ML050340022

From kanterella
Jump to navigation Jump to search
OPGP03-ZA-0091
ML050340022
Person / Time
Site: South Texas  STP Nuclear Operating Company icon.png
Issue date: 02/07/2005
From:
South Texas
To:
Office of Nuclear Reactor Regulation
Tjader T., NRC/IROB, 415-1187
Shared Package
ML050330174 List:
References
0PGP03-ZA-0091, Rev 6
Download: ML050340022 (14)


Text

SOUTH TEXAS PROJECT ELECTRIC GENERATING STATION D0527 STI 31695582 0PGP03-ZA-0091 Rev. 6 Page 1 of 14 Configuration Risk Management Program Quality Safety-Related Usage: Referenced Effective Date: 02/12/04 E. H. Hudson Drew Richards N/A Operations PREPARER TECHNICAL USER COGNIZANT DEPT Table of Contents Page

1.0 Purpose and Scope

..................................................................................................................... 2 2.0 Definitions .................................................................................................................................. 2 3.0 Responsibilities ........................................................................................................................... 6 4.0 Program Description................................................................................................................... 6 5.0 On-Line Maintenance.................................................................................................................. 8 6.0 Unplanned Work Week Events ................................................................................................. 10 7.0 Work Week Risk Reduction...................................................................................................... 12 8.0 References ................................................................................................................................ 14 9.0 Support Documents .................................................................................................................. 14

0PGP03-ZA-0091 Rev. 6 Page 2 of 14 Configuration Risk Management Program

1.0 Purpose and Scope

1.1 The Configuration Risk Management Program (CRMP) is used to assess the risk impact of equipment out-of-service and to maintain station risk at desired levels. The CRMP is used to assess risk impacts for planned and unplanned equipment outages which are modeled in the STP Probabilistic Risk Assessment (PRA). The CRMP is applicable to risk significant systems, structures, and components (SSCs) within the scope of the stations PRA or determined to be risk significant in the Maintenance Rule program. Risk Management provides assistance in the application of the stations PRA model for the Mode 3 and Mode 4 risk assessment.

1.2 The CRMP provides the guidance for determining both the action time limit (i.e. time until a risk based threshold is exceeded) and the risk reduction actions required for any noncompliance with a Limiting Condition for Operation in the Technical Requirements Manual.

1.3 The provisions of this program DO NOT preclude compliance with other design or license basis documents.

1.4 This procedure satisfies the Maintenance Rule requirements for the applicable modes, as specified in the Code of Federal Regulations. (Reference 8.7) 1.5 Maintenance activities are controlled through the work control process.

2.0 Definitions 2.1 ACTUAL FUNCTIONAL TIME: The time at which an SSC becomes functional.

2.2 ACTUAL NON-FUNCTIONAL TIME: The time at which an SSC becomes non-functional due to planned or unplanned maintenance or testing on that component or system.

2.3 CONDITIONAL CORE DAMAGE PROBABILITY (CCDP). The core damage frequency for a given plant condition or maintenance state multiplied by the duration of the expected condition.

2.4 CONFIGURATION RISK MANAGEMENT PROGRAM (CRMP): The mechanism for assessing plant configurations and maintaining station risk at desired levels.

2.5 CORE DAMAGE FREQUENCY (CDF): The calculated frequency in events per year of a core damaging event.

2.6 CONFIGURATION RISK MANAGEMENT (CRM) SYSTEM GUIDELINES: Concise descriptions of PRA system functions and components used as aids in the performance of CRMP risk assessments. These guidelines may also contain risk evaluations of maintenance configurations not contained in RAsCal.

0PGP03-ZA-0091 Rev. 6 Page 3 of 14 Configuration Risk Management Program 2.7 CUMULATIVE RISK: The risk which is accrued due to risk-significant components being non-functional.

2.8 DEFUELED

All fuel assemblies have been removed from the Reactor Containment Building and placed in the spent fuel pool. (The ICSA is NOT considered an extension of the spent fuel pool.)

2.9 DEMAND PERIOD: Annual periods of anticipated electrical power demand (Peak or Non-Peak) that are used to determine the level of BOP Trip Risk Significant thresholds.

2.10 FUNCTIONAL: SSC is capable of performing its intended function for both normal and emergency operations. This definition applies to testing and maintenance activities in ALL MODES of operation.

2.10.1 Functional SSCs do not require automatic actuation or alignment if the function can be promptly restored either by an operator in the Control Room or by a dedicated operator stationed locally for that purpose. Restoration actions must be contained in approved written instructions, must be uncomplicated and must NOT require diagnosis or repair. Credit for a dedicated local operator can be taken only if positioned at the proper location throughout the duration of the activity.

2.10.2 Functional SSCs may not always meet all Technical Specification, Licensing or Design Basis assumptions.

2.10.3 Functional SSCs DO NOT require attendant fire detection or suppression.

2.10.4 Performance of maintenance activities may involve alterations to SSCs which affect functionality. Examples of such alterations include:

  • Installation of terminal jumpers
  • Lifting of electrical leads
  • Placing of temporary lead shielding on pipes or equipment
  • Removal of barriers
  • Use of temporary blocks, bypasses, scaffolding or supports.
  • Removal of insulation.

2.10.5 An SSC should be considered functional if there is reasonable assurance that it can perform its intended risk function(s). IF this evaluation is later proven incorrect, THEN non-functionality continues from the original period of functionality.

2.10.6 A SSC aligned to its failure mode configuration per a clearance order or work order may be considered functional.

0PGP03-ZA-0091 Rev. 6 Page 4 of 14 Configuration Risk Management Program 2.10.7 A SSC with an inoperable snubber may be considered functional. Engineering assistance may be required to determine the functionality of a SSC with an inoperable snubber.

2.10.8 During maintenance, an SSC can be declared functional when it is capable of performing its intended risk function(s) following the completion of restoration activities (i.e. clearance released, system lineup completed, filling/venting completed and other operational prerequisites met). IF maintenance on an SSC DOES NOT involve major component disassembly, THEN the SSC can be declared functional following or during maintenance when the maintenance has reached a point where the on-duty Senior Reactor Operators consider the SSC ready for service or post-maintenance testing. IF subsequent post maintenance testing fails, THEN non-functionality continues from the original period of functionality.

2.10.9 SSCs are considered functional during surveillance testing provided one of the following conditions is met:

2.10.9.1 The SSC will respond to its actuation signal (e.g. a containment isolation valve is functional during a valve operability test).

2.10.9.2 The surveillance procedure specifies the recovery actions required to return the SSC to its required safety condition (e.g. the Auxiliary Feedwater (AFW) inservice test provides guidance for the operator to close the test line isolation valve in the event of an AFW actuation).

2.10.9.3 The surveillance test places the SSC in the conservative safety state (e.g. the bistable is tripped).

2.11 INCREMENTAL CONDITIONAL CORE DAMAGE PROBABILITY (ICCDP): The cumulative risk due only to equipment maintenance is calculated by subtracting the ZERO MAINTENANCE CDF from the instantaneous CDF for each maintenance state and multiplying by the expected duration of the equipment maintenance.

2.12 MAINTENANCE STATE: The collection of plant systems and components, within the scope of the CRMP, which are non-functional at the same time.

2.13 NON-FUNCTIONAL: SSC is NOT capable of performing its intended function as modeled in the PRA.

2.14 OFF-PEAK PERIOD: Time of lessened trip consequence due to lower electrical power demand when the BOP Risk Significance Thresholds can be increased from the Peak Period values.

0PGP03-ZA-0091 Rev. 6 Page 5 of 14 Configuration Risk Management Program 2.15 NON-RISK SIGNIFICANT THRESHOLD: The weekly threshold below which cumulative risk levels are considered to be non-risk significant. (Risk significant threshold values are provided in Step 5.5.)

2.16 PEAK PERIOD: Time of increased trip consequence due to higher electrical power demand when lower trip risk is necessary. Peak Periods are specified by the STPNOC Owners Committee.

2.17 POTENTIALLY RISK SIGNIFICANT THRESHOLD: Weekly thresholds, which if exceeded, indicate a significant reduction in the ability of risk related plant system functions to:

  • Prevent or mitigate a core damage event.
  • Maintain trip probability within demand period limits.

(Risk significant threshold values are provided in Step 5.5.)

2.18 PROBABILISTIC RISK ASSESSMENT (PRA): A plant specific integrated analysis model that estimates the annual frequency (i.e. events per year) of a core damage event OR a large early release occurring as a result of various initiating events (e.g. turbine trip, reactor trip, steam generator tube rupture, etc.).

2.19 RAsCal: Risk Assessment Calculator: Computer software used to assess the Incremental Conditional Core Damage Probability and Weekly Trip Risk Probability due to varying plant configurations. These configurations result from planned or unplanned maintenance activities on risk significant equipment in Modes 1 & 2.

2.20 RISK ASSESSMENT EVALUATION: Any evaluation that addresses the risk associated with equipment out-of-service. This can be accomplished with RASCAL or through a PRA Assessment.

2.21 RISK PROFILE: A graphical representation of the change in CCDP and Trip Probability based on the time dependent variation of maintenance states.

2.22 UNPLANNED EVENT: Any condition, which is NOT in the planned work schedule, which renders station equipment non-functional or extends non-functional equipment scheduled outage time beyond its planned duration.

2.23 WEEKLY TRIP RISK PROBABILITY: A baseline weekly value which is the probability of a plant trip, as modeled in the STP BOP PRA model.

2.24 ZERO MAINTENANCE CDF: The calculated CDF assuming that no planned or unplanned maintenance is performed and all systems and components remain functional.

0PGP03-ZA-0091 Rev. 6 Page 6 of 14 Configuration Risk Management Program 3.0 Responsibilities 3.1 The Plant General Manager is responsible for approving any planned exceedance of a Non Risk-Significant Threshold.

3.2 The Shift Supervisor is responsible for the following:

  • Being cognizant of the current planned and actual risk as indicated by the risk profiles of the plant.
  • Ensuring cumulative effects of planned maintenance and unplanned events are understood and appropriate risk reduction measures are taken to meet station risk goals.

3.3 The on-duty Senior Reactor Operators are responsible for determining when an SSC is functional or non-functional.

3.4 The designated on-shift Senior Reactor Operator is responsible for ensuring the weekly risk profile is updated with actual functional times and actual non-functional times for SSC modeled in RAsCal. The actual times are updated as equipment becomes functional or non-functional.

3.5 Work Control is responsible for producing weekly risk profiles of planned on-line maintenance activities.

3.6 Risk Management is responsible for the CRMP.

4.0 Program Description 4.1 Probabilistic Risk Assessment (PRA) models are maintained per the Probabilistic Risk Assessment Program procedure, 0PGP04-ZA-0604.

4.2 The CRMP is used to meet the requirements of the Maintenance Rule [10CFR50.65(a)(4)]

to assess the cumulative effects of maintenance and testing on SSC.

4.3 Risk Management assesses the yearly cumulative risk for each unit and communicates the results to affected personnel.

4.4 Work Schedules are adjusted to desired levels of risk per this procedure Section 5.0, On Line Maintenance. This is applicable for Modes 1 and 2.

4.5 Unplanned Event Risk Assessments are made per this procedure Section 6.0, Unplanned Events. This is applicable for Modes 1 and 2.

0PGP03-ZA-0091 Rev. 6 Page 7 of 14 Configuration Risk Management Program 4.6 Outage schedules and risk assessments are performed per the Shutdown Risk Assessment procedure, 0PGP03-ZA-0101. This is applicable in Modes 5, 6 and Defueled.

4.7 In Modes 3 and 4, contact Risk Management for assistance in determining the application of currently available PRA models.

4.8 IF an unquantified maintenance state exists, THEN contact Risk Management for assistance in determining the risk.

4.9 Risk assessments SHALL consider any significant performance issues associated with the standby trains of the SSC.

4.10 Listed below are the risk significant system functions NOT covered by the Risk Assessment Calculator. The Configuration Risk Management System Guidelines should be consulted for the assessment of the potential risk impact of these system functions.

  • 7300 Processor Support System (BS) - Process input signals and provide reactor trip, protective, and control signals
  • Nuclear Instrumentation (NI) - Provide reactor trip and protective signals
  • Reactor Control System (RS) - Interrupt electrical power to the control rod drive mechanisms upon receipt of a reactor trip signal
  • Steam Generator Secondary Side (SG) - Provide system pressure boundary
  • Containment Building (XC) - Maintain containment integrity
  • North and South Switchyard Buses (XS) - Control the supply of 345KV electrical power 4.11 Contact risk management to assess the risk impact for any risk significant system function outside the scope of RAsCal and the CRM System Guidelines.

0PGP03-ZA-0091 Rev. 6 Page 8 of 14 Configuration Risk Management Program 5.0 On-Line Maintenance 5.1 Work Window Coordinators provide preliminary and adjusted interactive schedule inputs for risk profile generation prior to the initiation of planned maintenance activities per 0PGP03-ZA-0090, Work Process Program.

5.2 Work schedules are authorized and approved per 0PGP03-ZA-0090, Work Process Program.

5.3 Work Window Coordinators are responsible for ensuring the risk profile is updated for any planned work schedule change that occurs after the start of the work week.

NOTE The current guideline revision numbers can be determined by searching RMS under a DOCUMENT NO of CRM # # # # (where # # # # is the four digit guideline number). The document TYPE should be entered as GUIDELINE.

5.4 Whenever the risk profile is being updated, the user SHALL ensure the most current revision of the RASCAL guidelines are used.

5.5 The following risk significant thresholds are used in this procedure:

5.5.1 ICCDP Thresholds:

  • Non-Risk Significant Threshold = 1.00E-06 ICCDP due to maintenance
  • Potentially Risk Significant Threshold = 1.00E-05 ICCDP due to maintenance 5.5.2 Balance of Plant (BOP) Trip ProbabilityThresholds:

DEMAND NON-RISK SIGNIFICANT POTENTIALLY RISK PERIOD THRESHOLD SIGNIFICANT THRESHOLD Peak 5% 10%

Off-peak 10% 15%

BOP thresholds are measured in percent increase in weekly trip risk probability.

0PGP03-ZA-0091 Rev. 6 Page 9 of 14 Configuration Risk Management Program 5.6 A planned exceedance of the Non Risk-Significant Threshold SHALL be approved by the Plant General Manager.

5.7 The designated on-shift Senior Reactor Operator ensures the weekly risk profiles are updated with Actual Non-Functional Times and Actual Functional Times using RAsCal per the RAsCal User Manual as components become functional or non-functional.

5.8 At the completion of the Work Week, the designated on-shift Senior Reactor Operator transmits the updated risk profile to Risk Management and the responsible Work Window Coordinator for evaluation and archiving.

0PGP03-ZA-0091 Rev. 6 Page 10 of 14 Configuration Risk Management Program 6.0 Unplanned Work Week Events NOTE When evaluating the Potentially Risk-Significant and Non Risk-Significant Thresholds, the previous Work Weeks Cumulative Risk SHALL be included if the non-functionality of any component from the previous Work Week continues through to the current Work Week (i.e., extending past Sunday 2400).

6.1 During an Unplanned Event, the Shift Supervisor determines whether the SSC is within the scope of RAsCal per the CRM System Guidelines.

6.2 Using RAsCal, the designated on-shift Senior Reactor Operator calculates a projected weekly cumulative risk and the increase in weekly risk trip probability for the expected duration of the Unplanned Event. (Refer to the RAsCal User Manual or CRM System Guidelines, as necessary).

NOTE

  • The required risk assessment evaluation by Risk Management SHALL be performed prior to the anticipated exceedance of any non-risk significant threshold (either CDF or BOP Trip Probability threshold).
  • Section 7.0 SHALL be reviewed to determine if any risk reduction actions should be taken while awaiting the risk assessment evaluation from Risk Management.
  • Any measures taken to reduce risk SHALL be recorded in the Control Room Logbook.

6.3 IF RAsCal is unable to generate a risk profile (e.g. due to an unquantified maintenance state), THEN work may proceed with the Shift Supervisors approval until an evaluation is completed by Risk Management.

NOTE The current guideline revision numbers can be determined by searching RMS under a DOCUMENT NO of CRM # # # # (where # # # # is the four digit guideline number). The document TYPE should be entered as GUIDELINE.

6.4 Whenever the risk profile is being updated, the user SHALL ensure the most current revision of the RAsCal guidelines are used.

0PGP03-ZA-0091 Rev. 6 Page 11 of 14 Configuration Risk Management Program 6.5 Performance or re-evaluation of a risk assessment should NOT interfere with, or delay, the operator or maintenance crew from taking timely action to restore equipment to service OR to take compensatory actions.

6.6 IF the projected weekly cumulative risk or increase in weekly trip probability will exceed the Non Risk-Significant Threshold, THEN perform Section 7.0, Work Week Risk Reduction.

6.7 IF the projected weekly cumulative risk and the increase in weekly trip probability will NOT exceed the Non Risk-Significant Threshold, THEN no further action is required. The Shift Supervisor should heighten station awareness of work that is risk significant to ensure completion of the work as scheduled.

6.8 The following conditions require CR initiation:

6.8.1 Any unplanned exceedance of a Non Risk-Significant Threshold.

6.8.2 Any unplanned exceedance of a Plant General Manager approved risk threshold above the Non Risk-Significant Threshold.

0PGP03-ZA-0091 Rev. 6 Page 12 of 14 Configuration Risk Management Program 7.0 Work Week Risk Reduction NOTE When evaluating the Potentially Risk-Significant and Non Risk-Significant Thresholds, the previous Work Weeks Cumulative Risk SHALL be included if the non-functionality of any component from the previous Work Week continues through to the current Work Week (i.e., extending past Sunday 2400).

7.1 IF the Non Risk-Significant Threshold is projected to be exceeded within the current Work Week AND the exceedance has NOT been previously approved by the Plant General Manager, THEN the Shift Supervisor SHALL perform the following:

7.1.1 Notifies the Duty Operations and Duty Plant Manager of the expected exceedance.

7.1.2 Identifies and implements compensatory measures approved by the Duty Plant Manager. Compensatory measures may include but are NOT limited to the following:

7.1.2.1 Reduce the duration of risk sensitive activities.

7.1.2.2 Remove risk sensitive activities from the planned work scope.

7.1.2.3 Reschedule work activities to avoid high risk sensitive equipment outages or maintenance states.

7.1.2.4 Accelerate the restoration of out-of-service equipment.

7.1.2.5 Determine and establish the safest plant configuration.

7.1.2.6 Establish contingency plan to reduce the effects of the degradation of the affected SSC(s) by utilizing the following:

  • Operator actions
  • Increased awareness of plant configuration concerns and the effects of certain activities and transients on plant stability
  • Administrative controls
  • Ensure availability of functionally redundant equipment 7.1.3 Ensures any measures taken to reduce risk are recorded in the Control Room Logbook.

7.1.4 Evaluates whether heightened station awareness is acceptable while attempting to return components or systems to functional status. Duty Plant Manager approval is required to solely implement heightened station awareness.

0PGP03-ZA-0091 Rev. 6 Page 13 of 14 Configuration Risk Management Program 7.2 IF the Potentially Risk Significant Threshold is projected to be exceeded within the current Work Week, THEN the Shift Supervisor takes the following actions:

7.2.1 Notifies the Duty Operations Manager and the Duty Plant Manager 7.2.2 Ensures the actions of Step 7.1 have been completed or are in progress.

7.2.3 Reviews the Technical Specifications, Technical Requirements Manual and the Offsite Dose Calculation Manual requirements for affected equipment to ensure associated actions are being performed.

7.2.4 Considers augmenting current on site resources to assist in restoring equipment to functional status.

7.2.5 Evaluates changing current plant conditions to place the Unit in a mode or a power level that may reduce the relative risk. This evaluation should consider that changing plant conditions, such as reducing power, may expose the Unit to potential transients. The status of equipment NOT in the scope of the CRMP must be considered in this evaluation. (For example: The relative health of the SGFWP control system may influence the advisability of initiating a major change in plant power.).

0PGP03-ZA-0091 Rev. 6 Page 14 of 14 Configuration Risk Management Program 8.0 References 8.1 Risk Assessment Calculator (RAsCal) Users Manual 8.2 SDG, ECW, or Essential Chilled Water Extended Allowed Outage Time, 0POP01-ZO-0006 8.3 Technical Specification 3.7.4 8.4 Technical Specification 3.7.14 8.5 Technical Specification 3.8.1.1 8.6 Technical Specification 6.8.3.k 8.7 Maintenance Rule 10 CFR 50.65(a)(4) 8.8 Probabilistic Risk Assessment Program, 0PGP04-ZA-0604 8.9 Shutdown Risk Assessment, 0PGP03-ZA-0101 8.10 Work Process Program, 0PGP03-ZA-0090 8.11 South Texas Project, Units 1 and 2 - Amendment NOS. 85 and 72 to Facility Operating License NOS. NPF-76 and NPF-80, ST-AE-HL-94678 8.12 NUMARC 93-01, Section 11, Assessment of Risk Resulting from Performance of Maintenance Activities 8.13 Configuration Risk Management System Guidelines, 0PGP05-ZE-0002 8.14 PRA Analyses / Assessments, 0PGP05-ZE-0001 9.0 Support Documents None