Text

Proposed License Amendments, Engineered Safety Features Actuation Signal (ESFAS) Trip/Bypass Single Failure Vulnerabilities
	ML022040192
Person / Time
Site:	Saint Lucie
Issue date:	07/18/2002
From:	Jernigan D; Florida Power & Light Co
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	BL-97-002, L-2002-113
	Download: ML022040192 (51)
	v • d • e

Florida Power & Light Company, 6501 South Ocean Drive, Jensen Beach, FL 34957 July 18, 2002 L-2002-113 FPL 10 CFR 50.90 U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Washington, D. C. 20555 RE:

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass SinQle Failure Vulnerabilities Pursuant to 10 CFR 50.90, Florida Power and Light Company (FPL) requests to amend Facility Operating Licenses DPR-67 for St. Lucie Unit 1 and NPF-16 for St. Lucie Unit 2 by incorporating the proposed Technical Specifications (TS) changes.

The proposed amendments would revise the TS to limit the period of time that inoperable recirculation actuation signal (RAS), containment spray actuation signal (CSAS), and auxiliary feedwater actuation signal (AFAS) input channels could be in the bypass and/or tripped condition in order to enhance the functional capability and performance levels of equipment required for the safe operation of St. Lucie Units 1 and 2. is an evaluation of the proposed changes. Attachment 2 is the "Determination of No Significant Hazards Consideration."

Attachments 3 and 4 contain copies of the affected TS pages marked-up to show the proposed changes. Attachment 5 contains the word-processed TS changes. CE Infobulletin 97-02, "Spurious Recirculation Actuation Signal," is provided in Attachment 6.

The St. Lucie Facility Review Group and the FPL Company Nuclear Review Board have reviewed the proposed amendments. In accordance with 10 CFR 50.91(b)(1), copies of the proposed amendments are being forwarded to the State Designee for the State of Florida.

There is no requested approval date, so process this as a normal amendment request.

Please issue the amendment to be effective on the date of issuance and to be implemented within 60 days of receipt by FPL.

an FPL Group company

L-2002-113 Page 2 St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Single Failure Vulnerabilities Pleas o tact us if there are any questions about this submittal.

//

Very tr y yours, onald E.

n Vice President St. Lucie Plant DEJ/KWF Attachments cc:

Mr. W. A. Passetti, Florida Department of Health

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Page 3 Response to Request for Additional Information ESFAS Trip/Bypass Singqle Failure Vulnerabilities STATE OF FLORIDA

)

ss.

COUNTY OF ST. LUCIE

)

Donald E. Jernigan, being first duly sworn, deposes and says:

That he is Vice President, St. Lucie Plant, for the Nuclear Division of Florida Power and Light Company, the Licensee herein; That he has executed the foregoing document; that the statements made in this document are true and correct to the best of his knowledge, inf ation and belief, and that he is authorized to execute the document on behalf of sai i nsee.

Donald

.,Je~rniga STATE OF FLORIDA COUNTY OF St. Lucie Sworn to and subscribed before me this _L_8 day of.

, 2002 by Donald E. Jernigan, who is personally known to me.

11 Sign..f.

Notar &

ly"jte of Florida

-- MY COMMISSION # DD020212 EXPIRES May 12, 2005 S

BONDED THRU TROY FAIN INSURANCE, INC Name of Notary Public (Print, Type, or Stamp)

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Sinqle Failure Vulnerabilities L-2002-113 Page 1 of 19 EVALUATION OF PROPOSED TS CHANGES

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 2 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities EVALUATION OF PROPOSED TS CHANGES BACKGROUND The NRC issued Administrative Letter 98-10 to reiterate the Staff's expectation that licensees correct the facility Technical Specifications (TS) when they are found to contain nonconservative values or specify incorrect actions.

The NRC had found that some licensees had invoked administrative controls to assure safety when the licensee discovered certain conditions where the TS were not sufficiently conservative.

The administrative controls established by the licensees were not always instituted in revisions to the TSs.

In response to that administrative letter, FPL identified several such administrative controls at St. Lucie that have not yet resulted in appropriate TS revision. These administrative controls were established in recognition of extraordinary failure mechanisms (including a vital DC bus failure) that were not considered in the original TSs. The following actuation systems were affected.

Recirculation Actuation Signal (RAS): The RAS automatically switches the safety injection suction source from the refueling water tank (RWT) to the containment sump during a loss of coolant accident (LOCA). St. Lucie TS (Units 1 and 2) have allowed one RAS instrument channel to be placed in the trip condition for an indefinite period. However, with one channel indefinitely in the tripped condition, FPL recognized that a single failure to any other RAS instrument channel during the injection phase of a LOCA could adversely affect accident mitigation (CE Infobulletin 97-02, "Spurious Recirculation Actuation Signal," dated May 23, 1997, see ).

An administrative control was established in Administrative Procedure 0010120, "Conduct of Operations," to limit the time that an inoperable RAS instrument channel may be placed in the trip condition.

Containment Spray Actuation Signal (CSAS):

The CSAS takes input from containment pressure and safety injection actuation system (SIAS) to automatically initiate containment spray when required. The Unit 1 TS allows one channel of CSAS to be placed in bypass condition for an indefinite period and the Unit 2 TS allows an indefinite trip condition if not restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months .

Again, FPL recognized that there are postulated single failures that could adversely affect accident mitigation while the CSAS channel(s) are bypassed. While bypassed, a vital DC bus failure could preclude a CSAS actuation altogether. Although no administrative control has been established nor required for CSAS, a TS revision is appropriate to impose new restrictions that demonstrate consistent application of the single failure criterion.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 3 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities Auxiliary Feedwater Actuation Signal (AFAS): The AFAS takes input from steam generator level, differential feedwater header pressure, and differential steam generator pressure to automatically initiate auxiliary feedwater and isolate a feedwater header or steam generator break. Somewhat similar to the RAS, the St.

Lucie TS (Units 1 and 2) allow one channel of AFAS to be placed in the trip or bypass condition (Unit 1 bypass only) for an indefinite period.

Again, FPL recognized that there are credible single failures in these conditions (i.e., with one channel in trip) that could adversely affect accident mitigation. An administrative control was established in Administrative Procedure 0010120, "Conduct of Operations," to limit the time that an AFAS instrument channel may be placed in the trip condition.

The TS changes to limit the period of time that inoperable input channels could be in bypass and/or tripped are submitted to enhance the functional capability and/or performance level of equipment required for the safe operation of St. Lucie Units 1 and 2.

ENGINEERED SAFETY FEATURES ACTUATION SIGNAL (ESFAS) SYSTEM DESIGN General Description of ESFAS Instrumentation The design of ESFAS is segmented into four sensor subsystems and two actuation subsystems. The four sensor subsystems include identical measurement channels and bistables (bistable trip units) with electrical and physical separation.

Measurement channels provide input to ESFAS bistables within the same ESFAS channel. When a channel monitoring a parameter indicates an unsafe condition, the bistable monitoring the parameter in that channel will trip. Bistable trip units receive an analog input from the measurement channels, compare the analog input to trip setpoints, and provide contact output to Actuation Logic (two actuation subsystems). The two independent actuation subsystems (ESFAS logic) compare the four sensor subsystem outputs. If a trip occurs in the same parameter in two or more sensor subsystem channels, the two-out-of-four (2/4) logic in each actuation subsystem initiates one train of Engineered Safety Features (ESF).

It is possible to change the two-out-of-four ESFAS logic to two-out-of-three (2/3) logic for a given input parameter in one channel at a time by disabling one channel input to the logic; placing it in bypass. In this condition, the bistables function normally, producing normal trip indication and annunciation, but ESF actuation will not occur since the bypassed channel is effectively removed from the coincidence logic. This activity is usually performed for maintenance bypassing (maintenance or testing).

Three out of four measurement and bistable channels are necessary to meet the redundancy and testability requirements. The fourth channel provides additional flexibility by allowing one channel to be removed from service (channel bypass) for maintenance or testing while still maintaining a minimum two-out-of-three logic.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 4 of 19 ESFAS Trip/Bypass Singqle Failure Vulnerabilities Significant flexibility can be achieved in a four-channel ESFAS if complete channel independence can be demonstrated. However, some flexibility is lost when two channels are dependent. In effect, one failure can disable two dependent channels. CE plants have discovered that this characteristic is particularly problematic for those ESFAS that operate on the "energize-to-actuate" principle; a scheme reserved for those functions that a plant would not want inadvertently actuated on a loss of power (e.g., containment spray, recirculation switchover). In effect, a single power failure to such a system can block one actuation channel. In addition, two instrument bistables fail off, resulting in 2/2 logic for the remaining actuation system. If the TS allow one of the unaffected instrument channels to be bypassed indefinitely prior to the failure, the coincidence logic could not be satisfied and the ESFAS would not "energize-to-actuate." As discussed below, such is the case for RAS and CSAS actuation systems.

ESFAS instrumentation at St. Lucie does not achieve four channel independence. The systems are powered by four vital buses, but only two safety-related batteries. This arrangement could allow a fault at a battery to fail two vital buses and thereby disable two ESFAS channels (RAS, CSAS). If a channel is in indefinite bypass (i.e., two-out-of-three actuation logic), then a single failure of two vital buses might result in a failure to generate an ESFAS signal when needed. The original TSs did not adequately address failure of these power supplies and the adverse effect it might have on system coincidence and actuation.

Unit 1 UFSAR and Technical Specification RAS Section 6.3.2.1.2 of the Unit 1 UFSAR describes the operation of the ECCS in recirculation mode. Section 7.3 describes ESFAS, which includes RAS.

The details of RAS are described in Section 7.3.1.1.9.

Section 7.3.2 includes the single failure criterion and discussion related to conformance to IEEE-279.

Unit 1 UFSAR tables provide RAS parameter data, setpoint and instrument response times, and failure mode effects analyses (T7.3-1, T7.3-3, T7.3-7). During the injection phase of a LOCA, the ECCS pumps take suction from the Refueling Water Tank (RWT) and inject to the reactor core (and containment). Upon reaching their respective low-level setpoint in the RWT, each of four RAS channels provide input to the ESFAS. When coincidence is achieved with two RAS channels, the RWT isolation valves are closed and the ECCS sump isolation valves are opened in a simultaneous fashion, allowing for recirculation.

During the recirculation phase, the Emergency Core Cooling System (ECCS) pumps (i.e., high pressure safety injection and containment spray), take their suction from the ECCS sump water inventory and inject into the core (and containment). The logic for recirculation actuation is normally two-out-of-four channels in coincidence (2/4), 2/3 with one in bypass, 1/3 with one in trip, and 1/2 with one in bypass and another in trip.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 5 of 19 ESFAS Trip/Bypass Singqle Failure Vulnerabilities TS 3.3.2.1 requires a total of four RAS channels with a minimum of three operable channels in MODES 1, 2, and 3. If the number of OPERABLE channels is one less than the Total Number of Channels, the inoperable channel must be placed in either trip or bypass condition within one hour. A bypass of the inoperable channel (testing /

maintenance only) is limited to 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months from the time of initial loss of operability.

However, the inoperable channel shall then be either restored to operable status or placed in the tripped condition. Within one hour, all functional units receiving input from the inoperable channel are also placed in the same condition as described above (Although RAS has no other functional unit, this action is generic for Unit 1 instrumentation). The time limit for the inoperable channel in trip is not specified. Further, one additional channel may be bypassed (testing / maintenance only) for up to 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , provided the other inoperable channel is placed in trip.

CSAS Unit 1 UFSAR Section 6.1.2 describes the operation of the containment spray system.

Section 7.3 describes ESFAS, which includes CSAS. The details of CSAS are described in Section 7.3.1.1.10. Section 7.3.2 includes the single failure criterion and discussion related to conformance to IEEE-279. Unit 1 UFSAR tables provide CSAS parameter data, setpoint and instrument response times, and failure mode effects analyses (T7.3-1, T7.3-4, T7.3-7). Containment pressure reduction and heat removal is required upon occurrence of a design basis accident to limit containment pressure to within the design value. The containment spray system is actuated upon CSAS. The parameters used for CSAS (containment high-high pressure and SIAS) give direct indication of a LOCA or Steamline Break inside containment. CSAS is initiated by a coincidence of containment high-high pressure (10 psig) and SIAS. The logic for containment spray actuation is similar to RAS.

TS 3.3.2.1 requires a total of four CSAS channels with a minimum of three operable channels in MODES 1, 2, and 3. A SIAS is first necessary to enable CSAS logic. If the number of operable channels is one less than the total number of channels, the inoperable channel must be placed in the bypass condition within one hour. A bypass of the inoperable channel is not limited in time. Further, one additional channel may be placed in bypass for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing (normally, the inoperable channel is tripped when the additional channel is bypassed).

AFAS Unit 1 UFSAR Section 10.5 describes the operation of the auxiliary feedwater (AFW) system. Section 7.3 describes ESFAS, which includes AFAS. The details of AFAS are described in Section 7.3.1.1.13. Section 7.3.2 includes the single failure criterion and discussion related to conformance to IEEE-279. Unit 1 UFSAR tables provide AFAS parameter data, setpoint and instrument response times, and failure mode effects analyses (T7.3-1, T7.3-10, T13.8.2-2). A separate feedwater actuation signal (AFAS-1,

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 6 of 19 ESFAS TriplBypass Single Failure Vulnerabilities AFAS-2) is generated for each steam generator. For each AFAS-1 and AFAS-2, there are four independent level transmitters for SIG level, four independent S/G pressure transmitters, and four independent feedwater header pressure transmitters. AFAS actuation logic actuates AFW to a S/G on low level after a time delay period unless that SIG or its associated feedwater supply header have been identified as being ruptured. A SIG is ruptured when its pressure is approximately 275 psi below the other S/G coincident with its own low-level signal and with the other SIG and feedwater header being identified as not ruptured. Likewise, a feedwater supply header is ruptured when pressure is approximately 150 psi below the other feedwater supply header pressure coincident with its associated S/G low level signal and with the other S/G and feedwater header being identified as not ruptured. The four protective channels of each SIG AFAS are arranged into six logic "AND's," which represent all possible coincidence of two combinations. Each logic matrix is then connected in series with a set of four matrix output relays. The contacts of the matrix relays are combined into four initiation circuits, one circuit per channel per AFAS. Initiation relay outputs are combined to form the actuation logic. AFAS actuation logic is similar to RAS and CSAS.

Note, there is no design provision (i.e., switch) for placing individual differential S/G pressure and/or low level input bistables in either trip or bypass. In the St. Lucie design, two bypass switches are provided in each measurement channel, one each for AFAS-1 and AFAS-2. These switches bypass the three bistable relay contact output signals to the matrix relay logic circuits associated with that measurement channel. Thus, the bypass switches enter into the system logic downstream of both the low S/G level bistable and the rupture detection logic.

TS 3.3.2.1 requires a total of four AFAS channels per S/G with a minimum of three operable channels per S/G in MODES 1, 2, and 3. If the number of operable channels is one less than the total number of channels, the inoperable channel must be placed in either trip or bypass condition within one hour. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed by the Facility Review Group (FRG) in accordance with Specification 6.5.1.6m. If left in the trip condition, no time limit is specified. The channel shall be returned to operable status no later than during the next COLD SHUTDOWN. With the number of channels operable one less than the minimum channels operable, power operation may continue provided that one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within one hour. There are no time limits for this condition.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 7 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities Unit 2 UFSAR and Technical Specification RAS Unit 2 UFSAR Section 6.3.5.2.2 describes operation and initiation of RAS.

Section 7.3.1.1.2 describes the details of instrumentation and control for RAS.

Section 7.3.2 includes the single failure criterion and discussion related to conformance to IEEE-279.

Unit 2 UFSAR tables provide RAS parameter data, setpoint and instrument response times, and failure mode effects analyses (T7.3-1, T7.3-3, T7.3-7, T13.7.2-2). The Unit 2 RAS operates as described above for Unit 1 with similar actuation/coincidence logic.

TS 3.3.2 requires a total of four RAS channels with a minimum of three operable channels in MODES 1, 2, and 3. If the number of operable channels is one less than the total number of channels, restore the inoperable channel to operable status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or place the inoperable channel in the tripped condition and verify that the minimum channels operable requirement is demonstrated within one hour. One additional channel may be placed in bypass for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing per Specification 4.3.2.1. The time limit for the inoperable channel in trip is not specified.

CSAS Unit 2 UFSAR Section 6.2.2.2.1 describes the operation of the containment spray system.

Section 7.3 describes ESFAS, which includes CSAS. The details of CSAS are described in Section 7.3.1.1.3. Section 7.3.2 includes the single failure criterion and discussion related to conformance to IEEE-279. Unit 2 UFSAR tables provide CSAS parameter data, setpoint and instrument response times, and failure mode effects analyses (T7.3-1, T7.3-4, T7.3-7, T13.7.2-2). The Unit 2 CSAS operates as described above for Unit 1 with similar actuation/coincidence logic, except that the containment pressure high-high setpoint is 5.5 psig.

TS 3.3.2 requires a total of four CSAS channels with a minimum of three operable channels in MODES 1, 2, and 3. A SIAS is first necessary to enable CSAS logic. If the number of operable channels is one less than the total number of channels, restore the inoperable channel to operable status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or place the inoperable channel in the tripped condition and verify that the minimum channels operable requirement is demonstrated within one hour. One additional channel may be placed in bypass for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing per Specification 4.3.2.1. The time limit for the inoperable channel in trip is not specified.

AFAS Unit 2 UFSAR Section 10.4.9 describes the operation of the AFW system. Section 7.3 describes ESFAS, which includes AFAS. The details of AFAS are described in Section

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 8 of 19 ESFAS Trip/Bypass Singqle Failure Vulnerabilities 7.3.1.1.8.

Section 7.3.2 includes the single failure criterion and discussion related to conformance to IEEE-279. Unit 2 UFSAR tables provide AFAS parameter data, setpoint and instrument response times, and failure mode effects analyses (T7.3-1, T7.3-1 1, T7.3 12, T13.7.2-2).

The Unit 2 AFAS operates as described above for Unit 1 with similar actuation/coincidence logic.

TS 3.3.2 requires a total of four AFAS channels per S/G with a minimum of three operable channels per SIG in MODES 1, 2, and 3. If the number of operable channels is one less than the total number of channels, the inoperable channel must be placed in either trip or bypass condition within one hour. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed by the Facility Review Group (FRG) in accordance with Specification 6.5.1.6m. The channel shall be returned to operable status no later than during the next COLD SHUTDOWN.

With the number of channels operable one less than the minimum channels operable, power operation may continue provided that one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within one hour.

Furthermore, all functional units affected by the bypassed/tripped channel shall also be placed in the bypassed/tripped condition as specified.

No time limits are specified associated with either the bypass or tripped condition.

EVALUATION OF SINGLE FAILURE VULNERABILITIES RAS Primarily, the proposed RAS TS is intended to remedy the following scenario described in CE Infobulletin 97-02:

"* One RAS channel indefinitely in tripped condition (coincidence logic is 1/3)

"* If TS completion time is indefinite, it is prudent to apply a single failure

"* If single failure is a spurious RWT level channel signal, RAS will actuate

"* If actuation occurs prematurely, ECCS will be interrupted (an unacceptable accident)

Technical Specification Table 3.3-3 ACTIONs 9 and 17, Unit 1 and 2 respectively, permit the placement of a channel of RWT Level Low in the tripped condition. With one channel in the tripped condition, the system is susceptible to a single failure of a second channel resulting in a RAS actuation. If this condition were to occur post-LOCA, prior to the RWT reaching the low-level setpoint, a premature RAS actuation could occur. Without adequate inventory in the containment sump, the HPSI pumps and Containment Spray pumps would have their suctions supplied by an inadequate suction source, adversely impacting the ECCS (core cooling and containment cooling safety function). This event would be of no consequence if it were to occur after the RWT has reached the low-level setpoint because the ECCS systems would already be aligned for the recirculation phase.

If the failure

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 9 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities occurred while the plant is at power, the event would be undesirable, but would not place the plant in a transient.

The proposed TS will remedy this condition by limiting the time that a RAS channel may be placed in trip or bypass. The time in trip must be limited so that one need not postulate the additional single failure that could preclude inadvertent actuation during the injection phase. Also, the time in bypass must be limited so that one need not postulate the additional single failure (vital DC bus) that adversely affects an energize-to-actuate system. The latter case could result in RAS failure to respond to a genuine demand for SI switchover.

CSAS Primarily, the proposed CSAS TS is intended to remedy the following Unit 1 scenario:

"* As allowed by Unit 1 TS, one CSAS channel indefinitely in bypass (coincidence logic is 2/3)

"* If TS completion time is indefinite, it is prudent to apply an additional single failure

"* If single failure is a vital DC bus failure powering 2 of the 3 remaining channels

"* The remaining operable channel cannot satisfy coincidence logic, CSAS will not actuate Technical Specification Table 3.3-3ACTIONs 10 and 17, Unit 1 and 2 respectively, permit the placement of a channel of Containment Pressure High-High in the bypass condition for Unit 1 and in the tripped condition for Unit 2.

These differences are attributed to a licensing condition of Unit 1 that does not credit the fourth measurement channel, even for the de-energize-to-actuate ESFAS functions. Nevertheless, the unlimited bypass condition at Unit 1 would establish 2/3 coincidence logic for the remaining instrument channels. If a vital DC bus failure were postulated for two dependent instrument channels during the unlimited period allowed by TS, then only one channel would be available to satisfy the 2/3 coincidence logic. In other words, an unlimited bypass condition could preclude containment spray actuation. Thus, the proposed TS will limit the time in bypass and require that the inoperable channel be placed in trip (Unit 1) if operability can not be restored.

AFAS Technical Specification Table 3.3-3ACTIONs 13 and 14 (both units) permit the placement of a channel of an AFAS (and AFW Isolation) in the tripped or bypassed condition indefinitely. The associated instrument channels include steam generator level low, steam generator A/B differential pressure, and feedwater header A/B differential pressure. These instrument channels contribute to the actuation logic represented by AFAS-1 and AFAS-2.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 10 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities The proposed AFAS TS is intended to remedy single failure vulnerabilities created. Below, the indefinite trip vulnerabilitylremedy is discussed:

"* In response to an identified failure, the Channel A AFAS-1 feedwater header A differential pressure rupture detection logic bistable output (FWH-A < FWH-B) is placed in the trip condition indefinitely per the TS. (coincidence logic is 1/3)

"* If TS completion time is indefinite, it is prudent to apply a single failure

"* An event is initiated by rupture of the opposite feedwater header (B), and the low-level setpoint is reached in both steam generators.

"* A single failure in another rupture detection channel (Channel B) results in a second AFAS-1 feedwater header A differential pressure rupture detection logic bistable output signal (FWH-A < FWH-B).

For this scenario, the AFAS-1 output signals from Channels A and B are blocked by the rupture detection logic (due to the initial condition and postulated failure). However, AFAS 1 output signals will be generated by Channels C and D, and auxiliary feedwater will be supplied to Steam Generator B. AFAS-2 output signals from Channels C and D will be correctly blocked by the B feedwater header rupture detection logic. The problem is that the AFAS-2 output signals from Channels A and B will not be blocked because the AFAS-1 rupture signals in these measurement channels are already locked-in (recall that the rupture detection logic is mutually exclusive to ensure that AFW is supplied to at least one steam generator). Therefore, contrary to the system design basis, the postulated single failure would result in AFW being supplied to the ruptured feedwater header (B).

Below the indefinite bypass scenario is discussed:

"* Channel A differential pressure for steam generator (SG)-A rupture detection logic bistable output (FWH-A < FWH-B) fails in a manner that indicates SG-A rupture. In response, assume that only AFAS-1 Channel A is placed in bypass. With this identified bistable failure, AFAS-2 Channel A is precluded from indicating a rupture on SG-B.

"* An event is initiated by the rupture in the feedwater header piping of SG-B, and the low level setpoint is reached in both steam generators.

"* A single failure is postulated that results in no output signal being generated by the Channel B AFAS-2 rupture detection bistable (FWH-A < FWH-B).

In this scenario, AFAS-1 Channels B, C, and D all actuate to initiate AFW to SG-A and AFAS-2 Channels A and B actuate to initiate AFW to SG-B. Therefore, contrary to the system design basis, the postulated single failure would result in feeding the ruptured (B) steam generator. This scenario is prevented if both the AFAS-1 and AFAS-2 logic circuits of the failed channel are bypassed. Therefore, indefinite bypass is acceptable and prudent for a failed transmitter inside containment.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 11 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities DESCRIPTION AND EVALUATION OF PROPOSED TS CHANGES Generic Considerations:

Generally, the proposed TS employ a 48-hour completion time to restore an inoperable channel of the subject ESFAS TS. When compared to the existing ESFAS TS, this time limit is more restrictive in most cases, particularly where the existing TS provide no limits at all on restoring an inoperable channel.

This 48-hour completion time is based on the following principles:

a) The period is comparable to the 48-hour value used in the CE Standard Technical Specifications (STS). According to the CE STS, the [48] hour completion time is based on operating experience (a qualitative judgment), which has demonstrated that a random failure of a second channel occurring during the [48] hour period is a low probability event.

b) The period is a reasonable timeframe for expected repair times for St. Lucie.

A maintenance history review has found transmitter and power supply repairs have taken about 2 days. The 48-hour completion time is comparable to other ESFAS instrument failure response action times.

Generally with one less than the minimum number of channels operable, the proposed TS employ a condition that operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Then one of the inoperable channels must be restored to operable status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least hot standby within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in hot shutdown within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . Therefore, the proposed TS impose a total limit of 12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months to be in hot shutdown (for consistency with other St. Lucie TS, this requirement is broken up into "...within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months ... and within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months "). When compared to the existing ESFAS TS this time limit is more restrictive because the existing TS provide no limits at all on restoring an inoperable channel.

This 12-hour completion time to hot shutdown is based on the following principles:

a) The period is comparable to the 12-hour value used in the CE STS. According to the CE STS, the [12] hour completion time is reasonable, based on operating experience, to reach the required plant conditions from full power conditions in an orderly manner and without challenging plant systems.

b) FPL judges that this time period is reasonable timeframe for required downpowers for St. Lucie.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 12 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities The proposed Unit 1 and Unit 2 Technical Specification changes are summarized below.

Marked-up Technical Specification pages for this proposed change are provided as Attachments 3 and 4.

Editorial Change - Both Units In addition to the material changes proposed by these TS changes, an editorial change is proposed in Table 3.3-3, Item 8.b (both Units) to remedy a typographical error whereby steam generator parameters are mistakenly listed under the subheader for feedwater header parameters.

RAS - TS Change - Generic Considerations The TS requirements for RAS will be revised to restrict the time period that a channel may be in the bypass or trip condition before which a plant shutdown must be initiated. The proposed specification would not change the requirement to place the affected trip function in bypass or trip within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . The proposed TS would require that the inoperable channel be restored to operable status within a 48-hour period, or the affected unit be placed in hot standby within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months , and hot shutdown within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months if operability cannot be restored (48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is comparable to the existing TS limit and consistent with the generic 48-hour completion time discussion).

RAS - Unit 1 TS Change The Table 3.3-3 reference to ACTION 9 for Functional Unit 5.b. Refueling Water Tank Low will be replaced with a reference to ACTION 13. ACTION 13 is based on a revision to ACTION 9 and will read as follows:

ACTION g 13-With the number of OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . For the purposos of testing iand maintenmnce, the inoperable channel mAy bc bypassed for up to 18 hours2.083333e-4 days 0.005 hours 2.97619e-5 weeks 6.849e-6 months fro-m time o~f initial lees-s of OPERABILITY.; howevor, the inopeabl channel sh~all than be either restored Wo OPE1RABLEF StatUs or plaGced in the tripped condition. If OPERABILITY can not be restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months . be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the followinq 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

h.

WAithin.on hour, all function units receiving an input from the noperablo channel are also pl@ced in the same cnQdition (ihrbypassed or tripped, as appliable) as. that required by a. above for the inoperable channel.

b.

r-The Minimum Channels OPERABLE requirement is met; however, one additional channel may be bypassed for up to 48 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months while performing tests and maintenance on that channel provided the other inoperable channel is placed in the tripped condition.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 13 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities The changes to the Unit 1 RAS TS are justified under the generic considerations for the RAS TS change.

For Unit 1 only, the proposed TS revision would remove a non conservative note stating that the provisions of TS 3.0.4 are not applicable to the associated ACTION statement. Exception from TS 3.0.4 is not appropriate for RAS because continued noncompliance would result in a shutdown to comply with the action requirements.

The CE STS do not place any restrictions on bypassed or tripped conditions during the 48-hour completion time with an inoperable channel, and is similar to existing St. Lucie Unit 2 RAS requirements. However, the Unit 1 RAS TS contain unnecessary restrictions during the 48-hour completion time with an inoperable channel.

Therefore, removing the current 48-hour testing and maintenance bypass restriction is acceptable. The existing time-based requirement that one additional channel may be bypassed for up to 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months for surveillance testing and maintenance, provided the other channel is placed in the tripped condition, was conservatively changed to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months to be comparable to Unit 2. The requirement that all functional units receiving an input from the inoperable channel also be placed in the same condition (either bypassed or trip) is no longer applicable to the refueling water tank - low functional unit since no other ESFAS functional units are provided an input from the refueling water tank level channel.

Therefore the removal of this requirement from the RAS TS is acceptable.

RAS - Unit 2 TS Change The Table 3.3-3 reference to ACTION 17 for Functional Unit 5.b. Refueling Water Tank Low will be replaced with a reference to ACTION 19. ACTION 19 is based on a revision to ACTION 17 and will read as follows:

ACTION 4-With the number of OPERABLE Channels one less than the Total Number of Channels, restore the inoperoabl channol to OPERAB.LE tatu-s within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or plac the inoprabe cannl i th tripped condition and verify that the Minimnum Channels OPERABLE req..rement is de.mon.trated Mit*hn I hou;

.operation may proceed provided the following conditions are satisfied:

a.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months the inoperable channel is placed in either the bypassed or tripped condition. If OPERABILITY can not be restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

b.

The Minimum Channels OPERABLE requirement is met: however, one additional channel may be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing per Specification 4.3.2.1.

The changes to the Unit 2 RAS TS are justified under the generic considerations for the RAS TS change. The proposed wording is comparable with the existing Unit 2 TS and the format is comparable with the Unit 1 TS. Therefore the changes are acceptable.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 14 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities CSAS - Generic Consideration - TS Change The proposed TS limits the time that a CSAS channel may be placed in bypass. If channel OPERABILITY can not be restored within the 48-hour period, the proposed TS imposes a new restriction requiring the inoperable channel to be placed in trip for an unlimited period.

Further restrictions (i.e., requiring plant shutdown) on this condition are not warranted because postulating any credible single failure while the coincidence logic is 1/3 can not preclude CSAS actuation for genuine accident conditions (Of the ESFAS changes proposed herein, this unlimited trip condition allowed for CSAS is uniquely provided because there are no single failure scenarios from this configuration that pose a nuclear safety concern).

The CSAS circuits are designed using the energize-to-actuate principle to prevent spurious initiation resulting from loss of power scenarios. This design principle is applied to actuation relays, instrument loop, and bistable circuits.

Furthermore, the CSAS logic circuit employs a SIAS permissive signal that further reduces the possibility of spurious actuation.

Although spurious CS actuation is undesirable, it is not a concern from a nuclear safety perspective. Placing one channel of CSAS indefinitely in trip, as allowed by Unit 2 TS, effectively puts CSAS in 1/3 actuation logic. A subsequent single failure could result in spurious actuation of containment spray. Circuit design is such that a power failure, including a DC bus failure, will not result in a spurious actuation, nor will it prevent proper actuation by the remaining channel.

The SIAS permissive will also prevent unwarranted CSAS actuation in most cases. With particular credit for this SIAS permissive (which will preclude inadvertent CS actuation for an additional single failure) and the non nuclear safety significance of inadvertent spray, the TS provision for having one CSAS channel in trip for an unlimited period is justified.

The completion time limit is established at 48-hours for the reasons discussed generically above. Consistent with the CE STS and existing TS, the proposed TS provides a 48-hour time limit for the contingency that a second channel may be inoperable or require testing while the first channel is inoperable.

CSAS - Unit 1 TS Change ACTION 10 for Table 3.3-3 (unique to Functional Unit 2.b. Containment Pressure-High High) will be revised as follows:

ACTION 10 -

With the number of OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in the bypassed or trigged condition and the Minimum Channels OPERABLE requirement is demonstrated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then place the inoperable channel in the trioped condition.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 15 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities

b.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , all functional units receiving an input from the inoperable channel are also placed in the same condition (either bypassed or tripped, as applicable) as required by a. above for the inoperable channel.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . ;one additional chann, l may be by,.passed for up to 2 hour2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months ... fo. r V....illacO to. ting Por SPecification 4.3....

1..

The proposed change and justification to the Unit 1 CSAS TS are comparable to those generically described for CSAS.

For Unit 1, an appropriate symbol is also added to ACTION 10.a. and 10.b. to note the exception to TS 3.0.4. The exception to TS 3.0.4 is acceptable because placing the facility in a higher Mode of operation with an inoperable channel does not adversely affect plant safety, and continued noncompliance to these conditions does not result in a directed plant shutdown. New to this TS is the requirement to place all functional units that receive an input from the inoperable channel in a bypassed or tripped condition. This action and proposed wording is comparable to the identical requirements for other Unit 1 ESFAS functional units that contain containment pressure instrument channels (i.e., ACTION 9), and is therefore acceptable.

CSAS - Unit 2 TS Change The Table 3.3-3 reference to ACTION 17 for Functional Unit 2.b. Containment Pressure High-High will be replaced with a reference to ACTION 18. ACTION 18 is based on a revision to ACTION 17 and will read as follows:

ACTION 4-7 With the number of OPERABLE Channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a. resto-* The inoperable channel is placed in either the bypassed or tripped condition to 2PERA1LE* Ettue wAIithin 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or place the inoperable chaonnel in the trippe condition nd veri*y that and the Minimum Channels OPERABLE requirement is demonstrated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then place the inoperable channel in the tripped condition.

b.

With a channel process measurement circuit that affects multiple functional units inoperable or in test, bypass or trip all associated functional units as listed in ACTION 13,

c. With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 16 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities hours or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months . ogn add*i*to*n* chann. l may be bypassed for up to 2 hourg fe suvelance testing pOr Specification 4.3.2.1.

The proposed change and justification to the Unit 2 CSAS TS are comparable to those generically described for CSAS. For Unit 2, an appropriate symbol is also added to ACTION 18.a. and 18.b. to note the exception to TS 3.0.4. The exception to TS 3.0.4 is acceptable because placing the facility in a higher Mode of operation with an inoperable channel does not adversely affect plant safety, and continued noncompliance to these conditions does not result in a directed plant shutdown. New to this TS is the requirement to place all affected functional units that receive an input from the inoperable channel in the bypassed or tripped condition. This action and proposed wording is comparable to the requirements for other Unit 2 ESFAS functional units that contain containment pressure instrument channels (i.e., ACTION 13), and is therefore acceptable.

AFAS and AFI - Generic Considerations - TS Change The proposed TS will limit the time that an AFAS channel may be placed in trip. The time in trip must be limited so that one need not postulate the additional single failure that could cause feeding a faulted feedwater header. If channel OPERABILITY can not be restored within the 48-hour period, the inoperable channel shall be placed in the bypass condition (both AFAS-1 and AFAS-2 in the affected channel placed in bypass). The proposed completion time limit is established at 48-hours for the reasons discussed generically above. 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months is a reasonable time to repair any expected channel failure, and is appropriate considering the low probability for the confluence of events that must occur precisely at an inopportune moment during a very improbable event (Feedwater or Steamline Break).

Unchanged in this TS revision is the requirement to place the inoperable channel in either the trip or bypass condition within one hour. Review by the Facility Review Group (FRG) in accordance with Specification 6.5.1.6m for the desirability of maintaining this channel in the bypassed condition is retained.

The proposed TS revises the time period for the contingency that a second channel may be inoperable while the first channel is inoperable. This time period is consistent with the 48-hour completion time provided for the first inoperable channel, and is justified on the same basis as that period.

Having the additional AFAS channel in bypass or trip does increase the risk of AFAS misoperation if any one of the postulated single failures is considered; however, the AFAS still provides the minimum required level of performance in this configuration. The increased risk with the second inoperable channel is not significant.

The proposed TS also changes the ACTION statement associated with Functional Unit 7.b, Automatic Actuation Logic, from 8 to 11 (Unit 2 -ACTION 12 to 15). For both St. Lucie

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 17 of 19 ESFAS Trip/Bypass Singqle Failure Vulnerabilities units the AFW system TS (TS 3.7.1.2) is applicable in Modes 1 through 3. Additionally, the TS applicability for the AFAS manual trip and actuation logic is also specified as Modes 1 through 3, consistent with the applicability requirements for the AFW system. However, ACTION 8 (and 12, Unit 2) specifies that the affected unit end state for noncompliance with the LCO requirements for AFAS actuation logic is Mode 5, or COLD SHUTDOWN. This requirement is not consistent with either the St. Lucie TS bases or CE STS bases for Limiting Condition of Operation (LCO) action statements. For ACTION statements whose end state require a unit shutdown when the conditions of the LCO are not met, the shutdown is required to place the facility in a MODE or condition in which the specification no longer applies. Clearly, the COLD SHUTDOWN end state (Mode 5) specified in ACTION 8 (and 12, Unit 2) is two modes beyond the TS applicability requirements for AFAS (and also the AFW system that AFAS supports). Existing TS Table 3.3-3 ACTION 11 (and 15, Unit 2) specifies the appropriate end state of Mode 4, HOT SHUTDOWN, and this action can also be applied to the AFAS Automatic Actuation Logic. Therefore, in order to restore consistency within the TS and the St. Lucie and CE STS bases for TS LCOs, the ACTION statement associated with Functional Unit 7.b, Automatic Actuation Logic, will be changed from 8 to 11 (Unit 2 - ACTION 12 to 15). This change removes the unnecessary burden of a Mode 5 end state and provides operational flexibility because it allows placing the unit in MODE 4.

AFAS and AFI - UNIT 1 TS Change The Table 3.3-3 reference to ACTIONs 13 and 14 for Functional Units 7.c. SG Level, 8.a.

SG Differential Pressure, and 8.b. Feedwater Header Differential Pressure will be replaced with a reference to ACTION 14. ACTION 14 will read as follows and is based on a revised combination of ACTIONs 13 and 14:

ACTION 1-314-With the number of channels OPERABLE one less than the Total Number of Channels, STARTUP and/or POWER OPER.ATION operation may proceed n-tiue provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then both AFAS-1 and AFAS-2 in the inoperable channel shall be placed in the bypassed condition. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with Specification 6.5.1.6m. The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN.

b.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , all functional units receiving an input from the inoperable channel are also placed in the same condition (either bypassed or tripped, as applicable) as that required by a. above for the inoperable channel.

c.

ACTIC.S 1-4 With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, STAR.PTUP and/or POWER OPERATION operation may proceed

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 18 of 19 ESFAS Trip/Bypass Single Failure Vulnerabilities antimus provided that one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the followinq 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

The proposed change and justification to the Unit 1 AFAS TS are comparable to the those generically described for AFAS. For Unit 1, an appropriate symbol is also added to ACTION 14.a. and 14.b. to note the exception to TS 3.0.4. The exception to TS 3.0.4 is acceptable because placing the facility in a higher Mode of operation with an inoperable channel does not adversely affect plant safety, and continued noncompliance to these conditions does not result in a directed plant shutdown. This is consistent with the other exceptions identified in TS Table 3.3-3. New to this TS is the requirement to place all functional units that receive an input from inoperable SG level or SG (differential) pressure channels in the bypassed or tripped condition. This action and proposed wording is comparable to similar requirements for other Unit 1 ESFAS functional units that receive input from inoperable instrument channels (i.e. ACTION 9), and is therefore acceptable.

Note that ESFAS functional unit 8.b. (feedwater header differential pressure) is unique to auxiliary feedwater isolation, and ACTION 14.b. is not applicable.

AFAS and AFI - Unit 2 TS Change The Table 3.3-3 reference to ACTIONs 13 and 14 for Functional Units 7.c. SG Level, 8.a.

SG Differential Pressure, and 8.b. Feedwater Header Differential Pressure will be replaced with a reference to ACTION 20. ACTION 20 will read as follows and is based on a revised combination of ACTIONs 13 and 14:

ACTION 4320- With the number of channels OPERABLE one less than the Total Number of Channels, STARTUP andor POWER OPERATION operation may proceed GniAu-provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then both AFAS-1 and AFAS-2 in the inoperable channel shall be placed in the bypassed condition. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with Specification 6.5.1.6m. The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN.

b.

With a channel process measurement circuit that affects multiple functional units inoperable or in test, bypass or trip all associated functional units as listed bleIw in ACTION 13.

c.

ACTION'.4 With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, STARTUP andlor POWER OPERATION operation may proceed nopti -a provided th" folloWinG cnd.itios* Are

.ati..

od9*d-A. Verify that one of the inoperable channels has been bypassed and pIace the other inoperable channel placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . b. All functiona-l units affected by the

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 19 of 19 ESFAS Trip/Bypass Singqle Failure Vulnerabilities b'.,passed~tripped GhannolG Shall also bW Placed in the bypassed~tripped condition as ledte bel[Gw"the list is also deleted from proposed ACTION 20%.. Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the followino 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

The proposed change and justification to the Unit 2 AFAS TS are comparable to those generically described for AFAS. For Unit 2, an appropriate symbol is also added to ACTION 20.a. and 20.b. to note the exception to TS 3.0.4. The exception to TS 3.0.4 is acceptable because placing the facility in a higher Mode of operation with an inoperable channel does not adversely affect plant safety, and continued noncompliance to these conditions does not result in a directed plant shutdown.

The existing TS ACTION 14 requirement to place all functional units that receive an input from inoperable SG level or SG (differential) pressure channels in the bypassed or tripped condition does not need duplication as this requirement is provided as part of the proposed wording for TS ACTION 20.b. The proposed wording for ACTION 20.b. is comparable to similar requirements for other Unit 2 ESFAS functional units that receive input from inoperable instrument channels (i.e. ACTION 13), and is therefore acceptable. Note that ESFAS functional unit 8.b. feedwater header differential pressure) is unique to auxiliary feedwater isolation, and ACTION 20.b. is not applicable.

CONCLUSION If a Technical Specification were to specify an inappropriate state of ESFAS, the resulting configuration could block the ESFAS function from properly responding to an accident, or it could cause spurious actuation of the function. However, the proposed changes only deal with limiting the time that certain ESFAS instrument channels and logic systems are in bypass or tripped conditions; conditions that are currently allowed by TS. There is no adverse safety significance of the amendment because the proposed changes do not allow any new ESFAS configurations. The proposed TS changes governing the subject ESFAS functions are acceptable because they are generally more restrictive than current TS, they consider failure modes not previously accommodated, and they are comparable to CE STS. Therefore, the proposed TS changes are acceptable.

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Single Failure Vulnerabilities L-2002-113 Page 1 of 4 DETERMINATION OF NO SIGNIFICANT HAZARDS CONSIDERATION

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 2 of 4 ESFAS Trip/Bypass Singqle Failure Vulnerabilities DETERMINATION OF NO SIGNIFICANT HAZARDS CONSIDERATION Description of amendment request: The proposed license amendments (PLAs) to Facility Operating Licenses DPR-67 for St. Lucie Unit 1 and NPF-16 for St. Lucie Unit 2 will limit the period of time that inoperable recirculation actuation signal (RAS), containment spray actuation signal (CSAS), and auxiliary feedwater actuation signal (AFAS) input channels could be in the bypass and/or tripped condition in order to enhance the functional capability and performance levels of equipment required for the safe operation of St. Lucie Units 1 and 2.

Pursuant to 10 CFR 50.92, a determination may be made that a proposed license amendment involves no significant hazards consideration if operation of the facility in accordance with the proposed amendment would not: (1) involve a significant increase in the probability or consequences of an accident previously evaluated; (2) create the possibility of a new or different kind of accident from any accident previously evaluated; or (3) involve a significant reduction in a margin of safety. Each standard is discussed as follows.

1) Would operation of the facility in accordance with the proposed amendments involve a significant increase in the probability or consequences of an accident previously evaluated?

No, facility operation under the new Technical Specification (TS) restrictions would not increase the probability of occurrence of any accident previously evaluated.

The proposed changes only affect the emergency safety features actuation system (ESFAS) functions of RAS, CSAS, and AFAS; generally limiting the time that any instrument channel may be inoperable in a bypassed or tripped condition. No physical plant changes are proposed in conjunction with these revisions. The proposed changes to RAS and AFAS channel operability greatly reduce the time that actuation systems are vulnerable to spurious, inadvertent actuation. The proposed changes do allow a new unlimited time for trip of one CSAS channel on Unit 1. Unit 2 already contains provision for the indefinite single channel trip of CSAS, and this change will also make the two units similar. Additionally, it is important to note that inadvertent actuation of any of these functions (RAS, CSAS, or AFAS) during plant operation is not an accident initiating event. Therefore, with no physical effects on the plant and no increase in probability that the subject ESFAS functions will initiate an accident, there is no increased probability that any previously evaluated accident will occur. The changes provided in this safety evaluation do not affect the assumptions or results of any accident evaluated in the UFSAR.

Likewise, the consequences of any accident previously evaluated have not been increased. The proposed changes, by limiting the time that ESFAS functions are inoperable, will increase the reliability of the associated ESFAS functions to respond to

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 3 of 4 ESFAS Trip/Bypass Single Failure Vulnerabilities accidents. In particular, the revision to the RAS TS will limit the time that the RAS will be vulnerable to single failure and will therefore improve the system reliability during an accident. As these proposed changes constitute no physical change to the facility and only serve to increase ESFAS function reliability, FPL concludes that the consequences of previously evaluated accidents are not increased. The ability of the ESFAS to respond to accident conditions as assumed in any accident analysis has not been affected.

2) Would operation of the facility in accordance with the proposed amendments create the possibility of a new or different kind of accident from any accident previously evaluated?

No, the proposed activity does not create the possibility of an accident of a different type than any previously evaluated. The proposed changes only affect the ESFAS functions of RAS, CSAS, and AFAS; generally limiting the time that any instrument channel may be inoperable in a bypassed or tripped condition.

No physical plant changes are proposed in conjunction with these revisions. Thereby, the proposed changes do not create any new equipment interfaces, equipment response characteristics, or operating configurations. Without creation of a new interaction of materials, operating configuration, or operating interface, there is no possibility that the proposed changes can introduce a new or different kind of accident.

3)

Would operation of the facility in accordance with the proposed amendments involve a significant reduction in a margin of safety?

The margin of safety as defined in the basis for any Technical Specification or in any licensing document has not been reduced.

Except for the change in end state specified for the AFAS automatic actuation logic LCO, the TS Bases for the associated ESFAS LCO do not explicitly discuss a related margin of safety. Changing the AFAS automatic actuation logic LCO end state from Mode 5 to Mode 4 is not a reduction in a margin of safety. That proposed change is consistent with the TS applicability for the AFAS and auxiliary feedwater systems as well as the bases for TS LCOs.

Additionally, by virtue of the increased ESFAS reliability provided by the proposed amendments, it is evident that the margin of safety will not be reduced in any manner.

Based on the determination made above, it is concluded that the proposed amendments do not involve any significant hazards.

St. Lucie Units 1 and 2 L-2002-113 Docket Nos. 50-335 and 50-389 Proposed License Amendments Page 4 of 4 ESFAS Trip/Bypass Single Failure Vulnerabilities Environmental Consideration The proposed license amendments change requirements with respect to installation or use of a facility component located within the restricted area as defined in 10 CFR Part 20.

The proposed amendments involve no significant increase in the amounts and no significant change in the types of any effluents that may be released offsite, and no significant increase in individual or cumulative occupational radiation exposure.

FPL concluded that the proposed amendments involve no significant hazards consideration and meet the criteria for categorical exclusion set forth in 10 CFR 51.22(c)(9) and that, pursuant to 10 CFR 51.22(b), an environmental impact statement or environmental assessment need not be prepared in connection with issuance of the amendments.

Conclusion FPL concludes, based on the considerations discussed above, that (1) there is reasonable assurance that the health and safety of the public will not be endangered by operation in the proposed manner, (2) such activities will be conducted in compliance with the Commission's regulations, and (3) the issuance of the amendments will not be inimical to the common defense and security or to the health and safety of the public.

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Single Failure Vulnerabilities L-2002-113 Page 1 of 6 ST. LUCIE UNIT 1 MARKED UP TECHNICAL SPECIFICATION PAGES Page 3/4 3-10 Page 3/4 3-11 Page 314 3-13

TABLE 3.3-3 ENGINEERED SAFETY FEATURE ACTUATION SYSTEM INSTRUMENTATION TOTAL NO. OF FUNCTIONAL UNIT CHANNELS MINIMUM CHANNELS CHANNELS TO TRIP OPERABLE APPLICABLE MODES

1.

SAFETY INJECTION (SIAS)

a. Manual (Trip Buttons)

b. Containment Pressure High

c. Pressurizer Pressure Low

2.

CONTAINMENT SPRAY (CSAS)

a. Manual (Trip Buttons)

b. Containment Pressure High-High

3.

CONTAINMENT ISOLATION (CIS)

a. Manual (Trip Buttons)

b. Containment Pressure High

c. Containment Radiation High

d. SIAS

4.

MAIN STEAM LINE ISOLATION (MSIS)

a. Manual (Trip Buttons)

b. Steam Generator Pressure - Low 1

2 2

2 4

4 2

4 1

2(b) 1 2

2 3

3 2

3 1,2,3,4 1,2,3 1, 2, 3(a) 1,2,3,4 1,2,3 1,2,3,4 1,2,3 4

2 3

1,2,3,4 9#

(See Functional Unit 1 above) 2/steam generator 4/steam generator 1/steam 2/operating generator steam generator 2/steam 3/steam generator generator 1,2,3,4 1, 2,3(c)

Amendment No. 45, 87 ACTION 8

8 8

0 C)

CI,JD 3/4 3-10 ST. LUCIE - UNIT 1

TABLE 3.3-3 (Continuedl ENGINEERED SAFETY FEATURE ACTUATION SYSTEM INSTRUMENTATION FUNCTIONAL UNIT

5.

CONTAINMENT SUMP RECIRCULATION (RAS)

a. Manual RAS (Trip Buttons)

b. Refueling Water Tank - Low

6.

LOSS OF POWER

a. 4.16 kv Emergency Bus Under voltage (Loss of Voltage)

b. 4.16 kv Emergency Bus Under voltage (Degraded Voltage)

c. 480 V Emergency Bus Under voltage (Degraded Voltage)

7.

AUXILIARY FEEDWATER (AFAS)

a. Manual (Trip Buttons)

b. Automatic Actuation Logic

c. SG Level (1A/1B) - Low

8.

AUXILIARY FEEDWATER ISOLATION

a. SG 1A-SG 1B Differential Pressure

b. F dwate,.eader

A -_lB Differential Pressure ST. LUCIE - UNIT 1 TOTAL NO.

CHANNELS OF CHANNELS TO TRIP 2

4 2/Bus 2/Bus 2/Bus 4/SG 4/SG 4/SG 4/SG 4/SG 1

2 2/Bus 2/Bus 2/Bus 2/SG 2/SG 2/SG 2/SG 2/SG MINIMUM CHANNELS OPERABLE 2

3 I/Bus 1/Bus 1/Bus 4/SG 3/SG 3/SG 3/SG 3/SG 3/43-11 APPLICABLE MODES ACTION 1,2,3,4 1,2,3

(*

1,2,3 1,2,3 1,2,3 12 12 12 1,2,3 1

1,2,3 1,2,3 1#

4 I"'#

b*,

2' nC 1,2,3 Amendment No. 4-, 37-, 68, 7, 402, 41..

0' CD o

O C. c

L-2002-113 Page 4 of 6 TABLE 3.3-3 (continued)

, 4k TABLE NOTATION ACTION 10 -

With the number of.OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the inoperable channel is placed in the bypassed condition and the Minimum Channels OPERABLE requirement is demonstrated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months ; one additional channel may be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing per Specification 4.3.2.1.1.

ACTION 11 -

With the number of OPERABLE channels one less than the Total Number of Channels, restore the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

ACTION 12 -

With the number of OPERABLE Channels one less than the Total Number of Channels, operation may proceed until performance of the next required CHANNEL FUNCTIONAL TEST provided the inoperable channel is placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months ne.

-\\zc L.-

N(c-To/. \\

ACTION 13 With the number of channels OPERABLE one less than the Ttl ACTION 14 W

he nnum serSofRcannels

/orERAB E One les tateMimu Amendment No. 45, 37-,,

Q, ST. LUCIE - UNIT I 3/4 3-13

L-2002-113 Page 5 of 6 Replace current ACTION Statement 10 (CSAS) with the following:

ACTION 10 -

With the number of OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in the bypassed or tripped condition and the Minimum Channels OPERABLE requirement is demonstrated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then place the inoperable channel in the tripped condition.

b.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , all functional units receiving an input from the inoperable channel are also placed in the same condition (either bypassed or tripped, as applicable) as required by

a. above for the inoperable channel.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

Replace current ACTION Statement 13 (RAS) with the following:

ACTION 13-With the number of OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If OPERABILITY can not be restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

b.

The Minimum Channels OPERABLE requirement is met; however, one additional channel may be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months while performing tests and maintenance on that channel provided the other inoperable channel is placed in the tripped condition.

L-2002-113 Page 6 of 6 Replace current ACTION Statement 14 (AFAS) with the following:

ACTION 14-With the number of channels OPERABLE one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then both AFAS-1 and AFAS-2 in the inoperable channel shall be placed in the bypassed condition. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with Specification 6.5.1.6m. The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN.

b.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , all functional units receiving an input from the inoperable channel are also placed in the same condition (either bypassed or tripped, as applicable) as that required by a. above for the inoperable channel.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Singqle Failure Vulnerabilities L-2002-113 Page 1 of 6 ST. LUCIE UNIT 2 MARKED UP TECHNICAL SPECIFICATION PAGES Page 314 3-12 Page 3/4 3-13 Page 3/4 3-14

TABLE 3.3-3 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM INSTRUMENTATION FUNCTIONAL UNIT

1.

SAFETY INJECTION (SIAS)

a. Manual (Trip Buttons)

b. Containment Pressure High

c. Pressurizer Pressure Low

d. Automatic Actuation Logic

2.

CONTAINMENT SPRAY (CSAS)

a. Manual (Trip Buttons)

b. Containment Pressure High-High

c. Automatic Actuation Logic

3.

CONTAINMENT ISOLATION (CIAS)

a. Manual CIAS (Trip Buttons)

b. Safety Injection (SIAS)

c. Containment Pressure High

d. Containment Radiation High

e. Automatic Actuation Logic TOTAL NO.

CHANNELS OF CHANNELS TO TRIP 2

4 4

1 2

2 1

2 2

4 2

2 1

2 I

MINIMUM CHANNELS OPERABLE 2

3 3

2 2

3 2

2 APPLICABLE MODES 1,2, 3,4 1,2,3 1, 2, 3(a) 13', 14 1,2,3,4 1,2,3,4 1(b), 2(b), 3(b) 1,2,3,4 1,2,3,4 See Functional Unit I for all Safety Injection Initiating Functior and Requirements 4

4 2

2 2

1 3

3 2

1,2,3 1,2,3 1,2,3,4 ST. LUCIE - UNIT 2 ACTION 12 13*, 14 12 12 12 12 ns 13*, 14 13", 14 12 7

0 0

>,0 0

CD =

3o IN)

CD 3/4 3-12

TABLE 3.3-3 (Continued)

ENGINEERED SAFETY FEATURES ACTUATION SYSTEM INSTRUMENTATION FUNCTIONAL UNIT

4.

MAIN STEAM LINE ISOLATION (MSIS)

a. Manual (Trip Buttons)

b. Steam Generator Pressure - Low

c. Containment Pressure High

d. Automatic Actuation Logic

5.

CONTAINMENT SUMP RECIRCULATION (RAS)

a. Manual RAS (Trip Buttons)

b. Refueling Water Storage Tank - Low

c. Automatic Actuation Logic TOTAL NO.

CHANNELS OF CHANNELS TO TRIP 2

4/steam generator 4

2 2

4 2

I 2/steam generator 2

1 1

2 1

MINIMUM CHANNELS OPERABLE 2

3/steam generator 3

2 2

3 2

APPLICABLE MODES 1,2,3 ACTION 16 1, 2, 3(c) 13*, 14 1,2,3 1,2,3 1,2,3,4 1,2,3 1,2,3 13",14 12 12 12 0,'

0

-ID 0-*-

3/4 3-13 Amendment No. 60 ST. LUCIE - UNIT 2

TABLE 3.3-3 (Continued)

ENGINEERED SAFETY FEATURES ACTUATION SYSTEM INSTRUMENTATION MINIMUM TOTAL NO.

CHANNELS CHANNELS APPLICABLE FUNCTIONAL UNIT OF CHANNELS TO TRIP OPERABLE MODES ACTION

6.

LOSS OF POWER (LOV)

a. (1) 4.16 kV Emergency Bus 2/Bus 2/Bus l/Bus 1,2,3 17 Undervoltage (Loss of Voltage)

(2) 480 V Emergency Bus 3/Bus 2/Bus 2/Bus 1,2,3 17 Undervoltage (Loss of Voltage)

b. (1) 4.16 kV Emergency Bus 3/Bus 2/Bus 2/Bus 1.2,3 17 Undervoltage (Degraded Voltage)

(2) 480 V Emergency Bus 3/Bus 2/Bus 2/Bus 1,2,3 17 Undervoltage (Degraded Voltage).

7.

AUXILIARY FEEDWATER (AFAS)

a. Manual (Trip Buttons)

b. Automatic Actuation Logic

c. SG Level (2A/2B) - Low

8.

AUXILIARY FEEDWATER ISOLATION

a. SG 2A - SG 2B Differential Pressure

b. Feedwater Heade(&-A -@* B Differential Pressure 4/SG 4/SG 4/SG 4/SG 4/SG 2/SG 2/SG 2/SG 2/SG 2/SG 4/SG 1,2,3 15 3/SG 1,2,3 j

-4 3/SG 1,2,3 3/SG

.2,3 4.31..

3/SG 1,2,3 2-20 c..-c 314 3-14 ST. LUCIE - UNIT 2 Amendment No. 28, F0-

-4,

-4

-. 0

L-2002-113 Page 5 of 6 Insert the following new ACTION 18 (CSAS) Statement:

ACTION 18 -

With the number of OPERABLE Channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a. The inoperable channel is placed in either the bypassed or tripped condition and the Minimum Channels OPERABLE requirement is demonstrated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then place the inoperable channel in the tripped condition.

b.

With a channel process measurement circuit that affects multiple functional units inoperable or in test, bypass or trip all associated functional units as listed in ACTION

13.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

Insert the following new ACTION 19 (RAS) Statement:

ACTION 19-With the number of OPERABLE Channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months the inoperable channel is placed in either the bypassed or tripped condition. If OPERABILITY can not be restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

b.

The Minimum Channels OPERABLE requirement is met; however, one additional channel may be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing per Specification 4.3.2.1.

L-2002-113 Page 6 of 6 Insert the following new ACTION 20 (AFAS) Statement:

ACTION 20-With the number of channels OPERABLE one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then both AFAS-1 and AFAS-2 in the inoperable channel shall be placed in the bypassed condition. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with Specification 6.5.1.6m. The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN.

b.

With a channel process measurement circuit that affects multiple functional units inoperable or in test, bypass or trip all associated functional units as listed in ACTION

13.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months .

Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Single Failure Vulnerabilities L-2002-113 Page 1 of 10 Word-Processed TS Changes Unit 1 Pages 3/4 3-10 3/4 3-11 3/4 3-13 (new) 3/4 3-13a Unit 2 Pages 3/4 3-12 3/4 3-13 3/4 3-14 (new) 3-16a (new) 3-16b

TABLE 3.3-3 ENGINEERED SAFETY FEATURE ACTUATION SYSTEM INSTRUMENTATION TOTAL NO.

OF FUNCTIONAL UNIT CHANNELS MINIMUM CHANNELS CHANNELS TO TRIP OPERABLE APPLICABLE MODES

1.

SAFETY INJECTION (SIAS)

a. Manual (Trip Buttons)

b. Containment Pressure High

c. Pressurizer Pressure Low

2.

CONTAINMENT SPRAY (CSAS)

a. Manual (Trip Buttons)

b. Containment Pressure High-High

3.

CONTAINMENT ISOLATION (CIS)

a. Manual (Trip Buttons)

b. Containment Pressure High

c. Containment Radiation High

d. SIAS

4.

MAIN STEAM LINE ISOLATION (MSIS)

a. Manual (Trip Buttons)

b. Steam Generator Pressure - Low 2

4 4

2 4

4 1

2 2

1 2(b) 1 2

1,2,3,4 1,2,3 1, 2, 3(a) 1,2,3,4 2

3 3

2 3

1,2,3 1,2,3,4 8

8 10a#, 10b#, 10c 8

1,2,3 2

3 1,2,3,4 9#

(See Functional Unit 1 above) -............

2/steam 1/steam 2/operating generator generator steam generator 4/steam 2/steam 3/steam generator generator generator 1,2,3,4 1, 2, 3(c) 8 ST. LUCIE - UNIT I 3/4 3-10

-U>

cc- 0 O(D 7C Amendment No. 45, 36,

0.

D 0 cri W ACTION

TABLE 3.3-3 (Continued)

ENGINEERED SAFETY FEATURE ACTUATION SYSTEM INSTRUMENTATION FUNCTIONAL UNIT

5.

CONTAINMENT SUMP RECIRCULATION (RAS)

a. Manual RAS (Trip Buttons)

b. Refueling Water Tank - Low

6.

LOSS OF POWER

a. 4.16 kv Emergency Bus Under voltage (Loss of Voltage)

b. 4.16 kv Emergency Bus Under voltage (Degraded Voltage)

c. 480 V Emergency Bus Under voltage (Degraded Voltage)

7.

AUXILIARY FEEDWATER (AFAS)

a. Manual (Trip Buttons)

b. Automatic Actuation Logic

c. SG Level (1N1B)- Low

8.

AUXILIARY FEEDWATER ISOLATION

a. SG 1A-SG lB Differential Pressure

b. Feedwater Header IA - I B Differential Pressure TOTAL NO.

CHANNELS OF CHANNELS TO TRIP 2

4 1

2 2/Bus 2/Bus 2/Bus 4/SG 4/SG 4/SG 4/SG 4/SG 2/Bus 2/Bus 2/Bus 2/SG 2/SG 2/SG 2/SG 2/SG MINIMUM CHANNELS OPERABLE 2

3 1/Bus 1/Bus 1/Bus 4/SG 3/SG 3/SG 3/SG 3/SG APPLICABLE MODES 1,2,3,4 1,2,3 1,2,3 1,2,3 1,2,3 1,2,3 1,2,3 1,2,3 1,2,3 1,2,3 ACTION 8

13 12 12 12 11 11 14a#,14b#,14c 14a#,14b#,14c 14a#,14c ST. LUCIE - UNIT I 3/4 3-11 Amendment No. 4-, 37, 8, 72, 4-02, 424-,

9>

C

,-)

CD :r -

O 0 CD 0'*0o h =3J-

L-2002-113 Page 4 of 10 TABLE 3.3-3 (continued)

TABLE NOTATION ACTION 10 -

ACTION 11 ACTION 12 -

With the number of OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in the bypassed or tripped condition and the Minimum Channels OPERABLE requirement is demonstrated within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then place the inoperable channel in the tripped condition.

b.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , all functional units receiving an input from the inoperable channel are also placed in the same condition (either bypassed or tripped, as applicable) as required by a. above for the inoperable channel.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

With the number of OPERABLE channels one less than the Total Number of Channels, restore the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

With the number of OPERABLE Channels one less than the Total Number of Channels, operation may proceed until performance of the next required CHANNEL FUNCTIONAL TEST provided the inoperable channel is placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months .

Amendment No. 4-5, 3-, 58, 7, 3/4 3-13 ST. LUCIE - UNIT I

L-2002-113 Page 5 of 10 TABLE 3.3-3 (continued)

TABLE NOTATION ACTION 13 -

With the number of OPERABLE channels one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If OPERABILITY can not be restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

b.

The Minimum Channels OPERABLE requirement is met; however, one additional channel may be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months while performing tests and maintenance on that channel provided the other inoperable channel is placed in the tripped condition.

ACTION 14 -

With the number of channels OPERABLE one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then both AFAS-1 and AFAS-2 in the inoperable channel shall be placed in the bypassed condition. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with Specification 6.5.1.6m. The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN.

b.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months , all functional units receiving an input from the inoperable channel are also placed in the same condition (either bypassed or tripped, as applicable) as that required by a. above for the inoperable channel.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

ST. LUCIE - UNIT 33/4 3-13a Amendment No.

TABLE 3.3-3 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM INSTRUMENTATION MINIMUM TOTAL NO.

CHANNELS CHANNELS APPLICABLE FUNCTIONAL UNIT

1.

SAFETY INJECTION (SIAS)

a. Manual (Trip Buttons)

b. Containment Pressure High

c. Pressurizer Pressure Low

d. Automatic Actuation Logic

2.

CONTAINMENT SPRAY (CSAS)

a. Manual (Trip Buttons)

b. Containment Pressure High-High

c. Automatic Actuation Logic

3.

CONTAINMENT ISOLATION (CIAS)

a. Manual CIAS (Trip Buttons)

b. Safety Injection (SIAS)

c. Containment Pressure High

d. Containment Radiation High

e. Automatic Actuation Logic OF CHANNELS TO TRIP OPERABLE MODES 2

4 4

2 2

4 2

1 2

2 1

2 3

3 2

2 3

2 1,2,3,4 1,2,3 1, 2, 3(a) 1,2,3,4 1,2,3,4 1(b), 2(b), 3(b) 1,2,3,4 ACTION 12 13*, 14 13*, 14 12 12 18a*, 18b*, 18c 12 2

1 2

1,2,3,4 12 See Functional Unit 1 for all Safety Injection Initiating Functions and Requirements 4

2 3

1,2,3 13*, 14 4

2 3

1,2,3 13*, 14 2

1 2

1,2,3,4 12 3/4 3-12 Amendment No.

SCD oo COO7OO I

ST. LUCIE - UNIT 2

TABLE 3.3-3 (Continued)

ENGINEERED SAFETY FEATURES ACTUATION SYSTEM INSTRUMENTATION FUNCTIONAL UNIT

4.

MAIN STEAM LINE ISOLATION (MSIS)

a. Manual (Trip Buttons)

b. Steam Generator Pressure - Low

c. Containment Pressure High

d. Automatic Actuation Logic

5.

CONTAINMENT SUMP RECIRCULATION (RAS)

a. Manual RAS (Trip Buttons)

b. Refueling Water Storage Tank - Low

c. Automatic Actuation Logic TOTAL NO.

CHANNELS OF CHANNELS TO TRIP 2

4/steam generator 4

2 2

4 2

1 2/steam generator 2

2 1

2 MINIMUM CHANNELS OPERABLE 2

3/steam generator 3

2 2

3 2

APPLICABLE MODES 1,2,3 1, 2, 3(c) 1,2,3 1,2,3 1,2,3,4 1,2,3 1,2,3

-U>

01 CD =r C

-4E3CD 0

01CE) h ='

0 C--W 3/4 3-13 Amendment No. 60, ACTION 16 13", 14 13*, 14 12 12 19 12 ST. LUCIE - UNIT 2

TABLE 3.3-3 (Continued)

ENGINEERED SAFETY FEATURES ACTUATION SYSTEM INSTRUMENTATION MINIMUM TOTAL NO.

CHANNELS CHANNELS APPLICABLE FUNCTIONAL UNIT OF CHANNELS TO TRIP OPERABLE MODES ACTION

6.

LOSS OF POWER (LOV)

a. (1) 4.16 kV Emergency Bus Undervoltage (Loss of Voltage) 2/Bus 2/Bus 1/Bus 1, 2, 3 17 (2) 480 V Emergency Bus 3/Bus 2/Bus 2/Bus 1,2,3 17 Undervoltage (Loss of Voltage)

b. (1) 4.16 kV Emergency Bus 3/Bus 2/Bus 2/Bus 1,2,3 17 Undervoltage (Degraded Voltage)

(2) 480 V Emergency Bus 3/Bus 2/Bus 2/Bus 1, 2, 3 17 Undervoltage (Degraded Voltage)

7.

AUXILIARY FEEDWATER (AFAS)

a. Manual (Trip Buttons) 4/SG 2/SG 4/SG 1, 2, 3 15

b. Automatic Actuation Logic 4/SG 2/SG 3/SG 1, 2, 3 15

c. SG Level (2A/2B) - Low 4/SG 2/SG 3/SG 1, 2, 3 20a*, 20b*, 20c

8.

AUXILIARY FEEDWATER ISOLATION

a. SG 2A - SG 2B Differential Pressure 4/SG 2/SG 3/SG 1, 2, 3 20a*, 20b*, 20c

b. Feedwater Header 2A - 2B 4/SG 2/SG 3/SG 1, 2, 3 20a*, 20c Differential Pressure IIIII ST. LUCIE - UNIT 2 3/4 3-14

~-0 Amendment No. 28, 7-9, 0CD 'Ij OCO1C.w I I I

I

L-2002-113 Page 9 of 10 TABLE §43.,

(Conftnuedg TABLE NOTATION ACTION 18 -

With the number of OPERABLE Channels one ks than the Total Number of channels, operation may proceed povided the following conditions are satisfied:

a.

The inoperable channel is Placed in either the bypassed or tripped condiion and the Minimum Channels OPERABLE requirement is demonstrated within I hour, If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then place the inoperable channel in the tripped condition.

b.

With a channel process measurement circut that affects multiple functional units inoperable or in test, bypass or trip all associated functional units as listed in ACTION 13.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel has been plaed in the tripped condition within I hour. Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the ACTION 19 -

With the number of OPERABLE Channels one less than the Total Number of Chanrnels, operation may proceed provided the following conditions are satisfied:

a.

Within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months the inoperable channel is placed [n either the bypassed or tripped condition. If OPERABILITY can not be restored within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , be in at toast HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

b. The Minimum Channels OPERABLE requirement is met; however, one adcitional channel may be bypassed for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months for surveillance testing per Specification 4.3.2.1.

ST.LUCIE-UNIT 2 Amwdrrmntl4m

V4 3-116a

L-2002-113 Page 10 of 10 TABLE 3.3-3 (Continued)

TABLE NOTATION ACTION 20 -

With the number of channels OPERABLE one less than the Total Number of Channels, operation may proceed provided the following conditions are satisfied:

a.

The inoperable channel is placed in either the bypassed or tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . If the inoperable channel can not be restored to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months , then both AFAS-1 and AFAS-2 in the inoperable channel shall be placed in the bypassed condition. If the inoperable channel is bypassed, the desirability of maintaining this channel in the bypassed condition shall be reviewed in accordance with Specification 6.5.1.6m. The channel shall be returned to OPERABLE status no later than during the next COLD SHUTDOWN.

b With a channel process measurement circuit that affects multiple functional units inoperable or in test, bypass or trip all associated functional units as listed in ACTION 13.

c.

With the number of channels OPERABLE one less than the Minimum Channels OPERABLE, operation may proceed provided one of the inoperable channels has been bypassed and the other inoperable channel placed in the tripped condition within 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months . Restore one of the inoperable channels to OPERABLE status within 48 hours5.555556e-4 days 0.0133 hours 7.936508e-5 weeks 1.8264e-5 months or be in at least HOT STANDBY within 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months and in HOT SHUTDOWN within the following 6 hours6.944444e-5 days 0.00167 hours 9.920635e-6 weeks 2.283e-6 months .

ST. LUCIE - UNIT 2 Amendment No.

3/4 3-16b

St. Lucie Units 1 and 2 Docket Nos. 50-335 and 50-389 Proposed License Amendments ESFAS Trip/Bypass Single Failure Vulnerabilities L-2002-113 Page 1 of 3 CE Infobulletin 97-02 Spurious Recirculation Actuation Signal May 23, 1997

L-2002-113 Page 2 of 3 A11 Combustion Engineering Infobulletin No. 97-02 May 23, 1997 Spurious Recirculation Actuation Signal

==

Introduction:==

Operating Plants with an ABS-CE designed NSSS have an Emergency Core Cooling System (ECCS) which is actuated by a Safely Injection Actuation Signal (SIAS). Under certain accident conditions, and depending on the plant specific design, the Refueling Water Tank (RWT) level would decrease sufficientdy to gcncrate a Recirculation Actuatlon Signal (RAS), which deenergizes the Low Pressure Safety Injection (LPSI) pumps; closes the High P...ssure Safety Injection (HPSI) pump, containment spray pump, and LPSI pump mini-flow isolation valves: closes the RWT isolation valves; and opens the ECCS containment building sump suction valves.

Entergy Operations, Inc. has reported that the Technical Specifications for Arkansas Nuclear One - Unit 2 (ANO-2) allow a configuration to exist indefinitely such that the single failure of an RWT level sensor would result In Initialing an inadvertent prematur." PAS. If this were to occur during certain accident conditions, it could result in the ECCS being unable to perform its safety functions. For other plants as well as ANO-2, this condition may exist as a deficiency in the prescribed actions of the plant's Technical Specifications and is not a deficiency in the ECCS or actuation system design.

Discussion: An RAS is initiatod whenever two of the four RWT level instruments sense that RWT level has dropped to the RAS setpoint. ANO-2 Technical Specifications allow an inoperable channel of RWT level Instrumentation to be placed in the TRIPPED condition indefinitely. In the TRIPPED condition, the two-out-of-four logic effectively becomes one-out-of-three logic.

If one channel of RWT level Instrumentation is in the TRIPPED condition at the time of a Loss of Coolant Accident (LOCA) or a large Steam Line Break (SLB) and another channel of RWT level instrumentation Is assumed to fail low, an inadvertent RAS would occur. The LPSI pumps would shut off. (Under certain large break LOCA conditions, premature termination of LPSI flow is unacceptable.)

ECCS suction would be shifted to the containment building sump prematurely, preventing the HPSI pumps from Initially delivering flow to the reactor core. Also, under certain conditions, the HPSI pumps could continue to run dead-headed, which may damage the pumps. The containment spray pump and LPSI pump mini-nfow Isolation valves would also close. For those plants where the containment spray pumps are actuated by SIAS, the containment spray pumps could also be damaged by running dead headed.

Recommendation: Utilities should determine whether the condition described above is applicable to their plants, If applicable, one potential resolution may be to change the Technical Specifications Action Statement for one channel of RAS out of service, to require placing a failed RWT level channel in only the BYPASS condition. In the BYPASS condition, the two-out-of-four logic changes to two-out-of-three logic. This has been previously Implemented by OPPD Fort Calhoun Station in Amendment No. 173 to Facility Operating License No. DPR-40, Docket No. 50-285. if the above Technical Specification ;hange Is considered, plant-specific Implementation may differ from Fort Calhoun because each plant may have different Implementations of the RAS.

For some plants, there may also be a' single failure vulnerability In the BYPASS conditionf For example.

some plants have four vital busses, but only two batteries. This could allow a fault at a battlery to fail two vital busses which may Impact two RAS channels. If a channel Is In indefinite BYPASS (i.e., two out of three actuation logic), then a single failure of two vital busses might result in a failure to generate RAS when neededdepending on plant-specific system design. This potential single failure vulnerability should be evaluated on a plant-specific basis before permitting. unlimited operation with one RAS channel In BYPASS.

ga*.mua.~1ky aidr*

1.

c d

A s b dM kli~ mw, n way b i

m w.Azr & i

.......make atfpuii~osI t~maif UTUI~C(5AWfor a pU60"~ VpMp *rtM hKA ty.Vidh~rcprcd~

1i)e &MWUyq, r Ufwd a or Ow Wfs'= @"iABm flB.cigns. W yd~oawnc all "R.i mqlimc of Vawv, us rme *wyjz~cO(#4I k~rmadoý

L-2002-1 13 Page 3 of 3 A_81BCE inffobuoflW mytin9 page 20of2 APPI~abli~

Ths iWS

~p~iCb~*to ll lans ih!Ch aliow operaliot' viih 2n RAs channlfl in eithef the BYPASS of TRIPPED cordit&0C m ndefinitely, a3d fo Orwhlh tbhrlldsnl ~i~ ~tCb~te bave,enol already been Cvalualedý Techinical Contact' Bob Jequith (860) 2S$43823 I

ML022040192

Text

Navigation menu

Search