ML021970063

From kanterella
Jump to navigation Jump to search
April 29, 2002 Point Beach NMC Slides, Potential Common Mode Failure Auxiliary Feedwater
ML021970063
Person / Time
Site: Point Beach  NextEra Energy icon.png
Issue date: 04/29/2002
From:
Nuclear Management Co
To:
Office of Nuclear Reactor Regulation
Shared Package
ML021970045 List:
References
Download: ML021970063 (55)
v  d  e


Text

Point Beach Nuclear Plant Potential Common Mode Failure Auxiliary Feedwater April 29, 2002

2 AGENDA

 Introduction (Mark Warner)

 System Design (Lori Armstrong)

 Risk Assessment (Jim Masterlark)

 Root Cause & Corrective Actions (Fred Cayia)

 Inspection Report Opportunities (Lori Armstrong)

 Operations Perspective (Jerry Strharsky)

 Reactor Oversight Process (Tom Webb)

 Conclusion (Mark Warner)

3 AFW SYSTEM DESIGN Lori Armstrong

4 AFW DESIGN BASIS

Supply water to SG to remove decay heat and replenish SG inventory

Safety-Related Functions:

 Supply FW during accidents with main steam safety valve opening

 Supply FW during accidents which require rapid RCS cooldown

 Isolation capability

6 RISK ASSESSMENT Jim Masterlark

7 ORIGINAL IPE ANALYSIS

Original PRA (IPE)

 Used System Functional Method

  • Failure modes based on design basis information
  • Modeled open failure mode of recirc valve
  • Accepted industry method

 Operator actions were evaluated where they could be credited to mitigate a failure

8 ORIGINAL IPE ANALYSIS

 Original IPE identified failure mode of recirc valve in the closed position

  • Pump overheating potential outcome
  • Recirc valve failure mode not modeled
  • The PRA did not model that the flow could be stopped early in the event o Overfilling steam generators o Overcooling RCS

9 PRA UPDATE PROJECT

 Self initiated voluntary project

 Ongoing formal evaluation of PRA model

 Most risk significant systems evaluated first

 Revalidates model assumptions

 Four primary reasons for update

 Validates changes in plant since original PRA model

 Adds sophistication for better use of on line Safety Monitor

 Update reliability and availability data

 Expand Human Reliability Analysis

10 PRA UPDATE PROJECT

 Use of Failure Modes and Effects Analysis

 Determines possible failure modes

 Rigorous evaluation for each component

  • Capture failure mode in fault tree, or
  • Document reason that it is not included

 Analyze to determine effect of failure modes on system operation

 Determination of how component could get to each position analyzed

  • Equipment failure
  • Operator action
  • Support system failure

11 FMEA

FMEA for AFW System

 Failure effects of Recirculation Valve

  • Open position - flow diversion
  • Closed position - potential for maloperation of pump

 Human Error Analysis and Timeline Analysis

  • Identified that discharge valve could be closed prior to gagging open recirculation valve

12 FMEA

Summary

 The identification of this issue required the combination of a failure modes and effects analysis with time line studies from a Human Error Analysis

 This combination of analyses is unique to the PRA

13 ROOT CAUSE, CORRECTIVE ACTION, and EXTENT of CONDITION Fred Cayia

14 PROBLEM STATEMENT

EOP-0.1, Reactor Trip Response, did not contain the specific operator actions needed to :

 Assure in all instances operators consistently control or stop AFW flow to prevent AFW pump damage under certain conditions

  • Those conditions are loss of instrument air coincident with steam generator overfill or RCS overcooling

15 IMMEDIATE CORRECTIVE ACTIONS

Immediate Actions

 Information tags placed

 Shifts briefed and trained on issue

 Simulator training for each crew

 Procedure changes

 Notification made to NRC

 Root Cause Evaluation initiated

  • Multidiscipline RCE Team

16 ROOT CAUSE

EOP validation process did not evaluate the interaction between:

 Design

 Procedure

 Human Error Timeline Analysis

Typical industry approaches have not included Human Error Timeline Analysis

17 COMPLETED ACTIONS

Procedure Changes

 EOPs

 AOP for Loss of IA (AOP-5B)

Design Modifications to Recirculation Valve

 Pneumatic backup

EOP validation process has changed to incorporate PRA into the validation

Simulator changed to model AFW pumps during response to low flow conditions

18 EXTENT OF CONDITION

 Previously evaluated four top risk significant systems

 EOP steps evaluated to ensure successful implementation on a loss of instrument air

 Reviewed PRA assumptions for operator actions on the next two risk-significant systems

 Systems reviewed comprise 80% of CDF risk

19 OTHER ISSUES IDENTIFIED

Design Basis fire causes failure of AFW pumps

 Compensatory fire rounds initiated

Nitrogen back-up to charging pumps undersized for Appendix R event

 Compensatory fire rounds initiated

Potential to identify additional improvements

20 CONTINUING ACTIONS

Continue the PRA project

Factor PRA insights into

 Operating Procedures

 Operator training

21 INSPECTION REPORTS OPPORTUNITIES Lori Armstrong

22 INSPECTION REPORT OPPORTUNITIES

 Examples Listed by NRC

 GL 81-14 (AFW seismic issues)

 GL 88-14 (Loss of IA)

 1989 station blackout (SBO) submittal

 GL 88-20 (IPE submittal - 1993)

 1994 original AFW DBD

 1997 AFW N2 backup modification

 1997 IST - DBD discrepancy

23 ISSUE IDENTIFICATION

Three elements need to be evaluated concurrently to identify this issue

 Design

 Procedural Guidance

 FMEA Timeline Study

24 GL 81-14 (1981)

GL 81-14 Requirement

 Determine extent of AFWS seismic qualification

PBNP Action

 Performed reviews and walk-downs

 Completed NRC Bulletin 79-14 AFW modifications

 Installed AFW recirc valve supports

25 GL 81-14 KEY ELEMENTS

SUMMARY

 Design Review

 Reviewed seismic adequacy of foundations, supports, and structures.

 Ensured system would remain functional following a seismic event

 Procedures

 Review of system operating procedures was not an expected response to the GL

 Therefore, this very specific design review would not identify the time dependent procedural vulnerability

26 GL 88-14 (1988)

GL 88-14 Requirement

 Review of instrument air system

  • Emergency procedures and training
  • Air operated safety-related components

PBNP Action

 Verified loss of IA procedure acceptable

 Periodic training provided

 Concluded IA not required for component/

system safety-related functions

27 GL 88-14 KEY ELEMENTS

SUMMARY

 Design

 Verified performance of safety-related functions with loss of IA

 Verified AFW recirc valves must fail close to assure AFW safety-related function

 Procedures

 Verified that adequate procedures existed to address a loss of instrument air (gagging open recirc valve)

 FMEA Timeline

 PRA techniques not available

 Lacking the Human Error Timeline Analysis tool, it was not expected to identify this issue

28 SBO RULE (1989)

10 CFR 50.63 requirement

 Withstand a station blackout of a specified duration

PBNP Action

 No AOVs are required to operate for one hour to cope with a SBO

 AFWS operation is independent of AC and IA for 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />

 Only turbine driven AFW pumps available

 SBO Emergency Response Procedures

29 SBO RULE KEY ELEMENTS

SUMMARY

Design

 Verified units could withstand SBO

 Prescriptive assumptions defined course of the event to demonstrate compliance with the rule

  • High initial decay heat (100% power for 100 days)
  • No additional independent failures
  • All equipment operating or available and IA restored within one hour

Based upon high decay heat load, not credible to stop flow in first hour

30 IPE SUBMITTAL (1993)

GL 88-20 Requirement

 Directed licensees to submit a program/schedule for completing an IPE

PBNP Action

 Performed an IPE using accepted industry method

31 IPE SUBMITTAL KEY ELEMENTS

SUMMARY

 Design

 IPE uses system functional method

 Pump overheating potential outcome

 Procedures

 Verified recirc valves gagged open on loss of instrument air

 FMEA Timeline Analysis

 Operator actions only modeled for mitigation of failure

 Accepted industry method did not use FMEA Timeline Analysis

 Based on the method used this was not a missed opportunity

32 AFW DBD (1994)

NRC Inspection Report stated

 DBD-01 stated recirc valve had safety-related open function

 Open function not reconciled with fail closed safety function on loss of instrument air

The DBD is an engineering tool and does not provide an operational perspective.

33 AFW DBD KEY ELEMENTS

SUMMARY

 Design

 DBD is an Engineering tool that contains the limits of designs and the reasons for these limits

 Confirmed that the design basis requirements were adequately contained in the procedures

 Performed a single failure evaluation to disposition conflict

  • Result was a closed safety function for the recirc valve

 Not expected to assume the design basis approach would find the time dependent procedure vulnerability

34 AFW N2 MODIFICATION (1997)

Inspection Report

 Concern was not evaluating other air operated valves in the AFW system on a loss of IA, as part of this modification

Modification Purpose

35 AFW N2 MODIFICATION KEY ELEMENTS

SUMMARY

Design

 Modification identified that recirc valve failed closed on loss of IA

 Credited forward flow for pump protection

 Subsequent PRA update incorporated modification to discharge valves

Procedures

 Reviewed for impact of design changes

Therefore this design review was not a missed opportunity

36 IST-DBD ISSUE (1997)

IST-DBD discrepancy identified via a condition report:

 No open function testing of the AFW recirc line check valves

 AFW recirc AOVs were open function tested in the IST program

 DBD listed an open safety function for AFW recirc valves to prevent pump damage

37 IST-DBD ISSUE KEY ELEMENTS

SUMMARY

IST Program periodically confirms the safety related functions of components

Discrepancy resolution based on 1994 DBD evaluation

Result was a closed safety function for recirc valves and no open safety function

Revised DBD

This design review would not find the time dependent procedure vulnerability

EVALUATION OF PRIOR OPPORTUNITIES N/A N/A Yes IST-DBD Issue (1997)

N/A N/A Yes AFW N2 Backup Mod (1997)

N/A Yes Yes AFW DBD (1994)

N/A Yes Yes GL 88-20 (1993) IPE Submittal N/A Yes Yes SBO Rule (1989)

N/A Yes Yes GL 88-14 (1988) Loss of IA N/A N/A Yes GL 81-14 (1981) AFW Seismic FMEA Timeline Procedures Design Potential Missed Opportunities

39 CONCLUSIONS

AFW system design was acceptable

Loss of Instrument Air procedure correctly identified recirc valve failure mode and manual actions for gagging open valve

FMEA Timeline Analysis was required to identify the vulnerability in the EOP

40 OPERATIONS PERSPECTIVE Jerry Strharsky

41 OPERATOR TRAINING

PRA based

 Recognized industry strength

AFW system and loss of IA transients previously identified as training significant

 Frequent training on AFW and loss of IA transients

Minimum flow requirements well known

42 DEMONSTRATED OPERATOR PERFORMANCE

 1989 Loss of IA

 Occurred during Unit 2 trip

 Operators responded properly

 Operating unit transient avoided

 1998 AFW Pump Recirc Valve Found Failed Shut

 Operator starting an AFW pump observed that recirculation valve did not open

 Immediately secured the pump

43 OPERATIONS

SUMMARY

 Operator risk based training combined with the technical elements of component and system, operation and design, ensured our operators had the knowledge to properly diagnosis and respond to this condition

 Previous operator performance has demonstrated that appropriate actions are taken in response to events with similar concerns

 Confident in our operating crews ability to diagnose and respond to events of this complexity and significance

44 REACTOR OVERSIGHT PROCESS Tom Webb

45 REACTOR OVERSIGHT PROCESS

The probabilistic risk assessment:

 used realistic assumptions for equipment failure

 used accepted assumptions for human performance

 vulnerability had high safety significance

Conclusion:

 Further regulatory action is not warranted

46 REACTOR OVERSIGHT PROCESS

Old Design Issue Treatment (IMC 0305)

 Licensee identified as a result of a voluntary initiative

 Was or will be corrected

 Not likely to be identified by routine licensee efforts

 Does not reflect a current performance deficiency

47 IMC 0305

 Old Design Issue: A finding involving a past problem in the engineering calculations or analysis, associated operating procedure, or installation of plant equipment that does not reflect a performance deficiency associated with existing licensee programs, policy, or procedure.

As discussed in section 06.06.a, some old design issues may not be considered in the assessment program. (emphasis added)

48 IMC 0305

Criterion 1: Licensee identified as a result of a voluntary initiative.

 PRA model update initiative

 Planned, formal process

 Systematic and broad-scope

 Documented

 Continued integration of PRA

Conclusion:

 This Criterion has been met

49 IMC 0305

Criterion 2: Was or will be Corrected

 Procedure changes

 Additional Reviews of EOPs and PRA

 System design modifications

 PRA Upgrade

Conclusion:

 This Criterion has been met

50 IMC 0305

Criterion 3: Not Likely to be Identified by Routine Licensee efforts

 Normal surveillance and QA could not identify

 Not readily discernable by traditional engineering approaches

Conclusion:

 This Criterion has been met

51 IMC 0305

 Criterion 4: Does not Reflect a Current Performance Deficiency

 PRA has and continues to validate the EOPs

 Corrective action process has been restructured

 New operating company and management personnel

 NMC is embedding a culture which aggressively identifies and resolves issues

 Potential Prior Opportunities 5 to 21 years old

  • Activities beyond 2 years ago do not reflect accurately on current PBNP processes and performance



Conclusion:

 This Criterion has been met

52 IMC 0305

Summary

 Point Beach meets the four IMC criteria

 NRC has already performed the appropriate supplemental inspection

 IMC 0305 states that, the regional offices may take credit for previous inspection efforts in completing the requirements of the procedure.

Conclusion

 The NRC has completed all the required inspection of IMC 0305

 The finding should not be aggregated into the action matrix

53 PROPOSED VIOLATIONS

 10CFR Part 50 Appendix B, Criterion V:

 Because the procedures did not include instructions to ensure the recirculation valves were open, the AFW pumps could be damaged under low flow conditions such as when the flow is throttled back to control steam generator level or to mitigate RCS over cooling. This issue is considered an apparent violation.

 NMC does not contest this proposed violation

54 PROPOSED VIOLATIONS

10 CFR Part 50; Appendix B Criterion XVI

 On seven occasions between 1981 and 1997, the licensee was made aware of the susceptibility of the AFW system to this type of vulnerability, but the licensee failed to identify this significant condition adverse to quality.

This issue is considered an apparent violation

NMC believes that this proposed violation should be withdrawn

55 CONCLUSION Mark Warner

56 Notes:

Retrieved from "https://kanterella.com/w/index.php?title=ML021970063&oldid=5436575"