ML050540293

From kanterella
Jump to navigation Jump to search
E-Mail, C. Smith to C. Ogle, Et. Al., SDP Phase 1 and Hatch Tfpi Minor Question Worksheet
ML050540293
Person / Time
Site: Hatch  Southern Nuclear icon.png
Issue date: 09/24/2003
From: Casey Smith
NRC/RGN-II
To: Ogle C, Payne D
NRC/RGN-II
References
FOIA/PA-2004-0277, IR-03-006
Download: ML050540293 (5)


Text

I Charles R.QqIe - Hatch TFPI Minor Uuestions Worksheet Paae 1 1

/3 From: Caswell Smith ' '

To: Charles Ogle; Charlie Payne Date: 9/24/03 3:32PM

Subject:

Hatch TFPI Minor Questions Worksheet Please see the attached worksheet that was revised based on our discussion this morning.

7

<2/

FIRE PROTECTION MC 0612 APPENDIX B Minor Questions Worksheet

Reference:

Triennial Fire protection Inspection Plant: Hatch Nuclear Plant Report No.: IR 50-321, 366/2003-006 Performance Deficiency: The licensee's fire protection program for ensuring the ability to safely shutdown the plant during a fire was inadequate, in that:

1 The sensor initiated logic installed for actuating all eleven SRVs has resulted in the SRVs becoming susceptible to open spuriously because of fire induced damage to two instrument cables for a fire in Fire Area 2104.

2 Compensatory manual actions to prevent spurious opening of the SRVs were not timely and would not have prevented the SRVs from opening. Additionally, the manual actions were encumbered by a lack of adequate lighting, inadequate terminal block labeling, and they were not approved by the NRC.

3 Manual control of the SRVs, required to ensure that the suppression pool heat capacity temperature limit will not be exceeded, will be lost because of the inadequate compensatory actions. Failure to control the suppression pool heat capacity temperature limit will cause the core spray pumps to have inadequate net positive suction head and will result in a loss of the containment heat removal function.

Description I Inadequate Plant Modification The plant modification installed by Design Change Request (DCR)91-134 did not implement the specified design input requirements for actuating the eleven safety relief valves (SRVs) using one out of two logic taken twice in support of a nuclear boiler over pressure protection. The installed plant modification actuates the SRVs using two out of two coincidence logic taken twice and one, out of two coincidence logic taken twice.

The installed plant modification has resulted in a common mode failure of all eleven safety relief valves from fire induced damage to two instrumentation cables.

A circuit analysis of SRV 2B21 -FOI 3F (Path 1) and SRV 2B21 -F01 3G (Path 2) revealed that the design objective of implementing a one-out-of-two taken twice logic had not been installed for the SRVs. The logic installed for the SRVs was a "two-out-of-two taken twice logic in addition to a zone-out-of-two taken twice logic. The coincident logic implemented using trip unit master relays K31 OD and K335D could result in spurious actuation of Group A SRVs for a fire in Fire Area 2104. Additionally, the trip unit slave relays associated with the master relays will also energize the pilot valves of group B and group C SRVs and result In opening these SRVs. Whenever an SRV lifts, it will remain open until nuclear boiler pressure is reduced to about 85% of its over pressure lift-set point. However, because the instrument loops have failed high, the trip

unit master relays and the trip unit slave relays will continue to energize the pilot valve of the individual SRV and keep the SRV open. As a result, this failure mode prevents the operators from manually controlling the Group A SRVs as is required per the SSAR.

2 Inadequate Compensatory Actions Fire Procedure, AOP 34AB-X43-001 -2,Version 10.8, dated May 28, 2003, stated in step 9.3.2.1 that: "To prevent all eleven SRVs from opening simultaneously, open links BB-10 in Panel 2H11-P927 and BB-10 in Panel 2H11-P928." The team noted that spurious opening of all eleven SRVs should be considered a large loss of a coolant accident (LOCA), and that a LOCA should be prevented from occurring during a fire event to comply with 10 CFR 50, Appendix R, Section lll.L. Section Ill.L requires that, during a post-fire shutdown, the reactor coolant system process variables (e.g., reactor vessel pressure and water level) shall be maintained within those predicted for a loss of normal alternating current power. Having all eleven SRVs opened during a fire would challenge this requirement. The team also determined that step 9.3.2.1 was sufficiently far back in the procedure that it may not be completed in time to prevent potential fire damage to the instrumentation cables of concem.

The safe shutdown analysis report (SSAR) identified several cables, that were relied upon for safe shutdown during a fire, which the licensee failed to protect from fire damage. A common mode failure of all eleven safety relief valves could occur because of fire induced damage to two instrumentation cables. These cables were not physically protected in accordance with the requirements of 10 CFR 50 Appendix R,section lIl.G.2. Instead, the SSAR credited the operators actions described above to prevent or mitigate the effects of the fire damage. The licensee did not, however, obtain NRC exemptions for these manual actions. Additionally, the manual actions were not performed early enough during the fire event to provide reasonable assurance that all eleven SRVs would not have spuriously opened as a result of fire damage.

Performance of these manual actions were encumbered by a lack of adequate lighting to facilitate completion of the actions. Also, the terminal block points were not adequately labeled to ensure that the operators could correctly identify the terminal links that were required to be removed to prevent spurious opening of the SRVs.

3 Loss of Net Positive Suction Head for Core Sprav Pumps Failure to manually control the SRVs will challenge the heat capacity temperature limit of the suppression pool and result Inthe loss of net positive suction head to the Core Spray pumps, which are used for mitigating this event. This loss of containment heat removal function will increase the large early release frequency (LERF) and could potentially lead to containment failure.

The licensee does not have a calculation of record or an approved analysis which demonstrates that the Core Spray System is capable of mitigating the effects on the nuclear boiler and containment structure caused by spurious opening of all eleven SRVs with the reactor at 100% power. Sudden de-pressurization of the nuclear boiler as a result of fire induced damage has not been analyzed.

Licensing Basis/Requirements:

e .

Operating License Condition 2.C. (3)(a), Fire Protection; Title 10 of the Code of Federal Regulations, Part 50 (10 CFR 50), Appendix R; 10 CFR 50.48; Appendix A of Branch Technical Position (BTP) Auxiliary and Power Conversion Systems Branch (APCSB) 9.5-1; related NRC Safety Evaluation Reports (SERs); the Hatch Nuclear Plant Updated Final Safety Analysis Report (UFSAR); and plant Technical Specification (TS).

Minor Questions:

Question (1) Could the finding be reasonably viewed as a precursor to a significant event?

NO Question (2) If left uncorrected, would the finding become a more significant safety concern?

NO Question (3) Does the finding relate to performance indicators that would have caused the Pi to exceed a threshold?

NO Question (4) Is the finding associated with one of the below cornerstone attributes and does the finding affect the associated cornerstone obiective?

YES - The team determined that this finding was associated with the 'design control, equipment performance, and procedure quality" attributes. It affected the objective of the initiating events cornerstone to limit the likelihood of events that challenge critical safety functions as well as the mitigating systems cornerstone to ensure the availability, reliability, and capability of systems that respond to initiating events, and Is therefore greater than minor.

CORNERSTONE OBJECTIVES AND ATTRIBUTES:

REACTOR SAFETY CORNERSTONE Initiating Events Cornerstone: OBJECTIVE: to limit the likelihood of those events that upset plant stability and challenge critical safety functions during shutdown as well as power operations.

Attributes:

Design Control: Initial Design and Plant Modifications Protection Against External Factors: Flood Hazard, Fire, Loss of Heat Sink, Toxic Hazard, switch yard Activities, Grid Stability Configuration Control: Shutdown Equipment Lineup, Operating Equipment Lineup Equipment Performance Availability, Reliability, Maintenance, Barrier Integrity (SGTR, ISLOCA, LOCA (S,M,L),

Refueling/fuel handling equipment Procedure Quality Procedure Adequacy

a e Human Performance: Human Error Mitigating Systems: OBJECTIVE: to ensure the availability, reliability, and capability of systems that respond to initiating events to prevent consequences (i.e., core damage).

Attributes:

Design Control: Initial Design and Plant Modifications Protection Against External Factors: Flood Hazard, Fire, Loss of Heat Sink, Toxic Hazard, Seismic Configuration Control: Shutdown Equipment Lineup, Operating Equipment Lineup, Equipment Performance Availability, Reliability Procedure Quality: Operating (Post Event) Procedure (AOPs, SOPs, EOPs); Maintenance and Testing (Pre-event) Procedures Human Performance: Human Error (Post Event), Human Error (Pre-event)

Because the answer to Questions (4) was 'YES," the finding should be considered greater than minor. Go to MC-0609, App. A.