80+ PRA is being used to support the pre- and post-certification activities, the insights gained regarding the risk contributors are very useful. Therefore, the following useful information and insights are summarized in this section of the report: A. How PRA insights influenced the design, B. What design features were added to or deleted from the design as a result of PRA insights, C. How it was determined if there were any vulnerabilities in the plant design from internal or external events, D. How the PRA was used to develop an appropriate balance of prevention and mitigation in the design, E. How to use the models, information, and results of the design for verifying some of the key assumptions of the PRA, F. How to use insights from the uncertainty, importance, and sensitivity analyses to support various activities such DAC, RAP, ITAAC, and technical specifications, G. How to use insights from the external events analyses, shutdown and low power risk analyses to support pre- and post-certification activities. The special features that are incorporated into the System 80+ j design to prevent and mitigate accidents are summarized in l Amendment P 19.15-1 June 15, 1993
C E S S A R H einc. m . Section 19.15.1. Insights about the System 80+ design gained from-the internal events risk profile and the external events risk profile are summarized in Sections 19.15.2 and 19.15.3, respectively. Shutdown and low power operation are included as part of the System 80+ PRA, and the insights gained from the risk associated with these modes of operation are summarized in Section 19.15.4. The use of PRA in the design process is summarized in Section 19.15.5. The use of PRA results and insights to support certification and followup activities is summarized in Section 19.15.7. Significant PRA-based safety insights for the System 80+ design are provided in Table 19.15-1. During the detailed design phase for System 80+, site specific information and system design details will become available. The COL applicant should update the PRA using the final design information and site specific information. As deemed necessary, the update should include the shutdown risk evaluation and the internal fire and flood evaluation. Based on site specific information, the COL applicant should also re-evaluate the qualitative screening of external events. If any site specific vulnerabilities are found, the applicable external event (s) l should be included in the updated PRA. [ COL Item 19-6] In updating the internal fire evaluation, the COL applicant should verify the details and layout of critical components and l the fire suppression systems. [ COL Item 19-3] The applicant should also evaluate the potential effect of the fire suppression l systems on the behavior of other systems. [ COL Item 19-3] In updating the internal flood evaluation, the COL should evaluate the interaction of the potential internal flood sources and the details of the layout of the critical components. [ COL l Item 19-3] l l l l l l-Amendment W 19.15-2 June 17, 1994 ,
i CESSARHnLm TABLE 19.15-1 (Sheet 13 of 18) SIGNIFICANT PRA-BASED SAFETY INSIGHTS FOR SYSTEM 80+ INSIGIIT DISPOSITION
- 29. A control room fire will not impact the instrumentation and controls located at the Remote Shutdown Panel, or the equipment which is required to place the plant in cold shutdown, due to the following features of the System 80+ design:
The main control room and the remote shutdown room are located at . Certified Design different elevations and in different fire areas. Material 7he main control room ventilation system is different from the Certified Design ventilation cystem for the remote shutdown room. Material The stairwells connecting the main control room and the remote Section 9.4, Figures shutdown room are pressurized, thus not allowing smoke, hot gases 1.2-5A through 1.2-9 and fire suppressants to migrate from one room to the other. Certified Design The main control room is continuously pressurized to prevent the Material entry of smoke, hot gases, dirt and fire suppressants from other areas.
- 30. All fire barriers which provide separation between the two divisions are Certified Design rated for at least 3 hours. Material it was assumed that all fire doors and penetrations within the fire barriers D-RAP are maintained with high reliability during power operation to prevent the propagation of fire from one area to the next.
- 31. The possible sources of internal flooding within the Nuclear Annex and u.rt.4ied Design Reactor Building are located below elevation 70+0. hhterial
- 32. Solid state switching devices and electro-mechanical relays resistant to Sections 7.1.1.7, relay chatter will be used in the Nuplex 80+ protection and control 7.2.1.1 & 7.3.1.1 systems. Use of these devices and relays either eliminates or minimizes the COL ltem 19-10 l mechanical discontinuities associates with similar devices at operating (Relay Chatter j reactors. Resistance) i
- 33. The Startup Feedwater System (SFWS), a non-safety related system, can Sections 10.4.7.2.3 &
be used to deliver feedwater to the SGs following a reactor trip 7he 10.4.7.2.4 l SFWS pump is powered from the Permanent Non-Safety (PNS) bus and Figure 8.3.1 1 l can be powered by the AAC. 7he SFWS pump can be aligned to the CST l or the deaerator storage tank. With alignment to either storage facility, the NPSH for the pump is adequate to prevent pump cavitation and failure. , I Amendment W ' June 17, 1994 l
C E S S A R Ennnci m ,. TABLE 19.15-1 (Sheet 14 of 18)' SIGNIFICANT PRA-BASED SAFETY INSIGHTS FOR SYSTEM 80+ 1 INSIGIIT DISPOSITION
- 34. There will be a diverse RCP seal injection capability using a positive Certified Design displacement pump that is diverse from the CVCS and can be powered Material from either the EDG or the AAC.
The altemative positive displacement seal injection pump is located in such Figure 1.2-5A a manner as to minimize its vulnerability to internal floods and fires that could also affect the primary means of providing RCP seal cooling or RCP seal injection.
- 35. An emergency containment spray backup function provides a means of Certified Design supplying water to the containment spray header from a station AC Material independent external source.
The final design of the ECSBS is not completed. He design of the ECSBS Sections 6.5.5 and is envisioned to include the following design features: (1) an 8-inch 19.11.3.8 diameter " tee" connection to the containment spray recirculation line (2) an extension of 8-inch diameter Class 2 piping from the " tee" connection from the contamment spray recirculation line to the exterior of the Nuclear Annex, (3) external connections for temporary hookup of an external source of water that are located at or near grade, (4) a portable pumping source (e.g., fire truck) that is independent of site AC power buses. This pumping device will be capable of supplying sufficient flow to the containment spray header at 24 hours after a severe accident to provide sufficient heat removal capability via the spray droplets to prevent the containment pressure from exceeding the service level C pressure. Preliminary calculations indicate a flow rate of 750 gpm would be sufficient, and (5) all necessary hoses, fittings and spool pieces would be stored with the pumping device or at or near the " tee" connections. l De detailed system design and location of all associated valves and COL ltem 19-5 connections should take into account expected radiation levels and shielding Section 19.11 3.8 requirements for any required local operator actions. l The specific flow rate for the pumping device will be determined as part of COL Item 19-5 the detailed design. Section 19.11.3.8 l Detailed procedures for use of the system will be developed by the COL COL ltem 19-8 applicant. Section 19.15.6 Amendment W Jtine 17, 1994
CESSARE!n%um i TABLE 19.15-1 1 (Sheet 15 of 18) ! 1 SIGNIFICANT PRA-BASED SAFETY INSIGHTS FOR SYSTEM 80+ l l i INSIGIIT DISPOSITION
- 36. There is a liydrogen Mitigation System (HMS) utilizing ignitors to control Certified Design hydrogen during a severe accident. Material
'Ibe accident management procedures will address use of the HMS. COL ltem 19-8 l Section 19.15.6
- 37. The IIydrogen purge Vent to the annulus is not credited in the PRA. ~ EOGs liowever, the use of this vent could decrease the late containment failure probability.
- 38. Each half of the subsphere is compartmentalized to separate redundant safe Certified Design shutdown components, to the extent practicable while maintaining Material accessibility requirements. The subsphere, which houses the front line safety systems is compartmentalized into quadrants, with two quadrants on either side of the divisional structural wall. Flood barriers provide separation between quadrants, while maintaining equipment removal capability. Emergency feedwater pumps are located in separate compartments within the quadrants with each compartment protected by flood barriers. Flood barriers also provide separation between electrical equipment and fluid mechanical systems at the lowest elevation within the Nuclear Annex.
Elevated equipment pads prevent equipment from being inundated in the Section 3.4.4.1 event of flooding. There are three-hour fire barriers as well as flood barriers between Certified Design quadrants in the subsphere. Material Within each division, there are two Class IE 4160 KV switchgears. These Section 9.5.1.14 are separated by three-hour fire barriers and are arranged to be associated < with one of the subsphere quadrants. Power esbles from the diesel generator room in a given division t0 ' heir associated switchgear are fully separated, and the cables from the switchgear to their associated pumps are fully separated. Amendment W June 17, 1994
CESSAR ENDICAT13N TABLE 19.15.1 (Sheet 16 of 18) SIGNIFICANT PRA-BASED SAFETY INSIGHTS FOR SYSTEM 80+ INSIGHT DISPOSITION
- 39. Flood protection is integrated into the floor drainage systems. The floor Certified Design drainage systems are separated by division and Sdety Class 3, Seismic Material Category I valves which prevent backflow of water to areas containing safety related equipment. Each subsphere quadrant contains its own separate sump equipped with redundant Safety Class 3, Seismic Category I sump pumps and associated instrumentation. These pumps are also powered from the diesel generators in the event of loss of offsite power.
The Nuclear Annex also has its own divisionally separated floor drainage system, having no common drain lines between divisions. Floors are gently sloped to allow good drainage to the divisional sumps. Secti on 9.3.3 Floor drains are routed to the lowest elevation to prevent flooding of the upper elevations. The lowest elevation in each division has adequate volume to collect water from a break in any system without flooding the other division. In addition, potential discharge of fixed fire suppression systems and fire hoses is considered in the sizing of floor drains to preclude flooding of areas should the fire protection systems be initiated. l 40. The COL should maintain a well trained and prepared fire brigade. Section 19.15.3.2
- 41. The System 80+ low pressure systems which interface with the RCS are Certified Design protected against ISLOCA by a combination of increases in the piping Material pressure limits and autoisolation capability based on pressure sensors.
l 42. The COL applicant should consider the information on risk important COL Item 19-8 operator actions from the PRA, as presented in Table 19.15.6-2, in Section 19.15.6 developing and implementing procedures, training and other human reliability related programs. l 43. During detailed design phase, the COL applicant should updata the PRA COL Item 19-6 using the final design information and site specific information. As Section 19.15 deemed necessary, the COL applicant should update the PRA, itcluding the shutdown risk evaluation, and the internal fire and flood evahation. Based on site specific information, the COL applicant should also to evaluate the qualitative screening of external events. If any site specific susceptibilities are found, the applicable external event should be included in the updated PRA. Amendment W June 17, 1994
CESSAR E!!Lbria TABLE 19.183-1 (Sheet 17 of 18) SIGNIFICANT PRA-BASED SAFETY INSIGIITS FOR SYSTEM 80+ INSIGIIT DISPOSITION
- 44. He structure that houses the combustion gas turbine must have a HCLPF Section 19.7.5.3 of at least that of the gas turbine itself, or must be designed in such a manner so that failure of this stmeture following a seismic event up to liCLPF of the gas turbine will not affect the operability of the gas turbine.
- 45. During the HFE V&V, the risk significance of tasks impacted by findings Supports Certified will be considered in the finding resolution process, ne resolution process Design Material will qualitatively confirm that the findings, as dispositioned, will not lead to a risk-significant increase in error potential from that represented in the HRA, or additional risk-significant errors not modeled in the HRA.
(" Human Factors Encineerine Verification and Validation Plan for NUPLEX 80+", NPX80-IC-VP79043, Section 8.1)
- 46. No water lines are routed above or through the control room and the Section 3.4 computer room. HVAC water lines contained in rooms around the control room are located in rooms with raised curbs to prevent leakage from entering the control room.
- 47. A reactor cavity flood system is provided to enhance the coolability of Certified Design ex-vessel core debris. Material Procedures for use of the cavity flood system during a severe accident will COL Item 19-8 l be developed by the COL applicant as part of their plant-specific severe Section 19.15.6 accident management procedures.
The reliability of the cavity flood system and associated valves is D-RAP, important. De COL applicant will ensure the reliability of the cavity flood Table 19.15.6-1 system. Amendment W June 17, 1994
CESSAREn h a TABLE 19.15-1 (Sheet 18 of 18) SIGNIFICANT PRA-BASED SAFETY INSIGIITS FOR SYSTEM 80+ INSIGIIT DISPOSITION
- 48. Containment integrity is imponant to reduce the risk to the public. The D-RAP, major containment penetrations (equipment batch, personnel airlocks and Table 19.15.6-1 fuel transfer tube) will be designed to assure that they will not fail up to ASME service level "C" for the containment shell. Penetrations will be designed and sealant materials will be selected to ensure that the seal and mounting will provide a minimum of I day containment integrity.
Containment integnty is imponant to reduce the risk to the public. The D-RAP, major containment penetrations (equipment hatch, personnel airlocks and Table 19.15.6-1 fuel transfer tube) will be designed to assure that they will not fail up to ASME service level "C" for the containment shell. Penetrations will be designed and sealant materials will be selected to ensure that the seal and mounting will provide a minimum of I day contamment integrity.
- 49. The reliability of the MSSVs, ADVs, and MSIVs is imponant. The COL D-RAP, applicant will ensure the reliability of these components. Table 19.15.6-1
- 50. Flood barriers separating the flood zones in the nuclear annex, the CCWS Cenified Design Heat Exchanger buildings and the SSWS pump structure are designed to Material withstand water pressure generated by internal flooding .
Flood barriers, including water tight doors and penertations, will be D-RAP, l addressed in the O-RAP. Table 19.15.6-1 i I. Amendment V April 29, 1994 l l
CESSARMainceu N. The reliabilities of the fire detection and suppression systems are assumed to be at least 80% and 96%, respectively. O. Although fire brigade action to suppress fires was not modeled in the scoping fire risk evaluation, the capabilities of the plant fire brigade are important to maintaining a low fire risk. The COL applicant should maintian a well trained and prepared fire brigade. l A quantitative assessment of the risk due to internal fires can not be made at this time because detailed design information for cable routing and the fire detection and fire suppression system is not presently available. However, a scoping evaluation is performed to assess the risk due to internal fires in areas of the Nuclear Annex other than the containment or the control room. Two types of fires were considared in the scoping evaluation: (1) a fire in an area which could disable safety-related equipment in that area and which has the potential for initiating a transient, and (2) a fire in an area which by itself could disable safety-related equipment but would require the penetration of a fire barrier in order to initiate a transient. The first type of fire is designated as type "a" and the second type as type "b". The fire ignition sources and frequencies by applicabic areas are presented in Table 19.15.3-2. Although a detailed quantitative analysis of internal fires was not performed at this stage of the System 80+ design, a scoping estimate of the risk due to fire was calculated by using a i conservative scoping value (4.6E-02 per year) for fire event I frequency and by assuming that the effects on plant systems would be the same as a loss of one division of component cooling I water / station service water. Using this approach, the estimated l scoping value core damage frequency due to internal fires is j 6.1E-08 per year and the sequence of importance involves an internal fire followed by failure of long-term decay heat removal and failure of SDS. Based on the robust seal design for the RCPs used in the System 80+ design and on the results of tests and operating experience, ABB-CE asserts that the RCP seals will not fail on loss of seal injection and seal cooling. However, in the interests of completeness, an assessment of a postulated fire induced RCP seal LOCA was included as part of the quantitative fire scoping j evaluation. The scoping value for core damage frequency l associated with the postulated fire induced seal LOCA was { calculated to be 5.2E-10 per year. The potential risk due to a l postulated fire inside containment was also assessed. The ' estimated scoping value of core damage frequency due to fire inside containment is 1.3E-09 per year. Thus, the total 1 estimated scoping value of core damage frequency for internal I fires is 6.3E-08 per year. Amendment W 19.15-51 June 17, 1994
CESSAR inEncam. The following insights were drawn from the internal fire scoping assessment: A. The consequences of internal fires at the plant are bounded by a fire that would disable all the safety related equipment in the division where the fire originated. B. The propagation of a fire from one division to the next is prevented by the divisional separation of redundant safety related equipment with a 3 hour fire barrier which is maintained during power operation. The fire barriers will be included in D-RAP. C. In order to minimize or eliminate control room fires, the control panel specifications must be met. These specifications prohibit the use of neoprene, limit the use l of PVC, and prohibit the use of materials that would I independently support combustion. The energy sources coming into the control room panels must be limited to low voltage. D. A control room fire is not a dominant contributor to the l overall core damage frequency due to internal fires. E. Instrumentation and controls are provided at the Remote Shutdown Panel to ensure that the plant can handle a transient from the Remote Shutdown Room. ! F. Because the main control room is continuously pressurized, the entry of smoke, hot gases, dirt, and fire suppressants originating from outside the main control room will be prevented. G. The main control room utilizes a ventilation system which is separate from the rest of the control building. Therefore, the migration of smoke, hot gases, and fire suppressants that originate in areas outside the main control room such as the electrical equipment areas to the control room will not occur via the ventilation system or any other means. > H. Separate ventilation systems are provided for each of the divisional separated building. Therefore, a fire in one division cannot migrate to the next division via the ventilation system. I. Although ABB-CE asserts that the RCP seals will not fail on loss of seal injection and seal cooling due to the robust seal design, an assessment of a postulated fire induced RCP seal LOCA was included as part of the quantitative fire scoping evaluation. This evaluation indicates that a fire induced RCP seal LOCA is not a dominant contributor to the estimated scoping core damage frequency estimate for internal fires. J. Deterministic evaluations indicate that there is no credible , fire inside containment that could damage redundant trains Amendment U 19.15-52 December 31, 1993
CESSAR MEL-19.15.5 USE OF PRA IN THE DESIGN PROCESS Probabilistic Risk Assessment (PRA) was used extensively in the System 80+ design process. PRA was used to confirm that the System 80+ design complied with the applicable risk goals, and to select among the alternate design options. l The insights gained from past PRAs, especially the System 80, I were used to identify vulnerabilities in operating plants. This information was then used to incorporate features in the System 80+ design that reduced or eliminated these vulnerabilities. PRA was then used to confirm the risk reduction associated with these improvements. Examples are the risk reduction presented in Section 19.15.2.1.1 for LOOP /SBO, SGTR, transients, small LOCA, and ATWS accident sequences in Section 19.15.2.1.1. Another use of the PRA in the System 80+ design process, which was also of a confirmatory nature, was to demonstrate compliance with applicable risk goals. l The System 80+ PRA was also used to evaluate design alternatives. The major design options are cited below. COMPONENT COOLING WATER SYSTEM CONFIGURATION Early in the program, System 80+ had a standby, safety related Essential Component Cooling Water System and Essential Service Water System for cooling safety related loads. Demand failure of the pump and valves in these systems were found to be significant risk contributors. As a result, the System 80+ design was l changed to a normally operating Component Cooling Water System (CCWS) and a Station Service Water System (SSWS) where the non-safety loads can be shed when required. The selected CCWS and SSWS have two divisions with two pumps in each division. One pump in each division is normally operating and the second pump is in standby and will start if the operating pump in the same division trips. A subsequent evaluation was also made to determine if the standby pumps hai to be automatically loaded on the emergency diesel generators and started following a LOOP event. The evaluation indicated that there would be no significant risk impact if the standby pumps were aligned to the emergency diesel generators following a LOOP event but were not started unless the previously operating pump fails to restart. Thus larger and consequently less reliable emergency diesel generators were not required. l l Amendment U 19.15-69 December 31, 1993
CESSAREnL m. 1 EMERGENCY AC POWER CONFIGURATION The System 80+ design includes two emergency diesel generators which provide power to the safety related loads following a LOOP event. In addition, there is also a standby alternate AC power source (combustion turbine) which can be aligned to either division of the safety related 4.16 KV buses in the event of a failure of one of the emergency diesel generators. The alternate AC power source is sized to provide power to a set of non-safety loads which, from an operational stand-point, is desirable following a LOOP event. PRA was used to compare two configurations of emergency power: (1) two emergency diesel generators plus a combustion turbine, and (2) four emergency diesel generators. The comparison indicated that the four diesel generator configuration was slightly, but not significantly, more reliable than the configuration which included two diesels and a combustion turbine. However, the four diesel generator configuration did not provide power to the permanent non-safety loads. In addition, the four diesel generator configuration would have a significant impact on plant size, cost, and layout because of the need for two additional divisions of diesel support systems such as cooling water, starting power, and fuel supplies. EVALUATION OF DESIGN ALTERNATIVES The System 80+ PRA was also used to evaluate the expected risk reduction 'from 27 Design Alternatives. The selected alternatives were based on the Design Alternatives evaluated for Limerick and Comanche Peak, and on the results of other assessments such as NUREG/CR-4920 and the System 80+ PRA. The design alternative analysis used a bounding technique. It was assumed that each design alternative worked perfectly and completely eliminated the accident sequences that the design alternative addressed. This approach maximizes the benefits associated with each design . l alternative. The twenty-seven design alternatives are listed below:
- 1. A maintenance practice that inspects 100% of the tubes in a steam generator.
- 2. Secondary side guard pipes that extend from the containment to the MSIVs. The guard pipes would prevent depressurization of the secondary side if a main steam line break event should occur upstream of the MSIVs. The guard pipes would also guard against or prevent consequential multiple steam generator tube rupture following a main steam line break event.
- 3. An improved DC battery and EFWS design alternative that allows for decay heat removal during a station blackout event by using the batteries and the turbine-driven pumps of Amendment W 19.15-70 June 17, 1994
CESSAR Enace,. 19.15.6 RISK SIGNIFICANT SSCs FOR CONSIDERATION IN THE RAP AND OTHER ACTIVITIES l Table 19.15.6-1 presents a list of risk significant Systems Structures and Components (SSCs) that should be included in the D-RAP as described in Section 17.3. The COL applicant should consider inclusion of these SSCs in their D-RAP and' operations reliability assurance process [ COL Item 19-7]. These SSCs were selected based on their risk importance as determined in the ! Level 1 analyses, the Level 2 analyses, the Level 3 analyses, the l shutdown risk evaluation, the internal fire and flood evaluation, ; and the seismic margins evaluation. For the Level 1 analyses and the shutdown risk analyses, systems and components were included as risk significant if their Risk Achievement Worth (RAW) was greater than or equal to 5.0 or their Risk Reduction Worth (RRW) was 1.10 or greater. SSCs with a RAW between 2.0 and 5.0 were selected if their RRW was greater than 1.05. For the Seismic l Margins Assessment, a SSC was included if it was a dominant contributor to the Plant HCLPF. For the Level 2, Level 3, and internal fire and flood analyses, items were included based on engineering judgement. SSCs were also included in the list if specific engineering commitments were made by the system designers. Table 19.15.6-1 contains three columns. The first column identifies the system, structure or component. The second column presents the rationale (basis) for including the SSC in the D-RAP (i.e., RAW > 5.0, Level 2 considerations, engineering judgement, engineering commitment, etc.). The third column briefly describes the item and any associated insights. The third column also identifies any test interval or maintenance assumptions that were used in the PRA. This table does not include any failure rate or unavailability information. All component failure rates are documented in Section 19.5 and its associated appendices. The random failure rates for the individual components for the specific failure modes of concern are summarized in Table 19.5-2. The common cause failure rates are summarized in Table 19.5-3. The maintenance unavailabilities are summarized in Table 19.5-4. The component and structure HCLPF values are summarized in Tables 19.7.5.1-1 and 19.7.5.1-2. Table 3.9-15 summarizes the In-Service Testing program for all safety related pumps and valves and presents the applicable test intervals. Table 19.15.6-2 presents a list of Important Operator Actions selected from the PRA. These operator actions were selected based on their risk importance as determined in the Level 1 analyses, the Level 2 analyses, the Level 3 analyses, the shutdown risk evaluation, the internal fire and flood evaluation, and the seismic margins evaluation. For the Level 1 analyses and the shutdown risk analyses, operator actions were included as important if their Risk Achievement Worth (RAW) was greater than or equal to 5.0 or their Risk Reduction Worth (RRW) was 1.10 or greater. Operator actions with a RAW between 2.0 and 5.0 were selected if their RRW was greater than 1.05. For the seismic Margins Assessment, an operator action was included if failure to Amendment W 19.15-75 June 17, 1994
CESSAR !!nificuiu perform that action could result in a lower overall plant HCLPF value. For Level 2, Level 3, and internal fire and flood analyses, items were included based on engineering judgement. The COL applicant is responsible for developing all plant procedures. These procedures include, but are not limited to, the normal operating procedures, system operating procedures, maintenance procedures, emergency operating procedures and severe accident procedures. The Emergency Operating Guidelines (EOGs) provide guidance to the COL applicant for developing the detailed Emergency Operating Procedures. Appendices to the EOGs provide guidance on severe accident procedures and emergency operating considerations during shutdown operations. In developing and _ implementing procedures, training and other human. reliability related programs, the COL applicant should consider the information on risk important operator actions presented in l Table 19.15.6-2. [ COL Item 19-8] In the severe accident management procedures, the COL applicant should include procedures for the use of the Cavity Flood System, the Hydrogen Mitigation System, and the Emergency Containment l Spray Backup function of the CSS. [ COL Item 19-8] The COL should develop procedures for manually aligning the Alternate AC power supply when one of the two emergency diesel generators is unavailable during a loss of offsite power. [ COL l Item 19-8] Amendment W 19.15-76 June 17, 1994 i
CESSAR aninem2. (Sheet 1 of 3) i EFFECTIVE PAGE LISTING CIIAI'rER 20 Table of Contents _P_agg Amendment i V ii V iii V iv V y V vi V vii V viii V ix V Text P_aag Amendment a P._agg Amendment P_agg Amendment 20.0-1 V 20.2-19 V 20.2-39 V 20.1-1 V 20.2-20 V 20.2-40 V 20.2-1 V 20.2-21 W 20.2-41 V 20.2-2 V 20.2-22 V 20.2-42 V 20.2-3 V 20.2-23 V 20.2-43 V 20.2-4 V 20.2-24 V 20.2-44 V 20.2-5 V 20.2-25 V 20.2-45 V 20.2-6 V 20.2-26 V 20.2-46 V 20.2-7 V 20.2-27 V 20.2-47 V 20.2-8 V 20.2-28 V 20.2-48 V 20.2-9 V 20.2-29 V 20.2-49 V 20.2-10 V 20.2-30 V 20.2-50 V 20.2-11 V 20.2-31 V 20.2-51 V 20.2-12 V 20.2-32 V 20.2 52 V 20.2-13 V 20.2-33 V 20.2-53 V 20.2-14 V 20.2-34 V 20.2-54 V 20.2-15 V 20.2-35 V 20.2-55 V 20.2 16 V 20.2-36 V 2.0.2-56 V 20.2-17 V 20.2-37 V 20.2-57 V 20.2-18 V 20.2-38 V 20.2-58 V Amendment W - 06/17/94
CESSAR !!nL m <sneet 2 or 33 EFFECTTVE PAGE LISTING (Cont'd) CIIAITER 20 Text Pm Amendment P._ age A_m. endment ,P_agg Amendment 20.2-59 V 20.2-97 V 20.2-135 V 20.2-60 V 20.2-98 V 20.2-136 V 20.2-61 V 20.2-99 V 20.2-137 V 20.2-62 V 20.2-100 V 20.2-138 V 20.2-63 V 20.2-101 V 20.2-139 V 20.2-64 V 20.2-102 V 20.2-140 V 20.2-65 V 20.2-103 V 20.2-141 V 20.2-66 V 20.2-104 V 20.2-142 V 20.2-67 V 20.2-105 V 20.2-143 V 20.2-68 V 20.2-106 V 20.2-144 V 20.2-69 V 20.2-107 V 20.2-145 V 20.2-70 V 20.2-108 V 20.2-146 V 20.2-71 V 20.2-109 V 20.2-147 V 20.2-72 V 20.2-110 V 20.2-148 V 20.2-73 V 20.2-111 V 20.2-149 V 20.2-74 V 20.2-112 V 20.2-150 V 20.2-75 W 20.2-113 V 20.2-151 V 20.2-76 V 20.2-114 V 20.2-152 V-l 20.2-77 V 20.2-115 V 20.2-153 V ! 20.2-78 V 20.2-116 V 20.2-154 V 20.2-79 W 20.2-117 V 20.2-155 V 20.2-80 V 20.2-118 V 20.2-156 V 20.2-81 V 20.2-119 V 20.2-157 V 20.2-82 V 20.2-120 V 20.2-158 V ; 20.2-83 V 20.2-121 V 20.2-159 V l 20.2-84 V 20.2-122 V 20.2-160 V , 20.2-85 V 20.2-123 V 20.2-161 V l 20.2-86 V 20.2-124 V 20.2-162 V 20.2-87 V 20.2-125 V 20.2-163 V 20.2-88 V 20.2-126 V 20.2-164 V l 20.2-89 V 20.2-127 V 20.2-165 V l 20.2-90 V 20.2-128 V 20.2-166 V 20.2-91 V 20.2-129 V 20.2-167 V 20.2-92 V 20.2-130 V 20.2-168 W 20.2-93 V 20.2-131 V 20.2-169 V 20.2-94 V 20.2-132 V 20.2-170 V 20.2-95 V 20.2-133 V 20.2-171 V 20.2-96 V 20.2-134 V 20.2-172 V Amendment W - 06/17/94
CESSAR En'r??lCATl!N 20.2.105 RELIABILITY ENGINEERING l ISSUE Generic Safety Issue II.C.4 addresses the need for a designer and owner-operator developed reliability l program which can evaluate plant safety and reliability. Industry, (including plant designers and owner-operators) and the NRC are concerned about designing and operating nuclear power plants safely and reliably. Before the advent of Probabilistic Risk Assessment (PRA) it was difficult to systematically assess plant safety and reliability. Therefore, both industry and regulators consider PRA, as part of a comprehensive reliability program, to be desirable for future plants. The NRC has placed an emphasis on PRA for future plants by including it in the Standardization Rule (10 CFR 52). Plant designers employ a PRA for new plants to identify contributors to severe accident risk, and the accident sequences which are significant. The industry goals for new plant designs include a core damage frequency no greater than lx10-5 per year. PRA also provides an analytical tool for evaluating l the impact of design modifications on core damage probability and the overall risk to the health and safety of the public. The PRA determines expected system and component availabilities. The plant designer's PRA is a useful tool that can be used by the owner-operator as a basis for a reliability program. According to NUREG-0933, a reliability program generally includes activities such as determining system availabilities, identifying high component failure rates, determining the causes for component failures, and identifying possible corrective actions. ACCEPTANCE CRITERIA The acceptance criterion for the resolution of GSI II.C.4, is that plant designers or owner-operators shall perform a PRA. Consistent with the Standardization Rule (10 CFR 52), the assumptions and ) results of the PRA must be appropriately addressed in an owner-operator reliability program which l incorporates such features as determining system availabilities, identifying high component failure rates, l determining basic causes for component failures, and identifying possible corre etive actions. , BESOLUTION l As shown in Chapter 19, a PRA has been performed for the System 80+ Standard Design and meets the mean core damage frequency goal of less than lx10-5 events per year. The System 80+ Standard Design PRA has two primary purposes. The first purpose, is to identify the dominant contributors to severe accident risk. The second purpose is to provide an analytical tool for evaluating the impact of design modifications on core damage probability and the overall risk to the health and safety of the public. This information is then used as input to the owner-operator reliability assurance program. 20.2-167 Amendment V - 4/29/94
CESSAR E!!Mnce , 1 In particular, the determination of core damage frequency attributable to internal events (e.g., LOCAs and Loss Of Offsite Power) used the standard small-event-tree /large-fault-tree methodology, with full fault tree linking used for the solution of core damage event sequences. External events such as tornadoes and earthquakes are also addressed in the PRA. The evaluation of the containment performance employed methodologies consistent with NUREG-1150 (Reference 1). The determination of public risk was based on a calculation of the radiological dose at one-half mile from the plant using bounding site characteristics supplied by EPRI. The methodology employed was consistent with the methodology described in NUREG-2300 (Reference 2). The results of this PRA show that the System 80+ Standard Design plant meets the industry goal of a mean severe core damage frequency of less than 1x10-5 per reactor year and a mean frequency for occurrence of doses greater than 25 REM beyond one-half mile radius from the reactor of less than 1x104events per reactor year. j A Design Reliability Assurance Program ensures that PRA assumptions and basic results are provided l as input to the owner's operations reliability assurance process (see Section 17.3). In summary, a PRA has been performed for the System 80+ Standard Design and meets the requirements of the Standardization Rule, (10 CFR 52). Requiriog the owner-operator to implement an operability assurance program is intended to ensure that the PRA remains valid during plant operation. Therefore, this issue is resolved for the System 80+ Standa-d Design. REFERENCES
- 1. NUREG-1150, " Reactor Risk Reference Document", U.S. Nuclear Regulatory Commission, January 1987.
- 2. NUREG-2300, "PRA Procedures Guide", U.S. Nuclear Regulatory Commission, January 1983.
20.2.106 PERFORMANCE TESTING OF PWR SAFETY AND RELIEF VALVES ISSUE Generic Safety Issue II.D.1 addresses the guidance identified in NUREG-0737 (Reference 1) for qualification testing to be performed on the block, relief, and safety valves of the Reactor Coolant System (RCS). After the TMI accident, the NRC determined that there was a need for performance testing of the RCS block, relief, and safety valves. This determination was made because the TM1 accident demonstrated that these RCS valves may not operate as expected. The NRC established new guidance in NUREG-0737 which addresses the qualification testing of these valves. Qualification testing of these valves includes testing based upon both normal and accident conditions. l l I ! 20.2-168 Amendment W - 06/17-94
m-ENCLOSURE III TO LD-94-048 l l I i
Docket No. 52-002 UNITED STATES OF AMERICA NUCLEAR REGULATORY COMMISSION In the Matter of: ) !
) I Combustion Engineering, Inc. )
)
Standard Plant Design ) j l APPLICATION FOR REVIEW OF
" COMBUSTION ENGINEERING STANDARD SAFETY ANALYSIS REPORT -
DESIGN CERTIFICATION" Regis A. Matzie, being duly sworn, states that he is the Vice President, ABB Combustion Engineering Nuclear Systems Engineering, of Combustion Engineering, Inc.; that he is authorized on the part of said corporation to sign and file with the Nuclear Regulatory Commission this document; and that all statements made and matters set forth therein are true and correct to the best of his knowledge, information, and belief. COMBUSTION ENGINEERING, INC. _A , By: - Mo !d b d Regis A Matzie # Vice President ABB Combustion Engineering Nuclear Systems Engineering Subscribed and sworn to before me this /A N day of _ ,1994.
" 6
( litht> Y V Notary Public j My Commission Expires: S)3 ff 99 1 l l}}