August 2007 - Transition to National Fire Protection Association (NFPA) 805 - Non-Power Operation Transition - Duke Energy - Briefing Materials/Meeting Handouts

ML072780313
Person / Time
Site:	Harris
Issue date:	08/07/2007
From:	Duke Energy Corp
To:	Office of Nuclear Reactor Regulation
Oudinot D
References
Download: ML072780313 (17)
v • d • e

Text

Non-Power Operation Transition August 7, 2007 Bethesda, MD 1

Duke Presenter David Goforth Duke Energy NFPA-805 Transition Technical Manager 2

Background

NFPA 805 requires the evaluation of the effects of a fire

During any operational mode and plant configuration

Concept introduced in NUREG 1449

Building on NUMARC 93-01 and 91-06 3

What will be do?

The industry has been challenged to propose a method for addressing fire-induced high risk evolutions (as opposed to addressing fire risk during high risk evolutions).

4

The Plan

Incorporate Fire into the current Outage Defense in Depth method. (Actually the effects of a fire are already required to be addressed, we will implement a more exacting methodology).

Take the concept of High Risk Evolution used in NEI 04-02 and apply it to what is really required to protect Key Safety Functions.

5

Definitions

Defense in Depth - For the purpose of managing risk during shutdown, DID is the concept of:

Providing SSCs to ensure backup to Key Safety Functions using redundant, alternate, or diverse methods

Planning and scheduling outage activities in a manner that optimizes safety system availability.

Planning and scheduling outage activities to include redundant personnel reviews or approvals prior to work start.

Providing administrative controls that support and/or supplement the above elements. Administrative controls could be additional reviews, approval sequences or personnel involvement.

Providing the plans necessary to minimize the likelihood of losing a Key Safety Function.

6

Definitions (Continued)

Key Safety Functions - The functions that ensure the integrity of the reactor coolant pressure boundary, ensure the capability to shutdown and maintain the reactor in a safe shutdown condition, and ensure the capability to prevent or mitigate the consequences of accidents that could result in potentially significant offsite exposures. These key safety functions are:

Decay heat Removal

Reactor Coolant Inventory Control

Reactivity Control

Containment Control

Spent Fuel Cooling

Power Availability 7

Definitions (Continued)

High Risk Evolutions - Outage activities, plant configurations or conditions during shutdown where the plant is more susceptible to an event causing the loss of a Key Safety Function. High Risk Evolutions include:

Draining to Reduced Inventory when the reactor coolant level is at or below the reactor vessel flange

Reactor Coolant System at or below Reduced Inventory

Midloop operation

Any specific evolution determined by Station Management 8

What does the Industry do?

Use an outage risk assessment tool

Look for places where Key Safety Systems may be compromised during outage planning and during an outage.

Put tools into place that allow Operations the ability to track and maintain a required level of safety with regard to Key Safety Functions at any time.

Provide the needed tools to ensure that Key Safety Functions are maintain at or above required levels at all times.

Provide contingency plans for whenever the required level of Key Safety Functions cannot be met.

9

Outage Keys

RCS Inventory Addition paths

Forced Injection

Gravity Flow

RCS Vent Paths

Intact RCS

LTOP Vent Path

Large Vent Path

RCS Level

Loops Filled

Loops Not Filled

Reduced Inventory

Midloop

Decay Heat

High Decay Heat

Low Decay Heat

Residual Heat Removal

RHR

S/Gs

Power

Support Systems 10

Example 1 Outage Configuration - Mid-loop in High Decay Heat Condition

Keys:

No large vent path established, thus forced injection required

Draining below Loops Filled condition - S/Gs cannot be used

High Decay Heat - short time for operators to respond to a loss of RHR

Requirements:

2 trains of decay heat removal required and protected

2 trains of forced injection required and protected

 Maintain 1 HPI pump on each train

2 trains of electrical power and support systems and protected

Containment Closure required

Minimum Control Room accessibility 11

Example 2 Outage Configuration - Draining the RCS to below the flange in High Decay Heat Condition

Keys:

No large vent path established, thus forced injection required

Draining below Loops Filled condition - S/Gs cannot be used

High Decay Heat - short time for operators to respond to a loss of RHR

Recognized risk because of limited venting while draining, instrument errors, OE on loss of RHR during evolution, etc.

Requirements:

2 trains of decay heat removal required and protected

2 trains of forced injection required and protected

 Maintain 1 HPI pump on each train

2 trains of electrical power and support systems and protected

Containment Closure required

Minimum Control Room accessibility 12

What about fire?

Is there anywhere where a fire can cause the loss of all Key Safety Functions?

Keys:

Is there anywhere in the plant where all the KSF cables are routed together?

Is there anywhere where all the KSF equipment is located within a single fire area?

If a local operator actions is required, is there enough time prior to core damage for the operator to respond? Is the local operator action outside the fire area?

Is there any outage work ongoing in the at risk fire areas?

Will the operators be able to recognize a fire has happened in order to respond?

Establish contingency plans for loss of different levels of defense in depth 13

What about fire?

NFPA-805 and NEI 04-02 Requirements:

Ensure that the operators can recognize and properly respond in time to a fire to protect the core. Typically the riskier evolutions are during periods of low RCS inventory and high decay heat.

Know where plant cables and equipment are with respect to a given fire area

Factor work in risk significant fire areas into outage planning

Understand what defense in depth is required during the outage and will a single fire jeopardize the protection of the core

Use administrative controls for outage activities that can potentially cause a fire

If a local operator action is required, ensure adequate time and feasibility exist to carry out the action.

14

Nuclear Plant - USA 15

Possible Vulnerabilities and Solutions Examples

RHR suction valves - turn off power to valves

RHR flow diversion flow paths - turn off power to valves or use a manual valve to isolate

Both trains of protected equipment are located in a single fire area - set a fire watch, do allow personnel near protected equipment, etc.

If Gravity flow path is an option -implement a local action, ensure containment closure possible, dedicate an operator, etc 16

Summary

Fire will became a built in factor to existing outage risk methodology.

Fire vulnerabilities for higher risk areas and evolutions will be identified as a part of outage planning

Fire risk will be addressed using defense in depth methodology

Contingency plans will be made available to the operators for higher risk evolutions

Operator timeline must be verified for defense in depth responses.

17