ML062410236
ML062410236 | |
Person / Time | |
---|---|
Site: | Palo Verde |
Issue date: | 08/03/2006 |
From: | Mauldin D Arizona Public Service Co |
To: | Document Control Desk, Office of Nuclear Reactor Regulation |
References | |
102-05539-CDM/TNW/GAM | |
Download: ML062410236 (66) | |
Text
týAM David Mauldin Mail Station 7605 Palo Verde Nuclear Vice President Tel: 623-393-5553 PO Box 52034 Generating Station Nuclear Engineering Fax: 623-393-6077 Phoenix, Arizona 85072-2034 102-05539-CDMFINW/GAM August 03, 2006 Attn: Document Control Desk U.S. Nuclear Regulatory Commission Washington, DC 20555-0001
Dear Sirs:
Subject:
Palo Verde Nuclear Generating Station (PVNGS)
Units 1, 2 and 3 Docket Nos. STN 50-528, 50-529, and 50-530 Response to NRC Request for Additional Information Regarding Probabilistic Risk Assessment Questions Related to Proposed Technical Specification Change to Emergency Diesel Generator Allowed Out of Service Time By letter no. 102-05391, dated December 23, 2005, Arizona Public Service Company (APS) submitted a license amendment request for PVNGS Units 1, 2, and 3 to (1) extend the allowed out of service time (AOT) for one inoperable emergency diesel generator (EDG) from 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> to 10 days, (2) add a clarifying note to Condition F of Technical Specification (TS) 3.8.1, "AC [alternating current] Sources - Operating," and (3) revise TS 3.4.9, "Pressurizer," to delete the words which require that the two groups of pressurizer heaters be capable of being powered from an emergency power supply.
By letter dated June 23, 2006, the NRC provided to APS a request for additional information (RAI) regarding probabilistic risk assessment (PRA) questions related to the proposed amendment. The June 23, 2006, letter requested that APS respond to the RAI within 30 days. Following a telephone call to discuss the proposed RAI responses, the NRC notified APS by e-mail dated July 18, 2006, that it would be acceptable for APS to have 12 more days to submit the RAI response (no later than August 4, 2006).
Provided in Enclosure 2 is APS' response to the RAI. A notarized affidavit is provided in .
A member of the STARS (Strategic Teaming and Resource Sharing) Alliance Callaway 0 Comanche Peak
- Diablo Canyon 0 Palo Verde 0 South Texas Project
- Wolf Creek A ooI
U. S. Nuclear Regulatory Commission ATTN: Document Control Desk Response to NRC Request for Additional Information Regarding Proposed Technical Specification Change to Emergency Diesel Generator Allowed Out of Service Time Page 2 No commitments are being made to the NRC by this letter. If you have any questions, please contact Thomas N. Weber at (623) 393-5764.
Sincerely, CDM/TNW/GAM
Enclosures:
As stated cc: B. S. Mallett NRC Region IV Regional Administrator M. B. Fields NRC NRR Project Manager G. G. Warnick NRC Senior Resident Inspector for PVNGS A. V. Godwin Arizona Radiation Regulatory Agency (ARRA)
T. Morales Arizona Radiation Regulatory Agency (ARRA)
ENCLOSUREI AFFIDAVIT STATE OF ARIZONA
)) SS.
COUNTY OF MARICOPA )
I, David Mauldin, represent that I am Vice President, Nuclear Engineering, Arizona Public Service Company (APS), that the foregoing document has been signed by me on behalf of APS with full authority to do so, and that to the best of my knowledge and belief, the statements made therein are true and correct.
David Mauldin' Sworn To Before Me This J----'... Day Of Au(O- , 2006.
Ot. iCAL StlAI Notary Publi Cassaý#Je Justiss NOTARY PUBLIC. STATE of ARIZONA MARICOPA COUNTY MY COW. EXDIES OdoWe 30, 2006 t ,I ,
Notary Commission Stamp
ENCLOSURE 2 Response to NRC Request for Additional Information Regarding Probabilistic Risk Assessment Questions Related to Proposed Technical Specification Change to Emergency Diesel Generator Allowed Out of Service Time
Enclosure 2 Response to EDG RAI NRC Request I ral Provide qualitative or quantitative assessment of the following risk changes:
Information on risk-important components and configuration that will be affected by the proposed extension, including Diesel Fuel Oil and Pressurizer Heaters.
APS Response Iral , Attachment I of the December 23, 2005, submittal provided a list of those components whose Risk Increase Factor (equivalent to RAW) is increased by at least a factor of 2 during the period of EDG unavailability. Those failures are all associated with:
- 1. Maintaining off-site power to the train with the unavailable EDG;
- 2. Maintaining off-site power to the opposite train;
- 3. The gas turbine generators (alternate AC);
- 4. Supporting the available EDG.
The diesel fuel oil system has two independent trains, each associated with one EDG.
They are not explicitly modeled, but are considered part of the EDG. If it were modeled, the train associated with the remaining operable EDG would be expected to increase in importance similar to the EDG itself. This does not increase risk, because it would be a subset of what is currently modeled. Pressurizer heaters are not risk-significant and are not modeled. The pressurizer heater Technical Specification (TS) 3.4.9 is only being changed to make it consistent with the EDG TS changes.
NRC Request lrb]
Please provide a brief discussion and related information regarding the risk quantification tool.
APS Response I lb Palo Verde uses Risk Spectrum from the Swedish company Relcon, AB. It uses the RSAT solution engine. Risk Spectrum is a fully integrated tool including fault tree and event tree editing, common-cause modeling (automatic creation of CC events based on grouping), and is capable of solving fault trees, individual or grouped sequences, and entire consequence analyses. A demo copy can be obtained from the Relcon website (www.relcon.se), if you are interested in seeing it.
1
Enclosure 2 Response to EDG RAI NRC Request I [cl Provide a discussion of the probabilistic risk assessment (PRA) quality, with emphasis on the system(s) and train(s) affected by the amendment.
The discussion may include, parametric uncertainty.
APS Response lIc] to Enclosure 2 of the December 23, 2005, submittal provides fourteen pages of information regarding the Palo Verde PRA quality. In particular, Section 2.2 on pages 10 through 12 of Attachment 2 to Enclosure 2 of the December 23, 2005, submittal provides a listing of changes and upgrades that improved the model relative to this particular application. Other specific attributes relevant to this submittal are:
- 1. Switchyard is modeled in sufficient detail to model out-of-service high voltage lines, power to start-up transformers and start-up transformer feeds to the units;
- 2. Electrical distribution from start-up transformers down to Vital AC and DC is modeled in detail; losses of power at all levels are also included as initiating events;
- 3. EDG, Auxiliary Feedwater, HPSI and many other safety system component failure rates are Bayesian updated;
- 4. The most recent loss of off-site power frequencies and non-recovery probabilities were used based on NUREG/CR-INEEL/EXT-04-02326.
Due to the request for additional calculations in the RAI, we took the opportunity to use the latest revision of the PRA model and also incorporate several changes necessary to implement the NRC's Mitigating Systems Performance Index. This model update incorporated two significant changes:
- 1. Updated failure data;
- 2. Conversion of common-cause modeling from Multiple Greek Letter (with a few binomial parameters) to the alpha parameter method. Common-cause data came from NUREG/CR-6268. This closed the only remaining Category A peer review comment.
As a result of these changes, the LERF truncation level was reduced from 2E-12 to 9E-13.
2
Enclosure 2 Response to EDG RAI In order to reflect the PRA model update, Attachment 2 to Enclosure 2 of the December 23, 2005, submittal, entitled "Palo Verde Probabilistic Risk Assessment (PRA) Quality and History," the last bullet in Section 5 is changed as follows:
In 2001 Erin Engineering reviewed all Category A and B Facts and Observations (F&Os) from the CEOG peer review. The results are as follows:
o Category A - 8 F&Os. 4 were closed and the responses deemed satisfactory. The remaining 4 were later closed.
o Category B - 26 F&Os. 7 were closed and the responses deemed satisfactory, 13 were later closed, and six remain open. Five of these are documentation issues. The one remaining open item is lack of flooding analysis.
NRC Request 1Id1 Please provide relative risk impact on incremental conditional core damage probability (ICCDP) and incremental conditional large early release probability (ICLERP), using zero maintenance model versus regular model with baseline test/maintenance activities.
APS Response I'd]
Table 2a below shows the ICCDPs and ICLERPs determined by subtracting the nominal maintenance CDF and LERF values from the zero maintenance CDF and LERF values in accordance with Regulatory Guide 1.177, footnotes 2 and 3 and replaces Table 2 on page 17 in the December 23, 2005, submittal. Note that Train B ICCDP is now below the guideline value of 5E-7. Tables 2b and 2c show the additional calculations requested.
[CDF (zero-mntc w/EDG OOS) - CDF (nom-mntc w/EDG mntc FALSE)] x 240hrs/8,760hrs-yr" Table 2a: ICCDP and ICLERP Using RG 1.177 Method Internal Events ICLERP 10 day 3.02E-8 2.47E-8 3
Enclosure 2 Response to EDG RAI Table 2b shows the risk results using the zero maintenance model (both CDF and LERF deltas with zero maintenance, except subject EDG). Train B ICCDP is again below the guideline value of 5E-7.
[CDF (zero-mntc w/EDG OOS) - CDF (zero-mntc)] x 240hrs/8,760hrs-yr 1 Table 2b: ICCDP and ICLERP Using Zero Maintenance Model Internal Events ICCDP 10 day 15.83E-7 4.68E-7 Internal Events ICLERP 10 day 3.12E-8 2.57E-8 Table 2c shows the risk results using the nominal maintenance model (both CDF and LERF deltas with nominal maintenance, with the addition of subject EDG).
[CDF (nom-mntc w/EDG OOS) - CDF (nom-mntc w/EDG mntc FALSE)] x 240hrs/8,760hrs-yr 1 Table 2c: ICCDP and ICLERP Using Nominal Maintenance Model Internal Events ICLERP 10 day 4.14E-8 3.51 E-8 NRC Request Irel Are there any compensatory measures to neutralize the potential risk increases due to the amendment? If so, provide a discussion of the proposed compensatory measures and the associated benefit in both quantifiable and non-quantifiable terms.
APS Response I [el The following compensatory measures will be implemented when utilizing the extended AOT, as described in APS letter no. 102-05484, dated May 4, 2006:
- 1. The redundant diesel generator (DG) (along with all of its required systems, subsystems, trains, components, and devices) will be verified operable (as required by TS) and no discretionary maintenance activities will be scheduled on the redundant (operable) DG.
- 2. No discretionary maintenance activities will be scheduled on the gas turbine generators (GTGs).
4
Enclosure 2 Response to EDG RAI
- 3. No discretionary maintenance activities will be scheduled on the startup transformers.
- 4. No discretionary maintenance activities will be scheduled in the APS switchyard or the unit's 13.8 kV power supply lines and transformers which could cause a line outage or challenge offsite power availability to the unit utilizing the extended DG Completion Time.
- 5. All activity, including access, in the Salt River Project (SRP) switchyard shall be closely monitored and controlled. Discretionary maintenance within the switchyard that could challenge offsite power supply availability will be evaluated in accordance with 10 CFR 50.65(a)(4) and managed on a graded approach according to risk-significance.
- 6. The GTGs will not be used for non-safety functions (i.e., power peaking to the grid).
- 7. Weather conditions will be assessed prior to removing a DG from service during planned maintenance activities. Additionally, DG outages will not be scheduled when severe weather conditions and/or unstable grid conditions are predicted or present.
- 8. All maintenance activities associated with the unit that is utilizing the extended DG Completion Time will be assessed and managed per 10 CFR 50.65 (Maintenance Rule).
- 9. The functionality of the GTGs will be verified by ensuring that the monthly start test has been successfully completed within the previous four weeks before entering the extended DG Completion Time.
- 10. The operability of the steam-driven auxiliary feedwater pump will be verified before entering the extended DG Completion Time.
11 .The system dispatcher will be contacted once per day and informed of the DG status, along with the power needs of the facility.
- 12. Should a severe weather warning be issued for the local area that could affect the switchyard or the offsite power supply during the extended DG Completion Time, an operator will be available locally at the GTG should local operation of the GTG be required as a result of on-site weather-related damage.
- 13. No discretionary maintenance will be allowed on the main and unit auxiliary transformers associated with the unit.
Items 1 through 4 and 13 are directly accounted for in the modeling by using the zero-maintenance model (with only one EDG assumed out of service). Items 7 and 11 5
Enclosure 2 Response to EDG RAI effectively reduce the IELOOP frequency due to either grid or weather related causes.
The remaining items serve as additional assurance of the reliability of the remaining on-site power sources, the Station Blackout GTGs and off-site power.
NRC Request 1[fl Provide a brief discussion of the plant configuration control program and the on-line risk monitor.
APS Response Irf]
Section 4.2.2.2 at the top of page 24 of Enclosure 2 in the December 23, 2005, submittal lists several items relevant to the condition of one unavailable EDG. In general, planned maintenance is evaluated by the work week managers using EOOS.
Unanalyzed components or configurations that EOOS cannot model are referred to the PRA Group for resolution. Risk limits are chosen to limit total integrated risk increase for the week to less than 1E-6 for CDP and 1E-7 for LERP. Emergent conditions are evaluated as they arise. Compensatory measures or returning equipment to service are considered and implemented where possible in order to restore the risk increase to within the limits above. A "red" condition is not voluntarily entered. Red is when the CDP or LERP will exceed its limit. Station procedure 70DP-0RA05, Revision 1, dated May 19, 2006, "Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2," is attached. In particular Appendices B, C and D of the procedure provide important guidance on minimizing risk.
NRC Request 2 Your risk assessment in the submittal was based on internal events only.
Discuss the impact of potential external events and risk contributors, such as fire.
APS Response 2 External events are addressed in Section 4.2.1.9 on page 22 of Enclosure 2 of the December 23, 2005, submittal. Paragraph 2.3.2 of Regulatory Guide 1.177 says that external hazards should be considered if the location of the subject equipment is vulnerable to a particular external event. As stated in the December 23, 2005, submittal, the DG building (housing both trains of EDGs) contributes less than 1% to combined internal events and fire CDF. There is no potential for initiating events in the DG Building. Were fire to be included in this analysis, it would, of course, show a somewhat higher ICCDP and ICLERP. ICCDPs including fire are approximately 6.7E-7 for Train A and 6.1 E-7 for Train B using the zero-maintenance updated model. Palo Verde is in a low seismic hazard region. The principle effect of a significant seismic event would be loss of off-site power. This would be a minor addition to the LOOP frequency, well bounded by the uncertainty of that parameter.
6
Enclosure 2 Response to EDG RAI NRC Request 3 On page 17 of Enclosure 2 you state that your ICCDP would exceed the Regulatory Guide (RG) guideline. The intent in making the comparison of the PRA results with RG 1.177 is to demonstrate, with reasonable assurance, that Principle 4 in the "Discussion" section of RG 1.177 is being met. Please discuss how Principle 4 is being met.
APS Response 3 Principle 4 refers to Regulatory Position 2.3, which delineates the three-tiered approach to evaluate the risk associated with the proposed AOT extension.
" Tier 1, Capability and Insights. The submittal provides ample evidence of the capability of Palo Verde PRA, including its quality and suitability for this application. Insights are gained in understanding what equipment and actions become more important with either of the EDGs unavailable, so that appropriate measures are taken to ensure the reliability of remaining power sources, along with equipment usable in a Station Blackout, such as the steam-driven auxiliary feedwater pump.
" Tier 2, Avoidance of Risk-Significant Plant Confiqurations. The submittal demonstrates that the importance analysis of the plant configuration of one unavailable EDG provides insight into what other equipment becomes more important and therefore actions that should or could be taken to protect it and enhance its reliability. The December 23, 2005, submittal, along with APS letter no. 102-05484, dated May 4, 2006, in response to the NRC Electrical Branch request for additional information (RAI), identified actions to be taken or avoided for this purpose.
- Tier 3, Risk-Informed Configuration Risk Management. The submittal demonstrates that Palo Verde's Configuration Risk Management Program, consisting primarily of the administrative controls necessary to properly implement IOCFR50.65(a)(4), are adequate to ensure changes to the plant configuration that may occur while an EDG is out of service are understood and evaluated in a timely manner.
The additional unavailability of an EDG does not exceed any current risk limits or guidelines in Palo Verde's risk management program, and is well within current plant configuration risk fluctuations encountered for normal plant maintenance.
It was mentioned in section 4.2.3 of the December 23, 2005, submittal that Palo Verde uses the EOOS software for planning and emergent condition configuration risk management. It should be added that cutset analysis is not used; rather, both CDF and LERF for each configuration are calculated, thus minimizing truncation errors and improving the accuracy of the results.
7
Enclosure 2 Response to EDG RAI Furthermore, some reduction in shutdown risk during refueling outages can be expected. The EDG maintained during power operation will be available for a greater portion of the outage. Although Palo Verde requires both off-site power sources and both EDGs to be available during high risk plant configurations, such as reduced inventory and mid-loop, the added EDG availability will reduce risk during periods where only one off-site power source is available.
Thus, even though the Train A ICCDP value slightly exceeds the guideline value of 5E-7, the three-tiered approach and Principle 4 are met. Furthermore, LERF, or ICLERP, are more direct indicators of the impact to the health and safety of the public.
The ICLERP values for both trains are well below the guideline value of 5E-8, and remain below 5E-8 using a doubled grid-related Loss of Off-Site Power frequency.
Thus, the change meets the Commission's safety goals.
NRC Request 4 In Table 3, Enclosure 2 of your request letter, you have recalculated internal event core damage frequency based on your new reliability number. However, Table 2 of the enclosure clearly indicated that the plant risk (ICCDP) under the proposed amendment would increase by 6.44E-7 and 6.05E-7 for EDG A and EDG B, respectively. With this proposed TS change, it appears that the risk would increase by 6.44E-7Iyr and 6.05E-7Iyr, respectively, by annualizing the ICCDP for one year. Please explain these results.
APS Response 4 First, as a matter of clarification, the EDG reliability was not changed; the new unavailability was used in the calculation. For the annualized risk increase, best-estimate outage duration is used (6.5 days), rather than the entire AOT in accordance with Regulatory Guide 1.177, paragraph 2.3.4, item 2. Secondly, the maintenance requiring the AOT extension is not done every year. It is done every third year on each EDG. This expected frequency is used in accordance with Regulatory Guide 1.177, paragraph 2.3.4, item 3. See response to Request 5 below for new calculation assuming one seven-day EDG outage per year.
NRC Request 5 In your reliability recalculation presented in the second paragraph of page 17 of Enclosure 2, the increase of the actual unavailability was assumed as 5.5 days instead of the 10-day proposed extension. The 5.5 days of maintenance outage discussed implies that the TS AOT will be used as a part of your routine online maintenance activities. Please explain.
8
Enclosure 2 Response to EDG RAI APS Response 5 As requested, the effect on average CDF and LERF was recalculated assuming one seven-day EDG outage per year. The results are shown in Table 3 below, which replaces Table 3 on page 17 in the December 23, 2005, submittal. Both CDF and LERF are well below the guideline values of 1 E-6 for CDF and 1E-7 for LERF from RG 1.174.
Table 3: Changes to Average CDF and LERF EvetspDFosed~
Cmten Delta % giiIS[p Events CDF..::*,18.88E-61yr Int 9.38E-61yr 5.0E-71yr 5.6 mit Events* LERF 4.88E-7*1r 5.14E-7/1r 2.6E-8 r 15.3 NRC Request 6 Please discuss the impacts of the uncertainties and risk contributors for both those explicitly accounted for in the results and those that were not.
APS Response 6 Modeling uncertainty is addressed in detail in paragraph 4.2.1.4 of Enclosure 2 of the December 23, 2005, submittal. The underlined phrases are potential sources of uncertainty. Each point is addressed in detail. The use of delta values calculated from results representing essentially the same operating states minimizes the parametric uncertainty. A sensitivity was performed (and reported in the submittal) on the grid-centered LOOP frequency, which is believed to be the most sensitive parameter, and likely has the highest uncertainty given that LOOP is a relatively rare event. These results were recalculated using the updated model and are reported in Table 4 below.
This table replaces Table 4 on page 20 in the December 23, 2005, submittal.
Significant reductions are seen relative to the original results.
Table 4 - ICCDP and ICLERP with Grid Centered IELOOP Doubled I Internal hvents I.;DLLW 1U cay I 7.1t51st-7 3 .42-7 3 .42E-8 I Internal Events ICLERP 10 day 4.22E-8 9
Enclosure 2 Response to EDG RAI NRC Request 7 According to your risk assessment, EDG A has higher risk importance than that of EDG B. Please Explain.
APS Response 7 As discussed in Section 4.2.1.6 on page 20 of Enclosure 2 of the December 23, 2005, submittal, the results are not identical due to the asymmetric nature of the auxiliary feedwater (AF) system. There are two Class 1 E AF pumps located in a seismically qualified structure, one turbine-driven (Train A) and one electric-driven (Train B). The third pump (electric-driven) is non-class 1E, located in the turbine building, and powered from Train A Class 1E power. Thus, two of the three pumps ultimately get power from Train A Class 1E power. In addition, the turbine-driven pump, by its nature, is less reliable than either of the electric pumps. However, the turbine-driven pump can be operated locally with no power available, so it is more important in LOOP and SBO scenarios.
NRC Request 8 What are the risk assessment methodologies (such as FIVE) that you have employed for fire? Have you considered providing fire watch during the proposed AOT period?
APS Response 8 Palo Verde was a pilot for the FIVE methodology. However, since then, we have performed a complete fire PRA. It is far more complex than the internal events model and requires significantly more solution time. It is not currently part of the on-line risk monitor, but we expect to add it as industry standards and appropriate NRC endorsements become available. With the fire model included in EOOS, fire CDP and LERP will be explicitly accounted for, and fire protection-related compensatory measures would be considered. In the meantime, compensatory measures required to comply with 10 CFR 50, Appendix R and other fire protection program requirements are considered an acceptable means of ensuring fire safety.
NRC Request 9 As a part of maintenance activities associated with EDGs, is this extension a part of the routine maintenance activities? Please elaborate.
APS Response 9 Yes. This longer AOT is intended for routine maintenance activities required by the vendor on a five-year interval (overhaul maintenance). This would translate to a three-cycle frequency of once per 4.5 years (Palo Verde is on an 18-month fuel cycle).
10
Enclosure 2 Response to EDG RAI However, due to train maintenance rotation practices, the maintenance on a particular EDG will be done on a two-cycle period (three years). In other words, one train will be done during each cycle, alternating. This is the frequency assumed in the original calculation of average increase in CDF and LERF. See response to Request 5 above for recalculation of CDF and LERF based on an assumed additional seven days of unavailability per year.
NRC Request 10 In diesel generator reliability, have you evaluated the Maintenance Preventable Function Failure (MPFF) under the 50.65 maintenance rule? If so, have you incorporated the MPFF in your EDG reliability?
APS Response 10 Palo Verde does not count just MPFFs; rather we count all functional failures (all functional failures are also considered PRA failures). Thus the reliability data used in the model is based on all functional failures, not just the subset of preventable functional failures.
NRC Request 11 How does this extension impact the station blackout (SBO) sequences?
Please discuss your reliability program in general and specifically the ability and timing of the EDGs to recover from a SBO event.
APS Response 11 It is the SBO and loss of offsite power (LOOP) without SBO sequences that are primarily impacted by this AOT extension. Removal of one of the on-site AC power sources brings all of the SBO and many LOOP w/o SBO cutsets up about two orders of magnitude. Offsite power recovery is only credited at two distinct times: one and three hours following the event. Offsite power recovery within one hour is required if the steam-driven AF pump is not available initially and gas turbine generators (GTGs) are not available or fail. Offsite power recovery within three hours is required if the steam-driven AF pump is available initially and GTGs are not available or fail (limited time availability is due to length of time Channel A DC power is assumed available to operate the steam-driven AF pump from the Control Room). Local operation of the steam-driven AF pump is credited for recoverable failures, such as power or steam supply valves. Recovery of failed or unavailable EDGs is not credited. Paragraph 4.2.1.6 of of the December 23, 2005, submittal states the following:
"In addition to the local, non-powered operation of the turbine driven AF pump noted above, two of the four channels of steam generator level indication can be expected to be available for at least twenty-four hours with no battery charging capability. The associated Vital AC panels draw approximately 40 amps from 11
Enclosure 2 Response to EDG RAI batteries with a capacity of 2,415 amp-hours. There are no other significant loads on the associated DC buses. Atmospheric Dump Valves can also be operated locally. Their position indications would be available in the Control Room."
As for water sources for secondary cooling, in addition to the condensate storage tank, the reactor make-up water tank would be available as a supplement. Thus we have high confidence that under SBO conditions, the steam-driven AF pump and atmospheric dump valves can be effectively operated locally to maintain the plant in a safe, stable state for at least 24 hours2.777778e-4 days <br />0.00667 hours <br />3.968254e-5 weeks <br />9.132e-6 months <br />. (Note: the SBO coping requirements of 10 CFR 50.63 will be met by a 16-hour coping capability, as proposed in APS letter no. 102-05370, dated October 28, 2005.)
12
ATTACHMENT Procedure 70DP-ORAO5, "Assessment and Management of Risk When Performing Maintenance in Modes I and 2,"
Revision 1 Effective May 19, 2006
Assessment and Management of Risk When 70DP-ORA05 F Performing Maintenance in Modes 1 and 2 PROCEDURE INTENT Provide guidance in meeting the requirements of 10CFR50.65 (a)(4) in assessing risk during the scheduling and performance of maintenance on-line at PVNGS.
This procedure change:
- 1. Changes location on the V:\ drive for the Routine Test Matrix.
- 2. Adds requirement for inclusion of all PRA or INIT risk code EQIDs associated with permits.
- 3. Deletes scheduling requirement for use of Scope Change Request (SCR) within a given week. This requirement is addressed in 51 DP-90M03, "Site Scheduling".
I Nuclear Administrative and Technical Manual I Pagel of 49 1 I NcerAmnsrtvanTehiaMaulIPalo4 I
Assessment and Management of Risk When 70DP-0RA05 Revision 1 Performing Maintenance in Modes 1 and 2 Table of Contents 1.0 PURPOSE AND SCOPE .................................................................................................... 3 1.1 PURPOSE .............................................................................................................................. 3 1.2 SCOPE .................................................................................................................................. 3 1.3 DISCuSSION/BACKGROUND ................................................................................................ 3 2.0 RESPONSIBILITIES ............................................................................................................... 4 2.1 PRA SECTION LEADER .................................................................................................. 4 2.2 WORK MANAGEMENT DEPARTMENT WORK WEEK MANAGEMENT SECTION LEADER ................. 4 2.3 W ORK W EEK MANAGERS (W WM) ...................................................................................... 4 2.4 OPERATIONS UNIT DEPARTMENT LEADERS ........................................................................ 5 2.5 OPERATIONS WORK CONTROL SENIOR REACTOR OPERATORS (WCSRO) .............................. 5 2.6 SHIFT MANAGERS .................................................................................................................. 5 2.7 SITE MANAGERS .................................................................................................................... 5 2.8 MAINTENANCE SECTION LEADERS ...................................................................................... 5 2.9 SCHEDULERS ........................................................................................................................ 6 2.10 MAINTENANCE TEAM LEADERS ........................................................................................ 6 2.11 MAINTENANCE ENGINEERS/SYSTEM ENGINEERS ............................................................. 6 2.12 CONTROL ROOM SUPERVISORS ...................................................................................... 6 2.13 MAINTENANCE COORDINATORS ........................................................................................ 6 2.14 SHIFT TECHNICAL ADVISORS ............................................................................................ 7 2.15 CIVIL ENGINEERING ............................................................................................................. 7 2.16 PLANT MANAGER ................................................................................................................. 7 3.0 PROCEDURE ....................................................................................................................... 8 3.1 ASSESSMENT AND MANAGEMENT OF RISK DURING WORK SCHEDULING .............................. 8 3.2 ASSESSMENT AND MANAGEMENT OF RISK DURING WORK PLANNING AND IMPLEMENTATION .. 10 3.3 ASSESSMENT AND MANAGEMENT OF RISK FOR EMERGENT CONDITIONS .......................... 13 4.0 DEFINITIONS AND ABBREVIATIONS ............................................................................ 16 4.1 DEFINITIONS ........................................................................................................................ 16 4.2 ABBREVIATIONS ................................................................................................................... 17
5.0 REFERENCES
...................................................................................................................... 18 5.1 IMPLEMENTING .................................................................................................................... 18 5.2 DEVELOPMENTAL ................................................................................................................. 18 Nuclear Administrative and Technical Manual I Page 2 of 49
Assessment and Management of Risk When 70DP-ORA05 Revision Performing Maintenance in Modes 1 and 2 1.0 PURPOSE AND SCOPE 1.1 Purpose Paragraph (a)(4) of 10CFR50.65 (the Maintenance Rule) requires that "Before performing maintenance activities (including but not limited to surveillance, post maintenance testing, corrective and preventive maintenance), the licensee shall assess and manage the increase in risk that may result from the proposed maintenance activities." This procedure was developed to document how Palo Verde will perform the assessments required for on-line maintenance and manage the risk resulting from these maintenance activities.
1.2 Scope This procedure applies to Work Management, Operations, Maintenance, Civil Engineering, and Long Range Planning personnel involved in the scheduling and coordination of work. It also applies to the PRA section of System Engineering for the development and periodic update of the EOOS (Equipment Out Of Service) Monitor software.
" Maintenance and testing activities involving systems listed in Table A of Appendix F are within the scope of this procedure.
" Maintenance and testing activities involving systems listed in Table B of Appendix F are not within the scope of this procedure.
1.3 Discussion/Background The Maintenance Rule (10 CFR 50.65) was passed by the NRC and made effective on July 10, 1996. The rule was amended effective November 28, 2000 to require that licensees assess the effect of equipment maintenance on the plant's capability to perform safety functions before beginning maintenance on structures, systems and components (SSCs) within the scope of the rule. The amendment clarified that these requirements apply under all conditions of operation including shutdown.
The amended regulation requires licensees to assess and manage the increase in risk that may result from a proposed maintenance activity. The following excerpts from the Statements of Consideration that were issued in conjunction with the rule amendment provide insights into the regulatory basis, expectations and interpretations associated with this rule.
"The purpose of this change is to increase the effectiveness of the Maintenance Rule by requiring licensees to: 1) Perform an assessment of the plant conditions before the proposed maintenance and the changes expected to result from the proposed maintenance activity; 2) Ensure that the assessments are performed when the plant is shut down as well as at power; and 3) Manage the increase in risk that may result from the proposed maintenance activity."
I Nuclear Administrative and Technical Manual I Page 3 of 49 1 INcerAmnsrtvanTehiaMaualPaeof9I
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 E "Risk is the result of the likelihood of an event with due consideration of the consequences of that same event. The term "risk" is used to address what can go wrong, its likelihood, and its consequences."
a "In general, a risk assessment is necessary before all planned maintenance activities. Assessments should also be performed when an unexpected SSC failure initiates required maintenance activities or when changes to plant conditions affect a previously performed assessment."
a "However, the reevaluation of a previous assessment should not interfere with, or delay, the plant staff's taking timely actions to restore the appropriate SSC to service or taking compensatory actions necessary to ensure that plant safety is maintained.
If the SSC is restored to service before performing the assessment, the assessment need not be conducted."
- "Assessments may vary from simple and straightforward to highly complex. However, the degree of sophistication required for the assessment notwithstanding, the NRC intends that the assessment process will examine the plant condition existing before the commencement of the maintenance activity, examine the changes expected by the proposed maintenance activity, and identify the increase in risk that may result from the maintenance activity. The assessments are expected to provide insights for identifying and limiting risk-significant maintenance activities and their duration's."
The NRC has issued Regulatory Guide 1.182, "Assessing and Managing Risk Before Maintenance Activities at Nuclear Power Plants". This document endorses Section 11 of NUMARC 93-01 revised and dated February 22, 2000 as a method acceptable to the NRC staff for complying with the provisions of 10 CFR 50.65 (a)(4).
2.0 RESPONSIBILITIES The following individuals/personnel have responsibilities specified within the body of this procedure.
2.1 PRA Section Leader
- Responsible for developing and maintaining the EOOS Monitor software.
- Responsible for performing Special Case and Restricted Use analyses.
2.2 Work Management Department Work Week Management Section Leader
- Responsible for maintaining the "Routine Test Matrix".
2.3 Work Week Managers (WWM)
- Responsible for generating and maintaining the Official EOOS Risk Profile included with the POD (the Week 0 WWM) for scheduled work.
I Nuclear Administrative ahd Technical Manual I Page 4 of 49 1 INulaAdiitaieadTcnclMna Paeo4 I
Assessment and Management of Risk When 70DP-ORA05 Revisioi Performing Maintenance in Modes 1 and 2 0 Responsible to perform risk assessments of weekly schedules and approved scope change requests (SCRs).
0 Responsible for notifying and obtaining approvals as required by the applicable scheduled Risk Management Action Level (RMAL).
- Responsible for developing the Plan of the Day Schedule and package.
2.4 Operations Unit Department Leaders
- Responsible for approving work initiation involving voluntary entries into an Orange RMAL.
2.5 Operations Work Control Senior Reactor Operators (WCSRO)
- Responsible for complying with the guidance provided in the "Routine Test Matrix" when authorizing the performance of Operations Surveillance Tests and Engineering Tests.
" Responsible for assessing the effect of current plant status on existing risk assessments when authorizing performance of a work activity.
2.6 Shift Managers
" Responsible for complying with the guidance provided in the "Routine Test Matrix" when authorizing the performance of Operations Surveillance Tests and Engineering Tests.
" Responsible for verifying that risk management actions required by the applicable RMAL are being implemented when authorizing a work activity.
" Responsible for ensuring an assessment of risk is performed during emergent condition.
2.7 Site Managers
- Responsible for overall management of aggregate plant risk.
- Responsible for personnel decisions such as holding over Maintenance Teams past their normal end of shift may be necessary to address risk issues.
2.8 Maintenance Section Leaders
- Responsible for completing maintenance and testing activities in accordance with (i.e., on the days and shifts specified by) the Weekly and Plan of the Day (POD)
Schedules.
I Nuclear Administrative and Technical Manual I Page 5 of 49 1 INcerAmnsrtvanTehiaMauaI I Pleo4
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2
- Responsible for notifying the Work Week Manager (WWM), as soon as possible, whenever it is known that an activity will not be completed in accordance with the schedule.
2.9 Schedulers
- Responsible for developing and maintaining the weekly schedules 2.10 Maintenance Team Leaders
" Responsible for completing maintenance and testing activities in accordance with (i.e., on the days and shifts specified by) the Weekly and POD Schedules.
- Responsible for notifying the Work Week Manager (WWM), as soon as possible, whenever it is known that an activity will not be completed in accordance with the schedule.
2.11 Maintenance Engineers/System Engineers
" Responsible for providing input on system/team maintenance priorities, component functions, design status, or history as necessary during the scheduling process.
" Responsible for approval during the planning phase of scheduled entries into Orange or Red RMALs to verify Maintenance Rule performance criteria will not be exceeded and to ensure the proposed maintenance is necessary and has been scheduled appropriately to minimize risk.
2.12 Control Room Supervisors
- Responsible for complying with the guidance provided in the "Routine Test Matrix" when authorizing the performance of Operations Surveillance Tests and routine Engineering Tests.
" Responsible for assessing the effect of current plant status on existing risk assessments when authorizing a work activity to proceed.
" Responsible for assessing emergent condition risk.
2.13 Maintenance Coordinators
- Responsible for completing maintenance and testing activities on the days and shifts specified by the Weekly and POD Schedules.
- Responsible for notifying the Work Week Manager (WWM) when it is known that an activity will not be completed as scheduled.
Nuclear Administrative and Technical Manual Page 6 of 49
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 2.14 Shift Technical Advisors 0 Responsible to provide assistance when requested in determining the impact of maintenance activities or emergent conditions on SSC function and interpreting and implementing Appendices E, and G.
2.15 Civil Engineering
- Responsible for barrier impairment evaluations when required by procedure 38DP-9FP01. When the evaluation indicates Technical Specification operability or Maintenance Rule availability of the equipment protected by the barriers is compromised, responsible for contacting PRA, Work Management and/or Operations to ensure risk assessment and management actions are implemented as required.
2.16 Plant Manager
- Responsible for approving work initiation involving voluntary entries into a Red RMAL.
Nuclear Administrative and Technical Manual Page 7 of 49
Assessment and Management of Risk When 70DP-0RA05 Revision 1 Performing Maintenance in Modes 1 and 2 3.0 PROCEDURE 3.1 Assessment and Management of Risk during Work Scheduling NOTE If the EOOS calculated CDF RMAL and EOOS calculated LERF RMAL differ, then use the higher RMAL classification.
3.1.1 The 12-Week Integrated Schedule Matrix (12-Week Matrix) is a tool used by Work Management to plan and schedule work on a system basis. It is developed using probabilistic insights as well as non-probabilistic considerations delineated in Appendix D.
3.1.1.1 The 12-Week Matrix is designed for use in Modes 1 and 2 to align maintenance and to minimize the risk associated with maintenance activities. It is also used to equalize the work loading between crafts. The 12-Week Matrix resides in SWMS where it directs the computer to slot newly written work orders. The current revision of the matrix is maintained electronically in Vista under All Public Folders/Palo Verde/POD/12-Week Matrix.
3.1.1.2 Probabilistic insights are incorporated into the 12-Week Matrix. In addition, the 12-Week Matrix incorporates the additional risk informed insights documented in Appendix B to this procedure.
3.1.1.3 Responsibilities for the development and maintenance of the 12-Week Matrix are as follows:
" Work Management develops, updates, and maintains the 12-Week Matrix by coordinating input from Operations, Maintenance, and Engineering and obtaining a review by the PRA Group.
- System and Maintenance Engineering provides input on system/team maintenance priorities, component functions, design status, or history as necessary.
3.1.2 The Long-Range Maintenance Plan (LRMP) is developed to delineate major component outages and surveillance tests for all three units, the SRP switchyard, and the water reclamation facility. It is developed and maintained by Work Management incorporating the elements of the 12-Week Matrix, the EOOS Monitor, the additional risk informed guidance documented in Appendix B and E.
3.1.3 The Weekly Integrated Schedules are developed as maintenance and testing activities are approved and slotted by Work Management. They are developed based on the 12-Week Matrix, the LRMP, the EOOS Monitor; the additional risk informed insights documented in Appendix B and the scheduling guidance in I Nuclear Administrative and Technical Manual I Page 8 of '479
Assessment and Management of Risk When 70DP-0RA05 Revision Performing Maintenance in Modes 1 and 2 Appendix D. The weekly schedule delineates the day(s) and shift(s) that scheduled maintenance and testing activities are expected to begin and end.
3.1.3.1 Additions or deletions to the work scope of a Weekly Schedule must be accomplished using a Scope Change Request (SCR) processed in accordance with 51 DP-90M03, Site Scheduling.
3.1.4 The POD Schedules are developed from the Weekly Schedules and include emergent work as well as information concerning Operator Work Arounds, the Control Room Discrepancy Log and Management Site Issues. Work Management generates the POD Schedule the workday prior (e.g., PODs for Saturday, Sunday and Monday are generated on the preceding Friday).
3.1.5 The following rules will be applied when performing risk assessments of Maintenance Schedules and schedule Scope Change Requests (SCRs):
- a. All planned work should normally be conducted within the analyzed configurations in EOOS Week 0 schedule using the in Appendix B, Additional PRA Risk Informed Guidance.
- b. All EQIDs associated with a work order (including permit and multi-equipment list information) that have a risk code of PRA or. INIT should be included in the risk profile. Deviations from this requirement, in order to minimize the number of redundant EQIDs with the same impact on the unavailable SSC, can be approved by the Duty PRA Engineer.
- c. Existing analyzed configurations may be moved to another configuration to perform work as long as all scheduled work is consistent with the analyzed configuration and the respective 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> total time for Yellow configuration and 36 hour4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> total time for Orange configuration limits are observed.
- d. Special Case EOOS analyses address recurring situations that are not adequately addressed by the existing EOOS Monitor. They will be developed and maintained by the PRA Section in V(Nt75pv):\EOOS\FAQ.
3.1.6 Control of Hazard Barriers NRC Regulatory Issue Summary (RIS) 2001-09, states:
"prior to removing a hazard barrier for maintenance purposes (either to facilitate maintenance or to perform maintenance on the barrier), the risk associated with the maintenance activity must be controlled and managed in accordance with paragraph 50.65 (a)(4) of the Maintenance Rule."
PVNGS has implemented administrative controls for barriers which ensure appropriate evaluation and notifications of impairments by Civil Design Engineering before barrier affecting maintenance and with some limited exceptions, maintain barrier availability or implement compensatory risk management actions sufficient to ensure that the equipment protected by the barriers remains Technical Specification operable and Maintenance Rule available.
I Nuclear Administrative and Technical Manual I Page 9 of 49 1 I NcerAmnsrtvanTehiaMaulI Pgof9I
Assessment and Management of Risk When 70DP-ORA05 Revision Performing Maintenance in Modes 1 and 2 Procedure 38DP-9FP01 provides for documenting, controlling and tracking impairments to the pressure boundaries for the Control Room, Control Building, and Auxiliary Building. Removal of penetration seals, opening of doors and hatches and other barrier related activities undertaken to facilitate maintenance require the following risk considerations:
- Ifbarrier availability is maintained or compensatory actions implemented per procedural requirements, no additional risk assessment or risk management activities pursuant to 10 CFR 50.65 (a)(4) will be required for barrier affecting maintenance accomplished in accordance with existing procedural guidance.
When existing procedural guidance or procedurally mandated evaluations establish that Technical Specification operability or Maintenance Rule availability of the equipment protected by the barriers is compromised a risk assessment per the requirements of this procedure will be completed prior to the maintenance activity and risk management actions will be implemented as required.
3.1.7 Work Week Managers are responsible for completing risk assessments of the Weekly Schedules and approved Scope Change Requests using the EOOS Monitor and the additional PRA insights documented in Appendix B. The risk assessments will determine and document the RMALs (see Appendix C) applicable to the scheduled activities.
3.1.8 Applicable RMALs will be documented on the Weekly Integrated Schedules; the Plan of the Day Schedules and the Morning Report produced by the Site Manager.
3.1.8.1 Work Management will notify and obtain approvals from applicable personnel and organizations as required by the RMALs (see Appendix C).
3.1.9 The Operations Work Control Senior Reactor Operator and Operations Shift Manager/Control Room Supervisor are responsible for complying with the "Routine Test Matrix", (located at V(Nt75pv):\POD\Routine Test Matrix\Routine Test Matrix.pdf), when authorizing the performance of Operations Surveillance Tests, Routine Operations Activities and Engineering tests. Some of these activities are not subject to the full restrictions imposed by the normal scheduling process. Compliance with the "Routine Test Matrix" ensures that these activities are nevertheless subject to appropriate risk assessment and management measures.
3.2 Assessment and Management of Risk during Work Planning and Implementation NOTE If the EOOS calculated CDF RMAL and EOOS calculated LERF RMAL differ, then use the higher RMAL classification.
I Nuclear Administrative and Technical Manual I Page 10 of 49 1 I ula diitaieadTcnclMna I Paelo4
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 3.2.1 When Work Management activities are complete and work is to commence, Work Orders are routed for Operations organization review and authorization to start work unless the work has been designated "pre-approved" by a qualified Work Planner based on the "Operations Pre-approved Work List" included in 30DP-9MP01, Conduct of Maintenance. (Operations may designate additional Work Orders "pre-approved' based on guidance provided in 30DP-9WP02, Work Document Development and Control.)
3.2.1.1 Either the Operations Work Control CRS or the Operations Shift Manager/Control Room Supervisor are designated the releasing authority for Work Orders not designated "pre-approved" and must be contacted for authorization prior to work implementation.
NOTE Work Documents are not designated "Operations pre-approved" if they involve work that could affect the functions of SSCs within the scope of (a)(4), (i.e., the Key Safety Function(s) of systems listed in Table A of Appendix F). The releasing authority risk management activities described in paragraph 3.2.2 is therefore not applicable to Maintenance Team Leaders.
3.2.1.2 The applicable Maintenanc'e Team Leader is designated the releasing authority for all "Operations pre-approved"' Work Orders.
3.2.2 The releasing authority is responsible for the following risk assessment and risk management activities when authorizing a work activity to proceed:
3.2.2.1 Assess the current plant status to ensure there are no conditions that have changed the assumptions used in the risk assessment performed during the scheduling process. Examples include: emergent conditions such as plant configuration or mode changes, additional SSCs out of service due to failures, degraded SSCs that have increased the likelihood of a plant trip or other initiating event and significant changes or known imminent changes in external conditions such as weather or offsite power availability.
3.2.2.1.1. All EQIDs associated with a work order (including permit and multi-equipment list information) that have a risk code of PRA or INIT should be included in the risk profile. Deviations from this requirement, in order to minimize the number of redundant EQIDs with the same impact on the unavailable SSC, can be approved by the Duty PRA Engineer.
3.2.2.1.2. Appendix F can be used to determine if the maintenance activities, tests or emergent conditions being addressed affect the key safety function(s) of an SSC within the scope of the 10 CFR 50.65 (a)(4) risk management program. If there is no effect on a 10 CFR 50.65 key safety function, additional risk assessment activities are not necessary.
I Nuclear Administrative and Technical Manual I Page 11 of 49
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 3.2.2.1.3. The risk effect resulting from the unplanned loss of one or more SSCs either by themselves or in conjunction with the currently scheduled maintenance activities can be assessed using the EOOS Monitor.
3.2.2.1.4. If the configuration cannot be assessed by the EOOS Monitor or the EOOS Monitor is not available, then the plant is in a configuration that has not been analyzed for risk; and a qualitative risk assessment of the plant configuration using the guidance in Appendix E must be performed prior to releasing the work, unless a specific configuration assessment can be made by the PRA section.
3.2.2.2 Verify that the notification requirements, conditions and restrictions applicable to the RMAL (reference Appendix C) that the plant is in or will be entering have been complied with.
3.2.2.3 Ensure that work activities authorized to commence are included in the applicable schedule or were previously designated float work in accordance with the provisions of 51 DP-90M03, Site Scheduling.
3.2.3 Maintenance Team Leaders, Maintenance Section Leaders and Maintenance Coordinators are responsible forcompleting maintenance and testing activities on the days and shifts specified 15ý the Weekly and POD Schedules. They are also responsible for notifying the Work Week Manager (WWM) when it is known that an activity will not be completed as scheduled.
3.2.3.1 Activities that have not or will not be completed per the schedule will be reviewed for schedule and risk impact during Daily Schedule Status Meetings.
3.2.4 Work Week Managers are responsible for assessing the risk implications of identified schedule additions and deviations using the EOOS Monitor and the additional guidance of Appendix B. The current plant configuration as well as the remaining weekly schedule will be considered.
3.2.5 The Unit Operations Department Leader is responsible for approving entry configurations that place the unit into "Orange" RMAL.
3.2.6 The Site Manager is responsible for decisions regarding holding over Maintenance Teams past their normal end of shift, when such measures may be necessary to clear all scheduled work in one EOOS Monitor risk case to allow switching to another scheduled EOOS Monitor risk case.
3.2.7 The Operations Work Control Senior Reactor Operator and Operations Shift Manager/Control Room Supervisor is responsible for complying with the "Routine Test Matrix", (located at V(Nt75pv):\POD\Routine Test Matrix\Routine Test Matrix.pdf), when authorizing the performance of Operations Surveillance Tests, Routine Operations Activities and Engineering tests. Some of these activities are not subject to the full restrictions imposed by the normal scheduling process. Compliance with the "Routine Test Matrix" ensures that these activities iNuclear Administrative and Technical Manual 7 Page 12 of 49
Assessment and Management of Risk When 70DP-ORA05 Revisic Performing Maintenance in Modes 1 and 2 are nevertheless subject to appropriate risk assessment and management measures.
3.2.8 The Shift Technical Advisor (STA) is responsible to assist the Control Room Supervisor and Shift Manager in determining the impact of maintenance activities or emergent conditions on SSC function and interpreting and implementing Appendices H, and F of this procedure.
3.3 Assessment and Management of Risk for Emergent Conditions NOTE If the EOOS calculated CDF RMAL and EOOS calculated LERF RMAL differ, then use the higher RMAL classification.
3.3.1 Emergent conditions may result in the need for action prior to the conduct of a risk assessment or could change the conditions of a previously performed assessment.
Examples include: plant configuration or mode changes, additional SSCs out of service due to failures, significantly degraded but still operable SSCs, degraded SSCs that have increased the likelihood of a plant trip or other initiating event and significant changes or known imminent changes in external conditions such as weather or offsite power availability.
3.3.2 Operations are responsible for assessing the effect of emergent conditions on previously performed Risk Assessments and the associated RMAL. These assessments will be performed as described below, using the EOOS Monitor and the additional guidance in Appendix E, as necessary. When required, Appendix E must be used unless a specific configuration assessment can be made by the PRA Group.
3.3.2.1 Emergent condition risk assessments will be completed on a reasonable schedule commensurate with the safety significance of the condition.
" They will not take precedence over, or delay taking timely compensatory actions or actions to restore failed equipment.
" They may be performed concurrent with restoration or compensatory actions but are not required to be completed if the plant configuration is restored before an assessment can be undertaken.
3.3.2.2 Severe weather conditions can be assessed using the EOOS Monitor. These conditions will be addressed consistent with the guidance provided below.
3.3.2.2.1. For severe weather conditions or seismic events, as iniated by 40AO-9ZZ21, Acts of Nature. While implementing 40AO-9ZZ21, do not initiate new work on (a)(4) SSCs. Entry into 40AO-9ZZ21 is considered entry into an Orange RMAL unless evaluated using the EOOS Monitor.
Nuclear Administrative and Technical Mahual I Page 13 of 4 iNulaAdiitaieadTcnclMna I Pae~f9I I
Assessment and Management of Risk When 70DP-ORA05 Revision Performing Maintenance in Modes 1 and 2 3.3.2.2.2. Damage to (a)(4) SSCs caused by severe weather or other acts of nature will be evaluated as described in steps 3.3.2.3 through 3.3.2.7.
3.3.2.3 For emergent equipment failures, refer to Appendix F to determine if the emergent condition is for a SSC within the scope of (a)(4). Ifthe SSC is not within the scope of (a)(4), then there is no risk impact associated with the emergent condition and the evaluation is complete.
3.3.2.4 Ifthe SSC is within the scope of (a)(4), then evaluate the impact of the condition on the safety functions listed in Appendix F for that SSC. If the condition does not impact the availability or reliability of the performance of the listed safety function, then there is no risk impact associated with the condition and the evaluation is complete.
3.3.2.5 The risk effect resulting from adding the loss of one or more SSCs to the currently scheduled maintenance activities can be assessed using the EOOS Monitor.
3.3.2.6 Ifthe configuration cannot be assessed by the EOOS Monitor or the EOOS Monitor is not available, then the plant is in a configuration that has not been analyzed for risk; and a qualitative risk assessment of the plant configuration using the guidance in Appendix E must be performed prior to releasing the work, unless a specific configuration assessment can be made by the PRA Group.
3.3.2.7 Any results of qualitative assessments performed as a result of entry into Appendix E will be documented in the unit logs.
3.3.2.8 Using EOOS Monitor, evaluating Emergent Conditions using the EOOS Desktop Instructions (located at V(Nt75pv):\MRULE\EOOS Instruction Manual
\EOOSInstructionManual.ROOX.pdf) 3.3.3 Based on the results of the emergent condition assessment, Operations may elect to suspend or reschedule ongoing planned maintenance, return SSCs to service or acknowledge a higher RMAL and complete all notifications and other actions required for that RMAL (reference Appendix C).
3.3.3.1 The risk management actions required by Appendix C (including notification and approval requirements) shall not take precedence over, or delay taking timely compensatory actions or actions to restore failed equipment.
3.3.4 The following rules will be applied when performing risk assessments of Maintenance Schedules and schedule Scope Change Requests (SCRs):
3.3.4.1 All planned work should normally be conducted within the analyzed configurations in EOOS Week 0 schedule using the guidance in Appendix A and B. For configurations that fall in the unanalyzed column of Appendix A, the PRA group should be contacted for guidance. In the absence of PRA modeling for unanalyzed conditions, Appendix E can be used to assess the risk for these configurations.
I Nuclear Administrative and Technical Manual I Page Pae~f9I 14 of 49 1 I NcerAmnsrtvanTehiaMaulI
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 3.3.4.2 Existing analyzed configurations may be moved to another configuration to perform work as long as all scheduled work is consistent with the analyzed configuration and the respective 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> total time for Yellow configuration and 36 hour4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> total time for Orange configuration limits are observed.
3.3.5 The Shift Technical Advisor (STA) is responsible for risk assessment support including assistance in determining the impact of maintenance activities or emergent conditions on SSC function and assistance in interpreting and implementing Appendices A, C, and E of this procedure.
I Nuclear Administrative and Technical Manual I Page 15 of 49 1 n ehnclMna Pae~f9i Nula diitrtv
Assessment and Management of Risk When 70DP-0RA05 Revision Performing Maintenance in Modes I and 2 4.0 DEFINITIONS AND ABBREVIATIONS 4.1 Definitions 4.1.1 10CFR50.65 - Maintenance Rule 4.1.2 Available - Describes an SSC that can perform its intended Key Safety Function. An SSC that is required to be available for automatic operation must be able to respond without human action to be considered available. In some circumstances, an SSC can be available but Technical Specification inoperable. An SSC that has been restored following maintenance may be available but will not be declared Technical Specification operable until a required retest has been performed. (See Unavailable) 4.1.3 Cross-train Work - work on components or systems in a train not addressed by the current 12-Week Work Schedule configuration (e.g., work on the PB "B"train bus while in A train Work Week would be cross-train work).
4.1.4 EOOS - term for the computer software program developed by EPRI to calculate the Plant Risk. Commonly referred to at Palo Verde as the EOOS Monitor.
4.1.5 EOOS Monitor - computerized tool developed for evaluating CDF or LERF risk based on the actual equipment scheduled or deliberately taken out of service for maintenance, testing and repair.
4.1.6 High Risk Significant - The Palo Verde SSCs that are classified as having significant contributors to risk as determined by a combination of Probabilistic Risk Analysis, design basis input and a deterministic approach by the Expert Panel.
4.1.7 Low Risk Significant - Those SSCs that are classified as having some contribution to risk but are not classified as High Risk Significant. This does not mean that Low Risk Significant systems have no risk, nor does it mean that they are not important. Low Risk simply means that the system does not have as high of a risk as High Risk Significant systems. Ifa system has no risk, it is not included in the scope of the Maintenance Rule.
4.1.8 Official Risk Profile - The Assessment of Risk Profile for the planned Week "0" work as shown on the hard copy included with the POD produced and maintained by the Week "0"WWM. For a case that involves emergent work, the Official Risk Profile is the Risk Profile results of what ever EOOS tool (Scheduler or Operator Screen) is used to evaluate the emergent work.
4.1.9 Risk - Risk encompasses what can happen (scenario), its likelihood (probability), and its level of damage (consequences).
4.1.10 Risk Significant - Those SSCs that are classified as having some level of contribution to risk as determined by the Risk Ranking Process. PV has classified Risk Significant as High Risk and Low Risk SSCs.
I Nuclear Administrative and Technical Manual I Page 16 of 49 1 I NcerAmnsrtvanTehiaMaulI Pae~f9I
Assessment and Management of Risk When 70DP-ORA05 Revision Performing Maintenance in Modes I and 2 4.1.11 Unavailable - Describes an SSC that cannot perform its intended function. Typically, an SSC that is required to be available for automatic operation must be able to respond without human action to be considered available, although some exceptions for testing are allowed as described below. Equipment out of service (e.g. tagged out) for corrective or preventive maintenance is considered unavailable. SSCs out of service for testing are considered unavailable, unless the test configuration is automatically overridden by a valid starting signal, (e.g., a Main Steam Isolation Signal closes the Miss during performance of 73ST-9XI1 6) or the function can be promptly restored either by an operator in the control room or by a dedicated operator stationed locally for that purpose. Restoration actions must be contained in a written procedure, must be uncomplicated (a single action or a few simple actions), and must not require diagnosis or repair. Credit for a dedicated local operator can be taken only if (s)he is positioned at the proper location throughout the duration of the test for the purpose of restoration of the train should a valid demand occur.
4.2 Abbreviations 4.2.1 CDF - Core Damage Frequency 4.2.2 CDP - Core Damage Probability 4.2.3 LCO - Limiting Condition for Operation 4.2.4 LERF - Large Early Release Frequency 4.2.5 LERP - Large Early Release Probability 4.2.6 LRMP - Long Range Maintenance Plan 4.2.7 0OS - Out of Service 4.2.8 PRA - Probabilistic Risk Assessment 4.2.9 SSC - Systems, Structures and Components 4.2.10 WCSRO - Work Control Senior Reactor Operator 4.2.11 WWM - Work Week Manger I Nuclear Administrative and Technical Manual I Page 17 of 49 1 Pae~f9I I Nula diitaieadTcnclMna
Assessment and Management of Risk When 70DP-ORA05 Revision Performing Maintenance in Modes 1 and 2
5.0 REFERENCES
5.1 Implementing 5.1.1 40DP-90P09, System status Control 5.1.2 51 DP-90M03, Site Scheduling 5.1.3 70DP-0MR01, Maintenance Rule 5.1.4 30DP-9WP02, Work Document Development and Control 5.1.5 30DP-9MP01, Conduct of Maintenance 5.1.6 40AO-9ZZ21, Acts of Nature 5.1.7 TRM 5.0.500.19, Configuration Risk Management Program (CRMP) 5.2 Developmental 5.2.1 10CFR50.65 - Maintenance Rule 5.2.2 13-NS-B39, Safety Significance Analysis of Work During Maintenance Outage Windows 5.2.3 01 DP-0AP01, Procedure Process 5.2.4 40DP-9OP02, Conduct of Shift Operations 5.2.5 51 DP-90M03, Site Scheduling 5.2.6 73DP-9ZZ1 4, Surveillance Testing 5.2.7 Sensitive Issues Manual 5.2.8 Revised Section 11, "Assessment of Risk Resulting from Performance of Maintenance Activities," of NUMARC 01 Rev. 2, dated February 22, 2000 5.2.9 Regulatory Guide 1.182, Assessing and Managing Risk Before Maintenance Activities at Nuclear Power Plants 5.2.10 70DP-O0MR01 - Maintenance Rule 5.2.11 CRDR 150170.10 5.2.12 CRDR 961394.02 5.2.13 CRDR 160330.02 5.2.14 CRDR 150170.08 5.2.15 CRDR 981772.02 I Nuclear Administrative and Technical Manual I Page 18 of 49 1 I Nula diitaieadTehia aulIPglo4 I
Assessment and Management of Risk When 7ODP-ORAO5 Revision 1 Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train Assumptions Table - Usage Instructions
- 1. This table lists the unavailable SSCs or maintenance and testing activities assumed when taking a train out of service in EOOS Monitor.
- 2. The EOOS Train Table utilizes the SSC designators similar to those identified in the Twelve Week Matrix.
- 3. Assumptions for the EOOS Train Table are listed in separate rows for each system or subsystem designator used in the EOOS Monitor. The assumptions are split into Analyzed and Unanalyzed columns.
- 4. Maintenance activities, system operations, or equipment conditions that are equal to or less restrictive or have equal or less impact on the SSCs Key Safety Function(s) than that shown in the Analyzed columns of the table are considered bounded by the PRA analysis and can be risk assessed using the EOOS Monitor train or component item list.
- 5. Maintenance activities, system operations, or equipment conditions that are listed in the Unanalyzed columns of the table, or which are more restrictive or have greater impact on the SSCs Key Safety Function(s) than those listed in the Analyzed columns of the table are not bounded by the PRA analysis developed for "Train" outages and possibly cannot be assessed using the EOOS Monitor. For configurations that fall in the Unanalyzed column of Appendix A, the PRA group should be contacted for guidance. In the absence of PRA modeling for unanalyzed conditions, Appendix E can be used to assess the risk for these configurations.
- 6. A list of Key Safety Functions assumed for the (a)(4) systems is provided in Table A of Appendix F.
- 7. Maintenance on any of the items listed for a system is considered to be the same as taking that system out of service when using the EOOS Monitor (all items are considered separated by "and/or" unless otherwise stated).
I Nuclear Administrative and Technical Manual I Page 19 of 49 1 I ula diitaieadTcnclMna I Paelo4
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed AF-A A Train Auxiliary AFA pump/train OOS Feedwater AFA-SS-SG1 Steam supply to A Train One steam supply line OOS:
AFA-SS-SG2 Auxiliary Feedwater SGAUVI 34 and/or 134A, or Pump SGAUV1 38 and/or 138A AFA-INJECT-SGI A Train Auxiliary One injection line OOS:
AFA-INJECT-SG2 Feedwater Injection AFAUV37 and/or AFCHV33 Lines or AFCUV36 and/or AFAHV32 AF-B B Train Auxiliary AFB pump/train OOS Feedwater AFB-INJECT-SG1 B Train Auxiliary One injection line OOS:
AFB-INJECT-SG2 Feedwater Injection lines AFBUV35 and/or HV31 or AFBUV34 and/or HV30 AF-N N Train Auxiliary AFN pump/train OOS Feedwater ARA Air Removal Any one AR pump OOS, or 2 or more AR ARB System/Pumps Work which may impact availability of pumps OOS ARC one train of AR ARD CD-NP01A Condensate Work that may impact availability of 2 or more CD CD-NP01 B System/Pumps the CD system and/or one CD pump pumps OOS CD-NP01C OOS.
CD- Condensate System Condensate demin bypass OOS BYPASSDEMIN Demin CE Stator Cooling System One train of stator cooling OOS, or Work which may impact availability of train of CE CH1-A CVCS Charging Pumps Any one charging pump OOS CH1-B A, B, E CHI-E CH7 Refueling Water Tank, Any one channel of RWT RWT out of Boric Acid Make-up instrumentation bypassed. service Pumps, Boric Acid Filter, Boric Acid Batching_
CO Main Turbine Generator Any one train of CO OOS, or Work Control Oil System which may impact availability of one train of CO Nuclear Administrative and Technical Manual Page 20 of 49
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed CWA CWA: Circulating Water Any one circ water pump OOS, or 2 or more CW CWB Pump A, Cooling Tower Work which may impact availability of pumps OOS CWC 1 one circ water pump CWD CWB: CW Pump B, CWM Tower 2 CWC: CW Pump C, Tower 3 CWD: CW Pump D CWM: Misc CW DF-A Diesel Fuel Transfer DFA OOS System - Train A DF-B Diesel Fuel transfer DFB OOS System Train B DG-A DGA: Train A DGA OOS Emergency Diesel Generator System DF: Diesel Fuel transfer System HD: DG Building Essential HVAC PE: Class 1E Standby Generation DG-B DGB: Train B DGB OOS Emergency Diesel Generator System DF: Diesel Fuel Transfer System HD: DG Building Essential HVAC PE: Class 1 E Standby Generation EC-A Essential Chilled Water ECA OOS Train A EC-B Essential Chiiled Water ECB OOS Train B EW-A Essential Cooling Water EWA OOS Train A EW-B Essential Cooling Water EWB OOS Train B FS-NG01 WRF (GTG) Fuel Oil Fuel oil supply to one GTG OOS FS-NG02 (worked concurrent with GTG outage)
Nuclear Administrative and Technical Manual,: Page 21 of 49
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed FT Steam Generator Work that could impact availability of FWPT OOS Feedwater Pump one FWPT but does not require Turbines shutdown of the FWPT FW Feedwater System Work that could impact availability of FWP OOS one train of FW but does not require shutdown of the FWP GA Service Gases (N2 & One HP N2 storage bank OOS Both GA N2 H2) One HP N2 regulator set OOS banks or (Note: Nitrogen pumps have no regulators OOS impact on plant risk)
Note: GA H2 maintenance that does not render the system OOS has no impact on plant risk GT-NG01 Gas Turbine Generator GTG 1A OOS BOTH GTGs
- 1 (AE-NEN-G01A) . 00S GT-NG02 Gas Turbine Generator. GTG 1B OOS BOTH GTGs
- 2 (AE-NEN-GO1B) ' _,_ 00S GT-Both GTGs Gas Turbine Generators Both GTGs OOS.
- 1 & #2 Select the Both GTG OOS Train.
FS: GTG Fuel Supply Do Not select both GT-NGO1 and GT-NE:Standby Power NG02 individually.
(Station Blackout Gas Turbine Generator)
NK Unit A: AENKNF20 HA-A Auxiliary Building Any Aux Bldg Normal ventilation HA-B Essential Ventilation (HAN-A01 A, HAN-Ao1 B) OOS Trains A and B Any Aux Bldg Class dampers OOS (HAN-M03, HAA-M04, HAA-M21 1, HAB-M04).
Essential HVAC room cooler (HPSI, LPSI, CS, EW, AFB) are assessed by the supported pump.
Note: HA to HF or penetration room AHU imposes no risk HA-N Auxiliary Building Normal Any or all Aux Bldg Normal ventilation Ventilation (N) Train OOS (HAN-AOlANB, HAN-M03, HAA-M04, HAA-M21 1, HAB-M04), except CEDMCS coolers HAN-Z02A, HAN-Z02B Note: Use SF-ALL-OTHERS for HAN-Z02A and/or HAN-Z02B OOS Nuclear Administrative andTechnical Manual Page 22 of 49
Assessment and Management of Risk When Performing Maintenance in Modes I and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed HC Containment Ventilation One channel of CTMT PRESS in by- Only one CEDM pass. fan available.
Note: Containment HVAC has no impact on plant risk, except when only one CEDM fan remains available.
(Use CL for isolation valves)
HD-A Diesel Generator HDA-A01, J01, or M01 OOS Building Essential Ventilation (Train A)
HD-B Diesel Generator HDB-AO1, J01, or MO0 OOS Building Essential Ventilation (Train B)
HJ-A Control Building Any train A Essential HVAC to HJA-M101; Essential Ventilation Essential Switchgear room (Z03), DC and/or Train A EquipmentRoom (Z04) and/or Control HJA-M69; Room (F04) OOS and/or Note: Risk significant function is HJA-M73 closed equipment cooling , not filtration These dampers Battery room exhaust fans (HJA- impact both JO1NB) do not impact plant risk. normal and essential HVAC HJ-B Control Building Any train B Essential HVAC to HJB-M103; Essential Ventilation Essential Switchgear room (Z03), DC and/or Train B Equipment Room (Z04) and/or Control HJB-M07; Room (F04) OOS and/or Note: Risk significant function is HJB-M14; equipment cooling, not filtration and/or Battery room exhaust fans (HJB- HJB-M25; J01A/B) do not impact plant risk. and/or HJB-M26 closed These dampers impact normal and essential HVAC HJ-N Control Building Normal Any control building Normal HVAC fan Ventilation (Train N) or damper cooling 100' or 140' Control Building (A02 and/or A03) OOS Note: Risk significant function is equipment cooling , not filtration.
Battery room exhaust fans (HJN-J01 A/B/C/D) do not impact plant risk IA1 IAl:Air Compressor A Any one compressor OOS 2 or more IA IA2 IA2:Air Compressor B compressors IA3 IA3:Air Compressor C I OOS Nuclear Administrative and Technical Manual? I Page 23 of 49
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed LO-FWPT Lube Oil System Work which may impact availability of Work removing LO-MT LO FWP or FWPT MA Main Generation System Work which may impact availability of MA MB Excitation and Voltage Work which may impact availability of Regulation System MB MT Main Turbine System Work which may impact availability of MT NA Non-Class 1E 13.8-KV Work which may potentially cause a No Startup Power plant trip, including PR&C work. Transformer Note: Use EOOS Alignment Menu for feed to NAN bus blocking Fast Bus Transfer and Startup Transformer alignment. Use GT-BOTH Note: Ref Appendix B step 1.6 for GTGs for restrictions on S05/S06 cross-tie NANS03AB or operations. AENANS07 (Breakers are scoped with the supported SSC)
STARTUP- Startup Transformers Removal of 1 Startup Transformer TRANS-X01 with transfer to alternate source. Fast STARTUP- Bus Transfer block must be modeled TRANS-X02 with EOOS Alignment Menu.
STARTUP-TRANS-X03 NB Non-Class 1E 4.16-KV PR&C work; and/or NBNX03, or Power Breaker work not impacting bus; X04, or and/or NANS03A, or NBN-S01 C unavailable S04A, or (Breakers are scoped with the NBNS01, or supported SSC) NBNS02 OOS NC Nuclear Cooling Water One pump and/or heat exchanger No NC cooling OOS; and/or to Containment Work which may impact availability of loads a train of NC Isolation of RCP HPSC NCW relief valves (NC-HCV-616)
NE-A Standby Power (Station Bus or breaker work impacting one NE-B Blackout Gas Turbine GTG (Worked concurrent with GTG Generation) outage)
Nuclear Administrative and Technical Manual I Page 24 of 49-]
[ Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed NK-H17 Non-Class 1E 125-V DC Any one NK Charger OOS NK Battery NK-H20 Power (H17, H20, H21) (F17)
NK-H21 Note 1: NKN-F18, H18 and M46 do not NK Distribution significantly impact PRA safety Panel OOS Functions (D41, D42, D43) or NK Control Center (M45)
NK-F17 Non-Class 1E 125-V DC NK Battery (F17)
Battery NK-Unit A-NG01 AENENFO0A, Battery, bus, and/or breaker work AE-NKN-F20 NK-Unit A-NG02 AENENF01 B, impacting one GTG (worked (both GTGs)
AENENF02A, and concurrent with GTG outage) OOS AENENF02B @ the Gas Turbine Area NK-Unit A Both AENKNF20@ the Gas AE-NKN-F20 (both GTGs) OOS GTGs Turbine Area _ .
NN-A-V13 Non-Class 1E Any one NN Voltage Regulator NN Distribution NN-B-V14 Instrument AC Power (NNNV11, V12, NNAV13, NNBV14) Panels Or NN-N-V1 1 OOS transfer NN-N-V12 Note: NNN-V18 imposes no plant risk switches OOS (NNND11, NNND12, NNNTS11, NNNTS12)
Note: NNND15 and NNND16 impose no plant risk PE-A Class 1E Standby PEA-GO1 OOS Generation Train A PE-B Class 1 E Standby PEB-G01 OOS Generation Train A PK-AH11 Class 1E 125-V DC One PK Charger OOS PK Battery, or PK-AH15 Power Channels A & C (PKAH11, PKCH13, PKAH15) PK Bus, or PK-CH13 PK Distribution Panel OOS PK-AF11 Class 1E 125-V DC One PK Battery OOS PK-CF1 3 Power Batteries A & C (PKAF1 1, PKCF1 3)
PK-BH12 Class 1E Instrument AC One PK Charger OOS PK Battery, or PK-BH16 Power Channels B & D (PKBH12, PKDH14, PKBH16) PK Bus, or PK-DH14 PK Distribution Panel OOS Nuclear Administrative and Technical Manual Page 25 of 49
Assessment and Management of. Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed PK-BF12 Class 1E 125-V DC One PK Battery OOS PK-DF14 Power Batteries B & D (PKBF12, PKDF14)
PN-AN1 1 Class 1E Instrument AC One Voltage Regulator 0OS, Distribution PN-AV25 Power Channels A and (PNAV25 or PNCV27), or One Panel OOS PN-CN13 C Inverter PN-CV27 (PNAN11, or PNCN13) OOS PN-BN12 Class 1E Instrument AC One Voltage Regulator OOS, Distribution PN-BV26 Power Channels B and (PNBV26 or PNDV28), or One Panel OOS PN-DN14 D Inverter PN-DV28 (PNBN12 or PNDN14) OOS PW Plant Cooling Water One PW pump or train OOS System RC Reactor Coolant System One Pressurizer pressure instrument RCS leakage in channel bypassed; and/or excess of Work that may impact availability of Technical the RC system but does not impact Specification RCS pressure boundary, RCP Limits operation or RCP seal cooling.
Notes: (1) Use SF-PPCS for less than 2 banks of PZR heaters available. (2)
Use SF-PPCS for normal spray valves unavailable SA-A Engineered Safety One train in test or maintenance. BOP-ESFAS SA-B Features Actuation Includes one channel PB bus UV/DV sequencer OOS Trains A and B testing per 32ST-9ZZ03.
Note 1: Analysis does not include impact of components overridden or bypassed during SA testing.
Note 2: FBEVAS, CPIAS, CREFAS, and CRVIAS have no impact on PRA safety function SB SB1: Reactor Protection One channel bypassed of each Channel System Channels A and parameter; and/or parameter C - CPC and CEAC One channel PPS/SPS in test or tripped (OCS Work) maintenance; and/or SB2: Reactor Protection One CPC and/or one CEAC in test or System Channels B and bypassed D - CPC and CEAC Note: OCS or I&C can work in any (OCS Work) case including SB1, SB2 or SB3 SB3: Reactor Protection System Channels I A,B,C,D (I&C Work) I Nuclear Administrative and Technical Manual Page 26 of 49
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed SB4 Reactor Protection Any one RTSG breaker open System - Reactor Trip Switchgear SC-BD Secondary Chemical Blowdown unavailable and/or SC-DEMIN Control System Condensate demin bypass OOS SE SE: Ex-core Neutron Any one channel in test or One channel Monitoring System maintenance (l&C or OCS) tripped SF-PPCS Reactor Control Systems Work which may potentially cause a SBCS in manual SF-SBCS reactor trip (FWCS, SBCS, PLCS, or off (master or SF-ALL-OTHERS PPCS, CEDMCS, RPCB); and/or valves) or CEDMCS cooling (HAN-Z02A, Z02B) more than one OOS SBCS valve Includes less than two banks of PZR OOS heaters Available, and/or both normal PZR spray valves OOS Note 1: Includes temporarily switching control system to OFF to transfer input signals.
Note 2: Includes plant manipulations required for performance of MTC testing.
Note 3: One SBCS valve OOS does not impact safety function of SF system.
Note 4: Only two banks of PZR heaters available and/or one normal PZR spray valve OOS does not impact safety function of SF SG11 SG11: Main Steam Any one MSIV in maintenance or test; Downcomer SG12 System Train A MSIVs and/or FWIV failed and FWIVs Economizer FWIV in maintenance or closed SG12: Main Steam test; and/or System Train B MSIVs Work which cannot fail closed a and FWIVs Downcomer FWIV Train refers to the I actuator.
Nuclear Administrative and Technical Manual Page 27 of 49
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed SG11-A-MSIV170 SG11: Main Steam One train of MSIV hydraulic actuation SG11-A-MSIV180 System Train A MSIVs SG11-B-MSIV170 SG12: Main Steam SG11-B-MSIV180 System Train B MSIVs SG12-A-MSIV171 Train refers to the SG12-A-MSIVI81 actuator.
SG12-B-MSIV171 SG12-B-MSIV181 SG21-A-ADV179 SG21: Main Steam Any one ADV OOS SG21-A-ADV184 System ADV 179 (SG2 -
SG22-B-ADV178 L2)/ADV 184 (SG1-L1) (note: any combination of SG21 and SG22-B-ADV185 SG22: Main Steam SG22 can be evaluated by EOOS)
System ADV 178 (SG1 -
L2)I/ADV 185 (SG2-L1)
SG21 -IA-N2 SG21: Main Steam Isolates IA/GA to both ADVs in one SG22-lA-N2 System ADV 179 (SG2 - train L2)/ADV 184 (SG1-L1)
N2 supply SG22: Main Steam System ADV 178 (SG1 -
L2)/ADV 185 (SG2-L1)
N2 supply SG23 Main Steam System - One channel of SG level in bypass 2 or more Miscellaneous SG/ADV (AFAS1 or AFAS2) and/or SBCVs out of tests Misc. SG, ADV, or SBCV testing service which may impact plant trip (ADVs 2 or more and SBCSs available) MSSVs per SG Notes: (1) One SBCS valve OOS out of service.
does not impact SBCS safety function.
(2) One MSSV per SG OOS does not Use SF for impact SG safety function. SBCS OOS or SBCS maintenance activities SI1-A Safety Injection LPSI SIAPO1(LPSI pump A) OOS train A Includes all SDC function components.
SI1-B Safety Injection LPSI SIBP01 (LPSI pump B) OOS train B Includes all SDC function components.
S12-A Safety Injection HPSI SIAP02 (HPSI pump A) OOS train A S12-B Safety Injection HPSI SIBP02 (HPSI pump B) OOS train B Nuclear Administrative andTechnical Manual Page 28 of 49
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed S13-A Safety Injection System SIAP01 (LPSI pump A) OOS and/or
- LPSI/Containment SIAP03 (CS pump A) OOS and/or SprayTrain A SIAE01 (Shutdown Cooling Heat Exchanger A) OOS S13-B Safety Injection System SIBP01 (LPSI pump B) OOS and/or
- LPSI/Containment SIBPO3 (CS pump B) OOS and/or SprayTrain B SIBE01 (Shutdown Cooling Heat Exchanger B) OOS SIT Safety Injection Tanks Any one SIT out of service for maintenance SO Generator Seal Oil Work which may impact SO availability SP-A Essential Spray Pond SPAP01 OOS SP-A Train A SP-B Essential Spray pond SPBP01 OOS SP-B Train B IIJ I Nuclear Administrative and Technical Manual I Page 29 oof 49 1
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed SWYD-912 Switchyard Any switchyard configuration can be Any other SWYD-922 analyzed by EOOS ifit meets the Switchyard SWYD-932 following criteria: configuration.
SWYD-942 SWYD-972 =< 2 cross-tie lines open. This is not SWYD-982 applicable during an East or West bus SWYD-992 outage'.
SWYD-915 SWYD-925 Each on-line unit main generator tied SWYD-935 to a bus (East or West).
SWYD-945 SWYD-975 <2 startup transformers OOS.
SWYD-985 SWYD-995 SWYD-918 SWYD-928 SWYD-938 SWYD-948 SWYD-988 SWYD-998 SWYD-DEVERS SWYD-HASS1 SWYD-HASS2 SWYD-HASS3 SWYD-RUDD SWYD-WW1 SWYD-WW2 1The requirement which limits switchyard operation to a maximum of two cross-tie lines OOS [i.e., separated from the East and West buses through an open breaker(s)], Is designed to avoid overloading the remaining cross-tie lines. In the event of an East or West bus outage, all bays will have at least one breaker OOS thereby all cross-tie lines will be OOS In regards to connecting the East and West bus. The only time It Is acceptable to have a switchyard breaker open in more than two cross-tie lines is when setting up for or recovering from an East or West bus outage. Per discussion with Electrical Design, the East and West switchyard buses are designed to Independently carry all plant loads. Having either the East or West bus OOS, does not increase the probability of a loss of the remaining bus due to electrical overloading of cross-tie lines. Loss of a startup transformer or main generator probability is Increased In the event of a bus outage but this additional risk is analyzed in EOOS by including the switchyard breakers associated with the bus tagging permit.
I Nuclear Administrative and Technical Manual I Page 30 of 49 1 I ula diitaieadTcnclMna I Pae0f9I
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix A - EOOS Train Assumptions EOOS Train SSC EOOS Train Assumptions Name/Description Analyzed Unanalyzed TC Turbine Cooling System Any one TC pump and/or heat exchanger OOS; or Work which may impact availability of one TC pump or heat exchanger WC1 WCI: Chilled Water Any one normal chiller / pump OOS WC2 Train A WC3 WC2: Chilled Water (note: any combination of WC1, WC2, WC4 Train B WC3 and WC4 can be evaluated by WC3: Chilled Water EOOS)
Train C WC4: Normal Chiller WCN-E02 I Nuclear Administrative and Technical Manual I Page 31 of 49 1 I Nula diitaieadTehia aulIaelf9I
Assessment and Management of Risk When 7ODP-ORAO5 Revision 1 Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix B - Additional PRA Risk Informed Guidance Part I - Scheduling Considerations 1.1 Support system maintenance, if it affects front line (or additional support) system unavailability, should be scheduled concurrently during the week in an attempt to minimize the front line (support) system unavailability (i.e., SP/DG, EW/EC).
1.1.1 Work on supporting systems for the GTGs' should be worked concurrently with the GTG. Work on GTG1, GTG2, FS, NK Unit A, NEA or NEB which impacts the GTGs' ability to start and load shall be counted as unavailability of the GTG.
1.2 Unavailability time should be minimized for critical systems.
1.3 Minimally impacting SSCs may be worked in any week during the 12-Week schedule without PRA review, as long as work is being performed on the same train as that week's train.
1.3.1 FP deluge subsystem testing/maintenance should be scheduled on the same train equipment as in that week's train.
1.3.2 FP deluge system testing/maintenance on startup transformers should be scheduled on the same train equipment as in that week's train, or when the startup transformer is out of service.
1.4 Non- (a)(4) systems may be worked in any week during the 12-Week schedule without PRA review, as long as work is being performed on the same train as that week's train.
1.5 Due to the negligible increase in probabilistic risk work in the Liquid Radwaste (LR) system as well as any ventilation tracer gas testing may be performed in any target week.
1.6 Do not perform WRF actions which cross tie 1E-NAN-S05 with 1E-NAN-S06 while:
- 1) Unit 1 has either diesel generator out of service, or
- 2) one or more GTG is out of service, or
- 3) a startup transformer is out of service, unless a special PRA analysis is performed.
Cross-connecting activities should be performed expeditiously, minimizing the time in which the buses are actually cross-connected. During the period when WRF loads are doubled on 1E-NAN-S05 or 1E-NAN-S06, but 1E-NAN-S05 and 1E-NAN-S06 are not cross-connected, these restrictions do not apply. These loads have been accounted for in the design calculations.
1.7 Voluntary entry into Technical Specification LCOs that may extend into a planned plant refueling outage should be limited to the performance of required corrective maintenance and/or testing to ascertain system performance.
I Nuclear Administrative and Technical Manual I Page 32 of 49 1 I NcerAmnsrtvanTehiaMaulI Pae2f9I
Assessment and Management of Risk When 7ODP-ORAO5 Revision 1 Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix B - Additional PRA Risk Informed Guidance 1.8 System outages may be shifted to accommodate forced outages due to unexpected equipment failures or unplanned required equipment shutdowns.
1.9 Any work activities, which do not match the analyzed week 0 schedule will be analyzed with EOOS Monitor. Ifthe activities can not be analyzed with EOOS Monitor or with PRA group assistance then use Appendix E.
Part 2 Week Schedule Considerations 2.1 Systems which provide the same critical safety function should not be taken out of service concurrently (i.e., secondary inventory control - AF, FW, CD; primary inventory control -
HPSI/LPSI).
2.1.1 Outages, which cause a loss of availability, should not be scheduled concurrently for SI pumps in the same train that can provide the same safety function (RCS inventory control, containment cooling). Therefore High Pressure Safety Injection (HPSI) outages should not be performed concurrently with Low Pressure Safety.Injection (LPSI) outages.
2.1.2 Maintenance on the GTGs a'nd any of the unit's DGs should not be performed concurrently (excludes DG air start systems).
2.1.3 Maintenance should not be scheduled on any two emergency diesels at the same time. This includes the refueling outage periods when one diesel is being torn down for inspection and testing.
2.1.4 Maintenance on the NA Bus should not be scheduled concurrently with DG/PE or GT/NE maintenance. However, maintenance on individual NA Breakers which are placed in a safe condition (i.e., racked out, removed, etc.) is permitted. (CRDR 9-6-1394) (CRDR 9-8-1772) 2.1.5 The EOOS Monitor may be used to determine risk with both GTGs out of service, refer to Appendix A.
2.2 System outages should be scheduled to minimize the frequency of testing.
2.3 System outages should be scheduled after the surveillance of the redundant system to increase confidence in the redundant system's operability.
2.4 Maintenance on the RTSG and DG should not be scheduled concurrently due to the increased probability of a reactor trip, which increases the demand potential for the DG system. (CRDR 9-6-1394) 2.5 Only one instrument air compressor and/or air dryer should be scheduled out of service at a time.
I Nuclear Administrative and Technical Manual.. - Page 33 of 49 1
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix B - Additional PRA Risk Informed Guidance 2.6 When EC and/or EW systems are scheduled out of service, no HA work affecting normal ventilation for AF 'B' pump room will be allowed because the sole remaining cooling for the AF
'B' room is the normal HA ventilation system.
2.7 AFA, AFB, and AFN pump work will not be regularly scheduled out of service while on line.
2.8 The following applies to AF valve work.
2.8.1 A train of Auxiliary Feedwater (AF) valves and the components from Condensate (CD) and Main Feedwater (FW) that are used for alternate feedwater (AItFW) should not be taken out of service concurrently, even if not required for power production.
2.8.2 Due to the Main Feedwater dependence upon Instrument Air (IA), it is highly recommended that an IAcompressor outage should not be performed concurrently with an AF Train "A", "B", or "N"outage.
2.8.3 Maintenance of AF valves and Reactor Trip Switchgear (RTSG) should not be scheduled concurrently due to the increased probability of Reactor Trip, which increases the demand potential for the AF system. (CRDR 9-6-1394). This includes scheduling surveillance testing that opens the RTSG.
2.9 Work in the 12-Week matrix designated with small letters shall not impact the ability of the equipment to perform its safety function.
I Nuclear Administrative and Technical Manual I Page 34 of 49 1 Pae4f9I I NcerAmnsrtvanTehiaMaulI
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix C - Risk Management Actions (For Scheduled or Emergent Condition Entry into RMAL)
RMAL Management Controls Green a Minimize time equipment is unavailable.
" No additional management controls are needed.
0 Work may not be extended past planned work windows unless evaluated by the EOOS Monitor.
Yellow
- Ifpossible, limit the time in a Yellow RMAL to 72 total accumulated hours per week.
0 Note: An emergent condition causing a Yellow RMAL (even if the duration is 72 or more hours) does not preclude the performance of scheduled Yellow RMAL maintenance following correction of the emergent condition. This is true even when the scheduled activities will result in additional hours in a Yellow (or Orange) RMAL during the same week.
E Note: An emergent condition causing a Yellow RMAL does not preclude continuing or commencing performance of scheduled maintenance activities during the emergent condition, as long as the resultant configuration risk remains a Yellow RMAL.
a Notify Site Manager, Unit Department Leader, Work Week Manager and PRA if the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> limit is in jeopardy.
0 PRA evaluation is required prior to exceeding the 72 hour8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> limit.
0 Ifentry into the Yellow RMAL is the result of entry into a condition unanalyzed by the EOOS Monitor or an evaluation per Appendix E, then prior to releasing new work on SSCs within the scope of (a)(4) and to determine the need for contingency plans to restore equipment currently out of service, perform the qualitative assessment per the direction in this Appendix. (see page 4).
Orange
- Unit Department Leader approval required prior to work initiation (documented by signature on final schedule).
- Site manager and Unit Department Leader notification required for any unscheduled entry into RMAL.
- Strict schedule control.
- Consider developing contingency plans to restore out of service equipment Nuclear Administrative and Technical Manual I Page 35 of 49
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 11and 2 Appendix C - Risk Management Actions (For Scheduled or Emergent Condition Entry into RMAL)
RMAL Management Controls rapidly if needed.
" Notify Site Manager, Work Week Manager and PRA if the 36-hour limit is in jeopardy.
" PRA evaluation is required prior to exceeding the 36-hour limit.
" System Engineer review required during the planning phase to verify Maintenance Rule performance criteria will not be exceeded and to ensure the proposed maintenance is necessary and has been scheduled appropriately to minimize risk.
" Restore out of service equipment rapidly.
" If possible, limit time in an Orange RMAL to 36 total accumulated hours (even if that means working around the, clock).
" Note: An emergent condition causing an Orange RMAL (even if the duration is 36 or more hours) does not preclude the performance of scheduled orange RMAL maintenance following correction of the emergent condition.
This is true even when the scheduled activities will result in additional hours in an Orange (or Red) RMAL during the same week.
" Note: An emergent condition causing an Orange RMAL does not preclude continuing or commencing performance of scheduled maintenance activities during the emergent condition, as long as the resultant configuration risk remains an Orange RMAL.
" If entry into the Orange RMAL is the result of entry into a condition unanalyzed by the EOOS Monitor or an evaluation per Appendix E, then prior to releasing new work on SSCs within the scope of (a)(4) and to determine the need for contingency plans to restore equipment currently out of service, perform the qualitative assessment per the direction in this Appendix. (see page 4).
SRed - Plant Manager, Palo Verde approval required prior to entering scheduled RMAL.
" Plant Manager, Palo Verde, Site Manager, and Unit Department Leader notification required for any unscheduled entry into RMAL.
" Contact the PRA Section to perform a Risk Assessment of the specific Plant condition(s) and alternative options. The Risk Assessment by the PRA Nuclear Administrative and Technical Manual I Page 36 of 49
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix C - Risk Management Actions (For Scheduled or Emergent Condition Entry into RMAL)
RMAL Management Controls Section is required to be performed and forwarded to the Plant Manager prior to voluntarily entering a planned or scheduled Red RMAL.
" Establish additional accident barriers such as protecting redundant SSCs, if determined to be necessary by the PRA analysis.
" Use Maintenance and Engineering expertise to restore out of service equipment rapidly.
" Minimize additional configuration changes.
" Work around to the clock to restore condition.
" System Engineer review required during the planning phase to verify Maintenance Rule performance criteria will not be exceeded and to ensure the proposed maintenance is necessary and has been scheduled appropriately to minimize risk.
" Stop all new work impacting Maintenance Rule (a)(4) classified systems in that unit (except that work required to restore out of service SSCs).
" Return the emergent SSC to available status or contact PRA for an evaluation prior to releasing additional systems within the scope of (a)(4) for new work.
" If entry into the Red RMAL is the result of a condition not addressed by the EOOS Monitor or an evaluation per Appendix E, then determine the need for contingency plans to restore equipment currently out of service, perform the qualitative assessment per the direction in this Appendix. (see page 4).
Nuclear Administrative and Technical Manual 37 of 49
-Page
Assessment and Management of Risk When 70DP-0RA05 Performing Maintenance in Modes 1 and 2 Appendix D - Scheduling Methods/Philosophies Used to Minimize Risk Minimize the total amount and individual length of time that the units are placed in a non-routine equipment configuration by using the following practices:
- 1. The repeat entry and exit from a single LCO for the sole purpose of resetting the clock for allowable out of service time will not be permitted. Repeat entries and exits from action statements may be required per Tech Spec 3.6.3 and PRA engineering to reduce overall probabilistic risk.
For example, entries and exits from AF action statements may be required per Tech Spec 3.6.3 and PRA Engineering to allow AF flow to one steam generator while performing required maintenance on AF pump discharge motor operated valves. Although a unit will enter a Tech Spec LCO repeatedly over a couple of days, the unit maintains the ability for an AF pump to feed a steam generator, which reduces overall risk.
- 2. Closely track the activities through restoration to minimize the unavailability of safety systems and important non-safety equipment. If unforeseen developments should delay the return of specified equipment from meeting the schedule finish time, the Maintenance Team Leaders are to notify the Work Week Manager so the impact of the delay can'be evaluated.
- 3. Schedule only half the LCO action statement time*(excluding the permit hanging and retest activities) per 40DP-9OP02 for pre-planned work requiring voluntary entry into an LCO.
Exceptions may be permitted to exceed this duration for significant scheduled work but this action requires the approval of the Operation's Unit Department Leader and PRA if the maintenance places the unit in a RMAL greater than that previously analyzed or the times associated with a RMAL exceed 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> (Yellow) or 36 hours4.166667e-4 days <br />0.01 hours <br />5.952381e-5 weeks <br />1.3698e-5 months <br /> (Orange).
- 4. Link and align Preventive Maintenance activities such that equipment work windows on Maintenance Rule equipment that take components, trains, or systems out of service should only be scheduled at the most frequent PM interval. By normally performing required maintenance at this interval, the PM Bases for the equipment will be met to help ensure reliable operation.
For example - The most frequent PM task on a component that actually takes component, train, or system out of service to perform is a 6M (six months) frequency. The equipment will only be scheduled to come out of service once every 6 months for planned maintenance.
- 5. It may be required to take the Equipment OOS during a non-target week or during an opposite train week based on the nature of the problem/condition. Scheduling corrective maintenance on equipment or systems that remove them from service in an opposite or "cross-train" week will normally be done only when absolutely necessary. However, maintenance and testing in an opposite or cross-train configuration is permitted by the Maintenance Rule and will be permitted at PVNGS. Prior to cross train work proceeding, the following additional reviews and compensating steps should be taken:
Appropriate management review (ifemergent in week 0, Site Manager as a minimum)
I Nuclear Administrative and Technical Manual I Page PaeBfgI 38 of 49 1 I NcerAmnsrtvanTehiaMaulI
Assessment and Management of Risk When 7ODP-ORAO5 Revision 1 Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix D - Scheduling Methods/Philosophies Used to Minimize Risk
- EOOS Monitor review
" PRA review, if appropriate
- Contingency planning
- 6. Use the LRMP to identify work windows to all work and support groups for planning and support coordination.
- 7. Revise the LRMP, as needed, based on changes in PM frequency, Surveillance Test frequencies and Outage Work Windows.
- 8. Schedule work in a manner to ensure a system/component is returned to service as soon as possible for work impacting Maintenance Rule systems classified as High Risk Significant or is tracked for unavailability.
- 9. Schedule and perform maintenance and testing on significant safety equipment on only one train at a time. The 12-Week Matrix is designed to provide 2-Week windows in each of the "A"and "B"trains to reduce the potential for unfinished work to carry over into an opposite train week.
- 10. Maintain equipment in the highest level of availability consistent with the work to be performed.
- For Example: During a Diesel Generator outage, do not drain lube oil or jacket water if no work is scheduled in those support subsystems.
- 11. Management should evaluate maintenance work schedules with Respect to Risk for:
- Activities placing the unit in an Orange or Red RMAL.
" Time-sensitive LCOs 7 days or less in duration,
- Maintenance scheduled on Maintenance Rule High Risk Significant systems that prevents the system or train from performing its key safety function,
" Maintenance Rule Systems not listed above that are monitored for unavailability and are determined, by Work Management, to be approaching the unavailability targets,
- 12. Required preventive maintenance should be performed at the periodicity specified regardless of the System's unavailability remaining on the SSC. PM's can only be waived or cancelled with the approval and justification of the responsible maintenance department leader.
I Nuclear Administrative and Technical Manuad II Page Pae9o4 39 of 49
, ula diitaieadTcnclMna
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes I and 2 Appendix E - Assessing Risk without the EOOS Monitor This Appendix is used to assess Risk when the EOOS Monitor is not available or unable to analyze a configuration 1.0 In the Event the EOOS Monitor becomes unavailable due to Server outages, etc:
1.1 All previously Analyzed Maintenance configurations for the week may proceed as scheduled.
1.2 New work items with a risk code of "NRI" or work items with a code of "PRA" or "INIT" that do not impact equipment availability can proceed 1.3 For urgent or emergent work items coded "PRA" or "INIT" that must be worked prior to restoration of the EOOS Monitor, use the below Qualitative RMAL Assessment Guidance to access risk until EOOS Monitor is restored. Once the EOOS Monitor is restored, the actual maintenance RMAL should be calculated.
1.4 Qualitative RMAL Assessment Guidance 1.4.1 The condition is considered unanalyzed because the condition is not evaluated in the week 0 schedule and EOOS is unavailable. This method establishes a RMAL for the emergent condition.
1.4.2 Refer to Appendix F to determine if SSCs out of service are within the scope of 10 CFR 50.65 (a)(4). Ifthe condition involves SSCs not within the scope of (a)(4), then they can be excluded from the assessment. No change in RMAL is required, proceed to step 2.0.
1.4.3 Ifthe emergent SSC out of service is controlled by Technical Specification and is the opposite train of equipment currently OOS, then the RMAL is RED. Take the actions defined in Appendix C, proceed to step 2.0.
1.4.4 Identify the Key Safety Function(s) that is(are) affected by the "unanalyzed" equipment using Appendix F as a guide.
1.4.4.1 Ifthe affected Key Safety Function is the same as for any equipment OOS previously analyzed in the week 0 schedule, then increase the RMAL by two levels and take the actions defined in Appendix C, proceed to step 2.0.
1.4.4.2 Ifthe Key Safety Function is different than for any previously analyzed equipment in the week 0 schedule, then increase the RMAL by one level and take the actions defined in Appendix C, proceed to step 2.0.
2.0 Documentation of the Assessment with out EOOS Monitor 2.1 Qualitative RMAL assessments will be documented in the Unit Log with an entry stating that an assessment was performed and a description of the results. No other documentation is required for these assessments. See example below:
I I I Nuclear Administrative and Technical Manual I Page 40 of 49 1
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix E - Assessing Risk without the EOOS Monitor 02:40 Completed qualitative RMAL assessment per Appendix E of 70DP-ORA05 for failed CO Ipump with EQOS QOS. Entered Yellow RMAL.
I Nuclear Administrative and Technical Manual I Page 41 of 49 1 I ula diitaieadTcnclMna I Paelo4
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table A - Alphabetical List of (a)(4) Systems System Designator PRA Key System Name Safety Function(s)'
AF HTR, TIN Auxiliary Feedwater AR TIN Condenser Air Removal CD TIN, HTR Condensate CE TIN Stator Cooling CH IPC, RXC Chemical and Volume Control CL CIN Containment Isolation / Containment Integrity CO TIN Main Turbine Generator Control Oil CT HTR Condensate Transfer and Storage CW TIN, HTR Circulating Water DF MVA Diesel Fuel Oil and Transfer DG MVA Diesel Generator EC MVA Essential Chilled Water EW MVA, HTR, CAC Essential Cooling Water FP TIN, MVA Fire Protection FS MVA WRF (GTG) Fuel Oil FT HTR, TIN Steam Generator Feedwater Pump Turbine FW HTR, TIN Feedwater GA MVA Service Gases (N2 & H2)
GT MVA Gas Turbine Generators HA MVA HVAC - Auxiliary Building HC CAC, TIN HVAC - Containment Building HD MVA HVAC - Diesel Generator Building HJ MVA, TIN HVAC - Control Building IA MVA, TIN Instrument and Service Air LO TIN Lube Oil MA TIN Main Generation MB TIN Excitation and Voltage Regulation MT TIN Main Turbine (and MSRs)
NA MVA, TIN Non-Class 1E 13.8-KV Power NB MVA, TIN Non-Class 1E 4.16-KV Power NC MVA, TIN Nuclear Cooling Water NE MVA Standby Power (Station Blackout Gas Turbine Generation)
NG MVA, TIN Non-Class 1E 480-V Power Switchgear NH MVA, TIN Non-Class 1 E 480-V Power MCC NK MVA, TIN Non-Class 1E 125-V DC Power NN MVA, TIN Non-Class 1E Instrument AC Power MVA - Maintenance of Vital Auxiliaries IPC - Inventory and Pressure Control HTR - Heat Removal CIN - Containment Integrity CAC - Containment Atmosphere Control IRR - Indirect Radiation Release RXC - Reactivity Control TIN - Trip (or Event) Initiator Nuclear Administrative and Technical Manual Page 42 of 49
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table A - Alphabetical List of (a)(4) Systems System Designator PRA Key System Name Safety Function(s)"
PB MVA, TIN Class 1 E 4.16-KV Power PC HTR Fuel Pool Cooling and Cleanup PE MVA Class 1E Standby Generation PG MVA, TIN, CIN Class 1 E 480-V Power Switchgear PH MVA, TIN, CIN Class 1 E 480-V Power MCC PK MVA, TIN Class 1E 125-V DC Power PN MVA, TIN Class 1 E Instrument AC Power PW MVA, TIN Plant Cooling Water RC HTR, IRR, TIN, Reactor Coolant IPC SA MVA, IPC, HTR, Engineered Safety Features Actuation CIN, CAC, IRR, RXC, TIN SB RXC, TIN Reactor Protection SC MVA Secondary Chemical Control SE RXC, TIN Ex-core Neutron Monitoring SF HTR, RXC, TIN, Reactor Control IPC, IRR SG HTR, TIN, IRR Main Steam SI IPC, HTR, CAC, Safety Injection and Shutdown Cooling IRR,_RXC, SO TIN Generator Seal Oil SP MVA, HTR Essential Spray Pond SW MVA, TIN Switchyard TC TIN Turbine Cooling Water WC MVA Chilled Water XO IPC, CAC, HTR, Refueling Water Tank RXC I Nuclear Administrative and Technical Manual:. I Page 43 of 49 1I I NcerAmnsrtvanTehiaMaulIPa e4f4
Assessment and Management of Risk When Performing Maintenance in Modes 1 and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table B - Alphabetical List of Systems Outside the Scope of this Procedure System Designator System Name Maintenance WRF System Rule System AA WRF Alarm and Annunciator X AB WRF Sulfuric Acid System X AD WRF Chlorination System X AG Acid Building X AP Auxiliary Power Supply X AS Auxiliary Steam AX WRF Instrument and Service Air X BF Bus Facility BJ Gravity Filter Backwash Center BS Security Building CB WRF Operations Building X CC Chemical Production X CF Coating Facility "
CG WRF Carbon Dioxide X Cl Chlorine Injection CJ WRF Chemical Feed Control X CM Chemical Waste CN Concrete Test Lab CP Containment Purge CR Carpenter Shop CS WRF Chlorination X CX WRF Chemical Feed Area X DS Domestic Water X DW Demin Water X ED Extraction Steam and Drains X EG Ecodyne Graver ES Safety Equipment Status X ET Effluent Tracking FA Time Keeping & First Aid Building FB Fabrication Shop FC WRF Solids Contact Clarifiers X FH Fuel Handling X FJ WRF Process Flow Control X FO Field Construction Office (North Annex)
FR Fire Station & Medical GD WRF Graphic Display X GF WRF Gravity Filtration X GH Generator Hydrogen X GJ Combustion Control Nuclear Administrative and Technical Manual Page 44 of 49]
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table B - Alphabetical List of Systems Outside the Scope of this Procedure System Designator System Name Maintenance WRF System Rule System GP Primary Guardhouse GR Gaseous Radwaste X GS Turbine Steam Seal X GU Secondary Guardhouse HB HVAC - WRF Operations Building X HE HVAC - Chlorine Building X HF HVAC - Fuel Building X HL HVAC - Low Level Radioactive Material Storage Facility HN HVAC - Ancillary Building HP Hydrogen Control X HR HVAC - Radwaste Building HS HVAC - Misc. Structures
-HT HVAC - Turbine Building.
IM Instrument Metrology Lab IP Ice Plant IR Iodine Removal JJ WRF Control and Monitoring X KD Plumbing Detail Riser Diagram LA Plumbing Detail Riser Diagram LB Plumbing Detail Riser Diagram LP Liquid Propane LR Liquid Radwaste LS WRF Lime System X MO SRP Plant Multiplexer MS Maintenance Shop MX Remote Multiplex X NQ Non-Class 1 E Uninterruptible AC Power NR WRF Non-Class 1 E 13.8-KV Power X NS WRF Non-Class 1E 4.16-KV Power X NT WRF Non-Class 1E 480-V Power X Switchgear NU WRF Non-Class 1 E 480-V Power MCC X NV WRF Non-Class 1E 125-V DC Power X NX WRF Non-Class 1E Uninterruptible AC X Power NY HPS Non-Class 1 E 4.16-KV Power X NR WRF Non-Class 1E 13.8-KV Power X NY HPS Non-Class 1E 4.16-KV Power X NZ SIMS/MMIS Computer AC Nuclear Administrative and Technical Manual Page 45 of 491
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table B - Alphabetical List of Systems Outside the Scope of this Procedure System Designator System Name Maintenance WRF System Rule System OB WRF Operations, Shops, Warehouse X Buildings OS Turbine Lube Oil Storage OW Oily Waste PF WRF Polymer X PL Plant Simulator PP WRF Process Water X PR WRF Pumping and Piping X PS WRF Hassayampa Pumping Station QA Normal Lighting QB Essential Lighting X QC Yard, Roadway and Fence Lighting QD Emergency Lighting X QE Public Offsite Communications QF Inplant Communications X QG Electrical Grounding X QH Cathodic Protection QJ Freeze Protection QK Fire Detection QL Private Offsite Communications QM Heat Tracing QN WRF Area, Roadway and Fence X Lighting QP WRF Normal 480/227-V Lighting and X 208/120-V Power QQ WRF Standby Lighting DC System X RD Radioactive Drain RE Radioactive Exposure RF Radioactive Filter RG Meteorological Instrumentation RI In-Core Reactor Instrumentation X RJ Plant Computer X RK Plant Annunciator X RL Radioactive Laundry RM Main Control Board X RR RACS RS Interim On-Site Low Level Radwaste Storage Warehouse / DAWPS RW Radwaste RX WRF Recalcining ::x:_
INuclear Administrative and Technical Manual Page 46 of 49]
Assessment and Management of Risk When 70DP-ORA05 Performing Maintenance in Modes 1 and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table B - Alphabetical List of Systems Outside the Scope of this Procedure System Designator System Name Maintenance WRF System Rule System RZ Chemical and Rad Analysis Computer SD ERFDADS X SD Turbine Building Drains SH Quality Safety Parameter Display X SJ WRF Solids Flow Control X SK Plant Security SL WRF Solids/Liquid Separation X SM Seismic Instrumentation SQ Radiation Monitoring X SR Solid Radwaste SS Nuclear Sampling ST Sanitary Treatment SU Temporary Startup SV Loose Parts and Vibration Monitoring*
SX WRF Soda Ash X TB Cooling Tower Makeup & Blowdown TF WRF Trickling Filter X TI WRF Freeze Protection X TR Tool Room TS Weld Test Shop Unit 3 VC Visitor's Center VM Vehicle Maintenance WD WRF -Warehouse X WE ISI SC Warehouse WH Warehouses A, B, & C WS Combination Shop WT Weld Test Shop Unit 1 WW WRF - Miscellaneous Designator X WZ WRF Railroad X XB Firing Range Facility XC Civil Misc.
XE Electrical Misc.
XG Protected Area Guard House XH Holdup Tank Pump House Xl Instrument & Controls Misc.
XM Mechanical Misc.
XN Holdup Water Tank XR Reservoir Control Building XT I&C Misc.
XU UPS Building Nuclear Administrative and Technical Manual Page 47 of 491
Assessment and Management of Risk When Performing Maintenance in Modes I and 2 Appendix F - Maintenance Rule Paragraph (a)(4) Scope Table B - Alphabetical List of Systems Outside the Scope of this Procedure System Designator System Name Maintenance WRF System Rule System XW WRF Warehouse X XY Outside Areas YY Outside Areas ZA Auxiliary Building X ZB WRF Supply System/Buckeye Irrigation X Company Interface ZC Containment Building X ZD Independent Spent Fuel Storage Installation ZE EOF Building ZF Fuel Building X ZG Diesel Generator Building X ZH Guardhouse ZI WRSS 91st Ave. Wastewater Treatment X Plant Interface ZJ Control Building X ZK Technical Support Center Building ZL Low Level Radioactive Material Storage Facility ZM MSSS Building X ZN Fire Pump House ZO WRSS Gravity Flow Pressure Pipeline X ZP WRSS Pump Flow Pressure Pipeline X ZR Radwaste Building X ZS Services Building ZT Turbine Building X ZV Civil Works ZW WRF - Chemical Protection Building X ZX Water Treatment Building X ZY Outside Areas (including Underground X Electrical and I&C Structures)
ZZ Generic Civil Structures (Safety Related X Components Only)
Nuclear Administrative and Technical Manual Page 48 of 49
Assessment and Management of Risk When 70DP-ORA05 Revision 1 Performing Maintenance in Modes 1 and 2 Appendix G - Assessing Risk using the EOOS Monitor This Appendix outlines how the Work Management and Operations Staffs assess Risk for Scheduled or Emergent Work.
NOTE For detailed instructions on how to manipulate EOOS Monitor to evaluate planned or emergent plant conditions consult the "EOOS Desktop Instructions" (located at V(Nt75pv):\MRULE\EOOS Instruction Manual \EOOSInstructionManual.ROOX.pdf)
Evaluating Scheduled Work
- 1. The Work Week Manager will create and verify a list of all risk-significant work items to be moved into the EOOS Monitor for evaluation.
- 2. Move this verified list into the EOOS Monitor using the Importer Program.
- 3. Calculate the new RMAL using the EOOS Monitor..
- 4. Review RMAL to see if ittracks as expected.
- 5. If the result is Green - no further evaluation/modification is required. For any unexpected spikes, determine the cause and adjust the scheduled Start/Stop dates and times or reschedule to a different part of the week.
Evaluating Emergent Conditions Operations is required to assess and manage risk when performing maintenance or testing. The Operations staff is only required to assess risk when the situation dictates, not on an hourly or shiftily basis.
- 1. Ensure the list of OOS equipment in the EOOS Monitor reflects the actual plant status, including all planned and emergent work items.
- 2. Ensure the system alignments in the EOOS Monitor reflect the actual plant status. If necessary, adjust the Environmental Variances specified in procedure 40AO-9ZZ21, Acts of Nature using the "EOOS Desktop Instructions" (located at V(Nt75pv):\MRULE\EOOS Instruction Manual \EOOSInstructionManual.ROOX.pdf).
- a. Calculate the new RMAL.
- b. Ifthe RMAL changes (moves from green to yellow, from yellow to orange, etc) use the guidance in Appendix C to identify and direct communications, repairs and contingency actions.
I Nuclear Administrative and Technical Manu'aV*:;' I Page 49 of 49 1 iNueaAd nstaveadTcnclMna* I Pae9f9I