ML060240384
| ML060240384 | |
| Person / Time | |
|---|---|
| Site: | Peach Bottom  |
| Issue date: | 09/15/2003 |
| From: | NRC/RES/DRAA/OERAB |
| To: | |
| Shared Package | |
| ML060240240 | List: |
| References | |
| LER 2003-004-00 | |
| Download: ML060240384 (17) | |
Text
1 For the initiating event assessment, the parameter of interest is the measure of the CCDP. This is the value obtained when calculating the probability of core damage for an initiating event with subsequent failure of one or more components following the initiating event.
1 Enclosure Final Precursor Analysis Accident Sequence Precursor Program --- Office of Nuclear Regulatory Research Peach Bottom, Unit 3 Automatic Reactor Scram Due to Momentary Loss of Offsite Power Event Date 9/15/2003 LER: 277/03-004 CCDP1 = 3x10-6 August 24, 2005 Event Summary At approximately 1:32 a.m. on September 15, 2003, Unit 2 and Unit 3 experienced a brief loss of offsite power to the emergency buses. The loss of offsite power resulted in the loss of power to the reactor protection system (RPS) motor generator sets which automatically shut down Unit 2 and 3 and automatically initiated Primary Containment Isolation System (PCIS) Group I, II, III isolations.
All four emergency diesel generators automatically started and the standby gas treatment system automatically started. High Pressure Coolant Injection (HPCI) and Reactor Core Isolation Cooling (RCIC) were manually started to maintain reactor water level. Reactor pressure was controlled using the Main Steam Safety Relief Valves (SRV) on both units. Further information can be found in References 1 and 2.
Cause. The momentary loss of offsite power (LOOP) was the result of a lightning strike approximately 35 miles northeast of the plants.
Other conditions, failures, and unavailable equipment.
Emergency diesel generator (EDG) E2 tripped on low jacket water coolant pressure approximately 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br /> after the LOOP occurred.
SRV D initially failed to reclose after lifting. The valve closed 15 minutes later with no operator action.
Main steam isolation valves (MSIV) closed causing the loss of the power conversion system in the short term.
Recovery opportunities. Offsite power source 343 SU was available 1 minute after the LOOP occurred (Ref. 2). Offsite power source 2 SU was available 30 minutes after the LOOP occurred (Ref. 2). The 500 kV source was available throughout the event. Power from offsite was restored to the first emergency bus at 0234 hours0.00271 days <br />0.065 hours <br />3.869048e-4 weeks <br />8.9037e-5 months <br /> on September 15 (Ref. 2). Further details on offsite power recovery are located in Attachment B.
Analysis Results Conditional Core Damage Probability (CCDP)
The CCDP for this event is 3x10-6. The acceptance threshold for the Accident Sequence Precursor Program is a CCDP of 1x10-6. This event is a precursor.
Mean 5%
95%
Best estimate 3x10-6 1x10-7 1x10-5 Dominant Sequences The dominant core damage sequence for this assessment is Transient (TRAN) sequence 38-7 (88.5% of the total CCDP). The TRAN event tree is shown in Figure 1. The subtree P2 (two or more stuck open SRVs) is shown in Figure 2.
The events and important component failures in TRAN Sequence 38-7 are:
S Transient occurs, S
Reactor shutdown succeeds, S
Two or more SRVs are stuck open, and S
Low pressure injection fails.
Results Tables S
The CCDP value for the dominant sequence is shown in Table 1.
S The event tree sequence logic for the dominant sequence is presented in Table 2a.
S Table 2b defines the nomenclature used in Table 2a.
S The most important cut sets for the dominant sequence are listed in Table 3.
S Table 4 presents names, definitions, and probabilities of (1) basic events whose probabilities were changed to update the referenced SPAR model, (2) basic events whose probabilities were changed to model this event, and (3) basic events that are important to the CCDP result.
Modeling Assumptions Assessment Summary Since one offsite power source (500 kV) was available throughout the event and the two other offsite power sources (343 SU and 2 SU) were available within 1 minute and 30 minutes respectively, this event was modeled as a transient initiating event instead of a LOOP initiating event. In addition, balance of plant loads were available throughout the event.
The recovery of offsite power from available sources was modeled by modifying the LOOP flag set in the SPAR model by changing the False flag to a failure probability that a safety bus could not be re-energized by any offsite power source given a failure the bus EDG.
See Basic Probability Changes and Attachment B for further details on the offsite power recovery modeling.
Rev. 3.11 (SAPHIRE 7) of the Peach Bottom SPAR model (Ref. 3) was used for this assessment. The base model version used for this analysis is dated December 31, 2004.
Important Assumptions Important assumptions regarding the modeling of this event include the following:
S Offsite power from two sources (343 SU and 500 kV) was available throughout the event. Source 2 SU became available 30 minutes after the event. See Attachment B for further details.
S EDG E2 failed to run and was assumed not be recoverable within the time frame of core uncovery sequences during a postulated station blackout.
S Condenser heat sink was recoverable in the long-term, but not recoverable in the short-term due to the closing of the MSIVs.
S Condensate pumps were available for long-term injection throughout the event.
S Five SRVs opened to relieve pressure after the closure of the MSIVs.
S A stuck open SRV reclosed without any operator action at 15 minutes following the reactor scram. Not knowing the cause of the SRV sticking open, this analysis assumes a conditional probability that the SRV may not have closed given that it stuck open.
Fault Tree Modifications A basic event was added to the power conversion system (PCS) fault tree. PCS was lost (in the short term) during the event due to the shutting of the MSIVs. A basic event PCS-MSIV-LOOP was added under the PCS-TRAN OR gate to model the MSIVs shutting due to the LOOP. The modified PCS fault tree is shown in Figure 3. See Basic Event Probability Changes for further details.
PCS was recoverable in the long term. To recover PCS, operators would have to reset the PCIS for Group I and manually open the MSIVs. The condensate system was available throughout the event for injection and available for PCS recovery (hotwell level control).
Therefore, the power conversion system recovery (PCSR) fault tree was changed to include a basic event for operators failing to reopen the MSIVs (PCS-XHE-MSIV) and a transfer gate to the condensate system (CDS). The revised PCSR fault tree is shown in Figure 4.
See Basic Event Probability Changes and Attachment C for further details.
Basic Event Probability Changes Table 4 includes basic events whose probabilities were changed to reflect the event being analyzed. The bases for these changes are as follows:
S EDG B fails to run (EPS-DGN-FR-DGB). Diesel generator E2 failed to run after about 1 hour1.157407e-5 days <br />2.777778e-4 hours <br />1.653439e-6 weeks <br />3.805e-7 months <br />. Therefore, EPS-DGN-FR-DGB was set to TRUE.
S Non-recovery of offsite power - LOOP Flags (LOOP-I, II, III, IV). LOOP flags are normally used to switch system power dependencies from offsite power (set to False) to emergency power (set to True) for the specified LOOP/SBO sequences.
Since this analysis is not using the LOOP model, the flags will be used to model the probability of non-recovery of offsite power given failure of an EDG. The failure probability for each safety bus, along with the calculation details, is provided in Attachment B.
S MSIVs shut due to momentary LOOP (PCS-MSIV-LOOP). The basic event PCS-MSIV-LOOP was set to TRUE to reflect actual plant conditions during the event.
S Operators fail to reopen MSIVs (PCS-XHE-MSIVS). The basic event PCS-XHE-MSIVS was evaluated using the SPAR-H method (Ref. 4) and set to 4.0x10-3.
Further details about this event are located in Attachment C.
S One SRV fails to close (PPR-SRV-OO-1VLV). The probability PPR-SRV-OO-1VLV was set to the conditional probability of 6.4x10-1. Details on the calculation of this probability are located in Attachment D.
S Two SRVs fail to close (PPR-SRV-OO-2VLVS). The probability PPR-SRV-OO-2VLVS was set to the probability of 5.1x10-3. Details on the calculation of this probability are located in Attachment D.
S Three SRVs fail to close (PPR-SRV-OO-3VLVS). The probability PPR-SRV-OO-3VLVS was set to the probability of 8.0x10-5. Details on the calculation of this probability are located in Attachment D.
References 1.
Licensee Event Report 277/03-004, Units 2 and 3 Automatic Scrams Resulting from an Off-site Electric Grid Disturbance, event date September 15, 2003.
2.
NRC Augmented Inspection Team Report 50-277/03-013, December 18, 2003.
3.
R. F. Buell and J. A. Schroeder, Standardized Plant Analysis Risk Model for Peach Bottom, Revision 3.11, December 2004.
4.
D. Gertman, et al., SPAR-H Method, INEEL/EXT-02-10307, Draft for Comment, November 2002.
5.
J.R. Houghton, Calculation of BWR Main Steam Line Safety Relief Valve Failure to Close, March 2004.
Table 1. Conditional probabilities associated with the highest probability sequences.
Event tree name Sequence no.
Conditional core damage probability (CCDP)1 Percent contribution TRAN 38-7 2.3x10-6 88.5%
Total (all sequences)2 2.6x10-6
- 1. Values are point estimates. (File name: GEM 277-03-004 Unit 3 Best Estimate.wpd)
- 2. Total CCDP includes all sequences (including those not shown in this table).
Table 2a. Event tree sequence logic for the dominant sequences.
Event tree name Sequence no.
Logic
(/ denotes success; see Table 2b for top event names)
TRAN 38-7
/RPS, P2, LPI Table 2b. Definitions of fault trees listed in Table 2a.
LPI LOW PRESSURE INJECTION FAILS P2 TWO OR MORE STUCK OPEN SRVS RPS REACTOR SHUTDOWN FAILS Table 3. Conditional cut sets for dominant sequences.
CCDP1 Percent contribution Minimal cut sets2 Event Tree: TRAN, Sequence 38-7 1.6x10-6 71.3 PPR-SRV-OO-2VLVS LPI-XHE-XM-ERROR 6.2x10-7 27.1 PPR-SRV-OO-2VLVS ESF-ASL-MC-LEVEL 2.3x10-6 Total (all cut sets)3
- 1. Values are point estimates.
- 2. See Table 4 for definitions and probabilities for the basic events.
- 3. Totals include all cut sets (including those not shown in this table).
Table 4. Definitions and probabilities for modified or dominant basic events.
Event name Description Probability/
frequency Modified EPS-DGN-FR-DGB EDG B FAILS TO RUN TRUE Yes1 ESF-ASL-MC-LEVEL ECCS LEVEL SENSORS MISCALIBRATED 1.9x10-4 No IE-TRAN TRANSIENT INITIATING EVENT 1.0 Yes2 LOOP I LOSS OF OFFSITE POWER TO DIVISION 1 5.0x10-5 Yes3 LOOP II LOSS OF OFFSITE POWER TO DIVISION 2 3.0x10-5 Yes3 LOOP III LOSS OF OFFSITE POWER TO DIVISION 3 5.0x10-5 Yes3 LOOP IV LOSS OF OFFSITE POWER TO DIVISION 4 3.0x10-5 Yes3 LPI-XHE-XM-ERROR OPERATOR FAILS TO CONTROL LOW PRESSURE INJECTION 5.0x10-4 No PCS-MSIV-LOOP MSIVs SHUT DUE TO MOMENTARY LOOP TRUE Yes1 PCS-XHE-MSIVS OPERATORS FAIL TO REOPEN MSIVs 4.0x10-3 Yes4 PPR-SRV-OO-1VLV ONE SRV FAILS TO CLOSE 6.4x10-1 Yes5 PPR-SRV-OO-2VLVS TWO SRVs FAIL TO CLOSE 5.1x10-3 Yes5 PPR-SRV-OO-3VLVS THREE OR MORE SRVs FAIL TO CLOSE 8.0x10-5 Yes5 SBO STATION BLACKOUT HAS OCCURRED TRUE Yes6
- 1. Events changed to reflect the condition being analyzed. See report and Basic Event Probability Changes for further details.
- 2. Initiating event assessment-all other initiating event frequencies set to zero.
- 3. LOOP Flag events changed to a probability to reflect event probability that each safety bus would lose power. See report and Attachment B for further details.
- 4. Evaluated per SPAR-H method (Ref. 5). See Attachment C for further details.
- 5. See Attachment D for further details.
- 6. Flag changed to TRUE to activate the SRV fault tree.
Attachment A Event Timeline Table A.1. Timeline of significant electrical events.
Time1 Event 0132 LOOP 343 SU and 2 SU offsite sources experience degraded grid voltage - all EDGs start.
Turbine trip, followed by the reactor scram, occurs.
0133 343 SU source is re-energized and is available to all 8 safety buses. Almost immediately the undervoltage condition sensed on the supply side of the eight breakers from this source is cleared. The 2 SU supply breaker to the site SU 25 opens, and 2 SU is not available to the plants. At this point if an EDG tripped, the buses would have behaved as follows based on the offsite power breaker control logic (the normal offsite supply for each bus is in parentheses):
E23 (2 SU)
E223 tripped on loss of 2 SU. Alternate E323 would have auto-closed, powering from 343 SU.
E43 (2 SU)
E243 tripped on loss of 2 SU. Alternate E343 would have auto-closed, powering from 343 SU.
E13 (343 SU)
E313 tripped on loss of 343 SU, it could be manually closed by the operator.
Alternate E213 would not close without 2 SU power.
E33 (343 SU)
E333 tripped on loss of 343 SU, it could be manually closed by the operator.
Alternate E233 would not close without 2 SU power.
0234 E2 EDG Trips due to low jacket cooling water pressure. E2 EDG output breaker E23 opens and bus E23 is automatically re-energized from 343 SU when E323 closes.
0741 E13 power supply is switched from EDG E1 to 343 SU.
0748 E33 power supply is switched from EDG E3 to 343 SU.
0807 E43 power supply is switched from EDG E4 to 2 SU.
1.
All times are on September 15, 2003.
LER 277/03-004 2 The LOOP flags, one for each safety bus, or division, are used to negate EDG contribution in the safety bus fault trees during non-LOOP transients.
8 Attachment B Offsite Power Recovery Calculations The recovery of offsite power from available sources was modeled by modifying the LOOP flag set in the SPAR model by changing the False flag to a failure probability that a safety bus could not be re-energized by any offsite power source given a failure the bus EDG.2 The probabilities were calculated using the following assumptions:
343 SU source. The 343 SU source was automatically energized through closing of the feeder breaker 175 to the 343 SU transformer, at 18 seconds. Two of the four buses in each unit would have automatically swapped to 343 SU had its associated EDG failed. The other two buses could have been manually energized from 343 SU by closing one breaker from the control room had its EDGs failed.
2 SU source. The 2 SU source was available to supply power to all safety buses at both units, when the control room was notified at 30 minutes following the LOOP initiator. Once Breaker SU-25 was manually closed from the control room, two of the four buses in each unit would have automatically swapped to the 2 SU source had its EDGs failed. The other two buses could have been manually energized from 2 SU by closing one breaker from the control room had its EDGs failed.
500 kV source. The 500 kV source was available though out the event and could have been used to power all safety buses via Bus 3 SU given the loss of the 343 SU source (both sources supply power through the same 13 kV bus). This offsite power source in addition to other SBO power sources was not modeled in this analysis because of the unlikely loss of both the 343 SU and 2 SU sources.
Failure probabilities used in the offsite power nonrecovery probabilities calculations are given as follows:
S Probability of a breaker failure to close is 3x10-3/demand (from NUREG/CR-4550, Vol. 1).
S Using the SPAR-H method (Ref. 4), the probability that the operator would not have closed a breaker to re-energize the bus given the failure of its EDG is 4x10-3
[Nominal Time (x1), High Stress (x2), Moderately Complex (x2)]. This estimate is based on the dominating sequences given a dead bus, all of which requires recovery in the long-term (prior to containment failure).
S The offsite power non-recovery probabilities for the safety buses are provided in Table B.1.
Table B.1. Offsite power non-recovery probabilities.
Power source Unit 3 Bus Bus E13 Bus E23 Bus E33 Bus E43 343 SU:
available 1 min (via 3 SU bus)
E13 (Manual)
P = 7x10-3 E23 (Auto)
P = 3x10-3 E33 (Manual)
P = 7x10-3 E43 (Auto)
P = 3x10-3 2 SU:
available 30 min (via 2 SU bus)
E13 (Auto)
P = 7x10-3 E23 (Manual)
P = 1x10-2 E33 (Auto)
P = 7x10-3 E43 (Manual)
P = 1x10-2 500 kV:
available 0 min (via 3 SU bus)
Not modeled Not modeled Not modeled Not modeled Total (product of 343 SU and 2 SU non-recovery)
E13 P = 5x10-5 E23 P = 3x10-5 E33 P = 5x10-5 E43 P = 3x10-5 SPAR event LOOP-I LOOP-II LOOP-III LOOP-IV Notes:
S Safety buses that can automatically swap over to 343 SU given failure of its EDG, P = 3x10-3.
S Safety buses that require manual swap over to 343 SU given failure of its EDG, P = (3 x10-3) + (4x10-3) = 7x10-3.
S Safety buses that can automatically swap over to 2 SU after manually closing breaker SU-25 given failure of its EDG and loss of 343 SU, P = (3x10-3) + (4x10-3) = 7x10-3.
S Safety buses that require a manual swap over to 2 SU after manually closing breaker SU-25 given failure of its EDG and loss of 343 SU, P = 2 x (3x10-3) + 4x10-3 = 1x10-2.
LER 277/03-004 10 Attachment C Human Error Modeling For this analysis, one operator non-recovery event, PCS-XHE-MSIVS, was updated using the standard SPAR Model Human Error Worksheet (Ref. 4). A summary of the worksheet results is provided by Table C.1.
Table C.1 Human Error Basic Event Probabilities Non-recovery Factor Nominal Value Performance Shaping Factor (PSF)
Non-recovery Probability Time Stress Complexity Training Procedures PCS-XHE-MSIVS (Action) 1.0x10-3 1
2 2
1 1
4.0x10-3 This event was determined to be an obvious diagnosis, and therefore, it was evaluated as an action activity only. The stress performance shaping factor (PSF) was evaluated as High because the action could be required to prevent core damage in certain accident sequences. The complexity PSF was evaluated as Moderate because the operators would have to reset the PCIS signal, then equalize pressure around the MSIVs and then open them. All other PSFs were set to Nominal.
Sensitivity studies show that increasing the probability of PCS-XHE-MSIVS by an order of magnitude (to approximately the probability this event would have if it contained significant diagnostic activity) has a negligible effect on the quantitative result.
LER 277/03-004 11 Attachment D Safety Relief Valve Probability Calculations Five SRVs opened in response to the reactor scram and isolation of the MSIVs. SRV D was initially stuck open, but reclosed after 15 minutes at 369 psig without any operator action. The details about how the three SRV basic events were calculated are provided below.
One SRV Fails to Close (PPR-SRV-OO-1VLV)
A review of the operating experience (Ref. 5) identified 2 events out of 6 in which the SRV closed at reduced pressure without any operator action (Peach Bottom Unit 3 event was not included).
Using Bayes updated distribution with a Jeffreys noninformative prior, the conditional probability that an SRV would not reclose at a lower pressure given that it stuck open was calculated.
S 4
6 1
0 64 1
2
+
+
=.
Therefore, PPR-SRV-OO-1VLV is set at 0.64.
Two SRVs Fail to Close (PPR-SRV-OO-2VLVS)
The updated probability than a SRV fails to reclose after initially opening is 2.0x10-3/demand. Not counting the SRV that failed to initially reclose, there were four SRVs demanded. Therefore, using the binomial formula, the probability that 1 SRV would fail to reclose out of 4 demands was calculated.
S
(
)(
)
4 3 1 2 10 1
2 10 7 95 10 3
3 3
3 x
x
=
x
Therefore the probability that two SRVs fail to reclose is the conditional probability that SRV D would not have reclosed multiplied by the probability that 1 out the other 4 SRVs would have stuck open.
S
(
) (
)
0 64 7 95 10 509 10 3
3 x
x
=
x
Therefore, PPR-SRV-OO-2VLVS is set to 5.1x10-3.
Three or more SRVs Fail to Close (PPR-SRV-OO-3VLVS)
Similar to the calculation performed for PPR-SRV-OO-2VLVS, the probability of 2 valves failing to reclose out of 4 demands was calculated using the binomial formula.
S (Independent failure contribution)
(
) (
)
4 2 2 2
10 1
2 10 2 39 10 3
2 3
2 5
x
x
=
x
This is the value of the independent failure contribution. In addition, there is a failure contribution due to common cause. The common cause failure (CCF) calculation (for 2 SRV failures out of 4 valve demands) is shown below.
LER 277/03-004 12 S
(CCF contribution)
(
)
CCF Qt
x x
x
=
x
10 4
10 2 01 10 4
2 10 101 10 2
2 3
4
The total probability of three or more valves failing to reclose is the conditional probability that SRV D would not reclose multiplied by the sum of independent and CCF contributions of 2 out of 4 SRVs failing to reclose.
S
(
) (
)
0 64 2 39 10 101 10 7 99 10 5
4 5
x x
+
x
=
x
Therefore, PPR-SRV-OO-3VLVS is set to 8.0x10-5.
LER 277/03-004 13 Attachment E Response to Comments 1.
Comment for Chris Cahill (NRR/DSSA/SPSB)- Technical Source Reference Comment: For Peach Bottom Unit 3, Reference 5, by J.R. Houghton, Calculation of BWR Main Steam Relief Valve Failure to Close, is not available in ADAMS.
Response: This reference is currently under review.
2.
Comment for Chris Cahill (NRR/DSSA/SPSB)- SRV Probability Calculation Comment: BWRs typically use either two or three stage SRVs. It may not be appropriate to include all SRVs in one sample population since there failure mechanisms are quite different.
Response: The are few SRV failures to close on demand, and therefore all SRV data is included in the failure probability. We will consider a future study to determine if different types of SRVs have different failure probabilities.
3.
Comment for Chris Cahill (NRR/DSSA/SPSB)- SRV Probability Calculation Comment: Attachment D is used to calculate SRV failure to close probabilities.
Reference 5 is the source material for the calculation. It appears that in Reference 5, the Limerick event (LER 353/01-001) is identified as remained open at shutdown. In reviewing the LER, it appears that the SRV did not stay open, but instead opened and reseated two times. This would impact the calculated failure to close probability.
Response: We agree that the SRV opened and reseated twice. However, the SRV remained open for long periods of time (nearly 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> during the first opening/closing cycle) and the plant pressure dropped substantially (greater than 800 psi). Due to the large pressure decrease in the reactor, plant response during this event is similar to the plant response if the SRV has stayed open the entire time. Therefore the SRV is assumed to be remained open at shutdown for the purposes of the study (Reference 5).
LI LATE INJECTION CVS CONTAINMENT VENTING PCSR POWER CONVERSION SYSTEM RECOVERY SDC SHUTDOWN COOLING DEP MANUAL REACTOR DEPRESS SPC SUPPRESSION POOL COOLING VA ALTERNATE LOW PRESS INJECTION LPI LOW PRESSURE INJECTION CDS CONDENSATE DEP MANUAL REACTOR DEPRESS HPI HIGH PRESSURE INJECTION PCS POWER CONVERSION SYSTEM SRV SRV'S CLOSE RPS REACTOR SHUTDOWN SRV SRV'S CLOSE END-STATE 1
OK 2
OK 3
OK 4
OK 5
OK 6
CD 7
OK 8
CD 9
OK 10 OK 11 CD 12 OK 13 CD 14 OK 15 OK 16 OK 17 OK 18 CD 19 OK 20 CD 21 OK 22 OK 23 OK 24 OK 25 CD 26 OK 27 CD 28 OK 29 OK 30 OK 31 OK 32 CD 33 OK 34 CD 35 CD 36 CD 37 T
1SORV 38 T
2SORVS 39 T
ATWS P1 P2 SPC1 SDC1 LI01 LI02 LI03 LI04 LI05CF LI06 LI07 LI05CF LI05CV LI05CV Figure 1: Peach Bottom-Transient event tree.
L I L ATE INJECT IO N CVS CO NT AINM ENT VENT ING SDC SHUT DO W N CO O LING SPC SUPPR ESSIO N PO O L CO O LING L PI L O W P RESS URE INJECTIO N P 2 T W O O R MO RE S TUCK O PEN S RVS END-S TAT E 1 O K 2 O K 3 O K 4 CD 5 O K 6 CD 7 CD LI08 LI09 Figure 2: Peach Bottom-Two or more stuck open relief valves event tree (with dominant sequence highlighted).
15 LER 277/03-004 15 SENSITIVE - NOT FOR PUBLIC DISCLOSURE
FALSE LOOP PCS-1 PCS-1A FALSE ATWS FALSE TRAN PCS-TRAN TRUE PCS-MSIV-LOOP 1.1E-2 PCS-XHE-XO-ERROR CDS-HW CDS-PMPS PCS IS UNAVAILABLE (GENERAL TRANSIENT)
CONDENSATE PUMP TRAINS ARE UNAVAILABLE CONDENSATE HOTWELL MAKEUP IS UNAVAILABLE PCS FAILURE DURING GENERAL TRANSIENTS TRANSIENT OR ATWS MSIVs shut due to momentary LOOP LOSS OF OFFSITE POWER ATWS HAS OCCURRED GENERAL TRANSIENT INITIATING EVENT HAS OCCURRED OPERATOR FAILS TO MAINTAIN FEEDWATER INJECTION Figure 3: Peach Bottom-Modified PCS fault tree (the figure is cropped to show the modification only).
PCSR 4.0E-3 PCS-XHE-MSIVS CDS CONDENSATE SYSTEM IS UNAVAILABLE OPERATORS FAIL TO RECOVER THE POWER CONVERSION SYSTEM OPERATORS FAIL TO RE-OPEN MSIVs Figure 4: Peach Bottom-Revised PCSR fault tree.
17 LER 277/03-004 17 SENSITIVE - NOT FOR PUBLIC DISCLOSURE