ML051790372

From kanterella
Jump to navigation Jump to search
Re Final Precursor Analysis
ML051790372
Person / Time
Site: Oyster Creek
Issue date: 05/23/2005
From: Eliezer Goldfeiz
NRC/RES/DRAA/OERAB
To:
GPU Nuclear Corp
Shared Package
ML052010011 List:
References
LER 03-002-00
Download: ML051790372 (33)
v  d  e


Text

1 Since this condition did not involve an actual initiating event, the parameter of interest is the measure of the incremental increase between the conditional probability for the period in which the condition existed and the nominal probability for the same period but with the condition nonexistent and plant equipment available. This incremental increase or importance is determined by subtracting the CDP from the CCDP. This measure is used to assess the risk significance of hardware unavailabilities especially for those cases where the nominal CDP is high with respect to the incremental increase of the conditional probability caused by the hardware unavailability.

1 Final Precursor Analysis Accident Sequence Precursor Program ---Office of Nuclear Regulatory Research Oyster Creek Loss of 4.16 kV Emergency Bus 1C Due to Ground Fault in Normally Energized Underground Cable Event Date:5/20/2003 LER 219/03-002 CDP1 = 1.4x10-06 May 23, 2005 Condition Summary On May 20, 2003, with the plant operating at 100%, the emergency bus 1C normal supply breaker tripped and locked out, de-energizing the bus. Subsequent investigation by AmerGen determined that the breaker trip was due to a ground fault in one of the cables that connect the 1C bus to the associated, No. 1 EDG output breaker. The loss of bus 1C resulted in the loss of certain system components required for normal operation and accident mitigation. The loss of one of two emergency buses also led to a technical specification required shutdown of the plant. This was achieved via a controlled down-power and a manual scram at 9:43 a.m.,

approximately 9 hours1.041667e-4 days <br />0.0025 hours <br />1.488095e-5 weeks <br />3.4245e-6 months <br /> after the event. Cold shutdown was achieved at 7:13 p.m. of the same day.

Cable failure was the result of water intrusion into the 1C cable between the insulation and the insulation shield. Apparently, underground water filtered through the conduit and cable jacket, degrading the cable insulation and causing the cable to short to ground. The cable that failed in May 2003 was manufactured by Anaconda. Prior to this event, Oyster Creek had experienced an additional ten in-service, medium voltage cable failures. Of these, six were failures of Anaconda Unishield type cables. A seventh failed cable was also Unishield type manufactured by Cablec, after their purchase of the Anaconda company. Based on a chart prepared by the licensee, the Anaconda and Cablec cable failures were either due to water intrusion or manufacturing defects that, over time, caused the cables to fail. Water intrusion and breakdown of the cable insulation was the cause of a 1996 failure of a cable associated with the No. 2 EDG output breaker to 4160 volt emergency bus 1D. This cable, like the 1C cable, was located within an underground cable vault structure between the EDG building and the TB. Water intrusion was also the failure mode that caused a cable supplying power to the 1B2 480V unit substation to short to ground and the supply breaker to trip on November 11, 2001. This cable was also manufactured by Anaconda and had only been in service for about five years, but in this case, the cable was buried in a sand bed that runs under the TB basement floor.

Including the May 2003 failure, Oyster Creek has had 11 medium voltage, in-service cable failures. Of the earlier 10 failures, six involved Anaconda cable and three of the

LER 219/03-002 2

six Anaconda failures were associated with cables that supply power from the two EDGs to the 4160 V emergency busses through the underground concrete vaults. In addition, two of the 10 failures (one in 1975 and the other in 1977) involved cables running in these same vaults from the two EDGs. However, these cables were manufactured by GE Vulkene and the failures were attributed to lightning strikes. The 4160 volt 1C cable that failed in May 2003 had been installed in 1977 after one of these failures.

During their analysis of the May 2003 cable failure, AmerGens engineering organization assessed whether water entered into the cable vault structure. They concluded that, prior to 1991, rain water could enter the cable vault from an opening in the floor at the switchgear in the EDG building. (Note: Much of the roof of the EDG building is grating open to the environment to permit air flow into the building to support EDG operation and cooling.) Rainwater spillage into the TB basement was clearly evident from the vault associated with the 1D bus. In 1991, a modification installed a concrete dam around the power conduit at the floor line in the EDG building to prevent water entrance into the conduits from either diesel. However, AmerGens 2003 apparent cause analysis noted that by the time the rain water intrusion was corrected, there had been many years of water exposure to the cables. The licensees apparent cause review stated that this likely was the contributory factor for the EDG 1 cable failure.

Analysis Results Condition Importance (CDP)

The condition importance is calculated to be 1.4E-06.

Dominant sequences Table 1 shows the contributors to event importance.

Results tables Attachment A contains the details of the analysis and results tables.

Modeling Assumptions Analysis type The ASP analysis is performed using the plant SPAR model. The plant condition of loss of 4160 1C emergency bus is imposed on the model.

An event occurring within a time interval before or after the failure of the 1C bus could be affected by this failure, if the mission time of the event occurring includes the time of the bus

LER 219/03-002 3

failure. Thus, the ASP evaluation looks at both the time period before and after the bus failure.

The time interval before the bus failure is taken as 24 hour2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />s: if an initiating event occurred within a 24-hour time interval before the bus failure, its mission time would have included the bus failure. The time interval after the bus failure is studied in detail by the SDP phase three analysis (Reference 2). The results of the SDP analysis are summarized below. See also Table 1.

1. Analysis for the 24-Hour Time period before failure The model is quantified for a 24-hour period; that any potential initiating event that could have occurred during the 24-hour mission time preceding the failure would have created additional plant risk. Note that no automatic trip was generated. The resulting condition importance is calculated to be 3.9E-07.

This condition would have also impacted events that could have followed external events and shutdown events that if occurred during the previous 24-hour period, would have had the failure impacting their mission time. Since the SDP analysis already looked at the same events following the failure, and concluded that the risk is small, this subject is not pursued any further.

2. Analysis for the at-power time period following the failure A 10-hour time period is used to estimate the plant risk during the at-power period following the onset of the condition. Internal events that could randomly occur during this time window are considered. The resulting condition importance is calculated to be 1.6E-07.

3.

Reactor Trip due to failure The reactor trip due to the failure (imposed by the technical specifications) is also considered and its importance is calculated given by modeling that a transient has occurred (with frequency of 1.0). The resulting event importance is calculated to be 3.6E-07.

4.

Events at Shutdown While the plant is operated in shutdown conditions for a 130-hour period with 1C bus unavailable, initiating events that could have contributed to plant risk have been evaluated and the condition importance due to 5 such initiating events is calculated to be 4.9E-07.

5 External Events The contribution of importance of external events is taken from Reference 2 as 4.4E-09

LER 219/03-002 4

Modeling assumptions Key modeling assumptions. The key modeling assumptions are listed below and discussed in detail in the following sections. These assumptions are important contributors to the overall results.

1. During shutdown period, isolation condenser could be credited for decay heat removal, as modeled in the at-power operation in the SPAR models.

Other assumptions. Other assumptions are stated in the analysis as they are introduced.

Modifications to fault tree models See attachment A for details.

Basic event probability changes See attachment A for details.

Sensitivity analyses None made.

SPAR model updates No SPAR model updates are made.

LER 219/03-002 5

References 1.

LER: 03-002-00 DATED 7/17/2003. Oyster Creek Unit 1: Completion of reactor shutdown required by tech specs due to a cable fault.

2.

SDP: EA- 04-033. SERP date: 2/5/04 SERP Worksheet for SDP-Related Finding at Oyster Creek Generating Station Failure of Cable in 4160 Volt Vital Bus.

3.

Inspection report: EA-04-033 dated 3/15/2004. Final significance determination for a white finding and notice of violation (NRC Inspection Report 05000219/2003005) Oyster Creek generating station.

4.

Email from Wayne Schmidt to Selim Sancaktar, Dated 5/18/05 7:34AM

Subject:

Re:

Oyster Creek 4160 Bus 1C loss

5. Station Blackout Risk Evaluation for NPPs (Draft) INEEL/EXT-04-02525, January 2005.

LER 219/03-002 6

Table 1 Summary of Contributors to Condition Importance Plant Mode / Event Type Time Window Condition CDF Base CDF Importance Importance 1

Power Operation preceding condition - Random Initiating events 24 1.45E-04 3.63E-06 3.87E-07 27.7%

2 Power Operation post condition - Random Initiating events 10 1.45E-04 3.63E-06 1.61E-07 11.5%

3 Manual Scram - Transient 3.60E-07 3.60E-07 25.7%

4 Shutdown operation - total 130 3.66E-05 3.63E-06 4.89E-07 35%

5 External Events 164 6.2E-101

<0.1%

Sum =

1.40E-06 100.0%

1 From Final SDP (Reference 2) (3.31E-08 *160/8760 = 6.2E-10)

LER 219/03-002 7

Attachment A. ASP Analysis Documentation This section documents the ASP analysis calculations made for the plant condition.

This is a condition event, where the cable in question was not monitored against this failure cause. Thus, the cable could have failed anytime during the year (or the previous years). If the cable failed during the 24-hour mission time following any potential initiating event, it would have caused loss of mitigating equipment, such as:

Diesel Generator 1 Reactor Protection System 1 Core spray Main and Booster Pumps A and D Containment Spray pumps A and B Emergency Service Water Pumps A and B.

Other equipment powered from bus 1D were operable. No automatic trip occurred. Plant was manually shutdown later in accordance with the technical specifications.

1 & 2. ASP Analysis for the 34-hour time window before manual shutdown.

The 24-hour time window before the occurrence of the condition, and the 10-hour time window after the condition but before the manual trip are combined into a 34-hour case for ASP analysis. Then, the plant SPAR model is used to quantify the condition importance for the 34-hour period.

During this analysis, it is observed that the plant condition coupled with the random initiating event of Loss of DC Bus B results in a core damage end state. However, as a minimum, an operator recovery action to open the isolation condenser valve(s) exist, as discussed in Attachment B. This recovery action is credited in the ISO fault tree (see Figure A-1) by introducing the basic event ISO-XHE-MOV-REC, which is AND-GATED with the loss of DC Bus A gate (CDP-PNLC). This operator action is set to IGNORE in the base case, and is assigned a HEP value in the conditional case.

The following basic events were set to failure (TRUE) in the plant SPAR model to simulate the loss of 1C bus and the EDG connection to it:

ACP-BAC-LP-1C EPS-DGN-TM-DG1 The base case is run with SAPHIRE and the conditional case is run with GEM. The results are summarized in Table C-1, which is the GEM output.

LER 219/03-002 8

3.

Initiating Event Analysis for Manual Shutdown.

The plant condition introduced an additional plant risk in terms of a manual shutdown due to tech spec requirements. This is modeled with a transient event tree in the SPAR model, using GEM initiating event analysis to quantify the event importance. All initiating event frequencies other than that of TRANS are set equal to zero. The initiating event frequency for TRANS is set equal to 1. In addition, the following three basic event probabilities are modified, as in the above cases:

ACP-BAC-LP-1C set to failure (TRUE)

EPS-DGN-TM-DG1 set to failure (TRUE)

ISO-XHE-MOV-REC set to 4.2E-02 (in the base case, it is set equal to IGNORE).

The GEM output is given in Table C-2.

4. ASP Analysis for the 130-hour time window during shutdown The plant remained in the shutdown mode for a 130-hour period with the faulted bus condition.

During this period, a random occurrence of events such as LOOP, loss of the DC bus B, loss of the running RHR train, loss of SWS, and loss of intake structure would have created additional plant risk. It is assumed that:

1.

The above-listed five initiating events would present the most risk (other events such as LOCAs) presenting lesser risk; 2.

Isolation condenser would provide decay heat removal if the RHR is lost (SPAR models, and Reference 2);

3.

In case of a LOOP and SBO, offsite power must be recovered within 20 hours2.314815e-4 days <br />0.00556 hours <br />3.306878e-5 weeks <br />7.61e-6 months <br /> (Reference 2).

Event Trees:

For each of the five shutdown events listed above, event trees are constructed. These event trees are given as Figures A-2 through A-7. The event trees are constructed by using the same event tree rules as their corresponding at-power SPAR event trees.

Initiating Event Frequencies:

The initiating event frequencies for a year of operation are calculated as follows:

LER 219/03-002 9

Shutdown Initiating Events IE Frequency (per year)

IE-LOOP-sd 3.31E-02 1

IE-TRANS-sd 5.00E-06 2

IE-LODCB-sd 2.50E-03 1

IE-LOIS-sd 7.50E-03 1

IE-LOSWS-sd 4.00E-04 1

Notes:

1. From at-power SPAR model
2. Failure of a RHR pump to run for 8760 hours0.101 days <br />2.433 hours <br />0.0145 weeks <br />0.00333 months <br /> 5E-06 failure to run per hour from SPAR model Fault Trees:

As shown in the event tree nodes of Figures A-2 through A-7, the following new fault trees are introduced:

SDC - shutdown cooling - has three subtrees named SDC-A, SDC-B, SDC-c.

ISO - as discussed in Attachment B. ISO1 is the same as ISO.

AC AC power recovery in 20 hours2.314815e-4 days <br />0.00556 hours <br />3.306878e-5 weeks <br />7.61e-6 months <br />; used as a scalar without developing the fault tree.

The fault tree pictures are given as Figures A-8 through A-11. Modification in ISO is shown in Figure A-1. AC-20 does not have any structure.

Basic Events:

The fault tree AC-20 is assigned failure to recover offsite power probability of 0.069 from Table 3.3 of Reference 5.

Five change sets are used to set the values of various basic events to run the five shutdown events using SAPHIRE for a year of operation. These basic event values are shown in Table A-1. Note that the 130-hour mission time is introduced later on to calculate the condition importance.

Calculations:

Five SAPHIRE runs are made, each with one of the change sets defined in table A-1. These runs gave the CDF from a shutdown event for a 8760-hour period (one year). These values are then multiplied by the factor 130/8760. The total condition importance is calculated by summing the results and subtracting the base at-power risk for 130-hours.

LER 219/03-002 10 The shutdown condition importance is calculated as 4.9E-07. The summary of the calculations is given as follows:

Plant Mode /

Event Type Initiating Event Frequency (per year)

Time Window Condition CDF Base CDF Importance LOOP IE-LOOP-sd 3.31E-02 130 2.96E-07 4.39E-09 Loss of Running RHR IE-TRANS-sd 5.00E-06 130 4.02E-06 5.97E-08 Loss of DC Bus B IE-LODCB-sd 2.50E-03 130 1.40E-07 2.08E-09 Loss of Intake Structure IE-LOIS-sd 7.50E-03 130 3.05E-05 4.53E-07 Loss of SW IE-LOSWS-sd 4.00E-04 130 1.63E-06 2.42E-08 Base at-power operation 130 3.63E-06

-5.39E-08 Shutdown operation - total 3.66E-05 3.63E-06 4.89E-07

5. Contribution from External Events The contribution to the condition importance from external events is calculated in Reference 2 as 4.37E-09. Since this value is very small, even an order of magnitude change would not affect the results. Thus, this value is used as is for the ASP analysis.

Condition Importance The condition importance can be calculated as the sum of contributions from the five calculations given above. The sum is 1.4E-06 and the details are shown in Table 1 of the main body of this report.

LER 219/03-002 11 Table A-1 Basic Event Changes for Shutdown Events -

Using Change Sets in SAPHIRE Change/Flag Set Event Calc. Type Prob/Freq CASE-1-SD ACP-BAC-LP-1C T

IE-LOOP EPS-DGN-TM-DG1 T

IE-IORV 1

0.00E+00 IE-LCS-V-A 1

0.00E+00 IE-LCS-V-B 1

0.00E+00 IE-LLOCA 1

0.00E+00 IE-LOCHS 1

0.00E+00 IE-LOCW 1

0.00E+00 IE-LODCB 1

0.00E+00 IE-LOIS 1

0.00E+00 IE-LOMFW 1

0.00E+00 IE-LOOP 1

3.31E-02 IE-LOSWS 1

0.00E+00 IE-SLOCA 1

0.00E+00 IE-TRANS 1

0.00E+00 CASE-2-SD ACP-BAC-LP-1C T

IE-TRANS EPS-DGN-TM-DG1 T

IE-IORV 1

0.00E+00 IE-LCS-V-A 1

0.00E+00 IE-LCS-V-B 1

0.00E+00 IE-LLOCA 1

0.00E+00 IE-LOCHS 1

0.00E+00 IE-LOCW 1

0.00E+00 IE-LODCB 1

0.00E+00 IE-LOIS 1

0.00E+00 IE-LOMFW 1

0.00E+00 IE-LOOP 1

0.00E+00 IE-LOSWS 1

0.00E+00 IE-SLOCA 1

0.00E+00 IE-TRANS 1

4.38E-02 SDC-MDP-TM-TRNB T

CASE-3-SD ACP-BAC-LP-1C T

IE-LODCB EPS-DGN-TM-DG1 T

IE-IORV 1

0.00E+00 IE-LCS-V-A 1

0.00E+00 IE-LCS-V-B 1

0.00E+00 IE-LLOCA 1

0.00E+00 IE-LOCHS 1

0.00E+00 IE-LOCW 1

0.00E+00 IE-LODCB 1

2.50E-03 IE-LOIS 1

0.00E+00 IE-LOMFW 1

0.00E+00 IE-LOOP 1

0.00E+00 IE-LOSWS 1

0.00E+00 IE-SLOCA 1

0.00E+00

LER 219/03-002 12 IE-TRANS 1

0.00E+00 CASE-4-SD ACP-BAC-LP-1C T

IE-LOIS EPS-DGN-TM-DG1 T

IE-IORV 1

0.00E+00 IE-LCS-V-A 1

0.00E+00 IE-LCS-V-B 1

0.00E+00 IE-LLOCA 1

0.00E+00 IE-LOCHS 1

0.00E+00 IE-LOCW 1

0.00E+00 IE-LODCB 1

0.00E+00 IE-LOIS 1

7.50E-03 IE-LOMFW 1

0.00E+00 IE-LOOP 1

0.00E+00 IE-LOSWS 1

0.00E+00 IE-SLOCA 1

0.00E+00 IE-TRANS 1

0.00E+00 CASE-5-SD ACP-BAC-LP-1C T

IE-LOSWS EPS-DGN-TM-DG1 T

IE-IORV 1

0.00E+00 IE-LCS-V-A 1

0.00E+00 IE-LCS-V-B 1

0.00E+00 IE-LLOCA 1

0.00E+00 IE-LOCHS 1

0.00E+00 IE-LOCW 1

0.00E+00 IE-LODCB 1

0.00E+00 IE-LOIS 1

0.00E+00 IE-LOMFW 1

0.00E+00 IE-LOOP 1

0.00E+00 IE-LOSWS 1

4.00E-04 IE-SLOCA 1

0.00E+00 IE-TRANS 1

0.00E+00

LER 219/03-002 13 ISO-2 9.000E-4 ISO-AOV-CC-V1136 1.000E-4 ISO-CKV-CC-V1135 1.000E-3 ISO-MOV-CC-V1434 36 DCP-PNLC ISO-4 58 FWS2 IGNORE ISO-XHE-MOV-REC GATE-4-77 125 VDC BATTERY PANEL C IS UNAVAILABLE FIREWATER MAKEUP TO THE ISOLATION CONDENSER IS UNAVAILABLE MAKEUP WA SOURCES F TRAIN A FAILS MAKEUP ISOLATION VALVE V-11-36 TO EC-A FAILS TO OPEN TRAIN A INJECTION VALVE EC-14-34 FAILS TO OPEN MAKEUP ISOLATION VALVE V-11-35 TO EC-A FAILS TO OPEN Operator opens MOV EC-14-34 when 125VDC bus is unavailable ISO - ISOLATION CONDENSER 2005/05/23 Page 60 Figure A-1 Modification to ISO Fault Tree

LER 219/03-002 14 ISO ISOLATION CONDENSER IE-LOSWS LOSS OF SERVICE WATER INITIATOR END-STATE NOTES 1

OK 2

CD LOSWS - OYSTER CREEK LOSS OF SERVICE WATER SYSTEM 2005/05/23 Figure A-2 LOSWS - SD Event Tree

LER 219/03-002 15 EPS EMERGENCY POWER IE-LOOP LOSS OF OFFSITE POWER END-STATE NOTES 1

OK 2

T SBO LOOP - OYSTER CREEK LOSS-OF-OFFSITE POWER 2005/05/23 Figure A-3 LOOP - SD Event Tree

LER 219/03-002 16 ISO1 AC-20 AC POWER RECOVERY EPS TRANSFER BRANCH SBO END-STATE NOTES 1 OK 2 OK 3 CD SBO - OYSTER CREEK STATION BLACKOUT 2005/04/22 Figure A-4 SBO - SD Event Tree

LER 219/03-002 17 ISO ISOLATION CONDENSER IE-LOIS LOSS OF INTAKE STRUCTURE (PSA)

END-STATE NOTES 1

OK 2

CD LOIS - OYSTER CREEK LOSS OF INTAKE STRUCTURE 2005/05/23 Figure A-5 LOIS - SD Event Tree

LER 219/03-002 18 ISO SDC SHUTDOWN COOLING IE-TRANS GENERAL TRANSIENT END-STATE NOTES 1

OK 2

OK 3

CD TRANS - OYSTER CREEK GENERAL TRANSIENT 2005/04/22 Figure A-6 Loss of RHR - SD Event Tree

LER 219/03-002 19 ISO SDC SHUTDOWN COOLING IE-LODCB LOSS OF A DC BUS INITIATOR END-STATE NOTES 1

OK 2

OK 3

CD LODCB - OYSTER CREEK LOSS OF VITAL DC BUS 2005/04/22 Figure 7 - LODCB - SD Event Tree

LER 219/03-002 20 SDC-1 1.000E-3 SDC-MOV-CC-SUCT 1.000E-3 SDC-MOV-CC-INJEC 5.000E-4 RHR-XHE-XM-ERROR SDC 114 SDC-B 115 SDC-C 113 SDC-A SDC SUCTION VALVE RCS-17-19 FAILS TO OPEN SDC INJECTION VALVE RCS-17-54 FAILS TO OPEN OPERATOR FAILS TO START/CONTROL RHR SHUTDOWN COOLING SYSTEM IS UNAVAILABLE SHUTDOWN COOLING TRAIN A IS UNAVAILABLE SHUTDOWN COOLING TRAIN B IS UNAVAILABLE SHUTDOWN COOLING TRAIN C IS UNAVAILABLE SDC PUMP TRAIN FAILURES SDC - SHUTDOWN COOLING 2005/04/22 Page 112 Figure A-8 SDC Fault Tree

LER 219/03-002 21 5.149E-4 SDC-MDP-FR-PUMPA 8

ACP-1A2 36 DCP-PNLC 104 RBC 1.200E-3 SDC-MDP-FS-PUMPA 1.000E-4 SDC-CKV-CC-PCKVA 1.000E-3 SDC-MOV-CC-OUTA 1.000E-3 SDC-MOV-CC-INA 5.000E-3 SDC-MDP-TM-TRNA SDC-A 6.000E-5 SDC-HTX-PG-TRNA SDC PUMP A FAILS TO RUN 480 VAC MCC 1A2 IS UNAVAILABLE 125 VDC BATTERY PANEL C IS UNAVAILABLE RBCCW COOLING FLOW IS UNAVAILABLE SDC PUMP A FAILS TO START SDC TRAIN A IS IN TEST OR MAINTENANCE SDC TRAIN A INLET ISOLATION VLV FAILS TO OPEN SDC TRAIN A OUTLET ISOLATION VLV FAILS TO OPEN SDC PUMP A DISCHARGE CKV FAILS TO OPEN SHUTDOWN COOLING TRAIN A IS UNAVAILABLE SDC TRAIN A HEAT EXCHANGER IS UNAVAILABLE SDC-A - OYSTER CREEK SHUTDOWN COOLING SYSTEM FAULT TREE 2002/10/02 Page 113 Figure A-9 SDC-A Fault Tree

LER 219/03-002 22 5.149E-4 SDC-MDP-FR-PUMPB 11 ACP-1B2 SDC-B 35 DCP-PNLB 104 RBC 1.200E-3 SDC-MDP-FS-PUMPB 1.000E-4 SDC-CKV-CC-PCKVB 1.000E-3 SDC-MOV-CC-OUTB 1.000E-3 SDC-MOV-CC-INB 5.000E-3 SDC-MDP-TM-TRNB 6.000E-5 SDC-HTX-PG-TRNB SDC PUMP B FAILS TO RUN 480 VAC MCC 1B2 IS UNAVAILABLE SHUTDOWN COOLING TRAIN B IS UNAVAILABLE 125 VDC BATTERY PANEL B IS UNAVAILABLE RBCCW COOLING FLOW IS UNAVAILABLE SDC PUMP B FAILS TO START SDC TRAIN B IS IN TEST OR MAINTENANCE SDC TRAIN B INLET ISOLATION VLV FAILS TO OPEN SDC TRAIN B OUTLET ISOLATION VLV FAILS TO OPEN SDC TRAIN B HEAT EXCHANGER IS UNAVAILABLE SDC PUMP B DISCHARGE CKV FAILS TO OPEN SDC-B - OYSTER CREEK SHUTDOWN COOLING SYSTEM FAULT TREE 2002/08/26 Page 114 Figure A-10 SDC-B Fault Tree

LER 219/03-002 23 5.149E-4 SDC-MDP-FR-PUMPC 11 ACP-1B2 SDC-C 35 DCP-PNLB 104 RBC 1.200E-3 SDC-MDP-FS-PUMPC 1.000E-4 SDC-CKV-CC-PCKVC 1.000E-3 SDC-MOV-CC-OUTC 1.000E-3 SDC-MOV-CC-INC 5.000E-3 SDC-MDP-TM-TRNC 6.000E-5 SDC-HTX-PG-TRNC SDC PUMP C FAILS TO RUN 480 VAC MCC 1B2 IS UNAVAILABLE SHUTDOW N COOLING TRAIN C IS UNAVAILABLE 125 VDC BATTERY PANEL B IS UNAVAILABLE RBCCW COOLING FLOW IS UNAVAILABLE SDC PUMP C FAILS TO START SDC TRAIN C IS IN TEST OR MAINTENANCE SDC TRAIN C INLET ISOLATION VLV FAILS TO OPEN SDC TRAIN C OUTLET ISOLATION VLV FAILS TO OPEN SDC TRAIN C HEAT EXCHANGER IS UNAVAILABLE SDC PUMP C DISCHARGE CKV FAILS TO OPEN SDC-C - OYSTER CR EEK SHUTDOW N COOLING SYSTEM F AULT T REE 2002/08/26 Page 1 15 Figure A-11 SDC-C Fault Tree

LER 219/03-002 24 Attachment B Human Error Analysis An operator recovery action represented by the basic event ISO-XHE-MOV-REC has been introduced, if the initiating event of loss of DC Bus B occurs, in addition to the plant condition. In that case, the DC bus A is also assumed depleted by the condition. However, the operators have the proceduralized recovery action (Reference 4) of opening the isolation condenser MOV EC-14-34 to start decay heat removal via the isolation condenser (ISO event tree node) upon failure of DC bus B.

The diagnosis part of this HEP is assigned moderately complex diagnosis and high stress due to loss of DC bus B event coupled with the condition. The action is also assigned high stress, but is of nominal complexity. The other PSFs are nominal.

The HEP of the basic event ISO-XHE-MOV-REC is calculated as the sum of diagnosis (4E-02) plus action (2E-03)phases:

HEP = 4.2E-02.

LER 219/03-002 25 Attachment C Ou Table C-1:

Output for the 34-hour Table C-2 Output for the TRANS event

LER 219/03-0 26 Table C-1:

Output fo C O N D I T I O N A S S E S S M E N T Code Version: 7:25 Model Version : 2004/12/22 Project : OYST_3 Duration (hrs) : 3.4E+001 User Name : INEEL Total CCDP : 5.6E-007 Event ID : 34-HOURS Total CDP : 1.4E-008 Importance : 5.5E-007 Description : Condition Assessment for 34-hour condition BASIC EVENT CHANGES Event Name Description Base Prob Curr Prob Type ACP-BAC-LP-1C 4160 VAC BUS 1C IS UNAVAILAB 4.8E-006 1.0E+000 TRUE EPS-DGN-TM-DG1 DG1 IS UNAVAILABLE DUE TO TE 9.0E-003 1.0E+000 TRUE ISO-XHE-MOV-REC Operator opens MOV EC-14-34 +0.0E+000 4.2E-002 SEQUENCE PROBABILITIES Truncation : Cummulative : 100.0% Individual : 1.0%

Event Tree Name Sequence Name CCDP CDP Importance LODCB 29 4.5E-007 2.6E-010 4.5E-007 LOOP 14-24 6.2E-008 3.1E-009 5.9E-008 LOOP 14-03 1.6E-008 7.8E-010 1.5E-008 LODCB 32-20 1.3E-008 3.3E-013 1.3E-008 LOOP 14-26 5.8E-009 2.9E-010 5.5E-009 NOTE: Percent contribution to total Importance.

SEQUENCE LOGIC Event Tree Sequence Name Logic LODCB 29 /RPS /SRV PCS ISO MFW /DEP CDS LCS LOOP 14-24 /RPS EPS P1 /ISO1 AC-1HR LOOP 14-03 /RPS EPS

/SRV /ISO1 CTG /SEALS

/DCL AC-8HR LODCB 32-20 /RPS P2

LER 219/03-0 27 2005/05/23 13:14:35 page 1 PCS MFW

/DEP CDS LCS LOOP 14-26 /RPS EPS P2 Fault Tree Name Description AC-1HR OYSTER CREEK AC POWER RECOVERY IN 1 HOUR AC-8HR OYSTER CREEK AC POWER RECOVERY IN 8 HOURS CDS CONDENSATE CTG OYSTER CREEK AC FORKED RIVER COMBUSTION TURBINES DCL OYSTER CREEK AC OPERATOR SHEDS DC LOADS DEP MANUAL REACTOR DEPRESS EPS OYSTER CREEK AC TRANSFER BRANCH SBO ISO ISOLATION CONDENSER ISO1 OYSTER CREEK ISOLATION CONDENSER LCS CORE SPRAY MFW FEEDWATER P1 OYSTER CREEK PRESSURE RELIEF SYSTEM FAULT TREE P2 OYSTER CREEK PRESSURE RELIEF SYSTEM FAULT TREE PCS POWER CONVERSION SYSTEM RPS REACTOR PROTECTION SYSTEM SEALS OYSTER CREEK RECIRC PUMP SEAL FAULT TREE SRV SRVs ARE CLOSED SEQUENCE CUT SETS Truncation: Cummulative: 100.0% Individual: 1.0%

Event Tree: LODCB CCDF: 1.2E-004 Sequence: 29 CCDF % Cut Set Cut Set Events 1.1E-004 91.53 ISO-XHE-MOV-REC 2.5E-006 2.18 ISO-XHE-XE-LCTRL 2.5E-006 2.18 ISO-MOV-CC-V1434 2.5E-006 2.18 ISO-XHE-XE-ERROR 2.3E-006 1.96 ISO-AOV-CC-V1136 Event Tree: LOOP CCDF: 1.6E-005 Sequence: 14-24 CCDF % Cut Set Cut Set Events 9.7E-006 60.74 EPS-XHE-XL-NR01H PPR-SRV-OO-1VLV EPS-DGN-FR-DG2 OEP-XHE-XL-NR01H

LER 219/03-0 28 2005/05/23 13:14:35 page 2

LER 219/03-0 29 4.1E-006 25.82 EPS-XHE-XL-NR01H PPR-SRV-OO-1VLV EPS-DGN-TM-DG2 OEP-XHE-XL-NR01H 1.8E-006 11.48 EPS-XHE-XL-NR01H PPR-SRV-OO-1VLV EPS-DGN-FS-DG2 OEP-XHE-XL-NR01H 2.7E-007 1.68 EPS-XHE-XL-NR01H PPR-SRV-OO-1VLV OEP-XHE-XL-NR01H EPS-DGN-CF-RUN Event Tree: LOOP CCDF: 4.0E-006 Sequence: 14-03 CCDF % Cut Set Cut Set Events 2.1E-006 53.48 EPS-XHE-XM-CTG EPS-XHE-XL-NR08H EPS-DGN-FR-DG2 OEP-XHE-XL-NR08H 9.1E-007 22.73 EPS-XHE-XM-CTG EPS-XHE-XL-NR08H EPS-DGN-TM-DG2 OEP-XHE-XL-NR08H 4.0E-007 10.10 EPS-XHE-XM-CTG EPS-XHE-XL-NR08H EPS-DGN-FS-DG2 OEP-XHE-XL-NR08H 5.9E-008 1.48 EPS-XHE-XM-CTG EPS-XHE-XL-NR08H EPS-DGN-CF-RUN OEP-XHE-XL-NR08H 5.3E-008 1.34 EPS-CTG-TM-#1 EPS-CTG-TM-#2 EPS-XHE-XL-NR08H EPS-DGN-FR-DG2 OEP-XHE-XL-NR08H 4.3E-008 1.07 EPS-CTG-FS-#1 EPS-CTG-TM-#2 EPS-XHE-XL-NR08H EPS-DGN-FR-DG2 OEP-XHE-XL-NR08H 4.3E-008 1.07 EPS-CTG-FS-#2 EPS-CTG-TM-#1 EPS-XHE-XL-NR08H EPS-DGN-FR-DG2 OEP-XHE-XL-NR08H Event Tree: LODCB CCDF: 3.3E-006 Sequence: 32-20 CCDF % Cut Set Cut Set Events 3.3E-006 100.00 PPR-SRV-OO-2VLVS Event Tree: LOOP CCDF: 1.5E-006 Sequence: 14-26 CCDF % Cut Set Cut Set Events 9.1E-007 60.73 PPR-SRV-OO-2VLVS EPS-DGN-FR-DG2 3.9E-007 25.82 PPR-SRV-OO-2VLVS EPS-DGN-TM-DG2 1.7E-007 11.47 PPR-SRV-OO-2VLVS EPS-DGN-FS-DG2 2.5E-008 1.68 PPR-SRV-OO-2VLVS EPS-DGN-CF-RUN BASIC EVENTS (Cut Sets Only)

Event Name Description Curr Prob 2005/05/23 13:14:35 page 3

LER 219/03-0 30 Event Name Description Curr Prob EPS-CTG-FS-#1 FORKED RIVER COMBUSTION TURBINE #1 FAILS TO S 4.0E-002 EPS-CTG-FS-#2 FORKED RIVER COMBUSTION TURBINE #2 FAILS TO S 4.0E-002 EPS-CTG-TM-#1 FORKED RIVER COMBUSTION TURBINE #1 IS IN TEST 5.0E-002 EPS-CTG-TM-#2 FORKED RIVER COMBUSTION TURBINE #2 IS IN TEST 5.0E-002 EPS-DGN-CF-RUN DIESEL FAIL FROM COMMON CAUSE TO RUN 5.9E-004 EPS-DGN-FR-DG2 DIESEL GENERATOR DG2 FAILS TO RUN 2.1E-002 EPS-DGN-FS-DG2 DIESEL GENERATOR DG2 FAILS TO START 4.0E-003 EPS-DGN-TM-DG2 DG2 IS UNAVAILABLE DUE TO TEST OR MAINTENANCE 9.0E-003 EPS-XHE-XL-NR01H OPERATOR FAILS TO RECOVER EMERGENCY DIESEL IN 8.4E-001 EPS-XHE-XL-NR08H OPERATOR FAILS TO RECOVER EMERGENCY DIESEL IN 2.5E-001 EPS-XHE-XM-CTG FAILURE TO ALIGN FORKED RIVER COMBUSTION TURB 1.0E-001 ISO-AOV-CC-V1136 MAKEUP ISOLATION VALVE V-11-36 TO EC-A FAILS 9.0E-004 ISO-MOV-CC-V1434 TRAIN A INJECTION VALVE EC-14-34 FAILS TO OPE 1.0E-003 ISO-XHE-MOV-REC OPERATOR OPENS MOV EC-14-34 WHEN 125VDC BUS I 4.2E-002 ISO-XHE-XE-ERROR OPERATOR FAILS TO START/CONTROL EMERGENCY CON 1.0E-003 ISO-XHE-XE-LCTRL OPERATOR FAILS TO CONTROL REACTOR WATER LEVEL 1.0E-003 OEP-XHE-XL-NR01H OPERATOR FAILS TO RECOVER OFFSITE POWER IN 1 5.3E-001 OEP-XHE-XL-NR08H OPERATOR FAILS TO RECOVER OFFSITE POWER IN 8 1.2E-001 PPR-SRV-OO-1VLV ONE SRV FAILS TO CLOSE 3.1E-002 PPR-SRV-OO-2VLVS TWO SRVS STICK OPEN 1.3E-003 2005/05/23 13:14:35 page 4

LER 219/03-0 31 Table C-2 Output fo I N I T I A T I N G E V E N T A S S E S S M E N T Code Ver : 7:25 Fam : OYST_3 Model Ver : 2004/12/22 User : INEEL Init Event: IE-TRANS Ev ID: TRANS-IEV Total CCDP: 3.6E-007 Desc : Initiating Event Assessment BASIC EVENT CHANGES Event Name Description Base Prob Curr Prob Type ACP-BAC-LP-1C 4160 VAC BUS 1C IS UNAVAILAB 4.8E-006 1.0E+000 TRUE EPS-DGN-TM-DG1 DG1 IS UNAVAILABLE DUE TO TE 9.0E-003 1.0E+000 TRUE IE-IORV INADVERTENT OPEN RELIEF VALV 1.5E-002 +0.0E+000 IE-LCS-V-A ISLOCA OCCURS WITH REACTOR A 8.8E+003 +0.0E+000 IE-LCS-V-B ISLOCA OCCURS WITH REACTOR A 8.8E+003 +0.0E+000 IE-LLOCA LARGE LOSS OF COOLANT ACCIDE 3.0E-005 +0.0E+000 IE-LOCHS LOSS OF CONDENSER HEAT SINK 2.0E-001 +0.0E+000 IE-LOCW LOSS OF CIRCULATING WATER 4.0E-004 +0.0E+000 IE-LODCB LOSS OF A DC BUS INITIATOR 2.5E-003 +0.0E+000 IE-LOIS LOSS OF INTAKE STRUCTURE (PS 7.5E-003 +0.0E+000 IE-LOMFW LOSS OF FEEDWATER TRANSIENT 1.0E-001 +0.0E+000 IE-LOOP LOSS OF OFFSITE POWER 3.3E-002 +0.0E+000 IE-LOSWS LOSS OF SERVICE WATER INITIA 4.0E-004 +0.0E+000 IE-SLOCA SMALL LOCA INITIATING EVENT 4.0E-004 +0.0E+000 IE-TRANS GENERAL TRANSIENT 8.0E-001 1.0E+000 ISO-XHE-MOV-REC Operator opens MOV EC-14-34 +0.0E+000 4.2E-002 SEQUENCE PROBABILITIES Truncation : Cummulative : 100.0% Individual : 1.0%

Event Tree Name Sequence Name CCDP %Cont TRANS 33-6 2.7E-007 TRANS 34-6 5.0E-008 TRANS 34-5 2.1E-008 TRANS 34-7 1.9E-008 SEQUENCE LOGIC Event Tree Sequence Name Logic TRANS 33-6 /RPS P3 LCS TRANS 34-6 RPS /PPR

/RRS PCS TRANS 34-5 RPS /PPR

LER 219/03-0 32 2005/05/23 13:56:42 page 1

/RRS /PCS SLC TRANS 34-7 RPS /PPR RRS Fault Tree Name Description LCS CORE SPRAY P3 OYSTER CREEK PRESSURE RELIEF SYSTEM FAULT TREE PCS POWER CONVERSION SYSTEM PPR OYSTER CREEK PRESSURE RELIEF SYSTEM FAULT TREE RPS REACTOR PROTECTION SYSTEM RRS OYSTER CREEK RECIRCULATION PUMP TRIP FAULT TREE SLC OYSTER CREEK STANDBY LIQUID CONTROL SYSTEM FAULT TREE SEQUENCE CUT SETS Truncation: Cummulative: 100.0% Individual: 1.0%

Event Tree: TRANS CCDP: 2.7E-007 Sequence: 33-6 CCDP % Cut Set Cut Set Events 2.0E-007 75.04 PPR-SRV-OO-3VLVS LCS-XHE-XM-ERROR 5.0E-009 1.88 PPR-SRV-OO-3VLVS LCS-MDP-TM-P1C LCS-MDP-TM-P3B 5.0E-009 1.88 PPR-SRV-OO-3VLVS LCS-MDP-TM-P1B LCS-MDP-TM-P3C 5.0E-009 1.88 PPR-SRV-OO-3VLVS LCS-MDP-TM-P3B LCS-MDP-TM-P3C 5.0E-009 1.88 PPR-SRV-OO-3VLVS LCS-MDP-TM-P1B LCS-MDP-TM-P1C Event Tree: TRANS CCDP: 5.0E-008 Sequence: 34-6 CCDP % Cut Set Cut Set Events 1.9E-008 37.74 MSS-TBV-CC-BYPS1 RPS-SYS-FC-PSOVS 8.5E-009 17.15 RPS-SYS-FC-PSOVS TBC-MDP-TM-P55 4.2E-009 8.44 MSS-TBV-CC-BYPS1 RPS-SYS-FC-RELAY 2.8E-009 5.55 MSS-TBV-CC-BYPS1 RPS-SYS-FC-CRD 2.6E-009 5.15 RPS-SYS-FC-PSOVS TBC-MDP-FS-P55 1.9E-009 3.83 RPS-SYS-FC-RELAY TBC-MDP-TM-P55 1.7E-009 3.43 RPS-SYS-FC-PSOVS TBC-XHE-XR-P55 1.7E-009 3.43 MFW-XHE-XO-ERROR RPS-SYS-FC-PSOVS 1.3E-009 2.52 RPS-SYS-FC-CRD TBC-MDP-TM-P55 2005/05/23 13:56:42 page 2

LER 219/03-0 33

LER 219/03-0 34 1.2E-009 2.44 MSS-TBV-CC-BYPS1 RPS-SYS-FC-HCU 5.7E-010 1.15 RPS-SYS-FC-RELAY TBC-MDP-FS-P55 5.5E-010 1.11 RPS-SYS-FC-HCU TBC-MDP-TM-P55 Event Tree: TRANS CCDP: 2.1E-008 Sequence: 34-5 CCDP % Cut Set Cut Set Events 8.5E-009 40.64 SLC-MDP-TM-P12 RPS-SYS-FC-PSOVS 2.0E-009 9.75 SLC-MDP-FS-P12 RPS-SYS-FC-PSOVS 1.9E-009 9.09 SLC-MDP-TM-P12 RPS-SYS-FC-RELAY 1.7E-009 8.13 SLC-XHE-XR-P12 RPS-SYS-FC-PSOVS 1.7E-009 8.13 RPS-SYS-FC-PSOVS SLC-XHE-XM-ERROR 1.3E-009 5.98 SLC-MDP-TM-P12 RPS-SYS-FC-CRD 5.5E-010 2.63 SLC-MDP-TM-P12 RPS-SYS-FC-HCU 4.6E-010 2.18 SLC-MDP-FS-P12 RPS-SYS-FC-RELAY 3.8E-010 1.82 SLC-XHE-XR-P12 RPS-SYS-FC-RELAY 3.8E-010 1.82 RPS-SYS-FC-RELAY SLC-XHE-XM-ERROR 3.0E-010 1.43 SLC-MDP-FS-P12 RPS-SYS-FC-CRD 2.5E-010 1.20 RPS-SYS-FC-CRD SLC-XHE-XM-ERROR 2.5E-010 1.20 SLC-XHE-XR-P12 RPS-SYS-FC-CRD Event Tree: TRANS CCDP: 1.9E-008 Sequence: 34-7 CCDP % Cut Set Cut Set Events 2.6E-009 13.72 RRS-CRB-CC-PUMP2 RPS-SYS-FC-PSOVS 2.6E-009 13.72 RRS-CRB-CC-PUMP1 RPS-SYS-FC-PSOVS 2.6E-009 13.72 RRS-CRB-CC-PUMP3 RPS-SYS-FC-PSOVS 2.6E-009 13.72 RRS-CRB-CC-PUMP4 RPS-SYS-FC-PSOVS 2.6E-009 13.72 RRS-CRB-CC-PUMP5 RPS-SYS-FC-PSOVS 5.7E-010 3.07 RRS-CRB-CC-PUMP2 RPS-SYS-FC-RELAY 5.7E-010 3.07 RRS-CRB-CC-PUMP1 RPS-SYS-FC-RELAY 5.7E-010 3.07 RRS-CRB-CC-PUMP3 RPS-SYS-FC-RELAY 5.7E-010 3.07 RRS-CRB-CC-PUMP4 RPS-SYS-FC-RELAY 5.7E-010 3.07 RRS-CRB-CC-PUMP5 RPS-SYS-FC-RELAY 3.8E-010 2.02 RRS-CRB-CC-PUMP2 RPS-SYS-FC-CRD 3.8E-010 2.02 RRS-CRB-CC-PUMP1 RPS-SYS-FC-CRD 3.8E-010 2.02 RRS-CRB-CC-PUMP3 RPS-SYS-FC-CRD 3.8E-010 2.02 RRS-CRB-CC-PUMP4 RPS-SYS-FC-CRD 3.8E-010 2.02 RRS-CRB-CC-PUMP5 RPS-SYS-FC-CRD BASIC EVENTS (Cut Sets Only)

Event Name Description Curr Prob LCS-MDP-TM-P1B PUMP CRS-1B IS IN TEST OR MAINTENANCE 5.0E-003 LCS-MDP-TM-P1C PUMP CRS-1C IS IN TEST OR MAINTENANCE 5.0E-003 LCS-MDP-TM-P3B PUMP CRS-3B IS IN TEST OR MAINTENANCE 5.0E-003 2005/05/23 13:56:42 page 3

LER 219/03-0 35 Event Name Description Curr Prob LCS-MDP-TM-P3C PUMP CRS-3C IS IN TEST OR MAINTENANCE 5.0E-003 LCS-XHE-XM-ERROR OPERATOR FAILS TO START/CONTROL CORE SPRAY 1.0E-003 MFW-XHE-XO-ERROR OPERATOR FAILS TO MAINTAIN FEEDWATER INJECTIO 1.0E-003 MSS-TBV-CC-BYPS1 TURBINE BYPASS VALVES FAIL TO OPEN 1.1E-002 PPR-SRV-OO-3VLVS THREE OR MORE SRVS STICK OPEN 2.0E-004 RPS-SYS-FC-CRD CONTROL ROD DRIVE MECHANICAL FAILURE 2.5E-007 RPS-SYS-FC-HCU HCU COMPONENTS FAIL 1.1E-007 RPS-SYS-FC-PSOVS HCU SCRAM PILOT SOVS FAIL 1.7E-006 RPS-SYS-FC-RELAY TRIP SYSTEM RELAYS FAIL 3.8E-007 RRS-CRB-CC-PUMP1 RECIRC PUMP 1 FIELD BREAKER FAILS TO OPEN 1.5E-003 RRS-CRB-CC-PUMP2 RECIRC PUMP 2 FIELD BREAKER FAILS TO OPEN 1.5E-003 RRS-CRB-CC-PUMP3 RECIRC PUMP 3 FIELD BREAKER FAILS TO OPEN 1.5E-003 RRS-CRB-CC-PUMP4 RECIRC PUMP 4 FIELD BREAKER FAILS TO OPEN 1.5E-003 RRS-CRB-CC-PUMP5 RECIRC PUMP 5 FIELD BREAKER FAILS TO OPEN 1.5E-003 SLC-MDP-FS-P12 SLC PUMP 1-2 FAILS TO START 1.2E-003 SLC-MDP-TM-P12 SLC PUMP 1-2 IS IN TEST OR MAINTENANCE 5.0E-003 SLC-XHE-XM-ERROR OPERATOR FAILS START/CONTROL SLC 1.0E-003 SLC-XHE-XR-P12 OPERATOR FAILS TO RESTORE PUMP AFTER TEST OR 1.0E-003 TBC-MDP-FS-P55 TBCCW PUMP P-5-005 FAILS TO START 1.5E-003 TBC-MDP-TM-P55 TBCCW PUMP P-5-005 IS UNAVAILABLE BECAUSE OF 5.0E-003 TBC-XHE-XR-P55 TBCCW PUMP P-5-005 NOT RESTORED AFTER MAINTEN 1.0E-003 2005/05/23 13:56:42 page 4

Retrieved from "https://kanterella.com/w/index.php?title=ML051790372&oldid=5381019"