ML040430091

From kanterella
Jump to navigation Jump to search
Summary of Meeting with the Westinghouse/Combustion Engineering Owners Group on the Pilot Effort for Risk Management Technical Specifications Initiative 4b
ML040430091
Person / Time
Site: Fort Calhoun Omaha Public Power District icon.png
Issue date: 02/10/2004
From: Tjader T
NRC/NRR/DIPM
To: Bradley B
Nuclear Energy Institute
Tjader T., NRC/IROB, 415-1187
References
Download: ML040430091 (37)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION at R WASHINGTON, D.C. 20555-0001 February 10, 2004 Mr. Biff Bradley Nuclear Energy Institute Suite 400 1776 1 Street, NW Washington, DC 20006-3708

SUBJECT:

JANUARY 29, 2004:

SUMMARY

OF MEETING WITH THE WESTINGHOUSE/COMBUSTION ENGINEERING OWNERS GROUP ON THE PILOT EFFORT FOR RISK MANAGEMENT TECHNICAL SPECIFICATIONS INITIATIVE 4b

Dear Mr. Bradley:

The purpose of this letter is to transmit the summary of a meeting with the Industry representatives on Risk Management Technical Specifications Initiative 4b, Risk-informed Completion Times. The meeting was held at the U.S. Nuclear Regulatory Commission offices in Rockville, Maryland, on January 29, 2004. The guidance resulting from the pilot effort should be exportable, that is it should be applicable, reliable, repeatable, inspectable and enforceable in other follow-on plants. Prior to approval of the pilot effort, acceptance criteria need to be developed in order to gauge its success.

Sincerely, T. R. Tjade Senior Reactor Engineer Technical Specifications Section Reactor Operations Branch Division of Inspection Program Management Office of Nuclear Reactor Regulation

Enclosures:

1. Meeting Summary
2. Attendance List
3. Agenda
4. HPSI Pilot feedback
5. Fort Calhoun HPSI Pilot Implementation
6. Draft CE response to NRC Staff Acceptance Review Comments cc w/encl: See attached page

DOCUMENT NAME: G:XTSS\TJADER\CE-14b-MTGsum-1-29-04.wpd OFFICE TSS:IROB:DIPM SC:TSS:IROB:DIPM I I__

NAME TRTjader -X? THBoyce . I I DATE 021/0 /2004 02/ /2004 I DISTRIBUTION:

ADAMS TSS R/F TSS Staff BBoger/CCarpenter (RidsNrrDipm)

FMReinhart (FMR)

CKDoutt (CKD)]

RKMathew (RKM)

WDBeckner (RidsNrrDipmlrob)

MLWohl (MLWI)

DFThatcher (DFT)

DHShum (DHS)

SCBlack (RidsNrrDssa)

NSaltos (NTS)

MACaruso (MAC)

MDrouin (MXD)

TRQuay (RidsNrrDipmlehb)

WScott (WES)

MDTschiltz (RidsNrrSpsb)

GSShukla (GSS)

MCThadani (MCT)

JNHannon (RidsNrrDssaSplb)

SPWall (SPW)

SCDinsmore (SCD)

OGC (RidsOgcRp)

WDReckley (WDR)

SBSun (SBS)

ACRSIACNW (RidsAcrsAcnwMailCenter)

DGHarrison (DGH)

OPChopra (OPC)

SUMMARY

OF THE JANUARY 29, 2004 MEETING WITH THE WESTINGHOUSEICOMBUSTION ENGINEERING OWNERS GROUP ON THE PILOT EFFORT FOR RISK MANAGEMENT TECHNICAL SPECIFICATIONS INITIATIVE 4b The NRC staff met with Westinghouse/Combustion Engineering (CE) Owners Group representatives on January 29, 2004, from 1:00 p.m. to 4:00 p.m. to discuss their pilot proposal for Risk Management Technical Specifications (RMTS) Initiative 4b on Risk-informed Completion Times (RICT). The meeting attendees are listed in Enclosure 2.

The agenda (Enclosure 3) consisted of discussions of: the Industry presentations on the HPSI Pilot feedback (Enclosures 4) and the Fort Calhoun HPSI Pilot Implementation (Enclosure 5);

and, the draft CE response (Enclosure 6) to the NRC Staff Acceptance Review comments to the TSTF-424 submittal. Following are brief descriptions of the significant topics discussed during the meeting.

- The review of the pilot will focus on and the success of the pilot effort will be achieved with the T exportability" of the approved process; that is, the ability of follow-on plants (including non-CE plants) to utilize the [generic] RICT process approved at Fort Calhoun. The Risk Management Guidance (RMG) Document being developed by NEI/EPRI and the CE TSTF-424 process must converge, must be consistent, at the end of the pilot effort. The RMG needs to provide exportable guidance that is applicable, reliable, repeatable, inspectable and enforceable in other follow-on plants.

- The NRC staff will visit Fort Calhoun Station to observe the implementation of the 14b pilot process. It is recommended that at least one additional CE plant implement the HPSI pilot for the sake of comparison and to confirm the exportability of the process.

- The CE pilot encompasses: extending completion times (CTs) for maintenance on a single HPSI train; consideration of functionality versus operability in the determination of the appropriate CTs; emergent conditions with proper consideration of common cause failures; shutdown guidance; consideration of external events; avoidance of high-risk configurations/ risk tracking for significant plant configurations/ICDP estimates for CT determination; documented decision making process, including documentation of risk assessments; management involvement in decision making process; and, reporting of risk results, such as through the maintenance rule (a)(3) reporting process.

- Draft responses to the staff's acceptance review questions were provided and discussed.

After detailed staff review of the responses, as needed detailed RAls will follow. Acceptance review criteria will be discussed and established prior to implementation of the pilot.

- Depending upon the pilot plant's response to RG 1.200, PRA Quality requirements, the NRC staff may conduct an PRA Audit for the 4b Pilot once the pilot proposal is accepted. Site visits for the audits and observation of the application of the risk assessment process will be necessary.

Enclosure 1

NRC/CE MEETING ON JANUARY 29, 2004, ON THE PILOT EFFORT FOR RISK MANAGEMENT TECHNICAL SPECIFICATIONS INITIATIVE 4b NAME AFFILIATION ALAN HACKEROTT OPPD RAY SCHNEIDER WEC DON McCAMY TVA BIFF BRADLEY NUCLEAR ENERGY INSTITUTE DON HOFFMAN RITSTF/TSTF TOM BOYCE NRC/NRRIDIPM/IROBITSS T. R. TJADER NRC/NRRIDIPM/IROBITSS MARK REINHART NRC/NRRIDSSA/SPSB NICK SALTOS NRC/NRR/DSSASPSB MILLARD WOHL NRC/NRRIDSSAISPSB DAVID SHUM NRC/NRR/DSSA/SPLB SUMMER SUN NRC/NRR/DSSA/SRXB WAYNE SCOTT NRC/NRR/DIPM/IEPB/QMS Enclosure 2

AGENDA TSS/CE RMTS 4b PILOT MEETING JANUARY 29, 2004 1:00 p.M. - 4:00 P.M.

0-1 3B4 o Discussion of the TSTF-424, Rev 0, HPSI Single System 4b Pilot proposal.

  • Acceptance Criteria for Pilot
  • Initiative 4b RICT Process
  • Risk Management Guidance document
  • Enhanced Maintenance Rule process
  • ICDP Tracking o Pilot Implementation at Fort Calhoun Station
  • Planned Maintenance
  • Emergent Conditions
  • Common Cause Issues
  • Identification of primary issues
  • Process for approval of pilot request Enclosure 3

Flexible AOT:

HPSI Pilot Discussion of Preliminary Feedback.

Objectives

  • Provide overview of key issues arising from preliminary feedback
  • Identify areas of consensus
  • Identify areas for resolution and identify potential success paths 1

Enclosure 4

Benefits (cont'd)

  • Extending Maintenance times:

- Reduces time pressure on maintenance staff

- Allows functionality to be considered

  • Reduces potential for NOEDs.
  • Enhances maintenance rule by providing formal shutdown and common cause risk assessment processes Flexible AOT Risk Guidance Extension of the Maintenance Rule Guidance, NUMARC-93-01, R3 Section 11 for quantitative assessment of risk (RG1.182) to include:

Explicit process for treatment of common cause related issues Shutdown guidance

  • RG .1.174: An Approach for Using PRA in Risk Informed Decisions On Plant Specific Changes to the Licensing Basis
  • Risk Management Technical Specifications Report 3

Pilot Application

  • Performance Monitoring of Use of Extended AOT
  • Entry beyond front stop to be reviewed by plant review group
  • Decision process is documented and scrutible.

- includes risk, contingency actions

- Operator log tracks entry and exit times and configuration

  • Summary information Contained in a(3) Report

- Estimate incurred risk and confirm that the use of front stop consistent with RG 1.174 Guidelines

- Demonstrate use of extended AOT not causing plant risks to creep upwards Summary

  • Flexible AOT will provide a means to rationally control maintenance
  • Logical nexus to the Maintenance Rule
  • Sufficient controls will be available for tracking use and control of incremental risk 5

HPSI Pilot Implementation at Fort Calhoun Station Timing of Risk Assessment

  • Planned

- Risk assessment performed for each maintenance activity in advance of each work day.

- Risk management actions are implemented as necessary

  • Emergent

- Performed on a reasonable schedule commensurate with the safety significance of the condition

- Should not interfere with, or delay, taking timely actions to restore the equipment to service or take compensatory actions 1

Enclosure 5

Common Cause

  • Failures are evaluated for potential common cause failure. of like equipment (see flowchart on next slide)
  • Multidisciplinary team determines the likelihood of common cause
  • For high potential of common cause:

- perform a bounding quantitative assessment by failing all equipment susceptible to the common cause failure

- perfomi quantitative sensitivity analyses

- develop risk management actions 3

Degraded RCP Seal

  • Increased probability of RCP seal LOCA
  • EOOS risk assessment tool revised accordingly.
  • Risk management actions taken

- Protect cooling for seals

- Protect off-site power

- Review strategy for seal LOCA concurrent with loss of air Damaged HPSI Pump Breaker

  • System Engineering evaluated possibility of common cause for all HPSI pumps
  • Risk management actions taken

- Explain dominant accident sequences to Operations

- Strategies developed for dealing with dominant sequences 5

Degraded Component Cooling Water (CCW) Pump History of spurious breaker trips following pump starts, for undetermined reasons

  • Increase failure probability in EOOS
  • Risk management actions taken

- Avoid placing pump in auto standby

- Following corrective actions, require sufficient number of successful starts before failure probability returned to normal 7

DRAFT Question The proposed TSTF-424 document provides adequate information to be considered as the starting point for a more detailed review and discussion between the NRC and the industry. The staff will provide detailed first round RAls in the future. Some acceptance review comments are provided below.

Response

No Action C4S4CE-pilotRAFrRAI_RE SPONS 12704B.doc25049: 15 AM Page I Enclosure 6

DRAFT Ouestion 2 There may be inconsistencies between the proposed implementation approach and with respect to guidance provided in Regulatory Guide (RG) 1.177 and RG 1.174, as well as with respect to guidance provided in maintenance rule (a)(4). For example, RG 1.177 does not allow an ICDP of 1E-5 (as proposed in TSTF-424), and the maintenance rule (a)(4) criteria for increased risk management actions are based on accumulated risks starting with any plant configuration and not upon entry into an extended AOT (as proposed in TSTF-424). It is not clear why an ICDP of 1 E-6, measured from entry into the RMTS, is consistent with the maintenance rule. It appears that if the CDP were measured from the time the component is taken out for maintenance, the ICDP could be significantly above 1 E-6 target for "normal work controls." 2. There may be inconsistencies between the proposed implementation approach and with respect to guidance provided in RG 1.177 and RG 1.174, as well as with respect to guidance provided in maintenance rule (a)(4). For example, RG 1.177 does not allow an ICDP of I E-5 (as proposed in TSTF-424), and the maintenance rule (a)(4) criteria for increased risk management actions are based on accumulated risks starting with any plant configuration and not upon entry into an extended AOT (as proposed in TSTF-424). It is not clear why an ICDP of 1 E-6, measured from entry into the RMTS, is consistent with the maintenance rule. It appears that if the 1CDP were measured from the time the component is taken out for maintenance, the ICDP could be significantly above 1 E-6 target for "normal work controls."

Response

The approach proposed in the document links the various regulations in the following manner.

RG 1.174 provides guidance for permanent risk informed plant changes. As configuration changes are temporary, the only permanent aspect of this change is the revised process. In RG 1.174 plant changes are rated with respect to their impact on CDF and LERF. RG 1.174 suggests plant changes that result in annual risk increases below 1.0E-06 per year are very small while risk increases above that level but below 1.OE-05 per year are small. As the flexible AOT is a process change it is expected that use of this and other flexible AOTs, as they may be granted, should in aggregate conform to the general guidance of RG 1.174. As RG 1.174 indicates that plant changes that result in risks greater than 1.0E1-05 are not allowed, the goal of tracking the use of the extended AOT will be to confirm that the change in CDF associated with the flexible AOT implementation remains in the small to very small risk regions (Regions II or I).

RG 1.177 while explicitly focused on TSs, it is directed at controlling the maximum allowed out of service time for an SSC assuming concurrent average maintenance. In practice, risk management of maintenance involves actual configurations (not average unavailabilities). As with all maintenance, additional restrictions associated with actual maintenance are captured as part of the implementation of the maintenance rule. Since in setting the risk informed AOT/CT, the status of other equipment is unknown, the goal for acceptable risk of the single SSC inoperability is targeted at < 5.OE-07 per entry.

To some extent the intent of RG 1.177 and RG 1.174 is captured in RG 1.182 which endorses the assessment and risk management guidance in Section 11 of Revision 2 to NUMARC-93-01.

C:\ M4\CE-pilot\DRAFrRALRESPONSE_012704B doc2I5/049:15 AM Page 2

DRAFr This document is intended to provide guidance for implementing various aspects of the maintenance rule (IOCFR50.65). Specifically Section 11 of NUMARC-93-01 provides guidance for planning and performing maintenance assessments (10CFR50.65a(4)) and managing associated risks. Other portions of the document discuss means for evaluating the effectiveness of plant maintenance. Guidance for managing plant risks in a contemporaneous manner is captured in NUMARC-93-01, Revision 2 Section 11.3.7.2. RG 1.182 provides guidance for the magnitude of the temporary configuration changes that arise from the flexible AOT process. RG 1.182 considers plant risks (as measured from a zero maintenance baseline) of less than 104 per configuration to be normal and not require extraordinary measures. Maintenance with ICDPs between 104 and 10'5 require compensatory measures to be taken. Configurations with incremental risks above 1O's are not normally entered. RG 1.182 risk levels differ from the values of RG 1.177 as RG 1.182 applies to the total risk of the entire configuration, not any specific component.

NUMARC-93-01, Section 11 recommends a maximum risk level of 103 per year as a limiting condition for voluntarily entering into a configuration. NRC notes that this value is not presently endorsed.

IOCFR50.65 a(3) also requires that goals and preventive maintenance activities be evaluated every refueling cycle. While there is a requirement to assess SSCS availability and ability to meet SSC availability goals there is no specific required action to confirm the appropriateness in managing the overall plant risk. One means of documenting and assessing this information could be to include a tracking of the extent of the use of the beyond front stop time into the a(3) report. This information should be integrated into a plan for future plant maintenance practices.

C:\RITS\4\CE-pilot\DRAFrRAI_RESPONSE_01 2704B4 ocJ5049: 15 AM Page 3

DRAFr Ouestion 3 The NRC endorsed Revision 2 of NUMARC 93-01, "Industry Guidelines for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants," in Revision 2 of Regulatory Guide 1.160, "Monitoring the Effectiveness of Maintenance at Nuclear Power Plants." Subsequently, the NRC endorsed the February 22, 2000, revision of NUMARC 93-01's Section 11, "Assessment of Risk Resulting from Performance of Maintenance Activities" in Regulatory Guide 1.182, "Assessing and Managing Risk Before Performing Maintenance Activities at Nuclear Power Plants." Still later, NEI incorporated a revised Section 11 into a Revision 3 of NUMARC 93-01. Because NEI has been working toward further revisions to the document, the NRC has not expended resources on comparing the current Revision 3 of 93-01 to Revision 2 of 93-01 plus the revised Section 11. There are differences, the extent of which will be addressed as necessary by RAls. Reference to the rule and various documents is not consistent and not always correct. For example, "Acceptability of risk will be consistent with the Maintenance Rule (Reference 11)...."Reference 11 is Revision 3 of NUMARC 93-01; it is not 10CFR5O.65.

Response

Note that NUMARC-93-01 Revision 3 is unchanged, except for the incorporation of the revised Section 11 and appendices endorsed by RG 1.182. There were no other changes.

Ouestion 4 No criterion for limiting the allowed instantaneous increase of risk is mentioned in the report.

Please explain how instantaneous increases of risk will be limited and managed for both planned and emergent conditions.

Response

Entry into a planned maintenance activity for the purpose of routine maintenance will be done in accordance with NUMARC-93-01. That is, entries into configurations with incremental risks (ICDPs) > 1 5 should not be voluntary. Furthermore, instantaneous risks greater than 103 per year (2.74 x 104 per day) should be performed only when supported by a plant assessment to determine the efficacy of a plant shutdown assessment.

c:\RrrsU4\cE-pilot\DRAFTRALR-SPONSE-o. 2704B.doc2I5149:15 AM Page 4

DRAFIT Ouestion 5 The staff expects to require more detailed discussion of the plant specific risk assessments discussed in the report (i.e. examples discussed in Chapter 6.3).

Response

Additional descriptive information will be provided for the comparisons contained in Chapter 6.3. Additional details of the assessments will be provided for the pilot plant.

Note that it is the intent of this effort is to establish a process for risk evaluation that is consistent with the MR. Therefore, detailed a priori information assessments for each action need not be required on an individual basis. Nor is the extent of these analyses believed to be required for extensions of the flexible AOT concept to other Technical Specifications (TS) that may be requested in the future. The information provided in the base report and associated RAIs include examples of potential configurations for the purpose of illustrating the use of the process.

Ouestion 6 Proposed change, page 5, 4th paragraph - Identify which standard or guidance (i.e. Risk Management Guide) the licensees must use for the risk assessment and risk management.

Response

Risk assessments for out of service SSCs will be performed in accordance with the quantitative guidance of NUMARC-93-01, Revision 3, Section 11. Entry into the flexible AOT for conditions that are expected to proceed beyond the frontstop risk assessments will be supplemented by general guidance contained in the Risk Management Technical Specifications Guidelines. This guidance requires (a) identification of high risk configurations in a timely manner, (b) prompt consideration and resolution of common cause issues (if any), (c) a process for considering unmodeled external challenges (e.g. challenges beyond the scope of PSA evaluation) and (d) a risk informed shutdown process. Prior to implementation of the "flexible AOT" plant specific implementation guidelines will be prepared.

Timely consideration of high risk configurations implies either availability of pre-assessed "high risk" configurations, or a process and ability to perform and respond to contemporaneous on line assessments of high risk. Contemporaneous risk assessment may be established via use of a comprehensive set of cutsets or direct "on-line" solutions using PSA quantification tools similar to EOOS. Evaluations will be performed in a time frame consistent with the risk significance of the configuration. That is, more rapid responses would be required for conditions where a loss of function or loss of redundant equipment may occur and for conditions where the level of risk of the configuration is in doubt and the potential risk is high.

C:\RIT\4\CE-pilot\fRAFRAlRESPONSE_01 2704B.doc2/5/049:15 AM Page 5

DRAFT Analogously, prompt consideration of comnibn cause issues implies that high risk potential common cause issues be evaluated or resolved as early as practicable for conditions where an emergent failure occurs while operating within the backstop, and for all conditions prior to a voluntary entry beyond the frontstop. Resolution includes confirming the absence of a significant common cause failure or performing an assessment that demonstrates the risk impact is acceptable.

External challenges may be explicitly modeled in the PSA or considered apart from the PSA.

Qualitative or semi-quantitative assessments may be used to confirm that the impact of external events is small. Such assessments can utilize risk insights of external events PSA or vulnerability evaluations, and consideration of compensatory measures. To ensure a complete assessment evaluation, worksheets focusing on plant vulnerabilities should be prepared and used.

Conditions not passing the vulnerability screening would be evaluated quantitatively.

Quantitative evaluations include use of "bounding" risk assessments. This information along with defense-in-depth considerations will be evaluated by the assessment team prior to the performing maintenance beyond the frontstop.

High risk conditions will be evaluated as candidates for a potential plant shutdown. Shutdown conditions will include those configurations where the risk of continued operation exceeds a specified value (as measured in ICDP or ILERP). The plant operational state will be evaluated, issues related to plant operation vs. shutdown will be assessed and a decision Mill be made on the appropriate course of action (e.g., operation with compensatory measures or shutdown). All decisions for extended operation will be documented.

C:\RITS\14\CE-pilot\DRAFTRALRESPONSE-01274B.doc2/5049:15 AM Page 6

DRAFT Ouestion 7 Page 4 of Reference 1 states that "in all cases, a quantitative assessment is expected to be utilized whenever the capability exist to support this assessment type." The acceptability the quantitative risk assessment depends on adequate plant-specific risk assessment models and reliable results.

For a plant-specific application, the applicable RMTS Bases (such as the Bases for TS 3.2 on the requirements of the HPSI) should reference the titles of the reports that document the plant-specific risk management process and control the certified risk assessment methods and any associated analytical results.

Response

Implementation guidance for the Flexible AOT will be referenced in the TS under Admin.

Control Programs. Consistent with the current structure of the Bases the detailed implementation information will not be captured in the Bases. However, the guidance will be implemented within the Maintenance Rule Program. Furthermore, an independent Flexible AOT program will not be defined.

This implementation guidance will reference the Risk Management Guidance, and include the following:

1. Summary of PSA peer review history Will include results of review(s) and resolution of risk important issues, including PSA update and control processes.
2. Integration of the Flexible AOT features within the Maintenance Rule Discuss the inter-relationship of Flexible AOT with maintenance rule. Will include reference to existing processes as appropriate. The summary will also include a discussion of the treatment of external events and procedures for identification and guidance for implementation of compensatory actions.
3. Description of tracking/documenting process This will describe plant specific process to track risks, perform and document assessments for operation beyond the TS frontstop.

C:\RITS4CEpilot\DRAFALRESPONSEOI7o4B.doc25sO49: 15 AM Page 7

DRAFr Question An important area in the staffs review is the issue of the "quality" of the PRA models at each CEOG plant. On page B- 12 of the submittal it is stated: "The PSA internal events review should be consistent with .........the ASME PSA Standard..." However, it is not explained how such a consistency with the ASME PSA Standard will be ensured. The ASME PSA Standard requires that the parts of the plant-specific PRA, which are impacted by the proposed change, be identified and evaluated to determine whether the scope and level of detail are sufficient for the application in order to provide confidence that the results can be used in the decision-making process.

The recent Regulatory Guide DG-1 122, which endorses the guidance provided in the ASME PSA Standard, states the staffs expectation regarding licensee submitted "PRA quality documentation. This expectation includes the following:

1. Documentation that the parts of the PRA required to produce the results used in the decision are performed consistently with the standard or peer review process as endorsed by the staff, or a discussion showing that the impact on the results of not meeting the standard or the criteria of the peer review process is not significant.
2. A characterization of the assumptions and approximations that have a significant impact on the results used in the decision-making process of the specific application including a discussion of the resolution of the peer review comments.
3. The staff believes that the above listed documentation is needed to support the proposed TS change, which would allow HPSI CT extension based on the results of risk assessment and management performed by the licensee without prior staff review and approval.

Response

All existing CEOG Plants have undergone a peer review consistent with NEI-00-02. One plant has undergone a peer review as a trial application of Addendum 1 to the ASME PRA Standard and one plant has undergone a high level review against the requirements of Addendum I of the ASME PRA Standard. Currently, all CEOG plants have completed or are in the process of completing their response to the high level peer review comments.

All CEOG plants have a PRA maintenance and update process in place to ensure that the PRA is maintained current with the as-built, as-operated plant. The PRA maintenance and updated processes were explicitly reviewed as part of the NEI 00-02 PRA peer review process.

Weaknesses in the maintenance and update processes identified by the peer reviews have been rectified by the licensees.

Prior to implementation of the flexible AOT utilities will review the PSA high level findings and other known modeling deficiencies that may significantly impact configuration risk assessment of the target component (i.e. HPSI) and remove the limitation, or provide appropriate guidance C:\RITSU4\CE-pilot\DRAFrRAIRESPONSEO12704B.doc/5J049: 15 AM Page 8

DRAFI for addressing the limitation in risk assessments. Risk assessments supporting entry into the extended AOT (beyond the frontstop) will be documented.

DG-1122 has been superceded by the formal issuance of RG 1.200. The submittal will be modified to reflect that the PSA internal events review will be consistent with the intent of RG 1.200 (and the ASME Standard) to have a PSA and RI assessment process of sufficient capability to allow well founded risk informed decisions.

Question 9A 10CFR50.65, the maintenance rule, permits risk assessments to be performed quantitatively, qualitatively, or in a blended (mixed) manner. Provide the following information.

- Discuss what are the qualitative evaluations involved, and explain why and how they can be used to determine the overall plant risk;

Response

All risk decisions to perform maintenance beyond the frontstop will include a quantitative risk assessment. In many instances qualitative assessments (or quantitative bounding assessments) may be required to confirm and/or supplement the numerical PSA assessment generated by the risk assessment tool. Such qualitative evaluations may be necessary to confirm that the plant configuration (barrier conditions, ongoing maintenance activities, etc.) have been properly accounted for in performing the risk assessment, and in establishing appropriate risk informed actions. In addition, qualitative assessment may be used to highlight conditions where the quantitative assessment may not properly estimate risk. This may be due to the impact of

  • Conditions not considered in the PSA model
  • The risk benefits associated with implementation of risk management actions For higher risk configurations these qualitative assessment will be directed to a plant review group who will assemble the appropriate level of technical support personnel and utilize the available risk assessment and plant configuration and maintenance information to evaluate the plant risk and associated plant actions (including shutdown). The responsibility of this decision may be left to the Unit Review Group (URG). All decisions made by the URG should be documented and scrutible. The URG will be invoked in accordance with standard maintenance practice and whenever the plant intends to extend maintenance beyond the frontstop and the projected plant risk of the evolution (from initial entry) is expected to exceed a defined threshold.

With risks projected to remain in the low risk area, and no unusual circumstances, the work week manager will have the ability to continue maintenance beyond the frontstop following the completion of a risk assessment. Alternative review and assessment strategies are acceptable and should be captured (or referenced) in the plant specific implementation guidance.

C:XrrT\i4\CE-pnot\DRArtRAIRESPONSEOI 2704Bdoc2/5/049-. 15 AM Page 9

DRAFT Ouestion 913 Page TS B 3.5.2-6 indicates that qualitative evaluations are used to determine the overall plant risk when quantitative tools are not available; discuss.

Response

Qualitative assessments that suggest an important impact of the non-quantified event will be treated via a combination of activities including restricting allowable risk targets, appropriately increasing the risk color, and confirming negligible impact. Risk management actions can result in recommendations to not proceed with the maintenance beyond the frontstop, not allow concurrent maintenance on other systems (including the switchyard), or shutdown the plant.

An example application of this process has been invoked in the fire arena at FCS. The process involved a risk assessment team review of fire insights and the impact of tacking fire protection features out of service on the plant risk. This activity reviewed risk significant fire areas and equipment dependencies. Rules and actions were defined to ensure that in times of component unavailabilitye.g. fire pump) he sk w ould remain low. Where these risk controls cannot be in -- Deleted: inoperability place, and operation is beyond the frontstop, the risk must bevaluated in a timely manner and Deleted: actions and controls were the URG should consider the appropriateness of continued operation.

  • defined to maintain Deleted: impact ofthe unavailability to low levels Question 9C On Page 4, it is stated that the methods for determining the associated risk for continued plant operation may vary among the CE fleet and that qualitative assessments should be used where appropriate to not only enhance a quantitative assessment but also to establish a risk significance when quantitative tools are unavailable. Please demonstrate how a qualitative assessment can provide sufficient detail to use to assist in determining risk-informed CTs. Additionally, how can it be determined that a licensee does not have adequate qualitative tools to perform the assessment if quantitative tools are unavailable?

Response

Assessments to proceed beyond the frontstop will include quantitative assessments. Where the risk assessment tool cannot quantify the risk an alternative risk assessment may be performed using reasonable "bounding assumptions". Systems that may require such assessments are typically systems such as the radiation cleanup systems and in some plants, containment vacuum control systems.

C:\RITS14CE-pilotDRAFMAl_RESPONSE_01274B doc2549. 15AM Page 1I0

DRAFT Question 9D Page 2, Section 3.0, next-to-last sentence: ". . provided a risk assessment ensures continued plant operation results in acceptable risks." Recommend replacing "ensures with demonstrates";

a risk assessment does not ensure anything.

Response

Agree. Replace "ensures" with "demonstrates" Question 9E Page 5, second full paragraph, last sentence: "Again, the assessment of ILERF, when required to be performed, should be completed quantitatively whenever plant capabilities exist to do so."

How can the assessment of ILERF be performed qualitatively?

Response

ILERF assessments will be performed in a quantitative manner. Qualitative assessments referred to here were "bounding" assessments that need not be generated by detailed computer codes.

For example. Plant configurations that only impact low pressure RCS states and will not impact containment isolation will not significantly change ILERF and can be estimated by knowledge of the conditional LERF probability and the ICDP. Alternatively, maintenance conditions where the likely ICDP contributor is a bypass or loss of isolation can be bounded by setting the ILERF equal to the ICDF. Such assessments may be facilitated by use of simplified conservative rules.

If increased resolution is required a quantitative assessment will be required.

Question 10 On page 2-1 it is stated: ....... the resultant incremental plant risks during the interval beyond the frontstop AOT will be maintained within RG 1.174 guidelines (Regions II and III). Associated guidance for implementation of the RMTS will be maintained administrative guidance under licensee control. The staff requests clarification of this statement by addressing the following comments and questions.

c:\RUITs\4\E-pilot\DRAFrRALRESPONSEo0274Boc25dO49: 15 AM Page

DRAFT Question I OA (Item 1)

The acceptability of incremental plant risks ii Region H (per RG 1. 174 guidelines) depends on several factors, such as the plant baseline risk from all sources (internal and external events at power and shutdown operation).

Response

Acceptability of the use of the flexible AOT vill be tracked via recording entries (number, duration, configuration, estimated risk (or bounding color), reason for entry) into the extended AOT. In order that the plant risk not creep up as a result of this flexibility the plant will demonstrate that use of the extended AOT has resulted in an annual risk increase of less than 10-5. This assessment may be carried out in a number of ways depending upon margin, PSA tools and use of the flexible AOT. Examples include performing a bounding assessment using thresholds defined for the AOT or summine the cumulative risk associated with each use oF the AOT to demonstrate that the CDF increment of 10;5 per vear will not be exceeded,,--------- -_ Formatted: Superscript

.-_- _- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Deleted: aresummarized below:

Question I OB (Item 2) Deleted: I l>Plntsm with limited usage and no unusual circumstances during the Non-quantified incremental risks (use of qualitative or blended risk assessments) can be a maintenance (low total iskyl significant contribution to the total incremental risks associated with the proposed TS change. I Use max. color risk (or actualcomputed risk) include impact of external events Response andsum over a calendar year (or cycle).1 I

<#t>Plants with cumulative tracking and Where qualitative risks are large contributors to the risk, a bounding assessment will be required. frequent usagel I

Typically this can be considered by the expert panel by increasing the risk color or having PSA Demonstrate CDF with respect to a develop a bounding assessment. Actions taken to mitigate risks can be considered in assessing defined baseline year is not increasing as a result of themodi fied maintenance the overall risk impact. flexibility. This approach would consider the impact of modeling andplant changes over the year.

I Question OC (Item 3) <#>Plants with limited usage and emergent failures during extended AOT.¶ I

It is proposed that lower risk increases (CDF increases less than I E-6/yr and LERF increases Perform analyses similar to process I however only the added impact of die less than 1 E-7/yr) not be tracked. These increases are associated with CT extensions unlike the extended AOT component need be ones considered in the MR which consider the whole interval from the equipment outage. included theadded risk impacLI I1 Several such increases a year could be a significant contributor to the total incremental risks used in RG 1.174 guidelines. The tracking of lower risk increases would also reduce the likelihood that the proposed flexibility will become part of the culture of normal operation.

Response

The tracking of ICDPs (above zero maintenance) when the risk is < I x 10' for the entry configuration is not recommended. This is consistent with the maintenance rule designation for a normal configuration and special treatment is not needed. If the extended AOT has a total ICDP in excess of the maintenance rule normal condition, tracking should be performed. Process C:RITS\14\CEpilot'DRAFTRA-RESPONSE-0127O4Bdoc2/5iO49:15 AMP Page 12

DRAFF tracking of the number of entries and durations spent beyond the frontstop will be tracked for all entries and reviewed to ensure appropriate use of the flexible AOT.

Ouestion OD (Item 4)

The staff needs clarification of the last sentence regarding "administrative guidance under licensee control." The staff expects that this guidance will be based on principles endorsed by the staff, such as those related to risk metrics, PRA quality, acceptance criteria and acceptable approaches (i.e. for using qualitative or blended risk assessments).

Response

The high level basis for implementation guidance will be the RMTS Guidance document. Plant specific implementation will:

1. Demonstrate that the PSA quality commensurate with the application.
2. Define and describe the use of associated risk metrics (Where applicable, this may include reference to existing oversight or MR metrics, as appropriate).
3. Provide guidance for use of plant insights in RI decision making semi-quantitative and qualitative risk measures.

C:RrR 4\CE-plot\DRAFrRAlRESPONSE_012704B.docJ5/49: 15 AM Page 13

DRAFT Question CEOG STS page 3.5.2-1, Condition B, Required Action B.2.3, in the associated Bases, discuss:

"or acceptable"; by what criteria?

Response

Entry into maintenance configurations will be governed via maintenance rule guidance contained in NUMARC-93-01 Section 11.3.7.2. Risk values will consider the total configuration and incremental risks will be referenced to the zero maintenance condition.

Ouestion 12 CEOG STS page B 3.5.2-6, first paragraph: ". . . the risk of continued operation may be justified via a risk-informed analysis that follows the guidance in accordance with IOCFR50.65(a)(4)

(Reference 7) and is consistent with NUMARC 93-01 Section 11, Revision 3 (Reference 8), as outlined in RG 1.182 (Reference 9)." NRC guidance will include only endorsed references.

Response

See Response to Item 2.

Question 13 It is stated that for emergent conditions licensees will verify that the completion time extension is acceptable within 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. For emergent configuration changes, such acceptability should be verified expeditiously (e.g. within one hour) to ensure that it is safe to operate the plant at the current configuration until a more detailed risk assessment is performed. A longer period (e.g.

24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />) can be allowed to perform and document a more detailed risk assessment.

Response

Risk assessment will be performed in a time frame commensurate with the plant risk. Operators are well trained to quickly identify potentially high risk significant plant conditions. While assessments may be completed at times up to 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />, the later completion times are intended for low risk configurations. Note that in the CEOG submittal involves a single train outage with no loss of function.

Most plants cannot perform a risk assessment of a new plant configuration within 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. This would lead to starting a plant shutdown. In other words, while operating beyond the frontstop, ANY significant change in plant configuration would lead to a plant shutdown while the PRA group is called in, updates, models, etc. to determine the risk impact of the change. It's necessary to provide some reasonable time to evaluate changes in plant configuration. We chose C:\rS\14CEpilotDRAFrRAIRESPONSE_0104B.dc25i049:15 AM Page 14

DRAFr 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> as it seemed reasonable and it was unlikely any high-risk configuration would not be restricted by other Technical Specifications and that would not be recognized immediately.

With respect to the CEOG submittal the flexible AOT is expected to work in conjunction with the exigent AOT extensions (CENPSD-1208). In addition, potential high risk configurations will be determined a priori. Consequently, 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> assessment is applies to TSs that are not otherwise limited.

In practice, the CEOG submittal the flexible AOT is expected to work in conjunction with the exigent AOT extensions (CENPSD-120S). That submittal defines high risk (and lower risk) plant configurations associated with system inoperability. In addition, potential high risk configurations associated with the extended AOT configuration (i.e. configurations known to be of high risk or conditions where the level of risk of the configuration is in doubt), will be identified a priori or promptly via use of on-line risk assessment tools.

A 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> assessment is applies to TSs that are not otherwise limited (e.g. those with loss of function not previously defined as having a 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> AOT (or greater)) .

Question 14 On page 1, Section 2 "Proposed Change," it is stated: 'Provided risk evaluation illustrates the acceptability for continued operation given the current plant configuration, the CT may be extended for up to 30 days. Contingency actions or compensatory measures may be required to support the acceptable results of the risk assessment." The staff requests the clarification of this statement. Is it proposed to quantify the impact of contingency actions and compensatory measures and credit this impact in establishing the acceptability of the risk assessment results?

Please explain how contingency actions and compensatory measures will support the results of the risk assessment. Will there be a process for identifying "contingency actions and compensatory measures" and determining their acceptability? Will any such process address both planned and emergent conditions?

Response

It is not the intent to quantify all contingency measures and compensatory actions. In situations where an action provides significant benefit or mostly eliminates the lost capability (e.g. opening a door for adequate ventilation during a loss of HVAC and monitoring room temperature) the impact may be assessed using reasonable approximations and reviewed via a panel of experts. In other instances risks will be evaluated without explicit consideration of the actions, and the actions will provide defense in depth.

In finalizing the process, the process will include considerations for both planned and emergent work.

C:\RITS\14\CE-pilot\DRAFrRALRESPONSE_012704B.doc/5d049. 15AMa Page 15

DRAFT Ouestion 15 On TS page 3.5.2-1 (sheet 2), the proposed Required Action (RA) B.2.2.1 allows 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for operators to verify that the Completion Time (CT) extension beyond 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> remains acceptable for a discovered plant configuration change. If the CT extension is determined unacceptable, RA B.2.2.2 allows another 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for the operators to take compensatory actions and make the CT extension acceptable. Given the two 24-hour periods in B.2.2.1 and B.2.2.2, an unacceptable plant configuration change could take 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to re-perform the risk assessment and another 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> to perform actions to make the extension acceptable. Provide the rational that demonstrates that 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> is a necessary and acceptable time to be in an unacceptable plant configuration, particularly when the total normal CT time is 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. What is the safety implication in terms of the plant risk increase during the extended 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> while the plant is operated outside the TS requirements? Why will the extended CT verification and compensatory actions for the operators to make the CT extension take 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> for each? The 48 hours5.555556e-4 days <br />0.0133 hours <br />7.936508e-5 weeks <br />1.8264e-5 months <br /> seems excessive.

Response

The intent is to have a total 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br /> time period for assessment and implementing actions.

Question 16 With respect to, TS B. 1 - Required Action - "Determine that CT extension beyond 72 hrs is acceptable; information is needed, in the Bases, on what the performance of a risk assessment is in accordance with, and the fact that the results of the evaluation must be documented.

Response

High level information may be included in the Bases. Any details should be captured in the implementation guidance.

Ouestion 17 With respect to, TS B.2.2.1 - Required Action - "Verify that Completion time extension beyond 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> remains acceptable; information is needed, in the Bases, stating that whenever the plant configuration changes a risk assessment need be performed in accordance with ...," and that the results of the evaluation must be documented.

Response

The Bases can be expanded to include this information at a high level. Any details should be captured in the implementation guidance.

C:\RITSU4\CE-pilot\DRAFrRAlRESPONSE-01 2704B.doc25/049:15 AM Page 16

DRAFr Ouestion 18 The Completion Time for proposed Required Action B.2.2, on Tables 6.1-1 and B3-1 states "Whenever configuration changes occur that affect plant risk occur." This Completion Time needs to be explained further; such as, the process to determine whether a configuration change affects plant risk needs to be defined, along with the time to make that determination.

Response

Planned maintenance will include assessment of all components expected to be taken out in a given interval. If unplanned components are removed or fail (emergent conditions) new assessments will be required. This process may be simplified by having available list of risk insignificant components or guidance as to what actions to take should SSCs fail that could significantly amplify risk.

Question 19 CEOG STS pages B 3.5.2-6 and B 3.5.2-7: A discussion in the Bases is needed concerning what is an acceptable CT per Required Action B.2.3.

Response

The Bases can be expanded to include this information. Acceptable CTs will be based on incurred risks consistent with the Maintenance Rule. Note that, the overall use of the AOT will be evaluated according to RG 1.174 criteria. Furthermore, operation beyond the frontstop will be reviewed by a plant review group.

C:\Rrrs\4,cE-pilotDRAFrRAl-R-SPONSE-O1 27D4B.doc2/5J049:15 AMa Pa,,e 17

DRAFT Question 20 The staff feels that 30 day completion time is a very long time for an equipment to be inoperable.

Provide justification for requesting a maximum of 30 day completion time for HPSI. The staff believes that most of the maintenance and repairs on the safety equipment can be accomplished within a few days. Since the Risk Achievement Worth (RAW) for HPSI is among the highest of all plant systems, how is a 30 day AOT for HPSI justified? Discuss the availability of dedicated personnel for HPSI maintenancelrepair during a 30 day AOT. Discuss the availability of spare parts for HPSI repair.

Response

The 30 day limit is intended as a maximum value which must be risk justified. The time is not intended to result in delayed HPSI repair. Situations where the HPSI is non-functional plant risks are high and operation beyond the frontstop is very limited. Analyses suggest that HPSI outages that extend much beyond several days involve partial degradations of the system, (e.g.

small flow degradations, a single failure of injection valve, etc). Also 30 days is to be used generically as other systems are added to the flexible AOT program. 30 days is appropriate because: (1) it would limit the need for an NOED for a hard to replace, low risk component, (2) it provides uniformity of the maximum backstop among many systems and (3) regardless of the time, plants must meet maintenance rule guidance requirements and overall plant risks beyond the backstop will be tracked and limited to ensure compliance with RG 1.174.

Ouestion 21 The unavailability of the safety equipment would increase with the proposed backstop completion time of 30 days. Discuss whether the 30 day backstop might be limited by this increase in unavailability in light of the requirements of maintenance rule regarding minimizing unavailability of safety systems.

Response

It is expected that unavailability requirements of the MR will limit the outage of the BPSI system. Thus outages beyond the frontstop will be pursued only when necessary.

C\RrS\4CE-pilDRARAIA.-RSPONSE-1O2704B oc2/O49:15 AM Plage 18

DRAFT Ouestion 22 Appendix B appears to be a (temporary?) substitute for the Risk Management Guide/Program.

Appendix B and the Risk Management Guide need to be reconciled and combined, so that there is only one process for implementing the RMTS.

Response

It is expected that the RMTS report will provide overall guidance. Appendix B is a preliminary Implementation guidance document for the CEOG HPSI pilot. This document will ultimately reflect industry guidance and reflect NRC concerns.

Ouestion 23 Page A-5 of WCAP-15773 indicates that a section (TS 5.5.X) should be added to TS 5.5, "Program and Manual," to include the description of the risk management program. TSTF 424 does not include 5.5.X and is thereby inconsistent with WCAP-15773. Include TS 5.5.X, Risk Management Program, in TSTF-424, or clarify the inconsistency.

Response

Maintenance Rule programs provides the basis for the Risk Management (RM) process.

However, the WCAP recognizes that some features of the RM process to be used for the flexible AOT are not explicitly stated in the Maintenance Rule or the current implementation guidelines.

As part of the pilot process it is recognized that these added features may be needed, by the NRC, to be formally referenced. Because of the reliance of this program on the MR, the Industry position is that a specific Technical Specification Risk Management Program is not required. However, if required TS 5.5X will be added for plants implementing this process or the required information will be integrated into existing programs and that program will be identified.

C:\RITS\14\CE-pilot\DRAFrRAlRESPONSE_01 2704B.doc2l5D49: 15 AM Page 19

DRAFr Ouestion 24 NRC staff has been actively involved in all activities connected with Nuclear Power Plant securities following the September 11, 2001, terrorist acts. In light of the recommended long completion time of 30 days which can make the plant vulnerable to terrorist attack guidance should be provided on what measures the licensees should take in order to protect the plant equipment during this period.

Response

All plants are required by regulation to have security plans. Security is not one of the four criteria of 10 CFR 50.36 for inclusion of equipment in the TS. Furthermore, use of an AOT does not render the plant vulnerable to terrorist attack.

It should also be noted that, while the NRC staff has been working with the Federal Government to assess the risk of terrorist attacks on nuclear power plants, licensees are specifically exempted from consideration of such attacks.

IOCFR50.13 Attacks and destructive acts by enemies of the United States; and defense activities.

An application for a license to construct and operate a production or utilization facility, or for an amendment to such license, is not required to provide for design features or other measures for the specific purpose of protection against the effects of: (a) attacks and destructive acts, including sabotage, directed against the facility by an enemy of the United States, whether a foreign government or other person, or (b) use or deployment of weapons incident to U.S.

defense activities.

Furthermore, as the maintenance will be performed in accordance with the MR, this program will not introduce additional risks.

Ouestion 25 TS page 3.5.2-1 (sheet 2) defines Condition C as an ECCS condition with two or more subsystems inoperable for reason other than conditions A (one LPSI subsystem inoperable) or B (one HPSI subsystem inoperable). Recommend providing in the Bases section of TS 3.5.2 a list of inoperable "subsystems" that should be considered for determination of whether the plant is in Condition C discussed above.

Response

Disagree. It does not appear that Condition C is needed as two subsystems not associated with Condition A or B would mean that two HPSI or two LPSI subsystems are inoperable and 100%

flow could not be achieved in either case.

C-RITs54\CE-plot\DRAFrRALRESPONSE_ol 2704B.doc/5/049: 15 AMa 2 Page 20

DRAFT Ouestion 26 On TS page 3.5.2-1 (sheet 2), RA B.2.2.2 requires that the operator perform risk management actions to make the Completion Time extension acceptable. Discuss in the Bases section Tier 2 requirements related to high risk configurations, along with compensatory and contingent actions that are considered when the operators performs RA B.2. Discuss the provisions, limitations and compensatory actions that you will be committing to implement to assure adequate defense in depth, during the extended HPSIAOT. Discuss how common cause failures are addressed in the risk assessment/PRA.

Response

That level of detail is inappropriate for the Basis. A control room operator will not be performing this assessment alone. Prior to entry into the extended portion of the AOT the plant staff has ample time to put in place compensatory measures and plan for contingency actions.

The strategy for performing this maintenance will include identification of potential high risk components, and guidance will be provided that maintenance on other components (particularly similar components in the opposite train) may be restricted. The high risk configurations will vary depending on plant conditions, as will the limitations and compensatory actions that will be needed. There is no intent to commit to specific compensatory actions that will be universally applied during any use of the time beyond the frontstop. Common cause failures will be addressed as in any PRA assessment of risk.

The extended HPSI AOT will only be entered following a risk evaluation of the expected configuration. Prior to entry into the extended AOT common cause issues associated with the HPSI System will be resolved and/or evaluated accordingly.

C:.RITS\4'CE-pilot\DRAFrRAl-RESPONSE_0 I2704B.doc2/5149.15 AM Page 21

DRAFI Ouestion 27 Entering a TS is evidence of a significant oui-of-normal condition. How does the licensee intend to ensure that being in an extended CTs does not become part of the culture of normal operation?

That is, how is it ensured that if an extended CT is entered, the maintenance or work required to exit the TS is not postponed within the 30 day period for convenience?

Response

Entering a Condition is a routine event required by operational changes, emergent failures and NRC required Surveillance Testing. Delaying the restoration of equipment as suggested in the comment would be unlikely as it would increase the risk that some other emergent condition would lead to a plant shutdown. This is particularly true for a HPSI system inoperability. Note that the 30 day backstop CT does not replace other Actions for multiple trains inoperable. There is no "convenience" in risking a plant shutdown.

To avoid the above stated concern, a periodic assessment of the usage of the flexible AOT is suggested. One metric for this activity is monitoring the time incurred in the period beyond frontstop. All TS entries beyond the frontstop will be documented. The cumulative use of the TS extension will be evaluated once per fuel cycle (and documented in the 10CFR50.65 a(3) lookback report).

Ouestion 28 Explain how the effect of industry s use of extended RI-CTs on safety can be determined. What would be an effective performance indicator for use with extended CTs; perhaps the incremental risk of the extended CT is less than x, or number of times entered extended CT?

Response

The purpose of the question is unclear.

The "industry wide" risk impact of Technical Specification allowances is not currently tracked beyond the equipment availability statistics gathered for the Reactor Oversight Process. The Industry does not envision a need to track the use of particular Technical Specification features.

One single means of establishing a metric would be to use the number of entries or total duration vs risk level (risk color).

e-RrrS\4\CE-pilot\DRAMALREsPONsE 012704B.doc2/51049: 15 AM Page 22

DRAFT Ouestion 29 On Page 4, it is stated that "the proposed risk-managed TS will obviate (or significantly reduce) the need for NOEDs." Is a reporting requirement (not approval request) proposed to notify the NRC when an extended CT is entered? If not, please explain why.

Response

No explicit reporting requirement has been recommended. Notification of extension of a CT beyond the frontstop is not necessary as the maintenance will continue to be performed in accordance with the maintenance rule. A specific report on this action would unnecessarily increase the burden of paperwork on licensees, and serve no useful purpose.

An activity to monitor and document usage is recommended. This documentation may be included within the OCFR50.65 a(3) report. While this report is not transmitted to NRC, it will provide a vehicle for NRC review.

question 30 Are procedures (or new steps in procedures) required for reporting configuration changes within the plant to a central risk assessment group to ensure the time "from discovery of each configuration change" is minimal? Discuss internal controls.

Response

Adequate procedures already exist. Plant specific procedures will be made available to NRC.

Ouestion 31 Page 7, last two sentences before 5.0: These concluding sentences fail to make their point.

Response

Page 7: Modifications will be considered.

Question 32 Page 10, reference 14: What is Appendix A to IOCFR50.65?

Response

Page 10: Delete word "Appendix A" C\RlS4\CE-potRAFrRALRESPONSEOI 2704B.doc2I5,49.15 ANI Page 23

DRAFr Ouestion 33 Terminology needs to be defined and used consistent with existing definitions. For example, the terms "functionality" versus "Operability" are used on page B-7 of Appendix B, B3.3 and need to be resolved. On the same page and section it is written For a HPSI train, typical failure modes that result in partialinoperabilityinclude, but are not limited to:..." The bold italics are added, to illustrate a term that, if used, needs to be defined. The sentence could possibly be rewritten as, "For a BIPSI train , typical failure modes that result in inoperability include, but are not limited to the following partial losses of function:...?"

Response

Modifications will be considered.

Ouestion 34 CEOG STS page B 3.5.2-6, second paragraph, line 2: Is "unavailable" the best term for use here?

Response

We will review terminology for a better term.

C\RITS\4\CE-pilot\DRAFrRARESPONSE_O 27O4B.doc2I549: 15 AM Page 24

Retrieved from "https://kanterella.com/w/index.php?title=ML040430091&oldid=2686256"