Degradation of Engineered Safety Features| ML031180118 |
| Person / Time |
|---|
| Issue date: |
02/16/1979 |
|---|
| From: |
NRC/IE |
|---|
| To: |
|
|---|
| References |
|---|
| IN-79-004, NUDOCS 7912120548 |
| Download: ML031180118 (7) |
|
|
|---|
Category:NRC Information Notice
MONTHYEARInformation Notice 1990-01, Importance of Proper Response to Self-Identified Violations by Licensees1990-01-12012 January 1990
Importance of Proper Response to Self-Identified Violations by Licensees
Information Notice 1987-19, Perforation and Cracking of Rod Cluster Control Assemblies1987-04-0909 April 1987
Perforation and Cracking of Rod Cluster Control Assemblies
Information Notice 1987-18, Unauthorized Service on Teletherapy Units by Nonlicensed Maintenance Personnel1987-04-0808 April 1987
Unauthorized Service on Teletherapy Units by Nonlicensed Maintenance Personnel
Information Notice 1987-17, Response Time of Scram Instrument Volume Level Detectors1987-04-0707 April 1987
Response Time of Scram Instrument Volume Level Detectors
Information Notice 1987-16, Degradation of Static O Ring Pressure Switches1987-04-0202 April 1987
Degradation of Static O Ring Pressure Switches
Information Notice 1987-15, Compliance with the Posting Requirements of Subsection 223B of the Atomic Energy Act of 1954, As Amended1987-03-25025 March 1987
Compliance with the Posting Requirements of Subsection 223B of the Atomic Energy Act of 1954, As Amended
Information Notice 1987-15, Compliance with the Posting Requirements of Subsection 223b of the Atomic Energy Act of 1954, as Amended1987-03-25025 March 1987
Compliance with the Posting Requirements of Subsection 223b of the Atomic Energy Act of 1954, as Amended
Information Notice 1987-14, Actuation of Fire Suppression System Causing Inoperability of Safety-Related Ventilation Equipment1987-03-23023 March 1987
Actuation of Fire Suppression System Causing Inoperability of Safety-Related Ventilation Equipment
Information Notice 1987-13, Potential for High Radiation Fields Following Loss of Water from Fuel Pool1987-02-24024 February 1987
Potential for High Radiation Fields Following Loss of Water from Fuel Pool
Information Notice 1987-11, Enclosure of Vital Equipment within Designated Vital Areas1987-02-13013 February 1987
Enclosure of Vital Equipment within Designated Vital Areas
Information Notice 1987-11, Enclosure of Vital Equipment Within Designated Vital Areas1987-02-13013 February 1987
Enclosure of Vital Equipment Within Designated Vital Areas
Information Notice 1987-12, Potential Problems with Metal Clad Circuit Breakers, General Electric Type AKF-2-251987-02-13013 February 1987
Potential Problems with Metal Clad Circuit Breakers, General Electric Type AKF-2-25
Information Notice 1987-10, Potential for Water Hammer During Restart of Residual Heat Removal Pumps1987-02-11011 February 1987
Potential for Water Hammer During Restart of Residual Heat Removal Pumps
Information Notice 1987-09, Emergency Diesel Generator Room Cooling Design Deficiency1987-02-0505 February 1987
Emergency Diesel Generator Room Cooling Design Deficiency
Information Notice 1987-08, Degraded Motor Leads in Limitorque DC Motor Operators1987-02-0404 February 1987
Degraded Motor Leads in Limitorque DC Motor Operators
Information Notice 1987-07, Quality Control of Onsite Dewatering/Solidification Operations by Outside Contractors1987-02-0303 February 1987
Quality Control of Onsite Dewatering/Solidification Operations by Outside Contractors
Information Notice 1987-05, Miswiring in a Westinghouse Rod Control System1987-02-0202 February 1987
Miswiring in a Westinghouse Rod Control System
Information Notice 1987-06, Loss of Suction to Low-Pressure Service Water System Pumps Resulting from Loss of Siphon1987-01-30030 January 1987
Loss of Suction to Low-Pressure Service Water System Pumps Resulting from Loss of Siphon
Information Notice 1987-04, Diesel Generator Fails Test Because of Degraded Fuel1987-01-16016 January 1987
Diesel Generator Fails Test Because of Degraded Fuel
Information Notice 1987-03, Segregation of Hazardous and Low-Level Radioactive Wastes1987-01-15015 January 1987
Segregation of Hazardous and Low-Level Radioactive Wastes
Information Notice 1987-02, Inadequate Seismic Qualification of Diaphragm Valves by Mathematical Modeling and Analysis1987-01-13013 January 1987
Inadequate Seismic Qualification of Diaphragm Valves by Mathematical Modeling and Analysis
Information Notice 1986-11, Anomalous Behavior of Recirculation Loop Flow in Jet Pump BWR Plants1986-12-31031 December 1986
Anomalous Behavior of Recirculation Loop Flow in Jet Pump BWR Plants
ML0530703841986-12-29029 December 1986
Degradation of Reactor Coolant System Pressure Boundary Resulting from Boric Acid Corrosion
Information Notice 1986-99, Degradation of Steel Containment1986-12-0808 December 1986
Degradation of Steel Containment
Information Notice 1986-98, Offsite Medical Services1986-12-0202 December 1986
Offsite Medical Services
Information Notice 1986-97, Emergency Communications System1986-11-28028 November 1986
Emergency Communications System
Information Notice 1986-96, Heat Exchanger Fouling Can Cause Inadequate Operability of Service Water Systems1986-11-20020 November 1986
Heat Exchanger Fouling Can Cause Inadequate Operability of Service Water Systems
Information Notice 1986-95, Leak Testing Iodine-125 Sealed Sources in Lixi, Inc. Imaging Devices and Bone Mineral Analyzers1986-11-10010 November 1986
Leak Testing Iodine-125 Sealed Sources in Lixi, Inc. Imaging Devices and Bone Mineral Analyzers
Information Notice 1986-94, Hilti Concrete Expansion Anchor Bolts1986-11-0606 November 1986
Hilti Concrete Expansion Anchor Bolts
Information Notice 1986-92, Pressurizer Safety Valve Reliability1986-11-0404 November 1986
Pressurizer Safety Valve Reliability
Information Notice 1986-90, Requests to Dispose of Very Low-Level Radioactive Waste Pursuant to 10 CFR 20.3021986-11-0303 November 1986
Requests to Dispose of Very Low-Level Radioactive Waste Pursuant to 10 CFR 20.302
Information Notice 1986-91, Limiting Access Authorizations1986-11-0303 November 1986
Limiting Access Authorizations
Information Notice 1986-93, IEB 85-03 Evaluation of Motor-Operators Identifies Improper Torque Switch Settings1986-11-0303 November 1986
IEB 85-03 Evaluation of Motor-Operators Identifies Improper Torque Switch Settings
Information Notice 1986-93, Ieb 85-03 Evaluation of Motor-Operators Identifies Improper Torque Switch Settings1986-11-0303 November 1986
Ieb 85-03 Evaluation of Motor-Operators Identifies Improper Torque Switch Settings
Information Notice 1986-89, Uncontrolled Rod Withdrawal Because of a Single Failure1986-10-16016 October 1986
Uncontrolled Rod Withdrawal Because of a Single Failure
Information Notice 1986-88, Compensatory Measures for Prolonged Periods of Security Systems Failures1986-10-15015 October 1986
Compensatory Measures for Prolonged Periods of Security Systems Failures
Information Notice 1986-86, Clarification of Requirements for Fabrication and Export of Certain Previously Approved Type B Packages1986-10-10010 October 1986
Clarification of Requirements for Fabrication and Export of Certain Previously Approved Type B Packages
Information Notice 1986-87, Loss of Offsite Power Upon an Automatic Bus Transfer1986-10-10010 October 1986
Loss of Offsite Power Upon an Automatic Bus Transfer
Information Notice 1986-85, Enforcement Actions Against Medical Licensees for Willful Failure to Report Misadministrations1986-10-0303 October 1986
Enforcement Actions Against Medical Licensees for Willful Failure to Report Misadministrations
Information Notice 1986-84, Rupture of a Nominal 40-Millicurie Iodine-125 Brachytherapy Seed Causing Significant Spread of Radioactive Contamination1986-09-30030 September 1986
Rupture of a Nominal 40-Millicurie Iodine-125 Brachytherapy Seed Causing Significant Spread of Radioactive Contamination
Information Notice 1986-83, Underground Pathways Into Protected Areas, Vital Areas, Material Access Areas, & Controlled Access Areas1986-09-19019 September 1986
Underground Pathways Into Protected Areas, Vital Areas, Material Access Areas, & Controlled Access Areas
Information Notice 1986-83, Underground Pathways into Protected Areas, Vital Areas, Material Access Areas, & Controlled Access Areas1986-09-19019 September 1986
Underground Pathways into Protected Areas, Vital Areas, Material Access Areas, & Controlled Access Areas
Information Notice 1986-82, Failures of Scram Discharge Volume Vent and Drain Valves1986-09-16016 September 1986
Failures of Scram Discharge Volume Vent and Drain Valves
Information Notice 1986-81, Broken Inner-External Closure Springs on Atwood & Morrill Main Steam Isolation Valves1986-09-15015 September 1986
Broken Inner-External Closure Springs on Atwood & Morrill Main Steam Isolation Valves
Information Notice 1986-80, Unit Startup with Degraded High Pressure Safety Injection System1986-09-12012 September 1986
Unit Startup with Degraded High Pressure Safety Injection System
Information Notice 1986-78, Scram Solenoid Pilot Valve (SSPV) Rebuild Kit Problems1986-09-0202 September 1986
Scram Solenoid Pilot Valve (SSPV) Rebuild Kit Problems
Information Notice 1986-79, Degradation or Loss of Charging Systems at PWR Nuclear Power Plants using Swing-Pump Designs1986-09-0202 September 1986
Degradation or Loss of Charging Systems at PWR Nuclear Power Plants using Swing-Pump Designs
Information Notice 1986-79, Degradation or Loss of Charging Systems at PWR Nuclear Power Plants Using Swing-Pump Designs1986-09-0202 September 1986
Degradation or Loss of Charging Systems at PWR Nuclear Power Plants Using Swing-Pump Designs
Information Notice 1986-77, Computer Program Error Report Handling1986-08-28028 August 1986
Computer Program Error Report Handling
Information Notice 1986-76, Problems Noted in Control Room Emergency Ventilation Systems1986-08-28028 August 1986
Problems Noted in Control Room Emergency Ventilation Systems
1990-01-12
[Table view]Some use of "" in your query was not closed by a matching "". |
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF INSPECTION AND ENFORCEMENT
WASHINGTON, D.C. 20555 February 16, 1979 IE Information Notice No. 79-04
DEGRADATION OF ENGINEERED SAFETY FEATURES
Summary
On September 16, 1978, an unusual sequence of events occurred at Arkansas
Nuclear One, Units 1 and 2. The events involved the electrical power
sources and culminated in the spurious activation and degraded operation
of Unit 2 Engineered Safety Features (ESF). Analysis of the course of
the incident has identified three safety concerns in the electrical
distribution system operation and design.
(1) The offsite power supply for ANO Unit 1 Engineered Safety Feature
loads was deficient in that degraded voltage could have resulted
in the unavailability of ESF equipment, if it were to be needed.
(2) The design of the ANO site electrical system that provides offsite
power to Units 1 and 2 did not fully meet the Commission's Regula- tions, 10 CFR 50, Appendix A, General Design Criterion 17, because
in certain circumstances a loss of one of the two offsite power
circuits would also result in a loss of the other such circuit.
(3) Deficiencies existed in the operation of the Unit 2 inverters
that convert DC to AC power for the uninterruptable 120 volt
vital AC buses.
Description of Circumstances
Initially Unit 1 was operating at 100 percent power; Unit 2 was in hot
standby performing hot functional testing in preparation for initial
criticality and power operational) Unit 1 auxiliary electrical loads
were being supplied from the Unit 1 main generator via the unit
auxiliary transformer. Unit 2 auxiliary electrical loads were being fed
from the offsite grid through Startup Transformer No. 3. The normal
operating status was interrupted by the failure of the Unit 1 Loop "A"
Main Steam Line Isolation Valve (MSIV) air operator solenoid causing the
MSIV to close as designed. The Unit 1 Reactor Protection System sensed
conditions requiring reactor shutdown and tripped the reactor. The
1 The Unit 2 Operating License did not permit criticality of power
operation at the time of the incident.
l of 5 793208
7 903 02 0 3 8 3
IE Information Notice No. 79-04 February 16, 1979 Unit 1 turbine-generator tripped concurrently. Because the Unit l
generator could no longer supply power for the Unit 1 auxiliary loads, these loads were automatically transferred to Startup Transformer No. 1 to supply this power from offsite. The sequence of events should have
ended at this point.
The power to Startup Transformer No. 3, which was feeding Unit 2, and to
Startup Transformer No. 1, now feeding Unit 1, normally passes through a
single piece of equipment, the Bus Tie Auto-Transformer. (Figure 1 shows a simplified block diagram of the principal electrical equipment
involved.) The Auto-Transformer has the capacity to provide power for
both units, but due to an error, the protective relays were still adjusted
for the operation of Unit 1 only. As a result, when both units concur- rently drew power from the Auto-Transformer these protection relays
tripped and cut off power to Startup Transformer Nos. 1 and 3.
Startup Transformer No. 2, also shown in Figure 1, thus became the only
source of offsite power for both Units 1 and 2. The onsite switching
equipment automatically transferred the full auxiliary loads for both
units to this transformer. However, this transformer is not designed to
carry full auxiliary loads for both units. For this reason, Startup
Transformer No. 2 became overloaded and the voltage dropped on the
station distribution system for offsite power. At this time and during
most of the incident t perating personnel at both units were unaware of
the degraded voltage 2 dondition due to the overloaded Startup Trans- former No. 2.(3)
2 Two other events involving degraded voltage for ESF equipment occurred
at Millstone Unit 2 in July 1976. These events were reported as an
abnormal occurrence (No. 76-9) in NUREG-0900-5, Report to Congress on
Abnormal Occurrences, July-September 1976.
3 It was subsequently determined that the following combinations of
Unit 1 and Unit 2 operation would lead to the loss of the Bus Tie
Auto-Transformer and the subsequent overloading of Startup Transformer
No. 2:
1. Both Units in either the startup or shutdown mode, or
2. Trip of one unit while the other is in either the startup
or shutdown mode, or
3. Simultaneous trip of both units.
2 of 5
IE 'Information Notice No. 79-04 February 16, 1979 At Unit 2, eight seconds after the switch to Startup Transformer No. 2, the relays (4) which operate to protect Engineered Safety Feature (ESF)
equipment from low (degraded) voltage disconnected and therefore
deenergized both Unit 2 ESF buses as designed. At the same time, the
Unit 2 Core Protection Calculator (CPC) instrumentation registered trips
which indicated a loss of AC power to the circuits (5) that supply at
least two instrument channels.
The loss of power on two 120 volt vital AC Instrument buses caused, as
designed, an actuation of all Unit 2 Engineered Safety Features. Thus, when the two Unit 2 emergency diesel generators started and provided
power to the previously deenergized ESF buses, the Engineered Safety
Features equipment began to operate. However, due to inverter failures, premature actuation of the Recirculation Actuation System (RAS)
occurred. This actuation momentarily opened a flow path directly
between the Refueling Water Tank (RWT) and the containment sump. ESF
operation and premature RAS operation combined to transfer approximately
60,000 gallons of borated refueling water to the containment sump in
about 90 seconds.
4 These relays are the second level of undervoltage protection required
as a result of the NRC staff review of the 1976 Millstone 2 degraded
voltage event. Corrective design changes (i.e., undervoltage relays
and load sequencing to offsite power) had been implemented on Unit 2 for degraded voltage protection. These design changes had not been
implemented on Unit 1 at the time of the event.
5 Each one of the four CPC instrumentation circuits receives power from
a vital AC bus which in turn receives power from a battery through an
inverter that converts DC power to AC power. Each inverter normally
provides power through a circuit with access to both an ESF bus and
the station batteries. Each inverter also has an automatic switch
that can cut off this normal supply circuit and shift the loads to
an alternate supply circuit, which includes just the ESF bus. (See -
insert on Figure 1.) With both Unit 2 ESF buses momentarily deenergized
the only source of instrument power was from the station batteries
through the normal switch position. However, although the exact cause
is unknown, all four inverter automatic switches were found in the
alternate position. Three of four inverters had improper settings on
time delay relays and one inverter had the undervoltage trip setting
too high, which may have In part been the cause. IE Circular No. 79-02, Failure of 120 Volt Vital AC Power Supplies, dated January 16, 1979, provided details of the inverter problems and recommended items to be
reviewed to avoid similar problems.
3 of 5
IE Information Notice No. 79-04 February 16, 1979 The normal design sequence calls for the RAS to automatically change the
valve lineup when signals from the level instruments on the Refueling
Water Tank (RWT) indicate that the tank is nearly empty, which is
expected to occur approximately 30 minutes after the LOCA. During this
incident, the RAS acted immediately in response to the failure of the
inverters and made the change in lineup while the RWT was nearly full.
The loss of power from the inverters caused a false low water level
indication in the RWT. This false indication provided the signals for
the automatic actuation of the RAS.
Had the Emergency Core Cooling System and/or the Containment Spray
System been needed in the event of a design basis loss of coolant
accident, it would not have performed as designed because of the pre- mature RAS valve actuation. ESF degradation on Unit 2 did not involve a
threat to the health and safety of the public because Unit 2 was pre- operational and had no radioactive fission product inventory in the
core. However, there was no assurance that the inverter deficiencies
which caused the premature operation of the RAS valves would have been
corrected prior to Unit 2 power operation.
In the event of a LOCA with a fission product inventory, if the RAS were
to initiate at the beginning of the accident, as it did in this incident, the low pressure and high pressure coolant injection subsystems (LPCI
and HPCI) of Emergency Core Cooling (ECC) and the Containment Spray
System might not function properly. Actuation of RAS causes isolation
of the water in the RWT, which is the source of short term cooling water
for Emergency Core Cooling and Containment Spray. The premature actua- tion of RAS also causes these pump suction lines to be connected to the
containment sump when there may not be sufficient water available.
Initially, the sequence of events on September 16 did not Indicate any
problem with the electrical distribution system of Unit 1. However, subsequent analysis indicated that in the event of a LOCA at Unit 1 during which Startup Transformer No. 1 received both the auxiliary
electrical loads and starting loads of the Engineered Safety Features a
voltage reduction would result. The safety loads might not initially
transfer to the Unit 1 diesel generators but could remain on the startup
transformer with reduced (degraded) voltage. Although there is margin
in the sizing of emergency equipment and the conditions of operation of
such equipment, this situation could cause fuses to blow in Engineered
Safety Feature circuits which could result in disabling the safety
equipment.
4 of 5
IE Information Notice No. 79-04 February 16, 1979 Cause or Causes The immediate causes of the unusual event at Arkansas
Nuclear One were: (1) loss of the Bus Tie Auto-Transformer which
resulted in degraded power operation through Startup Transformer No. 2, and (2) multiple Unit 2 inverter failures.
The loss of the Bus Tie Auto-Transformer was caused by inappropriate
setpoints for its protective relays. The Bus Tie Auto-Transformer loss
had not been adequately reviewed prior to this event in that the over- loading of the shared Startup Transformer No. 2 had not been identified
during the design and review process.
The primary cause of the failure of the inverters to perform as a
reliable power supply was the lack of adequate preoperational test
procedures, inadequate knowledge of inverter operation and lack of
maintenance control (maintenance has been performed on the inverters
several times prior to this event).
This Information Notice provides details of a significant occurrence
that is still under review by the NRC staff. After completion of the
staff review, this Information Notice will be followed with specific
actions to be taken by licensees.
No written response is required. If you desire additional information
regarding this matter, contact the Director of the appropriate NRC
Regional Office.
Attachment:
Figure 1, Simplified
Block Diagram, Electrical
Distribution
5 of 5
IE Information Notice Nlo. 79-04 INlVERTER l yVR1
[
AUTOMATIC
SWITCH IN
str1 -v
j
NORMAL
POSITION
I VITAL VIT)
IAC AC
I BUS ,BU
AC OUT I
INVERTER UNIT ANO-UNIT 2 (TYPICAL OF FOUR) (ONE OF TWO ESF
TRAINS SHOWW.)
SIiMPLIFIED BLOCK VIAGRAfl - ELECTRIC DISTRIBUTION
FIGURE 1 Attachnent
IE Information Notice No. 79-04 February 16, 1979 LISTING OF IE INFORMATION NOTICES
ISSUED IN 1979 Information Subject Date Issued To
Notice No. Issued
79-01 Bergen-Paterson Hydraulic 2/2/79 All power reactor
Shock and Sway Arrestor facilities with an
OL or a CP
79-02 Attempted Extortion - 2/2/79 All Fuel Facilities
Low Enriched Uranium
79-03 Limitorque Valve Geared 2/9/79 All power reactor
Limit Switch Lubricant facilities with an
OL or a CP
|
|---|
|
| list | - Information Notice 1979-01, Bergen-Paterson Hydraulic Shock & Sway Arrestors (Hssa) (2 February 1979)
- Information Notice 1979-01, Bergen-Paterson Hydraulic Shock & Sway Arrestors (HSSA) (2 February 1979)
- Information Notice 1979-03, Limitorque Valve Geared Limit Switch Lubricant (9 February 1979)
- Information Notice 1979-04, Degradation of Engineered Safety Features (16 February 1979)
- Information Notice 1979-05, Use of Improper Materials in Safety-Related Components (21 March 1979)
- Information Notice 1979-06, Stress Analysis of Safety-Related Piping (23 March 1979, Topic: Earthquake)
- Information Notice 1979-07, Rupture of Radwaste Tanks (26 March 1979)
- Information Notice 1979-08, Interconnection of Contaminated Systems with Service Air Systems Used as Source of Breathing Air (28 March 1979)
- Information Notice 1979-08, Interconnection of Contaminated Systems With Service Air Systems Used As Source of Breathing Air (28 March 1979)
- Information Notice 1979-09, Spill of Radioactively Contaminated Resin (30 March 1979, Topic: Hydrostatic)
- Information Notice 1979-19, Pipe Cracks in Stagnant Borated Water Systems at PWR Plants (17 July 1979, Topic: Boric Acid, Hydrostatic, Liquid penetrant)
- Information Notice 1979-20, NRC Enforcement Policy - NRC Licensed Individuals (7 September 1979)
- Information Notice 1979-21, Transportation & Commercial Burial of Radioactive Material (7 September 1979)
- Information Notice 1979-22, Qualification of Control Systems (14 September 1979)
- Information Notice 1979-24, Overpressurization of Containment of a PWR Plant After a Main Steam Line Break (1 October 1979)
- Information Notice 1979-25, Reactor Trips at Turkey Point Units 3 & 4 (1 October 1979)
- Information Notice 1979-26, Breach of Containment Integrity (5 November 1979)
- Information Notice 1979-28, Overloading of Structural Elements Due to Pipe Support Loads (16 November 1979)
- Information Notice 1979-29, Loss of Nonsafety-Related Reactor Coolant System Instrumentation During Operation (16 November 1979)
- Information Notice 1979-30, Reporting of Defects & Noncompliances, 10 CFR Part 21 (6 December 1979)
- Information Notice 1979-31, Use of Incorrect Amplified Response Spectra (13 December 1979)
- Information Notice 1979-32, Separation of Electrical Cables for HPCI and ADS (21 December 1979, Topic: Fire Watch)
- Information Notice 1979-33, Improper Closure of Primary Containment Equipment Access Matches (21 December 1979)
- Information Notice 1979-34, Inadequate Design of Safety-Related Heat Exchangers (27 December 1979)
- Information Notice 1979-35, Control of Maintenance & Essential Equipment (31 December 1979)
- Information Notice 1979-36, Computer Code Defect in Stress Analysis of Piping Elbow (31 December 1979)
- Information Notice 1979-37, Cracking in Low Pressure Turbine Discs (28 December 1979, Topic: Turbine Missile)
|
|---|