ML071630517
| ML071630517 | |
| Person / Time | |
|---|---|
| Site: | Harris  |
| Issue date: | 05/08/2007 |
| From: | - No Known Affiliation |
| To: | Office of Nuclear Reactor Regulation |
| References | |
| Download: ML071630517 (77) | |
Text
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection A comprehensive list of systems and equipment and their interrelationships to be analyzed for a fire event shall be developed. The equipment list shall contain an inventory of those critical components required to achieve the nuclear safety performance criteria of Section 1.5. Components required to achieve and maintain the nuclear safety functions and components whose fire-induced failure could prevent the operation or result in the maloperation of those components needed to meet the nuclear safety criteria shall be included. Availability and reliability of equipment selected shall be evaluated.
NEI 00-01 Ref NEI 00-01 Guidance 3 Deterministic Methodology This section discusses a generic deterministic methodology and criteria that licensees can use to perform a post-fire safe shutdown analysis to address regulatory requirements. The plant-specific analysis approved by NRC is reflected in the plants licensing basis. The methodology described in this section is also an acceptable method of performing a post-fire safe shutdown analysis. This methodology is indicated in Figure 3-1. Other methods acceptable to NRC may also be used. Regardless of the method selected by an individual licensee, the criteria and assumptions provided in this guidance document may apply. The methodology described in Section 3 is based on a computer database oriented approach, which is utilized by several licensees to model Appendix R data relationships. This guidance document, however, does not require the use of a computer database oriented approach.
The requirements of Appendix R Sections III.G.1, III.G.2 and III.G.3 apply to equipment and cables required for achieving and maintaining safe shutdown in any fire area. Although equipment and cables for fire detection and suppression systems, communications systems and 8-hour emergency lighting systems are important features, this guidance document does not address them.
Additional information is provided in Appendix B to this document.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Shearon Harris' safe shutdown methodology HNP SER initial and was reviewed against the guidelines of Supplement 4, , Rev. ,
NUREG-0800, so references to the requirements of specific sections of Appendix R do not apply. The corresponding sections of NUREG-0800 are C.5.b and C.5.c.
HNP Page 1 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1 [A, Intro] Safe Shutdown This section discusses the identification of systems available and necessary to perform the required safe shutdown functions. It also provides information on the Systems and Path process for combining these systems into safe shutdown paths. Appendix R Section III.G.1.a requires that the capability to achieve and maintain hot shutdown be Development free of fire damage. It is expected that the term "free of fire damage" will be further clarified in a forthcoming Regulatory Issue Summary. Appendix R Section III.G.1.b requires that repairs to systems and equipment necessary to achieve and maintain cold shutdown be completed within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. It is the intent of the NRC that requirements related to the use of manual operator actions will be addressed in a forthcoming rulemaking.
[Refer to hard copy of NEI 00-01 for Figure 3-1]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The corresponding guidelines for Harris are HNP-E/ELEC-0001, Safe Sections B.3 and B.5.1 found in NUREG-0800, BTP CMEB 9.5-1 Shutdown in Case of Fire Sections C.5.b(1) and (2). and Fire Hazards Analysis, Rev. 0, 6/2/2006
, , Rev. , C.5.b(1) and (2)
HNP Page 2 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1 [B, Goals] Safe Shutdown The goal of post-fire safe shutdown is to assure that a one train of shutdown systems, structures, and components remains free of fire damage for a single fire in Systems and Path any single plant fire area. This goal is accomplished by determining those functions important to achieve and maintain hot shutdown. Safe shutdown systems are Development selected so that the capability to perform these required functions is a part of each safe shutdown path. The functions important to post-fire safe shutdown generally include, but are not limited to the following:
Reactivity control Pressure control systems Inventory control systems Decay heat removal systems Process monitoring Support systems
- Electrical systems
- Cooling systems These functions are of importance because they have a direct bearing on the safe shutdown goal of being able to achieve and maintain hot shutdown which ensures the integrity of the fuel, the reactor pressure vessel, and the primary containment. If these functions are preserved, then the plant will be safe because the fuel, the reactor and the primary containment will not be damaged. By assuring that this equipment is not damaged and remains functional, the protection of the health and safety of the public is assured.
Applicability Comments Applicable This is generic guidance and information that applies to all existing safe shutdown analyses.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns HNP-E-ELEC-0001 defines the safe shutdown HNP SER initial and goals and functions for Shearon Harris. Supplement 4, , Rev. ,
HNP-E/ELEC-0001, Safe Sections A.1 and B.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 3 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1 [C, Spurious Operations] In addition to the above listed functions, Generic Letter 81-12 specifies consideration of associated circuits with the potential for spurious equipment operation Safe Shutdown Systems and and/or loss of power source, and the common enclosure failures. Spurious operations/actuations can affect the accomplishment of the post-fire safe shutdown Path Development functions listed above. Typical examples of the effects of the spurious operations of concern are the following:
- A loss of reactor pressure vessel/reactor coolant inventory in excess of the safe shutdown makeup capability
- A flow loss or blockage in the inventory makeup or decay heat removal systems being used for the required safe shutdown path.
Spurious operations are of concern because they have the potential to directly affect the ability to achieve and maintain hot shutdown, which could affect the fuel and cause damage to the reactor pressure vessel or the primary containment. Common power source and common enclosure concerns could also affect these and must be addressed.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris Safe Shutdown Analysis has HNP-E/ELEC-0001, Safe Sections B.7.1, B.7.2 considered the three types of associated Shutdown in Case of Fire circuits discussed in NRC Generic Letter and Fire Hazards Analysis, 81-12. Rev. 0, 6/2/2006 HNP Page 4 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1 Safe Shutdown Systems This section discusses the identification of systems available and necessary to perform the required safe shutdown functions. It also provides information on the and Path Development process for combining these systems into safe shutdown paths. Appendix R Section III.G.1.a requires that the capability to achieve and maintain hot shutdown be free of fire damage. It is expected that the term free of fire damage will be further clarified in a forthcoming Regulatory Issue Summary. Appendix R Section III.G.1.b requires that repairs to systems and equipment necessary to achieve and maintain cold shutdown be completed within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. It is the intent of the NRC that requirements related to the use of manual operator actions will be addressed in a forthcoming rulemaking.
The goal of post-fire safe shutdown is to assure that a one train of shutdown systems, structures, and components remains free of fire damage for a single fire in any single plant fire area. This goal is accomplished by determining those functions important to achieve and maintain hot shutdown. Safe shutdown systems are selected so that the capability to perform these required functions is a part of each safe shutdown path. The functions important to post-fire safe shutdown generally include, but are not limited to the following:
- Reactivity control
- Pressure control systems
- Inventory control systems
- Decay heat removal systems
- Process monitoring
- Support systems
- Electrical systems
- Cooling systems These functions are of importance because they have a direct bearing on the safe shutdown goal of being able to achieve and maintain hot shutdown which ensures the integrity of the fuel, the reactor pressure vessel, and the primary containment. If these functions are preserved, then the plant will be safe because the fuel, the reactor and the primary containment will not be damaged. By assuring that this equipment is not damaged and remains functional, the protection of the health and safety of the public is assured.
In addition to the above listed functions, Generic Letter 81-12 specifies consideration of associated circuits with the potential for spurious equipment operation and/or loss of power source, and the common enclosure failures. Spurious operations/actuations can affect the accomplishment of the post-fire safe shutdown functions listed above. Typical examples of the effects of the spurious operations of concern are the following:
- A loss of reactor pressure vessel/reactor coolant inventory in excess of the safe shutdown makeup capability
- A flow loss or blockage in the inventory makeup or decay heat removal systems being used for the required safe shutdown path.
Spurious operations are of concern because they have the potential to directly affect the ability to achieve and maintain hot shutdown, which could affect the fuel and cause damage to the reactor pressure vessel or the primary containment. Common power source and common enclosure concerns could also affect these and must be addressed.
Applicability Comments Applicable This is introductory guidance information, and contains no specific requirements.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The corresponding guidelines for Harris are NUREG-0800, Section Sections C.5.b(1), (2) found in NUREG-0800, BTP CMEB 9.5-1 9.5.1, BTP CMEB 9.5-1, Sections C.5.b(1) and (2). Guidelines for Fire Protection for Nuclear Power Plants, Rev. 003, 7/1/1981 HNP-E/ELEC-0001, Safe Section B Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 5 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.1 Criteria / Assumptions The following criteria and assumptions may be considered when identifying systems available and necessary to perform the required safe shutdown functions and combining these systems into safe shutdown paths.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This is generic introductory information and , , Rev. ,
contains no specific guidance.
NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.1 [GE BWR Paths] [BWR] GE Report GE-NE-T43-00002-00-01-R01 entitled Original Safe Shutdown Paths For The BWR addresses the systems and equipment originally designed into the GE boiling water reactors (BWRs) in the 1960s and 1970s, that can be used to achieve and maintain safe shutdown per Section III.G.1 of 10CFR 50, Appendix R. Any of the shutdown paths (methods) described in this report are considered to be acceptable methods for achieving redundant safe shutdown.
Applicability Comments Not Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details N/A Shearon Harris is a PWR, and this guidance is , , Rev. ,
specific to BWRs.
NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.2 [SRVs / LP Systems] [BWR] GE Report GE-NE-T43-00002-00-03-R01 provides a discussion on the BWR Owners' Group (BWROG) position regarding the use of Safety Relief Valves (SRVs) and low pressure systems (LPCI/CS) for safe shutdown. The BWROG position is that the use of SRVs and low pressure systems is an acceptable methodology for achieving redundant safe shutdown in accordance with the requirements of 10CFR50 Appendix R Sections III.G.1 and III.G.2. The NRC has accepted the BWROG position and issued an SER dated Dec. 12, 2000.
Applicability Comments Not Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details N/A Shearon Harris is a PWR, and this guidance is , , Rev. ,
specific to BWRs.
HNP Page 6 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.3 [Pressurizer Heaters] [PWR] Generic Letter 86-10, Enclosure 2, Section 5.3.5 specifies that hot shutdown can be maintained without the use of pressurizer heaters (i.e., pressure control is provided by controlling the makeup/charging pumps). Hot shutdown conditions can be maintained via natural circulation of the RCS through the steam generators. The cooldown rate must be controlled to prevent the formation of a bubble in the reactor head. Therefore, feedwater (either auxiliary or emergency) flow rates as well as steam release must be controlled.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The plant's safe shutdown procedures AOP-004, Remote (AOP-004 and AOP-036 (series) ensure that Shutdown, Rev. 39, cooldown rate is controlled, and that the cooldown process adheres to the required pressure and temperature limits.
AOP-036, Safe Shutdown Following a Fire , Rev. 39, NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.4 [Alternative Shutdown The classification of shutdown capability as alternative shutdown is made independent of the selection of systems used for shutdown. Alternative shutdown Capability] capability is determined based on an inability to assure the availability of a redundant safe shutdown path. Compliance to the separation requirements of Sections III.G.1 and III.G.2 may be supplemented by the use of manual actions to the extent allowed by the regulations and the licensing basis of the plant, repairs (cold shutdown only), exemptions, deviations, GL 86-10 fire hazards analyses or fire protection design change evaluations, as appropriate. These may also be used in conjunction with alternative shutdown capability.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Guidelines for alternative shutdown as HNP-E/ELEC-0001, Safe Shearon Harris are found in NUREG-0800, Shutdown in Case of Fire BTP CMEB Section 9.5-1, Sections C.5.b(3) and Fire Hazards Analysis, and C.5.c. Rev. 0, 6/2/2006 HNP Page 7 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.5 [Initial Conditions] At the onset of the postulated fire, all safe shutdown systems (including applicable redundant trains) are assumed operable and available for post-fire safe shutdown. Systems are assumed to be operational with no repairs, maintenance, testing, Limiting Conditions for Operation, etc. in progress. The units are assumed to be operating at full power under normal conditions and normal lineups.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns These are basic assumptions for all safe HNP-E/ELEC-0001, Safe Sections A.3.2;A.3.5 shutdown analyses and also apply to the Shutdown in Case of Fire Harris SSA. and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.6 [Other Events in No Final Safety Analysis Report accidents or other design basis events (e.g. loss of coolant accident, earthquake), single failures or non-fire induced transients Conjunction with Fire] need be considered in conjunction with the fire.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns NUREG 0800 Section C.1.b states that "Worst HNP-E/ELEC-0001, Safe Section A.3.6 case" fires need not be postulated to be Shutdown in Case of Fire simultaneous with nonfire-related failures in and Fire Hazards Analysis, safety systems, plant accidents, or the most Rev. 0, 6/2/2006 severe natural phenomena.worst HNP Page 8 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.7 [ Offsite Power] For the case of redundant shutdown, offsite power may be credited if demonstrated to be free of fire damage. Offsite power should be assumed to remain available for those cases where its availability may adversely impact safety (i.e., reliance cannot be placed on fire causing a loss of offsite power if the consequences of offsite power availability are more severe than its presumed loss). No credit should be taken for a fire causing a loss of offsite power. For areas where train separation cannot be achieved and alternative shutdown capability is necessary, shutdown must be demonstrated both where offsite power is available and where offsite power is not available for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The SSA credits offsite power where analysis FPIP-0105, Safe Shutdown Sections 9.1.5, 9.1.4 has demonstrated that it will be available. A Circuit Analysis, Rev. 000, loss of offsite power was not assumed in areas where offsite power was not credited.
HNP-E/ELEC-0001, Safe Section A.3.4 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.8 [Safety-Related Post-fire safe shutdown systems and components are not required to be safety-related.
Equipment]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns NUREG-0800, C.5.c(6). The referenced SSA FPIP-0104, Safe Shutdown Sections A.1.1 and B.3 section clearly states that post-fire safe Equipment List and Fault shutdown trains may include non-safety Tree Logics, Rev. 000, related equipment.
HNP-E/ELEC-0001, Safe Section 9.1.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 9 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.9 [72 Hour Coping] The post-fire safe shutdown analysis assumes a 72-hour coping period starting with a reactor scram/trip. Fire-induced impacts that provide no adverse consequences to hot shutdown within this 72-hour period need not be included in the post-fire safe shutdown analysis. At least one train can be repaired or made operable within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> using onsite capability to achieve cold shutdown.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This is a base safe shutdown analysis HNP-E/ELEC-0001, Safe Section A.1.1 assumption. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.10 [Manual / Automatic Manual initiation from the main control room or emergency control stations of systems required to achieve and maintain safe shutdown is acceptable where Initiation of Systems] permitted by current regulations or approved by NRC; automatic initiation of systems selected for safe shutdown is not required but may be included as an option.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does not currently credit the HNP-E/ELEC-0001, Safe manual initiation of engineered safeguards Shutdown in Case of Fire (ESFAS) systems. and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev.
016, HNP Page 10 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.1.11 [Multiple Affected Where a single fire can impact more than one unit of a multi-unit plant, the ability to achieve and maintain safe shutdown for each affected unit must be Units] demonstrated.
Applicability Comments Not Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details N/A Shearon Harris is a single unit site. , , Rev. ,
NEI 00-01 Ref NEI 00-01 Guidance 3.1.2 Shutdown Functions The following discussion on each of these shutdown functions provides guidance for selecting the systems and equipment required for safe shutdown. For additional information on BWR system selection, refer to GE Report GE-NE-T43-00002-00-01-R01 entitled Original Safe Shutdown Paths for the BWR.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This is an introductory section with no specific , , Rev. ,
requirements. The GE information does not apply to Shearon Harris.
HNP Page 11 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.1 Reactivity Control [BWR] Control Rod Drive System The safe shutdown performance and design requirements for the reactivity control function can be met without automatic scram/trip capability. Manual scram/reactor trip is credited. The post-fire safe shutdown analysis must only provide the capability to manually scram/trip the reactor.
[PWR] Makeup/Charging There must be a method for ensuring that adequate shutdown margin is maintained by ensuring borated water is utilized for RCS makeup/charging.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The two credited sources of makeup water for HNP-E/ELEC-0001, Safe Sections B.2.1, B.4 post-fire safe shutdown are the boric acid tank Shutdown in Case of Fire and the RWST. The boric acids and Fire Hazards Analysis, concentrations in each tank ensure that Rev. 0, 6/2/2006 adequate shutdown margin will be maintained throughout the cooldown process.
NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.2 Pressure Control The systems discussed in this section are examples of systems that can be used for pressure control. This does not restrict the use of other systems for this Systems purpose.
[BWR] Safety Relief Valves (SRVs)
The SRVs are opened to maintain hot shutdown conditions or to depressurize the vessel to allow injection using low pressure systems. These are operated manually. Automatic initiation of the Automatic Depressurization System is not a required function.
[PWR] Makeup/Charging RCS pressure is controlled by controlling the rate of charging/makeup to the RCS. Although utilization of the pressurizer heaters and/or auxiliary spray reduces operator burden, neither component is required to provide adequate pressure control. Pressure reductions are made by allowing the RCS to cool/shrink, thus reducing pressurizer level/pressure. Pressure increases are made by initiating charging/makeup to maintain pressurizer level/pressure. Manual control of the related pumps is acceptable.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Harris does credit operation of the pressurizer HNP-E/ELEC-0001, Safe Sections B.2.3, B.4 heaters and pressurizer PORVs to maintain or Shutdown in Case of Fire reduce RCS pressure as necessary during the and Fire Hazards Analysis, cooldown process. Rev. 0, 6/2/2006 HNP Page 12 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.3 Inventory Control [BWR] Systems selected for the inventory control function should be capable of supplying sufficient reactor coolant to achieve and maintain hot shutdown. Manual initiation of these systems is acceptable. Automatic initiation functions are not required.
[PWR]: Systems selected for the inventory control function should be capable of maintaining level to achieve and maintain hot shutdown. Typically, the same components providing inventory control are capable of providing pressure control. Manual initiation of these systems is acceptable. Automatic initiation functions are not required.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The same systems used for post reactor trip HNP-E/ELEC-0001, Safe Sections B.2.2, B.4 inventory control will also be used for inventory Shutdown in Case of Fire control. Specifically, the CVCS system using and Fire Hazards Analysis, the boric acid tank(s) and the RWST as Rev. 0, 6/2/2006 sources of makeup water are used to maintain pressurizer level.
NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.4 Decay Heat Removal [BWR] Systems selected for the decay heat removal function(s) should be capable of:
- Removing sufficient decay heat from primary containment, to prevent containment over-pressurization and failure.
- Satisfying the net positive suction head requirements of any safe shutdown systems taking suction from the containment (suppression pool).
- Removing sufficient decay heat from the reactor to achieve cold shutdown.
[PWR] Systems selected for the decay heat removal function(s) should be capable of:
- Removing sufficient decay heat from the reactor to reach hot shutdown conditions. Typically, this entails utilizing natural circulation in lieu of forced circulation via the reactor coolant pumps and controlling steam release via the Atmospheric Dump valves.
- Removing sufficient decay heat from the reactor to reach cold shutdown conditions.
This does not restrict the use of other systems.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Harris uses the Auxiliary Feedwater System HNP-E/ELEC-0001, Safe Sections B.2.4, B.4 and Steam Generator PORVs to remove Shutdown in Case of Fire decay heat while in hot standby. Once and Fire Hazards Analysis, temperature is reduced to about 350F, the Rev. 0, 6/2/2006 RHR system is placed in service to complete the cooldown ot cold shutdown conditions.
HNP Page 13 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.5 Process Monitoring The process monitoring function is provided for all safe shutdown paths. IN 84-09, Attachment 1,Section IX Lessons Learned from NRC Inspections of Fire Protection Safe Shutdown Systems (10CFR50 Appendix R) provides guidance on the instrumentation acceptable to and preferred by the NRC for meeting the process monitoring function. This instrumentation is that which monitors the process variables necessary to perform and control the functions specified in Appendix R Section III.L.1. Such instrumentation must be demonstrated to remain unaffected by the fire. The IN 84-09 list of process monitoring is applied to alternative shutdown (III.G.3). IN 84-09 did not identify specific instruments for process monitoring to be applied to redundant shutdown (III.G.1 and III.G.2). In general, process monitoring instruments similar to those listed below are needed to successfully use existing operating procedures (including Abnormal Operating Procedures).
- Reactor coolant level and pressure
- Suppression pool level and temperature
- Emergency or isolation condenser level
- Diagnostic instrumentation for safe shutdown systems
- Level indication for tanks needed for safe shutdown PWR
- Reactor coolant temperature (hot leg / cold leg)
- Pressurizer pressure and level
- Neutron flux monitoring (source range)
- Level indication for tanks needed for safe shutdown
- Steam generator level and pressure
- Diagnostic instrumentation for safe shutdown systems The specific instruments required may be based on operator preference, safe shutdown procedural guidance strategy (symptomatic vs. prescriptive), and systems and paths selected for safe shutdown.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The process monitoring function is capable of HNP-E/ELEC-0001, Safe Sections B.2.5, B.5.1.2 providing direct readings of those plant Shutdown in Case of Fire process variables necessary for plant and Fire Hazards Analysis, operators to perform and/or control the Rev. 0, 6/2/2006 identified safe shutdown functions.
HNP Page 14 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.6 Support Systems [Blank Heading - No specific guidance]
Applicability Comments Not Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details N/A Support system requirements will be , , Rev. ,
addressed under the corresponding NEI 00-01 sub-section.
HNP Page 15 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.6.1 Electrical Systems AC Distribution System Power for the Appendix R safe shutdown equipment is typically provided by a medium voltage system such as 4.16 KV Class 1E busses either directly from the busses or through step down transformers/load centers/distribution panels for 600, 480 or 120 VAC loads. For redundant safe shutdown performed in accordance with the requirements of Appendix R Section III.G.1 and 2, power may be supplied from either offsite power sources or the emergency diesel generator depending on which has been demonstrated to be free of fire damage. No credit should be taken for a fire causing a loss of offsite power. Refer to Section 3.1.1.7.
DC Distribution System Typically, the 125VDC distribution system supplies DC control power to various 125VDC control panels including switchgear breaker controls. The 125VDC distribution panels may also supply power to the 120VAC distribution panels via static inverters. These distribution panels typically supply power for instrumentation necessary to complete the process monitoring functions.
For fire events that result in an interruption of power to the AC electrical bus, the station batteries are necessary to supply any required control power during the interim time period required for the diesel generators to become operational. Once the diesels are operational, the 125 VDC distribution system can be powered from the diesels through the battery chargers.
[BWR] Certain plants are also designed with a 250VDC Distribution System that supplies power to Reactor Core Isolation Cooling and/or High Pressure Coolant Injection equipment.
The DC control centers may also supply power to various small horsepower Appendix R safe shutdown system valves and pumps. If the DC system is relied upon to support safe shutdown without battery chargers being available, it must be verified that sufficient battery capacity exists to support the necessary loads for sufficient time (either until power is restored, or the loads are no longer required to operate).
Applicability Comments Applicable For the DC Buses, the batteries are shown in the fault tree going into an "OR" gate with the corresponding battery charger. Thus, if only the battery is free of fire damage, success will not be achieved.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The power supply for each powered HNP FSSPMD R16 00, Fire component was idenitified and included in the Safe Shutdown Program SSEL. The limited capacity of the battery to Manager Database, Rev.
supply loads for more than a few hours was 016, considered in the analysis, and is discussed in the CAFTA text file.
HNP-E/ELEC-0001, Safe Sections B.2.6, B.4, B.5.1.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 16 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.6.2 Cooling Systems HVAC Systems
[HVAC]
HVAC Systems may be required to assure that safe shutdown equipment remains within its operating temperature range, as specified in manufacturers literature or demonstrated by suitable test methods, and to assure protection for plant operations staff from the effects of fire (smoke, heat, toxic gases, and gaseous fire suppression agents).
HVAC systems may be required to support safe shutdown system operation, based on plant-specific configurations. Typical uses include:
- Main control room, cable spreading room, relay room
- ECCS pump compartments
- Diesel generator rooms
- Switchgear rooms Plant-specific evaluations are necessary to determine which HVAC systems are essential to safe shutdown equipment operation.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns HVAC systems required for post-fire safe HNP-E/ELEC-0001, Safe Sections B.2.6, B.4 shutdown are included in the analysis. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.1.2.6.2 Cooling Systems Various cooling water systems may be required to support safe shutdown system operation, based on plant-specific considerations. Typical uses include:
[Main Section] - RHR/SDC/DH Heat Exchanger cooling water
- Safe shutdown pump cooling (seal coolers, oil coolers)
- Diesel generator cooling
- HVAC system cooling water Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Cooling water systems required for post-fire HNP-E/ELEC-0001, Safe Sections B.2.6, B.4 safe shutdown are included in the analysis. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 17 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.3 Methodology for Refer to Figure 3-2 for a flowchart illustrating the various steps involved in selecting safe shutdown systems and developing the shutdown paths.
Shutdown System Selection The following methodology may be used to define the safe shutdown systems and paths for an Appendix R analysis:
[Refer to hard copy of NEI 00-01 for Figure 3-2]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Sytems are assigned ot one of two (or both) HNP-E/ELEC-0001, Safe Sections B.5.1, B.6.1 safe shutdown divisions in lieu of paths. Shutdown in Case of Fire Possible combinations of systems are and Fire Hazards Analysis, modeled in the CAFTA fault tree. Rev. 0, 6/2/2006 FPIP-0104, Safe Shutdown Section 9.2 Equipment List and Fault Tree Logics, Rev. 000, HNP FSSPMD R16 00, Fire N/A Safe Shutdown Program Manager Database, Rev.
016, NEI 00-01 Ref NEI 00-01 Guidance 3.1.3.1 Identify safe shutdown Review available documentation to obtain an understanding of the available plant systems and the functions required to achieve and maintain safe shutdown.
functions Documents such as the following may be reviewed:
- Operating Procedures (Normal, Emergency, Abnormal)
- System descriptions
- Fire Hazard Analysis
- Single-line electrical diagrams
-Piping and Instrumentation Diagrams (P&IDs)
[BWR] GE Report GE-NE-T43-00002-00-01-R02 entitled Original Shutdown Paths for the BWR Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The general guidance provided in this section FPIP-0104, Safe Shutdown Sections 4.1 and 9.1 was followed in the development of the Harris Equipment List and Fault SSA. Tree Logics, Rev. 000, HNP Page 18 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.3.2 Identify Combinations Given the criteria/assumptions defined in Section 3.1.1, identify the available combinations of systems capable of achieving the safe shutdown functions of of Systems that Satisfy Each reactivity control, pressure control, inventory control, decay heat removal, process monitoring, and support systems such as electrical and cooling systems (refer to Safe Shutdown Function Section 3.1.2). This selection process does not restrict the use of other systems. In addition to achieving the required safe shutdown functions, consider spurious operations and power supply issues that could impact the required safe shutdown function.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The available equipment combinations are HNP FSSPMD R16 00, Fire depicted in the CAFTA fault tree, and are Safe Shutdown Program further explained in the associated text file and Manager Database, Rev.
in the SSA. 016, HNP-E/ELEC-0001, Safe Sections B.3 and B.5.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0104, Safe Shutdown Section 9.2 Equipment List and Fault Tree Logics, Rev. 000, Open Item ID Open Item Description Disposition Open/Closed HNP-001 How should we reference the CAFTA Fault Tree and the The safe shutdown system descriptons are contained in Closed assoiciated text file as a basis document? It is this text the SSA (HNP-E/ELEC-0001, Safe Shutdown Analysis file that contains the safe shutdown equipment in Case of Fire and Fire Hazards Analysis), and there is descriptions related to the modeling of the fault tree no specific reason to reference the text file separately.
(E-5525 also contains system descriptions).
HNP Page 19 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.1.3.3 Define Combinations Select combinations of systems with the capability of performing all of the required safe shutdown functions and designate this set of systems as a safe shutdown of Systems for Each Safe path. In many cases, safe shutdown paths may be defined on a divisional basis since the availability of electrical power and other support systems must be Shutdown Path demonstrated for each path.
Applicability Comments Applicable Specific safe shutdown paths need not be identified. This is an analytical tool that is more applicable to BWRs than to PWRs.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The selected systems are not grouped HNP FSSPMD R16 00, Fire together in specific safe shutdown "paths," but Safe Shutdown Program are depicted in an integrated fashion in the Manager Database, Rev.
CAFTA fault tree and accompanying text file. 016, HNP-E/ELEC-0001, Safe Sections B.5.1 and B.6.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0104, Safe Shutdown Section 9.2 Equipment List and Fault Tree Logics, Rev. 000, NEI 00-01 Ref NEI 00-01 Guidance 3.1.3.4 Assign Shutdown Assign a path designation to each combination of systems. The path will serve to document the combination of systems relied upon for safe shutdown in each fire Paths to Each Combination of area. Refer to Attachment 1 to this document (NEI 00-01) for an example of a table illustrating how to document the various combinations of systems for selected Systems shutdown paths.
Applicability Comments Not Applicable Safe shutdown paths are not defined at Shearon Harris. Equipment is defined as being required for Division I or Division II, and some components are required for both divisions. The component and system inter-relationships are also defined in the CAFTA fault tree.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The safe shutdown paths are not identified HNP FSSPMD R16 00, Fire individuallly, but are shown in an integrated Safe Shutdown Program fashion in the CAFTA fault tree. The use of Manager Database, Rev.
such fault trees is discussed in NFPA-805, 016, Appendix B, Section B.2.2.
HNP-E/ELEC-0001, Safe Sections B.3 and B.5.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0104, Safe Shutdown Section 9.1 Equipment List and Fault Tree Logics, Rev. 000, HNP Page 20 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2 Safe Shutdown Equipment The previous section described the methodology for selecting the systems and paths necessary to achieve and maintain safe shutdown for an exposure fire event Selection (see Section 5.0 DEFINITIONS for Exposure Fire). This section describes the criteria/assumptions and selection methodology for identifying the specific safe shutdown equipment necessary for the systems to perform their Appendix R function. The selected equipment should be related back to the safe shutdown systems that they support and be assigned to the same safe shutdown path as that system. The list of safe shutdown equipment will then form the basis for identifying the cables necessary for the operation or that can cause the maloperation of the safe shutdown systems.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Components are assigned to one (or both) of FPIP-0104, Safe Shutdown Section 9.1.2 two safe shutdown divisions rather than Equipment List and Fault specific safe shutdown paths, which is more Tree Logics, Rev. 000, applicable to BWRs. The possible combinations of systems to meet the safe shutdown functions are shown in the fault tree.
HNP-E/ELEC-0001, Safe Section B.5.1.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.2.1 Criteria / Assumptions Consider the following criteria and assumptions when identifying equipment necessary to perform the required safe shutdown functions:
Applicability Comments Applicable This is introductory guidance information, and contains no specific requirements.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This section provides a genral overview of the HNP-E/ELEC-0001, Safe Section B.5 safe shutdown methodology suggested in NEI Shutdown in Case of Fire 00-01 and followed by Shearon Harris. and Fire Hazards Analysis, Specific requirements or guidance discussed Rev. 0, 6/2/2006 in NEI 00-01 is discussed in the sub-sections below.
HNP Page 21 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.1 [Primary Secondary 3.2.1.1 Safe shutdown equipment can be divided into two categories. Equipment may be categorized as (1) primary components or (2) secondary components.
Components] Typically, the following types of equipment are considered to be primary components:
- Pumps, motor operated valves, solenoid valves, fans, gas bottles, dampers, unit coolers, etc.
- All necessary process indicators and recorders (i.e., flow indicator, temperature indicator, turbine speed indicator, pressure indicator, level recorder)
- Power supplies or other electrical components that support operation of primary components (i.e., diesel generators, switchgear, motor control centers, load centers, power supplies, distribution panels, etc.).
Secondary components are typically items found within the circuitry for a primary component. These provide a supporting role to the overall circuit function. Some secondary components may provide an isolation function or a signal to a primary component via either an interlock or input signal processor. Examples of secondary components include flow switches, pressure switches, temperature switches, level switches, temperature elements, speed elements, transmitters, converters, controllers, transducers, signal conditioners, hand switches, relays, fuses and various instrumentation devices.
Determine which equipment should be included on the Safe Shutdown Equipment List (SSEL). As an option, include secondary components with a primary component(s) that would be affected by fire damage to the secondary component. By doing this, the SSEL can be kept to a manageable size and the equipment included on the SSEL can be readily related to required post-fire safe shutdown systems and functions.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This section provides a general overview of the HNP-E/ELEC-0001, Safe Section B.5 safe shutdown methodology suggested in NEI Shutdown in Case of Fire 00-01 and followed by Shearon Harris. and Fire Hazards Analysis, Specific requirements or guidance outlined in Rev. 0, 6/2/2006 NEI 00-01 is discussed below.
HNP Page 22 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.2 [Fire Damage to 3.2.1.2 Assume that exposure fire damage to manual valves and piping does not adversely impact their ability to perform their pressure boundary or safe shutdown Mechanical Components (not function (heat sensitive piping materials, including tubing with brazed or soldered joints, are not included in this assumption). Fire damage should be evaluated with electrically supervised)] respect to the ability to manually open or close the valve should this be necessary as a part of the post-fire safe shutdown scenario.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Due to the substantial nature of equipment and HNP-E/ELEC-0001, Safe Section A.3.12 nature and location of combustibles, fire will Shutdown in Case of Fire not impact the pressure boundary function. A and Fire Hazards Analysis, fire does not cause a valve to change postion Rev. 0, 6/2/2006 unless the fire also affects the electrical equipment or circuits capable of inducing spurious operation of the valve. Manual stroking of a valve once the fire is extinguished will be evaluated as part of the Manual Action Feasibility Evaluation.
FPIP-0106, Validate Fire Section 9.1.13 Area Safe Shutdown Strategies, Rev. 001, NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.3 [Manual Valve Assume that manual valves are in their normal position as shown on P&IDs or in the plant operating procedures.
Positions]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns A base assumption of the SSA is that the plant FPIP-0104, Safe Shutdown Section 9.1.2 is in a "normal" operating lineup. Equipment List and Fault Tree Logics, Rev. 000, HNP-E/ELEC-0001, Safe Sections B.5.1.2 and A.3.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 23 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.4 [Check Valves] Assume that a check valve closes in the direction of potential flow diversion and seats properly with sufficient leak tightness to prevent flow diversion. Therefore, check valves do not adversely affect the flow rate capability of the safe shutdown systems being used for inventory control, decay heat removal, equipment cooling or other related safe shutdown functions.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent There is no clear statement concerning check HNP-E/ELEC-0001, Safe Section B.5.1.2, Item 9 valves, other than that properly oriented check Shutdown in Case of Fire valves credited as system boundaries shoulld and Fire Hazards Analysis, be included in the SSEL, and that those in the Rev. 0, 6/2/2006 flow path need not be included. Check valves credited as boundaries are included in the SSEL, but the assumption that they are leak tight is inherent in the analysis and not clearly stated.
FPIP-0104, Safe Shutdown Sections 9.1.2.5, 9.1.2.9 Equipment List and Fault Tree Logics, Rev. 000, Open Item ID Open Item Description Disposition Open/Closed HNP-004 Section 3.2.1.4 of NEI 00-01 suggests an assumtion Open that check valves credited to prevent flow diversions will seat properly and are essentially leak tight. The SSEL includes check vavles that are credited as system boundaries, so the assmption that they are leak tight is inherent in the analysis but not clearly stated. Consider adding an assumption to revision 1 of HNP-E?ELEC-0001 that check vavles credited as system or flow diversion boundaries are assumed to be leak tight.
HNP Page 24 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.5 [Instrument Failures] Instruments (e.g., resistance temperature detectors, thermocouples, pressure transmitters, and flow transmitters) are assumed to fail upscale, midscale, or downscale as a result of fire damage, whichever is worse. An instrument performing a control function is assumed to provide an undesired signal to the control circuit.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Per the basis document cited, instruments HNP-E/ELEC-0001, Safe Section A.3.13 exposed to fire damage are assumed to fail. Shutdown in Case of Fire The documentation reviewed does not go to and Fire Hazards Analysis, the level of detail suggested by NEI 00-01. It Rev. 0, 6/2/2006 is a generally accepted practice (that can be verified based on a review of the fire area by fire area analyses) that instruments are assumed to fail to their worst case position unless a specific postion to the contrary is taken.
FPIP-0104, Safe Shutdown Section 9.2.7 Equipment List and Fault Tree Logics, Rev. 000, NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.6 [Spurious Identify equipment that could spuriously operate or mal-operate and impact the performance of equipment on a required safe shutdown path during the equipment Components] selection phase. Consider Bin 1 of RIS 2004-03 during the equipment identification process.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Section 9.1.2.7 of FPIP-0104 directs that for HNP-E/ELEC-0001, Safe Section B.5.1.2 boundaries formed by three normally closed Shutdown in Case of Fire vavles or dampers in series, all three should and Fire Hazards Analysis, be included in the SSEL. RIS 2004-03 is not Rev. 0, 6/2/2006 specifically identified as the basis for identifying three series boundary valves/dampers.
FPIP-0104, Safe Shutdown Section 9.1.2 Equipment List and Fault Tree Logics, Rev. 000, HNP Page 25 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.1.7 [Instrument Tubing] Identify instrument tubing that may cause subsequent effects on instrument readings or signals as a result of fire. Determine and consider the fire area location of the instrument tubing when evaluating the effects of fire damage to circuits and equipment in the fire area.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Instrument tubing and its fire area routing is FPIP-0105, Safe Shutdown Section 9.2.8 included in the FSSPMD. Instrument sensing Circuit Analysis, Rev. 000, lines exposed to fire are assumed by the SSA to result in eratic indications.
FPIP-0106, Validate Fire Section 9.1.14 Area Safe Shutdown Strategies, Rev. 001, HNP-E/ELEC-0001, Safe Sections A.3.13 and B.7.1.2 Item Shutdown in Case of Fire 8 and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.2.2 Methodology for Refer to Figure 3-3 for a flowchart illustrating the various steps involved in selecting safe shutdown equipment.
Equipment Selection Use the following methodology to select the safe shutdown equipment for a post-fire safe shutdown analysis:
[Refer to hard copy of NEI 00-01 for Figure 3-3]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This introductory section contains no specific , , Rev. ,
requirement, The sub-paragraphs with specific requirements are addressed separately as required.
HNP Page 26 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.2.1 Identify the System Mark up and annotate a P&ID to highlight the specific flow paths for each system in support of each shutdown path. Refer to Attachment 2 for an example of an Flow Path for Each Shutdown annotated P&ID illustrating this concept.
Path Applicability Comments Applicable Harris maintains marked-up safe shutdown flow diagrams. Prior to the revalidation effort, these diagrams also served as the safe shutdown equipment list, as a SSEL was not specifically generated.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Individual safe shutdown paths are not CPL-2165-1000S Series, identified, but the available paths are displayed Safe Shutdown Flow in the CAFTA fault tree. Diagrams, Rev. Latest, NEI 00-01 Ref NEI 00-01 Guidance 3.2.2.2 Identify the Equipment Review the applicable documentation (e.g. P&IDs, electrical drawings, instrument loop diagrams) to assure that all equipment in each systems flow path has been in Each Safe Shutdown identified. Assure that any equipment that could spuriously operate and adversely affect the desired system function(s) is also identified. If additional systems are System Flow Path Including identified which are necessary for the operation of the safe shutdown system under review, include these as systems required for safe shutdown. Designate these Equipment That May new systems with the same safe shutdown path as the primary safe shutdown system under review (Refer to Figure 3-1).
Spuriously Operate and Affect System Operation Applicability Comments Applicable It is not necessary that systems and components be assigned to a specific safe shutdown path.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The credited portions of the safe shutdown CPL-2165-1000S Series, systems are shown on the SSD flow diagrams. Safe Shutdown Flow The component's safe shutdown division (1 or Diagrams, Rev. Latest,
- 2) is also shown on these diagrams. The safe shutdown divisions are defined in Seciton B.3 of the SSA.
FPIP-0104, Safe Shutdown Section 9.1.2 Equipment List and Fault Tree Logics, Rev. 000, HNP-E/ELEC-0001, Safe Sections B.3 and B.5.1.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Open Item ID Open Item Description Disposition Open/Closed HNP-002 The marked up SSD flow diagrams are in the process of Open being updated to reflect the changes from the re-validation effort.
HNP Page 27 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.2.3 Develop a List of Safe Prepare a table listing the equipment identified for each system and the shutdown path that it supports. Identify any valves or other equipment that could spuriously Shutdown Equipment and operate and impact the operation of that safe shutdown system. Assign the safe shutdown path for the affected system to this equipment. During the cable Assign the Corresponding selection phase, identify additional equipment required to support the safe shutdown function of the path (e.g., electrical distribution system equipment). Include System and Safe Shutdown this additional equipment in the safe shutdown equipment list. Attachment 3 to this document provides an example of a (SSEL). The SSEL identifies the list of Path(s) Designation to Each. equipment within the plant considered for safe shutdown and it documents various equipment-related attributes used in the analysis.
Applicability Comments Applicable The Harris SSEL does not assign equipment to a specific safe shutdown path. The equipment and system inter-relationships required to meet the safe shutdown functions and goals are depicted in the CAFTA fault tree.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The SSEL does not assign each component to HNP-E/ELEC-0001, Safe Sections B.3 and B.5.1.2 a safe shutdown path, but it does assign Shutdown in Case of Fire components to safe shutdown divisions and Fire Hazards Analysis, (SSD-1 or SSD-2) as defined in Section B.3 of Rev. 0, 6/2/2006 the SSA (HNP-E/ELEC-0001).
FPIP-0104, Safe Shutdown Sectin 9.1.2 Equipment List and Fault Tree Logics, Rev. 000, N/A, Progress Energy Fire Section 3.3.1 Safe Shutdown Program Manager Database User's Manual, Rev. 001, HNP Page 28 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.2.4 Identify Equipment Collect additional equipment-related information necessary for performing the post-fire safe shutdown analysis for the equipment. In order to facilitate the analysis, Information Required for the tabulate this data for each piece of equipment on the SSEL. Refer to Attachment 3 to this document for an example of a SSEL. Examples of related equipment Safe Shutdown Analysis data should include the equipment type, equipment description, safe shutdown system, safe shutdown path, drawing reference, fire area, fire zone, and room location of equipment. Other information such as the following may be useful in performing the safe shutdown analysis: normal position, hot shutdown position, cold shutdown position, failed air position, failed electrical position, high/low pressure interface concern, and spurious operation concern.
Applicability Comments Applicable The contents and specific fields of the SSEL table should me modified according to each plant's needs and existing data.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Required equipment is shown on the marked FPIP-0104, Safe Shutdown up SSD flow diagrams and in the SSEL report Equipment List and Fault from FSSPMD. The SSEL is included as Tree Logics, Rev. 000, Attachment 2 to HNP-E-ELEC-0001.
HNP FSSPMD R16 00, Fire SSEL Report Safe Shutdown Program Manager Database, Rev.
016, HNP-E/ELEC-0001, Safe Section B.5.1.3 and Appendix 2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 29 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Ref NEI 00-01 Guidance 3.2.2.5 Identify Dependencies In the process of defining equipment and cables for safe shutdown, identify additional supporting equipment such as electrical power and interlocked equipment.
Between Equipment, As an aid in assessing identified impacts to safe shutdown, consider modeling the dependency between equipment within each safe shutdown path either in a Supporting Equipment, Safe relational database or in the form of a Safe Shutdown Logic Diagram (SSLD). Attachment 4 provides an example of a SSLD that may be developed to document Shutdown Systems and Safe these relationships.
Shutdown Paths.
Applicability Comments Applicable The equipment and system dependencies are modeled in the CAFTA fault tree and FSSPMD.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The CAFTA fault tree captures the system and HNP-E/ELEC-0001, Safe Section B.6.1 and Appendix 4 equipment inter-dependencies. Power supply Shutdown in Case of Fire and associated circuit dependincies are also and Fire Hazards Analysis, captured in the FSSPMD. The text file that Rev. 0, 6/2/2006 corresponds to the CAFTA fault tree is contained in Appendix 4 of HNP-E/ELEC-0001.
HNP FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev.
016, FPIP-0104, Safe Shutdown Section 9.1.2 Equipment List and Fault Tree Logics, Rev. 000, HNP Page 30 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis 2.4.2.2.1 Circuits Required in Nuclear Safety Functions. Circuits required for the nuclear safety functions shall be identified. This includes circuits that are required for operation, that could prevent the operation, or that result in the maloperation of the equipment identified in 2.4.2.1. This evaluation shall consider fire-induced failure modes such as hot shorts (external and internal), open circuits, and shorts to ground, to identify circuits that are required to support the proper operation of components required to achieve the nuclear safety performance criteria, including spurious operation and signals. This will ensure that a comprehensive population of circuitry is evaluated.
2.4.2.2.2 Other Required Circuits. Other circuits that share common power supply and/or common enclosure with circuits required to achieve nuclear safety performance criteria shall be evaluated for their impact on the ability to achieve nuclear safety performance criteria.
(a) Common Power Supply Circuits. Those circuits whose fireinduced failure could cause the loss of a power supply required to achieve the nuclear safety performance criteria shall be identified. This situation could occur if the upstream protection device (i.e., breaker or fuse) is not properly coordinated with the downstream protection device.
(b) Common Enclosure Circuits. Those circuits that share enclosures with circuits required to achieve the nuclear safety performance criteria and whose fire-induced failure could cause the loss of the required components shall be identified. The concern is that the effects of a fire can extend outside of the immediate fire area due to fire-induced electrical faults on inadequately protected cables or via inadequately sealed fire area boundaries.
NEI 00-01 Ref NEI 00-01 Guidance 3.3 Safe Shutdown Cable This section provides industry guidance on the recommended methodology and criteria for selecting safe shutdown cables and determining their potential impact on Selection and Location equipment required for achieving and maintaining safe shutdown of an operating nuclear power plant for the condition of an exposure fire. The Appendix R safe shutdown cable selection criteria are developed to ensure that all cables that could affect the proper operation or that could cause the maloperation of safe shutdown equipment are identified and that these cables are properly related to the safe shutdown equipment whose functionality they could affect. Through this cable-to-equipment relationship, cables become part of the safe shutdown path assigned to the equipment affected by the cable.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This section provides a general overview of the HNP-E/ELEC-0001, Safe Section B.7.1 safe shutdown methodology suggested in NEI Shutdown in Case of Fire 00-01 and followed by Shearon Harris. and Fire Hazards Analysis, Specific requirements or guidance outlined in Rev. 0, 6/2/2006 NEI 00-01 is discussed below.
HNP Page 31 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.1 Criteria / Assumptions To identify an impact to safe shutdown equipment based on cable routing, the equipment must have cables that affect it identified. Carefully consider how cables are related to safe shutdown equipment so that impacts from these cables can be properly assessed in terms of their ultimate impact on safe shutdown system equipment.
Consider the following criteria when selecting cables that impact safe shutdown equipment:
Applicability Comments Applicable The functional requirements of the component should be considered during the cable selection process.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Generic information in this introductory HNP-E/ELEC-0001, Safe Section B.7.1.1.2 section. Specific guidance is in the Shutdown in Case of Fire subsections below. and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 9.2 Circuit Analysis, Rev. 000, NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.1 [Cable Selection] The list of cables whose failure could impact the operation of a piece of safe shutdown equipment includes more than those cables connected to the equipment.
The relationship between cable and affected equipment is based on a review of the electrical or elementary wiring diagrams. To assure that all cables that could affect the operation of the safe shutdown equipment are identified, investigate the power, control, instrumentation, interlock, and equipment status indication cables related to the equipment. Consider reviewing additional schematic diagrams to identify additional cables for interlocked circuits that also need to be considered for their impact on the ability of the equipment to operate as required in support of post-fire safe shutdown. As an option, consider applying the screening criteria from Section 3.5 as a part of this section. For an example of this see Section 3.3.1.4.
Applicability Comments Applicable At Harris, the FSSPMD is also used to "link" associated cables to the safe shutdown equipment they could adversely affect.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns FPIP-0105 discussed the cable selection HNP-E/ELEC-0001, Safe Section B.7.1.1.2 process in significant detail. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 9.2 Circuit Analysis, Rev. 000, HNP Page 32 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.2 [Cables Affecting In cases where the failure (including spurious actuations) of a single cable could impact more than one piece of safe shutdown equipment, include the cable with Multiple Components] each piece of safe shutdown equipment.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Although the specific guidance contained in HNP-E/ELEC-0001, Safe Section B.7.1.1.2 and Appendix 6 this section of NEI 00-01 is not repeated in any Shutdown in Case of Fire Harris document, the procedures do not and Fire Hazards Analysis, preclude listing a given cable against more Rev. 0, 6/2/2006 than one component. The FSSPMD links all cables that could affect the operation of a given component to that component when augmenting the CAFTA Fault Tree.
FPIP-0105, Safe Shutdown Section 9.2 Circuit Analysis, Rev. 000, HNP FSSPMD R16 00, Fire Equipmetn and Cable Infomation Safe Shutdown Program Details Manager Database, Rev.
016, Open Item ID Open Item Description Disposition Open/Closed HNP-005 Section 9.3.3 of FPIP-0105 discusses when it is Open approppriate to code associated circuits as "B" cables and thus not required for the component being analyzed. It provides four examples of when "B" is appropriate, the third of which states "If the SSAC and other contacts in the circuit misoperate, the result can be mitigated by a control switch in the Main Control Room."
This would appear to be a non-conservative approach, since the required control room actions would not be identified by the SSA. In section 9.2, it is pretty clear that all cables that could affect the ability of a component to perform its safe shutdown function should be identified as required cables, so this may be a case where the FPIP contradicts itself.
HNP Page 33 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.3 [Isolation Devices] Electrical devices such as relays, switches and signal resistor units are considered to be acceptable isolation devices. In the case of instrument loops, review the isolation capabilities of the devices in the loop to determine that an acceptable isolation device has been installed at each point where the loop must be isolated so that a fault would not impact the performance of the safe shutdown instrument function.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Isolaton devices are defined in the SSA, HNP-E/ELEC-0001, Safe Appendix 6, Section 2.1 HNP-E/ELEC-0001, Appendix 6, Section 2.1. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 9.2 Circuit Analysis, Rev. 000, NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.4 [Identify "Not Screen out cables for circuits that do not impact the safe shutdown function of a component (i.e., annunciator circuits, space heater circuits and computer input Required" Cables] circuits) unless some reliance on these circuits is necessary. However, they must be isolated from the components control scheme in such a way that a cable fault would not impact the performance of the circuit.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Cables that are not required for safe shutdown FPIP-0105, Safe Shutdown Appendix 6 have an "A" entered in the FMEA section of Circuit Analysis, Rev. 000, the circuit infromation form in FSSPMD. The "A" indicates that the component "achieves" its safe shutdown function even if that cable is damaged by fire. Cables that were anlalyzed as part the circuit analysis but are not electircally connected to the component being analyzed had an "N/A" entered in the FMEA columns.
HNP FSSPMD R16 00, Fire Circuit Information Form Safe Shutdown Program Manager Database, Rev.
016, HNP Page 34 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.5 [Identification of Power For each circuit requiring power to perform its safe shutdown function, identify the cable supplying power to each safe shutdown and/or required interlock Supplies] component. Initially, identify only the power cables from the immediate upstream power source for these interlocked circuits and components (i.e., the closest power supply, load center or motor control center). Review further the electrical distribution system to capture the remaining equipment from the electrical power distribution system necessary to support delivery of power from either the offsite power source or the emergency diesel generators (i.e., onsite power source) to the safe shutdown equipment. Add this equipment to the safe shutdown equipment list. Evaluate the power cables for this additional equipment for associated circuits concerns.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Power supplies are linked to their components HNP FSSPMD R16 00, Fire Circuit Information Form in FSSPMD in the "Power Supplies, Related, Safe Shutdown Program Auxiliary, and Other Important Circuits" portion Manager Database, Rev.
of the Circuit Information Form. A standard 016, note "A" entered for a power supply in this section indicates that the power supply is required for the component to perform its safe shutdown function. Any cable damage that results in the failure of the power supply will also fail the component being analyzed in the augmented fault tree.
FPIP-0105, Safe Shutdown Section 9.2 and Appendix 6 Circuit Analysis, Rev. 000, HNP-E/ELEC-0001, Safe Sections B.7.1.1.2 and B.7.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 N/A, Progress Energy Fire Section 3.5.3.2 and Attachment Safe Shutdown Program A Manager Database User's Manual, Rev. 001, HNP Page 35 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.6 [ESFAS Initiation] The automatic initiation logics for the credited post-fire safe shutdown systems are not required to support safe shutdown. Each system can be controlled manually by operator actuation in the main control room or emergency control station. If operator actions outside the MCR are necessary, those actions must conform to the regulatory requirements on manual actions. However, if not protected from the effects of fire, the fire-induced failure of automatic initiation logic circuits must not adversely affect any post-fire safe shutdown system function.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The actions required to mitigate spurious EC 54865, SSD Validation -
ESFAS signal have been identified and will be Issue Revised SSD Analysis included in revison 1 of HNP-E/ELEC-0001 per Calculation(s), Rev. 0, EC 54865. Sections B.4, B.7.1.1.2, and 9/18/2006 Appendix 6 will all be revised to reflect the revised consideration of spurious ESFAS signals into the safe shutdown anlysis.
FPIP-0105, Safe Shutdown Section 9.2.13 Circuit Analysis, Rev. 000, NEI 00-01 Ref NEI 00-01 Guidance 3.3.1.7 [Circuit Coordination] Cabling for the electrical distribution system is a concern for those breakers that feed associated circuits and are not fully coordinated with upstream breakers. With respect to electrical distribution cabling, two types of cable associations exist. For safe shutdown considerations, the direct power feed to a primary safe shutdown component is associated with the primary component. For example, the power feed to a pump is necessary to support the pump. Similarly, the power feed from the load center to an MCC supports the MCC. However, for cases where sufficient branch-circuit coordination is not provided, the same cables discussed above would also support the power supply. For example, the power feed to the pump discussed above would support the bus from which it is fed because, for the case of a common power source analysis, the concern is the loss of the upstream power source and not the connected load. Similarly, the cable feeding the MCC from the load center would also be necessary to support the load center.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This is a discussion of hte common power HNP-E/ELEC-0001, Safe Section B.7.2 supply concern, which is taken into Shutdown in Case of Fire consideration in the safe shutdown analysis. and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 36 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.2 Associated Circuit Cables Appendix R,Section III.G.2, requires that separation features be provided for equipment and cables, including associated nonsafety circuits that could prevent operation or cause maloperation due to hot shorts, open circuits, or shorts to ground, of redundant trains of systems necessary to achieve hot shutdown. The three types of associated circuits were identified in Reference 6.1.5 and further clarified in a NRC memorandum dated March 22, 1982 from R. Mattson to D. Eisenhut, Reference 6.1.6. They are as follows:
- Spurious actuations
- Common power source
- Common enclosure.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This section provides an introductioin to the NUREG-1038, Safety SSER 3, page 9-15 requirements to analyze associated circuits. Evaluation Report Related Specific requirements of NEI 00-01 are to the Operation of the discussed below. Shearon Harris Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 HNP-E/ELEC-0001, Safe Sections B.7.1, B.7.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 3.3, 9.5.3 Circuit Analysis, Rev. 000, EC 54865, SSD Validation - Section C02 Issue Revised SSD Analysis Calculation(s), Rev. 0, 9/18/2006 E-5506, Appendix 'R' Coordination Study, Rev.
007, E-5505, Worst Case 120VAC/125VDC Panel Appendix 'R'/Non Appendix
'R' Circuits Short Circtuit Levels, Rev. 004, HNP Page 37 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.2 [A] Associated Circuit Safe shutdown system spurious actuation concerns can result from fire damage to a cable whose failure could cause the spurious actuation/mal-operation of Cables - Cables Whose Failure equipment whose operation could affect safe shutdown. These cables are identified in Section 3.3.3 together with the remaining safe shutdown cables required to May Cause Spurious support control and operation of the equipment.
Actuations Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Cables that can cause an undesired spurious HNP-E/ELEC-0001, Safe Section B.7.1 actuation are identified by an "S" in the FMEA Shutdown in Case of Fire code of the circuit information form in and Fire Hazards Analysis, FSSPMD. They are evaluated in the SSA in Rev. 0, 6/2/2006 the same manner as "required" cables.
FPIP-0105, Safe Shutdown Section 9.1.2 Circuit Analysis, Rev. 000, HNP FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev.
016, HNP Page 38 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.2 [B] Associated Circuit The concern for the common power source associated circuits is the loss of a safe shutdown power source due to inadequate breaker/fuse coordination. In the Cables - Common Power case of a fire-induced cable failure on a non-safe shutdown load circuit supplied from the safe shutdown power source, a lack of coordination between the upstream Source Cables supply breaker/fuse feeding the safe shutdown power source and the load breaker/fuse supplying the non-safe shutdown faulted circuit can result in loss of the safe shutdown bus. This would result in the loss of power to the safe shutdown equipment supplied from that power source preventing the safe shutdown equipment from performing its required safe shutdown function. Identify these cables together with the remaining safe shutdown cables required to support control and operation of the equipment. Refer to Section 3.5.2.4 for an acceptable methodology for analyzing the impact of these cables on post-fire safe shutdown.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The analysis has taken into account E-5506, Appendix 'R' associated circuits by common power supply Coordination Study, Rev.
as defined by NRC Generic Letter 81-12 and 007, its supplement.
EC 54865, SSD Validation - Section C02 Issue Revised SSD Analysis Calculation(s), Rev. 0, 9/18/2006 FPIP-0105, Safe Shutdown Section 9.5.2 Circuit Analysis, Rev. 000, NUREG-1038, Safety SSER 3, page 9-15 Evaluation Report Related to the Operation of the Shearon Harris Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 E-5505, Worst Case 120VAC/125VDC Panel Appendix 'R'/Non Appendix
'R' Circuits Short Circtuit Levels, Rev. 004, HNP-E/ELEC-0001, Safe Section B.7.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 39 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.2 [C] Associated Circuit The concern with common enclosure associated circuits is fire damage to a cable whose failure could propagate to other safe shutdown cables in the same Cables - Common Enclosure enclosure either because the circuit is not properly protected by an isolation device (breaker/fuse) such that a fire-induced fault could result in ignition along its Cables length, or by the fire propagating along the cable and into an adjacent fire area. This fire spread to an adjacent fire area could impact safe shutdown equipment in that fire area, thereby resulting in a condition that exceeds the criteria and assumptions of this methodology (i.e., multiple fires). Refer to Section 3.5.2.5 for an acceptable methodology for analyzing the impact of these cables on post-fire safe shutdown.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Analysis aligns based on a combination of E-5505, Worst Case design considerations and circuit coordination 120VAC/125VDC Panel studies. Appendix 'R'/Non Appendix
'R' Circuits Short Circtuit Levels, Rev. 004, E-5506, Appendix 'R' Coordination Study, Rev.
007, HNP-E/ELEC-0001, Safe Section B.7.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.3.3 Methodology for Cable Refer to Figure 3-4 for a flowchart illustrating the various steps involved in selecting the cables necessary for performing a post-fire safe shutdown analysis.
Selection and Location Use the following methodology to define the cables required for safe shutdown including cables that may cause associated circuits concerns for a post-fire safe shutdown analysis:
[Refer to hard copy of NEI 00-01 for Figure 3-4]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This is an istroductory paragraph with no FPIP-0105, Safe Shutdown Section 9.2 specific criteria. Requirements are in the Circuit Analysis, Rev. 000, subsequent subsections.
HNP-E/ELEC-0001, Safe Section B.7.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 40 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.3.1 Identify Circuits For each piece of safe shutdown equipment defined in section 3.2, review the appropriate electrical diagrams including the following documentation to identify the Required for the Operation of circuits (power, control, instrumentation) required for operation or whose failure may impact the operation of each piece of equipment:
the Safe Shutdown Equipment - Single-line electrical diagrams
- Elementary wiring diagrams
- Electrical connection diagrams
- Instrument loop diagrams.
For electrical power distribution equipment such as power supplies, identify any circuits whose failure may cause a coordination concern for the bus under evaluation.
If power is required for the equipment, include the closest upstream power distribution source on the safe shutdown equipment list. Through the iterative process described in Figures 3-2 and 3-3, include the additional upstream power sources up to either the offsite or the emergency power source.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The circuit analysis procedure (FPIP-0105) HNP-E/ELEC-0001, Safe Section B.7.1 directs that all cables that could adversely Shutdown in Case of Fire affect the component's ability to perform its and Fire Hazards Analysis, safe shutdown function be identified. It also Rev. 0, 6/2/2006 includes the identificaton of all required power supplies.
FPIP-0105, Safe Shutdown Section 9.2 Circuit Analysis, Rev. 000, HNP Page 41 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.3.2 Identify Interlocked In reviewing each control circuit, investigate interlocks that may lead to additional circuit schemes, cables and equipment. Assign to the equipment any cables for Circuits and Cables Whose interlocked circuits that can affect the equipment.
Spurious Operation or While investigating the interlocked circuits, additional equipment or power sources may be discovered. Include these interlocked equipment or power sources in Mal-operation Could Affect the safe shutdown equipment list (refer to Figure 3-3) if they can impact the operation of the equipment under consideration.
Shutdown Applicability Comments Applicable As an alternative to adding the interlocked equipment to the SSEL, it is acceptable to include the cables that are required for the interlocking function (or that could cause the spurious actuation) with the main component that was originally under consideration. Adding the components may ease the development of a suitable mitigating strategy in areas where the interlocked cables may be damaged by the fire.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Interlocked circuits were either included in the HNP-E/ELEC-0001, Safe Section B.7.1.1.2 analysis, or the interlocked contact or relay Shutdown in Case of Fire was assumed to be in its worst-case position. and Fire Hazards Analysis, Associated circuits identified for each Rev. 0, 6/2/2006 component are either included in the main circuit anlaysis with a code of "A" in the existing basis column, or are included by listing the applicable circuit in the "Power Supplies, Related, Auxiliary, and Other Important Circuits" on the Circuit Information Form.
FPIP-0105, Safe Shutdown Section 9.2.4 Circuit Analysis, Rev. 000, HNP Page 42 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.3.3.3 Assign Cables to the Given the criteria/assumptions defined in Section 3.3.1, identify the cables required to operate or that may result in maloperation of each piece of safe shutdown Safe Shutdown Equipment equipment.
Tabulate the list of cables potentially affecting each piece of equipment in a relational database including the respective drawing numbers, their revision and any interlocks that are investigated to determine their impact on the operation of the equipment. In certain cases, the same cable may support multiple pieces of equipment. Relate the cables to each piece of equipment, but not necessarily to each supporting secondary component.
If adequate coordination does not exist for a particular circuit, relate the power cable to the power source. This will ensure that the power source is identified as affected equipment in the fire areas where the cable may be damaged.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Information is maintained in the FSSPMD. FPIP-0105, Safe Shutdown Sections 9.2 through 9.5 Circuit Analysis, Rev. 000, HNP-E/ELEC-0001, Safe Sections B.7.1.1.2 and B.7.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP FSSPMD R16 00, Fire Circuit Information Form Safe Shutdown Program Manager Database, Rev.
016, NEI 00-01 Ref NEI 00-01 Guidance 3.5 Circuit Analysis and This section on circuit analysis provides information on the potential impact of fire on circuits used to monitor, control and power safe shutdown equipment.
Evaluation Applying the circuit analysis criteria will lead to an understanding of how fire damage to the cables may affect the ability to achieve and maintain post-fire safe shutdown in a particular fire area. This section should be used in conjunction with Section 3.4, to evaluate the potential fire-induced impacts that require mitigation.
Appendix R Section III.G.2 identifies the fire-induced circuit failure types that are to be evaluated for impact from exposure fires on safe shutdown equipment.
Section III.G.2 of Appendix R requires consideration of hot shorts, shorts-to-ground and open circuits.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns BTP CMEB 9.5-1 Section C.5.c.(7) requires HNP-E/ELEC-0001, Safe Sections A.1.1, A.2.5 consideration of hot shorts, shorts-to-ground Shutdown in Case of Fire and open circuits for NUREG-0800 plants. and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 3.6 Circuit Analysis, Rev. 000, HNP Page 43 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.1 Criteria / Assumptions Apply the following criteria/assumptions when performing fire-induced circuit failure evaluations.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Shearon Harris followed the general criteria FPIP-0105, Safe Shutdown that follows this introductory section, which Circuit Analysis, Rev. 000, contains no specific requirements.
HNP-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 44 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.1 [Circuit Failure Types Consider the following circuit failure types on each conductor of each unprotected safe shutdown cable to determine the potential impact of a fire on the safe and Impact] shutdown equipment associated with that conductor.
- A hot short may result from a fire-induced insulation breakdown between conductors of the same cable, a different cable or from some other external source resulting in a compatible but undesired impressed voltage or signal on a specific conductor. A hot short may cause a spurious operation of safe shutdown equipment.
- An open circuit may result from a fire-induced break in a conductor resulting in the loss of circuit continuity. An open circuit may prevent the ability to control or power the affected equipment. An open circuit may also result in a change of state for normally energized equipment. (e.g. [for BWRs] loss of power to the Main Steam Isolation Valve (MSIV) solenoid valves due to an open circuit will result in the closure of the MSIVs). Note that RIS 2004-03 indicates that open circuits, as an initial mode of cable failures, are considered to be of very low likelihood. The risk-informed inspection process will focus on failures with relatively high probabilities.
- A short-to-ground may result from a fire-induced breakdown of a cable insulation system, resulting in the potential on the conductor being applied to ground potential. A short-to-ground may have all of the same effects as an open circuit and, in addition, a short-to-ground may also cause an impact to the control circuit or power train of which it is a part.
Consider the three types of circuit failures identified above to occur individually on each conductor of each safe shutdown cable on the required safe shutdown path in the fire area.
Applicability Comments Applicable HNP Page 45 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent Circuit analysis was performed and FPIP-0105, Safe Shutdown Section 9.0.
documented in the FSSPMD prior to Circuit Analysis, Rev. 000, performing the fire area assessments. Thus, only those cables that have been previously determined to adversely affect the ability of the component to perform its safe shutdown function have been identified as required cables. The augmented CAFTA fault tree is used to identify a success "path" using the minimum set of equipment that may actually be damaged by the fire.
HNP FSSPMD R16 00, Fire Fault Tree Logic Safe Shutdown Program Manager Database, Rev.
016, FPIP-0106, Validate Fire Section 9.0.
Area Safe Shutdown Strategies, Rev. 001, HNP Page 46 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Not in Alignment, but The referenced section of Supplement 3 to the NUREG-1038, Safety Supplement 3, page 9-15 Prior NRC Approval SER states in part: Evaluation Report Related to the Operation of the "Spurious operations due to stray voltages Shearon Harris Nuclear between cables within a common raceway Power Plant, Units 1 and 2 -
(cable-to-cable faults) resulting from fire Docket Nos. STN-50-400 damage have been considered a noncredible and STN 50-401, Rev.
event by the applicants. One reason for this is Original, 11/1/1983 that conductor-to-conductor faults are much more likely to occur before cable-to-cable faults, and conductor-to-conductor faults would preclude cable-to-cable faults. To cause spurious operations by two-wire 125-V ac or dc control or power cable, the applicants indicated that two circuits in contiguous cables (one energized, one deenergized) would need to be damaged by the fire and reconnected in proper sequence. This could occur if, for example, the positive energized wiire in the one cable were to be exposed (thorugh cable and wire insulation) to the positive unenergized wire in the adjacent cable and were to make contact with each other. This could only occur in the unlikely event that that insulation for both cables and both wires was to be removed in the same genreal area to permit this contact.
Much more likely is the possibility for contact between the positive and negative energized wires in one cable or for the energized positive wire to contact the metallic raceway where either contact would cause the circuit breaker to open, thus removing the possibility for spurious operation. On the basis of the above, the staff finds the applicants' response relating to spurious operation of associated circuits as a result of wire-to-wire or cable-to-cable faults acceptable."
In perfoming the FMEA for the identified safe shutdown circuits, this positon is taken into account in the RDM "Revised Design Methodology" column of the Circuti Information Form.
HNP Page 47 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Open Item ID Open Item Description Disposition Open/Closed HNP-006 The section in Supplement 3 to the SSER that contains Open the discussion of cable-to-cable faults is techncally within a section titled "Alternate of Dedicated Shutdown Capability," which starts on page 9-6. The section on associated circuits which contains the cable-to-cable fault discussion begins on page 9-15 and is within sub-section (s). It seems clear from the discussion that it applies to all plant fire areas. For example, the preceeding sub-section (i) "Procedures" (page 9-10) states that "the applicants have committed to provide plans for fires in all plant areas." Sub-section (o) on page 9-12 contains the discussion of high/low pressure interfaces which clearly applies to all plant areas. Thus, it is reasonable to conclude that sub-section (s)
"Associated Circuits" whcih contains the applicable discussion of cable-to-cable faults also applies plant wide.
NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.2 [Circuit Contacts and Assume that circuit contacts are positioned (i.e., open or closed) consistent with the normal mode/position of the safe shutdown equipment as shown on the Operational Modes] schematic drawings. The analyst must consider the position of the safe shutdown equipment for each specific shutdown scenario when determining the impact that fire damage to a particular circuit may have on the operation of the safe shutdown equipment.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Per the analysis, components are assumed to HNP-E/ELEC-0001, Safe Section B.7.1.1.2 be in their normal operating position. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 9.2.3 Circuit Analysis, Rev. 000, HNP Page 48 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.3 [Duration of Circuit Assume that circuit failure types resulting in spurious operations exist until action has been taken to isolate the given circuit from the fire area, or other actions have Failures] been taken to negate the effects of circuit failure that is causing the spurious actuation. The fire is not assumed to eventually clear the circuit fault. Note that RIS 2004-03 indicates that fire-induced hot shorts typically self-mitigate after a limited period of time.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The analysis takes no credit for FPIP-0105, Safe Shutdown Section 9.2.5 "self-mitigating" circuit failures. Circuit Analysis, Rev. 000, EGR-NGGC-0102, Attachment 4, Section 3.4, under the heading "Issues Requiring Further Research" states in part "Duration of hot shorts...Cable test data indicates that the duration of a hot short is limited; PE general methodology is to conservatively assume the hot short is maintained until action is taken to mitigate its affects."
FPIP-0106, Validate Fire Section 9.1.12 Area Safe Shutdown Strategies, Rev. 001, EGR-NGGC-0102, Safe Section 3.4 Shutdown/Fire Protection Review, Rev. 006, NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.4 [Cable Failure When both trains are in the same fire area outside of primary containment, all cables that do not meet the separation requirements of Section III.G.2 are assumed Configurations] to fail in their worst case configuration.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns All cables in the area under consideration are HNP-E/ELEC-0001, Safe Sections A.3.10 and A.3.11 assumed to fail in their worst case Shutdown in Case of Fire configuration. and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0106, Validate Fire Sections 9.1.11, 9.1.12.
Area Safe Shutdown Strategies, Rev. 001, HNP Page 49 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.5 [A, Circuit Failure Risk The following guidance provides the NRC inspection focus from Bin 1 of RIS 2004-03 in order to identify any potential combinations of spurious operations with Assessment Guidance] higher risk significance. Bin 1 failures should also be the focus of the analysis; however, NRC has indicated that other types of failures required by the regulations for analysis should not be disregarded even if in Bin 2 or 3. If Bin 1 changes in subsequent revisions of RIS 2004-03, the guidelines in the revised RIS should be followed.
Applicability Comments Not Applicable Provides guidance on assessing the risk-significance of circuit failures based on RIS 2004-03, Rev. 1. Note that SSER 3 approved Harris' original methodology which did not postulate inter-cable hot shorts (SSER 3, pages 9-15, 9-16).
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Shearon Harris performed a multiple spurious HNP-E/ELEC-0001, Safe Appendix 14 operations review in accordance with the Shutdown in Case of Fire guidelines of NRC RIS 2004-03. The results of and Fire Hazards Analysis, the review are contained in Appendix 14 of the Rev. 0, 6/2/2006 safe shutdown analysis.
HNP Page 50 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.5 [B, Cable Failure For multiconductor cables testing has demonstrated that conductor-to-conductor shorting within the same cable is the most common mode of failure. This is often Modes] referred to as intra-cable shorting. It is reasonable to assume that given damage, more than one conductor-to-conductor short will occur in a given cable. A second primary mode of cable failure is conductor-to-conductor shorting between separate cables, commonly referred to as inter-cable shorting. Inter-cable shorting is less likely than intra-cable shorting. Consistent with the current knowledge of fire-induced cable failures, the following configurations should be considered:
A. For any individual multiconductor cable (thermoset or thermoplastic), any and all potential spurious actuations that may result from intra-cable shorting, including any possible combination of conductors within the cable, may be postulated to occur concurrently regardless of number. However, as a practical matter, the number of combinations of potential hot shorts increases rapidly with the number of conductors within a given cable. For example, a multiconductor cable with three conductors (3C) has 3 possible combinations of two (including desired combinations), while a five conductor cable (5C) has 10 possible combinations of two (including desired combinations), and a seven conductor cable (7C) has 21 possible combinations of two (including desired combinations). To facilitate an inspection that considers most of the risk presented by postulated hot shorts within a multiconductor cable, inspectors should consider only a few (three or four) of the most critical postulated combinations.
B. For any thermoplastic cable, any and all potential spurious actuations that may result from intra-cable and inter-cable shorting with other thermoplastic cables, including any possible combination of conductors within or between the cables, may be postulated to occur concurrently regardless of number. (The consideration of thermoset cable inter-cable shorts is deferred pending additional research.)
C. For cases involving the potential damage of more than one multiconductor cable, a maximum of two cables should be assumed to be damaged concurrently.
The spurious actuations should be evaluated as previously described. The consideration of more than two cables being damaged (and subsequent spurious actuations) is deferred pending additional research.
D. For cases involving direct current (DC) circuits, the potential spurious operation due to failures of the associated control cables (even if the spurious operation requires two concurrent hot shorts of the proper polarity, e.g., plus-to-plus and minus-to-minus) should be considered when the required source and target conductors are each located within the same multiconductor cable.
E. Instrumentation Circuits. Required instrumentation circuits are beyond the scope of this associated circuit approach and must meet the same requirements as required power and control circuits. There is one case where an instrument circuit could potentially be considered an associated circuit. If fire-induced damage of an instrument circuit could prevent operation (e.g., lockout permissive signal) or cause maloperation (e.g., unwanted start/stop/reposition signal) of systems necessary to achieve and maintain hot shutdown, then the instrument circuit may be considered an associated circuit and handled accordingly.
Applicability Comments Not Applicable Provides guidance on assessing the risk-significance of circuit failures based on RIS 2004-03, Rev. 1.
HNP Page 51 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2 Types of Circuit Failures Appendix R requires that nuclear power plants must be designed to prevent exposure fires from defeating the ability to achieve and maintain post-fire safe shutdown. Fire damage to circuits that provide control and power to equipment on the required safe shutdown path and any other equipment whose spurious operation/mal-operation could affect shutdown in each fire area must be evaluated for the effects of a fire in that fire area. Only one fire at a time is assumed to occur. The extent of fire damage is assumed to be limited by the boundaries of the fire area. Given this set of conditions, it must be assured that one redundant train of equipment capable of achieving hot shutdown is free of fire damage for fires in every plant location. To provide this assurance, Appendix R requires that equipment and circuits required for safe shutdown be free of fire damage and that these circuits be designed for the fire-induced effects of a hot short, short-to-ground, and open circuit. With respect to the electrical distribution system, the issue of breaker coordination must also be addressed.
This section will discuss specific examples of each of the following types of circuit failures:
- Open circuit
- Short-to-ground
- Hot short.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns NUREG-0800 contains similar guidelines. This FPIP-0105, Safe Shutdown section provides a brief synopsis of safe Circuit Analysis, Rev. 000, shutdown requirements as an introduction to a detailed discussion of three specific types of circuit failures that are required to be postulated.
FPIP-0104, Safe Shutdown Equipment List and Fault Tree Logics, Rev. 000, FPIP-0106, Validate Fire Area Safe Shutdown Strategies, Rev. 001, HNP-E/ELEC-0001, Safe Section A.1.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 52 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.1 Circuit Failures Due to This section provides guidance for addressing the effects of an open circuit for safe shutdown equipment. An open circuit is a fire-induced break in a conductor an Open Circuit resulting in the loss of circuit continuity. An open circuit will typically prevent the ability to control or power the affected equipment. An open circuit can also result in a change of state for normally energized equipment. For example, a loss of power to the main steam isolation valve (MSIV) solenoid valves [for BWRs] due to an open circuit will result in the closure of the MSIV.
NOTE: The EPRI circuit failure testing indicated that open circuits are not likely to be the initial fire-induced circuit failure mode. Consideration of this may be helpful within the safe shutdown analysis. Consider the following consequences in the safe shutdown circuit analysis when determining the effects of open circuits:
Loss of electrical continuity may occur within a conductor resulting in de-energizing the circuit and causing a loss of power to, or control of, the required safe shutdown equipment.
In selected cases, a loss of electrical continuity may result in loss of power to an interlocked relay or other device. This loss of power may change the state of the equipment. Evaluate this to determine if equipment fails safe.
Open circuit on a high voltage (e.g., 4.16 kV) ammeter current transformer (CT) circuit may result in secondary damage.
Figure 3.5.2-1 shows an open circuit on a grounded control circuit.
[Refer to hard copy of NEI 00-01 for Figure 3.5.2-1]
Open circuit No. 1:
An open circuit at location No. 1 will prevent operation of the subject equipment.
Open circuit No. 2:
An open circuit at location No. 2 will prevent opening/starting of the subject equipment, but will not impact the ability to close/stop the equipment.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider open circuits. FPIP-0105, Safe Shutdown Section 3.23 This section provides information related to the Circuit Analysis, Rev. 000, effects of an open circuit on diferent types of typical circuits.
HNP-E/ELEC-0001, Safe Sections A.1.1, B.7.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 53 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.2 Circuit Failures Due to This section provides guidance for addressing the effects of a short-to-ground on circuits for safe shutdown equipment. A short-to-ground is a fire-induced a Short-to-Ground [A, General] breakdown of a cable insulation system resulting in the potential on the conductor being applied to ground potential. A short-to-ground can cause a loss of power to or control of required safe shutdown equipment. In addition, a short-to-ground may affect other equipment in the electrical power distribution system in the cases where proper coordination does not exist.
Consider the following consequences in the post-fire safe shutdown analysis when determining the effects of circuit failures related to shorts-to-ground:
- A short to ground in a power or a control circuit may result in tripping one or more isolation devices (i.e. breaker/fuse) and causing a loss of power to or control of required safe shutdown equipment.
- In the case of certain energized equipment such as HVAC dampers, a loss of control power may result in loss of power to an interlocked relay or other device that may cause one or more spurious operations.
Applicability Comments Applicable This section provides specific examples of shorts to ground on a representative sample of typical control and power circuits Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider shorts to HNP-E/ELEC-0001, Safe Sections A.1.1, B.7.1 ground. This section provides information Shutdown in Case of Fire related to the effects of a short to ground on and Fire Hazards Analysis, diferent types of typical circuits. Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 3.17 Circuit Analysis, Rev. 000, HNP Page 54 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.2 Circuit Failures Due to This section provides guidance for addressing the effects of a short-to-ground on circuits for safe shutdown equipment. A short-to-ground is a fire-induced a Short-to-Ground [B, breakdown of a cable insulation system resulting in the potential on the conductor being applied to ground potential. A short-to-ground can cause a loss of power to Grounded Circuits] or control of required safe shutdown equipment. In addition, a short-to-ground may affect other equipment in the electrical power distribution system in the cases where proper coordination does not exist.
Short-to-Ground on Grounded Circuits Typically, in the case of a grounded circuit, a short-to-ground on any part of the circuit would present a concern for tripping the circuit isolation device thereby causing a loss of control power.
Figure 3.5.2-2 illustrates how a short-to-ground fault may impact a grounded circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-2]
Short-to-ground No. 1:
A short-to-ground at location No. 1 will result in the control power fuse blowing and a loss of power to the control circuit. This will result an inability to operate the equipment using the control switch. Depending on the coordination characteristics between the protective device on this circuit and upstream circuits, the power supply to other circuits could be affected.
Short-to-ground No. 2:
A short-to-ground at location No. 2 will have no effect on the circuit until the close/stop control switch is closed. Should this occur, the effect would be identical to that for the short-to-ground at location No. 1 described above. Should the open/start control switch be closed prior to closing the close/stop control switch, the equipment will still be able to be opened/started.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider shorts to FPIP-0105, Safe Shutdown Section 3.17 ground. This section provides information Circuit Analysis, Rev. 000, related to the effects of a short to ground on typical grounded circuits.
HNP-E/ELEC-0001, Safe Section A.1.1, B.7.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 55 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.2 Circuit Failures Due to Short-to-Ground on Ungrounded Circuits a Short-to-Ground [C, Ungrounded Circuits] In the case of an ungrounded circuit, postulating only a single short-to-ground on any part of the circuit may not result in tripping the circuit isolation device. Another short-to-ground on the circuit or another circuit from the same source would need to exist to cause a loss of control power to the circuit.
Figure 3.5.2-3 illustrates how a short to ground fault may impact an ungrounded circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-3]
Short-to-ground No. 1: A short-to-ground at location No. 1 will result in the control power fuse blowing and a loss of power to the control circuit if short-to-ground No.
3 also exists either within the same circuit or on any other circuit fed from the same power source. This will result in an inability to operate the equipment using the control switch. Depending on the coordination characteristics between the protective device on this circuit and upstream circuits, the power supply to other circuits could be affected.
Short-to-ground No. 2:
A short-to-ground at location No. 2 will have no effect on the circuit until the close/stop control switch is closed. Should this occur, the effect would be identical to that for the short-to-ground at location No. 1 described above. Should the open/start control switch be closed prior to closing the close/stop control switch, the equipment will still be able to be opened/started.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider shorts to FPIP-0105, Safe Shutdown Section 3.23 ground. This section provides information Circuit Analysis, Rev. 000, related to the effects of a short to ground on typical ungrounded circuits.
HNP-E/ELEC-0001, Safe Section A.1.1, B.7.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 56 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.3 Circuit Failures Due to This section provides guidance for analyzing the effects of a hot short on circuits for required safe shutdown equipment. A hot short is defined as a fire-induced a Hot Short [A, General] insulation breakdown between conductors of the same cable, a different cable or some other external source resulting in an undesired impressed voltage on a specific conductor. The potential effect of the undesired impressed voltage would be to cause equipment to operate or fail to operate in an undesired manner.
Consider the following specific circuit failures related to hot shorts as part of the post-fire safe shutdown analysis:
- A hot short between an energized conductor and a de-energized conductor within the same cable may cause a spurious actuation of equipment. The spuriously actuated device (e.g., relay) may be interlocked with another circuit that causes the spurious actuation of other equipment. This type of hot short is called a conductor-to-conductor hot short or an internal hot short.
- A hot short between any external energized source such as an energized conductor from another cable (thermoplastic cables only) and a de-energized conductor may also cause a spurious actuation of equipment. This is called a cable-to-cable hot short or an external hot short. Cable-to-cable hot shorts between thermoset cables are not postulated to occur pending additional research.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider hot shorts. FPIP-0105, Safe Shutdown Section 3.14 This section provides information related to the Circuit Analysis, Rev. 000, effects of a hot short on typical circuits.
HNP-E/ELEC-0001, Safe Sections A.1.1, B.7.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 57 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.3 Circuit Failures Due to A Hot Short on Grounded Circuits a Hot Short [B, Grounded Circuits] A short-to-ground is another failure mode for a grounded control circuit. A short-to-ground as described above would result in de-energizing the circuit. This would further reduce the likelihood for the circuit to change the state of the equipment either from a control switch or due to a hot short. Nevertheless, a hot short still needs to be considered. Figure 3.5.2-4 shows a typical grounded control circuit that might be used for a motor-operated valve. However, the protective devices and position indication lights that would normally be included in the control circuit for a motor-operated valve have been omitted, since these devices are not required to understand the concepts being explained in this section. In the discussion provided below, it is assumed that a single fire in a given fire area could cause any one of the hot shorts depicted. The following discussion describes how to address the impact of these individual cable faults on the operation of the equipment controlled by this circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-4]
Hot short No. 1:
A hot short at this location would energize the close relay and result in the undesired closure of a motor-operated valve.
Hot short No. 2:
A hot short at this location would energize the open relay and result in the undesired opening of a motor-operated valve.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider hot shorts. FPIP-0105, Safe Shutdown Section 3.14 This section provides information related to the Circuit Analysis, Rev. 000, effects of a hot short on typical grounded circuits.
HNP-E/ELEC-0001, Safe Sections A.1.1, B.7.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 58 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.3 Circuit Failures Due to A Hot Short on Ungrounded Circuits a Hot Short [C, Ungrounded Circuits] In the case of an ungrounded circuit, a single hot short may be sufficient to cause a spurious operation. A single hot short can cause a spurious operation if the hot short comes from a circuit from the positive leg of the same ungrounded source as the affected circuit.
In reviewing each of these cases, the common denominator is that in every case, the conductor in the circuit between the control switch and the start/stop coil must be involved.
Figure 3.5.2-5 depicted below shows a typical ungrounded control circuit that might be used for a motor-operated valve. However, the protective devices and position indication lights that would normally be included in the control circuit for a motor-operated valve have been omitted, since these devices are not required to understand the concepts being explained in this section.
In the discussion provided below, it is assumed that a single fire in a given fire area could cause any one of the hot shorts depicted. The discussion provided below describes how to address the impact of these cable faults on the operation of the equipment controlled by this circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-5]
Hot short No. 1:
A hot short at this location from the same control power source would energize the close relay and result in the undesired closure of a motor operated valve.
Hot short No. 2:
A hot short at this location from the same control power source would energize the open relay and result in the undesired opening of a motor operated valve.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The Harris SSA does consider hot shorts. HNP-E/ELEC-0001, Safe Sections A.1.1, B.7.1 This section provides information related to the Shutdown in Case of Fire effects of a hot short on typical ungrounded and Fire Hazards Analysis, circuits. Rev. 0, 6/2/2006 FPIP-0105, Safe Shutdown Section 3.14 Circuit Analysis, Rev. 000, HNP Page 59 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
Nuclear Safety Equipment and Cable Location. Physical location of equipment and cables shall be identified.
NEI 00-01 Ref NEI 00-01 Guidance 3.3.3.4 Identify Routing of Identify the routing for each cable including all raceway and cable endpoints. Typically, this information is obtained from joining the list of safe shutdown cables with Cables an existing cable and raceway database Applicability Comments Applicable As a minimum, the cable to fire area information must be obtained.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Cable to raceway information is contained in HNP-E/ELEC-0001, Safe Section B.7.3.1 the Cable Information Form of the FSSPMD. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP FSSPMD R16 00, Fire Cable Information Safe Shutdown Program Manager Database, Rev.
016, NEI 00-01 Ref NEI 00-01 Guidance 3.3.3.5 Identify Location of Identify the fire area location of each raceway and cable endpoint identified in the previous step and join this information with the cable routing data. In addition, Raceway and Cables by Fire identify the location of field-routed cable by fire area. This produces a database containing all of the cables requiring fire area analysis, their locations by fire area, Area and their raceway.
Applicability Comments Applicable The particular raceway a cable is routed in within the fire area under consideration is important in a risk-informed, performance-based approach.
Such information helps the analyst determine the extent to which the cable may be damaged in a credible fire scenario.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The fire area routing of each cable was HNP-E/ELEC-0001, Safe Section B.7.3 identified and entered in the FSSPMD. Shutdown in Case of Fire Raceway to fire area information is not and Fire Hazards Analysis, contained, but will be added to support the Rev. 0, 6/2/2006 transitions to NFPA 805.
HNP FSSPMD R16 00, Fire Cable Information Safe Shutdown Program Manager Database, Rev.
016, Open Item ID Open Item Description Disposition Open/Closed HNP-003 The FSSPMD does not contain the raceway to fire area Open link required by Section 3.3.3.5 of NEI 00-01. This information is in a database that has been validated for upload into the FSSPMD.
HNP Page 60 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.4 Circuit Failures Due to The evaluation of associated circuits of a common power source consists of verifying proper coordination between the supply breaker/fuse and the load Inadequate Circuit breakers/fuses for power sources that are required for safe shutdown. The concern is that, for fire damage to a single power cable, lack of coordination between Coordination the supply breaker/fuse and the load breakers/fuses can result in the loss of power to a safe shutdown power source that is required to provide power to safe shutdown equipment.
For the example shown in Figure 3.5.2-6, the circuit powered from load breaker 4 supplies power to a non-safe shutdown pump. This circuit is damaged by fire in the same fire area as the circuit providing power to from the Train B bus to the Train B pump, which is redundant to the Train A pump.
To assure safe shutdown for a fire in this fire area, the damage to the non-safe shutdown pump powered from load breaker 4 of the Train A bus cannot impact the availability of the Train A pump, which is redundant to the Train B pump. To assure that there is no impact to this Train A pump due to the associated circuits common power source breaker coordination issue, load breaker 4 must be fully coordinated with the feeder breaker to the Train A bus.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-6]
A coordination study should demonstrate the coordination status for each required common power source. For coordination to exist, the time-current curves for the breakers, fuses and/or protective relaying must demonstrate that a fault on the load circuits is isolated before tripping the upstream breaker that supplies the bus.
Furthermore, the available short circuit current on the load circuit must be considered to ensure that coordination is demonstrated at the maximum fault level.
The methodology for identifying potential associated circuits of a common power source and evaluating circuit coordination cases of associated circuits on a single circuit fault basis is as follows:
- Identify the power sources required to supply power to safe shutdown equipment.
- For each power source, identify the breaker/fuse ratings, types, trip settings and coordination characteristics for the incoming source breaker supplying the bus and the breakers/fuses feeding the loads supplied by the bus.
- For each power source, demonstrate proper circuit coordination using acceptable industry methods.
- For power sources not properly coordinated, tabulate by fire area the routing of cables whose breaker/fuse is not properly coordinated with the supply breaker/fuse. Evaluate the potential for disabling power to the bus in each of the fire areas in which the associated circuit cables of concern are routed and the power source is required for safe shutdown. Prepare a list of the following information for each fire area:
- Cables of concern.
- Affected common power source and its path.
- Raceway in which the cable is enclosed.
- Sequence of the raceway in the cable route.
- Fire zone/area in which the raceway is located.
For fire zones/areas in which the power source is disabled, the effects are mitigated by appropriate methods.
Develop analyzed safe shutdown circuit dispositions for the associated circuit of concern cables routed in an area of the same path as required by the power source. Evaluate adequate separation based upon the criteria in Appendix R, NRC staff guidance, and plant licensing bases.
Applicability Comments Applicable HNP Page 61 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Associated circuits by common power supply FPIP-0105, Safe Shutdown Sections 9.2.17, 9.5.
were identified and dispositioned during the Circuit Analysis, Rev. 000, cable selection and circuit analysis process.
Where a lack of coordination created a compliance issue, the cables were dispositioned in a manner similar to other cables in the area under analysis that could adversely affect safe shutdown.
HNP FSSPMD R16 00, Fire Component, Cable, and Fault Safe Shutdown Program Tree Logic Manager Database, Rev.
016, HNP-E/ELEC-0001, Safe Section B.7.2.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 62 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
NEI 00-01 Ref NEI 00-01 Guidance 3.5.2.5 Circuit Failures Due to The common enclosure associated circuit concern deals with the possibility of causing secondary failures due to fire damage to a circuit either whose isolation Common Enclosure Concerns device fails to isolate the cable fault or protect the faulted cable from reaching its ignition temperature, or the fire somehow propagates along the cable into adjoining fire areas.
The electrical circuit design for most plants provides proper circuit protection in the form of circuit breakers, fuses and other devices that are designed to isolate cable faults before ignition temperature is reached. Adequate electrical circuit protection and cable sizing are included as part of the original plant electrical design maintained as part of the design change process. Proper protection can be verified by review of as-built drawings and change documentation. Review the fire rated barrier and penetration designs that preclude the propagation of fire from one fire area to the next to demonstrate that adequate measures are in place to alleviate fire propagation concerns.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns FPIP does not reference a particular common FPIP-0105, Safe Shutdown Section 9.5.3 enclosure study. The SSER 3 approval of the Circuit Analysis, Rev. 000, plant's common enclosure response is contained within the "Alternate Shutdown" review, but clearly applies to all plant fire areas.
NUREG-1038, Safety SSER 3, page 9-15 Evaluation Report Related to the Operation of the Shearon Harris Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 HNP-E/ELEC-0001, Safe Section B.7.2 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 63 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Fire Area Assessment. An engineering analysis shall be performed in accordance with the requirements of Section 2.3 for each fire area to determine the effects of fire or fire suppression activities on the ability to achieve the nuclear safety performance criteria of Section 1.5. [See Chapter 4 for methods of achieving these performance criteria (performance-based or deterministic).
NEI 00-01 Ref NEI 00-01 Guidance 3.4 Fire Area Assessment and By determining the location of each component and cable by fire area and using the cable to equipment relationships described above, the affected safe shutdown Compliance Assessment equipment in each fire area can be determined. Using the list of affected equipment in each fire area, the impacts to safe shutdown systems, paths and functions can be determined. Based on an assessment of the number and types of these impacts, the required safe shutdown path for each fire area can be determined.
The specific impacts to the selected safe shutdown path can be evaluated using the circuit analysis and evaluation criteria contained in Section 3.5 of this document.
Having identified all impacts to the required safe shutdown path in a particular fire area, this section provides guidance on the techniques available for individually mitigating the effects of each of the potential impacts.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns This introductory paragraph provides an HNP-E/ELEC-0001, Safe Section B.10.1 overview fo the compliance assessment Shutdown in Case of Fire process that was generally followed by and Fire Hazards Analysis, Shearon Harris. Rev. 0, 6/2/2006 FPIP-0106, Validate Fire Sections 9.2, 9.3, and 9.6 Area Safe Shutdown Strategies, Rev. 001, NEI 00-01 Ref NEI 00-01 Guidance 3.4.1 Criteria / Assumptions The following criteria and assumptions apply when performing fire area compliance assessment to mitigate the consequences of the circuit failures identified in the previous sections for the required safe shutdown path in each fire area.
Applicability Comments Applicable Introductory information directing use of the suggested methodology.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Specific criteria are addressed in the HNP-E/ELEC-0001, Safe Section B.10 sub-pargraph sections. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0106, Validate Fire Section 9.0.
Area Safe Shutdown Strategies, Rev. 001, HNP Page 64 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.1 [Number of Postulated Assume only one fire in any single fire area at a time.
Fires]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns A separate fire is not postulated to occur FPIP-0106, Validate Fire Section 9.1.7 before, during, or following the fire in Area Safe Shutdown accordance with NUREG-0800.. Strategies, Rev. 001, HNP-E/ELEC-0001, Safe Section A.3.6 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.2 [Damage to Assume that the fire may affect all unprotected cables and equipment within the fire area. This assumes that neither the fire size nor the fire intensity is known.
Unprotected Equipment and This is conservative and bounds the exposure fire that is required by the regulation.
Cables]
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The analysis considers all potential failures in FPIP-0106, Validate Fire Sections 9.1.11, 9.1.12.
each area analyzed. Area Safe Shutdown Strategies, Rev. 001, HNP FSSPMD R16 00, Fire Fault Tree Logic Safe Shutdown Program Manager Database, Rev.
016, HNP-E/ELEC-0001, Safe Section A.3.11 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 N/A, Progress Energy Fire Section 5.0.
Safe Shutdown Program Manager Database User's Manual, Rev. 001, HNP Page 65 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.3 [Assess Impacts to Address all cable and equipment impacts affecting the required safe shutdown path in the fire area. All potential impacts within the fire area must be addressed.
Required Components] The focus of this section is to determine and assess the potential impacts to the required safe shutdown path selected for achieving post-fire safe shutdown and to assure that the required safe shutdown path for a given fire area is properly protected.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The use of the CAFTA Fault Tree tool does not HNP-E/ELEC-0001, Safe Section B.10 require that all affected components be Shutdown in Case of Fire addressed. Components must be addressed and Fire Hazards Analysis, until the fault tree shows success. Rev. 0, 6/2/2006 N/A, Progress Energy Fire Section 5.0.
Safe Shutdown Program Manager Database User's Manual, Rev. 001, HNP FSSPMD R16 00, Fire Fault Tree Logic Safe Shutdown Program Manager Database, Rev.
016, FPIP-0106, Validate Fire Sectio 9.0 Area Safe Shutdown Strategies, Rev. 001, HNP Page 66 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.4 [Manual Actions] Use manual actions where appropriate to achieve and maintain post-fire safe shutdown conditions in accordance with NRC requirements.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent The specific criteria regarding what constitutes FPIP-0106, Validate Fire Section 9.2.9.
a feasible manual action, a previously Area Safe Shutdown approved manual action, and an acceptable Strategies, Rev. 001, manual action are all under review within the FAQ process and other industry and NRC intitiatives.
HNP-E/ELEC-0001, Safe Section B.10.1.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 EGR-NGGC-0102, Safe Attachment 3 Shutdown/Fire Protection Review, Rev. 006, Open Item ID Open Item Description Disposition Open/Closed HNP-007 The use of manual actions (recovery actions under Open NFPA-805) is under review through the FAQ process and other industry initiatives. Resolution of the applicable FAQs will determine the suitablity of the plant's credited manual actions.
HNP Page 67 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.5 [Repairs] Where appropriate to achieve and maintain cold shutdown within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, use repairs to equipment required in support of post fire shutdown.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Repairs are considered recovery actioins FPIP-0106, Validate Fire Section 9.2.4 under NFPA 805. Currently, the analysis does Area Safe Shutdown not credit any cold shutdown repairs. Strategies, Rev. 001, HNP FSSPMD R16 00, Fire tbl_EXCEPT_CS Safe Shutdown Program Manager Database, Rev.
016, HNP-E/ELEC-0001, Safe Section B.10.1.1, Item 4 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 68 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.6 [Assess Compliance Appendix R compliance requires that one train of systems necessary to achieve and maintain hot shutdown conditions from either the control room or emergency with Deterministic Criteria] control station(s) is free of fire damage (III.G.1.a). When cables or equipment, including associated circuits, are within the same fire area outside primary containment and separation does not already exist, provide one of the following means of separation for the required safe shutdown path(s):
- Separation of cables and equipment and associated nonsafety circuits of redundant trains within the same fire area by a fire barrier having a 3-hour rating (III.G.2.a)
- Separation of cables and equipment and associated nonsafety circuits of redundant trains within the same fire area by a horizontal distance of more than 20 feet with no intervening combustibles or fire hazards. In addition, fire detectors and an automatic fire suppression system shall be installed in the fire area (III.G.2.b).
- Enclosure of cable and equipment and associated non-safety circuits of one redundant train within a fire area in a fire barrier having a one-hour rating. In addition, fire detectors and an automatic fire suppression system shall be installed in the fire area (III.G.2.c).
For fire areas inside noninerted containments, the following additional options are also available:
- Separation of cables and equipment and associated nonsafety circuits of redundant trains by a horizontal distance of more than 20 feet with no intervening combustibles or fire hazards (III.G.2.d);
- Installation of fire detectors and an automatic fire suppression system in the fire area (III.G.2.e); or
- Separation of cables and equipment and associated non-safety circuits of redundant trains by a noncombustible radiant energy shield (III.G.2.f).
Use exemptions, deviations and licensing change processes to satisfy the requirements mentioned above and to demonstrate equivalency depending upon the plant's license requirements.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The sections of Appendix R referneced in NEI FPIP-0106, Validate Fire Section 9.2.
00-01 are mirrored in Sections C.5.b and Area Safe Shutdown C.7.a.(1)(b). The similar deterministic Strategies, Rev. 001, critereria of NFPA-805 are part of the acceptable compliance strategies used in the revalidation.
HNP-E/ELEC-0001, Safe Section B.10.1.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 69 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.7 [Consider Additional Consider selecting other equipment that can perform the same safe shutdown function as the impacted equipment. In addressing this situation, each equipment Equipment] impact, including spurious operations, is to be addressed in accordance with regulatory requirements and the NPPs current licensing basis.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns with intent This consideration is not clearly stated but is HNP-E/ELEC-0001, Safe inherent in perfoming safe shutdown analyses. Shutdown in Case of Fire Proof that this was considered is the inclusion and Fire Hazards Analysis, of the Normal Service Water System as a Rev. 0, 6/2/2006 credited system in the analyisis during the re-validation.
FPIP-0104, Safe Shutdown Equipment List and Fault Tree Logics, Rev. 000, FPIP-0106, Validate Fire Area Safe Shutdown Strategies, Rev. 001, EGR-NGGC-0102, Safe Shutdown/Fire Protection Review, Rev. 006, FPIP-0105, Safe Shutdown Circuit Analysis, Rev. 000, HNP Page 70 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.1.8 [Consider Instrument Consider the effects of the fire on the density of the fluid in instrument tubing and any subsequent effects on instrument readings or signals associated with the Tubing Effects] protected safe shutdown path in evaluating post-fire safe shutdown capability. This can be done systematically or via procedures such as Emergency Operating Procedures.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Instrument tubing and its routing is included in FPIP-0105, Safe Shutdown Section 9.2.8 the FSSPMD. When necessary, it is treated in Circuit Analysis, Rev. 000, a manner similar to that in which cable damage is assessed.
HNP-E/ELEC-0001, Safe Section B.9 and Appendix 11 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0104, Safe Shutdown Section 9.1.6 Equipment List and Fault Tree Logics, Rev. 000, NEI 00-01 Ref NEI 00-01 Guidance 3.4.2 Methodology for Fire Refer to Figure 3-5 for a flowchart illustrating the various steps involved in performing a fire area assessment.
Area Assessment Use the following methodology to assess the impact to safe shutdown and demonstrate Appendix R compliance:
[Refer to hard copy of NEI 00-01 for Figure 3-5]
Applicability Comments Applicable Introductory Information.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Specific requikrements are detailed in the HNP-E/ELEC-0001, Safe Section B.10 sub-paragraphs. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 FPIP-0106, Validate Fire Section 9.0 Area Safe Shutdown Strategies, Rev. 001, HNP Page 71 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.2.1 Identify the Affected Identify the safe shutdown cables, equipment and systems located in each fire area that may be potentially damaged by the fire. Provide this information in a report Equipment by Fire Area format. The report may be sorted by fire area and by system in order to understand the impact to each safe shutdown path within each fire area (see Attachment 5 for an example of an Affected Equipment Report).
Applicability Comments Applicable The FSSPMD provides the affected equipment report in a Division I / Division II format.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Affected equipment is sorted alpha-numerically HNP-E/ELEC-0001, Safe Section B.10 by safe shutdown division. Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP FSSPMD R16 00, Fire Fault Tree Logic Reports (SSD Safe Shutdown Program Report)
Manager Database, Rev.
016, FPIP-0106, Validate Fire Section 9.2.
Area Safe Shutdown Strategies, Rev. 001, HNP Page 72 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.2.2 Determine the Based on a review of the systems, equipment and cables within each fire area, determine which shutdown paths are either unaffected or least impacted by a Shutdown Paths Least postulated fire within the fire area. Typically, the safe shutdown path with the least number of cables and equipment in the fire area would be selected as the Impacted By a Fire in Each required safe shutdown path. Consider the circuit failure criteria and the possible mitigating strategies, however, in selecting the required safe shutdown path in a Fire Area particular fire area. Review support systems as a part of this assessment since their availability will be important to the ability to achieve and maintain safe shutdown. For example, impacts to the electric power distribution system for a particular safe shutdown path could present a major impediment to using a particular path for safe shutdown. By identifying this early in the assessment process, an unnecessary amount of time is not spent assessing impacts to the frontline systems that will require this power to support their operation.
Based on an assessment as described above, designate the required safe shutdown path(s) for the fire area. Identify all equipment not in the safe shutdown path whose spurious operation or mal-operation could affect the shutdown function. Include these cables in the shutdown function list. For each of the safe shutdown cables (located in the fire area) that are part of the required safe shutdown path in the fire area, perform an evaluation to determine the impact of a fire-induced cable failure on the corresponding safe shutdown equipment and, ultimately, on the required safe shutdown path.
When evaluating the safe shutdown mode for a particular piece of equipment, it is important to consider the equipments position for the specific safe shutdown scenario for the full duration of the shutdown scenario. It is possible for a piece of equipment to be in two different states depending on the shutdown scenario or the stage of shutdown within a particular shutdown scenario. Document information related to the normal and shutdown positions of equipment on the safe shutdown equipment list.
Applicability Comments Applicable At Harris, the least affected "division" may be selected as a starting point since specific safe shutdown paths are not identified.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Specific safe shutdown paths are not FPIP-0106, Validate Fire Section 9.0.
designated or identified. The least affected Area Safe Shutdown safe shutdown division is selected and the Strategies, Rev. 001, CAFTA Fault Tree and other iinformation in the FSSPMD is used to develop the best oversall safe shutdown strategy.
FPIP-0105, Safe Shutdown Sections 9.2 and 9.3.
Circuit Analysis, Rev. 000, FPIP-0104, Safe Shutdown Sectioin 9.1 Equipment List and Fault Tree Logics, Rev. 000, HNP FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev.
016, HNP-E/ELEC-0001, Safe Section B.10 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 73 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.2.3 Determine Safe Using the circuit analysis and evaluation criteria contained in Section 3.5 of this document, determine the equipment that can impact safe shutdown and that can Shutdown Equipment Impacts potentially be impacted by a fire in the fire area, and what those possible impacts are.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns The FSSPMD Fault Tree Logic SSD Report HNP FSSPMD R16 00, Fire Fault Tree Logic Reports provides a list of equipment potentially affected Safe Shutdown Program by the fire. The augmented CAFTA Fault Tree Manager Database, Rev.
further displays the potential consequences of 016, that potential damage. The Circuit Information Form from FSSPMD provides the FMEA for all cables assigned to the component, so the effects of the postulated fire damage can be readily determined.
HNP-E/ELEC-0001, Safe Section B.10 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 74 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.2.4 Develop a Compliance The available deterministic methods for mitigating the effects of circuit failures are summarized as follows (see Figure 1-2):
Strategy or Disposition to - Provide a qualified 3-fire rated barrier.
Mitigate the Effects Due to Fire - Provide a 1-hour fire rated barrier with automatic suppression and detection.
Damage to Each Required - Provide separation of 20 feet or greater with automatic suppression and detection and demonstrate that there are no intervening combustibles within the 20 foot Component or Cable separation distance.
- Reroute or relocate the circuit/equipment, or perform other modifications to resolve vulnerability.
- Provide a procedural action in accordance with regulatory requirements.
- Perform a cold shutdown repair in accordance with regulatory requirements.
- Identify other equipment not affected by the fire capable of performing the same safe shutdown function.
- Develop exemptions, deviations, Generic Letter 86-10 evaluation or fire protection design change evaluations with a licensing change process.
Additional options are available for non-inerted containments as described in 10 CFR 50 Appendix R section III.G.2.d, e and f.
Applicability Comments Applicable Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Compliance strategies are entered into the FPIP-0106, Validate Fire Section 9.2 database as described in FPIP-0106 and the Area Safe Shutdown FSSPMD User's Manual. The FSSPMD Fault Strategies, Rev. 001, Tree Logic Report "Fire Area Summary Report" details the compliance strategies used in each fire area. These reports are included in Appndix 18 of HNP-E/ELEC-0001.
HNP FSSPMD R16 00, Fire SSD and Fire Area Summary Safe Shutdown Program Reports Manager Database, Rev.
016, HNP-E/ELEC-0001, Safe Section B.10.1.1 and Appendix Shutdown in Case of Fire 18 and Fire Hazards Analysis, Rev. 0, 6/2/2006 N/A, Progress Energy Fire Section 5.0.
Safe Shutdown Program Manager Database User's Manual, Rev. 001, HNP Page 75 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.4.2.5 Document the Assign compliance strategy statements or codes to components or cables to identify the justification or mitigating actions proposed for achieving safe shutdown.
Compliance Strategy or The justification should address the cumulative effect of the actions relied upon by the licensee to mitigate a fire in the area. Provide each piece of safe shutdown Disposition Determined to equipment, equipment not in the path whose spurious operation or mal-operation could affect safe shutdown, and/or cable for the required safe shutdown path with Mitigate the Effects Due to Fire a specific compliance strategy or disposition. Refer to Attachment 6 for an example of a Fire Area Assessment Report documenting each cable disposition.
Damage to Each Required Component or Cable Applicability Comments Applicable In the CAFTA fault tree, basic events and gates are recovered until "success" is achieved. All affected equipment is not required to be addressed.
Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Resolution strategies are added to the HNP FSSPMD R16 00, Fire SSD and Fire Area Summary augmented fault tree until the fault tree Safe Shutdown Program Report indicates success and that it has been Manager Database, Rev.
demonstrated that safe shutdown can be 016, achieved.
FPIP-0106, Validate Fire Section 9.2 Area Safe Shutdown Strategies, Rev. 001, N/A, Progress Energy Fire Section 5.0 Safe Shutdown Program Manager Database User's Manual, Rev. 001, HNP-E/ELEC-0001, Safe Section B.10.1.1 Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 HNP Page 76 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Ref NEI 00-01 Guidance 3.5.1.5 [C, Likelihood of Determination of the potential consequence of the damaged associated circuits is based on the examination of specific NPP piping and instrumentation diagrams Undesired Consequences] (P&IDs) and review of components that could prevent operation or cause maloperation such as flow diversions, loss of coolant, or other scenarios that could significantly impair the NPPs ability to achieve and maintain hot shutdown. When considering the potential consequence of such failures, the [analyst] should also consider the time at which the prevented operation or maloperation occurs. Failures that impede hot shutdown within the first hour of the fire tend to be most risk significant in a first-order evaluation. Consideration of cold-shutdown circuits is deferred pending additional research.
Applicability Comments Alignment Statement Alignment Basis Comments Unit Reference Document Doc. Details Aligns Shearon Harris performed a multiple spurious HNP-E/ELEC-0001, Safe Appendix 14 operations review in accordance with the Shutdown in Case of Fire guidelines of NRC RIS 2004-03. The results of and Fire Hazards Analysis, the review are contained in Appendix 14 of the Rev. 0, 6/2/2006 safe shutdown analysis.
HNP Page 77 of 77 5/8/2007 HNP_SSCA Review PE ver 1.0.3 Build2 04-27-2007_Working Copy.mdb Transition Tool Version 1.0.3