Text

Response to Request for Additional Information Technical Specifications Change Request 3-2-00 Emergency Diesel Generator Allowed Outage Time
	ML021420114
Person / Time
Site:	Millstone
Issue date:	05/13/2002
From:	Price J; Dominion Nuclear Connecticut
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	B18629
	Download: ML021420114 (118)
	v • d • e

Dominion Nuclear Connecticut, Inc.

Millstone Power Station Rope Ferry Road Waterford, CT 06385 MAY I 3 2002 Docket No. 50-423 B18629 RE: 10 CFR 50.90 U.S. Nuclear Regulatory Commission Attention: Document Control Desk Washington, DC 20555 Millstone Nuclear Power Station, Unit No. 3 Response to a Request for Additional Information Technical Specifications Change Request 3-2-00 Emergency Diesel Generator Allowed Outage Time In a letter dated October 1, 2001,(1) Dominion Nuclear Connecticut, Inc. (DNC),

requested changes to the Millstone Unit No. 3 Technical Specifications. The main purpose of the requested changes was to increase the allowed outage time for one emergency diesel generator from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days. During conference calls conducted on March 18 and April 4, 2002, DNC addressed questions from the Nuclear Regulatory Commission reviewers. The purpose of this letter is to transmit the requested written responses, which are contained in Attachment 1. This additional information does not affect the conclusions of the Significant Hazards Consideration previously submitted.

There are no regulatory commitments contained within this letter.

(1) j.A. Price letter to U.S. Nuclear Regulatory Commission, "Millstone Nuclear Power Station, Unit No. 3, Technical Specifications Change Request 3-2-00, Emergency Diesel Generator Allowed Outage Time," dated October 1, 2001.

01

U.S. Nuclear Regulatory Commission B18629/Page 2 If you should have any questions on the above, please contact Mr. Ravi Joshi at (860) 440-2080.

Very truly yours, DOMINION NUCLEAR CONNECTICUT, INC.

n Price ice President - Millstone Sworn to and subscribed before me this +hdayof 12002 Lorrie A.Arzamarski Notary Public Commission Expires Nota rýi-.ublic February 28, 2006 My Commission expires c:9,f0 OLP Attachments (2) cc: H. J. Miller, Region I Administrator V. Nerses, NRC Senior Project Manager, Millstone Unit No. 3 NRC Senior Resident Inspector, Millstone Unit No. 3 Director Bureau of Air Management Monitoring and Radiation Division Department of Environmental Protection 79 Elm Street Hartford, CT 06106-5127

Docket No. 50-423 B18629 Attachment 1 Millstone Nuclear Power Station, Unit No. 3 Response to a Request for Additional Information Technical Specifications Change Request 3-2-00 Emergency Diesel Generator Allowed Outage Time Supplemental Information

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 1 Response to a Request for Additional Information Technical Specifications Change Request 3-2-00 Emergency Diesel Generator Allowed Outage Time Supplemental Information In a letter dated October 1, 2001,(1) Dominion Nuclear Connecticut, Inc. (DNC),

requested changes to the Millstone Unit No. 3 Technical Specifications. The main purpose of the requested changes was to increase the allowed outage time for one emergency diesel generator (EDG) from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days. During conference calls conducted on March 18 (Questions 1 through 5) and April 4 (Questions 6 and 7), 2002, DNC addressed questions from the Nuclear Regulatory Commission reviewers. The questions and associated responses are presented below.

Question 1 The interface of Units 2 and 3 electrical systems described in Attachment 1 appears to provide considerable redundancy, but also seems complex. Provide clarification concerning the following:

(a) Does Unit 2 provide a backup source of emergency power for Unit 3?

(b) Since Unit 3 provides an alternate source of AC power (via NSST, RSST, or EDGs) for Unit 2, what would be the impact of the proposed AOT change on incremental conditional risk estimates for Unit 2?

(c) What is the impact on Unit 3 risks when a Unit 2 EDG is declared inoperable?

(d) Can the Station Blackout Diesel Generator (SBO DG) completely substitute for EDG A or EDG B (or Unit 2 EDGs)? If not, what equipment is powered by the SBO DG?

(e) Is the availability of the SBO DG comparable to EDGs A and B?

(f) The attachment states that prior to application of the extended EDG AOT the availability of the SBO DG will be verified by test; why not verify the availability of the other EDG by test instead (or also)?

(g) In the changes to Required Action statements, isn't it somewhat confusing to refer to the "verifications" as "verify ... operable" when it appears to be only a verification of "not in maintenance" and assumption of operability?

(1) J. A. Price letter to U.S. Nuclear Regulatory Commission, "Millstone Nuclear Power Station, Unit No. 3, Technical Specifications Change Request 3-2-00, Emergency Diesel Generator Allowed Outage Time," dated October 1, 2001.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 2

Response

a. Millstone Unit No. 2 does not provide a backup source of emergency power for Millstone Unit No. 3.

b. With the more risk significant Millstone Unit No. 3 EDG out of service (3EGS*EGB), the Millstone Unit No. 2 Risk Achievement Worth (RAW) would be equal to 1.02. This corresponds to an Allowed Configuration Time (ACT) of one year.

It should be noted that the Millstone Unit No. 2 to Millstone Unit No. 3 electrical cross-tie was designed to supply power from the Millstone Unit No. 3 Normal Station Service Transformer, Reserve Station Service Transformer, and Station Blackout Diesel Generator (SBO DG) to Millstone Unit No. 2. It was not designed to supply power from the Millstone Unit No. 3 EDGs to Millstone Unit No. 2.

c. There is no risk impact to Millstone Unit No. 3 when a Millstone Unit No. 2 EDG is inoperable since Millstone Unit No. 2 is not capable of supplying power to Millstone Unit No. 3. However, when a Millstone Unit No. 3 EDG is out of service for an extended time period (i.e., 14 days) the Millstone Unit No. 2 EDGs are required to be operable as specified by Technical Specifications to reduce the possibility of SBO events at both Millstone Unit No. 2 and Millstone Unit No. 3.

d. The SBO DG cannot completely substitute for a Millstone Unit No. 2 or 3 EDG.

The SBO DG continuous rating is 2260 kw. The Millstone Unit No. 3 EDG continuous rating is 4986 kw, and the Millstone Unit No. 2 EDG continuous rating is 2750 kw. The SBO DG connects to the Millstone Unit No. 3 emergency bus (34C or 34D) via the non-emergency bus (34A or 34B) through the non emergency bus to emergency bus tie breaker. The SBO DG can connect to either bus, but only one bus at a time. The SBO DG is capable of supplying any Millstone Unit No. 3 emergency bus load. Loading of the SBO DG is manually controlled (no automatic sequencing of loads.). Instructions for loading the SBO DG, with appropriate guidance to ensure the SBO DG is not overloaded, are contained in plant operating procedures.

The Millstone Unit No. 3 SBO DG is the alternate AC power source for Millstone Unit No. 2. If the SBO DG is used in this capacity, it would only supply one Millstone Unit No. 2 emergency bus, and any of the associated loads, via the electrical cross-tie between these units. The SBO DG would be manually loaded as directed by the appropriate procedure.

e. EDG and SBO DG availability (or unavailability) are monitored in accordance with the Maintenance Rule (10 CFR 50.65). The performance criteria for the EDGs is less than 300 hours0.00347 days 0.0833 hours 4.960317e-4 weeks 1.1415e-4 months per rolling 24 month window. The performance criteria for the SBO DG, at this time, is less than 875 hours0.0101 days 0.243 hours 0.00145 weeks 3.329375e-4 months per rolling 24 month window. The SBO DG has a much higher performance criteria because of

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 3 modifications (implemented during the end of 2000 and beginning of 2001) to both Millstone Unit No. 2 and Unit No. 3 as part of the installation of the electrical cross-tie between these units. Those modifications required the SBO DG to be out of service for a significant amount of time. A one time performance criteria change for the SBO DG was made. This change added an additional 500 hours0.00579 days 0.139 hours 8.267196e-4 weeks 1.9025e-4 months to the previous performance criteria of 375 hours0.00434 days 0.104 hours 6.200397e-4 weeks 1.426875e-4 months . The 500 hour0.00579 days 0.139 hours 8.267196e-4 weeks 1.9025e-4 months allowance will be removed from the performance criteria after January of 2003, returning the performance criteria to 375 hours0.00434 days 0.104 hours 6.200397e-4 weeks 1.426875e-4 months . Currently, unavailability for the Millstone Unit No. 3 EDGs is approximately 50% to 60% of their performance criteria. The SBO DG unavailability is approximately 70% of its performance criteria.

f. Attachment 5 of the original submittal specified that the availability of the SBO DG shall be verified by test performance within the previous 30 days before the proposed extended EDG Allowed Outage Time (AOT) of 14 days can be utilized.

Since the SBO DG is normally tested quarterly, the additional requirement will require a more recent test of the SBO DG. The Millstone Unit No. 3 and Millstone Unit No. 2 Technical Specifications (3.8.1.1) already require monthly testing of the respective EDGs.

g. The proposed required actions to verify the operability of the Millstone Unit No. 2 EDGs and the availability of the SBO DG, and the associated Bases discussion, are consistent with the current action requirement (Action d.) which requires verification that the systems, subsystems, trains, and components of the redundant train are operable when one EDG is inoperable. By maintaining consistency with existing requirements, the proposed actions will not be confusing to the plant operators. In addition, this approach is consistent with the Standard Westinghouse Technical Specifications (NUREG-0452, Revision 4 and Draft Revision 5) which were used in the development of the initial Millstone Unit No. 3 Technical Specifications.

Question 2 With regard to incremental conditional risk estimates (Tier 1):

(a) It is noted that Table 2 in Attachment 5 lists the contribution to the average core damage frequency for internal events, including internal flooding and fire, as well as seismic events. However, contributions [from] internal flooding, fire, and seismic events do not appear to have been included in the incremental conditional risk estimates for operation during allowed outage. Discuss the impact of the proposed change in AOT on these risks and the estimated total ICCDP and ICLERP.

(b) If the estimated risks (ICCDP or ICLERP) exceed the staffs definition of what constitutes a small increase, discuss the factors responsible for the estimated values and what could be done to reduce the risk (beyond those contingencies already proposed for the TS, as appropriate).

U.S. Nuclear Regulatory Commission B1 8629/Attachment 1/Page 4 (c) With regard to the compensatory measure of staging a spare charging pump for emergency use in RCP seal cooling, the attachment states that the PRA model was altered to take the action into account in calculating the ICCDP and ICLERP; describe briefly what was done to the model and what would have been the risks without the compensatory measure.

Response

a. A revised Table 2, "Core Damage Frequency Contribution by Initiating Event,"

which was contained in Attachment 5 of the October 1, 2001 submittal, is located at the end of the response to this question. The revised table indicates the Core Damage Frequency (CDF) initiators that have not been re-quantified since the original Individual Plant Examination (IPE) submittal by the use of a double asterisk (**) next to the appropriate Initiating Event. Those events include Excessive Loss of Coolant Accident (LOCA), Interfacing Systems LOCA (ISLOCA), internal flooding, fire, and seismic. The contribution from internal flooding, fire, and seismic events did not need to be re-quantified to evaluate the risk impact for the proposed EDG AOT as discussed below.

The Millstone Unit No. 3 IPE and Individual Plant Examination of External Events (IPEEE) were submitted in the same letter to the Nuclear Regulatory Commission (NRC) dated August 31, 1990.(2) The NRC staff evaluation reports for the IPE (May 5, 1992)(3) and IPEEE (May 26, 1998), 4) concluded that the studies met the intent of Generic Letter (GL) 88-20, Individual Plant Examination for Severe Accident Vulnerabilities - 10 CFR 50.54(f).

Internal Flooding and Fire If an EDG is out of service for 14 days, there is a negligible impact on the Incremental Conditional Core Damage Probability (ICCDP) and the Incremental Conditional Large Early Release Probability (ICLERP). The Millstone Unit No. 3 equipment layout is such that there are no spatial dependency issues which make the unit susceptible to internal flood and/or fire hazards. The switchyard, transformer yards (2 yards, 1 per offsite transformer), 2 service water trains, SBO DG, train related switchgear rooms, and EDGs are all physically separated and located in separate fire/flood zones. Due to the plant's physical characteristics, there is no single fire/flood event that could either:

(2) E. J. Mroczka letter to the U.S. Nuclear Regulatory Commission, "Millstone Nuclear Power Station, Unit No. 3, Response to Generic Letter 88-20, Individual Plant Examination for Severe Accident Vulnerabilities, Summary Report Submittal," dated August 31, 1990.

(3) V. L. Rooney (USNRC) letter to Northeast Nuclear Energy Company, "Staff Evaluation of Millstone 3 Individual Plant Examination, (IPE) - Internal Events, GL 88-20 (TAC No.

M74434)," May 5,1992.

(4) J. W. Andersen (USNRC) letter to Northeast Nuclear Energy Company, "Millstone Nuclear Power Station, Unit No. 3 Individual Plant Examination of External Events (TAC No.

M83643)," May 26, 1998.

U.S. Nuclear Regulatory Commission B 18629/Attachment 1/Page 5

"* initiate a loss of offsite power and cause failure of one of the two remaining available diesel generators (EDG or SBO DG), or

"* result in failure of both remaining available diesel generators (EDG and SBO DG).

Consequently, in order for internal flood or fire events to lead to core damage, several random events must also occur simultaneously. For example, a typical station blackout scenario including internal flood or fire is the random loss of offsite power and random failure of the SBO DG coincident with an internal flood/fire event in the switchgear room not associated with the inoperable EDG.

Furthermore, because the probability of an internal flood/fire event is much lower than the probability of a random equipment failure, the core damage contribution from these scenarios is negligible.

Seismic The design basis earthquake for Millstone Unit No. 3 is 0.17g. The Probabilistic Safety Study (PSS), published in 1983(') and subsequently amended, reported the median peak ground acceleration capacity of the offsite power grid and the EDGs to be 0.2g and 0.91g,(6) respectively. The median peak ground acceleration capacity for the EDG Enclosure Building is 0.88g. The median peak ground acceleration capacity for the SBO DG is not known as it was purchased non-seismically qualified. The median peak ground acceleration capacity of the EDG and the EDG Enclosure Building are similar, although the EDG is now more seismically rugged as a result of the design change to the EDG lube oil cooler anchor bolts. Therefore, the EDG Enclosure Building would be limiting even if the EDG was available.

If a design basis earthquake (0.17g) occurred at Millstone, it is reasonable to assume that the offsite power grid and the SBO DG would not be available.

However, the Millstone Unit No. 3 EDGs and associated Enclosure Buildings should be available since the high confidence low frequency failure level for the EDGs is 0.38g (i.e., the highest ground acceleration which the EDG fails at a negligible probability).

(5) W. G. Counsil letter to U.S. Nuclear Regulatory Commission, "Millstone Nuclear Power Station, Unit No. 3, "Submittal of Probabilistic Safety Study (PSS)," dated July 27, 1983.

(6) The seismic capability of the EDGs reported in the PSS was determined prior to a design change that was completed in 1986 (PDCR 3-86-126) which replaced the EDG lube oil cooler anchor bolts with bolts made of more seismically rugged material. As a result of that design change, the EDG median peak ground acceleration increased to 1.1 3g and the high confidence low frequency failure level increased to 0.38g.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 6 The PSS further breaks down the seismic CDF as follows:

Ground Acceleration % Seismic CDF 0.45g and 0.55g 45 0.35g 18 0.65g 13 0.8g 9 0.75g 7 0.25g 7 0.15g <1 As illustrated by the above data, approximately 45% of the seismic CDF is attributed to a seismic event in the 0.45g to 0.55g ground acceleration range, which is well beyond the design basis earthquake. At these or higher ground accelerations, the EDG Enclosure Buildings are limiting. An earthquake with a ground acceleration approximately equal to the design basis earthquake contributes less than 1% to the seismic CDF. At the low ground acceleration events (e.g., 0.2g), there is a high confidence that the remaining EDG and its structure will remain intact. Consequently, because the EDG Enclosure Building is limiting, the seismic CDF is not sensitive to the decrease in EDG reliability/availability which would occur if the EDG AOT is increased. Therefore, increasing the EDG AOT to 14 days is not expected to have an impact on the seismic contribution to ICCDP or ICLERP.

b. As discussed in the response to Question 2(a), allowing one EDG to be out of service for 14 days at Millstone Unit No. 3 will not exceed the staffs definition of a small increase in the core damage contributions from internal flooding, fire, and seismic events. Therefore, no additional actions are necessary to reduce the risk associated with these events when an EDG is out of service for an extended time period.

c. Operator action is credited given a loss of offsite power coincident with an EDG out of service and subsequent failure of the opposite train charging pump. The operator action credited is racking down and removing the breaker associated with the failed charging pump and racking up that breaker for the spare charging pump (3CHS*P3C). Additional operator actions will establish cooling to the C charging pump and then align it for RCS inventory/reactivity control. The task of racking down a breaker from one charging pump, racking it up to the spare charging pump, and establishing pump cooling is currently performed at least quarterly to support performance of the Inservice Testing of the C charging pump, as required by Technical Specification 4.0.5. Procedural guidance for these tasks are contained in normal operating procedures (OP 3304A, Charging and Letdown, and OP 3330D, Charging Pump Cooling).

U.S. Nuclear Regulatory Commission B 18629/Attachment 1/Page 7 Without the charging pump compensatory measure, the ICCDP would be 9.84E-07 and the ICLERP would be 6.64E-09. The dominant core damage sequences are reactor coolant pump seal leaks coupled with failure of either inventory control or long term decay heat removal.

U.S. Nuclear Regulatory Commission B1i8629/Attachment 1/Page 8 Table 2 Core Damage Frequency Contribution by Initiating Event Initiating Event Initiating Event Frequency (Yr') Core Damage Frequency (Yr 1 )

Updated PRA IPE Updated PRA IPE Model Model Excessive LOCA ** 3.OOE-07 3.O0E-07 3.OOE-07 3.OOE-07 Large LOCA 4.40E-05 3.88E-04 2.14E-07 8.03E-06 Medium LOCA 4.30E-05 6.11E-04 2.05E-07 1.03E-05 Small LOCA 3.O0E-03 9.07E-03 9.66E-06 2.42E-06 Consequential Small LOCA .... 9.89E-06* 1.21 E-06 IS LOCA ** 2.21 E-07 2.21 E-07 2.21 E-07 2.21 E-07 In-core Instrument Tube LOCA 9.20E-04 9.20E-04 3.82E-06 2.46E-07 SGTR 7.72E-03 3.92E-02 4.35E-08 1.18E-06 General Transient 2.91 3.24 9.73E-06 2.97E-06 Loss of Main Feedwater 1.13E-01 8.60E-01 3.82E-07 1.05E-06 Steamline Break Outside 6.04E-03 3.78E-02 2.47E-07 8.12E-06 Containment (SLBOC)

Consequential SLBOC ...... 6.73E-07 Steamline Break Inside 4.65E-04 3.88E-04 1.43E-08 5.85E-08 Containment (SLBIC)

Consequential SLBIC ...... 1.29E-06 Loss of Offsite Power 3.08E-02 1.12E-01 8.61 E-06 4.99E-06 Loss of One DC Bus -- 3.92E-03 9.67E-07 3.72E-06 Loss of 120V AC Bus 1 or 2 -- 6.15E-02 3.09E-07 1.18E-06 Loss of 120V AC Bus 3 or 4 -- 6.15E-02 8.50E-09 4.72E-07 Loss of One SW Train -- 1.81 E-02 1.48E-06 2.75E-06 Total Loss of SW -- NA 4.08E-08 NA ATWS .... 2.37E-06* 3.38E-06 Internal Flood **

"* Switchgear/cable spreading .... 8.OOE-07 8.OOE-07

Diesel Generator Enclosure ....- 8.60E-09 8.60E-09

"* Intake Structure .... 4.94E-08 4.94E-08 Fire **

"* Control Room 3.50E-03 3.50E-03 7.28E-07 7.28E-07

"* Instrument Rack Room 3.50E-03 3.50E-03 2.44E-07 2.44E-07

"* Cable Spreading Room 6.60E-03 6.60E-03 9.89E-07 9.89E-07

"* Switchgear Room 1.04E-02 1.04E-02 8.03E-07 8.03E-07

"* Electrical Tunnels 6.60E-03 6.60E-03 6.93E-07 6.93E-07

"* MCC Rod Control 7.OOE-03 7.OOE-03 8.42E-08 8.42E-08

"* Charging and RPCCW 4.80E-03 4.80E-03 1.07E-06 1.07E-06

"* Intake Structure 3.OOE-03 3.0OE-03 4.27E-08 4.27E-08

"* Diesel Generator Enclosure 3.40E-02 3.40E-02 1.45E-07 1.45E-07 1,=,irmir, ** I I 9.08E-06 9.08E-06 5.1OE-05 I 6.92E-05 Totals

The contributions from consequential small LOCA and ATWS are not included in the overall CDF solution because they are embedded within other initiating event categories.

- Initiating Events and Core Damage Frequencies based on original IPE submitted on August 31, 1990.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 9 Question 3 With regard to "Avoidance of Risk Significant Plant Configurations" (Tier 2), states that Millstone identifies potential high risk configurations that could exist if equipment in addition to that associated with the change were taken out of service simultaneously. To help the NRC staff appreciate the risks involved:

(a) For the most risk significant EDG out of service for maintenance, prepare a table showing the estimated the risk importances (e.g., RAWs) of remaining risk significant equipment (include in the list the associated allowed outage times);

(b) From the list of equipment that could cause the change in risk associated with the change in AOT to significantly exceed what the staff considers small for a single TS AOT change, select the most important (from those permitted to be inoperable by LCO AOT for, say, more than a day) which plant experience (e.g.,

as observed in the plant log) shows to have some out of service frequency (attempt to make the choice realistic, reflecting plant practices), and with it and the EDG out of service, re-estimate the risk for the AOT; and (c) Provide assurances that the risks associated with the LCO AOT for corrective maintenance will be kept comparable with that which the staff considers small for a single TS AOT for preventative maintenance.

Response

a. Table 1, "Risk Significant Plant Configurations," located at the end of the response to this question, includes risk significant equipment that is routinely removed from service for preventative maintenance during plant operation. The table assumes the B EDG (3EGS*EGB), which is the more risk significant EDG, is initially out of service and then the additional component identified is removed from service. A RAW and ACT are then calculated based on the plant configuration with the two components out of service. The calculated RAWs and ACTs are based on the current Millstone Unit No. 3 probabilistic risk assessment (PRA) model. The Technical Specification AOT is also listed for each case based on the identified limiting current Technical Specification Action Statement (TSAS), except for the SBO DG which utilizes the proposed TSAS for extended EDG outages.

b. As indicated in Table 1, the TSAS provides an AOT that is more limiting than the ACT for all equipment combinations except three; Train B Recirculation Spray System, B Motor Driven Auxiliary Feedwater Pump, and the SBO DG. The proposed 14 day AOT for one inoperable EDG will not change the limiting AOT for the Table 1 equipment combinations. (The one exception is the SBO DG which did not previously have a Technical Specification AOT, but will be limited to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months when a Millstone Unit No. 3 EDG is out of service for up to 14 days.)

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 10 The PRA risk color for these three configurations, as calculated by the Equipment Out of Service (EOOS) computer program, is yellow for the first two and green for the third (SBO DG). As indicated in Attachment 1, Sheet 4 of Work Management Procedure MP-20-WM-FAP02.1, Conduct of On-Line Maintenance, (document provided in Attachment 2), green and yellow are acceptable risk configurations and no additional compensatory actions are required. However, if the Scheduled Configuration Time (SCT) will exceed the ACT, Step 3 of Attachment 8 (MP-20-WM-FAP02.1) requires an assessment of non-quantifiable factors to address the increased risk.

It is unlikely that any of the three configurations would be intentionally established for preventative maintenance since more than one risk significant component is rarely removed from service at the same time. This situation would only be expected to occur as a result of the failure of the additional equipment while an EDG was out of service. The performance of the Millstone Unit No. 3 equipment is monitored, as required by 10 CFR 50.65, and a corrective action plan is developed if unavailability becomes excessive. It should be noted that the overall performance of Millstone Unit No. 3 equipment for the past 3 years has been good as indicated by no forced outages. If it was planned to establish any of the identified configurations, the SCT would be limited to one half of the AOT unless permission was obtained from upper management (Step 2.1.8 of MP-20-WM-FAP02.1). By limiting the SCT to one-half of the AOT, the SCT will remain less than the ACT.

c. The risks associated with an extended EDG outage for corrective maintenance will be comparable to the risks associated with an extended EDG outage for preventive maintenance. The additional administrative requirements contained in Attachment 5, Tier 2 - Avoidance of Risk Significant Plant Configurations, of the October 1, 2001 submittal, are applicable when using the proposed extended EDG AOT (14 days) for corrective as well as preventative maintenance. Since the need for corrective maintenance can't be predicted/scheduled like preventative maintenance, the plant operators will initially utilize the current 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months EDG AOT if corrective maintenance is necessary immediately. If the corrective maintenance is expected to take longer than the 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , it will be necessary to meet the proposed additional administrative requirements before the EDG AOT can be extended to 14 days.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 11 TABLE I Risk Significant Plant Configurations Component RAW ACT (hrs) AOT (hrs)

Out Of Service 3EGS*EGB OOS TSAS 3HVQ*FN5A - AFW & Mech. Room 152 2 2 Train A Ventilation Fan 3.8.1.1.d. 1 3FWA*P1A -MDAFW Pump A 17 18 2 3.8.1.1.d.1 Recirc. Spray System Train A 9.5 34 2 3.8.1.1.d.1 Recirc. Spray System Train B 7.1 46 72 3.6.2.2 3EGS*EGA - EDG A 6.6 50 2 3.8.1.1.f 3FWA*P1B - MDAFW Pump B 6.6 50 72 3.7.1.2.a Charging Train A 5.3 65 2 3.8.1.1.d.1 3BGS*BGA - SBO DG 5.1 67 72 Proposed 3.8.1.1.b.4 3HVY*FN2A - Service Water Train A 4.5 82 2 Ventilation Fan 3.8.1.1.d. 1 SSPS Train B 4.3 86 6 3.3.1.13a 3FWA*P2 - TDAFW Pump 3.7 106 2 3.8.1.1 .d.2 SSPS Train A 3.6 108 2 3.8.1.1.d.1 3HVQ*ACUS2A - Train A Recirc. 3.6 108 2 Spray System AC Unit 3.8.1.1.d. 1 3SWP*P1A(C) - In service 3.5 113 2 Train A SW Pump 3.8.1 .1.d.1 3SWP*P1 B(D) -In service 3.3 120 72 Train B SW Pump 3.7.4 3HVY*FN2B - Service Water Train B 2.6 182 72 Ventilation Fan 3.7.4 3SIH*P1A - SI Pump A 2.5 182 2 3.8.1.1.d.1 3HVR*FN 13A - Charging and 2.4 185 2 RPCCW Train A Vent. Fan 3.8.1.1.d.1 3SIH*P1B - SI Pump B 2.2 230 72 3.5.2.a 3HVQ*ACUS1A - Train A ESF Room 2.2 235 2 AC Unit 3.8.1.1.d.1 3HVQ*ACUS2B - Train B Recirc. 2.1 259 72 Spray System AC Unit 3.6.2.2 3HVQ*FN5B - AFW & Mech. Room 2.0 269 72 Train B Ventilation Fan 3.7.1.2.a 3HVQ*ACUS1 B - Train B ESF Room 2.0 274 72 AC Unit 3.5.2.a

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 12 Question 4 makes reference to a Configuration Risk Management Program (CRMP) in connection with the controlling and limiting risk during AOTs (Tier 3).

(a) Since significant increases in LCO AOTs, such as those proposed, significantly increase the window during which other risk significant equipment can become inoperable (inadvertently or planned), discuss the potential risk from overlapping equipment outages based on the Millstone 3 plant log and current AOTs and planned or proposed AOT extensions (e.g, discuss of the risk profile for the past cycle, showing maximum, minimum and mean risks that would result from having the EDG out of service at specific times for the proposed AOT);

(b) Provide copies of the administrative procedure and/or operational support procedure used to implement CRMP; (c) It not dealt with in the procedures, discuss the controls that limit at power preventative maintenance outage times and frequencies; (d) If not dealt with in the procedures, discuss application of the programs, or similar procedures, to corrective maintenance and emergent EOOS (unless already discuss in response to 2.c) - it is noted that the reassuring contingency measures discussed in the attachment and the proposed TS Bases, and limitations on voluntary entry, are not applicable to corrective maintenance; (e) If the procedures do not contain quantitative criteria used by Millstone 3 in making decisions on when a risk is small, and what level of risk (not color codes) triggers specific operational actions (not managerial levels of approval) together with the action associated with each level (e.g., discuss the point at which Millstone 3 would voluntarily reduce the maintenance time to less than the LCO AOT or shut down the plant), provide the information, and include discussion of qualitative considerations used by Millstone 3; and

Response

a. Multiple equipment outages, if scheduled, are evaluated using procedure MP-20-WM-FAP02.1. If the outages are emergent, Attachment 2, Sheet 6 of Operations Department Guideline MP-14-OPS-GDLO2, Operations Standards (selected portions of the document are provided in Attachment 2), provides direction for risk reviews. In either case, the risk color and ACT are determined.

If the risk color is red, the configuration is prohibited. If the SCT exceeds the ACT, a contingency plan is developed to minimize the risk impact (Attachment 8 of MP-20-WM-FAP02.1). If the SCT is expected to be 10 times greater than the ACT, the configuration is prohibited. Table 1, which was provided in the response to Question 3, identifies the ACT for numerous risk significant equipment outage combinations that may occur during plant operation.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 13 Monthly performance reports for Millstone Unit No. 3 are developed. One of the parameters tracked on a monthly basis is Core Damage Probability (CDP). The January 2002 CDP performance indicator for Millstone Unit No. 3 has been included in Attachment 2. As indicated, performance has been "satisfactory" for the months of March 2001 through January 2002, except November 2001 which was "excellent." The three highest months for CDP during this time frame are listed below with an explanation for the identified increase. Performance was not tracked for February 2001 since monitoring of Shutdown Risk was in effect due to Refueling Outage No. 7.

September 2001 - The dominant contributor to the CDP was the extended D Service Water pump outage. This evolution was planned and the CDP increase expected.

October 2001 - The primary contributor to the CDP was Service Water pump unavailability as individual pump (B, C, and D) outages were performed.

December 2001 - The main contributors to the CDP were planned maintenance activities on the Service Water and Auxiliary Feedwater Systems.

It is important to note that the Millstone Station has recently successfully completed extended outages for both of the Millstone Unit No. 2 EDGs, and the Millstone Unit No. 3 service water pumps. The administrative controls established for these activities are the same, adjusted to be component specific, as proposed for the Millstone Unit No. 3 EDG extended AOT. The use of these controls and compensatory actions will minimize the plant risk of an extended EDG outage. As a result, no significant impact on the monthly risk profiles is expected.

b. Section 2.11.2 of MP-20-WM-FAP02.1 provides the additional administrative requirements before a Millstone Unit No. 2 EDG is removed from service for an extended time period (i.e., 14 days). A similar section will be added to this procedure as part of the implementation for this amendment, if approved, to address the additional administrative requirements (Attachment 5, Tier 2 Avoidance of Risk Significant Plant Configurations of the October 1, 2001 submittal) before a Millstone Unit No. 3 EDG is removed from service for an extended time period.

Attachment 8 of MP-20-WM-FAP02.1 provides the guidelines to quantify plant risk when multiple structures, systems, or components are expected to be inoperable at the same time.

c. MP-20-WM-FAP02.1, as previously discussed, provides the controls to limit at power preventative maintenance. This procedure discusses the duration of planned equipment outages. The frequency of most preventative maintenance

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 14 activities is fixed by Technical Specification and/or manufacturer recommendations. However, equipment performance may dictate more frequent testing/maintenance activities. Equipment is usually considered inoperable/unavailable during maintenance activities. If the equipment unavailability time becomes excessive [i.e., Maintenance Rule 10 CFR 50.65(a)(1)], a corrective action plan will be developed to reduce equipment unavailability.

d. The guidance to the plant operating staff to perform maintenance rule risk reviews is contained in MP-14-OPS-GDLO2 (Sheet 6 of Attachment 2).

It should be noted the "reassuring contingency actions" discussed in Attachment 5 of the October 1, 2001 submittal, are applicable when using the proposed EDG extended AOT (14 days) for corrective as well as preventative maintenance. Since the need for corrective maintenance cannot be predicted/scheduled like preventative maintenance, the plant operators will initially utilize the current 72 hour8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months EDG AOT if corrective maintenance is necessary immediately. If the corrective maintenance is expected to take longer than the 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , it will be necessary to meet the proposed additional administrative requirements before the EDG AOT can be extended to 14 days.

e. Attachment 8 of MP-20-WM-FAP02.1 does contain quantitative criteria to address plant risk. The quantitative criteria is based on the guidance contained in NUMARC 93-01, Section 11, Assessment of Risk Resulting from Performance Maintenance Activities, as endorsed by Regulatory Guide 1.182, Assessing and Managing Risk Before Maintenance Activities at Nuclear Power Plants. The previous responses illustrate how this criteria is utilized.

A recent event at Millstone Unit No. 3 illustrates the use of the risk assessment tools. On December 27, 2001, at 20:46, the Millstone Unit No. 3 B EDG was declared inoperable when the associated breaker closing springs were found discharged. The scheduled work for this time period did not assume the B EDG would be inoperable. As a result, the plant operating crew performed an on-line maintenance rule risk review using EOOS for the identified plant configuration.

This review was completed within one hour of identifying that the B EDG was inoperable. The risk review determined that the risk level was acceptable as indicated by a "Green" risk color.

Question 5 Attachment 5 contains comments on the Millstone 3 PSA Peer Review.

(a) Provide a copy of the summary and conclusions sections (or their equivalent, say a recommendations section) of the review report; and (b) If not provided in the report, provide a discussion of the scope and purpose of the review.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 15

Response

a. The Millstone Unit No. 3 peer review was conducted under the Westinghouse Owner's Group (WOG) sponsorship. The reviewers included PRA industry consultants and domestic utility personnel. The objective was to establish the technical quality and adequacy of the Millstone Unit No. 3 PRA. The summary tables for the individual PRA technical elements (i.e., initiating events, systems analysis, etc.,) and an overview of the PRA review process including the scope and purpose of the review have been provided in Attachment 2.

The results of the WOG peer review were evaluated and a corrective action plan developed to address the findings. Since the corrective action plan has not yet been implemented, each finding was reviewed to determine if any are specifically applicable to the proposed EDG AOT extension. The results of this review were provided on Attachment 5, Page 7, of the October 1, 2001 submittal.

b. The scope and purpose of the Millstone Unit No. 3 peer review have been provided in Attachment 2.

Question 6 Provide additional clarification for the proposed changes to the action requirements for Technical Specification 3.8.1.1 with respect to the format changes and deletion of the statement that a successful test of the diesel generator for one action requirement will satisfy the required test for another action requirement.

Response

Format Changes Technical and non-technical changes to the action requirements of Technical Specification 3.8.1.1 were proposed in the October 1, 2001 submittal. The majority of the technical changes were associated with the proposed increase in the AOT for one EDG from 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months to 14 days. The non-technical changes were proposed to improve the user interface by converting the action requirements to a table format from the current paragraph format. Each of the non-technical changes are discussed below.

1. Action Requirement a. - One offsite circuit inoperable.

The requirement to verify the remaining offsite circuit was retained in Required Action (RA) a.l. The AOT and shutdown requirements were retained in RA a.2.

These format changes did not change any technical aspect of the current action statement.

A discussion of the technical changes to this action statement was provided in Attachment 1 of the October 1, 2001 submittal.

U.S. Nuclear Regulatory Commission B 18629/Attachment 1/Page 16

2. Action Requirement b. - One diesel generator inoperable.

The requirement to verify the offsite circuits was retained in RA b.1. The requirement to test the remaining EDG or do a common cause evaluation was retained in RA b.2. The AOT and shutdown requirements were retained in RA b.5. These format changes did not change any technical aspect of the current action statement.

A discussion of the technical changes to this action statement was provided in Attachment 1 of the October 1, 2001 submittal.

3. Action Requirement c. - One offsite circuit and one diesel generator inoperable.

The requirement to verify the remaining offsite circuit was retained in RA c.1.

The requirement to test the remaining EDG or do a common cause evaluation was retained in RA c.2. The AOT and shutdown requirements were retained in RAs c.4 and c.5. These format changes did not change any technical aspect of the current action statement.

A discussion of the technical changes to this action statement was provided in Attachment 1 of the October 1, 2001 submittal.

4. Action Requirement d. - Additional action one diesel generator inoperable.

The requirement to verify the operability of the redundant systems, subsystems, trains, components, and devices was retained in RAs b.3 and c.3. The requirement to verify the operability of the steam driven auxiliary feedwater pump was retained in RAs b.3 and c.3. The AOT and shutdown requirements were retained in RAs b.3 and c.3. These format changes did not change any technical aspect of the current action statement.

There were no technical changes to this action statement.

5. Action Requirement e. - Two offsite circuits inoperable.

The AOT and shutdown requirements were retained in RA d.l. The guidance to follow after one offsite circuit is restored was retained in RA d.2. These format changes did not change any technical aspect of the current action statement.

There were no technical changes to this action statement.

6. Action Requirement f. - Two diesel generators inoperable.

The requirement to verify the offsite circuits was retained as RA e.1. The AOT and shutdown requirements were retained in RA e.2. The guidance to follow after one EDG is restored was retained in RA e.3. These format changes did not change any technical aspect of the current action statement.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 17 A discussion of the technical changes to this action statement was provided in Attachment 1 of the October 1, 2001 submittal.

Deletion of Successful EDG Test Guidance The statement contained in the current Action Requirements c. and f. that a successful test of the diesel generator for this action requirement will satisfy the required test of current Action Requirement b. was not retained in the revised RAs c. and e.,

respectively. This statement is not necessary since testing of the other EDG would only be required if a common cause failure evaluation was not completed within the required time. If a common cause failure did exist, both EDGs would be declared inoperable and proposed RA e. would apply.

The successful EDG test statement was originally added to provide guidance to the plant operators to prevent unnecessary EDG starts when complying with the numerous action requirements of Technical Specification 3.8.1.1. The issue of excessive EDG starts was subsequently addressed by GL 93-05, Line-Item Technical Specification Improvements to Reduce Surveillance Requirements for Testing During Power Operation. The guidance contained in GL 93-05 proposed the addition of the common cause failure test to the action requirements of Technical Specification 3.8.1.1. The intent of the common cause failure test was to exclude the requirement to test the other EDG when one EDG was inoperable if it could be determined that the reason the one EDG was inoperable could not cause the other EDG to become inoperable.

The current action statements addressed one inoperable EDG (Action Requirement b.),

one inoperable EDG and one inoperable offsite circuit (Action Requirement c.), and two inoperable EDGs (Action Requirement f.). The requirement to test the other EDG was contained in Action Requirements b. and c. Since each of the current action statements was designed to independently handle each combination of inoperable power sources, there was the potential for the operable EDG to be tested numerous times as the action statements were entered and exited as the combinations of inoperable power sources changed when equipment was restored to operable status.

This potential was eliminated when the common cause failure test approach contained in GL 93-05 was incorporated.

Since the common cause failure test approach was retained in the proposed action requirements of Technical Specification 3.8.1.1, it was not necessary to retain the successful EDG test statement contained in current Action Requirements c. and f. This can be illustrated by the following example utilizing the proposed action requirements.

One EDG and one offsite circuit declared inoperable in Mode 1.

Perform RA c.1 for remaining offsite circuit.

Perform RA c.2 for remaining EDG.

"* Do common cause evaluation or start remaining EDG.

"* Common cause evaluation determines remaining EDG is inoperable.

U.S. Nuclear Regulatory Commission B18629/Attachment 1/Page 18

Perform RAs e.1 and e.2.

If successful in restoring one EDG to operable status, the now operable EDG does not have to be tested again to comply with RA b.2 (if the offsite circuit is restored to operable status) or RA c.2 (if the offsite circuit is not restored to operable status).

Common cause evaluation determines remaining EDG is not affected.

Restore one power source to operable status per RA c.4.

If offsite circuit restored to operable status first, RA c.5 will direct continued restoration of the inoperable EDG per RA b. Since common cause failure analysis has determined that the remaining EDG is not affected, there will be no need to start the remaining EDG per RA b.2.

The proposed Bases for Technical Specification 3.8.1.1 contained in the October 1, 2001 submittal (Insert C - Page B 3/4 8-1) provides guidance to the plant operators on the determination of a common cause failure. As stated in the Bases, a common cause evaluation is required to be performed whenever an EDG becomes inoperable. The common cause evaluation must be performed within the time constraints contained in RAs b.2 or c.2 or the other EDG must be started by performing Surveillance Requirement 4.8.1.1.2.a.5. The time constraints do not apply after the inoperable EDG is restored to an operable status. However, completion of the common cause evaluation is still required even after the inoperable EDG is restored to an operable status.

Question 7 The proposed changes to Technical Specifications 3.4.3.1 and 3.4.3.2 remove the additional requirement for the required pressurizer heaters to be supplied by emergency power. The justification for removal of this requirement, which was based on NUREG-0737, is that the required pressurizer heaters are permanently connected to Class 1 E power supplies. The Bases for these specifications should include a reference to the NUREG-0737 requirement.

Response

A revised Technical Specification Bases page (B 3/4 4-2a) to reference the NUREG-0737 requirement for pressurizer heaters has been provided in Attachment 2.

Docket No. 50-423 B18629 Attachment 2 Millstone Nuclear Power Station, Unit No. 3 Response to a Request for Additional Information Technical Specifications Change Request 3-2-00 Emergency Diesel Generator Allowed Outage Time Supporting Documentation

U.S. Nuclear Regulatory Commission B18629/Attachment 2/Page 1 Response to a Request for Additional Information Technical Specifications Change Request 3-2-00 Emergency Diesel Generator Allowed Outage Time Supporting Documentation The following additional documents have been included.

1. Work Management Procedure MP-20-WM-FAP02.1, Conduct of On-Line Maintenance, Revision 004-02.

2. Operations Department Guideline MP-14-OPS-GDLO2, Operations Standards, Revision 004 (selected portions).

3. Millstone Unit No. 3 Core Damage Probability Performance Indicator for January 2002.

4. Millstone Nuclear Power Station Unit No. 3 PRA Peer Review Report.

Section 1, Overview of the Probabilistic Risk Assessment Peer Review Process Element Review Summary Tables IE - Initiating Events AS - Accident Sequence Evaluation (Event Trees)

TH - Thermal Hydraulic Analysis SY - Systems Analysis (e.g., Fault Trees)

DA - Data Analysis HR - Human Reliability Analysis DE - Dependency Analysis ST - Structural Response QU - Quantification L2 - Containment Performance Analysis MU - Maintenance and Update Process

5. Revised Technical Specification Bases - Page B 3/4 4-2a.

Work Management Procedure MP-20-WM-FAP02.1 Conduct of On-Line Maintenance, Revision 004-02

Functional Administrative Procedure AlE Millstone Station Conduct of On-Line Maintenance MP-20-WM-FAP02.1 Rev. 004-02 Approval Date:

Effective Date: t/

STOP.: STOP flW4X ACT REVEV/

TABLE OF CONTENTS I. PURPOSE ........................................................................................................................................ 3 1.1 Objective .................................................................................................................................. 3 1.2 Applicability ............................ ................................................ 3 1.3 Supporting Documents ............................................................................................................. 4 1.4 Discussion ............................................................................................................................... 5

2. INSTRUCTIONS ............................................................................................................................ 6 2.1 Work Evaluation .............................................................................................................. 6 2.2 Week T-12 (Preliminary - "Plan The W ork" List) ............................................................ 10 2.3 W eek T-11 .............................................................................................................................. 11 2.4 W eek T- 10 ............................................................................................................................. 12 2.5 Week T-9 through T-7 (Work Order Package Preparation and Parts Procurement) ...... 13 2.6 W eek T-6 (W ork Order Package W alkdowns) ................................................................. 14 2.7 Week T-6 (W W M Review of Schedule & Scope Freeze) ................................................ 15 2.8 W eek T-6 through T-3 (T-6 Schedule Review Meeting) ................................................ 17 2.9 Week T-2 (Tagging Preparation, System Outage Meetings, & Schedule Freeze) ............ 18 2.10 W eek T-2 (T-2 Schedule Review Meeting) ................................................................... 19 2-11 W eek T-1 (Final Schedule Issuance) ............................................................................. 20 2.12 W eek T-0 (Execution W eek - W ork The Plan) ............................................................ 21 2.13 Week T+ I (Post W eek Critique) .................................................................................... 24

3. SUM M ARY OF CHANGES .................................................................................................... 25 ATTACHMENTS AND FORMS Attachment I Definitions ...................................................................................................... 27 Attachment 2 Responsibilities ................................................................................................ 33 Attachment 3 Scheduling Considerations ............................................................................. 38 Attachment 4 SSCs Requiring Risk Review / Unavailability M onitoring ............................. 41 Attachment 5 Scheduling Flowchart ...................................................................................... 47 Attachment 6 High Risk Activities ........................................................................................ 48 Attachment 7 Processing "Notification of Impact to T- 12 Schedule" (NIT), Form MP-20 W M -FAP02.1-001 ........................................................................................... 49 Attachment 8 Risk Evaluation Required Actions ................................................................. 50 Attachment 9 Documentation Supporting Modifications to MP-20-WM-FAP02.1 .............. 52 Form MP-20-WM-FAP02. l-001 "Notification of Impact to T- 12 Schedule" (NIT)

MP-20-WM-FAP02.1 Rev. 004-02 2 of 52

I. PURPOSE 1.1 Objective This procedure describes the process for:

"* A consistent method for the day-to-day function and coordination of the following organizations on to plan, schedule and execute plant work activities:

"* Maintenance

"* Nuclear Operations and Chemistry

"* Other interfacing organizations

"* Planning and scheduling on-line work activities, in order of priority as determined by the Screening Committee per MP-20-WM-GDL100.02 "Work Screening and Prioritization".

This procedure implements the requirement of paragraph (a)(4) of IOCFR50.65 "Maintenance Rule" [4.1.1.2], with respect to risk assessment when removing equipment from service.

1.2 Applicability This procedure is applicable to all on-line activities associated with:

Units 2 and 3 plant equipment, including shared equipment

Substation or yard equipment This procedure is not applicable to:

Non-power block equipment (e.g., commercial building maintenance)

Yard maintenance and ground keeping

FIN

Minor door repairs

Computer Services automated work orders (Work Order) Non-Power Block related Work Orders MP-20-WM-FAP02.1 Rev. 004-02 3 of 52

1.3 Supporting Documents The documents listed below may assist personnel in completion of the processes specified in this procedure:

"* MP-20-MMM "Work Management" (Program Description)

"* MP-20-WM-SAP02 "On-Line Maintenance"

"* MP-20-OM-FAP02.1 "Shutdown Risk Management"

"* NUC WC 12 "345 kV Transmission Facility Outages"

"* OA 10 "Millstone Station Maintenance Rule Program"

"* MP-20-WM-GDL100.02 "Work Screening and Prioritization" (to be replaced by MP-20-WP-GDL 10)

"* NEI 93-01 (Section 11) - Assessment of risk resulting from performance of maintenance activities.

MP-20-WM-FAP02.1 Rev. 004-02 4 of 52

1.4 Discussion Attachment 3 "Scheduling Considerations" provides guidance for planning, scheduling, and implementing work on equipment based on Technical Specification Action Statement (TSAS), Trip Avoidance, Maintenance Rule availability and importance to safety.

Attachment 4 "SSCs Requiring Risk Review / Unavailability Monitoring," provides information regarding which SSCs require Risk Review and/or unavailability monitoring when maintenance activities are performed while the unit is on-line.

Once a work activity is scheduled to be performed within the T-4 through T-0 cycle, management approval is required before rescheduling as described in section 2.1 "Work Evaluation". Proposed schedule scope changes are scrutinized to ensure the following:

Implementing Organization(s) FLS can support the activity

Parts are available to do the job

Configuration control is maintained and any additional risk is addressed by obtaining a Risk Review

The Work Week Manager (WWM) assess what impact adding work will have on executing the balance of the issued schedule

Fiscal Impact (i.e.: Cost verses Benefit) has been considered

Priority 1 work items, as identified by MP-20-WM-GDL100.02 "Work Screening and Prioritization", require only Shift Manager's authorization While this procedure is primarily intended to provide instructions for the scheduling of work while the unit is on-line, this procedure may also be used, in whole or in part, during unit shutdown.

Where maintenance activities historically performed during shutdown are desired to be performed as On-Line Maintenance, Senior Licensed Operator evaluation is required subject to the following criteria:

Will not force the plant off line to perform

Is within a boundary of a work task that has previously been done on-line

Is not specifically covered in Technical Specifications or the FSAR does not to be performed while the unit is shutdown

Will not place the plant in a PRA "RED" condition Work which does not meet the above criteria requires a Safety Evaluation screening per RAC 12, "Safety Evaluation Screens and Safety Evaluations," before work can be re-scheduled for performance as On-Line Maintenance..

Station Performance Indicator for "Scope Stability" is used to evaluate effectiveness from the end of T-6 through the end of T-1.

- End of Section 1 MP-20-WM-FAP02.1 Rev. 004-02 5 of 52

-7

2. INSTRUCTIONS NOTE The individual/group responsible for creating the schedule additions, deletions, or modification are required to document and obtain required approvals in accordance with this procedure.

RP 16 "Trouble Reporting" provides the administrative process for the review and prioritization of Trouble Reports (TRs), and determining which work can be performed as On-Line Maintenance.

CBM 105 provides the administrative process for "intent changes" of Preventive Maintenance (PM) tasks. PM tasks meeting the definition of "intent changes" can not be rescheduled or cancelled without an approved "PM Change and Deferral Request" (CBM 105 att.).

Priority 1 work items, or any other work items that require immediate attention as identified by the Shift Manager, do not require an NIT or categorization by the Operations Coordinator.

2.1 Work Evaluation 2.1.1 WHEN a Trouble Report (TR) or Work Order has been categorized by the Work Screening and Prioritization Committee, the Operations Coordinator takes the appropriate action listed below:

" IF Emergent Work, refers to step 2.1.2 and coordinates with the WWM to schedule the activity in the appropriate work week.

"* IF scheduled, assigns appropriate schedule reference to the Work Order.

"* IF unscheduled, assigns appropriate Functional Equipment Group, Return and Release, and Protected Train Codes.

Evaluates activities for contingencies and provides a Contingency Plan, as applicable.

NOTE Emergent Work should be limited to activities that prevents a Risk to Generation (RTG) or that addresses a safety issue.

2.1.2 Prior to addition of Emergent Work/Activity to P-3 schedule, Requester of Emergent Activity performs the following:

"* Refers to Attachment 7 "Processing 'Notification of Impact to T- 12 Schedule' (Form MP-20-WM-FAP02. 1-001)"

"* Initiates and routes Form MP-20-WM-FAP02.1-001 "Notification of Impact to T-12 Schedule".

MP-20-WM-FAP02.1 Rev. 004-02 6 of 52

2.1.3 IF performance of Preventive Maintenance (PM) prior to Required Completion Date (RCD) is challenged, the following personnel ensures completion of a "PM Change and Deferral Request" (per CBM 105, att.):

Week "PM Change and Deferral Request" - Completion Responsibility Before T-7 Person identifying need to re-schedule PM Scheduling issues ...................................... Development WW M Work Order preparation and PM program issues ............. Planner After T-4 Implementation Week WWM 2.1.4 IF Emergent Activities are identified after the T-4 scope freeze, the WWM evaluates the Emergent Work activity for inclusion into the work schedule, and performs the following:

a. Evaluates impact and adjusts schedule as necessary.

b. Ensures Contingency Plan is established or completed.

c. Ensures appropriate management level approvals are obtained by requesting FLS review via Form MP-20-WM-FAP02.1-001 "Notification of Impact to T- 12 Schedule".

d. IF work added to the schedule after the T-2 Schedule Freeze affects risk significant systems (per Attachment 4 "SSCs Requiring Risk Review/Unavailability Monitoring"), obtains Risk Review.

e. Enters functional equipment group and tracking codes into PMMS for Emergent Activity.

2.1.5 WWM provides the following notifications:

"* Temporary suspension of "local services" notifies Integrated Planning and Performance (IPP) of as soon as practical.

[4.4.51

"* Revenue Meter, Station Service Meter [4.4.5]

0 Written notice to CL&P Test & Maintenance Director 7 days (minimum) prior to commencement of non-routine testing, calibration or maintenance conducted by Dominion to investigate or correct a suspected problem with the Revenue Meter or Station Service Meter (CL&P provides similar notice)

7 day (minimum) notification to IPP of investigative or corrective action(s) of Revenue Meter or Station Service 2.1.6 IF Scope Deletion occurs after the T-4 scope freeze, the WWM performs the following:

a. Evaluates impact and adjusts schedule as necessary.

b. Ensures appropriate management level approvals are obtained by requesting FLS (refer to Form MP-20-WM-FAP02.1-001, "Notification of Impact to T 12 Schedule").

MP-20-WM-FAP02. I Rev. 004-02 7 of 52

c. IF work added to the schedule after the T-2 Schedule Freeze affects risk significant systems (per Attachment 4 "SSCs Requiring Risk Review/Unavailability Monitoring"), Obtains Risk Review.

d. Enters tracking codes into PMMS for Scope Deletion.

2.1.7 IF Scope Expansion occurs (i.e., Work Order > 8 hours9.259259e-5 days 0.00222 hours 1.322751e-5 weeks 3.044e-6 months in duration where scope growth is expected to be > 50% of original estimate) the WWM performs the following:

a. Evaluates impact and adjusts schedule as necessary.

b. IF work added to the schedule after the T-2 Schedule Freeze affects risk significant systems (per Attachment 4 "SSCs Requiring Risk Review /

Unavailability Monitoring"), obtains Risk Review

c. Enters tracking codes into PMMS for Scope Expansion.

2.1.8 IF, at any time, work is expected to exceed 50 percent of TSAS AOT, AND TSAS mandates reactor shutdown at end of AOT, the WWM ensures Director - Nuclear Operations & Chemistry approval is obtained.

2.1.9 WHEN multiple SSCs Requiring Risk Review (per Att. 4) are expected to be unavailable at the same time, WWM quantifies risks using PRA methods (e.g., EOOS), subject to guidance Attachment 8 "Risk Evaluation Required Actions". [4.1.1.1,4.4.7] I 2.1.10 IF MP3 Service Water Pumps may be subject to an extended on-line maintenance I© window of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months or more, WWM ensures Tech Spec 14 day on-line following: I maintenance requirements are met, to include the

"* Risk associated with removing pump for service for an extended on-line maintenance window are evaluated using PRA methods (i.e., EOOS)

" Both 31AS-C IA and 31AS-C 1B Instrument Air Systems are available for duration of extended on-line maintenance window

"* Prior to removing pumps form service, Engineering evaluates the Spent Fuel Pool heat load to demonstrate that time interval from potential loss of Spent Fuel Pool cooling to allowable maximum Spent Fuel Pool temperature is sufficient to allow reasonable remedial action (e.g., Contingency Plan) to restore Spent Fuel Pool cooling [4.1.7]

MP-20-WM-FAP02.1 Rev. 004-02 8 of 52

2.1.11 IF work may result in entry into MP2 Emergency Diesel Generator (EDG) 14 day ensures the following: [4.1 6]2 allowed outage time (with plant operating), WWM

a. PRA methods are used to evaluate risk associated with removing EDG from service for extended on-line maintenance

b. Positive measures are taken to preclude subsequent testing/maintenance activities on remaining MP2 EDG

c. Extended EDG maintenance is not initiated during periods of electrical grid instabilities (including predicted forecasts of severe weather or other external events that may affect electrical system stability or stable plant operations) 0 Expected grid stability verified with CONVEX

d. Extended EDG inspection/maintenance not scheduled coincident with @

planned transients

e. MP3 Station Blackout (SBO) Diesel Generator availability verified by test performance within previous 30 days priorto allowing MP2 EDG inoperable greater that 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months

f. MP3 EDGs operable in compliance with MP3 Technical Specifications during extended MP2 outage

g. No elective maintenance performed within MP2 and MP3 switchyards that could challenge offsite power availability

- End of Section 2.1 -

MP-20-WM-FAP02.1 Rev. 004-02 9 of 52

2.2 Week T-12 (Preliminary - "Plan The Work" List)

NOTE Objective of the Preliminary - "Plan the Work" List is to identify a list of candidate activities to the Maintenance organization for the T-0 Execution Week, as establish need dates for all constraints.

2.2.1 Implementing FLSs provide accurate resource commitments to the On-Line FLS.

2.2.2 On-Line FLS ensures the following:

a. Ops Coordinator establishes Unit Priorities based on Maintenance Optimization (MO) with concurrence from both Nuclear Engineering and Nuclear Operations & Chemistry team members.

b. Ops Coordinator develops a Preliminary - Plan the Work List of System and Functional Equipment Groups (FEGs).

c. Ops Coordinator conducts necessary meetings to ensure the following objectives are satisfied:

Establish work priorities.

Identifies work requiring Contingency Plans (e.g. Compensatory Cooling).

Identifies work requiring Contingency Plan (e.g. Support Work Orders for failed reoccurring work activities).

Release the Preliminary - Plan the Work List to the FLSs.

, Technical Specification Requirements are understood.

The degree of redundancy available for performance of safety function(s) served by the out-of-service System, Structures or Components (SSC) are adequate.

d. Nuclear Engineering assigns restraints to Rapid Response Engineering to clear for the appropriate work week.

e. Supply Chain Management understands part restraints to be cleared for the appropriate work week.

f. Appropriate schedule reference is assigned to the Work Order(s).

g. A preliminary "plan the work schedule" is developed by incorporating PMs and surveillances, as well as comments supplied from all implementing groups after reviewing the Preliminary - Plan the Work List; including availability of parts, maintenance resource data availability and system Operability/Availability or Risk Review concerns.

- End of Section 2.2 MP-20-WM-FAP02.1 Rev. 004-02 10 of 52

2.3 Week T-I1 2.3.1 Maintenance continues with the preparation of work packages and ensures the following:

"* Identify materials required and submit material requests (MR) with a need date of T-7 of the target work week.

"* Identify and communicate to Nuclear Engineering engineering constraints.

Identify required permits (enclosed volume, fire, environmental...)

2.3.2 Nuclear Engineering continues with clearing restraints.

2.3.3 Supply Chain Management continues with clearing restraints.

2.3.4 For work Scope Expansions, deletions, or additions after the T-12 the On-Line FLS shall ensure the following:

"* Work is evaluated for inclusion into the Preliminary - Plan the Work List.

"* Reviews work scope additions since T-12 for Contingency Plans.

"* Affected groups are notified.

"* Enters tracking codes into PMMS.

- End of Section 2.3 MP-20-WM-FAP02. 1 Rev. 004-02 1t of 52

2.4 Week T- 10 2.4.1 Nuclear Engineering ensures engineering constraints are cleared or work is rescheduled.

2.4.2 Maintenance ensures material and Work Order package preparation activities continue in a satisfactory manner.

2.4.3 For work Scope Expansions, deletions, or additions after the T-12 , On-Line FLS ensures the following:

"* Reviews work scope for Contingency Plans.

"* Removes and reschedules the Nuclear Engineering's constrained items from the preliminary schedule.

"* Enters tracking codes into PMMS.

"* Provides a list of activities Not On Target (NOT) at the "Work Screening and Prioritization Meeting".

"* Informs affected groups.

- End of Section 2.4 -

MP-20-WM-FAP02.1 Rev. 004-02 12 of 52

2.5 Week T-9 through T-7 (Work Order Package Preparation and Parts Procurement) 2.5.1 Maintenance ensures the following activities are performed:

"* Work packages continue to be assembled in support of the Preliminary - Plan the Work List objectives.

"* Material procurement activities continue in support of the Preliminary - Plan the Work List objectives.

"* Constraints are identified and tracked for new Work Orders added to the work scope during these weeks.

"o The duration of the out-of-service or testing condition are accurate.

2.5.2 IF during the planning process new engineering constraints (e.g., Supply Chain Management, Nuclear Engineering, etc.) are identified, the On-Line FLS shall be notified.

2.5.3 Implementing FLSs provide an update on available resource data to the On-Line FLS.

2.5.4 The Ops Coordinator ensures the following:

Ensures the Preliminary - Plan the Work List is down loaded to P-3 by the end of T-9.

"* The Operations Coordinator and a WWM meet to discuss work status, which should include a discussion of the following items:

Items with remaining known constraints

Implementing FLS interaction/interface problems

Work requiring Contingency Plans

Priority work items (TSAS/TRM/High Risk Activities)

Maintenance Rule Systems

"* Ensures Contingency Plans for selected work will be completed by T-6.

"* Reviews work scope additions after T-12 for Contingency Plans.

"* Resources commitments are validated against schedule demands and finalized.

"* Informs affected groups of Scope Expansions, deletions, or additions.

2.5.5 "Not on Target" List is rescheduled prior to end of T-6.

- End of Section 2.5 MP-20-WM-FAP02. I Rev. 004-02 13 of 52

2.6 Week T-6 (Work Order Package Walkdowns) 2.6.1 The WWM removes constrained work activities from the P-3 schedule by the end of T-6 and ensures PMMS is updated with the proper tracking code.

2.6.2 IF work may involve entry into the MP 2 EDG 14 day allowed outage time (with plant operating), WWM verifies with CONVEX that electrical grid is expected to be stable during scheduled MP2 EDG outage. [4.1.6]3 © 2.6.3 Maintenance issues all scheduled Work Orders for the appropriate work week to the Implementing FLSs at the end of T-6 week.

- End of Section 2.6 -

MP-20-WM-FAP02.1 Rev. 004-02 14 of 52

2.7 Week T-6 (WWM Review of Schedule & Scope Freeze) 2.7.1 The WWM ensures that a T-6 Schedule is developed, and performs the following, as applicable:

a. Refers To Attachment 3, "Scheduling Considerations," and determines if system/component outage coordination meetings are needed to consider the following:

Work on Technical Specification or Maintenance Rule equipment

Work that exceeds 50% of the Technical Specification Action Statement (TSAS) Allowable Outage Time (AOT)

Work that requires a high degree of coordination and control to ensure timely completion with minimal risk (e.g., multi-Implementing Teams interface requirement).

Work outside normal tagging boundaries

High Risk Activities

b. IF at any time, work is expected to exceed 50 % of TSAS AOT, AND TSAS mandates reactor shutdown at end of AOT, obtains Director - Nuclear Operations & Chemistry's approval.

c. Reviews Attachment 4 "SSCs Requiring Risk Review/Unavailability Monitoring", and performs the following:

"* IF work will be performed on systems monitored with unavailability performance criteria, schedules work with input from System Engineer or Maintenance Rule Coordinator.

"* IF risk significant system trains are out of service, degraded, or their operability is questionable, avoids planning high-risk activities.

d. Refers To/Performs the following, and ensures activities which involve conflicting risk significance are not scheduled concurrently. 9

Attachment 6 "High Risk Activities"

PRA using EOOS

e. IF work requires a power reduction, verifies coordination of work with ISO New England.

f. IF a change to "local service" which could interrupt electrical service, notifies IPP [4.4.5]

g. IF routine testing/maintenance of Revenue Meter or Station Service Meter, notify Convex and IPP [4.4.5]

(CL&P provides similar notice for AC Service Power Meters.)

MP-20-WM-FAP02.1 Rev. 004-02 15 of 52

h. IF TSAS work is planned AND reactor shutdown is mandated at end of AOT, performs the following:

"* IF TSAS AOT is less than or equal to 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , schedules work around the clock.

"* IF AOT period is greater than 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , schedules work a minimum of two shifts per day.

" IF equipment is removed from service, schedules work to start promptly.

i. When possible, scheduled work for a 30-day LCO will be scheduled to work on day shift throughout the scheduled week of work (e.g., Radiation monitors).

j. The WWM performs the following tasks by Monday of T-6:

Converts the schedule to a preliminary levelized schedule and issue it to Implementing FLSs.

Operational Focus items are annotated in the schedule.

Control Room activity items are annotated in the schedule.

Refers To Attachment 3, "Scheduling Considerations," and incorporates scheduling considerations into development of the schedule.

Ensures material procurement activities are completed.

Ensures all Scope Deletions, Scope Expansions, and Emergent Work are documented and tracked in accordance with section 2.1 "Work Evaluation" of this procedure.

- End of Section 2.7 MP-20-WM-FAP02.1 Rev. 004-02 16 of 52

2.8 Week T-6 through T-3 (T-6 Schedule Review Meeting) 2.8.1 The WWM(s) conducts a T-6 Schedule review meeting with the following attendees (or their representative), as a minimum:

WWM, Chair

Maintenance - Planning/ Plant Reliability Coordinators

Nuclear Operations & Chemistry - Work Control SRO

Engineering Duty Manager/CBM

Surveillance Coordinator

Nuclear Operations & Chemistry Coordinator/Chemistry

Project Manager(s)

Representative from Health Physics

Representative from Site Fire Protection/Security 2.8.2 At T-6 Schedule Review meeting, the WWM ensures one of the following:

Reaffirms commitment to clear constraints by the end of T-6,

- OR

Removes item(s) from the schedule, documents per section 2.1 "Work Evaluation" of this procedure, and obtains Implementing Organization(s) acceptance of revised schedule 2.8.3 Following the T-6 meeting, the WWM ensures the following is accomplished:

"* Makes any logic changes to the schedule agreed upon at the T-6 meeting.

"* Ensures that any work activity added, deleted, or modified are documented and approved in accordance with section 2.1 "Work Evaluation" of this procedure.

"* Schedules any required system outage meetings.

2.8.4 Nuclear Operations & Chemistry Coordinators to provide a list of Work Orders not in tagging for review to the WWM.

2.8.5 At the end of T-3 week, the implementing FLSs ensure that:

Review and walk down of the jobs are completed.

All Work Orders requiring Operation's authorization are forwarded to Nuclear Operations & Chemistry's Work Control.

- End of Section 2.8 MP-20-WM-FAP02.1 Rev. 004-02 17 of 52

2.9 Week T-2 (Tagging Preparation, System Outage Meetings, & Schedule Freeze) 2.9.1 The WWM conducts necessary system outage meetings with appropriate personnel to discuss the following items as applicable:

" Sequencing of work

"* Contingency Plans

Interaction between Implementing Teams 2.9.2 The WWM freezes the schedule at the end of T-2 2.9.3 The WWM ensures IPP has been notified of changes in "local services" which could result in interruptions in service. [4.4.5].

2.9.4 The WWM ensures the schedule is PRA reviewed.

2.9.5 The WWM issues proposed T-1 schedule for review at end of T-2.

- End of Section 2.9 -

MP-20-WM-FAP02.1 Rev. 004-02 18 of 52

2.10 Week T-2 (T-2 Schedule Review Meeting)

NOTE The objective of the T-2 meeting is to perform a review of the schedule and provide a confirmation that the schedule is acceptable and can be executed.

2.10.1 The WWM conducts a T-2 Schedule review meeting with the following attendees (or their representative), as a minimum:

WWM, Chair

Maintenance - FLSs/Team Coordinators from each of the teams

Nuclear Operations & Chemistry - Work Control SRO

Engineering Duty Manager and/or System Engineer

Surveillance Coordinator

Nuclear Operations & Chemistry Coordinator/Chemistry

Project Manager(s)

Representative from Health Physics

Representative from Site Fire Protection/Security

Representative from CBM 2.10.2 At the T-2 schedule review meeting, the WWM ensures commitments made at system outage meetings are reviewed and understood by the implementing team.

2.10.3 After the T-2 meeting, the WWM performs the following:

"* Implements schedule changes agreed upon at T-2 Schedule Meeting.

"* Incorporates PRA/Shutdown Risk comments and ensures PRA Risk is levelized across the week to the maximum extent possible.

2.10.4 IF Emergent Work is required, evaluates work for inclusion into work schedule.

2.10.5 IF Emergent Work is required on a risk significant SSC AND a High Risk Activity is currently in progress, WWM evaluates the following:

"* Suspension of the High Risk Activity

"* Restoration of plant to configuration prior to the High Risk Activity

"* Release of the Emergent Work

"* Ensure the schedule receives a new PRA Risk Assessment.

"* Ensures that any work activity added, deleted, or modified are documented and approved in accordance with section 2.1 "Work Evaluation" of this procedure.

2.10.6 IF at any time, work is expected to exceed 50 percent of TSAS AOT, AND TSAS mandates reactor shutdown at end of AOT, the WWM Master Process Owner - Nuclear Operations & Chemistry approval is required.

- End of Section 2.10 MP-20-WM-FAP02. !

Rev. 004-02 19 of 52

2.11 Week T-1 (Final Schedule Issuance) 2.11.1 IF work requires a power reduction to execute, or is a High Risk Activity as identified on Attachment 6 "High Risk Activities", the WWM verifies receipt of application number from ISO-New England (at least 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months in advance).

2.11.2 IF MP2 EDG is scheduled for maintenance that exceeds 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months , WWM perform the following: [4.1.6]4

a. Contacts CONVEX and verifies the following (for duration of scheduled MP2 EDG outage):

Electrical grid stability

©

No inclement weather forecasted which could affect grid stability

b. Verifies MP3 SBO Diesel Generator surveillance performed within past 30 days.

2.11.3 Nuclear Operations & Chemistry's Work Control continues with clearance preparation. (Tagging Clearances should be completed by the end of week T-1.)

2.11.4 WWM, PRA and Shift Manager/Manager- Nuclear Operations & Chemistry sign the cover sheet for the Plan of the Week (T-0).

2.11.5 WWM issues the Plan of the Week (T-0).

- End of Section 2.11 -

MP-20-WM-FAP02.1 Rev. 004-02 20 of 52

2.12 Week T-0 (Execution Week - Work The Plan) 2.12.1 Daily, the WWM updates the schedule for the day based on AWOL status of activities and Implementing Team feedback.

2.12.2 The WWM performs the following:

"* Ensures PRA reviews daily P-3 Schedule (plan of the day)

"* Attends the Site Prioritization Meeting to discuss Operational focus items for the day and any other issues that may need attention.

"* Tracks major activities and ensures that the proper focus is being maintained.

"* Attends the Maintenance second shift briefing to discuss any issues that may need to be supported or resolved.

"* Acts as single point of contact for all schedule activities and during off normal hours, including coordinating call in of personnel to support repair activities or other activities to support operation of the unit as needed per S/M direction.

2.12.3 The Work Control Coordinator(s) ensures all Work Orders scheduled for that day are released or the reason is identified and addressed if possible.

2.12.4 IF 50% of a 30 day LCO time project to be used or is exceeded, the WWM and the Shift Manager reevaluates the work schedule and notifies the Master Process Owner - Nuclear Operations & Chemistry as necessary.

NOTE Priority I work items as identified by MP-20-WM-GDL 100.02 "Work Screening and Prioritization" required only Shift Manager's authorization.

2.12.5 IF Emergent Work is required, the WWM evaluates the work for inclusion in the work schedule:

a. IF Emergent Work is required on a risk significant SSC AND a High Risk Activity is currently in progress, evaluates the following:

Suspension of the High Risk Activity

Restoration of the plant to configuration prior to the High Risk Activity

Release of the Emergent Work

Ensures the schedule receive a new PRA Risk Assessment.

Ensures that any work activity added, deleted, or modified are documented and approved in accordance with section 2.1 "Work Evaluation" of this procedure.

2.12.6 IF at any time, work is expected to exceed 50 percent of TSAS AOT, AND TSAS mandates reactor shutdown at end of AOT, the WWM and Director - Nuclear Operations & Chemistry approval is obtained.

MP-20-WM-FAP02. I Rev. 004-02 21 of 52

2.12.7 The Shift Manager/Unit Supervisor (SM/US)performs the following:

a. IF severe weather conditions exist or are predicted, performs the following:

1) Reviews applicable procedures (i.e., AOPs) for impact.

2) Determines if a Risk Review should be performed based upon work in progress.

3) Determines if work should be stopped.

4) Coordinates with the WWM to determine schedule impact.

b. Prior to release of work, performs the following:

NOTE The overall effect on safety function performance and condition of relevant plant equipment will be assessed in order to assure an acceptable level of unit and system reliability. Potential system interactions and operability of redundant equipment will also be assessed. (Example: Performing work on the diesel generator with concurrent work in the switchyard or on the unit's transmission line would not be generally desired.)

1) Ensures plant is placed in a condition to allow removal of equipment from service and verifies standby equipment is available.

2) Refers To Attachment 4, "SSCs Requiring Risk Review/Unavailability Monitoring," and determines if work involves removing equipment from service for which unavailability tracking is required.

NOTE SM log entries are intended to reflect the actual time equipment is rendered unavailable to perform its function(s).

" Technical Specification SSCs - permissible to consider the LCO entry time as the time of equipment unavailability.

" Non-Technical Specification SSCs - time of unavailability is one of the following:

Time at which tags are hung for tasks is considered the -OR

Point of discovery for equipment failures

3) IF unavailability tracking is required, records the appropriate SSC identification and removal date and time in the Shift Manager log.

(SM/US is also responsible for recording return to service date and time in the Shift Manager log.)

c. IF work implementation delays are encountered that will increase Technical Specification or Maintenance Rule equipment outage times, notifies the WWM to coordinate resources to ensure completion prior to exceeding Technical Specification or Maintenance Rule allowed outage times.

MP-20-WM-FAP02.1 Rev. 004-02 22 of 52

d. IF component failures occur on SSCs, performs the following:

Immediately evaluates the component failure and ensures that appropriate actions are performed to mitigate the effects of the failure, such as expediting or canceling work.

Evaluates the requirement for performing a Risk Review of the SSC failure for its effect on work activities scheduled to be released.

e. Refers To Attachment 4, "SSCs Requiring Risk Review/Unavailability Monitoring," and IF SSC is listed AND additional work is needed on SSC, performs the applicable action:

"* IF work will not extend outage time and does not change existing boundaries, releases work without Risk Review.

"* IF work will extend outage time or changes existing boundaries, obtains Risk Review prior to performing additional work or removing related equipment.

2.12.8 The WWM reviews any work that will carry over to the following week with the WWM and Nuclear Operations & Chemistry Coordinator who are responsible for that specific week.

- End of Section 2.12 -

MP-20-WM-FAP02.1 Rev. 004-02 23 of 52

2.13 Week T+I (Post Week Critique) 2.13.1 Following the execution week, the WWM completes a critique on the work week.

Lesson Learned meetings are held for any significant evolution or major System Outage Window that warrants additional scrutiny to capture and feed forward any improvement items.

2.13.2 The critique is designed to capture significant items that occurred during that work week. The WWM performs a critique of the work week and should document in a summary critique report the following items:

"* T-Meeting Attendance

"* Schedule Adherence KPI's

"* Scope Stability KPI

"* Gap Analysis 2.13.3 WWM - FLS ensures the following:

CRs issued for items assessed as repeat, generic issues, and extent with regards to schedule compliance

Weekly critique is issued and discussed with all Directors, Managers, and TLs.

- End of Section 2.13 -

MP-20-WM-FAP02. I Rev. 004-02 24 of 52

3.

SUMMARY

OF CHANGES Revision 004-02 AR 01006372-04 (CR-01-08675): Section 2.1 "Work Evaluation", added instruction to show personnel responsible for completion of "PM Change and Deferral Request" based on T- 12 schedule week.

AR 01005703-02 (CR-01-07757): Deleted previous Attachment 6 "Risk Matrix" as information among MP 2 and MP3 was inconsistent and not evenly addressed. Risk now determined using PRA and "High Risk Activities" (was Att. 7, now Att. 6).

Re-numbered other attachments and references.

AR 01005850-02 (CR-01-07932):

"* Section 2.1 "Work Evaluation", added "MP3" limitation to step concerning Service Water Pump subject to extended on-line maintenance window of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months (applies to MP 3 only, as discussed in Rev 004-01 Summary of Changes)

"* Att. 1 "Definitions:

Changed term "Condition Code" to the more accurate term "Risk Color Code", and clarified definitions of colors.

Added MP-20-MMM definition for "Corrective Maintenance" as that term was added to definition for Risk Color Code RED.

AR 01004347-02 (MP2 TSCR 2-6-00 Docket No. 50-336, B 18342):

Sections 2.1 "Work Evaluation", 2.6 "Week T-6 (Work Order Package Walkdowns", and 2.11 "Week T- I (Final Schedule Issuance), added WWM instructions concerning MP2 EDG 14 day allowed outage time with plant on-line.

Added source notes for Program Requirements/References [4.4.5], [4.1.1.2, 4.4.7],

[4.1.71.

Deleted Regulatory Commitment source notes, no ACTIVE Reg. Comms. as of Rev. 001 to MP-20-MMM "Work Management" program description.

Section 2.11 "Week T-l (Final Schedule Issuance)", added requirement for WWM to verify MP3 SBO Diesel generator surveillance performed within past 30 days.

Att. I "Definitions": added definition for "Corrective Maintenance", CONVEX, and ISO-New England.

Att. 4 "SSCs Requiring Risk Review / Unavailability Monitoring":

AR 01000067-08, added "3FPW-V812 - Hose Station 52, Alternate Cooling Water Source to CCE Pump Lube Oil Coolers"

AR 01000067-12, deleted listing for AMSAC (AMSAC is not risk significant)

Added new Attachment 9 "Documentation Supporting Modifications to MP-20-WM FAP02.1" to track "Basis Information" attendant to this document.

MP-20-WM-FAP02. I Rev. 004-02 25 of 52

Revision 004-01 Section 2.1 "Work Evaluation" - added step to recognize Tech Spec requirements for extended duration (>72 hours) on-line maintenance of MP 3 Service Water Pumps.

Resolves AR 01004422-02 concerning TSCR 3-3-01 and TRMCR 01-3-6.

Revision 004 Re-incorporate changes made in Rev 002-01 and Rev 002-02. Changes accidentally deleted during Revision 003. AR 01001140-02 (CR-01-01087)

Corrected format and style where not consistent with Master Manual format, Added note to step 2.1.2 to clarify definition of Emergent Work, limiting that work to activities that address "risk to generation" and safety issues.

Revised the T- meeting schedule from T-1 and T-3 to T-2 and T-6.

Various notes - removed "Strategic Objective, "Information", and "Success Factors" information (user feedback).

"Contingency Plan" and "Defense-In-Depth "definition - removed association with Outage Management to resolve possible confusion between On-Line activities and Outage activities. (On-Line safety risks are addressed by PRA, while Outage safety risks are addressed by Shutdown Risk Management).

Added instructions for following notifications by WWM as required by "Interconnection Agreement By and Between The Connecticut Light and Power Company and Dominion Nuclear Connecticut, Inc." (March 31, 2001):

Temporary suspension of "local services"

Non-routine testing, calibration or maintenance conducted by Dominion or CL&P to investigate/correct a suspected problem with Revenue Meter or Station Service Meter

Investigative/corrective action(s) of Revenue Meter or Station Service Section 2.1 - added instructions concerning FEGs, PRA, and EOOS with respect to risk management per "Maintenance Rule" I OCFR50(a)(4) requirements and guidance of NUMARC 93-01 "Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants"; Section 11 "Assessment of Risk Resulting From Performance of Maintenance Activities (AR 01003523-01, CR-01-04537)

Deleted "Sponsored Work/Activity" and use of MP-20-WM-FAP02.1-2 "Sponsored Activity Form". Sponsored Activity now covered by MP-20-WM-FAP02. 1-001 "Notification of Impact to T-12 Schedule".

Added Attachment 7 "Processing 'Notification of Impact to T-12 Schedule' (Form MP 20-WM-FAP02.1-001)" to provide guidance for processing said form.

Added:

Instructions for multiple SSCs Requiring Risk Review (per Att. 4) expected to be unavailable at the same time, Attachment 8 "Risk Evaluation Required Actions" to provide guidance for quantifying risks where multiple SSCs Requiring Risk Review are expected to be unavailable at the same time MP-20-WM-FAP02.1 Rev. 004-02 26 of 52

Attachment 1 Definitions (Sheet I of 6)

AOT - Allowable Outage Time Work Order, Automated Work Order (AWO) - Documentation generated from data entry into PMMS which is used to define, direct and record actions on plant material condition deficiencies, non-conformances or modifications. Work Orders can be generated from TRs approved and assigned for action by the Work Screening and Prioritization Committee.

AWOL - Automated Work Order Log CBM - Condition-Based Maintenance Constraint - Condition preventing an Work Order from attaining 'Ready to Work' status.

(e.g., parts not on site, DCN not ready, etc.).

Contingency Plan - A plan of compensatory action to:

"* Maintain Defense-in-Depth by alternate means when SSC pre-outage planning reveals that specified SSCs will not be available

"* Restore Defense-in-Depth when system availability drops below the planned Defense-In-Depth during an SSC outage

"* Minimize the likelihood of a loss of key safety functions CONVEX - Connecticut Valley Exchange.

A regional electrical power grid management organization.

Corrective Maintenance - (INPO AP-928 [4.3.1])Restoration of equipment or components affecting nuclear or personnel safety or plant reliability that have failed, are degraded, or do not conform to their original design, configuration, or performance. Includes work performed under the Minor Maintenance process or FIN process.

Plant equipment components should be considered failed or degraded if the deficiency is similar to any of the following examples:

Removed from service because of actual or incipient failure

Does not meet design specifications for configuration or performance criteria

Creates a personnel or nuclear safety hazard or reliability concern

Adversely affects the seismic, environmental, or fire qualification of the component ©

Affects nearby equipment (for example, missing piping insulation that increases the operating temperature of nearby electrical equipment)

Creates the potential for rapidly increasing component degradation (for example, leaks of borated water)

Releases fluids that create contamination concerns, or has the potential to, under postulated accident conditions

Affects controls or process indications that directly or indirectly impair operator ability to operate the plant, or reduces redundancy of important equipment MP-20-WM-FAP02.1 Rev. 004-02 27 of 52

Attachment 1 Definitions (Sheet 2 of 6)

DCN - Design Change Notice DCR - Design Change Request Defense-In-Depth - For the purpose of managing safety risk during On-Line maintenance activities, Defense-In-Depth is the concept of:

Ensuring availability of SSC to backup for safety functions using redundant, alternate, or diverse methods 0 Planning and scheduling SSC outage activities in a manner that optimizes safety system availability 0 Planning and scheduling SSC outage activities to ensure full consideration of Technical Specification requirements and in a manner that optimizes safety system availability and reduces plant configuration risk

Providing administrative controls that support and enforce the above items EOOS - "Equipment Out Of Service" electronic database Emergent Work/Activity - Work added to the schedule after the T-4 Scope Freeze, and should be limited to activities that prevent a Risk to Generation or address safety issues.

Sponsorship of these activities are assigned to an individual who is responsible for resolving problems, barriers, and support activities (i.e.: drain permits, fire watches, tagging, and confined spaces) required to meet the schedule.

Fix-It-Now (FIN) Team - A cross-discipline group of workers with a charter to make repairs to plant equipment which, generally speaking, do not require sophisticated planning but do involve multiple work groups.

FEG - Functional Equipment Group. Equipment which supports a limited function within a system that is grouped together in support of maintenance activities (notably, tag out).

Fragnet - a sub-group to a FEG Gap Analysis - Analysis which explains why scheduled activities were not performed as scheduled.

High Risk Activities - An activity or condition which significantly increases the possibility of a reactor trip or inadvertent safety system actuation as identified on Attachment 6.

IPP - Integrated Planning and Performance, a group within the "Manage the Business" organization at Millstone.

ISO-NE, ISO-New England - Independent System Operator - New England.

A regional electrical power grid management organization.

MP-20-WM-FAP02. 1 Rev. 004-02 28 of 52

Attachment 1 Definitions (Sheet 3 of 6)

Maintenance Optimization - decision making process to determine the most effective maintenance program for plant equipment by evaluating information related to the design, operation and maintenance of plant equipment.

Manpower Levelizing - A schedule review that distributes work throughout a week to maximize effectiveness.

Minor Maintenance - Actions for deficiencies on station components or parts where the repairs are minor in nature and meet requirements as set forth in applicable plant procedures.

NIT - Form MP-20-WM-FAP02. 1-001 "Notification of Impact to T- 12 Schedule" Non-Intrusive Work - A short-term activity which does not affect the functionality or operability of plant components or equipment. This activity would also not require a retest.

NOT - Not On Target - identified work activities that are in jeopardy of not meeting scheduled milestones.

On-Line Maintenance - Those activities that can be performed when the unit is in MODE 3 and above (Modes 3, 2, 1). (Mode 4 is covered by PRA until the transition to Shutdown Risk is assumed by Outage Management.)

Off-Normal-Hours - Period in time that covers weekends, holidays, and or back shifts.

OPS, Ops - The Nuclear Operations & Chemistry organization within Millstone Operational Focus - Refers work associated with TSAS, TRM, High Risk, Orange List, Control Panel Deficiencies, KEPL, and or Operations Burdens.

Outage - When the unit is in MODE 4, 5, 6 or Defueled, the unit is considered to be in an outage condition. (Mode 4 is covered by PRA until the transition to Shutdown Risk is assumed by Outage Management.)

P-3 (Schedule) - Primevera© scheduling software used by Millstone to schedule maintenance and other activities PRA, Probabilistic Risk Assessment - (Performed in MODES 1,2, 3, 4) A modeling process used at Millstone to identify the most probable scenarios, beyond Design Basis, which can lead to core damage.

The model results can be used to determine:

"*severe accident design vulnerabilities,

"*risk significance of individual SSCs,

"* allowed plant configuration times (i.e., basis for 14 day EDG allowable outage time).

MP-20-WM-FAP02.1 Rev. 004-02 29 of 52

Attachment 1 Definitions (Sheet 4 of 6)

Preliminary - Plan the Work List - Developed by incorporating PMs and surveillances to stimulate comments from the organization with respect to availability of parts, maintenance resource data availability and system Operability/Availability.

Preliminary - Plan the Work Schedule - Developed by incorporating PMs and surveillances as well as comments supplied from all implementing groups after reviewing the preliminary

- plan the work list; including availability of parts, maintenance resource data availability and system Operability/Availability or Risk Review concerns.

Production Maintenance Management System (PMMS) - PMMS is an information management system that serves as a repository for SSC data, work order and equipment maintenance history, and work management information and status.

Protected Train/Facility - Equipment specified and maintained for Defense-In-Depth to ensure adequate key safety functions are met.

Reactivity Control - Measures established to preclude inadvertent dilutions, criticalities, power excursions, or loss of shutdown margin, and to predict and monitor core behavior.

Risk Color Codes - Signifies the "maintenance configuration-specific level of risk" due to SSC availability (from a PRA aspect) with respect to that (SSC availability) needed to provide minimum Defense-In-Depth. Risk Color Codes are based on the calculated instantaneous Core Damage Frequency (CDF) associated with removing equipment from service.

Green - An acceptable configuration specific risk. Risk management via normal work controls is normally sufficient.

Yellow - An increased yet acceptable configuration-specific risk, such as having one risk significant system train unavailable. Heightened risk awareness (e.g., pre-job brief) is recommended. Avoid removal of additional risk-significant equipment from service while in a yellow configuration. Planned evolutions that create this condition require approval by the Risk Reviewer.

Orange - An increased configuration-specific risk requiring compensatory measures (non-quantifiable factors) in place before SSC is removed from service. Orange conditions shall be minimized and worked in an expedient manner. Planned evolutions that create an orange condition require approval by the Risk Reviewer as well as heightened risk awareness (e.g., pre-job brief).

Red - An unacceptable (or high) configuration-specific risk, voluntary/plannedentry is prohibited. Unplanned/involuntary entry to perform Corrective Maintenance is permissible, but strongly discouraged, and requires additional risk management measures, including, but not limited to:

"*Expediting work to minimize duration of Red risk configuration

"* Heighten risk awareness (e.g., pre-job and shiftly briefs)

"* Approval by Millstone Executive Management

"* Pre-staging materials and tools MP-20-WM-FAP02. 1 Rev. 004-02 30 of 52

Attachment 1 Definitions (Sheet 5 of 6)

Risk Review - The determination of the "maintenance configuration-specific level of risk" of the unit with regards to SSC unavailability from a PRA aspect for minimum Defense-in Depth.

Risk Reviewer - Individuals knowledgeable in performing Risk Reviews such as, but not limited to, the SM, US, OPS SRO, PRA reviewers.

Schedule Freeze - At the end of the T-2 week the schedule is finalized. From the Friday of T-2 to the Saturday of T-0 will be used as the bases for the weeks schedule adherence KPIs.

Scope Freeze - At T-4 all work in the week has an assigned schedule reference and will require formal approval to add, delete, or modified an activity.

Scope Expansion - Required Man-hours increased >50% of original estimate because of unanticipated component degradation.

Scope Deletion - Work activity deletions occurring after the T-4 Scope Freeze.

Schedule Fluctuations - schedule additions, deletions, or modifications due to changes in work scope or required deliverables.

SDR - Shutdown Risk (controlled by MP-20-OM-FAP02.2 "Shutdown Risk Management")

Short Form Work Order - A 1 page Work Order used for work that meets one of the two following criteria:

"* Uses PORC, SORC or SQR approved procedures or forms that contain provisions for Control Room approval and documentation of work.

"* Work that does not involve or effect any of the following:

Performance Evaluation (PE)

& Plant Operation

& Safety Tagging

Implementation of work defined in the Design Control Manual (DCM)

SSCs - Systems, Structures, Components SSCs Requiring Risk Review - Identified in Attachment 4 "SSCs Requiring Risk Review/Unavailability Monitoring" SVs - Surveillances WWM - Work Week Manager Work Week Tracking Codes - A set of work process tracking codes maintained by the WWM-FLS for compiling data (5th and 6th characters of PMMS Schedule Reference)

MP-20-WM-FAP02. I Rev. 004-02 31 of 52

Attachment 1 Definitions (Sheet 6 of 6)

Work Screening and Prioritization (WSAP) Committee - The function of the WSAP is to determine the appropriate week to perform required work. Representatives from the following organization should be in attendance:

"* FIN

"* Chemistry

"* Maintenance

"* Health Physics

"- Nuclear Engineering

"* Refueling Outage Scope

"* Supply Chain Management

"* Nuclear Operations & Chemistry's Work Control MP-20-WM-FAP02. I Rev. 004-02 32 of 52

Attachment 2 Responsibilities (Sheet 1 of 5)

Work Week Manager - FLS Responsible for the development, approval, and implementation of the on-line scheduling process, including the following:

"* Provides management direction and oversight for schedule processes

"* Reviews and approves associated procedures, implementing team instructions, and guidelines

"* Has overall responsibility for work screening and prioritization

"* Establishes requirements for schedule support

"* Ensures proper integration of the schedule process within the work control process

"* Provides an analysis of the weekly on-line schedule performance indicators and items which did not meet schedule expectations

Identifies root causes and adverse trends to applicable organizations

"* Reviews and approves recommendations to correct adverse trends in, or effect enhancements to, the 12-week rolling schedule process

"* Coordinates the process to produce the daily and weekly on-line schedules and ensures the schedules are issued

Evaluates emergency and urgent work items for inclusion into the next available daily or weekly schedule

"* Monitors and adjusts the on-line schedule function as necessary based on input from the user community within Maintenance and other Director/Managers

"* Maintains adequate resources to provide the scheduling function in personnel, hardware, and software issues

Ensures the scheduling organization is trained and adheres to scheduling discipline requirements 0 Ensures the on-line schedule is integrated with the units overall schedule so that impacts to plans and overall resource utilization are communicated and understood 0 Reviews execution work week critiques provided by WWMs 0 Ensures on-line maintenance scheduling process meets the requirements of the Maintenance Rule

Ensures backlog corrective and degraded work orders are properly scheduled so as not to challenge Risk to Generation and Nuclear Safety Nuclear Operations & Chemistry - Work Control SRO Responsible for the following:

Performs initial screening and categorization of all incoming Trouble Reports (TRs) per MP-20 WM-GDL100.02 "Work Screening and Prioritization".

"* Reviews the schedule for operability and technical specification concerns

"* Directs clearance tagging effort

"* Authorizes release of work packages during the Work Week by serving as the release authority

"* Prior to the release of work, ensures all equipment is properly tagged, drained and isolated

"* Authorizes, on behalf of the Shift Manager and Unit Supervisor, work in the plant to be performed during the Work Week

"* Ensures a timely retest of post maintenance equipment.

MP-20-WM-FAP02.1 Rev. 004-02 33 of 52

Attachment 2 Responsibilities (Sheet 2 of 5)

Operations Coordinator Responsible for establishing and maintaining the work scope from week T- 12 through week T-6, including the following:

"* Reviews the following and establishes the initial work scope for a work week:

"* Available personnel resources

"* System Engineer recommendations regarding work priorities

"* PMs, SVs, CMs, DCRs, CRs, and EWRs

"* Nuclear Operations & Chemistry's recommendations/priorities

"* Evaluates impact of common unit systems

"* Maintains the work week scope list between weeks T- 12 and T-6 based on input from Maintenance, Nuclear Engineering, and Supply Chain Management organizations

"* Aligns work activities for Work Orders, PMs, SVs, and EWRs in accordance with the 12 week rolling schedule

"* Makes all reasonable efforts to ensure work can be performed or an approved PM deferral put in place prior to removing PM Work Orders from on-line schedule

"* Performs initial screening and categorization of all incoming Work Orders

"* Conducts required T-12 Meetings

"* Continually reviews and evaluates the overall work week process

"* Assessment of risk results from performance of maintenance activities:

"* Ensures performance of maintenance during power operations should be planned and scheduled to properly control out-of-service time of systems or equipment.

"* Assessment to consider:

"* Technical specifications requirements

"* The degree of redundancy available for performance of the safety functions(s) served by the out-of service SSC

"* The likelihood of an initiating even or accident that would require the performance of the affected safety function

The likelihood that the maintenance activity will significantly increase the frequency of a risk-significant initiating event (e.g., by an order of magnitude or more as determined by each licensee, consistent with its obligation to manage maintenance-related risk)

"* Component and system dependencies that are affected

"* Significant performance issues for the in-service redundant SSCs

"* Backlog Integration

"* Ensures activities scheduled to be performed on shared systems, structures, and or components (e.g. common systems between units like the Unit I stack) have unique FEGs assigned to the Work Orders.

"* Ensures Corrective Maintenance (C) backlog is scheduled to meet the organization's goals.

"* Ensures Degraded Maintenance (D) backlog is scheduled to meet the organization's goals.

"* Enter tracking codes into PMMS for (C) and (D) Backlogs MP-20-WM-FAP02.1 Rev. 004-02 34 of 52

Attachment 2 Responsibilities (Sheet 3 of 5)

Work Week Managers (WWMs)

Responsible for the successful execution of the schedule from Week T-6 through successful execution of the schedule involves all coordination required to complete the work. The WWM is the single point of contact for Nuclear Operations & Chemistry, Nuclear Engineering, and Maintenance for all items in their assigned execution week. For complex projects, a Project Manager can be assigned through Week T-0 for the execution week they are assigned.

The Work Week Manager:

"* Determines logic, duration and man loading of work activities with assistance from planners and implementing FLSs

"* Prepares and distributes a levelized schedule

"* Provides critique, with performance data and recommendations, to WWM - FLS

"* Ensures functionally related items are grouped or bundled together to minimize the number of times equipment is out of service, and improve system availability

"* Ensures work requiring power reduction to execute is coordinated with ISO-New England

"* Evaluates impact of common unit systems

"* Makes all reasonable efforts to ensure work can be performed or an approved PM deferral put in place prior to removing PM Work Orders from on-line schedule

"* As final authority, performs the following during Weeks T-6 through T-0:

Performs any changes to work week schedule

Reviews logic ties and performs necessary adjustments

"* In consultation with Nuclear Operations & Chemistry and implementing FLSs, identifies work that may not be ready to be performed

"* Coordinates plant resources as required to meet the Work Week Schedule

Obtains feedback from work in progress and updates working schedules to reflect the accurate status of on-going work in the plant

"* Maintains ownership of the schedule for the execution week beginning at T-6 and incorporates all changes to the week's scope

"* Maintains and provides enhancement requests to the schedule so that it can be more successfully executed

"* Conducts schedule review meetings for Weeks T-5 through T-0

"* Coordinates with the FLSs to incorporate new jobs into the work week

"* Implements schedule during T-0 execution week

"* Verifies all testing has been performed as scheduled

"* Acts as the off-normal-hours designee for Director - Maintenance for approving Scope Deletions, additions, and or duration changes; - "as assigned"

", Reviews and determines where Emergent Work fits into the schedule and what impact Emergent Work will have

"* Evaluates execution week performance (during T+l) to identify adverse trends and opportunities for process improvements

"* Coordinates with OPS SRO/Coordinator in determining constraints on work activities, including special requirements for removing equipment from service such as tagging and draining MP-20-WM-FAP02.1 Rev. 004-02 35 of 52

Attachment 2 Responsibilities (Sheet 4 of 5)

Work Week Managers (continued)

Daily, updates the Items For Investigation (IFI) based on information provided from the Site Prioritization Meeting and updates given throughout the day

Refers to Attachment 3, "Scheduling Considerations," and determines if system/component outage coordination meetings are needed to consider the following:

Work on Technical Specification or Maintenance Rule equipment referenced in Attachment 4, "SSCs Requiring Risk Review/Unavailability Monitoring," for DCRs and non-repetitive work

Work that exceeds 50% of the TSAS

Work that requires a high degree of coordination and control to ensure a timely minimal risk completion (examples: multi-implementing team interface requirements)

Work outside normal tagging boundaries

Work known to cause a plant transient Project Manager Responsible for reviewing the project outage schedules, the resolution of engineering holds, and ensuring the schedules can be implemented as planned which includes the following:

Coordinates with WWM to develop project schedule

Reviews all work tasks to ensure activities such as scaffolding erection, clearance installation, insulation removal, and any other prerequisites to work performance have been satisfied

Maintains cognizance of all project work activities and their relationship to each other to prevent conflicts in work implementation (i.e., resource saturation, utilization of equipment such as cranes, condition of area such as fuel movement in progress, decons in progress, etc.)

Resolves area conflicts which could impact outage progress

Recommends changes to the work week schedule which are necessitated by unanticipated events, and provides assistance in the planning and implementation of those changes

Reports progress of each project for update into the schedule

Maintains a daily log of project activities to be reviewed and discussed during turnover meetings (if working multiple shifts)

Provides assistance by participating in turnover meetings (if working multiple shifts)

Supply Chain Management Coordinator Dedicated to support the work control schedule and emergent issues which will reduce the cycle time of Work Order's that enter P hold status.

Engineering Duty Manager (EDM)

Primary interface between the WWMs and Nuclear Engineering. The EDM also acts as the Nuclear Engineering Representative during planning meetings to communicate open engineering items to the appropriate group tasked with the resolution.

Nuclear Engineering Rapid Response Team (RRT)

Dedicated to support the work control schedule and emergent issues which will reduce the cycle time of Work Order's that enter E hold status.

MP-20-WM-FAP02.1 Rev. 004-02 36 of 52

Attachment 2 Responsibilities (Sheet 5 of 5)

System Engineers Systems Engineers are responsible for the following:

Monitors work performed on SSCs they are responsible for, which includes monitoring unavailability hours in accordance with the Maintenance Rule

"* Maintains cognizance of system work activities and their relationship to each other to prevent conflicts in work implementation (Maintenance Optimization (MO))

"* Resolves area conflicts which could impact system outage progress

Recommends changes to the work week schedule which are necessitated by unanticipated events, and provides assistance in the planning and implementation of those changes Process Representatives (Nuclear Engineering, Health Physics, Chemistry, Site Fire Protection, Security, CBM)

Process Representatives are responsible for providing input during planning meetings and necessary support for schedule items that allow proper execution of the published schedule during T-0 week.

First Line Supervisors (FLSs)

Responsible for the following:

"* Provides input of required work activities; including schedule ties, other discipline support, retest requirements, and other schedule items that allow proper execution of the schedule during T-0

"* Attends planning meetings, acting as implementing team representative to planning meetings

"* Provides data resources to the On-Line FLS for scheduling considerations

"* Tracks status of work in progress and provides information at status meetings

"* Implements assigned activities during T-0 week in accordance with published schedule Nuclear Operations & Chemistry Coordinators Nuclear Operations & Chemistry Coordinators assist the WWM with schedule preparation and execution for the execution week they are assigned. Responsibilities include:

& Reviewing Technical Specification and Technical Requirements Manual compliance issues related to the schedule

Screening of all work significant to Nuclear Operations & Chemistry and ensuring proper controls are established to minimize operational impact

Provides primary interface between Nuclear Operations & Chemistry's Work Control and Operations Shift Personnel

Provides assistance as the single point of contact for operation control of plant activities for scheduled and Emergent Work activities

"* Supports the appropriate WWM for Emergent Work

"* Reviews any work that will carry over to the following week for acceptable risk, with the WWM who is responsible for that specific week

"* Managing preparation of all clearances required for execution week

"* Attends 0600 Site Prioritization, T-1, T-3 and Work Screening and Prioritization meetings as the Operation Representative.

MP-20-WM-FAP02. I Rev. 004-02 37 of 52

Attachment 3 Scheduling Considerations (Sheet I of 3)

Work Activity Considerations Actions developed to ensure work activities are efficiently coordinated, performed with minimal risk to the plant, and completed within established time restrictions.

Required Completion Date (RCD) and Grace Entry Date (GED) on PMs must be evaluated before rescheduling occurs unless approved via CBM 105 "PM Change and Deferral Request".

"* Work hours (Example: 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months per day, 3 shifts per day)

"* Special work coordination requirements including required crew start and finish times.

"* Calendar "G" Short Form Work Order, other than surveillances, may be completed anytime within the week.

"* Special schedule flags (Example: trip avoidance, TSAS entry, LCO)

Risk management insights and risk work sequencing concerns.

Contingency Plans and contingency resource needs.

Management schedule approvals (TSAS entries)

"* Out-of-service time limitations (provided by the system engineer)

"* Pre-assembly and fabrications

"* Component and system re-testing

"* Plant condition prerequisites

"* Spare parts, consumable, rigging equipment, pre-staging

"* Impact of work on other units (e.g. System, Structures, and or Components)

"* Identification of optimum time to perform work

"* Effects of weather and seasonal temperature variations

"Intent change" PM tasks - require an approved "PM Change and Deferral Request" (CBM 105 att.) prior to rescheduling or cancellation Work Orders identifying work which requires breaching or blocking open boundary doors (i.e., EBFAS, HELB) must be annotated as such.

Example: Painting an area in the plant requires the use of temporary ventilation provided by blocking open or breaching an EBFAS boundary door. This condition must be identified in the work week schedule to ensure appropriate compensatory actions can be established.

MP-20-WM-FAP02. i Rev. 004-02 38 of 52

Attachment 3 Scheduling Considerations (Sheet 2 of 3)

Planning Considerations - Work elements requiring evaluation to ensure work activities are completed in a safe, timely, and efficient manner.

Personnel

"* Personnel resource requirements

"* Personnel skill levels, experience levels, and qualification requirements

"* Shift manning requirements, including manpower for unanticipated work extensions

"* Identification of QC inspection points and special QC resource requirements.

"* Technical representative availability during work (example: tech support, vendor)

"* Nuclear Operations & Chemistry and other Director/Manager awareness of task specific risk concerns.

"* Planner availability during work implementation

"* FLSs availability during work implementation Safety and Permits

"* Special permit requirements (example: confined space, ignition source, RWPs)

"* Special resource requirements (example: lighting, heating, air, water, ventilation)

"* Special flammable material controls

"* Special hazardous material controls and qualification requirements (example: lead paint, asbestos)

Work Elements

Identification of task initial conditions and prerequisites

"* Adequacy of procedures and Work Orders for their intended purpose

"* Additional reference material needs (example: prints, vendor manuals, sketches)

"* Consideration of using non-intrusive predictive techniques instead of planned work.

"* Work coordination (example: Inter-discipline, tagging)

"* Concurrent work in immediate area

"* Concurrent work beyond the station boundary (example: 345KV high line work and grid stability throughout the planned work period)

"* Lay down and equipment staging area needs

"* Pre-erection of scaffolding and ALARA shielding

"* Barricading of redundant or trip critical components

"* Post maintenance testing requirements and in-service restoration duration (example: personnel, test equipment)

Parts, Tools, and Equipment

Identification and pre-staging of spare and contingency parts and consumables.

Pre-calibration of spare and/or contingency parts.

Identification and pre-staging of special tools and M&TE.

Special rigging/lifting equipment (example: overhead cranes, fork trucks, unique rigging, rigging pad eyes)

MP-20-WM-FAP02.1 Rev. 004-02 39 of 52

Attachment 3 Scheduling Considerations (Sheet 3 of 3)

Implementation Considerations - Actions developed to ensure work is performed as planned and scheduled.

Special pre-job briefings, identification of required pre-job briefing attendees (consider management and supervisor participation)

Barricading of redundant and adjacent equipment

Special working rules (example: work through breaks, lunches)

Full time FLS coverage

Site awareness of on-going work activities

Shift turnover requirements (consider management and FLS participation).

Special management actions to ensure work completion within established Out-of-service times

Post-job critique meetings (performed as necessary)

Contingency Considerations - are those actions that are developed to restore defense-in-depth should emergent problems occur during performance of the on-line work.

"* Contingency recovery and restoration plans as a result of failed inspections and potential plant transients, etc.

"* Backup resource requirements (example: qualified workers, subject experts, vendor representatives, on-call workers, SORC members, planners)

"* Pre-staged temporary resources, temporary modifications (example: electrical power, temporary heating)

Backup M&TE, special tooling, rigging, and lifting equipment

"* Contingency Plans to correct and verify performance of redundant equipment

"* Identify procedures which can be performed or develop special procedures.

"* Establish Contingency Plan for activities requiring breaching or disabling of radiological barriers.

MP-20-WM-FAP02. 1 Rev. 004-02 40 of 52

Attachment 4 SSCs Requiring Risk Review / Unavailability Monitoring (Sheet I of 6)

MP2 RCS and Associated Support Systems E] 2301-3 Pressurizer, PORV: 2-RC-402 13 2301-3 Pressurizer, PORV: 2-RC-404 LI 2302 Control Element Drive - Trip Breakers CTB -1, 2, 3 & 4 LI 2304C Boric Acid Gravity Feed via 2-CH-508 or 509 to CVCS pp suction header 1- 2304C Boric Acid Pumps P 19A or B via 2-CH -514 to CVCS pp suction header 13 2406 Reactor Protection Channel A in Cabinet RPS-A 13 2406 Reactor Protection Channel B in Cabinet RPS-B 13 2406 Reactor Protection Channel C in Cabinet RPS-C E] 2406 Reactor Protection Channel D in Cabinet RPS-D 13 2401B NI Linear Power Range, monitored as part of RPS MP2 ECCS and Associated Support Systems L] 2304A CVCS train ZI: Pl8AorB toRCLoops IA& lB 13 2304A CVCS train Z2: PI8C orB to RC Loops lA & lB 13 2304A CVCS to Aux Spray via 2-CH -517 F- 2304A CVCS Actuators for 2-CH-517, 518 & 519 with Accumulators T-125, 126, & 127- long term boron control EL 2306 Safety Injection Tank - T39A to RCS Cold Leg n3 2306 Safety Injection Tank - T39B to RCS Cold Leg El 2306 Safety Injection Tank - T39C to RCS Cold Leg E] 2306 Safety Injection Tank - T39D to RCS Cold Leg

[J 2307 LPSI Train ZI: P42A to RCS Cold Legs w/ pump recirc to RWST 13 2307 LPSI Train Z2: P42B to RCS Cold Legs w/ pump recirc to RWST

[] 2307 LPSI long term boron precipitation control - via 2-SI- 400 13 2308 HPSI Train Z 1: P41A or B via 2-SI-656 w/ pump recirc to RWST LI 2308 HPSI Train Z2: P41C or B via 2-SI-654 w/ pump recirc to RWST El 2310 Shutdown Cooling Train Z I: P42A & X23A thru 2-SI-657 to RC Loops E3 2310 Shutdown Cooling Train Z2: P42B & X23B thru 2-SI-657 to RC Lops E] 2310 Shutdown Suction Line via 2-SI-651, 652 & 709 13 2350 RWST via 2-CS- 13.1A to SI pump suction headers 13 2350 RWST via 2-CS-13.1B to SI pump suction headers F1 2350 Containment Sump via 2-CS-16.1A to SI pump suction headers E] 2350 Containment Sump via 2-CS- 16.11B to SI pump suction headers E3 2405 ESAS Sensor Channels A, Cabinet 2N2 I-]

E] 2405 ESAS Sensor Channels B, Cabinet 2N21-2 13 2405 ESAS Sensor Channels C, Cabinet 2N21-3 LI 2405 ESAS Sensor Channels D,. Cabinet 2N21-4 LI 2405 ESAS Actuation/Sequencers train ZI Cabinet 2N21-5 13 2405 ESAS Actuation/Sequencers train Z2 Cabinet 2N21-6 E] 2423 Spec 200 - varies per systems that they effect - Cabinets MP-20-WM-FAP02.1 Rev. 004-02 41 of 52

Attachment 4 SSCs Requiring Risk Review / Unavailability Monitoring (Sheet 2 of 6)

MP2 Containment Integrity Support Systems

[] 2309 Containment Spray P43A to CTMT Spray Header w/ pump recirc to RWST Fl 2309 Containment Spray P43B to CTMT Spray Header w/ pump recirc to RWST U 2312 Containment Isolation Valves (does not require unavailability monitoring but is risk significant)

El 2312A Containment Penetrations Electrical (does not require unavailability monitoring but is risk significant)

Ii 2313A Containment Air Recirculation & Cooling: F-14A & C j] 2313A Containment Air Recirculation & Cooling: F- 14B & D E] 2314B Containment & Enclosure Building Purge:

System Isolation/Trip/Actuation from an ESAS signal U 2316 Main Steam Valves: System Isolation (MSI) MS-64A, 65A & 265B

[] 2316 Main Steam Valves: System Isolation (MSI) MS-64B, 65B & 266B

[] 2321 Feedwater Valves - MSI to SG A FW-SA, 41A & 51A E] 2321 Feedwater Valves - MSI to SG B FW-5B, 41B & 51B F1 2322 Auxiliary Feedwater: System Isolation FW-44 & 43A/B MP2 RCS and Associated Support Systems nl 3RCS*PCV455A PORV unisolated F- 3RCS*PCV456 PORV unisolated El SSPS A - A Solid State Protection System, includes reactor trip breakers not being tested (bypass breaker open)

El SSPS B - B Solid State Protection System, includes reactor trip breakers not being tested (bypass breaker open)

E] At least one boric acid tank and associated flow path available MP-20-WM-FAP02.1 Rev. 004-02 42 of 52

Attachment 4 SSCs Requiring Risk Review / Unavailability Monitoring (Sheet 3 of 6)

MP2 Support Systems F1 2314A Main Exhaust:

System Isolation/ F-34 A, B, C & F-39A & B Trip from an ESAS signal 13 2314C Radwaste Ventilation: ESF Room Isolation/Trip from an ESAS signal LI 2314F Fuel Handling Vent: System Isolation/Trip from an ESAS signal LI 2314G EBFS Train F-25A to MPI stack F1 2314G EBFS Train F-25B to MPI stack 13 2314H ESF Room Recirculation Train F-15A El 2314H ESF Room Recirculation Train F-I 5B 13 2315D Vital Switchgear Emergency Cooling Train F-54A to DC SWGR 13 2315D Vital Switchgear Emergency Cooling Train F-54B to DC SWGR 13 2315D Vital Switchgear Emergency Cooling A/C-3 to MCC B5 I 13 2315D Vital Switchgear Emergency Cooling A/C-4 to MCC B61/B41A 13 2315D Upper & Lower Switchgear El 2315E Diesel Room A Ventilation F-38A F1 2315E Diesel Room B Ventilation F-38B n3 2316 Main Steam: Atmospheric Dump Valve MS-190A F1 2316 Main Steam: Atmospheric Dump Valve MS -190B E] 2316 Main Steam: Atmospheric Safety Valves - PSV-4225 thru 4232 E] 2316 Main Steam: Atmospheric Safety Valves - PSV-F233 thru 4240 n3 2316 Main Steam A to AFW Turbine via 2-MS-201 E] 2316 Main Steam B to AFW Turbine via 2-MS-202 ni 2319B CST to Turbine Driven AFW pump via 2-CN-27A El 2321 Feedwater Line for AFW flow to SG A upstream of 2-FW-5A nl 2321 Feedwater Line for AFW flow to SG B upstream of 2-FW-5B E] 2322 Auxiliary Feedwater: Pump P9A to Steam Generators LI 2322 Auxiliary Feedwater: Pump P9B to Steam Generators E] 2322 Auxiliary Feedwater: Turbine Driven Pump P4 to Steam Generators E] 2326A Service Water Hdr A with Pump P5A or P5B E] 2326A Service Water Hdr B with Pump P5C or P5B 13 2326A SW System Isolation Valves 2-SW-3.2A & B 13 2330A RBCCW HdrA with Pump PlIA orPi lB &Hx XI8A orXl8B E] 2330A RBCCW Hdr B with Pump P1 IC or PI lB & Hx XI8C or XI8B 13 2330C Chilled Water - Train ZI, X-169A 13 2330C Chilled Water - Train Z2, X-169B 13 2346B Diesel Generators Fuel Oil Tank - T48A 13 2346B Diesel Generators Fuel Oil Tank - T48B 1] 2349 Station Computer (non-risk significant only requires unavailability monitoring)

MP-20-WM-FAP02. I Rev. 004-02 43 of 52

Attachment 4 SSCs Requiring Risk Review / Unavailability Monitoring (Sheet 4 of 6)

MP3 ECCS and Associated Support Systems F1 EGLS A - A Emergency Diesel Generator Sequencer nl EGLS B - B Emergency Diesel Generator Sequencer FI 3FWA*P IA - A Motor Driven Steam Generator Auxiliary Feed pump El 3FWA*PIB - B Motor Driven Steam Generator Auxiliary Feed pump Lii 3FWA*P2 (TD AFW) - Turbine Driven Auxiliary Feed pump El Train A Charging (3CHS*P3A/C available)

E] Train B Charging (3CHS*P3B/D available)

E] 3CCE*PIA -Train Charging Pump Lube Oil Cooling El 3CCE*P1 B - Train B Charging Pump Lube Oil Cooling E] 3SIH*PIA - A Safety Injection Pump El 3SIH*PIB - B Safety Injection Pump El 3RHS*PI A - A Residual Heat Removal Pump (aligned for injection)

E1 3RHS*PI B - B Residual Heat Removal Pump (aligned for injection)

S3Train A RSS (3RSS*PiaIC available for ECCS) - A/C Containment Recirculation Pump El Train B RSS (3RSS*PIB/D available for ECCS) - B/D Containment Recirculation Pump El 3SIL*TKIA - A Safety Injection Tank, available to inject (within TS limits)

F- 3SJL*TKI B - B Safety Injection Tank, available to inject (within TS limits)

El 3SIL*TKIC - C Safety Injection Tank, available to inject (within TS limits)

El 3SIL*TKID - D Safety Injection Tank, available to inject (within TS limits) l STrain 'A' Charging Ventilation Fans ( 3HVR*FNI 3A & 3iihVR*FN 14A)

El Train 'B' Charging Ventilation Fans ( 3HVR*FNL 3B& 3HVR*FN 14B)

El Train 'A' ECCS Ventilation Exhaust Fans ( 3HVQ*FN5A & 3HVQ*FN6A)

F1 Train 'B' ECCS Ventilation Exhaust Fans ( 3HVQ*FN5B & 3HVQ*FN6B)

El 3HVQ*ACUSIA - 'A'Train ECCS (RHS, QSS, & SIH) Air Conditioning Unit El 3HVQ*ACUS IB - 'B' Train ECCS (RHS, QSS, & SIH) Air Conditioning Unit El 3HVQ*ACUS2A - 'A' Train RSS Air Conditioning Unit El 3HVQ*ACUS2B - 'B' Train RSS Air Conditioning Unit MP-20-WM-FAP02.1 Rev. 004-02 44 of 52

Attachment 4 SSCs Requiring Risk Review / Unavailability Monitoring (Sheet 5 of 6)

MP3 Containment Integrity Support Systems LI 3QSS*P3A - A Quench Spray Pump LI 3QSS*P3B - B Quench Spray Pump F] TrainA RSS (3RSS*PIA/C - A/C Containment Recirculation Pump, available for CTMT Heat Removal)

LI Train B RSS (3RSS*P] BID - B/D Containment Recirculation Pump, available for CTMT Heat Removal)

E] 3FWS*CTV4 IA - A Steam Generator Feedwater Stop Valve, available to isolate (within TS limits)

El 3FWS*CTV4 IB - B Steam Generator Feedwater Stop Valve, available to isolate (within TS limits)

El 3FWS*CTV41C - C Steam Generator Feedwater Stop Valve, available to isolate (within TS limits)

E] 3FWS*CTV41D - D Steam Generator Feedwater Stop Valve, available to isolate (within TS limits)

LI Containment isolation function available (does not require unavailability monitoring but is risk significant)

MP3 Support Systems El 3BGS*EG I (SBO) - Station Blackout Diesel Generator El 3CCP*P IA/C - A/C Component Cooling Water Pump and Train A available E] 3CCP*PI B/C - B/C Component Cooling Water Pump and Train B available El 3EGS*EGA - A Emergency Diesel Generator El 3EGS*EGB - B Emergency Diesel Generator Ii 3FPW-V812 - Hose Station 52, Alternate Cooling Water Source to CCE Pump Lube Oil Coolers L] 3HVY*FN2A - 'A' Train Service Water Ventilation LI 3HVY*FN2B - 'B' Train Service Water Ventilation LI 3SWP*P IA - A Service Water Pump El 3SWP*P IB - B Service Water Pump El 3SWP*PIC - C Service Water Pump El 3SWP*PID - D Service Water Pump El NSST A and B - Normal Station Transformer El RSST A and B - Reserve Station Transformer MP-20-WM-FAP02.1 Rev. 004-02 45 of 52

Attachment 4 SSCs Requiring Risk Review / Unavailability Monitoring (Sheet 6 of 6)

MP3 Vital Electrical Support Systems While on-line, following should only be removed from service to perform Corrective Maintenance)

El Bus and Battery Bank (and associated charger) 301A-I El Bus and Battery Bank (and associated charger) 301A-2 El Bus and Battery Bank (and associated charger) 301B-I Li Bus and Battery Bank (and associated charger) 301 B-2 Li Bus and Battery Bank (and associated charger) 301C-1 E] 4160 Volt Bus 34C El 4160 Volt Bus 34D Li 480 Volt Bus 32R (and associated MCCs)

El 480 Volt Bus 32S (and associated MCCs)

Li 480 Volt Bus 32T (and associated MCCs)

El 480 Volt Bus 32U (and associated MCCs)

Li 480 Volt Bus 32V (and associated MCCs)

Li 480 Volt Bus 32W (and associated MCCs)

Li 480 Volt Bus 32X (and associated MCCs)

Li 480 Volt Bus 32Y (and associated MCCs)

El 120 Volt Vital Bus VIAC- I and inverter E] 120 Volt Vital Bus VIAC-2 and inverter El 120 Volt Vital Bus VIAC-3 and inverter

[] 120 Volt Vital Bus VIAC-4 and inverter E] 3346B 3BGS & EG I (SBO) - Station Blackout Diesel Generator IC MP-20-WM-FAP02.1 Rev. 004-02 46 of 52

- ID 41 It

Attachment 6 High Risk Activities (Sheet I of I)

Unit 2 The following surveillances are considered High Risk for Unit 2:

"* SP 265 IN, "Main Control Valve Operability Test" (monthly)

"* SP 2620A, "CEA Partial Motion" (monthly)

"* SP 2411, "CEA Motion Inhibit Verification (OL, OOS, PDIL)" (quarterly)

"* SP 241 IA, "CEA Motion Inhibit Verification (Deviation)" (monthly)

"* SP 2401 D, "RPS Matrix Logic and Trip Path Relay Test" (monthly)

"* SP 2601 D-2, "Power Range Safety Channel and Delta T As Applicable Power Channel Calibration With One Power Associated Channel Inoperable" Unit 3 No High Risk Activities are identified for Unit 3.

MP-20-WM-FAP02.1 Rev. 004-02 48 of 52

Attachment 7 Processing "Notification of Impact to T-12 Schedule" (NIT),

Form MP-20-WM-FAP02.1-001 (Sheet I of I)

This attachment is used as a screening tool for:

Adding Emergent Work to T-12 Schedule

Removal of work inside of Week T-2.

I. Refer To and initiate Form MP-20-WM-FAP02.1-001 "Notification of Impact to T-12 Schedule" (NIT) by completing form sections A and B.

2. Section C - Obtain appropriate Process Support Signatures to set-up, implement, retest and restore from proposed Emergent Work activities.

0 Obtaining Affected Process Support signatures via telephone is permissible.

3. Section D - Obtain PRA and Work Week Manager approval using Section "D".

4. Section E - Obtain Shift Manager (preferably Shift Manager on shift for the implementation of the emergent work) using Section "E".

5. Section F - Obtain management Approval.

6. Use the following questions for preparing, screening and scheduling NIT form:

With respect to proposed Emergent Work; YES NO

a. Work corrects a "Challenge to Generation".

b. Work corrects an LCOITRM entry -OR prevents SSCs Requiring Risk Review from accruing unavailable time.

c. Work prevent equipment damage.

d. Work involves a "safety issue".

e. Work is priority 3 or greater.

f. Work order status "I" to Operations.

g. Tagging required.

h. Work impacts any currently scheduled work.

i. Work effects any Power Block ingress/egress or travel areas for services.

j. Work is near protected equipment (train or facility).

k. All implementing resources/materials available to complete the work.

I. IF work order types PM, CO, PD, TD, EQ or SV: Required Completion Dates (RCDs) not exceeded should work schedule exceeds original target work week.

7. Present NIT for approval at the Daily 0900 Scope and Trouble Report Review meeting.

" WHEN presenting Project or Construction work:

a IF items a through k are all "No", an approved NIT is required and work is covered by generic project/construction scheduling activity.

0 IF any item a through k is "Yes", an approved NIT is required and a detailed fragnet is entered into the P-3 Schedule.

"* Unapproved NITs may be appealed through Directors for Operations and Maintenance.

MP-20-WM-FAP02. 1 Rev. 004-02 49 of 52

Attachment 8 Risk Evaluation Required Actions (Sheet I of 2)

The following provides guidance for quantifying risks where multiple SSCs Requiring Risk Review are expected to be unavailable at the same time.

1. For each proposed maintenance configuration, WWM determines a Risk Recommended Allowed Configuration Time (ACT) and Risk Color, based on PRA calculations, where:

Risk Recommended ACT = maximum time allowed to comply with PRA calculations for specified maintenance configuration

2. Using the following table, WWM determines actions required prior to voluntary entry into a proposed maintenance configuration.

a Include FIN team activities which involve SSCs Requiring Risk Review in the risk review.

Risk Color Code ICDP SCT vs. ACT Red Orange Yellow Green 6 ACT Voluntary entry Ensure SCT No actions No actions

<10- SCT < forbidden. remains < ACT required. required.

10-6 Voluntary entry Assess Assess Assess to SCT > ACT non-quantifiable non-quantifiable non-quantifiable 10-1 factors.* factors.

factors.

5 Voluntary entry Voluntary entry Voluntary entry Voluntary entry

>10 SCT> 10 x ACT forbidden. forbidden. forbidden. forbidden.

I Actions required prior to voluntary entry into maintenance configuration-specific level of risk indicated by Risk Color Code.

- Risk assessment to address protection/restoration of possible degradations to Key Safety Functions (i.e.: Core Cooling, Reactivity, Inventory, Containment, and Electrical Power).

Attachment I" Definitions" has additional information and requirements.

Risk Color Codes, instantaneous CDF, ICDP, SCT, and ACT are obtained via the Equipment Out of Service (EOOS) database.

Risk Color Code - Signifies the configuration-specific level of risk due to SSC availability with respect to that (SSC availability) needed to provide minimum Defense-In-Depth. Risk Color Codes are based on the calculated instantaneous Core Damage Frequency (CDF) associated with removing equipment from service.

SCT - Scheduled Configuration Time, should be less than ACT.

ACT - (Risk Recommended) Allowed Configuration Time.

ICDP - Incremental Core Damage Probability, based on the cumulative risk incurred during a specific maintenance configuration.

MP-20-WM-FAP02.1 Rev. 004-02 50 of 52

Attachment 8 Risk Evaluation Required Actions (Sheet 2 of 2)

3. IF ACT is exceeded, perform the following:

a. WWM ensures appropriate Contingency Plan is prepared, suggested contents include:

Increase Risk Awareness

"* Discuss planned maintenance with, and obtain approval of, Nuclear Operations &

Chemistry

"* Conduct Pre-Job Briefs

"* Request System Engineering involvement Reduce Maintenance Duration

Pre-fabrication and pre-tagout preparations

Pre-stage parts and walkdowns

Pre-job walkdowns

Mockup training

Round-the-clock maintenance

Contingency Plan for rapid recovery of unavailable equipment, as appropriate Minimize Risk Increase

"* Minimize other simultaneous work, particularly where accident initiators or Defense In-Depth is impacted

"* Establish alternate success paths for Key Safety Functions (i.e.: alternate valve lineups, backfeed, jumpers, etc.)

"* Other compensatory measures to protect/restore Key Safety Functions

b. Nuclear Operations & Chemistry reviews and approves proposed Contingency Plans.

c. WWM ensures Contingency Plans are recognized in the P-3 Schedule, as appropriate.

MP-20-WM-FAP02.1 Rev. 004-02 51 of 52

Attachment 9 Documentation Supporting Modifications to MP-20-WM-FAP02.1 (Sheet I of I )

AR 01004422-02 (MP3 TSCR 3-3-01 and TRMCR 01-3-6) - added instructions to Section 2.1 "Work Evaluation" to address Tech Spec requirements for extended duration (>72 hours) on-line maintenance of MP 3 Service Water Pumps.

Instructions added temporarily to emphasize WWM responsibilities to ensure newly enacted MP 3Tech Spec requirements (added via TSCR 3-3-01/TRMCR 01-3-6). It is intended that these instructions will be removed after personnel have become familiar with the new Tech Spec requirements.

2 AR 01004347-02 (MP2 TSCR 2-6-00, Docket No. 50-336, B 18342) - added instructions to Sections 2.1 "Work Evaluation", 2.6 "Week T-6 (Work Order Package Walkdowns", and 2.11 "Week T- 1 (Final Schedule Issuance) to address MP2 EDG 14 day allowed outage time requirements with plant on-line.

Instructions added temporarily to emphasize WWM responsibilities to address newly enacted MP 3 Tech Spec requirements (TSCR 2-6-00). It is intended that these instructions will be removed after personnel have become familiar with the new Tech Spec requirements.

3 AR 01004347-02 (MP2 TSCR 2-6-00, Docket No. 50-336, B 18342) - same as previous 4 AR 01004347-02 (MP2 TSCR 2-6-00, Docket No. 50-336, B 18342) - same as previous MP-20-WM-FAP02, I Rev. 004-02 52 of 52

Operations Department Guideline MP-14-OPS-GDLO2 Operations Standards, Revision 004 (selected portions)

Guideline All Millstone Station Operations Standards MP-14-OPS-GDLO2 Rev. 004 Approval Date: 1z2,4/o1 Effective Date:

.T4 Th

TABLE OF CONTENTS

1. P U R P O S E ................................ .................................. ................................ ............. ................ 5 1.1 Objective .......................................................... ................................................... 5 1.2 Discussion ................................ ................................ ........................ .......................... 5 1.3 O perations Standard ........................................................................................................... 5 1.4 Operations Department Mission Statement ...................................................................... 5 1.5 Millstone Station Operators Code of Ethics .................................................................... 6

2. IN STR U CTIO NS .................................................. .......................................................... 7 2.1 Using Operations Standards .......................................... 7

3.

SUMMARY

OF CHANGES ............................................ 8 3.1 Revision 004 ................................ ................................ .......................... ....................... 8 3.2 R evision 003 ................................ ................................ .......................... ....................... 8 3.3 R evision 002 ................................ ................................ .......................... ....................... 8 3.4 R evision (X)l ................................ ................................ ................................ ..................... 14 Attachment I Plant Control and Monitoring ....................................................................... 15

1. Operator at the Controls ......................................... 15

2. Operation of Control Room and Plant Equipment .................................................. 16

3. Plant Monitoring .............................................. 17

4. Plant Equipment Operator Rounds ........................................................................ 19

5. Unstable Plant Conditions, Startup, and Load Changes ......................... 19

6. Manual Initiation of Automatic Actions ................................................................. 20

7. Skill of the Trade .............................................. 20

8. Supervision and Control of Trainees ...................................... 21

9. Suspension of Training .......................................... 21 Attachment 2 System Equipment Operation and Control ............................ 22

1. Alternate Plant Configurations .......................................... 22

2. Manual Operation of Controllers ......................................... 23

3. Electrical Breaker Standards ...................................... 24 MP- 14-OPS-GDLO2 Rev. (X)4 2 of 90

4. Response to Potential Equipment Damage ............................................................. ..24

5. Reporting Equipment Deficiencies ........................................ 25

6. Resetting Protective Devices ...................................... 25

7. Train Bypass Annunciator Usage (Unit 3) ........................................................... .25

8. Maintenance Rule Risk Reviews ................................................... 26 Operating Practices ...................................... 27

1. Reactivity Management Standards ........................................ 27

2. Control Room and Surveillance Areas ........................................................................ 28

3. Control Room Staffing ............................................... 34

4. Control Room Behavior Guidelines ........................................................................ 34

5. Utilization of Three ROs or SROs .......................................................................... 35

6. Shift Relief and Turnover/Shift Turnover Briefing/Shift Turnover Report ............... 36

7. Pre-Job Briefs/Post-Job Debriefs ......................................... 42

8. Alarm Response ............................................... 43

9. Logkeeping ................................................................................................ .......... 44

10. Communications ............................................. 46

11. Management Notifications ....................................... 52

12. Self-Checking, Peer Checks and QV&V, Human Performance Traps .................... 52

13. Placekeeping ................................................ 57

14. Dress Code/Uniforms Policy ..................................... 57 Regulatory Requirements for Equipment Control ...................... 59

1. Compliance With Shutdown Actions Directed by Technical Specifications .............. 59

2. Dedicated Operators: Use of Manual Action for Automatic Action ......................... 60

3. Returning Inoperable Equipment to Service ........................................................... 61

4. System Status During Surveillance Testing ............................................................ .63 MP-14-OPS-GDLO2 Rev. (X)4 3 of 90 Miscellaneous Equipment Control Topics ............................................... 65

1. Housekeeping ....................................................................................................... 65

2. Installation of Piping System Caps and Plugs (Unit 2 only) ......................................... 66

3. Fuse Control Guidance .......................................... 67

4. Hose Control Labeling .......................................... 68

5. Replacement of Indicating Light Bulbs (Unit 2 Only) ........................... 69 Qualification and Training ....................................................................... 70

1. Maintaining Various Operator Qualifications ................................. 70

2. Expectations for Licensed Operator Requalification Training (LORT) .................... 89

3. Expectations for Licensed Operator Initial Training (LOIT) and Licensed Operator Upgrade Training (LOUT) ......................................... 90 MP- 14-OPS-GDLO2 Rev. (.)4 4 of 90

1. PURPOSE 1.1 Objective This Guideline provides Operations Department personnel with standards and expectations required for the performance of their jobs.

1.2 Discussion In order to ensure that a common understanding exists among all Operations personnel, the Operations department uses documented written communications which arc known collectively as Operations Standards.

It is the responsibility of all Operations personnel to be familiar with the content of these written communications/standards and to be in full compliance with the expectations contained herein.

1.3 Operations Standard These standards are administrative in nature. They may provide guidelines which fulfill the requirements of another procedure or they may stand alone to provide instructions on a given subject.

Anyone who has information which should be disseminated in an Operations Standard can provide that information to Operations Management to review Ifr inclusion into this document.

1.4 Operations Department Mission Statement The Operations Department is dedicated to provide for utmost respect of the reactor core and to operate the units in such a manner as to protect the health and safety of the public.

1.4.1 Millstone Operations Department Goals and Objectives Operations Department Management shall foster an environment that is conducive to achieving the Operations Department Goals and Objectives:

Use a conservative and prudent approach with a sense of responsibility for reactor safety.

Provide a professional environment.

Maintain an atmosphere of open honest communication.

Empower personnel with proper authority and hold personnel accountable for their performance.

1.4.2 Plant related goals and objectives:

Minimize the number of automatic reactor trips (goal is zero unplanned trips).

Eliminate unanticipated safety system actuation

Optimize availability of safety systems and all plant systems.

MP- 14-OPS-GDLO2 Rev. WX)4 5 of(90

Optimize availability of instruments, recorders, gauges, meters, controllers, and other indicators.

Minimize number of automatic system or component controllers operated manually.

Minimize number of annunciators lit (Blackboard Concept).

Promptly identify, document and/or correct equipment and design deficiencies.

Evaluate identified deficiencies and establish a realistic priority for resolution. Assign completion dates consistent with the importance of the problem.

Assign plant resources as necessary to complete work as scheduled.

1.4.3 Personnel related goals and objectives :

Maintain a high level of qualification and training readiness.

Maximize personnel learning and developmental opportunities.

Establish and maintain teamwork.

Minimize personnel injuries.

Minimize personal errors.

Minimize personnel dose received.

Adhere to strict procedural compliance.

1.5 Millstone Station Operators Code of Ethics We, the Operators of the Millstone Power Station, are entrusted with the control of our nuclear power generating facility. With that trust, we accept responsibilities to the general public, our fellow employees, and the nuclear power industry. We commit ourselves to excellence in operations.

In pursuit of excellence we will:

Adhere to procedures, Technical Specifications, policies, and regulatory requirements

Pursue a high level of knowledge, using all available resources, to enhance both our operational abilities and those of our peers.

Encourage a sense of pride during the performance of operational activities, a sense of ownership in plant equipment, and commitment to accept only the highest standards of both personnel and equipment performance.

Perform duties with high personal standards of honesty, integrity, and ethics; including adherence to standards established and accepted throughout the nuclear industry.

Encourage a spirit of teamwork through open communication and cooperation.

MP- 14-OPS-GDLO2 Rev. 0W4 6 of 90

2. INSTRUCTIONS 2.1 Using Operations Standards 2.1.1 Operations standards shall be considered the minimum standards and expectations for operations personnel and shall be enforced.

0 End of Section 2.1 MP- 14-OPS-GDLO2 Rev. (X)4 7 of 90

Attachment 2 System Equipment Operation and Control (Sheet 1 of 6)

This document contains the following topics:

1. Alternate Plant Configurations

2. Manual Operation of Controllers

3. Electrical Breaker Standards

4. Response to Potential Equipment Damage

5. Reporting Equipment Deficiencies

6. Resetting Protective Devices

7. Train Bypass Annunciator Usage (Unit 3)

8. Maintenance Rule Risk Reviews

1. Alternate Plant Configurations An alternate plant configuration occurs when an equipment manipulation places a component or system in an abnormal configuration, i.e., operating a controller in manual, opening a bypass around a control valve.

Alternate plant configurations are plant alignments which are allowed by the system design, but are not the normally desired configuration.

Alternate plant configurations are configurations which are not addressed by procedures, but have been approved for use by Operations during the course of implementing this guideline.

If an abnormal alignment is controlled by an approved procedure, it is not an alternate plant configuration.

Alternate plant configurations are not considered design changes.

Alternate plant configurations are not used to circumvent Technical Specification requirements, but are used to operate inside the design basis by using installed equipment.

If continued operation of a component in normal configuration is adverse to plant reliability and an Alternate Plant Configuration is required, the following shall be performed:

a. Request the STA or Engineering perform the following:

I) Determine if the alternate plant configuration will cause any plant equipment or plant system to perform differently from the description in design documents. (e.g., FSAR)

MP- 14-OPS-GDLO2 Rev. 004 22 of 90

Attachment 2 System and Equipment Operation and Control (Sheet 2 of 6)

2) If plant equipment or plant system(s) may perform differently from the description in design documents. Refer to RAC 12, "Safety Evaluation Screens and Safety Evaluations" and prepare a screening and if necessary, a specific 50.59 Evaluation of the alternate plant configuration.

b. If the alternate plant configuration would render the equipment inoperable, do not place the equipment in alternate configuration until all reviews are complete and allow the alternate configuration.

c. Potential reactivity effects shall be considered when changing system alignment.

d. Place equipment in alternate plant configuration.

e. Tag the component to the SM/US.

f. Initiate a CR identifying the alternate plant configuration including any possible long term concerns. The CR should evaluate the alternate configuration, considering, at a minimum, the following:

"* Potential for failure of Operator to perform a design function manually.

"* Potential adverse effect due to the additional requirements imposed on the Operator as a result of the off-normal system or equipment line-up.

"* Plant effects caused by the bypassed condition on plant (e.g., erosion or corrosion, clogging due to unfiltered effluents).

When restoring to the to the normal configuration, the system will be aligned by either a procedure or a system lineup.

2. Manual Operation of Controllers Controllers and equipment designed to operate in "AUTOMATIC" shall not be operated routinely in "MANUAL" mode unless procedure controls are in place.

Prior to placing a controller in "AUTOMATIC" mode, the error between input (controlled parameter) and setpoint should be minimized.

A controller may be operated in "MANUAL" to stabilize and control a parameter under any of the following conditions:

The controller or any of its inputs is suspected or shown to be unstable or faulty.

The parameter is being maintained outside of the range of the controller.

A transient occurs which causes a divergent or slow dampening oscillation of the parameter.

A calibration of controller, or input to the controller, is in progress.

Controller setpoints shall not be changed unless directed by an approved procedure or by the SM/US.

MP-14-OPS-GDLO2 Rev. 004 23 of 90

Attachment 2 System and Equipment Operation and Control (Sheet 3 of 6)

Setpoint changes within allowed ranges, controlled by Operations procedures or surveillances, require no additional documentation beyond the controlling procedure or surveillance requirements.

Any adjustments shall be documented in the Shift Turnover Report as an alternate plant configuration.

setpoint changes outside allowed ranges or fixed values shall be discussed with Engineering and a CR initiated.

I&C shall be contacted for assistance in making any changes to controllers normally adjusted by I&C.

3. Electrical Breaker Standards Unless operating equipment locally at the switchgear as specified by Emergency or Abnormal Operating Procedures, all equipment will be operated using the remote control switches at the Main Board or Control Panel when so equipped.

Also, when operating equipment at the switchgear (i.e., MCC feeders, local control of equipment, cross-ties), the pistol grip switch at the Load Center control section shall be used versus operating the breaker directly. Note: Many of the 4160 volt breaker pistol grips only work when in 'TEST."

For breaker trips, note all flags prior to resetting. Except in an emergency, the cause of the trip must be known and corrected prior to re-energization.

4. Response to Potential Equipment Damage If plant equipment is known to have been operated in a manner which had the potential to damage that equipment (examples include but are not limited to starting a pump with its suction valve closed or starting a pump with insufficient lubricating oil or cooling), the following actions shall be taken:

The Operator shall notify the SMiUS of problem.

The SM/US shall direct equipment or plant be placed in a safe condition.

Initiate a CR.

Describe the problem in the Shift Log If potentially damaged equipment is safety related, SM/US shall perform the following additional actions:

Check applicability of Technical Specifications and Technical Requirements Manual, Radiological Effluent Monitoring & Offsite Dose Calculation Manual (REMODCM).

Notify the Operations Manager of problem.

,, Initiate a Condition Report.

MP- 14-OPS-GDLO2 Rev. (X4 24 of 90

Attachment 2 System and Equipment Operation and Control (Sheet 5 of 6)

, Initiate appropriate investigative action to determine status of potentially damaged equipment.

,, Evaluate the need to perform a risk review of the potentially damaged equipment on work activities scheduled to be released.

5. Reporting Equipment Deficiencies Deficient equipment is identified through the Site Reporting System (SRS) and given appropriate priority for repair.

The repair plan is processed as specified in Master Manual 16 for Corrective Actions.

6. Resetting Protective Devices When protective devices trip (such as circuit breakers, fuses, reactor protection channels with multi-channel logic), attempt to understand the cause of the trip before resetting the devices. When the SM understands the cause of the trip, the SM may give permission to reset the protective device. To protect the plant or prevent a plant transient, the SM is authorized to reset any tripped protective device without knowing the cause.

If a protective relay is reset, the Operator should perform the following:

Record applicable information concerning the trip of each relay.

Initiate a Condition Report and Trouble Report via SRS.

If a protective device, other than a fuse, trips a second time following reset (within 15 minutes), no additional reset shall be attempted until the Engineering Department has been notified and an engineering evaluation performed.

7. Train Bypass Annunciator Usage (Unit 3)

When entering an LCO or removing safety related equipment from service that has an applicable bypass annunciator, perform the following:

Verify the annunciator for any automatic input is lit.

If there is no automatic input, press appropriate manual bypass annunciator pushbutton and verify the annunciator is lit.

When exiting an LCO or restoring safety related equipment that has required a manual bypass annunciator, press the appropriate manual bypass annunciator push button and verify the annunciator is not lit.

MP- 14-OPS-GDLO2 Rev. 004 25 of 90

Attachment 2 System and Equipment Operation and Control (Sheet 6 of 6)

8. Maintenance Rule Risk Reviews Maintenance Rule IOCFR50.65(a)(4): Before performing maintenance activities (including but not limited to surveillance, post-maintenance testing and corrective and preventative maintenance), the licensee shall assess and manage the increased risk that may result from the proposed activities.

The Maintenance Rule is implemented through MP-20-MMM. MP-20-WM-FAP02. 1, Alt 4 identifies the equipment that requires risk reviews. If emergent work has been processed and has been added to the schedule, a risk review must be performed.

Operations is responsible for identifying and evaluating non-scheduled and emergent work on systems that require a risk review while other equipment is out of service. Examples include the following:

When AFW is unavailable due to running an AFW pump to cool a containment penetration of AFW piping

When HPSI is unavailable due to running an SIH/HPSI pump to fill an accumulator/SIT

When performing a surveillance (that makes equipment unavailable) earlier or later than scheduled

If risk sensitive component fails and schedule calls for work to commence on another risk sensitive system Plant configuration or mode changes have resulted in different equipment being available than was assumed in the risk review for the week Unscheduled post-maintenance testing (retests) if testing results in risk sensitive equipment being unavailable If a risk review is necessary, perform this review using the MP-20 risk matrix, EOOS (Equipment Out of Service database) or by contacting PRA. Based on the results of the assessment, ongoing or planned maintenance activities may need to be suspended, rescheduled or structures, systems or components (SSC) may need to be returned to service.

Document the method used and the results (i.e., green, yellow, orange, and red) in the Shift Log for any plant conditions actually realized. Shift log entries are not required for any reviews of proposed work identified as having an adverse impact and subsequently not authorized to be released.

Performance of the risk assessment should not interfere with or delay taking timely actions to restore the equipment to service or taking compensatory actions. If the plant configuration is restored Rpri to conducting the risk review, the review need not be conducted.

MP- 14-OPS-GDL02 Rev. (X)4 26 of 90

Millstone Unit No. 3 Core Damage Probability Performance Indicator for January 2002

Core Damage Probability Millstone 3 Progress: Performanceis 'satisfactory" for the Month of January2002.

Good 0.

Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan 01 01 01 01 01 01 01 01 01 01 01 02 I CDP -- *-Goal =*Excellent Raw DataA0 M Feb 01 Mar501 5r01 May 01 Jun 01 Jul 01 Aug 01 Sep-01 Oct601 Nov801 Dec-01 Jan 02 CDP 3R07 5.03E-06 5.04E-06 4.95E-06 5.22E-06 5.17E-06 5.10E-06 6.OOE-06 6.60E-06 4.85E-06 5.67E-06 5.53E-06 Excellent 4.

49 .4E-06E49-06E0 44E-06 .64E-06 4.64E-06 4.64E-06 4.64E-06 .694E-064.94E-06 4.94E-06 4.94E-06 Goal 6.64E-06, 6.64E-06 6.4E0 6.64E06 .64E-06 6.64E-06, 6.64E-06 6.64E-06 6.64E-06. 6.64E-06 6.64E-06 6.64E-06 REASON FOR CURRENT PERFORMANCE ACTIONS TOJMPROVE PERFORMANCE' The main contributor to the January CDP is the planned NA maintenance evolution on the "A" RSS train. There were 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months of maintenance unavailability accrued on the train.

SIGNIFICANCE OF CURRENT PERFORMAN.CE WHEN 1$ IMPROVEMENT EXPECTED?.......

The calculated CDP for the Month of January 2002 is NA 5.53E-6. Thus, the performance is satisfactory (i.e.,

WHITE).

GOAL COMMENTS The goal is to minimize risk by effectively managing plant configuration. Risk categories for the monthly CDP are:

S4.56E-6 < CDP < 4.94E-6 Excellent/GREEN 4.94E-6 < CDP < 6.64E-6 Satisfactory/WHITE 6.64E-6 < CDP < 8.33E-6 NI/YELLOW CDP > 8.33E-6 Unsatisfactory/RED These limits are derived using procedure SAB 3.08.

Data Source: F. Cietek x2331 MP Analysis by: F. Cietek x2331 MP Owner: J. Guerci x2189MP U3_cdp.xls/monthly-cluster

Millstone Nuclear Power Station Unit No. 3 PRA Peer Review Report

CONFIDENTIAL Millstone Nuclear PowerStation Unit 3 PRA PeerReview Report SECTION 1 OVERVIEW OF THE PROBABILISTIC RISK ASSESSMENT PEER REVIEW PROCESS 1.0 Introduction This report summarizes the results of a peer review of the Northeast Utilities (NU) Company's Millstone Nuclear Power Station Unit 3 (Millstone 3)

Probabilistic Risk Assessment (PRA).' This review followed a process adapted by the Westinghouse Owners Group (WOG) from the review process that was originally developed and used by the Boiling Water Reactor Owners Group (BWROG)2 and subsequently broadened to be an industry-applicable process, through the Nuclear Energy Institute Risk Applications Task Force. This review was conducted under WOG sponsorship as part of a program to perform such reviews for operating domestic WOG member plants.

1.1 Objective and Approach The objective of the PRA Peer Review process is to provide a method for establishing the technical quality and adequacy of a PRA for a spectrum of potential risk-informed plant applications for which the PRA may be used. The PRA Peer Review process employs a team of PRA and system analysts, each with significant expertise in PRA development and PRA applications, to provide both an objective review of the PRA technical elements and a subjective assessment, based on the peer review team members' PRA experience, of the acceptability of the PRA elements. The team utilizes a set of checklists as a framework within which to evaluate the scope, comprehensiveness, completeness, and fidelity of the PRA being reviewed. This is not intended to be a comparison of the PRA being reviewed against features of other PRAs. Rather, it is a review by a group of qualified peers, who are aware of the attributes of a quality PRA and are also aware of techniques and assumptions used in other PRAs, to identify PRA strengths and areas for improvement.

1Note that while, throughout this document, the term PRA is used, no generic distinction is made between PRA and PSA (probabilistic safety assessment), except when referring specifically to predecessor studies of the current Millstone 3 PRA.

2 BWROG-97026, "Transmittal of BWR Owners' Group Document, 'PRA Peer Review Certification Implementation Guidelines,'" Boiling Water Reactor Owners Group, January 31, 1997.

September, 1999 1- 1 PRA Peer Review Process OverviE*W

CONFIDENTIAL Millstone NuclearPower Station Unit 3 PRA PeerReview Report One of the key aspects of the review is an assessment of the maintenance and update process used to ensure that the PRA continues to reflect the configuration of the plant over time, so that the results and conclusions of PRA applications also continue to reflect the plant. This is a necessary aspect of a quality PRA.

1.2 Scope The PRA Peer Review process is a one-time evaluation process which examines both the current PRA and the PRA maintenance and update process, and assigns grades to the various technical elements of the PRA. By including an examination of the maintenance and update process, the peer review addresses the likelihood that the PRA will continue to adequately reflect the as-operated plant to support risk-informed applications. The grades denote the relative capability of the technical elements for use in PRA applications.

Among the most important features needed to assure a usable and successful PRA for applications are:

"* PRA organization

"* Management attention

"* Communication between the PRA group and other parts of the organization

"* PRA technical adequacy

"* Living PRA process including maintenance and updates The first three items are plant-specific management issues which should be addressed by each utility to assure successful use of the PRA in applications.

The last two items are the focus of the Peer Review Process.

The general scope of the PRA Peer Review includes review of eleven main technical elements, as listed in Table 1-1, for the at-power PRA including internal events, internal flooding, and containment performance. The review is guided by checklist tables. These checklists, which cover the elements and sub-elements, are shown in Appendix B.

1.3 Process The process includes two main steps: a recommended PRA self-assessment, conducted by the host utility prior to the peer review; and the peer review itself.

A general flowchart of the self-assessment process is shown in Figure 1-1. It is intended that, as an integral part of the Peer Review Process, the utility team responsible for the PRA to be peer-reviewed first complete this self-assessment.

The primary objectives of the self-assessment are for the host utility to identify September, 1999 1 -2 PRA Peer Review Process OverviE w

CONFIDENTIAL Millstone NuclearPower Station Unit 3 PRA PeerReview Report areas where applications of the PRA may require additional or alternative documentation, technical upgrades, or process improvements, prior to the arrival of the peer review team, using guidance similar to that used by the peer reviewers. In this manner, the host utility can obtain an indication of areas for potential improvement and either address these, or formulate plans to address these, prior to the peer review. A secondary objective of this self-assessment is to review documentation, and ensure that as complete a set of documentation as feasible is ready for the reviewers, to streamline the peer review week and allow for a more effective review. It is not necessary to complete each step of the self assessment in order to derive benefits from it.

A flowchart of the process is shown in Figure 1-2. This figure describes the general approach and process steps used in the application of the peer review process to an individual PRA. The reviewers begin the week prior to their arrival onsite by reviewing material provided in advance by the host utility. The onsite PRA Peer Review Process is a one-week tiered review process in which the reviewers begin with relatively high level element checklists and criteria and progress successively to additional levels of detail as necessary to ensure the robustness of the model.

The PRA elements, the quality attributes, the grades of peer review and insights from past PRA reviews have been used to establish specific criteria for each element and sub-element of the PRA. The specific 3 criteria are based on past peer review experiences and engineering judgment.

The applicability of specific criteria may vary from plant to plant. This variation results from the differences in the PRA techniques and models being evaluated, including the computer modeling methodology used at the plant. The applicability of specific criteria to the plant PRA being reviewed is determined by the peer review team through their consensus discussions.

The PRA Peer Review Process is developed as a rational approach to assessing PRA quality and allowing the necessary focused feedback for PRA improvement.

The process does not require a 10CFR50 Appendix B program for the review or for the PRA. However, the review process includes the principal elements of an effective 10CFR50 Appendix B quality assurance review of documents via:

3 Note that, at the time this review was performed, the American Society of Mechanical Engineers (ASME) was in the process of developing a consensus standard for Level 1 at-power probabilistic risk assessments used to support risk-informed applications at commercial nuclear power plants. Draft versions 10 and 11 of the ASME standard, although preliminary at the time of this review, were used by the reviewers, in a selective manner, to support their deliberations and conclusions, and some references to specific technical requirements in this draft standard have been included in the checklists and fact and observation sheets. Additional detail regarding these references is provided with the review checklists in Appendix B.

September, 1999 1-3 PRA Peer Review Process Overview

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report

use of highly qualified reviewers

use of reviewers who are independent of the original PRA study

development of a list of issues to be addressed; and

documentation of the review conclusions.

Although a grading scheme is used, the major benefits of the review process are not the element grades, but rather the recommendations for improvements and the acknowledgments of the strengths of the PRA. An additional beneficial outcome of the review process is the exchange of information regarding PRA techniques, experiences, and applications among the host utility and utility reviewer personnel. It is also expected that this process will promote a level of consistency from review-to-review, as additional peer reviews are performed on WOG-member plants using this process, and on other owners group member plants using very similar processes. This consistency would derive from anticipated coordination of reviews and evaluation of review results within the individual owners groups, and from anticipated sharing of information among the owners groups.

1.4 Peer Review Grades The Peer Review process uses grades to assess the relative technical merits and capabilities of each sub-element reviewed. The grades provide guidance on appropriate use of the information covered by the subelement for risk-informed applications. The four grades used are:

Grade 1 This grade corresponds to the attributes needed for identification of plant vulnerabilities, i.e., responding to NRC Generic Letter 88-20 (Individual Plant Examinations - IPE). There may be substantial conservatisms included in the modeling, analysis, and data for Grade 1. These conservatisms may still allow the identification of outliers, vulnerabilities, and prioritize certain issues, but they limit the ability to use a PRA with Grade 1 peer review grades for its sub elements for most other applications. Most PRAs are expected to be capable of meeting these requirements.

1999 1-4 1-4 PRA Peer Review Process Overview September, 1999 September, PRA Peer Review Process Overview

CONFIDENTIAL Millstone Nuclear PowerStation Unit 3 PRA Peer Review Report

"* Grade 2 Grade 2 corresponds to the attributes needed for risk ranking of systems, structures, and components. A PRA with elements determined to be at this grade would provide assurance that, on a relative basis, the PRA methods and models yield meaningful rankings for the assessment of systems, structures, and components, when combined with deterministic insights (i.e., a blended approach). Grade 2 is thus acceptable for Grade 1 applications and for applications that involve the risk ranking of certain systems, structures, and components as long as a qualitative check of the process is performed.

"* Grade 3 This grade extends the requirements to assure that risk significance determinations made by the PRA are adequate to support regulatory applications, when combined with deterministic insights. Therefore, a PRA with elements determined to be at Grade 3 can support physical plant changes when it is used in conjunction with other deterministic approaches that ensure that defense-in-depth is preserved. Grade 3 is acceptable for Grade 1 and 2 applications, and also for assessing safety significance of equipment and operator actions. This assessment can be used in licensing submittals to the NRC to support positions regarding absolute levels of safety significance if supported by deterministic evaluations.

"* Grade 4 This grade requires a comprehensive, intensively reviewed study which has the scope, level of detail, and documentation to assure the highest quality of results. Routine reliance on the PRA as the basis for certain changes is expected as a result of this grade. Grade 4 is acceptable for Grade 1, 2, and 3 applications, and also usable as a primary basis for developing licensing positions that may change hardware, procedures, requirements, or methods (inside or outside the licensing basis). It is expected that few PRAs would currently have many elements eligible for this grade of peer review.

Establishing the PRA quality such that the PRA can be used over a broad spectrum of possible applications is judged to be a cost effective approach of implementing quality standards. It should be noted that while each of the four application oriented grades have different characteristics, as delineated above, the boundaries between grades are not sharp. This is illustrated in Figure 1-3.

This leaves, in some cases, an element of judgment to be applied when assigning a specific application to a specific grade, and even in assigning a specific grade to a specific sub-element. This lack of sharp boundaries results, in part, from the ability to use varying degrees of supplementary deterministic September, 1999 1-5 PRA Peer Review Process Overview

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report considerations or focused PRA studies with any of the four grades to effectively support a risk-informed application. This also means that, in preparing a risk informed application, a utility may rely more heavily upon deterministic analysis and support to compensate for relatively low evaluation grades in certain elements of the PRA.

It is important to note that the PRA does not receive one overall grade. Each sub-element is graded. Then, based on the sub-element grades, a summary grade is provided for each of the eleven technical elements.

1.5 Peer Review Team The Peer Review team consists of individuals knowledgeable in PRAs for plants similar to the plant PRA being reviewed. The review team generally consists of six members, three of whom are utility personnel, and three of whom are PRA consultants. One team member, generally one of the consultants, serves as the team leader/facilitator. Each of the members are expected to be knowledgeable in PRA issues and experienced in the performance and application of PRAs.

The reviewers must be independent of the original IPE study, and also independent of the subsequent update or expansion of the IPE into a PRA intended for risk-informed applications.

Information regarding the Millstone 3 PRA reviewers is provided in Section 2.

1999 1-6 1-6 PRA Peer PRA Review Process Overview September, 1999 September, Peer Review Process Overview

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table IE (Report)

I ELEMENT: INITIATING EVENTS (IE)

Guidance: There is no guidance document for this element. New initiators had been added and several old initiators screened out of the current model. Guidance would be useful to assure consistent assessment of initiating events in the future.

Grouping: The current PRA relies on the initiating event identification and grouping analysis that was performed in the PSS. That analysis seems to be thorough. However, there is no documentation to indicate that this initial set of selected initiators was reviewed against more recent plant/industry experience for completeness.

Treatment of Support System/Special Initiators: A number of support system initiators are included in the current model. A structured approach would aid in assuring that initiators were properly treated for the future. The loss of SW initiator appears to include a conservative treatment of common cause. Also, consideration of loss of ventilation initiators should be revisited and documented.

Data: Good use of plant specific data is made in the current update. For some initiators, however, more current generic data sources are available and should be reviewed for applicability.

Documentation: The original PSS documents a systematic search for identification and grouping of initiators. This process needs to be documented and carried forward for the current updates.

Recommended Enhancements: An initiating event dependency matrix would be useful to document the impacts of initiators and to show why initiators were grouped. The loss of SW initiator model should be evaluated to ensure that it is as realistic as possible. Consideration should be given to evaluating the effects of a loss of ventilation initiator.

Overall Process Assessment: The initiating event element is sufficient to support risk significance evaluations with deterministic input, contingent on the items noted above and in the contingent grade Fact & Observations listed in the checklist.

Recommended Element Grade:

"o Grade 1 - Supports Assessment of Plant Vulnerabilities "o Grade 2 - Supports Risk Ranking Applications

@ Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input 0 Grade 4 - Provides Primary Basis For Application 3-4 Element Review Summary Tables September, 1999 September, 1999 3-4 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table AS (Report)

I PR PEE REIWRPR ELEMENT: ACCIDENT SEQUENCE EVALUATION (Event Trees) (AS)

I Guidance: There is no separate guidance document for accident sequence evaluation.

Hence the existing documentation of the accident sequence evaluations serves as guidance for future updates. There is merit in the development of separate guidance on sequence development, particularly with respect to the steps between the development of event trees and the computer modeling of the linked fault tree representations. There are important aspects of the model development between the information presented in the individual system notebooks and the information that needs to be built into the CAFTA linked fault tree model; the current process relies too heavily on the experience and expertise of the particular analyst to recognize and address such considerations.

Success Criteria and Bases: The assumed success criteria are documented in the event tree calculation; however the tracing of success criteria to their bases in supporting thermal hydraulics and engineering evaluations revealed some weak points. The bases for a significant number of the success criteria are in the Probabilistic Safety Study (PSS) and the supporting calculations are neither available nor verified for current applicability. NU plans to update the thermal hydraulic analysis using MAAP 4.0 in a future update. The peer review team strongly supports this as needed to provide an adequate basis for the success criteria.

Accident Scenario Evaluation (Event Tree Structure): The event tree structure is good and appears to treat all the risk significant accident sequences normally identified for PWRs.

The documentation could be strengthened by justifying why no event tree questions were included for issues such as pressurized thermal shock, PORV challenges during transients, consequential bypasses via seal return line and letdown isolation line isolation failures, induced SGTR ruptures following steam line breaks, and other functions addressed in other Westinghouse PWR PRAs that have achieved a greater level of completeness. The judgments on what to include and exclude should be made not only on the basis of the impact on the average CDF and LERF but also on the capability of the model to support applications.

Interface with EOPsIAOPs: The interface between the human actions in the model and steps in the EOPs was documented; however the current update was not supported by interactions with operations or operator training personnel. Also, the human actions analysis in the current update, with few exceptions, are only screening values and as a result do not benefit from any simulator evaluations. Finally the lack of up to date plant specific thermal hydraulic analyses to support the event tree development makes it difficult to validate the EOP interface. The peer review team concurs with NU's plan to address this issue in the next update.

3-5 3-5 Element Review Summary Tables September, 1999 September, 1999 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA Peer Review Report Table AS (Report)

PR PEE REVIEW REORT ELEMENT: ACCIDENT SEQUENCE EVALUATION (Event Trees) (AS)

Accident Sequence Endstate Definition/Treatment: The accident sequence end-state and Level 1/Level 2 interface is made in the current model in reference to the 1980's vintage Level 2 PRA performed in the PSS. This interface will need to be updated when the Level 2 update is performed and this will necessitate new definitions for the plant damage states.

Documentation: The documentation of the current accident sequence model is found in the event tree calculation which provides a clear description of the basic model. The ability to identify the technical bases of the model and the ability to trace to actual success criteria calculations is a major shortcoming of the current documentation.

Recommended Enhancements: Either reconstruct the technical bases of the accident sequence model from the PSS, or develop new bases from new thermal hydraulic analyses using MAAP and other appropriate engineering calculations. The updated documentation should be enhanced to address all the technical issues discussed above and in the Fact and Observation Sheets for this PRA element.

Overall Process Assessment:

Future PRA updates would benefit from a guidance document that covers all aspects of sequence development. The event tree calculation and dependency matrices should be periodically reviewed by system engineers and operations personnel to ensure plant and model fidelity. The accident sequence evaluation is adequate to support risk ranking applications, but the recommended enhancements should be addressed in order for this element of the PRA to support risk significance evaluations. Documentation should be upgraded in any case.

Recommended Element Grade:

0 Grade 1 - Supports Assessment of Plant Vulnerabilities

[] Grade 2 - Supports Risk Ranking Applications o Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input 0 Grade 4 - Provides Primary Basis For Application 3-6 Element Review Summary Tables September, 1999 September, 1999 3-6 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table TH (Report)

I ELEMENT: THERMAL HYDRAULIC ANALYSIS (TH)

I Guidance: Specific guidance for thermal/hydraulic analysis and other engineering calculations supporting success criteria is not available. Some guidance can be inferred from the PSS, but approaches and computer codes used in that study are generally out of date, so that document is an inadequate source of guidance. A recent calculation of SBO recovery times performed using the MAAP 4 code provides guidance in a narrow area, but this source was also lacking in at least one key area: specifying a clear definition of core damage.

Best Estimate Calculations: The success criteria calculations that were made for the PSS were intended in many cases to be plant-specific, best-estimate. However, since the PSS was performed, the state of TH analysis for PRA has advanced significantly, such that the success criteria are no longer realistic for some cases. NU has indicated that the success criteria analyses are to be upgraded over time, using more modern techniques. (An example is the use of MAAP4 for the LOOP/SBO calculations).

Core damage is defined as any exceedance of 2200°F using MAAP 4 with predicted clad oxidation less than 1%; although this is a recognized industry definition for core damage, a potentially more practical definition has been recommended below.

There are areas in which additional calculations could be done to support less stringent success criteria in place of a number of existing FSAR-based criteria,- such as requirements for accumulator injection following large LOCA; these are generally not in key contributors to core damage in the current model. There is also one area (required number of AFW paths) in which a less stringent criterion might be specified for normal decay heat removal scenarios.

Generic assessments, where applied, appear to have been applied correctly, although in some cases conservatively.

Limited use to date of the MAAP code appears to have been done correctly, and the code was not applied beyond its known limitations.

Room Heat Up Calculation: There is a detailed room heatup study, performed for the PRA using the Gothic code, that provides the basis for challenges to equipment acceptable temperature limits, and room heat-up calculations to determine those rooms for which room cooling is required. Room cooling dependencies are modeled in the fault trees for those components for which the room heat-up calcs indicate that the defined acceptable temperatures will be exceeded. However, in a limited number of cases, it appeared that the room temperature might still be rising slowly after 24 hours2.777778e-4 days 0.00667 hours 3.968254e-5 weeks 9.132e-6 months , such that acceptable temperatures could later be exceeded; these should be examined in more detail. The temperature limits selected for equipment operability may also be conservatively-specified, and could be reviewed to determine if higher limits might be appropriate.

1999 3-7 Element Review Summary Tables September, September, 1999 3-7 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table TH (Report)

PR PEE REIE REOR ELEMENT: THERMAL HYDRAULIC ANALYSIS (TH)

Documentation: The PSS included a detailed summary of success criteria but there is no success criteria notebook for the current PRA. Important success criteria are noted, on an event-by-event basis, in the event tree notebook and also in the system notebooks.

However, it is difficult to relate some of the criteria to specific applications in the master fault tree. Some spot-checking was performed and the fault tree logic appeared to be correct (but generally more conservative than realistic). The MAAP run documentation for the SBO calcs appears to provide a good description of what is analyzed for each case, along with conclusions regarding the results. As future TH calcs are done, it is recommended that a success criteria notebook (or section in an existing notebook) be created to allow clear traceability of the connection between specific criteria and their supporting analyses.

Recommended Enhancements: Update/upgrade all success criteria analyses that have been carried over from the PSS (contingent grade item). Clarify the definition of core damage for the entire PRA, and consider adopting a criterion such as MAAP 4 hot node temperature less than 12000F, for consistency with the EOP/SAMG transfer criterion on core exit thermocouple temperature, and to avoid the need to consider clad oxidation calculations. Create a success criteria notebook or notebook section that includes, for each criterion specified, an indication of the MAAP run number or reference to other supporting calculations, and also an indication of all the corresponding master fault tree identifier(s) (or event tree branch names) where the success criterion is applied.

Overall Process Assessment: A strong success criteria foundation exists, and NU has begun to modernize this. Once the recommended enhancements (or their equivalents) are addressed, the thermal hydraulic analyses and related engineering calculations supporting success criteria should be adequate to support risk-informed applications supported by deterministic analyses.

Recommended Element Grade:

"o Grade 1 - Supports Assessment of Plant Vulnerabilities "OGrade 2 - Supports Risk Ranking Applications

@ Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input 0 Grade 4 - Provides Primary Basis For Application 1999 3-8 3-8 Element Review Summary Tables September, 1999 September, Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA Peer Review Report Table SY (Report)

I PR-A PEE REIE ELEMENT: SYSTEMS ANALYSIS (e.g., Fault Trees) (SY)

REPOR Guidance: There is a systems analysis guidance document that provides considerable guidance to the skilled fault tree analyst who has extensive experience with Millstone's PRA models. It could be improved by adding more detail for those who may not quite so experienced, particularly in terms of expectations of quality and consistency with Millstone's modeling philosophy as required for the linked fault tree model.

Systems Modeled: In general, an appropriate set of systems was selected for modeling.

However, consideration should be given to additional modeling of secondary systems (e.g.,

MFW), and the steam relief should be included in the model or better discussed, for completeness.

System Model Structure (Fault Tree): The fault trees include extensive, detailed modeling; fault tree logic reviewed appeared to be accurate with the exception of one or two specific logic errors that were noted. In one case (i.e., ESFAS), it was noted that the modeling may be perhaps too detailed for the available plant data. Treatment of spatial dependencies was not well described in the notebooks.

Success Criteria: There is heavy reliance on the success criteria from the IPE and PSS, without reviewing for continuing relevance to today's MP3 plant. Although the criteria generally appear reasonable and should be able to support applications, specific suggestions for improvement have been made.

Recommended Enhancements: Specific recommendations have been noted in the F&O sheets. In addition, NU should continue actions previously planned (new MAAP runs, etc),

and review all spatial dependencies.

Overall Process Assessment: The systems analysis supports risk significance evaluations with deterministic input, contingent on addressing the items noted above and in the contingent graded F&O sheets. In particular, care should be taken with applications sensitive to potential environmental effects and/or success criteria from the PSS.

Recommended Element Grade:

"O Grade 1 - Supports Assessment of Plant Vulnerabilities "O Grade 2 - Supports Risk Ranking Applications

@ Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input 0 Grade 4 - Provides Primary Basis For Application 3-9 Element Review Summary Tables September, 1999 September, 1999 3-9 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table DA (Report)

PR-A PEE REIE REOR ELEMENT: DATA ANALYSIS (DA)

Guidance/Documentation: A comprehensive procedure exists for data analysis, including an automated spreadsheet that aids computation and provides traceable documentation.

Comments are provided on F&O sheets concerning several of the criteria in that procedure that differ somewhat from practices at other plants. A common cause failure determination procedure is also available, which reflects current industry practice, except that more emphasis should be placed on plant-specific evaluation of generic CCF data for high risk significant events.

Plant Specific Component Data: Component failure data is obtained from plant operating records, based upon failure experience and estimated demands and running hours.

Bayesian update of generic data sources is performed using this plant-specific data. Some minor comments were provided concerning grouping of failure data and appropriate use of Bayesian techniques.

System/Train Unavailabilities: Using Maintenance Rule data, unavailabilities were computed for all major components. Bayesian update of generic sources is performed using this plant-specific data. Trending of the data is also performed, which is a strength. Some minor comments were provided concerning grouping of the unavailability data.

Common Cause Failure Quantification: While the guidance documents reflect current industry methods, the PRA itself still uses older methods and data. NU indicated that it is planned to incorporate the more recent data/methods in a future update, and the peer review team concurs with this.

Unique Unavailabilities or Data Modeling Issues, e.g., Offsite Power Recovery Quantification: Plant-specific data was the primary source for these items. Some specific comments were provided in the F&O sheets for certain items.

Recommended Enhancements: Implement the new common cause failure methods/data described in the current procedure (after updating in response to comments provided).

Consider other minor comments provided in the Fact & Observation Sheets.

Overall Process Assessment: The data analysis element reflects current industry methods.

Plant-specific data is utilized extensively. The use of an automated spreadsheet provides a traceable documentation format. The PRA's data is well suited to support risk-informed applications supported by deterministic input, but it is strongly recommended that the CCF data be updated as noted above.

September. 1999 3 - 10 Element Review Summary Tatbles v v. r . ... . .I bles

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table DA (Report)

I PR-A ELEMENT: DATA ANALYSIS (DA)

PEE REIE REOR Recommended Element Grade:

0 Grade 1 - Supports Assessment of Plant Vulnerabilities 0 Grade 2 - Supports Risk Ranking Applications 0 Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input 0 Grade 4 - Provides Primary Basis For Application September, 1999 3 - 11 Element Review Summary Tab les

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table HR (Report)

I I ELEMENT: HUMAN RELIABILITY ANALYSIS (HR)

Guidance: The guidance document is effective in addressing the main aspects of the HRA and provides adequate guidance on performing a good quality HRA.

Pre-initiator Human Actions: The original PRA model (PSS) did not include pre-initiator HRA.

While currently there is guidance to consider and include Type A (pre-initiator) human errors in the system fault trees, the process of implementing this guidance, in support of the current update, is not complete and has only been implemented for a couple of specific type A errors in the RHR and SIH systems (Valve mis-alignment.) Other type A errors, for example, mis calibration of the redundant instrumentation channels, are not modeled. The PRA group is aware of this limitation.

The current treatment of the type A human actions in the PSA model may affect the representation of the risk profile, and may not be appropriate for some applications.

Post-Initiator Human Actions: The treatment of this class of human errors in the current MP3 PRA model is also inadequate compared with that used in the state-of-the-art PRA models. Again, while there is guidance to perform more detailed HRA on risk significant actions (following the screening evaluation) the current PRA update has performed a detailed HRA for only one class of actions: Operators fail to switch ECCS from injection phase to recirculation phase following Large, Medium, or Small LOCA. The PRA group is aware of this limitation.

The above limitations of the Human Error Probability evaluation (HEPs) could lead to limitations in the ability to use the PRA for certain risk-informed applications. For example, it would be very difficult to assess the potential impact of a plant procedural change on the HEPs (and therefore the model) if a clear relationship between the procedure and the parameters used in calculating the HEP values is not established.

Treatment of Dependencies: Dependencies appear to be adequately addressed. The process used to control the exclusion of the dependent human actions is not formal (and is not adequately documented). However, based on a review of the results and discussion with PRA staff, the implementation seems to be effective. The process for using the elevated HEP sensitivity runs to refine the conditional HEP values should be documented and could be implemented more visibly.

Documentation: Overall, the documentation of the human actions that are included in the model is adequate. However, the documentation of the process for dealing with dependencies should be improved.

September, 1999 i

3 - 12 Element Review Summary Table S

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table HR (Report)

P R P E E R E IE R E O R I ELEMENT: HUMAN RELIABILITY ANALYSIS (HR)

Recommended Enhancements: Follow the NU HRA guidance document. Include Type A errors, especially where multiple trains and/or systems may be affected (mis-calibration of the instrumentation channels). The methodology described in the guidance document should be implemented fully for all risk significant actions (suggestion: Apply to all actions with FV>0.001)

The HRA screening values used in the model seem to be too low to be considered as screening values. For example, the HRA value of 2.QE-4 for mis-alignment of the RHR manual return valve to the RWST (RHXVMRV43NX) seems to be very low for a screening value. Low HEP values should be supported by a rigorous HRA evaluation that includes operator behavior and/or simulator examination. Use of conservative screening values is only appropriate for non risk significant human actions.

Overall Process Assessment: The HRA treatment in the model seems to be incomplete compared with that used in the state-of-the-art PRA models. The guidance for the future treatment of the HRA is effective, and when used, will provide a reasonable estimate for this class of contributors to the risk. The current updated model does provide evidence that the guidance is beginning to be effectively implemented. In summary, the HRA is adequate to support risk ranking applications, but the current treatment of the HRA in the MP3 PRA model is not adequate for risk-informed applications involving evaluation of risk significance. Until the recommended enhancements are addressed, risk-informed applications of the PRA should include an assessment of sensitivity to impacts of the identified items.

Recommended Element Grade:

0 Grade 1 - Supports Assessment of Plant Vulnerabilities 0 Grade 2 - Supports Risk Ranking Applications O Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input 0 Grade 4 - Provides Primary Basis For Application 1999 3-13 3-13 Element Review Summary Tables September, 1999 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA Peer Review Report Table DE (Report)

PA PEE REIE REPORT ELEMENT: DEPENDENCY ANALYSIS (DE)

GuidancelDocumentation: Guidance should be developed to address a number of processes, such as plant walkdowns, flooding analysis, and development of intersystem dependency matrixes.

Dependency Matrices: There is a dependency notebook which contains relevant information, particularly with regarding where support systems are modeled as affecting frontline equipment. This is useful for analysts or reviewers seeking information about dependency treatment within the model. However, the dependency matrices address dependencies only on a higher (less detailed) level, showing only whether or not there is an inter-system dependency.

It would be useful to present more detail, such as train dependencies, partial vs. total dependencies, etc., with explanations of such partial dependencies. In addition, a matrix showing the impact of initiating events on systems would be useful.

Common Cause Treatment: Common cause modeling appeared to be appropriately implemented. However, additional system modeling guidance should be provided regarding how to create common cause groups and consistently model them in the fault trees. (Also see common cause comments listed under Data Analysis.)

Spatial Dependencies: With the exception of the impact of loss of HVAC on equipment (which has a well-documented calculation), the bases for addressing or not addressing spatial dependencies should be reviewed, brought up-to-date (from the PSS), and documented.

Examples include HELB effects, flooding, spray effects. Although potential SW intake-related issues were discussed, the reviewers were concerned that the potential for such effects, which have largely been evaluated qualitatively, might be underestimated.

HI Dependencies: There should be a documented review of pre-initiators, particularly those that could lead to common effects across systems or components. Elements HR-4 through 7 contain further discussion on this topic.

Recommended Enhancements: Address the issues noted above.

Overall Process Assessment: While there is good information between the current notebooks, the IPE, and the PSS in all of these sub-elements, much of it needs to be brought up to date and to current methods.

Overall, the treatment of dependencies in this PRA is adequate to support risk-ranking applications. Until the recommended enhancements are addressed, risk-informed applications of the PRA should include an assessment of sensitivity to impacts of the identified items.

Sentember v v . ...

F 1999

. . 7 . . .

3 - 14 Element Review Summary Tabiles

CONFIDENTIAL Millstone NuclearPower Station Unit 3 PRA PeerReview Report Table DE (Report)

PRA PEE REIE REPORT I

ELEMENT: DEPENDENCY ANALYSIS (DE)

Recommended Element Grade:

O Grade 1 - Supports Assessment of Plant Vulnerabilities 0 Grade 2 - Supports Risk Ranking Applications "OGrade 3 - Supports Risk Significance Evaluations w/Deterministic Input "O Grade 4 - Provides Primary Basis For Application 3-15 Element Review Summary Tables A

1999 September, 1999 September, 3-15 Element Review Summary Tables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table ST (Report)

! PRA PEE REIE REPOR I

ELEMENT: STRUCTURAL RESPONSE (ST)

GuidancelDocumentation: The guidance for this technical element is generally specific to each sub-element. Adequate guidance was found for each of the sub-elements, generally in the documents that are referenced in the PRA implementation of those sub-elements. For example, WCAP-1 1992 provides the guidance for the ATWS analysis, and the PSS Level 2 analysis includes information that serves as guidance for that analysis.

RPV Capability: An appropriate basis is used for ATWS overpressure. Excessive LOCA (reactor vessel rupture) is not explicitly included in the current model, as it was screened out based on results of the PSS. Specific discussion of pressurized thermal shock was not noted in the PRA documentation; although this phenomenon is not expected to be a real issue for plants similar in vintage and operating history to Millstone 3, the updated PRA should at least address this issue.

Containment Capability: The Millstone 3 PRA containment capability determination is that performed for the Level 2 PSS. That study provides a sound basis for the PRA, but assumptions in that study should be reviewed to determine that they remain valid. Refer to comments in the L2 element summary for this peer review for additional comments.

Pipe Overpressurization: The ISLOCA evaluation is a generic assessment of pipe overpressurization pathways, and appears to have considered only a limited number of potential pathways and failure mechanisms. An updated evaluation of ISLOCA should be performed for use with risk-informed applications of the PRA, since this is typically an important LERF contributor.

Recommended Enhancements: Recommendations have been made in the related fact &

observation sheets to update the Level 2 containment performance analysis and the ISLOCA analysis from the PSS, and to include a qualitative or quantitative evaluation of pressurized thermal shock. Excessive LOCA (RPV rupture) should also be addressed in the current PRA.

Overall Process Assessment: Most of the important aspects of this technical element are addressed in the PRA or the PSS. The treatment of structural response sub-elements is reasonable and adequate for use in risk-ranking applications.

Until the recommended enhancements are addressed, risk-informed applications of the PRA should include an assessment of sensitivity to impacts of the identified items.

Recommended Element Grade:

0 Grade I - Supports Assessment of Plant Vulnerabilities E0 Grade 2 - Supports Risk Ranking Applications O Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input Ol Grade 4 - Provides Primary Basis For Application Seotember. 1999 WWlW .....

3 - 16 Element Review Summary Tal )les

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA Peer Review Report Table QU IELEMENT: QUANTIFICATION (QU)

PR-A PEE REIE REPORTS I

Guidance/Documentation: A separate guidance document does not exist, but the calculation file describes the quantification steps used. More detailed description of the process, however, would be useful for engineers not yet familiar with the specific process used at NU. The calculation documentation provides good traceability of the inputs and outputs. Software control is well managed.

Dominant Sequences: The dominant sequences display some significant conservatism and simplistic modeling, which should be eliminated if possible in future PRA updates. Some comments were also provided concerning the treatment of certain initiators (including SGTR) and the treatment of common cause and human reliability dependencies. Review of the non-dominant sequences identified a limitation of the current software version being used (an update to the current version should eliminate this problem).

TruncationlRecovery Analysis: Recovery analysis is performed on all sequences using a rule-based process. The overall model truncation level is adequate per current industry guidance. However, no sensitivity studies were performed to ensure that the truncation level results in a convergent solution. In addition, many event tree sequences show no cutset results because they are of low frequency and a uniform truncation level is used, and hence cannot be reviewed.

Uncertainty: Uncertainty analyses have not been performed for the current PRA update.

Some Risk-Informed applications may benefit from uncertainty evaluation. Also, only a limited set of sensitivity studies is routinely performed for each update. Additional sensitivities should be performed to ensure that results are meaningful and to identify important assumptions and areas for further model and data development.

Results Summary: The quantification calculation provides basic summary information.

However, additional details should be provided (discussion of dominant sequences, important assumptions in the analysis, important basic events and operator actions, etc.).

Recommended Enhancements: Ensure that the PRA software versions used have appropriate capabilities for the current model (i.e., update software as appropriate). Review dominant sequences for excess conservatisms, and compare PRA results to those of other similar plants to ensure consistency. Perform truncation studies and sensitivity studies to validate the model's results, and perform at least a qualitative evaluation of uncertainties.

Provide a narrative summary of results for communication of risk insights to other plant organizations.

Spntember I 1999 3 - 17 Element Review Summary Talbles

CONFIDENTIAL Millstone NuclearPower Station Unit 3 PRA Peer Review Report Table QU I

E-LEMENT: QUANTIFICATION (QU)

PA PEE REIE REPORT II s5)verall Process Assessment: The overall quantification framework appears sound. More tudy and analysis (with appropriate documentation) of the calculated results should be performed to ensure that the PRA's overall results are correct (e.g., truncation studies, ensitivity studies, comparison with other PRAs). The current quantification element is a dequate to support risk-ranking applications. Until the recommended enhancements note d here and in the Fact & Observation sheet are addressed, risk-informed applications of the

'RA should include an assessment of sensitivity of the application results to impacts of the icdentified items.

Recommended Element Grade:

o Grade 1 - Supports Assessment of Plant Vulnerabilities 0 Grade 2 - Supports Risk Ranking Applications "o Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input "o Grade 4 - Provides Primary Basis For Application September, 1999 3 - 18 Element Review Summary- Fables

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table L2 (Report)

! PRA PEE ELEMENT: CONTAINMENT PERFORMANCE ANALYSIS (L2)

REIE REPORT I

Guidance/Documentation: There was no separate guidance document to support future updates of the Level 2 PRA and LERF analysis; hence the basis for the evaluation of guidance is the existing documentation. This documentation includes the current LERF calculation and the 1983 vintage PSS report. The documentation is transparent and clearly describes the existing LERF analysis and references to the previous PSS evaluation are clear. The capability to trace to source calculations supporting the PSS is handicapped due to the long time frames involved. As the state of the art of Level 2 PRA has changed a great deal since the PSS was completed, it would be extremely useful in support of future updates and applications in which LERF issues arise to update the Level 2 severe accident analysis and documentation and to provide separate guidance to support updates. This point is apparently appreciated by the MP3 PRA team as they have already performed more contemporary Level 2 evaluations for Unit 1 and Unit 2.

Level 1/Level 2 Interface: The interface that currently exists is with respect to the 1980's vintage Level 2 study which was state of the art in its day but is now out of date. When the Level 2 is updated the plant damage state definitions will need to be refined which will in turn place new requirements on the Level 1 models and the interface. An updated interface will be needed for future applications that are sensitive to LERF.

Phenomena CETs/HEPs/System Considered/Success Criteria: There are current severe accident phenomena that were either not known or poorly understood when the PSS was performed. Steam explosions are viewed to be more likely, the capacity for debris bed cooling and the importance of reactor pressure at the time of core damage is now better appreciated. Direct containment heating and thermal creep rupture of RCS components are now better understood in comparison to what was known when the PSS was completed. NU plans to update the entire Level 2 analysis. The peer review team highly supports this decision as itwill enhance the capability to support applications that may be sensitive to LERF. For LERF-sensitive applications that may be considered prior to updating the Level 2 model, the simplified methodology described in NUREG/CR-6595 may be a useful option.

Ultimately, an updated full scope Level 2 would be useful to support an even wider set of potential applications which may be sensitive to source term evaluations.

Containment Capability Assessment: Although the state of the art in Level 2 PRA analysis has changed since the PSS was performed, the state of the art in probabilistic evaluation of containment structures has not changed very much since the PSS was performed. Thus, since the PSS evaluation appears to provide a realistic assessment of containment strength, the updated Level 2 PRA should only need to review the current applicability of the previous work. This is considered a strength of the current Level 2 assets for MP3.

September. 1999

__w.l. . . . . . . I 3 - 19 Element Review Summary Ta bles

CONFIDENTIAL Millstone Nuclear Power Station Unit 3 PRA PeerReview Report Table L2 (Report)

I PR A PEE ELEMENT: CONTAINMENT PERFORMANCE ANALYSIS (L2)

REIE REPORT II E*nd-state Definitions: The current Level 2 end-states are sufficient to support not only LIERF-sensitive applications, but also a broad range of Level 2 PRA applications.

LEERF Definition: An appropriate definition of LERF was used and appropriately applied in th e e current LERF calculation. Due to our current perspective that the PSS treatment of som of the severe accident phenomena are conservative, application of the results from the PSS s

C( ntainment event tree analysis in the current LERF calculation may introduce conservatism in the LERF estimate. Hence the current LERF estimate, while adequate for risk ranking arpplications, will need to be updated as discussed above for applications that require a rE*alistic LERF evaluation.

R ecommended Enhancements: It is recommended that the LERF capability be updated.

0 iptions for this include using NUREG/CR-6595 (simplified model) or a full scope update S5upported by updated evaluation of accident progression, using MAAP 4.0. The plant d.amage states and Level 1/Level 2 interface will also have to be revised. These e nhancements should be pursued to the extent needed for realistic estimation of LERF and LERF sensitive applications. Such enhancements would be expected to support Grade Levi 3 or 4 applications. A separate guidance document that supports future updates and n nanagement of the Level 2 PRA and Level 1/Level 2 interface should be provided, or 0 therwise ensure that the updated evaluation be documented to facilitate this purpose.

O)verall Process Assessment: The current LERF model supports risk ranking applications T he recommended enhancements should be implemented to support applications that r(equire a realistic LERF evaluation.

R*ecommended Element Grade:

O Grade 1 - Supports Assessment of Plant Vulnerabilities 0 Grade 2 - Supports Risk Ranking Applications O Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input o Grade 4 - Provides Primary Basis For Application September, 1999 3 - 20 Element Review Summary Tables

CONFIDENTIAL Millstone NuclearPowerStation Unit 3 PRA PeerReview Report Table MU (Report)

I PR.A PEE ELEMENT: MAINTENANCE AND UPDATE PROCESS (MU)

REIE REPORTS I

Guidance: Guidance is limited to primarily administrative details of update and control rather than addressing technical issues. Recommendations have been made in the F&O sheets for adding guidance to address technical aspects of the update process.

Input: The current update reflects recent component failure and unavailability data. However, in other areas, such as plant and procedure changes and operating experience, there is no evidence of a systematic assessment for model impacts. Specifically, update guidance related to maintaining the model current with the plant should be developed to address issues beyond component failure and unavailability data.

Model Control: There is good administrative control of the model and code software to assure that the current model is controlled.

UpdatelMaintenance: The current update generally illustrates good practice in model updating and control. However, there is no guidance to direct review and validation of the results.

Application Re-evaluation: NU indicated that there are plans to re-evaluate Maintenance Rule related applications. However, no systematic plan was identified for reviewing other PRA applications when the PRA model is updated, to see if they should be updated.

Documentation: The current update & maintenance process is documented in an Safety Analysis Branch procedure. It is recommended that this procedure be upgraded to address the items noted above.

Recommended Enhancements: The process of model update should include at least two key elements: a review of changes to the plant and operating experience (on a scheduled and an as-needed basis), and a rigorous review and validation of the results (PRA and application).

Overall Process Assessment: The current update and maintenance process for the PRA is generally sufficient to support risk ranking applications, although a more structured process of updating should be considered. Risk significance applications that rely more heavily on risk results would require implementation of the recommended enhancements.

Recommended Element Grade:

El Grade 1 - Supports Assessment of Plant Vulnerabilities IRlGrade 2 - Supports Risk Ranking Applications

"[ Grade 3 - Supports Risk Significance Evaluations w/Deterministic Input "0 Grade 4 - Provides Primary Basis For Application 3-21 Element Review Summary Tables September, 1999 September, 1999 3 -21 Element Review Summary Tables

Revised Technical Specification Bases Page B 3/4 4-2a

REACTOR COOLANT SYSTEM BASES 3/4.4.3 PRESSURIZER (cont'd.)

The 12-hour periodic surveillances require that pressurizer level be maintained at programmed level within + 6% of full scale. The surveillance is performed by observing the indicated level. The 12-hour interval has been shown by operating practice to be sufficient to regularly assess level for any deviation and to ensure that the appropriate level exists in the pressurizer.

During transitory conditions, i.e., power changes, the operators will maintain programmed level, and deviations greater than 6% will be corrected within 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months . Two hours has been selected for pressurizer level restoration after a transient to avoid an unnecessary downpower with pressurizer level outside the operating band. Normally, alarms are also available for early detection of abnormal level indications.

Electrical immersion heaters, located in the lower section of the pressurizer vessel, keep the water in the pressurizer at saturation temperature and maintain a constant operating pressure. A minimum required available capacity of pressurizer heaters ensures that the RCS pressure can be maintained.

The capability to maintain and control system pressure is important for maintaining subcooled conditions in the RCS and ensuring the capability to remove core decay heat by either forced or natural circulation of the reactor coolant. Unless adequate heater capacity is available, the hot high-pressure condition cannot be maintained indefinitely and still provide the required subcooling margin in the primary system. Inability to control the system pressure and maintain subcooling under conditions of natural circulation flow in the primary system could lead to a loss of single-phase natural circulation and decreased capability to remove core decay heat.

The LCO requires two groups of OPERABLE pressurizer heaters, each with a capacity of at least 175 kW. The heaters are capable of being powered from either the offsite power source or the emergency power supply. The minimum heater capacity required is sufficient to maintain the RCS near normal operating pressure when accounting for heat losses through the pressurizer insulation. By maintaining the pressure near the operating conditions, a wide margin to subcooling can be obtained in the loops. The requirement for two groups of pressurizer heaters, each having a capacity of 175 kW, is met by verifying the capacity of the pressurizer heater groups A and B. Since the pressurizer heater groups A and B are supplied from the emergency 480V electrical buses, there is reasonable assurance that these heaters can be energized during a loss of offsite power to maintain natural circulation at HOT STANDBY. Providing an emergency (Class 1E) power source for the required pressurizer heaters meets the requirement of NUREG-0737, "A Clarification of TMI Action Plan Requirements,"

II.E.3.1, "Emergency Power Requirements for Pressurizer Heaters."

If one required group of pressurizer heaters is inoperable, restoration is required within 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months . The Completion Time of 72 hours8.333333e-4 days 0.02 hours 1.190476e-4 weeks 2.7396e-5 months is reasonable considering that a demand caused by loss of offsite power would be unlikely in this time period. Pressure control may be maintained during this time using normal station powered heaters.

MODE 3 The requirement for the pressurizer to be OPERABLE, with a level less than or equal to 89%, ensures that a steam bubble exists. The 89% level preserves the steam space for pressure control. The 89% level has been established to ensure the capability to establish and maintain pressure control for MODE 3 and to ensure a bubble is present in the pressurizer. Initial pressurizer level is not significant for those events analyzed for MODE 3 in Chapter 15 of the FSAR.

MILLSTONE - UNIT 3 B 3/4 4-2a Amendment No. Jf7, 0816

ML021420114

Contents

Text

Response

Response

Response

Response

Response

Response

Response

SUMMARY

SUMMARY

Navigation menu

ML021420114

Text

Response

Response

Response

Response

Response

Response

Response

SUMMARY

SUMMARY

Navigation menu

Search