ML062710030
| ML062710030 | |
| Person / Time | |
|---|---|
| Site: | Vogtle  |
| Issue date: | 03/03/2006 |
| From: | Demoss G NRC/RES/DRASP/DDOERA/OEGI |
| To: | |
| References | |
| LER 04-004 | |
| Download: ML062710030 (77) | |
Text
Final Precursor Analysis Accident Sequence Precursor Program -- Office of Nuclear Regulatory Research Vogtle Electric Generating Station -
Unit 2 Automatic Reactor Trip Followed by Safety Injection Event Date 11/20/2004 LER 425/04-004 CCDP 2.9 x 10-6 March 3, 2006 Event Summary Description On November 20, 2004 at 11:40 am, with the plant operating at 100% power, testing of the solid state protection system led to a spurious reactor trip. Subsequent to the trip, the Loop 2 Tavg instrument channel failed in its full power value, leading to a full-open demand for the steam dump (turbine bypass) valves (SDVs). The opening of these valves, which have a capacity of 40% of full power steam flow, led to a rapid drop in reactor coolant system (RCS) temperature and pressure. The operators responded by initiating a Main Steam Isolation. The decrease in RCS pressure was, however, sufficient to cause safety injection to be initiated automatically. After the pressure had risen to the normal range, the operators terminated SI at 1155 and the unit was transitioned to normal operation at hot standby. Post event review indicated that, other than the failed Tavg instrument, all systems performed normally.
Cause The cause of the reactor trip was human performance errors by the operators performing the SSPS testing.
The cause of the steam dump valve opening and subsequent safety injection was a failure in a circuit card associated with the Loop 2 Tavg circuit.
Recovery Opportunities Closure of the MSIVs and their bypass valves will terminate the event. This will occur automatically on low steam line pressure (2 of 3 channels on any steam line) or high steam line negative pressure rate (2 of 3 channels on any steam line) or can be accomplished by operator manual actuation of Train A and/or Train B steam line isolation switches.
In addition to the above, termination of the steam dump can be accomplished by the operator by switching the steam dump control system to the manual or steam pressure control mode of operation.
Other Related Conditions or Events During the Condition Period A review of LERs and Inspection Reports for the one-year period preceding the event did not identify any other abnormal conditions that could have an impact on the progression of the event.
Analysis Results C
Conditional Core Damage Probability (CCDP)
The point estimate CCDP is 2.9 x 10-6. The GEM report for this assessment is provided in Appendix F.
The uncertainty distribution is as follows.
5%
Point Estimate Mean 95%
CCDP 2.0 x 10-7 2.9 x 10-6 3.1 x 10-6 1.1 x 10-5 For comparison purposes, the point estimate CCDP for a transient with loss of main feedwater is 9.6 x 10-7.
C Dominant Sequences The dominant accident sequences which collectively contribute to more than 94% of the CCDP are listed in Table 1 and are shown graphically in Figures A-1 through A-3 of Appendix A. All other sequences individually contribute less than 3.4% of the total.
C Results Tables The conditional probabilities for the dominant sequences are shown in Table 1.
The event tree sequence logic for the dominant sequences is presented in Table 2a.
Table 2b defines the nomenclature used in Table 2a.
The most important cut sets for the dominant sequences are listed in Table 3a and 3b.
Definitions and probabilities for modified or dominant basic events are provided in Table 4.
Modeling Assumptions C
Analysis Type This event is analyzed as an initiating event assessment involving a transient followed by the opening of the steam dump valves using a modification of the Revision 3.21 Vogtle Standardized Plant Analysis Risk (SPAR) model (Reference 2). The evaluation was performed using the Initiating Event Assessment feature of GEM 7.26 with event tree and fault tree modifications made using the SAPHIRE 7.26 software package.
The possibility of the observed condition having a more significant impact on the CDF for other initiating events, yielding an importance for a "condition" type assessment higher than the above CDP, was considered. Of greatest potential is for the loss of DC bus initiator which fails one AFW train as well as one ECCS train. However, as indicated by Table C-2, Note 26 of the Vogtle IPE (Reference 3) the MSIVs close on loss of DC and this initiator does not contribute to a significant importance for the observed condition. It is concluded that the results of a "condition" assessment would be lower than that for the "event" assessment provided here.
C Unique Design Features Vogtle is a standard four loop Westinghouse PWR. The only somewhat unique design feature relevant to the event is that each steam line has two independent isolation valves in both the main steam pipe line and in the MSIV bypass line.
C Modeling Assumptions Summary Key modeling assumptions. The key modeling assumptions are listed below and discussed in detail in the following sections. These assumptions are important contributors to the overall risk.
No credit is taken for the operators to close the SDVs by switching the steam dump control system to the manual or steam pressure control mode of operation.
If this is credited with a failure probability of 0.5 the CCDP would be reduced to approximately 2.0E-06.
In the event of a reactor trip followed by opening of the SDVs, closure of at least one MSIV and one MSIV bypass valve in the steam lines to each steam generator will isolate the steam generators and terminate the event. Plant behavior subsequent to steam generator isolation will be as for a normal transient except no credit will be given for main feedwater recovery since there will be no steam available to the main feedwater pumps.
No plant specific or SPAR data base generic information is available for independent failure of an MSIV to close. The Vogtle MSIVs are hydraulically actuated using compressed nitrogen stored in a spherical volume on one end of
the actuator. Actuation is initiated by electric solenoids. A nominal value of 5E-03 per demand was used as the independent failure rate in the base case.
The size of the MSIV bypass valves is unknown. While it is expected that they are small enough that their closure is not required, failure of both in a line is included as failure to isolate a steam line.
The event tree sequences and success criteria in the event of a transient with a spurious opening of the SDVs and failure to isolate all steam generators is based primarily on plant response trees (event trees) and associated success criteria for secondary side breaks from the Vogtle IPE (Reference 3).
The success criterion for auxiliary feed water (AFW) is flow to two isolated SGs from 1 of 2 motor driven AFW pumps or 1 turbine driven feed pump (Vogtle IPE).
This success criterion leads to the event tree structure for failure to isolate the steam generators to have four branches: all SGs isolated, one SG not isolated, two SGs not isolated and three or more SGs not isolated. For the latter, AFW does not provide success. For two SGs not isolated, the failure of the turbine driven AFW pump includes the possibility that the steam supply to the turbine is from the non-isolated SGs and therefore is not available. In addition, it is assumed that the operators must take action to isolate AFW flow to any non-isolated SGs to prevent AFW flow from being diverted to these SGs.
Operator initiation of feed and bleed is required after failure of AFW following failure to isolate any SG. This is required even after high pressure injection (HPI) is automatically actuated by the decrease in reactor coolant system pressure.
The ESD event does not significantly impact the consequences following a failure to scram. This is consistent with the Vogtle IPEs assessment for a steamline break and supported by the following:
C tripping the turbine is important to preventing core damage following an ATWS and this is provided with high reliability by the AMSAC system.
C based on generic ATWS analysis of Westinghouse PWRs (Reference 4),
the limiting treat to the core is RCS overpressure early in the transient (about 2 minutes) due to the imbalance between reactor power and heat removal. In this event the reactor coolant temperature increases from the initial value and hence the observed failure of the Loop 2 Tavg instrument channel would have no impact. The worst case is for a loss of MFW and the ATWS analysis in Reference 4 includes the fully open SDVs as they would normally be even without the observed failure.
C The return to power occurs at a later time (about 7 minutes) when emergency boration modeled in the ATWS event tree will be effective in preventing core damage.
Other assumptions. Other assumptions that have a negligible impact on the results due to relatively low importance include the following:
Closure of the main feedwater isolation valves (MFIVs) to the steam generators (SGs) is not required for steam generator isolation in the event model even though they are included in the Vogtle IPE success criteria for secondary side breaks. The need to isolate the feed water lines is attributed to the inclusion in the IPE secondary side breaks of feedwater line breaks as well as steam line breaks. It is noted that the main feedwater isolation valves receive the same closure signals as the MSIVs. The single MFIV in each feedwater line is backed up by the main feedwater regulating valves in each line also with trip closure signals. Failure to terminate feedwater to an isolated SG would not impact (beyond the potential for overfill) since normal feedwater flow control as well as isolation would have to fail. For a steam line break, continued flow of feedwater to a non-isolated SG would increase the duration and amount of primary system cool down and perhaps increase the potential for return to power. While the IPE considers this for failure to isolate a single SG, no analysis is available for failure to isolate more than one SG. Since the total steam flow in the SDV opening event is much lower than that for a steam line break and the slower blowdown would allow more time for high pressure injection of boron to reduce reactivity, the exclusion of failure to isolate main feedwater is considered to have little impact on the results.
Based on information in the Vogtle IPE, it is assumed that operator action is necessary to terminate or control high pressure injection for sequences where feed and bleed is not necessary. This is assumed necessary to prevent a consequential LOCA due to the centrifugal charging pumps causing a PORV to open and continuously pass water to the containment. If this occurs, high pressure recirculation is assumed to be required. Sequences involving failure to control or terminate HPI are negligible contributors to the CCDP.
C Event Tree Modifications The revised transient event tree (TRANS1) is shown in Figure A-1. The event tree structure for no excessive steam demand or excessive steam demand with all steam generators isolated is identical to the SPAR TRANS event tree. For failure of reactor trip, transfer is made to the ATWS tree as is the case for a normal transient.
As indicated in the assumptions, the sequences following failure to isolate an excessive steam demand are based on the Vogtle IPE analysis of secondary side breaks noting that success of SG isolation in the Vogtle IPE tree corresponds to failure to isolate one SG in the present analysis. The consequential small LOCA (SLO) in the Vogtle IPE tree is replaced with the reactor coolant pump seal LOCA (RCPSL) event in the present analysis. Failure of the refueling water storage tank (TK) in the Vogtle IPE tree is not included in the present analysis. The Vogtle IPE events: operator action to establish
feed and bleed (OAB) and pressurizer PORVs open (PZR), are both included in the feed and bleed (FAB) in the present analysis.
The event tree linking rules applicable for the TRANS1 event tree are provided in Appendix B.
C Fault Tree Additions and Modifications ESD - This fault tree (Figure A-4) was created to evaluate the failure of the no excessive steam demand (ESD) branch of the TRANS1 event tree.
MSIV - This fault tree (Figure A-5) was created to evaluate the MSIV isolation branches on the TRANS1 event tree. Three gates, MSIV-1, MSIV-2 and MSIV-3 were created, to evaluate failure to isolate one, two or three or more steam generators. Each gate includes failure to isolate either the main MSIV or the bypass line MSIVs due to valve failures or failure to isolate due to failure of the actuation circuitry. Valve failures are all common cause since failure to isolate a steamline requires at least two valves to fail to close. The model allows the operators to manually initiate isolation given that an isolation alarm is received but both the A and B train actuation logic circuits fail. Failure of the individual channels to provide an isolation signal is considered unlikely since 2 of 3 channels in any one of four steam lines are required to initiate the isolation.
AFW4 - This fault tree (Figure A-6) is used to evaluate failure of AFW when one SG is not isolated. It is based on the SPAR AFW fault tree except that failure includes failure to provide flow to 2 of 3 SGs with the fourth SG (SG1B) assumed not to have been isolated. In addition, failure of AFW due to the operators failure to isolate AFW flow to the non-isolated SG is included.
AFW5 - This fault tree (Figure A-7) is used to evaluate failure of AFW when two SGs are not isolated. It is based on the SPAR AFW fault tree except that failure includes failure to provide flow to either isolated SG (success requires flow to 2 SGs) with the other 2 SGs (SG1A and SG1B) assumed to have not been isolated. In addition, failure of AFW due to the operators failure to isolate AFW flow to the non-isolated SGs is included.
AFW-TDP - This fault tree (Figure A-8) was modified to allow failure of the turbine driven AFW pump whenever two SGs are not isolated and they are the two SGs (SG1A and SG1B) that supply steam to the turbine of the AFW pump.
OAT - This fault tree (Figure A-9) was created to evaluate the operator failing to terminate or control High Pressure Injection (HPI) when feed and bleed is not required.
C Basic Event Additions and Probability Changes The basic events that were added to the model or modified to reflect the best estimate of the conditions during the event and the basis for these changes are discussed below:
MSS-SDV-FAIL-OPEN - This new basic event, steam dump valves open due to erroneous signal, is set to TRUE in the event analysis.
MSS-XE-XR-SDV - The new basic event, operator fails to close steam dump valves, is set to 1.0 in the base case event analysis.
MSS-MSIV There is no generic MSIV failure to close probability in the SPAR database nor enough information in the Vogtle IE on which to base a plant-specific MSIV fail to close probability value. A value of 5E-03 was chosen as a typical and perhaps somewhat conservative value.
MSS-MSIVBY-OO - The main steam isolation bypass valves are air actuated by electric solenoid valves. The independent failure to close probability for these valves was taken to be the sum of the SPAR data base template values for air operated and solenoid operated valves or 1.7E-03.
MSS-MSIV-CF-1LINE, MSS-MSIV-CF-2LINES, MSS-MSIV-CF-3LINES, MSS-MSIVBY-CF-1LINE, MSS-MSIVBY-CF-2LINES, MSS-MSIVBY-CF-3LINES -
These basic events are the conditional common cause probabilities to isolate one, two or three or more steam generators due to failure of the MSIV or the MSIV bypass valves to close given that one has failed to close. The basis for the values is given in Appendix C.
MSS-ONESG-ESFAS, MSS-TWOSGS-ESFAS, MSS-THREESGS-ESFAS - These basic events are the probabilities that common cause failure of the engineered Safety Feature Actuation System (ESFAS) will fail to lead to isolation of one, two, or three or more SGs. There are two trains of ESFAS, one initiating closure of the inboard valves and the other initiating closure of the outboard valves. The most likely failure is that ESFAS failure will lead to failure to isolate all steam lines (as opposed to a single steamline). The value for MSS-THREESGS-ESFAS was taken to be the same as the common cause failure of the undervoltage drivers Trains A and B (RPS-UVL-CF-UVDAB) used for essentially the same function in the SPAR evaluation of the probability to trip the reactor, or 1.0E-05. For an ESFAS failure to lead to failure of only one or only two SGs is considered more unlikely than that to fail to isolate all SGs.
Consequently a somewhat lower value of 2E-06 was used.
MSS-XHE-XE-MSIV - The failure of the operators to manually close the MSIVs given there is a closure signal is taken to be 1.0E-02, the same as the value used for the operators to fail to trip the reactor with reactor protection system signal present but SCRAM failure (RPS-XHE-XE-SIGNAL).
AFW-XHE-ESD-ISOL - The probability that the operator will fail to isolate AFW flow to unisolated SGs following an excessive steam demand event is 5.5E-02 based on the SPAR-H (Reference 4) human error methodology as given in Appendix D.
AFW-TDP-ESD-2SGS - The probability that no steam is available to the turbine driven AFW pump given that 2 SGs are not isolated is 0.167 (1/6). Only one out of six possible combinations of failure to isolate 2 SGs will fail to isolate the two SGs that supply the turbine driven AFW pump.
HPI-XHE-XM-FAB2 - The operator error to fail to initiate feed and bleed following an excessive steam demand event is 5E-02 based on the SPAR-H (Reference 5) human error methodology as given in Appendix D.
HPI-XHE-XM-FAB3 - The operator error to fail to initiate feed and bleed following an excessive steam demand event including dependency is 0.186 based on the SPAR-H (Reference 5) human error methodology as given in Appendix D.
HPR-XHE-XM-RECIRC2 - The operator error to fail to initiate high pressure recirculation following an excessive steam demand event is 4E-03 based on the SPAR-H (Reference 5) human error methodology as given in Appendix D.
HPR-XHE-XM-RECIRC3 - The operator error to fail to initiate high pressure recirculation following an excessive steam demand event following other operator errors including dependency is 0.146, based on the SPAR-H (Reference 5) human error methodology as given in Appendix D.
C Other Items of Interest The recovery rules added to the project rules applied to the cutsets for this analysis are provided in Appendix E. These rules introduce the excessive steam demand specific basic event probabilities that are discussed above. Specifically:
HPI-XHE-XM-FAB3 replaces HPI-XHE-XM-FAB in cutsets containing the latter and failure to isolate two or three or more SGs due to ESFAS failures, HPI-XHE-XM-FAB3 replaces HPI-XHE-XM-FAB in cutsets containing the latter, failure to isolate AFW (AFW-XHE-ESD-ISOL) and failure to isolate any steamline due to MSIV or MSIV bypass valve failures, HPI-XHE-XM-FAB2 replaces HPI-XHE-XM-FAB in cutsets containing the latter and failure to isolate three or more steamlines due to MSIV or MSIV bypass valve failures, HPR-XHE-XM-RECIRC3 replaces HPR-XHE-XM-RECIRC in cutsets containing the latter, failure to isolate AFW (AFW-XHE-ESD-ISOL) and failure to isolate any steamline due to MSIV or MSIV bypass valve failures, HPR-XHE-XM-RECIRC2 replaces HPR-XHE-XM-RECIRC in cutsets containing the latter and failure to isolate three or more steamlines due to MSIV or MSIV bypass valve failures.
LER 425/04-004 10 C
Sensitivity Analyses Sensitivity analyses were performed to determine the effects of model uncertainties on results based on best estimate assumptions. The following table provides the results of the sensitivity analyses.
Case Parameter Modification CCDP SS-1 MSS-XE-XR-SDV Reduced from 1.0 to 0.5 1.9 x 10-6 SS-2 MSS-MSIV-OO Reduced by factor of 2 2.3 x 10-6 SS-3 MSS-MSIVBY-OO Reduced to 0.0 2.4 x 10-6 SS-4 MSS-XE-XR-SDV MSS-MSIV-OO MSS-MSIVBY-OO Reduced from 1.0 to 0.5 Reduced by factor of 2 Reduced to 0.0 1.3 x 10-6 SS-5 AFW-XHE-ESD-ISOL Reduced from 5.5E-02 to 5.0E-03 1.5 x 10-6 The first sensitivity study shows the impact of the operator having some likelihood of terminating the event by switching the steam dump control system to the manual or steam pressure control mode of operation. The impact of this action on the CCDP is limited by the fact that approximately 22% of the CCDP is due to sequences that are not due to the SDV opening event.
The second sensitivity study shows the impact of a reduced failure rate for the MSIVs.
The third sensitivity study show the impact of assuming that the MSIV bypass valves do not have to close to isolate the excessive steam demand.
The fourth sensitivity study shows the combined impact of allowing some credit for the operator terminating the event by switching the steam dump control system to the manual or steam pressure control mode of operation, a reduced failure rate for the MSIVs and not requiring the MSIV bypass valves to close.
The fifth sensitivity study shows the impact of a reduced failure rate for the operator isolating the AFW flow to the non-isolated SGs.
C SPAR Model Corrections None
LER 425/04-004 11 References 1.
Licensee Event Report 2004-004-00, Vogtle Electric Generating Station - Unit 2, Docket Number 50-425, January 18, 2005.
2.
Vogtle Standardized Plant Analysis Risk (SPAR) Model Revision 3.21, 10/8/2005.
3.
Vogtle Electric Generating Plant Units 1 and 2 Individual Plant Examination Report in Response to Generic Letter 88-20, Southern Nuclear Operating Company, December 1992.
4.
Westinghouse Anticipated Transients without Trip Analysis, WCAP-8330, August 1974.
5.
David Gertman, et. al., The SPAR-H Human Reliability Analysis Method, NUREG/CR-6883, August 2005.
LER 425/04-004 12 Table 1. Conditional core damage probabilities of dominating sequences.
Event tree name Sequence no.
CCDP1 Contribution TRANS1 24 6.9E-007 24%
TRANS1 41-20 6.5E-007 22%
TRANS1 23 5.4E-007 18%
TRANS1 38 3.7E-007 13%
TRANS1 34 1.9E-007 6%
TRANS1 11-11 1.6E-007 5%
TRANS1 33 1.5E-007 5%
Total (all sequences)2 2.9E-6 100%
- 1. Values are point estimates.
- 2. Total CCDP includes all sequences (including those not shown in this table).
Table 2a. Event tree sequence logic for dominating sequences.
Event tree name Sequence no.
Logic
(/ denotes success; see Table 2b for top event names)
TRANS1 24
/RPS ESD MSIV-1 AFW4
/HPI FAB TRANS1 41-20 RPS RCSPRESS TRANS1 23
/RPS ESD MSIV-1 AFW4
/HPI
/FAB HPR TRANS1 38
/RPS ESD MSIV-3
/HPI
/RCPSL FAB TRANS1 34
/RPS ESD MSIV-2 AFW5
/HPI FAB TRANS1 11-11
/RPS ESD
/MSIV
/AFW
/PORV RCPSL HPI
/SSC1
/PZR LPI TRANS1 33
/RPS ESD MSIV-2 AFW5
/HPI
/FAB HPR
LER 425/04-004 14 Table 2b. Definitions of top events listed in Table 2a.
Top Event Definition AFW AUXILIARY FEEDWATER AFW4 AUXILIARY FEEDWATER AFW5 AUXILIARY FEEDWATER ESD NO EXCESSIVE STEAM DEMAND FAB FEED AND BLEED HPI HIGH PRESSURE INJECTION HPR HIGH PRESSURE RECIRC LPI LOW PRESSURE INJECTION MSIV MSIVS ISOLATE STEAM GENERATORS MSIV-1 FAILURE TO ISOLATE 1 SG MSIV-2 FAILUE TO ISOLATE 2 OR MORE SGS MSIV-3 FAILURE TO ISOLATE 3 OR MORE SGS PORV PORVs ARE CLOSED PZR RCS DEPRESS RCPSL RCP SEAL INTEGRITY MAINTAINED RCSPRESS RCS PRESSURE LIMITED RPS REACTOR TRIP SSC1 VOGTLE SECONDARY SIDE COOLDOWN
LER 425/04-004 15 Table 3. Conditional cut sets for the dominant sequences.
CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 24 4.6E-007 65.79 AFW-XHE-ESD-ISOL MSS-MSIV-CF-1LINE MSS-MSIV-OO MSS-XE-XR-SDV HPI-XHE-XM-FAB3 2.3E-007 33.39 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-1LINE MSS-XE-XR-SDV HPI-XHE-XM-FAB3 6.9E-007 100 Total (all cutsets)1 CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 41-20 8.6E-008 13.31 PPR-MOV-FC-8000B RPS-BME-CF-RTBAB 8.6E-008 13.31 PPR-MOV-FC-8000A RPS-BME-CF-RTBAB 7.2E-008 11.11 PPR-MOV-FC-8000B RPS-TXX-CF-6OF8
/RPS-CCP-TM-CHA RPS-XHE-XE-NSGNL 7.2E-008 11.11 PPR-MOV-FC-8000A RPS-TXX-CF-6OF8
/RPS-CCP-TM-CHA RPS-XHE-XE-NSGNL 6.5E-008 10.00 PPR-MOV-FC-8000B RPS-ROD-CF-RCCAS 6.5E-008 10.00 PPR-MOV-FC-8000A RPS-ROD-CF-RCCAS 4.9E-008 7.53 PPR-MOV-FC-8000B
/RPS-CCP-TM-CHA RPS-CCX-CF-6OF8 RPS-XHE-XE-NSGNL 4.9E-008 7.53 PPR-MOV-FC-8000A
/RPS-CCP-TM-CHA RPS-CCX-CF-6OF8 RPS-XHE-XE-NSGNL 1.9E-008 3.01 RCS-PHN-MODPOOR RCS-PHN-PL RPS-BME-CF-RTBAB 1.6E-008 2.51 RCS-PHN-MODPOOR RCS-PHN-PL RPS-TXX-CF-6OF8
/RPS-CCP-TM-CHA RPS-XHE-XE-NSGNL 1.5E-008 2.26 RCS-PHN-MODPOOR RCS-PHN-PL RPS-ROD-CF-RCCAS 1.1E-008 1.70 RCS-PHN-MODPOOR RCS-PHN-PL
/RPS-CCP-TM-CHA RPS-CCX-CF-6OF8 RPS-XHE-XE-NSGNL 6.5E-007 100 Total (all cutsets)1
LER 425/04-004 16 CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 23 3.6E-007 66.17 AFW-XHE-ESD-ISOL MSS-MSIV-CF-1LINE MSS-MSIV-OO MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 1.8E-007 33.58 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-1LINE MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 5.4E-007 100 Total (all cutsets)1 CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 38 2.8E-007 75.15 MSS-MSIV-CF-3LINES MSS-MSIV-OO MSS-XE-XR-SDV HPI-XHE-XM-FAB2 6.3E-008 17.02 MSS-MSIVBY-00 MSS-MSIVBY-CF-3LINES MSS-XE-XR-SDV HPI-XHE-XM-FAB2 1.9E-008 4.99 MSS-THREESGS-ESFAS MSS-XE-XR-SDV MSS-XHE-XE-MSIV HPI-XHE-XM-FAB3 3.9E-009 1.05 PPR-SRV-CC-456A MSS-MSIV-CF-3LINES MSS-MSIV-OO MSS-XE-XR-SDV 3.9E-009 1.05 PPR-SRV-CC-455A MSS-MSIV-CF-3LINES MSS-MSIV-OO MSS-XE-XR-SDV 3.7E-007 100 Total (all cutsets)1 CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 34 1.3E-007 69.73 AFW-XHE-ESD-ISOL MSS-MSIV-CF-2LINES MSS-MSIV-OO MSS-XE-XR-SDV HPI-XHE-XM-FAB3 5.5E-008 29.08 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-2LINES MSS-XE-XR-SDV HPI-XHE-XM-FAB3 1.9E-007 100 Total (all cutsets)1
LER 425/04-004 17 CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 11-11 2.8E-008 17.42 NSW-FAN-CF-STARTA NSW-FAN-TM-TRNB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 2.8E-008 17.42 NSW-FAN-CF-STARTB NSW-FAN-TM-TRNA RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 2.8E-008 17.42 NSW-FAN-CF-STARTB NSW-FAN-TM-TRNA RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 2.8E-008 17.42 NSW-FAN-CF-STARTA NSW-FAN-TM-TRNB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 8.9E-009 5.54 NSW-MDP-CF-RUN4 RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 8.9E-009 5.54 NSW-MDP-CF-RUN4 RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 2.1E-009 1.29 NSW-FAN-CF-STARTA NSW-FAN-CF-STARTB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 2.1E-009 1.29 NSW-FAN-CF-STARTA NSW-FAN-CF-STARTB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 1.6E-007 100 Total (all cutsets)1 CCDP Percent Contribution Minimum Cut Sets (of basic events)
Event Tree: TRANS1 Sequence 33 1.0E-007 70.38 AFW-XHE-ESD-ISOL MSS-MSIV-CF-2LINES MSS-MSIV-OO MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 4.3E-008 29.35 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-2LINES MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 1.5E-007 100 Total (all cutsets)1
- 1. Total importance includes all cutsets (including those not shown in this table).
LER 425/04-004 18 Table 4. Definitions and probabilities for modified and dominant basic events.
Name Description Probability AFW-XHE-ESD-ISOL OPERATORS FAIL TO ISOLATE AFW FLOW TO UNISOLA 5.5E-002 CVC-P1A-RUNNING CVC P1A IS RUNNING 5.0E-001 CVC-P1B-RUNNING CVC P1B IS RUNNING 5.0E-001 HPI-XHE-XM-FAB2 OPERATORS FAIL TO INITIATE FEED AND BLEED AFT 5.0E-002 HPI-XHE-XM-FAB3 OPERATORS FAIL TO INITIATE FEED & BLEED FOLLO 1.9E-001 HPR-XHE-XM-RECIRC3 OPERATOR FAILS TO INITIATE HIGH PRESS RECIRC 1.5E-001 MSS-MSIV-CF-1LINE CCF TO ISOLATE ONE SG DUE TO MSIV FAILURE GIV 8.9E-003 MSS-MSIV-CF-2LINES CCF TO ISOLATE 2 SGS DUE TO MSIV FAILURE GIVE 2.6E-003 MSS-MSIV-CF-3LINES CCF TO ISOLATE 3 OR MORE SGS DUE TO MSIV FAIL 1.1E-003 MSS-MSIV-OO MAIN STEAM ISOLATION VALVE FAILS TO CLOSE 5.0E-003 MSS-MSIVBY-00 MSIV BYPASS VALVE FAILS TO CLOSE 1.7E-003 MSS-MSIVBY-CF-1LINE CCF TO ISOLATE 1 SG DUE TO MSIV BYPASS VALVE 1.3E-002 MSS-MSIVBY-CF-2LINES CCF TO ISOLATE 2 SGS DUE TO MSIV BYPASS VALVE 3.1E-003 MSS-MSIVBY-CF-3LINES CCF TO ISOLATE 3 OR MORE SGS DUE TO MSIV BYPA 7.5E-004 MSS-SDV-FAIL-OPEN STEAM DUMP VALVES OPEN DUE TO ERRONEOUS SIGNAL TRUE1 MSS-THREESGS-ESFAS FAILURE TO ISOLATE 3 OR MORE SGS DUE TO CCF O 1.0E-005 MSS-XE-XR-SDV OPERATORS FAIL TO CLOSE STEAM DUMP VALVES 1.0E+000 MSS-XHE-XE-MSIV OPERATOR FAILS TO MANUALLY CLOSE MSIVS GIVEN 1.0E-002 NSW-FAN-CF-STARTA CCF OF NSCW TRAIN A COOLING TOWER FANS TO STA 1.5E-004 NSW-FAN-CF-STARTB CCF OF NSCW TRAIN B COOLING TOWER FANS TO STA 1.5E-004 NSW-FAN-TM-TRNA NSCW TRAIN A TOWER FANS TEST & MAINT (PSA VALU 2.0E-003 NSW-FAN-TM-TRNB NSCW TRAIN B TOWER FANS TEST & MAINT (PSA VALU 2.0E-003 NSW-MDP-CF-RUN4 CCF OF NSCW PUMPS P4-001 002 003 & 004 TO RUN 9.4E-008 PPR-MOV-FC-8000A PV-0455A BLOCK VALVE CLOSED DURING POWER 5.3E-002 PPR-MOV-FC-8000B PV-0456A BLOCK VALVE CLOSED DURING POWER 5.3E-002 PPR-SRV-CC-455A PV-0455A FAILS TO OPEN ON DEMAND 7.0E-004 PPR-SRV-CC-456A PV-0456A FAILS TO OPEN ON DEMAND 7.0E-004 RCS-MDP-LK-SEALS1 RCP SEALS FAIL W/O COOLING AND INJECTION 1.9E-001 RCS-PHN-MODPOOR MODERATOR TEMP COEFFICIENT NOT ENOUGH NEGATIV 1.4E-002 RCS-PHN-PL POWER AT HIGH LEVEL 8.6E-001 RPS-BME-CF-RTBAB CCF OF RTB-A AND RTB-B (MECHANICAL) 1.6E-006
LER 425/04-004 Name Description Probability 19 RPS-CCP-TM-CHA CH-A IN T&M 5.0E-003 RPS-CCX-CF-6OF8 CCF 6 ANALOG PROCESS LOGIC MODULES IN 3 OF 4 1.8E-006 RPS-ROD-CF-RCCAS CCF 10 OR MORE RCCAS FAIL TO DROP 1.2E-006 RPS-TXX-CF-6OF8 CCF 6 BISTABLES IN 3 OF 4 CHANNELS 2.7E-006 RPS-XHE-XE-NSGNL OPERATOR FAILS TO RESPOND WITH NO RPS SIGNAL 5.0E-001
- 1. Set to TRUE for the condition assessment.
LER 425/04-004 20 Appendix A Event Tree and Fault Tree Figures
LER 425/04-004 21 Figure A-1a. TRANS1 Event Tree
LER 425/04-004 22 Figure A-1b. TRANS1 Event Tree
LER 425/04-004 23 HPR HIGH P RESS URE RECIR C RHR RES IDUAL HEA T REMOV A L PZR RCS DE PRES S FO R LPI/RHR S SC S ECONDA RY S ID E COOLDOW N P ORV 2 P ORV s A RE CLOS ED BORA TIO N EMER GE NCY BORA TIO N A FW A UXILIARY FEED W AT ER MFW MAIN FEEDW ATE R RCSP RESS RCS PRESSURE LIMITE D RPS REA CTOR TRIP FAILED S TA TE NOTES 1
O K 2
O K 3
O K 4
CD 5
O K 6
CD 7
O K 8
CD 9
CD 10 O K 11 O K 12 O K 13 CD 14 O K 15 CD 16 O K 17 CD 18 CD 19 CD 20 CD HPR1 HPR 1 HPR 1 HPR 1 HPR 1 ATW S - VOG TLE ANTIC IPAT ED TRAN SIEN T W IT HO UT SCRAM 2003/12/27 Figure A-2. ATWS Event Tree
LER 425/04-004 24 LP R LO W PR E SS URE REC IRC H P R1 H IGH P RES SU R E R E CIR C RHR RES ID U AL HEA T REMOVA L L PI L OW P RESS U RE IN JE CTION P ZR RC S DE PR ES S FOR L PI/L PR SS C SE C OND A RY SID E C OOLD OW N S SCR S ECOND ARY S IDE C OOL ING R E COV ER ED FAB2 FEED AN D BL EE D H PI H IGH H EA D IN JE CTION A FW A U XILIA RY FE EDW ATER R PS R EAC TOR TRIP IE -S LOCA S MA LL L OCA S TA TE NOTES 1
O K 2
O K 3
C D 4
O K 5
C D 6
O K 7
C D 8
O K 9
O K 10 C D 11 C D 12 C D 13 C D 14 O K 15 O K 16 C D 17 O K 18 C D 19 O K 20 C D 21 O K 22 C D 23 C D 24 C D SSC1 S LO CA - V O G TLE S MAL L LO SS -O F-CO OLA NT ACCID ENT 2003/12/27 Figure A-3. SLOCA Event Tree
LER 425/04-004 25 Figure A-4. ESD Fault Tree
LER 425/04-004 26 Figure A-5a. MSIV Fault Tree
LER 425/04-004 27 Figure A-5b. MSIV-1 Fault Tree
LER 425/04-004 28 Figure A-5c. MSIV-2 Fault Tree
LER 425/04-004 29 Figure A-5d. MSIV-3 Fault Tree
LER 425/04-004 30 Figure A-6. AFW4 Fault Tree
LER 425/04-004 31 Figure A-7. AFW5 Fault Tree
LER 425/04-004 32 Figure A-8. AFW-TDP Fault Tree
LER 425/04-004 33 Figure A-9. OAT Fault Tree
LER 425/04-004 34 Appendix B Event Tree Linking Rules
LER 425/04-004 35 l1.
if AFW then
/PORV = PORV1; PORV = PORV1; endif l2.
if SSC + PZR then
/HPR = HPR1; HPR = HPR1; endif l3.
if RPS then eventree(TRANS1) = Flag(ATWS);
l4.
elsif RCPSL + PORV + PORV1 then eventree(TRANS1)= Flag(SEAL);
l5.
else eventree(TRANS1) = Flag(TRANS);
endif l6.
if always then
/MSIV=MSIV; MSIV[1]=MSIV-1; MSIV[2]=MSIV-2; MSIV[3]=MSIV-3; endif l7.
if MSIV-1 then
/AFW=AFW4; AFW=AFW4; endif l8.
if MSIV-2 then
/AFW=AFW5; AFW=AFW5; endif
LER 425/04-004 36 Appendix C Common Cause Failure Probabilities for MSIVs and MSIV Bypass Valves
LER 425/04-004 37 VOGTLE STEAM DUMP ASP CCF TO ISOLATE The four main steam lines at Vogtle each have 2 MSIVs, either one of which can isolate its line.
Per the structure of event tree TRANS1, in order to determine the CDF, we need to know the probability of a single main steam line not being isolated, the probability of two not being isolated, and the probability of more than two not being isolated. This is calculated below for each case as a sum of terms each comprising an alpha factor for a number of MSIV failures, multiplied by the fraction of those failures that lead to the indicated number of isolation failures.
Alpha n of m in the CCF model is the probability (relative to the total failure probability) of n and only n failures in a CC group of m items (m=8 in this case). These alphas are obtained from the SPAR model data base as explained below. We then need to know, for each n, what fraction of those failures will lead to a given number of line isolation failures.
In order to clarify the counting process, let valves A and E be in line 1, B and F in line 2, C and G in line 3 and D and H in line 4.
Total Combinations The number of combination of m things taken n at a time is C(m,n) = m!/ n! (m-n)!
The values for m=8 are given in Table C.1 below.
Combinations that will lead to more than one line failure Four or more valve failures are required.
For 4 valve failures The following combinations of 4 failures will fail 2 lines:
AEBF AECG AEDH BFCG BFDH CGDH The total is 6.
LER 425/04-004 38 For 5 valve failures For each of the above combinations of 4 failures, there are 4 unique combinations each involving one of the non-failed valves. But these do not fail additional lines. Thus, there are 24 combinations of 5 valve failures that will lead to failure to isolate 2 steam lines.
For 6 or more valve failures If only 2 valves have not failed, there are no combinations of these 2 non-failed valves that would isolate more than two lines; hence at least 2 lines are not isolated. Hence all combinations lead to failure to isolation of 2 or more lines.
Combinations that will lead to only two line failure Four or more valve failures are required.
For 4 valve failures The following combinations of 4 failures will fail 2 and only 2 lines AEBF AECG AEDH BFCG BFDH CGDH The total is 6.
For 5 valve failures For each of the above combinations of 4 failures, there are 4 unique combinations each involving one of the non-failed valves. However, it takes 2 added valve failures to fail 3 steam lines. Thus, there are 24 combinations of 5 valve failures that will lead to failure to isolate 2 and only 2 steam lines.
For 6 valve failures For each of the 6 combinations of 4 valve failures that isolate 2 lines there are 4 combinations of the unfailed valves that will not isolate another steam line. Hence there are 24 combinations that will fail to isolate 2 and only 2 steam lines.
LER 425/04-004 39 For 7 valve failures With only 1 valve not failing to close, it will isolate 1 and only one steam line. Hence, all 8 combinations will lead to failure to isolate 3 steam lines and none will lead to failure to isolate 2 and only 2 steam lines.
For 8 valve failures All steam lines will fail to be isolated.
Combinations that will lead to only one line failure For 2 valve failures There are 4 combinations that will lead to only one line failure AE BF CG DH For 3 valve failures For each of the above 2 valve failure combinations that fails a single steam line, there are 6 unique combinations that are possible but will not fail another line. Hence there are 24 total combinations of 3 valve failures that will fail only one line.
For 4 valve failures From above, 6 combinations of 4 valve failures fail 2 lines. The following 16 combinations of 4 failures will not lead to any line failures ABCD ABCH ABGD ABGH AFCD AFCH AFGD AFGH EBCD EBCH EBGD EBGH EFCD EFCH EFGD EFGH Therefore, while 22 combinations lead to other than a single line failure, 48 of 70 lead to a single line failure.
For 5 valve failures From above, 24 combinations of 5 valve failures fail 2 or more lines. Also there are no combinations of 5 valve failures that will not fail any lines.
Therefore, while 24 combinations lead to other than a single line failure, 32 of 56 lead to a single line failure.
LER 425/04-004 40 For 6 or more valve failures All combinations lead to failure to isolate 2 or more lines.
Conditional CCF probabilities The conditional probability of each of the three conditions (failure to isolate one steamline, failure to isolate 2 steamlines or the failure to isolate 3 or more steamlines) is given by G
number of combinations of n failures leading to condition n
total number of combinations of n failures summed over all combinations.
The common cause failure probability is then the conditional failure probability times the independent failure probability for the type of valve being evaluated.
The following table provides the conditional common cause failure probabilities for two sets of alpha factors from the SPAR data base. The first set uses alpha factors for air operated valves and was used for the MSIV bypass valves. The second set uses the generic alpha factors based on demand data and was used for the MSIVs.
LER 425/04-004 41 Table C.1 Common Cause Failure Probabilities for Different Numbers of Steam Line Isolation Failures BASED ON AOV ALPHAS BASED ON n
failures in group of m items Total Number of Combinations Number of combinations that will fail 3 or more steam lines Number of combinations that will fail only 2 steam lines Number of combinations that will fail only 1 steam line Alpha Probability of 3 or more steam lines not isolated Probability of 2 steam lines not isolated Probability of one steamline not isolated Alpha Probabil of 3 or more steam lin not isolat 2 of 8 28 0
0 4
1.61E-02 0.00E+00 0.00E+00 2.30E-03 1.49E-02 0.00E+
3 of 8 56 0
0 24 1.08E-02 0.00E+00 0.00E+00 4.63E-03 6.42E-03 0.00E+
4 of 8 70 0
6 48 6.61E-03 0.00E+00 5.67E-04 4.53E-03 3.85E-03 0.00E+
5 of 8 56 0
24 32 3.24E-03 0.00E+00 1.39E-03 1.85E-03 2.44E-03 0.00E+
6 of 8 28 4
24 0
1.38E-03 1.97E-04 1.18E-03 0.00E+00 1.38E-03 1.97E-7 of 8 8
8 0
0 4.32E-04 4.32E-04 0.00E+00 0.00E+00 5.79E-04 5.79E-8 of 8 1
1 0
0 1.17E-04 1.17E-04 0.00E+00 0.00E+00 3.39E-04 3.39E-CCF/Q(t) 7.46E-04 3.14E-03 1.33E-02 1.12E-
LER 425/04-004 42 Appendix D Human Reliability Modeling
LER 425/04-004 43 Reviewer:
HRA Worksheets for At-Power SPAR HUMAN ERROR WORKSHEET Plant: Vogtle Initiating Event: ESD Basic Event: AFW-XHE-ESD-ISOL Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAIL TO ISOLATE ALL SGS. AFW DEMANDED AND STARTS BUT OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS Basic Event
Description:
OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS Does this task contain a significant amount of diagnosis activity?
YES : (start with Part I - Diagnosis) NO ~ (skip Part I - Diagnosis; start with Part II - Action)
Why? Must enter Loss of Sec. Heat Sink functional recovery procedure following SG low level or recognize that unisolated SG is diverting AFW flow
LER 425/04-004 44 Reviewer:
PART I. EVALUATE EACH PSF FOR DIAGNOSIS A. Evaluate PSFs for the Diagnosis Portion of the Task, if any.
PSFs PSF Levels Multiplier for Diagnosis Please note specific reasons for PSF level selection in this column.
Available Time Inadequate time P(failure) = 1.0
~
Barely adequate time (.2/3 x nominal) 10
~
Nominal time 1
Extra time (between 1 and 2 x nominal and >
than 30 min) 0.1
~
Expansive time (> 2 x nominal and > 30 min) 0.01
~
Insufficient information 1
~
Stress/
Stressors Extreme 5
ESD combined with failure to isolate a SG.
High 2
~
Nominal 1
~
Insufficient information 1
~
Complexity Highly complex 5
~
Moderately complex 2
~
Nominal 1
Obvious diagnosis 0.1
~
Insufficient information 1
~
Experience/
Training Low 10
~
Nominal 1
High 0.5
~
Insufficient information 1
~
Procedures Not available 50
~
Incomplete 20
~
Available, but poor 5
~
Nominal 1
Diagnostic/symptom oriented 0.5
~
Insufficient information 1
~
Ergonomics/
HMI Missing/Misleading 50
~
Poor 10
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
Fitness for Duty Unfit P(failure) = 1.0 ~
Degraded Fitness 5
~
Nominal 1
Insufficient information 1
~
Work Processes Poor 2
~
Nominal 1
Good 0.8
~
Insufficient information 1
~
LER 425/04-004 45 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: AFW-XHE-ESD-ISOL Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED AND STARTS BUT OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS Basic Event
Description:
OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS B. Calculate the Diagnosis Failure Probability.
(1) If all PSF ratings are nominal, then the Diagnosis Failure Probability = 1.0E-2 (2) Otherwise, the Diagnosis Failure Probability is: 1.0E-2 x Time x Stress or Stressors x Complexity x Experience or Training x Procedures x Ergonomics or HMI x Fitness for Duty x Processes Diagnosis: 1.0E-2 x 1 x 5 x 1 x 1 x 1 x 1 x 1 x 1 =
C. Calculate the Adjustment Factor IF Negative Multiple (> 3) PSFs are Present.
When 3 or more negative PSF influences are present, in lieu of the equation above, you must compute a composite PSF score used in conjunction with the adjustment factor. Negative PSFs are present anytime a multiplier greater than 1 is selected. The Nominal HEP (NHEP) is 1.0E-2 for Diagnosis. The composite PSF score is computed by multiplying all the assigned PSF values. Then the adjustment factor below is applied to compute the HEP:
HEP NHEP PSF NHEP PSF composite composite
=
+
.(
)1 1
Diagnosis HEP with Adjustment Factor =
D. Record Final Diagnosis HEP.
If no adjustment factor was applied, record the value from Part B as your final diagnosis HEP.
If an adjustment factor was applied, record the value from Part C.
Final Diagnosis HEP =
5.0E-02 5.0E-02
LER 425/04-004 46 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: AFW-XHE-ESD-ISOL Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED AND STARTS BUT OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS Basic Event
Description:
OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS
LER 425/04-004 47 Reviewer:
PART II. EVALUATE EACH PSF FOR ACTION A. Evaluate PSFs for the Action Portion of the Task, if any.
PSFs PSF Levels Multiplier for Diagnosis Please note specific reasons for PSF level selection in this column.
Available Time Inadequate time P(failure) = 1.0
~
Time available is. the time required 10
~
Nominal time 1
Time available > 5x the time required 0.1
~
Time available is > 50x the time required 0.01
~
Insufficient information 1
~
Stress/
Stressors Extreme 5
Excessive steam demand has occurred along with failure of one or more SGs to be isolated.
High 2
~
Nominal 1
~
Insufficient information 1
~
Complexity Highly complex 5
~
Moderately complex 2
~
Nominal 1
Insufficient information 1
~
Experience/
Training Low 3
~
Nominal 1
High 0.5
~
Insufficient information 1
~
Procedures Not available 50
~
Incomplete 20
~
Available, but poor 5
~
Nominal 1
Insufficient information 1
~
Ergonomics/
HMI Missing/Misleading 50
~
Poor 10
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
Fitness for Duty Unfit P(failure) = 1.0 ~
Degraded Fitness 5
~
Nominal 1
Insufficient information 1
~
Work Processes Poor 5
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
LER 425/04-004 48 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: AFW-XHE-ESD-ISOL Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAIL TO ISOLATE ALL SGS. AFW DEMANDED AND STARTS BUT OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS Basic Event
Description:
OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS B. Calculate the Action Failure Probability.
(1) If all PSF ratings are nominal, then the Action Failure Probability = 1.0E-3 (2) Otherwise, the Action Failure Probability is: 1.0E-3 x Time x Stress or Stressors x Complexity x Experience or Training x Procedures x Ergonomics or HMI x Fitness for Duty x Processes Action: 1.0E-3 x 1.0 x 5.0 x 1 x 1 x 1 x 1 x 1 x 1 =
C. Calculate the Adjustment Factor IF Negative Multiple (> 3) PSFs are Present.
When 3 or more negative PSF influences are present, in lieu of the equation above, you must compute a composite PSF score used in conjunction with the adjustment factor. Negative PSFs are present anytime a multiplier greater than 1 is selected. The Nominal HEP (NHEP) is 1.0E-3 for Action. The composite PSF score is computed by multiplying all the assigned PSF values. Then the adjustment factor below is applied to compute the HEP:
Action HEP with Adjustment Factor =
D. Record Final Action HEP.
If no adjustment factor was applied, record the value from Part B as your final action HEP. If an adjustment factor was applied, record the value from Part C.
Final Action HEP =
5.0E-03 HEP NHEP PSF NHEP PSF composite composite
=
+
.(
)1 1
5.0E-03
LER 425/04-004 49 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: AFW-XHE-ESD-ISOL Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAIL TO ISOLATE ALL SGS. AFW DEMANDED AND STARTS BUT OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS Basic Event
Description:
OPERATORS FAIL TO ISOLATE AFW FLOW TO NON-ISOLATED SGS PART III. CALCULATE TASK FAILURE PROBABILITY WITHOUT FORMAL DEPENDENCE (PW/OD)
Calculate the Task Failure Probability Without Formal Dependence (Pw/od) by adding the Diagnosis Failure Probability from Part I and the Action Failure Probability from Part II. In instances where an action is required without a diagnosis and there is no dependency, then this step is omitted.
Pw/od = Diagnosis HEP 0.05 + Action HEP 0.005 =
Part IV. DEPENDENCY For all tasks, except the first task in the sequence, use the table and formulae below to calculate the Task Failure Probability With Formal Dependence (Pw/d).
If there is a reason why failure on previous tasks should not be considered, such as it is impossible to take the current action unless the previous action has been properly performed, explain here:
5.5E-02
LER 425/04-004 50 Reviewer:
Condition Number Crew (same or different)
Time (close in time or not close in time)
Location (same or different)
Cues (additional or no additional)
Dependency Number of Human Action Failures Rule
~ - Not Applicable.
Why?
1 s
c s
na complete When considering recovery in a series e.g., 2nd, 3rd, or 4th checker If this error is the 3rd error in the sequence, then the dependency is at lease moderate.
If this error is the 4th error in the sequence, then the dependency is at least high.
2 a
complete 3
d na high 4
a high 5
nc s
na high 6
a moderate 7
d na moderate 8
a low 9
d c
s na moderate 10 a
moderate 11 d
na moderate 12 a
moderate 13 nc s
na low 14 a
low 15 d
na low 16 a
low 17X zero Using Pw/od = Probability of Task Failure Without Formal Dependence (calculated in Part III):
For Complete Dependence the probability failure is 1.
For High Dependence the probability of failure is (1+ Pw/od/2)
For Moderate Dependence the probability of failure is (1+6 x Pw/od)/7 For Low Dependence the probability of failure is (1+19 x Pw/od)/20 For Zero Dependence the probability of failure is Pw/od Calculate Pw/d using the appropriate values:
Pw/d = (1 + ( * ))/ =
5.5E-02
LER 425/04-004 51 Reviewer:
HRA Worksheets for At-Power SPAR HUMAN ERROR WORKSHEET Plant: Vogtle Initiating Event: ESD Basic Event: HPI-XHE-XM-FAB2 and HPI-XHE-XM-FAB3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS - No dependency FAB2 - with dependency FAB3 Basic Event
Description:
OPERATORS FAIL TO INITIATE FEED AND BLEED Does this task contain a significant amount of diagnosis activity?
YES ~ (start with Part I - Diagnosis) NO : (skip Part I - Diagnosis; start with Part II - Action)
Why? Simple direction in EOP on SG low level to initiate FAB
LER 425/04-004 52 Reviewer:
PART I. EVALUATE EACH PSF FOR DIAGNOSIS A. Evaluate PSFs for the Diagnosis Portion of the Task, if any.
PSFs PSF Levels Multiplier for Diagnosis Please note specific reasons for PSF level selection in this column.
Available Time Inadequate time P(failure) = 1.0
~
Barely adequate time (.2/3 x nominal) 10
~
Nominal time 1
~
Extra time (between 1 and 2 x nominal and >
than 30 min) 0.1
~
Expansive time (> 2 x nominal and > 30 min) 0.1 to 0.01
~
Insufficient information 1
~
Stress/
Stressors Extreme 5
~
High 2
~
Nominal 1
~
Insufficient Information 1
~
Complexity Highly complex 5
~
Moderately complex 2
~
Nominal 1
~
Obvious diagnosis 0.1
~
Insufficient information 1
~
Experience/
Training Low 10
~
Nominal 1
~
High 0.5
~
Insufficient information 1
~
Procedures Not available 50
~
Incomplete 20
~
Available, but poor 5
~
Nominal 1
~
Diagnostic/symptom oriented 0.5
~
Insufficient information 1
~
Ergonomics/
HMI Missing/Misleading 50
~
Poor 10
~
Nominal 1
~
Good 0.5
~
Insufficient Information 1
~
Fitness for Duty Unfit P(failure) = 1.0 ~
Degraded Fitness 5
~
Nominal 1
~
Insufficient information 1
~
Work Processes Poor 2
~
Nominal 1
~
Good 0.8
~
Insufficient information 1
~
LER 425/04-004 53 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPI-XHE-XM-FAB2 and HPI-XHE-XM-FAB3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS - No dependency FAB2 - with dependency FAB3 Basic Event
Description:
OPERATORS FAIL TO INITIATE FEED AND BLEED B. Calculate the Diagnosis Failure Probability.
(1) If all PSF ratings are nominal, then the Diagnosis Failure Probability = 1.0E-2 (2) Otherwise, the Diagnosis Failure Probability is: 1.0E-2 x Time x Stress or Stressors x Complexity x Experience or Training x Procedures x Ergonomics or HMI x Fitness for Duty x Processes Diagnosis: 1.0E-2 x x x x x x x x =
C. Calculate the Adjustment Factor IF Negative Multiple (> 3) PSFs are Present.
When 3 or more negative PSF influences are present, in lieu of the equation above, you must compute a composite PSF score used in conjunction with the adjustment factor. Negative PSFs are present anytime a multiplier greater than 1 is selected. The Nominal HEP (NHEP) is 1.0E-2 for Diagnosis. The composite PSF score is computed by multiplying all the assigned PSF values. Then the adjustment factor below is applied to compute the HEP:
Diagnosis HEP with Adjustment Factor =
D. Record Final Diagnosis HEP.
If no adjustment factor was applied, record the value from Part B as your final diagnosis HEP.
If an adjustment factor was applied, record the value from Part C.
Final Diagnosis HEP =
HEP NHEP PSF NHEP PSF composite composite
=
+
.(
)1 1
LER 425/04-004 54 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPI-XHE-XM-FAB2 and HPI-XHE-XM-FAB3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS - No dependency FAB2 - with dependency FAB3 Basic Event
Description:
OPERATORS FAIL TO INITIATE FEED AND BLEED
LER 425/04-004 55 Reviewer:
PART II. EVALUATE EACH PSF FOR ACTION A. Evaluate PSFs for the Action Portion of the Task, if any.
PSFs PSF Levels Multiplier for Diagnosis Please note specific reasons for PSF level selection in this column.
Available Time Inadequate time P(failure) = 1.0
~
Assumed to be relatively short time window Time available is. the time required 10 Nominal time 1
~
Time available > 5x the time required 0.1
~
Time available is > 50x the time required 0.01
~
Insufficient information 1
~
Stress/
Stressors Extreme 5
Excessive steam demand has occurred along with failure of one or more SGs to be isolated.
High 2
~
Nominal 1
~
Insufficient information 1
~
Complexity Highly complex 5
~
Moderately complex 2
~
Nominal 1
Insufficient information 1
~
Experience/
Training Low 3
~
Nominal 1
High 0.5
~
Insufficient information 1
~
Procedures Not available 50
~
Incomplete 20
~
Available, but poor 5
~
Nominal 1
Insufficient information 1
~
Ergonomics/
HMI Missing/Misleading 50
~
Poor 10
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
Fitness for Duty Unfit P(failure) = 1.0 ~
Degraded Fitness 5
~
Nominal 1
Insufficient information 1
~
Work Processes Poor 5
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
LER 425/04-004 56 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPI-XHE-XM-FAB2 and HPI-XHE-XM-FAB3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS - No dependency FAB2 - with dependency FAB3 Basic Event
Description:
OPERATORS FAIL TO INITIATE FEED AND BLEED B. Calculate the Action Failure Probability.
(1) If all PSF ratings are nominal, then the Action Failure Probability = 1.0E-3 (2) Otherwise, the Action Failure Probability is: 1.0E-3 x Time x Stress or Stressors x Complexity x Experience or Training x Procedures x Ergonomics or HMI x Fitness for Duty x Processes Action: 1.0E-3 x 10 x 5 x 1 x 1 x 1 x 1 x 1 x 1 =
C. Calculate the Adjustment Factor IF Negative Multiple (> 3) PSFs are Present.
When 3 or more negative PSF influences are present, in lieu of the equation above, you must compute a composite PSF score used in conjunction with the adjustment factor. Negative PSFs are present anytime a multiplier greater than 1 is selected. The Nominal HEP (NHEP) is 1.0E-3 for Action. The composite PSF score is computed by multiplying all the assigned PSF values. Then the adjustment factor below is applied to compute the HEP:
Action HEP with Adjustment Factor =
D. Record Final Action HEP.
If no adjustment factor was applied, record the value from Part B as your final action HEP. If an adjustment factor was applied, record the value from Part C.
Final Action HEP =
5E-02 HEP NHEP PSF NHEP PSF composite composite
=
+
.(
)1 1
LER 425/04-004 57 Reviewer:
Plant: VOGTLE Initiating Event: ESD Basic Event: HPI-XHE-XM-FAB2 and HPI-XHE-XM-FAB3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS - No dependency FAB2 - with dependency FAB3 Basic Event
Description:
OPERATORS FAIL TO INITIATE FEED AND BLEED PART III. CALCULATE TASK FAILURE PROBABILITY WITHOUT FORMAL DEPENDENCE (PW/OD)
Calculate the Task Failure Probability Without Formal Dependence (Pw/od) by adding the Diagnosis Failure Probability from Part I and the Action Failure Probability from Part II. In instances where an action is required without a diagnosis and there is no dependency, then this step is omitted.
Pw/od = Diagnosis HEP 0 + Action HEP 5E-02 =
Part IV. DEPENDENCY For all tasks, except the first task in the sequence, use the table and formulae below to calculate the Task Failure Probability With Formal Dependence (Pw/d).
If there is a reason why failure on previous tasks should not be considered, such as it is impossible to take the current action unless the previous action has been properly performed, explain here:
(Note: Following Dependency is applicable only to HPI-XHE-XM-FAB3) 5E-02
LER 425/04-004 58 Reviewer:
0.186 Condition Number Crew (same or different)
Time (close in time or not close in time)
Location (same or different)
Cues (additional or no additional)
Dependency Number of Human Action Failures Rule
~ - Not Applicable.
Why?
1 s
c s
na complete When considering recovery in a series e.g., 2nd, 3rd, or 4th checker If this error is the 3rd error in the sequence, then the dependency is at lease moderate.
If this error is the 4th error in the sequence, then the dependency is at least high.
2 a
complete 3
d na high 4
a high 5
nc s
na high 6U a
moderate 7
d na moderate 8
a low 9
d c
s na moderate 10 a
moderate 11 d
na moderate 12 a
moderate 13 nc s
na low 14 a
low 15 d
na low 16 a
low 17X zero Using Pw/od = Probability of Task Failure Without Formal Dependence (calculated in Part III):
For Complete Dependence the probability failure is 1.
For High Dependence the probability of failure is (1+ Pw/od/2)
U For Moderate Dependence the probability of failure is (1+6 x Pw/od)/7 For Low Dependence the probability of failure is (1+19 x Pw/od)/20 For Zero Dependence the probability of failure is Pw/od Calculate Pw/d using the appropriate values:
HPI-XHE-XM-FAB2 Pw/d = (1 + ( * ))/ =
HPI-XHE-XM-FAB3 Pw/d = (1 + ( 6 *.05 ))/ 7 =
LER 425/04-004 59 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPR-XHE-XM-RECIRC2 and HPR-XHE-XM-RECIRC3A Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS, SUCCESSFULLY INITIATED FAB - No dependency -RECIRC2 - with Dependency -RECIRC3 Basic Event
Description:
OPERATORS FAIL TO INITIATE HIGH PRESSURE RECIRCULATION Does this task contain a significant amount of diagnosis activity? YES ~ (start with Part I -
Diagnosis) NO : (skip Part I - Diagnosis; start with Part II - Action) Why? Specific directions following FAB to go to RECIRC
LER 425/04-004 60 Reviewer:
PART I. EVALUATE EACH PSF FOR DIAGNOSIS A. Evaluate PSFs for the Diagnosis Portion of the Task, if any.
PSFs PSF Levels Multiplier for Diagnosis Please note specific reasons for PSF level selection in this column.
Available Time Inadequate time P(failure) = 1.0
~
Barely adequate time (.2/3 x nominal) 10
~
Nominal time 1
~
Extra time (between 1 and 2 x nominal and >
than 30 min) 0.1
~
Expansive time (> 2 x nominal and > 30 min) 0.1 to 0.01
~
Insufficient information 1
~
Stress/
Stressors Extreme 5
~
High 2
~
Nominal 1
~
Insufficient information 1
~
Complexity Highly complex 5
~
Moderately complex 2
~
Nominal 1
~
Obvious diagnosis 0.1
~
Insufficient information 1
~
Experience/
Training Low 10
~
Nominal 1
~
High 0.5
~
Insufficient information 1
~
Procedures Not available 50
~
Incomplete 20
~
Available, but poor 5
~
Nominal 1
~
Diagnostic/symptom oriented 0.5
~
Insufficient information 1
~
Ergonomics/
HMI Missing/Misleading 50
~
Poor 10
~
Nominal 1
~
Good 0.5
~
Insufficient information 1
~
Fitness for Duty Unfit P(failure) = 1.0 ~
Degraded Fitness 5
~
Nominal 1
~
Insufficient information 1
~
Work Processes Poor 2
~
Nominal 1
~
Good 0.8
~
Insufficient information 1
~
LER 425/04-004 61 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPR-XHE-XM-RECIRC2 and HPR-XHE-XM-RECIRC3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS, SUCCESSFULLY INITIATED FAB - No dependency -RECIRC2 - with Dependency -RECIRC3 Basic Event
Description:
OPERATORS FAIL TO INITIATE HIGH PRESSURE RECIRCULATION B. Calculate the Diagnosis Failure Probability.
(1) If all PSF ratings are nominal, then the Diagnosis Failure Probability = 1.0E-2 (2) Otherwise, the Diagnosis Failure Probability is: 1.0E-2 x Time x Stress or Stressors x Complexity x Experience or Training x Procedures x Ergonomics or HMI x Fitness for Duty x Processes Diagnosis: 1.0E-2 x x x x x x x x =
C. Calculate the Adjustment Factor IF Negative Multiple (> 3) PSFs are Present.
When 3 or more negative PSF influences are present, in lieu of the equation above, you must compute a composite PSF score used in conjunction with the adjustment factor. Negative PSFs are present anytime a multiplier greater than 1 is selected. The Nominal HEP (NHEP) is 1.0E-2 for Diagnosis. The composite PSF score is computed by multiplying all the assigned PSF values. Then the adjustment factor below is applied to compute the HEP:
Diagnosis HEP with Adjustment Factor =
D. Record Final Diagnosis HEP.
If no adjustment factor was applied, record the value from Part B as your final diagnosis HEP.
If an adjustment factor was applied, record the value from Part C.
Final Diagnosis HEP =
HEP NHEP PSF NHEP PSF composite composite
=
+
.(
)1 1
LER 425/04-004 62 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPR-XHE-XM-RECIRC2 and HPR-XHE-XM-RECIRC3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS, SUCCESSFULLY INITIATED FAB - No dependency -RECIRC2 - with Dependency -RECIRC3 Basic Event
Description:
OPERATORS FAIL TO INITIATE HIGH PRESSURE RECIRCULATION
LER 425/04-004 63 Reviewer:
PART II. EVALUATE EACH PSF FOR ACTION A. Evaluate PSFs for the Action Portion of the Task, if any.
PSFs PSF Levels Multiplier for Diagnosis Please note specific reasons for PSF level selection in this column.
Available Time Inadequate time P(failure) = 1.0
~
Time available is. the time required 10
~
Nominal time 1
Time available > 5x the time required 0.1
~
Time available is > 50x the time required 0.01
~
Insufficient information 1
~
Stress/
Stressors Extreme 5
~
While have had ESD event and AFW failure have achieved FAB High 2
Nominal 1
~
Insufficient information 1
~
Complexity Highly complex 5
~
Requires multiple actions Moderately complex 2
Nominal 1
~
Insufficient information 1
~
Experience/
Training Low 3
~
Nominal 1
High 0.5
~
Insufficient information 1
~
Procedures Not available 50
~
Incomplete 20
~
Available, but poor 5
~
Nominal 1
Insufficient information 1
~
Ergonomics/
HMI Missing/Misleading 50
~
Poor 10
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
Fitness for Duty Unfit P(failure) = 1.0 ~
Degraded Fitness 5
~
Nominal 1
Insufficient information 1
~
Work Processes Poor 5
~
Nominal 1
Good 0.5
~
Insufficient information 1
~
LER 425/04-004 64 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPR-XHE-XM-RECIRC2 and HPR-XHE-XM-RECIRC3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS, SUCCESSFULLY INITIATED FAB - No dependency -RECIRC2 - with Dependency -RECIRC3 Basic Event
Description:
OPERATORS FAIL TO INITIATE HIGH PRESSURE RECIRCULATION B. Calculate the Action Failure Probability.
(1) If all PSF ratings are nominal, then the Action Failure Probability = 1.0E-3 (2) Otherwise, the Action Failure Probability is: 1.0E-3 x Time x Stress or Stressors x Complexity x Experience or Training x Procedures x Ergonomics or HMI x Fitness for Duty x Processes Action: 1.0E-3 x 1 x 2 x 2 x 1 x 1 x 1 x 1 x 1 =
C. Calculate the Adjustment Factor IF Negative Multiple (> 3) PSFs are Present.
When 3 or more negative PSF influences are present, in lieu of the equation above, you must compute a composite PSF score used in conjunction with the adjustment factor. Negative PSFs are present anytime a multiplier greater than 1 is selected. The Nominal HEP (NHEP) is 1.0E-3 for Action. The composite PSF score is computed by multiplying all the assigned PSF values. Then the adjustment factor below is applied to compute the HEP:
Action HEP with Adjustment Factor =
D. Record Final Action HEP.
If no adjustment factor was applied, record the value from Part B as your final action HEP. If an adjustment factor was applied, record the value from Part C.
Final Action HEP =
4E-03 HEP NHEP PSF NHEP PSF composite composite
=
+
.(
)1 1
LER 425/04-004 65 Reviewer:
Plant: Vogtle Initiating Event: ESD Basic Event: HPR-XHE-XM-RECIRC2 and HPR-XHE-XM-RECIRC3 Event Coder: ERS Basic Event Context: FOLLOWING EXCESSIVE STEAM DEMAND GET MSIV CLOSURE SIGNAL BUT FAILS TO ISOLATE ALL SGS. AFW DEMANDED BUT FAILS, SUCCESSFULLY INITIATED FAB - No dependency -RECIRC2 - with Dependency -RECIRC3 Basic Event
Description:
OPERATORS FAIL TO INITIATE HIGH PRESSURE RECIRCULATION PART III. CALCULATE TASK FAILURE PROBABILITY WITHOUT FORMAL DEPENDENCE (PW/OD)
Calculate the Task Failure Probability Without Formal Dependence (Pw/od) by adding the Diagnosis Failure Probability from Part I and the Action Failure Probability from Part II. In instances where an action is required without a diagnosis and there is no dependency, then this step is omitted.
Pw/od = Diagnosis HEP 0 + Action HEP 4E-03 =
Part IV. DEPENDENCY For all tasks, except the first task in the sequence, use the table and formulae below to calculate the Task Failure Probability With Formal Dependence (Pw/d).
If there is a reason why failure on previous tasks should not be considered, such as it is impossible to take the current action unless the previous action has been properly performed, explain here:
(Note: Following dependency applies only to HPR-XHE-XM-RECIRC3) 4E-03
LER 425/04-004 66 Reviewer:
0.146 Condition Number Crew (same or different)
Time (close in time or not close in time)
Location (same or different)
Cues (additional or no additional)
Dependency Number of Human Action Failures Rule
~ - Not Applicable.
Why?
1 s
c s
na complete When considering recovery in a series e.g., 2nd, 3rd, or 4th checker If this error is the 3rd error in the sequence, then the dependency is at lease moderate.
If this error is the 4th error in the sequence, then the dependency is at least high.
2 a
complete 3
d na high 4
a high 5
nc s
na high 6 U a
moderate 7
d na moderate 8
a low 9
d c
s na moderate 10 a
moderate 11 d
na moderate 12 a
moderate 13 nc s
na low 14 a
low 15 d
na low 16 a
low 17 zero Using Pw/od = Probability of Task Failure Without Formal Dependence (calculated in Part III):
For Complete Dependence the probability failure is 1.
For High Dependence the probability of failure is (1+ Pw/od/2)
U For Moderate Dependence the probability of failure is (1+6 x Pw/od)/7 For Low Dependence the probability of failure is (1+19 x Pw/od)/20 For Zero Dependence the probability of failure is Pw/od Calculate Pw/d using the appropriate values:
HPR-XHE-XM-RECIRC2 Pw/d = (1 + ( * ))/ =
HPR-XHE-XM-RECIRC3 Pw/d = (1 + ( 6
- 4E-03 ))/ 7 =
LER 425/04-004 67 Appendix E Additional Cut Set Recovery Rules
LER 425/04-004 68 lRules added for Vogtle excessive steam demand event for event specific lHEPs and new HEP dependencies if HPI-XHE-XM-FAB*(MSS-THREESGS-ESFAS + MSS-TWOSGS-ESFAS) then DeleteEvent = HPI-XHE-XM-FAB; AddEvent = HPI-XHE-XM-FAB3; elsif HPI-XHE-XM-FAB
- AFW-XHE-ESD-ISOL *
(MSS-MSIV-CF-1LINE + MSS-MSIV-CF-2LINES + MSS-MSIV-CF-3LINES
+ MSS-MSIVBY-CF-1LINE + MSS-MSIVBY-CF-2LINES + MSS-MSIVBY-CF-3LINES) then DeleteEvent = HPI-XHE-XM-FAB; AddEvent = HPI-XHE-XM-FAB3; elsif HPI-XHE-XM-FAB * (MSS-MSIV-CF-3LINES + MSS-MSIVBY-CF-3LINES) then DeleteEvent = HPI-XHE-XM-FAB; AddEvent = HPI-XHE-XM-FAB2; elsif HPR-XHE-XM-RECIRC
- AFW-XHE-ESD-ISOL *
(MSS-MSIV-CF-1LINE + MSS-MSIV-CF-2LINES + MSS-MSIV-CF-3LINES
+ MSS-MSIVBY-CF-1LINE + MSS-MSIVBY-CF-2LINES + MSS-MSIVBY-CF-3LINES) then DeleteEvent = HPR-XHE-XM-RECIRC; AddEvent = HPR-XHE-XM-RECIRC3; elsif HPR-XHE-XM-RECIRC * (MSS-MSIV-CF-3LINES + MSS-MSIVBY-CF-3LINES) then DeleteEvent = HPR-XHE-XM-RECIRC; AddEvent = HPR-XHE-XM-RECIRC2; endif
LER 425/04-004 69 Appendix F GEM Summary Report
LER 425/04-004 70 INITIATING EVENT ASSESSMENT Code Ver: 7:26 Fam: VOGT_3 Model Ver: 2005/10/28 User: INL Init Event: IE-TRANS1 Ev ID: TRANS1-WITH-ESD Total CCDP: 2.9E-006 Desc: TRANS1 ET ESD SET TO TRUE BASIC EVENT CHANGES Event Name Description Base Prob Curr Prob Type IE-LLOCA LARGE LOSS OF COOLANT ACCIDE 5.0E-006
+0.0E+000 IE-LOACCW LOSS OF AUX. COMPONENT COOLI 4.0E-004
+0.0E+000 IE-LOCHS LOSS OF CONDENSER HEAT SINK 9.0E-002
+0.0E+000 IE-LODCA LOSS OF DC BUS INITIATING EV 8.0E-004
+0.0E+000 IE-LOMFW LOSS OF MAIN FEEDWATER INITI 1.0E-001
+0.0E+000 IE-LONSW LOSS OF NUCLEAR SERVICE WATE 4.0E-004
+0.0E+000 IE-LOOP LOSS OF OFFSITE POWER 3.6E-002
+0.0E+000 IE-MLOCA MEDIUM LOSS OF COOLANT ACCID 4.0E-005
+0.0E+000 IE-RHR-DIS-V RHR DISCHARGE ISLOCA OCCURS 8.8E+003
+0.0E+000 IE-RHR-HL-V RHR HOT LEG ISLOCA IE 8.8E+003
+0.0E+000 IE-RHR-SUC-V RHR SUCTION ISLOCA IE 8.8E+003
+0.0E+000 IE-SGTR SG TUBE RUPTURE 4.0E-003
+0.0E+000 IE-SI-CLDIS-V SI COLD LEG ISLOCA OCCURS WI 8.8E+003
+0.0E+000 IE-SI-HLDIS-V SI HOT LEG ISLOCA IE 8.8E+003
+0.0E+000 IE-SLOCA SMALL LOSS OF COOLANT ACCIDE 4.0E-004
+0.0E+000 IE-TRANS TRANSIENT 7.0E-001
+0.0E+000 IE-TRANS1 TRANSIENT 7.0E-001 1.0E+000 MSS-SDV-FAIL-OPEN STEAM DUMP VALVES OPEN DUE T
+0.0E+000 1.0E+000 TRUE
LER 425/04-004 71 SEQUENCE PROBABILITIES Truncation: Cumulative: 100.0%
Individual: 0.0%
Event Tree Name Sequence Name CCDP
%Cont TRANS1 24 6.9E-007 TRANS1 41-20 6.5E-007 TRANS1 23 5.4E-007 TRANS1 38 3.7E-007 TRANS1 34 1.9E-007 TRANS1 11-11 1.6E-007 TRANS1 33 1.5E-007 SEQUENCE LOGIC Event Tree Sequence Name Logic TRANS1 24
/RPS SD MSIV-1 AFW4
/HPI FAB TRANS1 41-20 RPS CSPRESS TRANS1 23
/RPS ESD MSIV-1 AFW4
/HPI
/FAB HPR TRANS1 38
/RPS ESD MSIV-3
/HPI
/RCPSL FAB TRANS1 34
/RPS ESD MSIV-2 AFW5
/HPI FAB TRANS1 11-11
/RPS ESD
/MSIV
/AFW
/PORV RCPSL HPI
/SSC1
/PZR LPI TRANS1 33
/RPS ESD MSIV-2 AFW5
/HPI
/FAB HPR
LER 425/04-004 72 Fault Tree Name Description AFW AUXILIARY FEEDWATER AFW4 AUXILIARY FEEDWATER AFW5 AUXILIARY FEEDWATER ESD NO EXCESSIVE STEAM DEMAND FAB FEED AND BLEED HPI HIGH PRESSURE INJECTION HPR HIGH PRESSURE RECIRC LPI LOW PRESSURE INJECTION MSIV MSIVS ISOLATE STEAM GENERATORS MSIV-1 FAILURE TO ISOLATE 1 SG MSIV-2 FAILUE TO ISOLATE 2 OR MORE SGS MSIV-3 FAILURE TO ISOLATE 3 OR MORE SGS PORV PORVs ARE CLOSED PZR RCS DEPRESS RCPSL RCP SEAL INTEGRITY MAINTAINED RCSPRESS RCS PRESSURE LIMITED RPS REACTOR TRIP SSC1 VOGTLE SECONDARY SIDE COOLDOWN
LER 425/04-004 73 SEQUENCE CUT SETS Truncation: Cumulative: 100.0%
Individual: 1.0%
Event Tree: TRANS1 CCDP: 6.9E-007 Sequence: 24 CCDP
% Cut Set Cut Set Events 4.6E-007 65.79 AFW-XHE-ESD-ISOL MSS-MSIV-CF-1LINE MSS-MSIV-OO MSS-XE-XR-SDV HPI-XHE-XM-FAB3 2.3E-007 33.39 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-1LINE MSS-XE-XR-SDV HPI-XHE-XM-FAB3
LER 425/04-004 74 Event Tree: TRANS1 CCDP: 6.5E-007 Sequence: 41-20 CCDP
% Cut Set Cut Set Events 8.6E-008 13.31 PPR-MOV-FC-8000B RPS-BME-CF-RTBAB 8.6E-008 13.31 PPR-MOV-FC-8000A RPS-BME-CF-RTBAB 7.2E-008 11.11 PPR-MOV-FC-8000B RPS-TXX-CF-6OF8
/RPS-CCP-TM-CHA RPS-XHE-XE-NSGNL 7.2E-008 11.11 PPR-MOV-FC-8000A PS-TXX-CF-6OF8
/RPS-CCP-TM-CHA RPS-XHE-XE-NSGNL 6.5E-008 10.00 PPR-MOV-FC-8000B RPS-ROD-CF-RCCAS 6.5E-008 10.00 PPR-MOV-FC-8000A RPS-ROD-CF-RCCAS 4.9E-008 7.53 PPR-MOV-FC-8000B
/RPS-CCP-TM-CHA RPS-CCX-CF-6OF8 RPS-XHE-XE-NSGNL 4.9E-008 7.53 PPR-MOV-FC-8000A
/RPS-CCP-TM-CHA RPS-CCX-CF-6OF8 RPS-XHE-XE-NSGNL 1.9E-008 3.01 RCS-PHN-MODPOOR RCS-PHN-PL RPS-BME-CF-RTBAB 1.6E-008 2.51 RCS-PHN-MODPOOR RCS-PHN-PL RPS-TXX-CF-6OF8
/RPS-CCP-TM-CHA RPS-XHE-XE-NSGNL 1.5E-008 2.26 RCS-PHN-MODPOOR RCS-PHN-PL RPS-ROD-CF-RCCAS 1.1E-008 1.70 RCS-PHN-MODPOOR RCS-PHN-PL
/RPS-CCP-TM-CHA RPS-CCX-CF-6OF8 RPS-XHE-XE-NSGNL
LER 425/04-004 75 Event Tree: TRANS1 CCDP: 5.4E-007 Sequence: 23 CCDP
% Cut Set Cut Set Events 3.6E-007 66.17 AFW-XHE-ESD-ISOL MSS-MSIV-CF-1LINE MSS-MSIV-OO MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 1.8E-007 33.58 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-1LINE MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 Event Tree: TRANS1 CCDP: 3.7E-007 Sequence: 38 CCDP
% Cut Set Cut Set Events 2.8E-007 75.15 MSS-MSIV-CF-3LINES MSS-MSIV-OO MSS-XE-XR-SDV HPI-XHE-XM-FAB2 6.3E-008 17.02 MSS-MSIVBY-00 MSS-MSIVBY-CF-3LINES MSS-XE-XR-SDV HPI-XHE-XM-FAB2 1.9E-008 4.99 MSS-THREESGS-ESFAS MSS-XE-XR-SDV MSS-XHE-XE-MSIV HPI-XHE-XM-FAB3 3.9E-009 1.05 PPR-SRV-CC-456A MSS-MSIV-CF-3LINES MSS-MSIV-OO MSS-XE-XR-SDV 3.9E-009 1.05 PPR-SRV-CC-455A MSS-MSIV-CF-3LINES MSS-MSIV-OO MSS-XE-XR-SDV Event Tree: TRANS1 CCDP: 1.9E-007 Sequence: 34 CCDP
% Cut Set Cut Set Events 1.3E-007 69.73 AFW-XHE-ESD-ISOL MSS-MSIV-CF-2LINES MSS-MSIV-OO MSS-XE-XR-SDV HPI-XHE-XM-FAB3 5.5E-008 29.08 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-2LINES MSS-XE-XR-SDV HPI-XHE-XM-FAB3
LER 425/04-004 76 Event Tree: TRANS1 CCDP: 1.6E-007 Sequence: 11-11 CCDP
% Cut Set Cut Set Events 2.8E-008 17.42 NSW-FAN-CF-STARTA NSW-FAN-TM-TRNB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 2.8E-008 17.42 NSW-FAN-CF-STARTB NSW-FAN-TM-TRNA RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 2.8E-008 17.42 NSW-FAN-CF-STARTB NSW-FAN-TM-TRNA RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 2.8E-008 17.42 NSW-FAN-CF-STARTA NSW-FAN-TM-TRNB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 8.9E-009 5.54 NSW-MDP-CF-RUN4 RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 8.9E-009 5.54 NSW-MDP-CF-RUN4 RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING 2.1E-009 1.29 NSW-FAN-CF-STARTA NSW-FAN-CF-STARTB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1A-RUNNING 2.1E-009 1.29 NSW-FAN-CF-STARTA NSW-FAN-CF-STARTB RCS-MDP-LK-SEALS1 MSS-XE-XR-SDV CVC-P1B-RUNNING Event Tree: TRANS1 CCDP: 1.5E-007 Sequence: 33 CCDP
% Cut Set Cut Set Events 1.0E-007 70.38 AFW-XHE-ESD-ISOL MSS-MSIV-CF-2LINES MSS-MSIV-OO MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3 4.3E-008 29.35 AFW-XHE-ESD-ISOL MSS-MSIVBY-00 MSS-MSIVBY-CF-2LINES MSS-XE-XR-SDV HPR-XHE-XM-RECIRC3
LER 425/04-004 77 BASIC EVENTS (Cut Sets Only)
Event Name Description Curr Prob AFW-XHE-ESD-ISOL OPERATORS FAIL TO ISOLATE AFW FLOW TO UNISOLA 5.5E-002 CVC-P1A-RUNNING CVC P1A IS RUNNING 5.0E-001 CVC-P1B-RUNNING CVC P1B IS RUNNING 5.0E-001 HPI-XHE-XM-FAB2 OPERATORS FAIL TO INITIATE FEED AND BLEED AFT 5.0E-002 HPI-XHE-XM-FAB3 OPERATORS FAIL TO INITIATE FEED & BLEED FOLLO 1.9E-001 HPR-XHE-XM-RECIRC3 OPERATOR FAILS TO INITIATE HIGH PRESS RECIRC 1.5E-001 MSS-MSIV-CF-1LINE CCF TO ISOLATE ONE SG DUE TO MSIV FAILURE GIV 8.9E-003 MSS-MSIV-CF-2LINES CCF TO ISOLATE 2 SGS DUE TO MSIV FAILURE GIVE 2.6E-003 MSS-MSIV-CF-3LINES CCF TO ISOLATE 3 OR MORE SGS DUE TO MSIV FAIL 1.1E-003 MSS-MSIV-OO MAIN STEAM ISOLATION VALVE FAILS TO CLOSE 5.0E-003 MSS-MSIVBY-00 MSIV BYPASS VALVE FAILS TO CLOSE 1.7E-003 MSS-MSIVBY-CF-1LINE CCF TO ISOLATE 1 SG DUE TO MSIV BYPASS VALVE 1.3E-002 MSS-MSIVBY-CF-2LINES CCF TO ISOLATE 2 SGS DUE TO MSIV BYPASS VALVE 3.1E-003 MSS-MSIVBY-CF-3LINES CCF TO ISOLATE 3 OR MORE SGS DUE TO MSIV BYPA 7.5E-004 MSS-THREESGS-ESFAS FAILURE TO ISOLATE 3 OR MORE SGS DUE TO CCF O 1.0E-005 MSS-XE-XR-SDV OPERATORS FAIL TO CLOSE STEAM DUMP VALVES 1.0E+000 MSS-XHE-XE-MSIV OPERATOR FAILS TO MANUALLY CLOSE MSIVS GIVEN 1.0E-002 NSW-FAN-CF-STARTA CCF OF NSCW TRAIN A COOLING TOWER FANS TO STA 1.5E-004 NSW-FAN-CF-STARTB CCF OF NSCW TRAIN B COOLING TOWER FANS TO STA 1.5E-004 NSW-FAN-TM-TRNA NSCW TRAIN A TOWER FANS TEST & MAINT(PSA VALU 2.0E-003 NSW-FAN-TM-TRNB NSCW TRAIN B TOWER FANS TEST & MAINT(PSA VALU 2.0E-003 NSW-MDP-CF-RUN4 CCF OF NSCW PUMPS P4-001 002 003 & 004 TO RUN 9.4E-008 PPR-MOV-FC-8000A PV-0455A BLOCK VALVE CLOSED DURING POWER 5.3E-002 PPR-MOV-FC-8000B PV-0456A BLOCK VALVE CLOSED DURING POWER 5.3E-002 PPR-SRV-CC-455A PV-0455A FAILS TO OPEN ON DEMAND 7.0E-004 PPR-SRV-CC-456A PV-0456A FAILS TO OPEN ON DEMAND 7.0E-004 RCS-MDP-LK-SEALS1 RCP SEALS FAIL W/O COOLING AND INJECTION 1.9E-001 RCS-PHN-MODPOOR MODERATOR TEMP COEFFICIENT NOT ENOUGH NEGATIV 1.4E-002 RCS-PHN-PL POWER AT HIGH LEVEL 8.6E-001
LER 425/04-004 Event Name Description Curr Prob 78 RPS-BME-CF-RTBAB CCF OF RTB-A AND RTB-B (MECHANICAL) 1.6E-006 RPS-CCP-TM-CHA CH-A IN T&M 5.0E-003 RPS-CCX-CF-6OF8 CCF 6 ANALOG PROCESS LOGIC MODULES IN 3 OF 4 1.8E-006 RPS-ROD-CF-RCCAS CCF 10 OR MORE RCCAS FAIL TO DROP 1.2E-006 RPS-TXX-CF-6OF8 CCF 6 BISTABLES IN 3 OF 4 CHANNELS 2.7E-006 RPS-XHE-XE-NSGNL OPERATOR FAILS TO RESPOND WITH NO RPS SIGNAL 5.0E-001