Text

Submittal of Information in Support of NFPA 805 Pilot Observation Reviews
	ML080160256
Person / Time
Site:	Harris
Issue date:	01/10/2008
From:	Corlett D; Progress Energy Carolinas
To:	; Document Control Desk, Office of Nuclear Reactor Regulation
References
	HNP-07-178, RIS-05-026, SECY-04-0191
	Download: ML080160256 (86)
	v • d • e

ATTACHMENT 2 TO THIS LETTER CONTAINS SENSITIVE INFORMATION SUBMITTED UNDER 10 CFR 2.390(d)(1).

~ Progress Energy JAN 1 0 2008 SERIAL: HNP-07-178 United States Nuclear Regulatory Commission ATTENTION: Document Control Desk Washington, DC 20555 -

SHEARON HARRIS NUCLEAR POWER PLANT DOCKET NO. 50-400/LICENSE NO. NPF-63 SUBMITTAL OF INFORMATION IN SUPPORT OF NFPA 805 PILOT OBSERVATION REVIEWS Ladies and Gentlemen:

Carolina Power & Light Company, doing business as Progress Energy Carolinas, Inc. (PEC), is providing copies of documents to the NRC to assist in the NFPA 805 Pilot Observation reviews.

Documents provided are subject to future updates as the pilot initiative progresses.

No new regulatory commitments are contained in this submittal.

PEC requests that the documents included as Attachment 2 to this letter be withheld from public disclosure in accordance with 10 CFR 2.390(d)(1) since the documents contain information deemed sensitive concerning Harris Nuclear Plant's physical protection based on screening in accordance with NRC Regulatory Issue Summary 2005-26, Control of Sensitive Unclassified Non-Safeguards Information Related to Nuclear Power Plants and the guidance contained in NRC SECY-04-0191, Withholding Sensitive Unclassified Information Concerning Nuclear Power Reactors from Public Disclosure.

If you have any questions regarding this submittal, please contact me at (919) 362-3137.

Sincerely, David H. Corlett Supervisor, Licensing/Regulatory Programs Harris Nuclear Plant DHC/mgw ATTACHMENT 2 TO THIS LETTER CONTAINS SENSITIVE UNCLASSIFIED (NONSAFEGUARDS)

INFORMATION REQUESTED TO BE WITHHELD FROM PUBLIC DISCLOSURE IN ACCORDANCE WITH 10 CFR 2.390(d)(1).

Progress Energy Carolinas, Inc.

/1V C]))

Harris Nuclear Plant P. 0. Box 165 1

New Hill, NC 27562

ATTACHMENT 2 TO THIS LETTER CONTAINS SENSITIVE INFORMATION SUBMITTED UNDER 10 CFR 2.390(d)(1).

NRC Document Control Desk SERIAL: HNP-07-178 Page 2 Attachments:

1.

Fire Protection Project Review Documents

2.

Security Sensitive Documents - Security Related Information c:

Mr. A. R. Klein (NRR) w/o Attachments Mr. V. M. McCree (NRC Acting Regional Administrator, Region II) w/o Attachments Mr. P. B. O'Bryan (NRC Senior Resident Inspector, HNP) w/o Attachments Ms. M. G. Vaaler (NRC Project Manager, HNP) w/o Attachments ATTACHMENT 2 TO THIS LETTER CONTAINS'SENSITIVE UNCLASSIFIED (NONSAFEGUARDS)

INFORMATION REQUESTED TO BE WITHHELD FROM PUBLIC DISCLOSURE IN ACCORDANCE WITH 10 CFR 2.390(d)(1).

NRC Document Control Desk SERIAL: HNP-07-178 Fire Protection Project Review Documents:

OMP-003, Outage Shutdown Risk Management (83 pages)

Transition to 10CFR50.48(c) - NFPA 805, Transition Report (36 pages)

FPIP-0126, Non-Power Operational Modes Transition Review (13 pages)

Progress Energy I

Information Use PROGRESS ENERGY SHEARON HARRIS NUCLEAR POWER PLANT PLANT OPERATING MANUAL VOLUME 9 PART 1 OUTAGE MANAGEMENT PROCEDURE OMP-003 OUTAGE SHUTDOWN RISK MANAGEMENT REVISION 24 I OMP-003 I

Rev. 24 1

Page1of83

Table of Contents Section Page 1.0 P U R P O S E....................................................................................................................

3 2.0 R E FE R E N C ES................................................

.................................................... 3 2.1 N G G /PO M Procedures...................................................................................

3 2.2 D raw ing s................................................................................................

..... 3 2.3 O th e r...................................................................................................................

4 3.0 R ES P O N S IB ILIT IES...............................................................................................

5 4.0 DEFINITIONS/ABBREVIATIONS............................................................................

7 5.0 IM P LE M E N TA T IO N...............................................................................................

11 5.1 Introduction to Shutdown Risk Principles................................................

11 5.2 Shutdown Risk Management Principles....................................................

12 5.3 Key Safety Function Guidelines.................................................................

16 5.3.1 Key Safety Functions General.........................

....................................... 16 5.3.2 Decay Heat Rem oval..............................................................................

20 5.3.3 E lectrical P ow er.....................................................................................

.. 25 5.3.4 Inventory C ontrol.....................................................................................

28 5.3.5 Reactivity Control..............................

29 5.3.6 P ressure C ontrol...............................................................

............... 29 5.3.7 Containment Integrity/Closure.................................................................

30 5.3.8 Application of Seismic Design Criteria.......

........... 33 5.4 Risk Assessment...............................................

34 5.4.1 Initial Risk Assessment.........................................

........... 34 5.4.2 Miscellaneous Reviews.....................................

35 5.4.3 S chedule C hanges...................................................................................

37 5.5 Control of Key Safety Functions..............................................................

40 5.6 Key Safety Function Availability Checklists.............................................

41 5.7 C om m unication of R isk...............................................................................

43 6.0 DIAGRAMS/ATTACHMENTS.................................................................................

43 Attachment I - Key Safety Function Availability Checklists................................

44 - Key Safety System Availability Explanations.............................

46 - Safety Significance Screening of Schedule Changes................ 52 - Risk Assessment of Schedule Changes.....................................

53 - Inventory and Reactivity Flowpaths...........................................

54 - UPS Loads Important To Key Safety Functions.......................... 54 - Systems Requiring Risk Assessment for Schedule Changes....... 54 - Maximum Equilibrium Containment Pressure............................ 54 - Risk Review Identification on Work Order Tasks...........................

54 0 - Protected Train Work Approval Form......................................

54 1 - Outage Risk Criteria....................................................................

54 2 - Protected Equipment Sign........................................................

54 GOMP-003 I

Rev. 24 I

Page 2 of 83

1.0 PURPOSE R

This procedure implements the SHNPP philosophy of outage risk management for Modes 4 - 6 and defueled. Technical Specifications satisfy risk management guidelines for Mode 4. For Modes 5, 6, and defueled, this procedure provides guidelines for outage risk management which meet or exceed Technical Specifications. This procedure fully or partially meets the following requirements and commitments:

NUREG-1449 INPO 92-005 NUMARC 91-06 NRC Information Notice 95-35 NRC GL 98-02, and SOER 98-1 NUMARC 93-01 Section 11

2.0 REFERENCES

2.1 NGG/POM Procedures 2.1.1 AP-012, Control of Overtime Hours 2.1.2 PLP-106, Technical Specification Equipment List Program and Core Operating Limits Report 2.1.3 PLP-114, Relocated Technical Specifications and Design Basis Requirements 2.1.4 PLP-700, Outage Management 2.1.5 Technical Specifications:

1.

2.

3.

4.

5.

6.

7.

8.

9.

3.1.1.2 3.1.2.1 3.1.2.5 3.1.3.3 3.4.1.4.1 3.4.1.4.2 3.4.2.1 3.4.9.4 3.6.1.1 10.

11.

12.

13.

14.

15.

16.

17.

3.8.1.2 3.8.3.2 3.9.1.a 3.9.8.1 3.9.8.2 3.8.2.2 3.1.2.3 3.9.4 2.1.6 OMP-004, Control of Plant Activities During Reduced Inventory Conditions 2.1.7 GP-008, Draining the Reactor Coolant System 2.1.8 AOP-024, Loss of Uninterruptible Power Supply 2.1.9 ADM-NGGC-0101, Maintenance Rule Program 2.2 Drawings

2.2.1 CPL-2165-S

1.

2.

3.

4.

5.

6.

7.

1300 1303 1305 1307 1308 1310 1324 OMP-003 Rev. 24 Pag e 3of 83

2.3 Other 2.3.1 NUMARC 91-06, Guidelines for Industry Actions to Assess Shutdown Management 2.3.2 NUREG-1449, Shutdown and Low-Power Operation at Commercial Nuclear Power Plants in the United States 2.3.3 INPO 92-005, Guidance for Managing Shutdown Risk 2.3.4 NRC Information Notice 95-35, Degraded Ability of Steam Generators to Remove Decay Heat by Natural Circulation 2.3.5 ESR 9400099, RCS Vacuum Refill 2.3.6 NRC Generic Letter 98-02: Loss of Reactor Coolant Inventory and Associated Potential for Loss of Emergency Mitigation Functions While in a Shutdown Condition 2.3.7 CR 97-04371, Parallel EDG Operation while on backfeed 2.3.8 SOER 98-1, Safety System Status Control 2.3.9 CR 98-01770, LTOP Operability 2.3.10 NSAC/195L, Safety Assessment of Diablo Canyon Risks During Shutdown Operations, Appendix A 2.3.11 GL 88-17, Loss of Decay Heat Removal, Oct.17, 1988 2.3.12 Comments on the CP&L Response to GL 88-17 with Respect To Expeditious Actions for Loss of Decay Heat Removal for SHNPP (TAC No. 69747), May 10, 1989 2.3.13 MS-950820, Letter From Tom Walt to File on Requirement For Equipment Hatch Bolting During Reduced Inventory and Midloop 2.3.14 ESR 9500808, Removable Equipment Hatch Cover Bolting Requirements 2.3.15 ESR 9800297, Containment Closure versus Containment Pressure 2.3.16 NUMARC 93-01 Rev. 3, Industry Guideline For Monitoring the Effectiveness of Maintenance at Nuclear Power Plants 2.3.17 AR 45235-08, Specify SOER 98-1 recommendation 3, Safety System Status Control continuing training for O&S personnel 2.3.18 AR 51173-08, Clarify requirements for working on protected train equipment.

2.3.19 93H0963, PNSC requested procedure revision for RVLIS and IRVH 2.3.20 EC 50542, Decay Heat Removal Capability 2.3.21 EC 48676, Use Analytical Margin in SGR/PUR Analyses and Increase in Normal Spent Fuel Pool Temperature to Allow for Higher Spent Fuel Storage in SFP C and D 2.3.22 AR 91818, AOP-018 Entry, During Testing In Accordance With OST-1813 CCW Surge Tank Level Was Observed To Be Decreasing.

2.3.23 AR 92382, Time To Boil Calculation can be non-conservative based on input values.

2.3.24 AR 140449140449 Loss of the 1A-SA Emergency Bus I OMP-003 I

Rev. 24 1

Page 4 of 83:

3.0 RESPONSIBILITIES 3.1 The Plant General Manager is responsible for:

3.1.1 Establishing and communicating shutdown risk management expectations and principles.

3.1.2 Establishing plant programs to ensure shutdown risk management is implemented in outage activities.

3.2 The Supervisor - Outage Management is responsible for:

3.2.1 Providing planning and scheduling support for forced and planned outages.

3.2.2 Organizing an independent outage risk assessment for each planned outage requiring a Mode 4 entry.

3.2.3 Ensuring the outage schedule adheres to the principles of shutdown risk management.

3.3 The Manager - Operations is responsible for:

3.3.1 Selecting and assigning operations personnel, as requested by the Manager - Outage and Scheduling, to augment the Outage staff during planning and implementation of the outage.

3.3.2 Ensuring any work resulting in a CNMT penetration being incapable of immediate closure has a written containment closure plan.

3.3.3 Ensuring a Containment Closure Plan is present in the work order package OR documentation directing how to accomplish the work.

3.4 Each Unit Manager is responsible for:

3.4.1 Adhering to station philosophy regarding shutdown risk management.

3.5 The Work Control Outage Manager (WCOM) is responsible for:

3.5.1 Implementing outage risk management guidelines in schedule development for planned and forced outages.

3.5.2 Performing reviews of schedule activity changes for impact on shutdown risk management.

3.5.3 Concurring with the Superintendent - Shift Operations that plant equipment supports requirements of the shutdown risk plan prior to the Superintendent - Shift Operations authorizing a planned entry into a new plant configuration.

OMP-003 I

Rev. 24 Page 5 of831

3.5.4 Ensuring equipment failure or unavailability resulting in going below OMP-003 requirements is documented on an Action Request. The Action Request should state that the equipment failure or unavailability needs to be evaluated for maintenance rule impact.

3.5.5 Ensuring plant personal are aware of when shutdown risk contingency plans are in effect.

3.6 The Superintendent - Shift Operations (S-SO) is responsible for:

3.6.1 Ensuring that defense in depth equipment is maintained throughout the outage.

3.6.2 Providing final authority to add or stop work to ensure nuclear safety, or determining activities that may not be performed on PROTECTED equipment.

3.6.3 Obtaining concurrence from the WCOM that requirements of the shutdown risk plan are met before a planned entry into a new plant configuration.

3.6.4 Verifying that plant equipment supports requirements of the shutdown risk plan before authorizing entry into a new plant configuration.

3.6.5 Posting Equipment Protection signs per section 5.6.

3.7 The Supervisor - Online Scheduling is responsible for:

3.7.1 Approving the move of outage scope to on-line performance.

3.8 The Plant Nuclear Safety Committee is responsible for:

3.8.1 The Plant Nuclear Safety Committee is responsible to evaluate and concur with proposed emergent work or schedule changes which are determined by the assessment team review to reduce the planned Defense in Depth below minimum requirements or are considered to be higher risk evolutions. Specific briefing and review should be accomplished to ensure the time between disconnecting RVLIS from the IRVH vent and the detensioning of the IRVH is scheduled for minimum time due to the concerns with surge line flooding with PZR manway removed. (Ref. 2.3.19) 3.9 All Station Personnel are responsible for:

3.9.1 Adhering to the approved schedule logic or receive permission from the Work Control Outage Manager to deviate from approved schedule logic.

I OMP-003 I

Rev. 24 Page6of83

4.0 DEFINITIONS/ABBREVIATIONS 4.1 Available The status of a system, structure, or component (SSC) that is in service OR can be placed in service in a FUNCTIONAL OR OPERABLE state by prompt manual OR automatic action. This action may be performed locally OR remotely.

Equipment out of service (e.g. tagged out) for corrective OR preventative maintenance is typically considered unavailable.

SSCs out of service for testing are typically considered unavailable, unless the test configuration is automatically overridden by a valid starting signal, OR the function can be promptly restored either by an operator in the control room OR by a dedicated operator stationed locally for that purpose. Restoration actions must be contained in a written procedure, must be uncomplicated (a single action OR a few simple actions), AND must not require diagnosis OR repair.

Credit for a dedicated local operator can be taken only IF the operator is positioned at the proper location throughout the duration of the test for the purpose of restoration of the train should a valid demand occur. (Ref. 2.3.16)

The following clarifications apply to available equipment/systems:

Automatic features may be defeated IF not required in the present Mode.

Components such as instrumentation may be out of service provided the SSCs ability to perform its function is not degraded. Instrumentation to adequately monitor SSC performance must function.

MOVs may be deactivated in positions that support the shutdown function of the SSC.

A CSIP aligned to meet Tech Spec 3.1.2.3 requirements of having no more than one CSIP operable is considered available as long as the pump is recoverable by removing the clearance, restoring the breaker, AND verifying SW cooling.

A standby SFP cooling pump is considered available IF it can be restored to functional by completing the applicable EM procedure to power the pump from the standby power supply during a safety related bus outage before SFP temperature will exceed 150F.

4.2 Containment Closure The action to secure Containment and its associated systems and components as a functional barrier to fission product release.

I OMP-003 I

Rev. 24 1

Page 7 of 83

4.3 Contingency Plan An approved plan of compensatory actions designed to:

Maintain defense in depth by an alternate means when pre-outage planning reveals that specific SSCs will be unavailable.

Restore defense in depth when system availability drops below the planned defense in depth level during the outage.

Minimize the likelihood of a loss of a key safety function during Higher Risk Evolutions.

The following refueling outage activities are typically not considered to require CONTINGENCY PLANS because: 1) the tests are performed with sufficient personnel to realign breakers and flow paths as necessary to maintain defense in depth, and 2) controls and recovery actions are specified in the procedures.

EDG barring OST-1 826 OST-1 506 OST-1 827 OST-1823 OST-1813 OST-1824 OST-1858 OST-1825 OST-1859 4.4 Decay Heat Removal Capability The ability to maintain RCS temperature and pressure, AND SFP temperature below specified limits following a shutdown.

4.5 Defense in Depth The concept of managing shutdown risk by:

Providing SSCs to ensure backup of key safety functions using redundant, alternate, or diverse methods.

Planning and scheduling outage activities in a manner that optimizes safety system availability.

Providing administrative controls that support and supplement the above elements.

4.6 Defueled All fuel assemblies have been removed from the reactor vessel and placed in the spent fuel pool or other storage location.

4.7 Functional The ability of a SSC to perform its intended function with consideration that applicable Technical Specification requirements or licensing design basis assumptions may not be maintained.

I OMP-003 I

Rev. 24 1

Page 8:of 83

4.8 Higher Risk Evolution Outage activities, plant configuration or conditions during shutdown where the plant is more susceptible to an event causing the loss of a key safety function.

The following refueling outage activities are typically not considered to be high risk evolutions. Additional contingency planning is not required because 1) the tests are performed with sufficient personnel to realign breakers and flow paths as necessary to maintain defense in depth, and 2) controls and recovery actions are specified in the procedures.

EDG barring OST-1 826 OST-1506 OST-1 827 OST-1823 OST-1813 OST-1824 OST-1858 OST-1825 OST-1 859 4.9 Inventory Control Measures established to ensure that irradiated fuel remains covered with coolant to maintain heat transfer and shielding requirements.

4.10 Key Safety Function Those functions required to ensure nuclear safety during shutdown consisting of decay heat removal capability (both when the core is in the vessel AND in the spent fuel pool), inventory control, power availability, reactivity control, pressure control, and containment.

.4.11 Maintenance Exclusion Period A designated period in the schedule to allow completion of activities that would require testing each train of safety related equipment. The testing of the trains will be done in series to ensure that one PROTECTED TRAIN is always supporting the KEY SAFETY FUNCTIONS and remains functional while the other train is being tested. During this period the communication to the site will be that both trains of the KEY SAFETY FUNCTIONS are PROTECTED.

4.12 Midloop Plant condition of having fuel in the vessel and RCS level more than 60 inches below the reactor vessel flange (typical midloop operating range is 70 - 75 inches below the reactor vessel flange).

4.13 Operable A system, sub-system, train, component OR device is capable of performing its specified function(s), AND all necessary attendant instrumentation, controls, electric power, cooling OR seal water, lubrication OR other auxiliary equipment that are required for the system, sub-system, train, component OR device to perform its function(s) are also capable of performing their related support function(s).

OMP-003 Rev. 24 Page 9 of 83

4.14 Protected The application of administrative controls to activities resulting in minimizing the possibility of the loss of use of affected equipment. These controls would apply to maintenance and testing activities that place the equipment outside its normal, as designed, configuration. The equipment that would be PROTECTED would be that equipment which is required for a KEY SAFETY FUNCTION.

4.15 Protected Train A group of equipment usually powered from the same power supply train that supports the KEY SAFETY FUNCTION(s), which is administratively controlled to minimize the possibility of loss of use of the equipment. These controls do not extend to that equipment associated with the protected train that is not required to support a KEY SAFETY FUNCTION.

4.16 Protected Train Equipment That equipment within the PROTECTED TRAIN the loss of which would result in the loss of a KEY SAFETY FUNCTION (the redundant equipment on the opposite train is unavailable).

4.17 Risk Management An integrated process of assessing and reducing the likelihood and consequences of an adverse event.

4.18 Reactivity Control Measures established to preclude inadvertent dilutions, criticalities, power excursions or losses of shutdown margin, and to predict and monitor core behavior.

4.19 Reduced Inventory Plant condition of having fuel in the vessel with RCS level more than 36 inches below the reactor vessel flange.

4.20 SSC Structure, system, or component I OMP-003 I

Rev. 24 1

Page 10 of 83

5.0 IMPLEMENTATION 5.1 Introduction to Shutdown Risk Principles 5.1.1 The most fundamental risk management action is properly planning and sequencing of the maintenance activities while taking into account the insights provided by the risk assessment. Along with properly sequencing activities, additional risk mitigation actions may be undertaken that reduce risk. These risk mitigation actions may be procedure changes, equipment postings, specific site communication, etc. Since many of the risk management actions address non-quantifiable factors, the risk reduction achieved by their use would not necessarily be quantifiable.

(Ref. 2.3.16) 5.1.2 The probability of events leading to fuel damage during shutdown can be the same order of magnitude as their probability during power operation.

These events are typically associated with a few common elements that increase the risk inherent in the evolution. These elements are generally associated with abnormal equipment alignments, high decay heat conditions, work or testing affecting Key Safety Functions. For example, during reduced inventory, plants are particularly vulnerable to events that could lead to fuel damage. The time to mitigate the consequences of an event is reduced even further when high decay heat generation exists.

5.1.3 The unavailability of safety systems required to mitigate such events increases the potential for loss of essential safety functions and decreases the operator's ability to mitigate the consequences of an event.

5.1.4 The scope of activities performed during refueling outages is large and diverse. The coordination of these activities, with the objective to manage risk and maintain safety functions, is essential to supporting nuclear safety goals. The measures taken to support risk management go beyond Technical Specifications for shutdown plant conditions in recognition of the impact on nuclear safety.

5.1.5 The primary means of enhancing nuclear safety during shutdown operation is to effectively control outage activities. A clear understanding of the risks associated with maintenance and testing during shutdown plant operation, the need for involvement from all organizational levels to ensure proper planning, coordination, communication, and awareness of plant status by personnel involved in outage activities is essential to maintaining key safety functions and managing shutdown risk. HNP is committed to conducting outages which minimize the risk to the public health and safety, to employees, and to the financial investment in the plant.

I OMP-003 I

Rev. 24 1

Page 11 of 83

5.1 Introduction to Shutdown Risk Principles (continued) 5.1.6 For the shutdown plant, a qualitative approach to managing risk is used.

Outage configurations are evaluated and graded on three qualitative criteria. Each of the criteria represents a contributor to overall risk. The combination of these criteria results in an overall grade for outage risk.

The overall grade also corresponds to a risk color. The escalation of risk color is green, yellow, orange, and red. Higher the grade - higher the risk.

The criteria are dominated by focus on the critical safety function of decay heat removal. The rationale being that risk of fuel damage and therefore risk of dose to the general public is dominated by events which result in a loss of DHR, boil-off of available water inventory, and subsequent core uncovery. It is core uncovery that leads to fuel damage.

The process does not prevent the WCOM from establishing a discretionary qualitative total evaluation. All higher risk evolutions as defined in OMP-003 for DHR are Orange or Red. Attachment 11 further defines how risk criteria are determined for each criterion. The approach involves consideration of the following criteria:

1.

Equipment Availability - This is a qualitative evaluation of the availability and reliability of systems that provide decay heat removal.

2.

Time to Boil - With the loss of DHR, this factor is a measure of heat load and time pressure for recovery actions. It represents a measure of risk that the recovery action will not occur in time to prevent core boiling, or that the time pressure on manual actions may exacerbate the event.

3.

Inventory - Similar to time to boil, this is a measure of time available for recovery actions before core uncovery occurs.

5.2 Shutdown Risk Management Principles 5.2.1 Integrated Management

1.

Outage schedules should be developed through interaction with involved organizations and disciplines to assure that the planning provides Defense In Depth throughout the outage. Outage activities should be controlled and implemented according to the approved schedule.

2.

The philosophy and basis used to develop the initial schedule should be applied to make schedule changes that affect the availability of key safety functions after the Initial Outage Risk Assessment either before the outage or during the outage.

3.

The Plant Nuclear Safety Committee (PNSC) should concur with any change which decreases the planned Defense In Depth below minimum requirements as specified in this procedure for the outage.

I OMP-003 I

Rev. 24 1

Page 12 of 83

5.2.1 Integrated Management (continued)

4.

OMP-004 is used to control conduct of evolutions during Reactor Coolant System reduced inventory with fuel in the vessel.

5.

The current plant status, including availability of key safety systems or equipment, should be communicated on a regular basis to personnel who may affect plant safety. Higher Risk Evolutions should also be conveyed including any appropriate precautions or compensatory actions necessary.

6.

The outage self assessment should include performance from a safety perspective. The results of the self assessment should be used as a basis for improvements to planning and control of future outages.

5.2.2 Level of Activities

1.

The outage work scope and schedule should realistically match resources to activities. Additional resources should be available to meet anticipated changes, such as increases to the outage scope.

2.

Tasks should be sufficiently detailed and organized to accurately depict the impact on complex evolutions and equipment availability.

3.

Tasks that may impact KEY SAFETY FUNCTION(S) should be limited and strictly controlled during Higher Risk Evolutions or infrequently performed evolutions.

4.

Outage planning should consider the potential introduction of hazards, such as fire or flooding, posed by the level and scope of activities in a given plant location. Compensatory measures should be established as required.

5.

AP-012 SHALL control outage overtime.

5.2.3 Defense in Depth

1.

The outage schedule should establish the SSCs that should provide backup for Key Safety Functions that is commensurate with plant conditions.

2.

Outage planning should optimize safety system availability.

Systems should be returned to service; either operable per Technical Specifications, when required by Tech Specs, or functional when needed for defense in depth; as soon as practicable following completion of scheduled work.

3.

The restoration of SSCs should be assured by post maintenance testing, monitoring of key parameters with the system in service, or through verification of system alignment and administrative control by Operations personnel.

OMP-003 I

Rev. 24 Page 13 of 83

5.2.3 Defense in Depth (continued)

4.

A PROTECTED TRAIN philosophy should be utilized in the outage schedule. The equipment that makes up the PROTECTED TRAIN providing defense in depth should be controlled to ensure they remain available. The designation of the protected train should be communicated to site personnel on a regular basis.

5.2.4 Contingency Plans

1.

Contingency plans should be developed for Higher Risk evolutions before starting the evolution.

2.

Contingency plans should be developed whenever plant conditions cause system availability to drop below defense in depth guidelines.

3.

Contingency plans should consider the use of alternate equipment to respond to the loss of dedicated safety and monitoring equipment, AND should also consider additional monitoring OR controls to minimize the risk.

4.

Contingency plans should be based on past outage experiences and consider likely failures and outage delays based on the level of activities planned.

5.

Personnel who may be required to implement a contingency plan should be trained on the content and basis for the plan.

6.

Outage Management, Operations, and the organization responsible for implementing the contingency plan should be cognizant of when contingency plans are in effect AND who is responsible for their implementation.

7.

A contingency plan measure established as a risk management action to reduce risk impact during a planned maintenance activity requires a 50.65(a)(4) assessment. The compensatory measures would be expected to reduce the overall risk of the maintenance activity; however, the impact of the measures on plant safety functions should be considered as part of the (a)(4) evaluation.

Since the compensatory measures are associated with maintenance activities, no review is required under 10 CFR 50.59, unless the measures are expected to be in effect during power operation for greater than 90 days. (Ref. 2.3.16)

OMP-003 Rev. 24 Page 14 of 83

5.2.5 Training

1.

The Supervisor - Outage Management should designate personnel that can perform shutdown risk assessment reviews of schedule changes. Personnel should complete training as specified by the Supervisor - Outage Management including a periodic review of SOER 98-1, Safety System Status Control.

(Ref. 2.3.17)

2.

Operator training should include applicable shutdown safety issues including the loss of key safety functions. The Harris Training Unit Simulator should be used, to the extent practical, to cover shutdown operations.

3.

Plant personnel, including contractors and others temporarily assigned to support the outage, should be trained on shutdown risk as applicable to their role in the outage. The extent of the training will be dependent on the role the personnel provide.

4.

Personnel with responsibility. for any contingency plan should be trained to ensure competence at performing their assigned task.

5.2.6 Outage Risk Assessment Review

1.

Planned outage schedules requiring entry into Mode 4 should be critically reviewed by a multi-disciplined group knowledgeable in management expectations for outage nuclear safety and plant operation. The review should not be conducted solely by those directly involved in the development of the schedule.

2.

IF entry into Mode 4 is being made as a result of a forced outage, the initial risk assessment should be completed as soon as the first detailed schedule of the work scope is available. Attachment 4 should be completed to document completion of the initial risk review. Entry into Mode 4 to comply with Tech Specs OR as a result of plant conditions should not be held up to perform this initial risk assessment.

3.

The review should assess the adequacy of the defense in depth provided for the duration of the outage and consistency with the shutdown safety policy. This review should be conducted according to this procedure.

4.

The review should ensure that Higher Risk Evolutions are clearly identified in the schedule and that contingency plans have been developed and are adequate.

5.

An evaluation of applicable Operational Experience should be conducted as part of this review. The scope of this evaluation will be determined by the Supervisor, Outage Management and should include both industry and HNP specific items.

I OMP-003 Rev. 24 Page e15of883 ]

5.2.6 Outage Risk Assessment Review (continued)

6.

The review should be completed and issues resolved before the start of the scheduled outage.

7.

Logic tie changes, scope additions or deletions which occur after the initial review or during the outage should be reviewed according to this procedure.

8.

Review the outage schedule during the pre-outage risk assessment process to ensure that "at least two transmission lines that can support the credited offsite power source(s) remain available (breakers closed in at both ends) at all times for the duration of the outage". This ensures that adequate defense in depth exists on the system, during transmission and switchyard maintenance, to support the credited plant offsite power source(s). Even when there is only one offsite power source to the plant (one transformer), it must be supplied by at least two transmission lines. Significant changes to transmission and switchyard work schedules that may occur during the outage must also be reviewed against this criterion.

5.3 Key Safety Function Guidelines 5.3.1 Key Safety Functions General

1.

Section 5.3 contains scheduling guidelines which constitute the Defense in Depth framework for outage plans and schedules. The scheduling guidelines, which are specified by key safety functions, are applied during the development of each outage plan and schedule to incorporate risk management principles and frequently exceed Tech Spec requirements.

2.

In addition to the application during outage plan development, Section 5.3 serves as a review checklist during the initial risk assessment and for additional assessments required due to work scope or schedule logic changes following the initial assessment.

3.

Maintenance activities that do not necessarily remove the SSC from service may still impact plant configuration AND impact key safety functions. Examples could include:

A valve manipulation that involves the potential for a single failure to create a drain-down path affecting the inventory control key safety function.

A switchyard circuit breaker operation that involves the potential for a single failure to affect availability of AC power.

I OMP-003 I

Rev. 24 1

Page 16 of 831

5.3.1 Key Safety Functions General (continued)

During performance of OST-1813 and the start of a second CCW pump, the resulting surge in pressure can cause CCW relief valves to lift if maintenance activities have isolated and reduced the number of flow paths available. This can cause a loss of CCW inventory and result in a loss of decay heat removal capability.

(Ref 2.3.22)

4.

Activities that present a single failure situation that can impact key safety functions should be identified in the schedule and pre-evolution briefs or contingency plans should be created commensurate with the level of risk imposed by the activity.

5.

Tech Specs provides adequate defense in depth for the Mode 4 qualitative assessment. Intentional entry into Tech Spec action statements per an approved schedule should be carefully evaluated to ensure principals of defense in depth are maintained.

In addition, the cumulative affect on plant risk from entry into more than one action statement, the concurrent plant configuration, and any other KEY SAFETY FUNCTIONS that could be degraded should be evaluated as part of this Mode 4 assessment.

6.

Specific Tech Spec requirements are shown in bold type to better highlight the basis for the requirement.

7.

Very specific requirements exist for Reduced Inventory AND Midloop operation. These requirements are delineated within site General Procedures vice this section and Tech Spec 3.9.3.

8.

PROTECTED TRAIN EQUIPMENT shall be posted according to Section 5.6. Work activities inside the posted area should generally be viewed as impacting protected equipment and therefore be avoided, or evaluated as a reduction in defense in depth per section 5.4. Exceptions to this requirement are routine surveillances (with intervals of monthly or less) that do not impact the ability of equipment to support its Key Safety Function. These activities should enhance equipment reliability, should not require the equipment to change state (start/stop), and may proceed provided the S-SO and WCC are notified. All other activities require the completion of a Protected Train Work Approval Form (Attachment 10) which will specify actions to remove the potential for the risk of loss of this equipment such as expanded pre-evolution briefs or increased management oversight.

SOMP-003I Rev. 24 1

Page 17 of 83

5.3.1 Key Safety Functions General (continued)

9.

When planning and scheduling activities a priority should be placed on maintaining a physical separation between the maintenance or testing activity and the PROTECTED TRAIN EQUIPMENT. This separation should be without reliance upon automatic or operator actions. Where this separation is not possible due to the required plant configuration to perform the activity, an evaluation of the risk of loss of the KEY SAFETY FUNCTION should consider whether this activity represents a HIGHER RISK EVOLUTION requiring the controls provided within this procedure. (Ref 2.3.22)

10.

The concept of physical separation also applies to separation between the PROTECTED TRAINS and separation of equipment or systems that provide support for KEY SAFETY FUNCTIONs from systems that do not. If separation cannot be established, the configuration should be evaluated as to whether it represents a higher risk of loss of that key safety function.

11.

Actions that should be considered in order to reduce the probability or consequences of impacts on PROTECTED TRAIN EQUIPMENT include:

a.

Rescheduling

b.

Posting of equipment according to Section 5.6

c.

Increasing risk awareness through identification or "flagging" in the schedule as a sensitive activity or HIGHER RISK EVOLUTION.

d.

Designation as a HIGHER RISK EVOLUTION with identification of contingency plans.

e.

Increasing risk awareness through the risk "color" designation per Attachment 11.

f.

Increased management oversight.

12.

Protected KEY SAFETY FUNCTIONS can be provided in either an active or standby status as specified below. (AR140449-05)

a.

The Decay Heat Removal KEY SAFETY FUNCTION is normally provided by the active components of RHR, CCW, ESW/NSW, and normal power supplies associated with the designated PROTECTED TRAIN. To minimize the risk of loss of decay heat removal, if the PROTECTED TRAIN components of decay heat removal are in a standby status, then the active components of decay heat removal on the other train shall be protected to minimize the possibility of the loss of this active decay heat removal function. Deviations from this strategy will be evaluated as a reduction in DEFENSE IN DEPTH below minimum requirements.

I OM-03Rv.2 Pg 1

f

,3 1 OMP-003 Rev. 24 Page 18 of 83 1

5.3.1 Key Safety Functions General (continued)

b.

The Electrical Power KEY SAFETY FUNCTION is provided in an active status for normal power supplies and a standby status for emergency power supplies.

c.

The Inventory Control KEY SAFETY FUNCTION can be provided in either an active or standby status.

d.

The Reactivity Control KEY SAFETY FUNCTION is provided in either an active or standby status.

e.

The Pressure Control KEY SAFETY FUNCTION is provided in either an active or standby status.

f.

The Containment KEY SAFETY FUNCTION can be provided in either an active (closed) or standby (closure capability established) status

13.

The use of NSW as the active support system to RHR for the Decay Heat Removal KEY SAFETY FUNCTION is an acceptable alternative to an operating ESW pump. NSW cannot be used solely to support the PROTECTED TRAIN, i.e., the ESW pump in standby must still be a functional system of the PROTECTED TRAIN. The NSW pump and necessary support equipment will be posted the same as is the ESW pump on the PROTECTED TRAIN.

14.

During a designated MAINTENANCE EXCLUSION PERIOD both trains will be designated as PROTECTED to allow the performance of selected testing activities that require testing each train in series.

a.

No train can be in a configuration where activities would affect PROTECTED TRAIN EQUIPMENT.

b.

Site communication would be that both trains are PROTECTED TRAINS.

c.

Selected equipment on both trains may be posted to prevent conflicts with other activities. When posting during the MAINTENANCE EXCLUSION PERIODS the restrictions of 5.3.1.8 do not apply to the testing related activities.

I OMP-003 I

Rev. 24 1

Page 19 of 83

5.3.2 Decay Heat Removal NOTE:

A continued loss of shutdown cooling can result in the loss of RCS inventory and lead to core uncovery. The times to core boiling AND core uncovery are the major factors in establishing minimum equipment guidelines. Maintaining redundant cooling capability until the refueling cavity is flooded ensures reliable standby cooling capability is present during the period when core decay heat can result in core boiling in a short period of time.

NOTE:

23 feet over the vessel flange is equivalent to an indicated level of 23 feet 2 inches.

NOTE:

EC 50542 analyzed the capability for a flooded cavity to provide core cooling with the upper internals still installed in the vessel and concluded effective core cooling will occur. (Ref. 2.3.20)

NOTE:

The time-to-boil calculation is sensitive to the initial RCS temperature. When determining the temperature value to use, insure it is representative of bulk fluid temperature. RHR Heat Exchanger outlet temperature alone is not representative.

(Ref. 2.3.23)

NOTE:

PLP-1 14 Attachment specifies the minimum time after the reactor is sub-critical for the beginning and the completion of full core off load as a function of CCW temperature.

NOTE:

As an added measure for DEFENSE IN DEPTH, at least one train providing the active decay heat removal function should be provided from components of RHR and Spent Fuel Pool Cooling and required support systems (ESW/NSW, CCW, normal power supplies) that are protected to minimize the possibility of the loss of use of this function. See Section 5.3.1.12 above. (Ref 2.3.24)

I OMP-003 I

Rev. 24 Pa ge 20 of 83 ]

5.3.2 Decay Heat Removal (continued)

R

1.

RHR system minimum requirements WHEN fuel is in the reactor vessel:

NOTE:

RCS Loops are considered filled only when pressurizer level is indicating greater than zero percent.

NOTE:

SG U-tubes are considered full of water IF RCS level has not decreased to point that U-tubes drain. IF U-tube draining has occurred, the RCS must have been filled and vented sufficient to support continuous RCP operation.

a.

Mode 5 with loops filled: (Ref. 2.1.5.5 and 2.3.4)

(1)

One RHR loop operable and in operation and either:

The other RHR loop operable OR Both of the following:

At least two SGs greater than 74% (WR) or 30% (NR) level AND SG U-tubes full of water with feeding and steaming capability available, AND RCS pressure greater than 130 psig with the ability to control RCS pressure greater than 130 psig indicated on PI-402A (IF only a wide range pressure indicator available, 175 psig required)

(2)

At least one operable RHR train with an emergency power supply.

b.

Mode 5 with loops not filled:

(Ref. 2.1.5.6)

(1)

Two RHR loops operable and at least one in operation.

(2)

At least one operable RHR train with an emergency power supply.

I OMP-003 I

Rev. 24 Page 21 of 83

5.3.2 Decay Heat Removal (continued)

c.

Mode 6 with cavity level greater than 23 feet above the vessel flange AND the following conditions apply:

(Ref. 2.3.20)

Core Power < 2900 MWth Time since Rx shutdown to flooded refueling cavity

>2.5 days Refueling Cavity initial temperature <11OF (3)

One RHR loop operable and in operation.

(4)

At least one operable RHR train with an emergency power supply.

d.

Mode 6 with cavity level less than 23 feet above the vessel flange: (Ref. 2.1.5.14)

(5)

Two RHR loops operable and at least one RHR loop in operation.

(6)

At least one operable RHR train should have an emergency power supply.

2.

RHR Support Systems requirements when fuel is in the reactor vessel:

a.

WHEN any of the following conditions exist, the support system status listed in Item 2.b should exist:

(1)

Mode 5 with loops not filled (2)

Mode 6 with cavity level less than 23 feet above the vessel flange

b.

WHEN any of the conditions listed in Item 2.a exist, the following support system status shall exist:

(1)

Two ESW pumps functional, at least one with an emergency power supply (2)

Two ESW headers functional (3)

Two CCW trains functional I OMP-003 I

Rev. 24 1

Page 22 of 83

5.3.2 Decay Heat Removal (continued)

c.

WHEN any of the following conditions exist, the support system status listed in Item 2.d should exist:

(1)

Mode 5 with loops filled (2)

Mode 6 with cavity level greater than 23 feet above the vessel flange

d.

WHEN any of the conditions listed in Item 2.c exist, the following support system status shall exist:

(1)

One ESW pump functional with an emergency power supply (2)

One ESW header functional (3)

One CCW train functional AND (4)

Another CCW Pump should be available

3.

SFP A and B Requirements:

SFP Cooling Pump 1&4A functional - including 'A' Train Emergency Power Supply, 'A' Train CCW Pump, 'A' Train ESW Pump and Header.

OR SFP Cooling Pump 1&4B functional - including 'B' Train Emergency Power Supply, 'B' Train CCW Pump, 'B' Train ESW Pump and Header.

4.

SFP C Requirements:

SFP Cooling Pump 2&3A functional - including 'A' Train Emergency Power Supply, 'A' Train CCW Pump, 'A' Train ESW Pump and Header OR SFP Cooling Pump 2&3B functional - including 'B' Train Emergency Power Supply, 'B' Train CCW Pump, 'B' Train ESW Pump and Header OMP-003 Rev. 24 Page 23 of 83

5.3.2 Decay Heat Removal (continued)

5.

The following additional requirements for Spent Fuel Pools 'A', 'B',

and 'C' apply while OMP-003 is in effect:

a.

One standby SFP Cooling Pump should be available for Pools 'A' and 'B'. The pump should be capable of providing cooling prior to Pool 'A' or 'B' exceeding a pool temperature of 150F. At maximum heat load in Pool 'A' and 'B' temperature will increase at a rate of about 11 OF/hour.

Therefore, WHEN Pool 'A' or 'B' temperature exceeds 130F, the situation should be evaluated to determine IF fuel movement should be suspended AND the standby SFP Cooling Pump prepared for operation (IF not already capable of operation).

b.

One standby SFP Cooling Pump should be available for Pool 'C'. This pump should be capable of providing cooling prior to Pool 'C' exceeding a pool temperature of 150F. At maximum heat load in Pool 'C' temperature will increase at a rate of about 3°F/hour. Therefore, WHEN the Pool 'C' temperature exceeds 140F, the standby pump should be prepared for operation (IF not already capable of operation).

c.

The Control Room "Spent FP Hi Temp" (annunciator ALB-023 4-16), "New FP Hi Temp" (annunciator ALB-023 5-16),

AND "SFP C Hi Temp" (annunciator ALB-023 4-15) should be functional OR an alternate means should be present to monitor SFP temperatures.

d.

The Control Room "Spent FP Hi/Lo Level" (annunciator ALB-023 4-17), "New FP Hi/Lo Level" (annunciator ALB-023 5-17), AND "SFP C Hi/Lo Level" (annunciator ALB-023 4-18) should be functional OR an alternate means should be present to monitor SFP level.

6.

No additional requirements regarding Spent Fuel Pool Cooling capability for Pool 'D' exists based on current Spent Fuel Storage Racks.

I OMP-003 I

Rev. 24 1

Page 24 of 831

5.3.3 Electrical Power An emergency power source is not a part of the definition of operability in Tech Specs. Therefore, an operable EDG is required for component operability only IF the component Tech Spec states that an operable emergency power source is required. The emergency power source is required for the following Tech Specs:

3.1.2.1 Boration Systems Flowpath - Shutdown 3.1.2.3 Charging Pump - Shutdown 3.7.6 Control Room Emergency Filtration System - only when in Action Statement b, for Mode 5 and 6 3.9.12 FHB Emergency Exhaust System - only when in Action Statement a.

However, to maintain defense in depth, OMP-003 requires an emergency power source for additional components used to maintain Key Safety Functions.

NOTE:

23 feet over the vessel flange is equivalent to an indicated level of 23 feet 2 inches.

R

1.

Offsite power source minimum requirements:

a.

Mode 5, 6, and de-fueled:(Ref. 2.1.5.10)

(1)

One circuit between the offsite transmission network and the onsite class 1 E distribution system.

(2)

Switching the plant on/off Back-feed through BOTH Unit Auxiliary Transformers should only be performed with the following conditions:

(a)

No fuel movement in FHB OR CNMT OR core alterations are in progress AND One of the following apply:

Cavity level is greater than 23 feet OR Core is defueled AND the cavity gate valve is closed.

I OMP-003 I

Rev. 24 Page:25 of 83

5.3.3 Electrical Power (continued)

(b)

Cranes powered from site power are not performing a heavy lift.

Operation in this configuration should only be allowed IF Cavity level remains greater than 23 feet.

OR Core is de-fueled the cavity gate valve closed.

(1)

Switching the plant on/off Back-feed through ONE Unit Auxiliary Transformer should only be performed if:

(a)

No fuel movement in FHB OR CNMT OR core alterations are in progress AND Plant is not in reduced inventory condition OR midloop (b)

Cranes powered from site power are not performing a heavy lift.

Operation in this configuration can occur for duration of Modes 5, 6 or de-fueled.

R

2.

Emergency Diesel Generators requirements:

NOTE:

An EDG SHALL be declared inoperable IF backfeeding is in progress AND the EDG is paralleled through its safety bus to offsite power because the Loss of Offsite Power Protection Circuit will not function. (Ref. 2.1.5.10)

a.

Mode 5, 6: (Ref. 2.1.5.10)

(1)

One EDG operable

b.

De-fueled:

(1)

One EDG should be functional I OMP-003 I

Rev. 24 I

Page 26 of 831

5.3.3 Electrical Power (continued)

NOTE:

A list of Uninterruptible Power Supply (UPS) Loads Important To Key Safety Functions can be found in Attachment 6.

R

3.

Safety Related AC Distribution System Requirements:

(Ref. 2.1.5.11)

a. The safety related AC buses associated with the operable EDG SHALL meet Tech Spec 3.8.3.2 requirements.

b. The safety related AC buses associated with the required functional equipment should be functional.

R

4.

Safety Related DC Distribution System Requirements:

(Ref. 2.1.5.15)

a.

The safety related DC buses associated with each operable EDG shall be operable including the bus, the battery, and at least one full-capacity charger.

b.

The safety related DC buses associated with each functional EDG should be functional including the bus, the battery, AND at least one charger.

c.

The safety related DC buses associated with the required functional equipment should be functional.

OMP-003 Rev. 24 Page 27 of 83

5.3.4 Inventory Control I

NOTE:

23 feet over the vessel flange is equivalent to an indicated level of 23 feet 2 inches.

R

1.

Inventory control requires only the functional capability to add borated water to the RCS. Inventory control consists of a required number of trains AND paths as defined in Attachment 2. All trains and flow-paths to the RCS require a functional RWST with a level greater than 12% to provide enough volume to maintain the overall decay heat removal function. (Ref. 2.3.1)

a.

Mode 5 AND 6 with cavity level less than 23 feet above the vessel flange:

(1)

One borated makeup flow path shall be functional with a functional emergency power supply (2)

An additional borated makeup flow path from the other train should be available

b.

Mode 6 with cavity level greater than 23 feet above the vessel flange: One borated makeup flow path shall be functional with a functional emergency power supply

2.

SFP Makeup: (Ref. 2.3.21)

NOTE:

ESW, RMWST, RHT, and Fire Protection Header are potential makeup sources.

These sources are NOT typically utilized as first option makeup sources because these methods may provide reduced flow.

At least one of the following sources should be available at all times:

a.

DWST level greater than 14.2 feet with the ability to transfer water from DWST to the Spent Fuel Pool available

b.

RWST level greater than 12% with the ability to transfer water from RWST to the Spent Fuel Pool available

c.

The required makeup rates to offset pool boiling are:

(1)

Pools 'A' and 'B' - 90 gpm (total for both)

(2)

Pools 'C'- 15 gpm IOMP-003 I

Rev. 24 1

Page 28 of 83:]

5.3.5 Reactivity Control NOTE:

23 feet over the vessel flange is equivalent to an indicated level of 23 feet 2 inches.

R

1.

Mode 5 and 6 with cavity level less than 23 feet above the vessel flange: (Ref. 2.1.5.2 and 2.1.5.16)

a.

One borated makeup flow path (including CSIP) SHALL be operable with an operable emergency power supply

b.

An additional borated makeup flow path from the other train should be available

c.

With the RCS vented (minimum one pressurizer safety valve removed, RCS Vessel Head fully detensioned or Pressurizer manway removed) the additional borated makeup flow path from the other train can be provided by an RHR pump flow path from the RWST.

R

2.

Mode 6 with cavity level greater than 23 feet above the vessel flange: One borated makeup flow path (including CSIP) SHALL be operable with an operable emergency power supply.

(Ref. 2.1.5.2 and 2.1.5.16) 5.3.6 Pressure Control R

1.

In Mode 5, a minimum of one pressurizer code safety valve SHALL be operable. (Ref. 2.1.5.7)

R

2.

In Mode 5 and 6 with the reactor vessel head on, at least one of the following over pressure protection systems SHALL be operable: (Ref. 2.1.5.8)

a.

The RCS depressurized with an RCS vent of greater than or equal to 2.9 square inches OR

b.

Two PRZ Power Operated Relief Valves (PORVs)

3.

In Mode 5, RCS accumulators should either be isolated from the RCS, OR vented AND drained to a level that will not allow flow into the RCS (except for approved testing).

R

4.

A maximum of one CSIP SHALL be operable whenever the temperature of one or more RCS cold legs is less than or equal to 325F and the vessel head is in place.

(Ref. 2.1.5.2 and 2.1.5.16)

IOMP-003 I

Rev. 24 1

Page 29 of 83]

5.3.7 Containment Integrity/Closure R

1.

Primary containment integrity SHALL be maintained according to T.S. 3.6.1.1. (Ref. 2.1.5.9)

R

2.

Containment access doors, PAL, EAL, and Equipment Hatch, may be opened during Mode 5, 6, or defueled. During Modes 5 or 6, WHEN no core alterations are being performed, they should be capable of being closed within the more restrictive of either before core boiling or within 4 hours4.62963e-5 days 0.00111 hours 6.613757e-6 weeks 1.522e-6 months . Additional requirements exist to meet Tech Spec 3.9.4 requirements and GL 88-17 requirements as stated below. (Ref. 2.3.1)

R

3.

Containment closure SHALL be set to meet Tech Spec 3.9.4 requirements during core alterations or movement of irradiated fuel within containment.

a.

The basis of Tech Spec 3.9.4 states: The requirements on containment building penetration closure and operability ensure that a release of radioactive material within containment will be restricted from leakage to the environment. The operability and closure restrictions are sufficient to restrict radioactive material release from a fuel element rupture based upon the lack of containment pressurization potential while in the Refueling Mode.

Penetrations applicable to Tech Spec 3.9.4.b and 3.9.4.c may be opened provided the following administrative controls are in effect:

(1)

An individual or individuals SHALL be designated and available at all times, capable of isolating the breached penetration (within 120 minutes of initiation of a fuel handling accident. The designated individuals SHALL be tracked by the Work Control Center).

(2)

The breached penetrations SHALL not be obstructed unless capability for rapid removal of obstructions is provided (such as quick disconnects for hoses).

(3)

For the Personnel Air Lock, at least one door MUST be capable of being closed and secured.

Additionally, the equipment hatch MUST be capable of being closed and secured. Equivalent isolation methods may also be used.

I OMP-003 I

Rev. 24 1

Page 30 of 83

5.3.7 Containment Integrity/Closure (continued)

b.

CNMT penetrations that provide direct access from CNMT to outside atmosphere must be isolated, or capable of isolation via administrative controls on at least one side of CNMT. Isolation may be achieved by an OPERABLE automatic isolation valve, or by a manual isolation valve, blind flange, or equivalent. Equivalent isolation methods include use of a material that can provide a temporary, atmospheric pressure, ventilation barrier for the other CNMT penetrations during fuel movement.

R

4.

Containment access doors, PAL, EAL, AND Equipment Hatch, may be opened during reduced inventory OR midloop.

Penetrations shall be capable of being closed within the more restrictive of the following: (Ref. 2.3.11)

a.

Within 2.5 hours5.787037e-5 days 0.00139 hours 8.267196e-6 weeks 1.9025e-6 months of initial loss of decay heat removal. This time is reduced IF the following apply:

(2)

IF openings totaling greater than one square inch exist in the cold legs, RCP's (connecting into the cold leg water space) AND crossover pipes of the RCS this time is reduced to 40 minutes.

(3)

IF the Reactor Head is removed OR installed but not yet tensioned, the 40 minutes does not apply, instead the time limit is 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months .

b.

Within the time to core uncovery from a loss of decay heat removal coupled with an inability to initiate alternate cooling OR addition of water to the RCS.

c.

Within the time to core boiling.

R

5.

To consider the Equipment Hatch acceptable for meeting containment closure for reduced inventory OR midloop, both of the following criteria must be met:

a.

Sufficient bolts installed to ensure a proper seal of the periphery mating surfaces.

b.

Sufficient bolts installed AND torqued to meet the maximum containment pressurization potential per the below table: (Ref. 2.3.12, 2.3.13, and 2.3.14).

Max. QNMT,P*res5sLre (psig)

Number of BdtsRequired Torqued 5

6 10 10 15 14 25 22 35 30 41 34 OMP-003 Rev. 24 Page 31 of 83

5.3.7 Containment Integrity/Closure (continued)

6. can be used to determine the maximum containment pressure versus decay heat level of the core. Decay Heat load can be determined from Engineering for any time since shutdown desired. The corresponding maximum containment pressure is the required pressure containment closure devices must be capable of achieving to be considered adequate for containment closure during reduced inventory OR midloop configuration. (Ref. 2.3.15)

7.

Containment penetration status and method to obtain CNMT closure should be as follows for Modes 5 and 6:

a.

WCC-SRO should maintain current status of CNMT penetrations.

b.

Manager - Operations is responsible for ensuring any work resulting in a CNMT penetration being incapable of immediate closure has a written containment closure plan.

c.

Manager - Operations is responsible for ensuring a Containment Closure Plan is present in the work package OR documentation directing how to accomplish the work.

d.

WCC-SRO should ensure sufficient resources are present to implement Containment Closure Plans. IF sufficient resources are not available to perform the work, WCC-SRO should notify the WCOM.

e.

WCC-SRO should review AND ensure capability to implement a Containment Closure Plan as a part of the work order approval process.

f.

When the work is completed which created the need for a Containment Closure Plan, the person performing the work is responsible for notifying WCC-SRO

g.

WCC-SRO should discard any Containment Closure Plan after notification that the related work is completed.

8.

Material should be available to allow closure of any breached penetration. IF closure is to be obtained from inside CNMT, consideration should be given to possible containment conditions and the ability to perform the closure actions in CNMT.

9.

Personnel responsible for CNMT closure should be trained and understand their roles in obtaining closure.

10.

Methods for evacuating containment and alerting personnel of adverse conditions within CNMT should be established.

I OMP-003 I

Rev. 24 1

Page 32 of 83

5.3.8 Application of Seismic Design Criteria The application of seismic design requirements to plant SSCs during Mode 4 is limited to those SSCs required by Tech Specs to be operable.

The application of seismic design requirements to plant SSCs during Modes 5, 6, or defueled is limited to:

1.

Those SSCs required by Tech Specs to be operable.

2.

The immediate support systems for the operable decay heat removal system(s) consisting of the same train EDG, ESW, and CCW flowpaths.

3.

It is realized that the Reactor Coolant System will not be in a seismic configuration when preparations are performed to remove fuel from the vessel (such as removing seismic tie rods and vessel head). However, other Reactor Coolant Loop piping seismic supports should not be removed without an engineering evaluation to preserve the reactivity addition and decay heat removal flowpaths to the fuel.

Containment is not required to be operable during Modes 5, 6, or defueled; therefore, seismic design requirements do not apply to containment penetrations except for those supporting a required operable SSC.

IF a portion of a required operable system can be isolated AND the isolated portion's failure can not affect the operability of the required portion, seismic design requirements for the isolated portion do not apply.

Harris Engineering should determine if the work scope can be done and not affect seismic qualification of the required SSCs.

The following Tech Specs or Relocated Tech Specs require operable plant SSCs during Mode 5, 6, or defueled:

3.1.2.1 3.1.2.3 3.1.2.5 3.1.3.3 3.3.1 3.3.2 3.3.3.1 PLP-114 PLP-114 PLP-114 3.4.1.4.1 3.4.1.4.2 3.4.2.1 3.7.6 Boron Systems Flowpath - Shutdown Charging Pump - Shutdown Borated Water Source - Shutdown Position Indicating System - Shutdown Reactor Trip System Instrumentation ESFAS Instrumentation Radiation Monitoring For Plant Operations Seismic Instrumentation Meteorological Instrumentation Explosive Gas Monitoring Instrumentation RCS Cold Shutdown - Loops Filled RCS Cold Shutdown - Loops Filled RCS Safety Valves Control Room Emergency Filtration System I OMP-003 I

Rev. 24 I

Page 33 of 83]

5.3.8 Application of Seismic Design Criteria (continued) 3.7.8 Snubbers 3.8.1.2 A.C. Sources - Shutdown 3.8.2.2 D.C. Sources - Shutdown 3.9.2 Instrumentation 3.9.8.1 RHR and Coolant Circulation 3.9.8.2 Low Water Level 3.9.9 Containment Ventilation Isolation System 3.9.12 FHB Emergency Exhaust System 3.11.1.4 Liquid Radwaste Treatment System 3.11.2.5 Gaseous Radwaste Treatment System 5.4 Risk Assessment 5.4.1 Initial Risk Assessment 1.

The Supervisor - Outage Management is responsible for organizing an independent outage risk assessment of each planned outage that requires entry into Mode 4, 5, 6, or defueled.

The Risk Assessment Team will be comprised of multi-disciplined personnel knowledgeable in management expectations for outage nuclear safety and plant operations. The majority of the team personnel should not have been directly involved in the development of the outage plan and schedule. Some personnel who were directly involved in developing the schedule may be assigned to facilitate the Risk Assessment Team's efforts by explaining the scheduling logic, answering HNP specific questions, etc.

2.

The review should assure the adequacy of the defense in depth provided for the duration of the outage and consistency with management's shutdown safety policy. This review should also include a detailed examination of the outage schedule, including system interactions, support system availability, and the impact of temporarily installed equipment.

3.

The review should include meeting the requirements of WCM-001 for scheduled activities during Modes 1-3 and OMP-003 for Modes 4-6 and defueled.

4.

The review should ensure that higher risk evolutions are clearly identified in the schedule and that contingency plans and mitigating procedures have been developed and are adequate.

5.

The timing of the review should be coordinated so that there is a high confidence in the accuracy of the Outage Schedule yet sufficient time remaining prior to the start of the outage to allow for response to the Risk Assessment Team's recommendations.

G OMP-003 1

Rev. 24 1

Page 34 of 83 1

5.4.1 Initial Risk Assessment (continued)

6.

If entry into Mode 3 or 4 is being made as a result of a forced outage, the initial risk assessment should be completed as soon as the first detailed schedule of the work scope is available. Entry into a plant mode to comply with Tech Specs OR as a result of plant conditions should not be held up to perform this initial risk assessment.

7.

For a refueling outage schedule, the Risk Assessment Team Leader is responsible for managing team member efforts during the review and conducting an exit meeting with the Supervisor -

Outage Management or his designee. The Risk Assessment Team Leader will clearly identify any recommendations resulting from the review and deliver a draft written report at the exit meeting. The Risk Assessment Team Leader is also responsible for delivery of the final written report within one week of completing the review. The Team Leader may request, if desired, a written response to any or all of the Review Team's recommendations. The Supervisor - Outage Management will ensure that the Risk Assessment Team's recommendations are placed on an appropriate tracking system (if needed), responsible individuals assigned, and completion dates set appropriate to the significance and priority of each recommendation. If the Risk Assessment Team Leader has requested a written response, the Supervisor - Outage Management is responsible for negotiating a response date with the Team Leader and preparing and submitting the response as negotiated.

5.4.2 Miscellaneous Reviews NOTE:

This section should be performed by initial risk assessment team members.

1.

Verify that plant procedures/policies address the following issues:

a.

Fuel coolant inventory loss (cavity seal ring failure, fuel pool gate seal failure, single failure scenarios leading to rapid RCS inventory loss).

b.

Fire Risk (control of transient combustibles, hot work permit process including evaluation of cumulative area fire loading, control of temporary electrical power sources including drop cords, access maintained to fire protection equipment).

c.

Confined space work.

d.

Working hours and overtime.

e.

Switchyard work control.

OMP-003 Rev. 24 Page 35 of 83

5.4.2 Miscellaneous Reviews (continued)

f.

Availability of boric acid supplies.

g.

ALARA and radiation protection.

h.

Control of infrequently performed tests or evolutions.

2.

Verify that procedures are in place or will be completed prior to the need for the use of all equipment credited for providing any of the shutdown safety functions.

3.

Review the outage schedule for activities or combination of activities that could present a higher risk of challenging any of the six shutdown safety functions.

4.

Verify that plant procedures address the following aspects of fuel handling:

a.

Fuel handling organization, including the individual responsible for fuel movement.

b.

Personnel qualification.

c.

Shutdown margin monitoring during core reload.

d.

Verification that the source range nuclear instrumentation indicate actual core conditions.

e.

Controls for fuel assemblies stored in temporary core locations.

f.

Fuel handling equipment checkouts before use in containment AND fuel handling building.

g.

Boron concentration in the filled portions of the RCS, refueling canal, and refueling cavity are maintained according to Tech Spec 3.9.1.a.

h.

Mitigation of boron dilution events.

i.

Minimum RCS temperature remains above the temperature used for the shutdown margin calculation.

During fuel handling/core alterations, ventilation system and radiation monitor availability should be assessed, with respect to filtration and monitoring of releases from the fuel. The goal of maintaining ventilation system and radiation monitor availability is to reduce doses even further below that provided by natural decay and to avoid unmonitored releases. (Ref. 2.3.16)

5.

Verify procedures and policies address post core load control rod testing, low power physics testing, and power ascension testing.

OMP-003 Rev. 24 Page 36 of 83]

5.4.2 Miscellaneous Reviews (continued)

6.

Verify the BAT or RWST meets requirements of Tech Spec 3.1.2.5.

7.

Verify that in Mode 5, shutdown margin meets requirements of Tech Spec 3.1.1.2.

8.

Verify that in Mode 5 with the reactor trip breakers closed, rod position indication meets requirements of Tech Spec 3.1.3.3.

9.

Verify the requirements of Tech Spec 3.9, PLP-1 06, and PLP-1 14 are addressed by the outage schedule and/or plant procedures.

10.

Verify Source Range instruments availability meets the requirements of Tech Spec 3.3.1 and 3.9.2.

11.

Verify the outage schedule maintains SSCs in a configuration that at least meets Tech Specs for Mode 4.

12.

Verify the outage schedule identifies any activities that present a single failure situation that can impact key safety functions (examples stated in 5.3.1.3). Verify pre-evolution briefs OR contingency plans are created commensurate with the level of risk imposed by the activity.

13.

Verify when the PZR Manway is removed, the outage schedule minimizes the time period between disconnecting RVLIS reference leg from the IRVH connection and detensioning the IRVH. Likewise, verify the outage schedule minimizes the time period between tensioning the IRVH and reconnecting RVLIS reference leg to the IRVH connection. (Ref. 2.3.19) 5.4.3 Schedule Changes

1.

The Supervisor - Outage Management or his designated representative will initiate the review of work additions/ deletions or schedule changes and is responsible for documenting the review. The Supervisor - Outage Management should designate personnel that can perform this review.

2.

After the Initial SDR Team Schedule review, all task adds, deletes, and logic tie changes, except those related to scope which has been previously determined to not affect shutdown risk (refer to list in step 5.4.3.4), should be evaluated by designated personnel. The following process should be used until a transition is made to an approved on-line schedule:

a.

For a schedule change affecting Mode 1, 2, or 3 actions, evaluate the change against the requirements of WCM-001. Determine if the schedule change impacts a PSA function referenced in WCM-001. Proceed to step 5.4.3.2.d.

OMP-003 Rev. 24 Page 37 of 831

5.4.3 Schedule Changes (continued)

b.

For a schedule change affecting Mode 4 actions, evaluate the change against the requirements of Technical Specifications for Mode 4. Determine if the schedule change is being performed on a SSC required by Tech Specs. Proceed to step 5.4.3.2.d.

c.

For a schedule change affecting Mode 5, 6, or defueled, evaluate the change against the requirements of OMP-003 for Modes 5, 6, or defueled. Determine if the schedule change is being performed on a system listed on. If YES, proceed to step 5.4.3.2.d. to perform risk assessment. If NO, a risk assessment is not required; however, perform WO identification per step 5.4.3.3.

NOTE:

Entry into Tech Spec Action Statements may not result in going below defense in depth. Each case of Tech Spec Action Statement entry should be qualitatively evaluated with consideration of simultaneously planned evolutions and plant configurations.

CAUTION Risk reviewers must understand the full scope of work to determine risk significance. Therefore, the risk review may not be possible until the work is fully planned.

d.

Conduct a review of the change and document the results on Attachment 3. This should be accomplished by two individuals evaluating the change and documenting the results on Attachment 3. Both reviewers should arrive at the same conclusion regarding "Defense in Depth".

Proceed to step 5.4.3.2.e.

e.

If the combined review determines that the schedule change MAY place the plant below defense in depth, complete Attachment 3 to document this process. Then, complete Attachment 4 to allow a Risk Assessment Team to determine the impact of the schedule change and to obtain PNSC concurrence if applicable.

3.

After outage implementation begins, scope additions for new work order tasks or scope changes to existing work order tasks that require a different plant configuration should be identified per instructions.

I OMP-003 I

Rev. 24, 1

Page 38 of 831

5.4.3 Schedule Changes (continued)

4.

Scope changes involving the following work are considered to be non-risk significant and do not require further risk assessment:

a.

Prefabrication or shop work

b.

Repairs/modifications to security systems

c.

Work outside the power block except for DW system (such as office buildings, temporary facilities, sewage treatment, and grounds maintenance)

d.

Field walkdowns and inspections

e.

Engineering change reviews

f.

Procedure revisions

5.

The majority of the Risk Assessment Team personnel should not have been directly involved in the development of the outage plan and schedule. The Supervisor - Outage Management or his designated representative should chair the team with members representing Operations, Maintenance, Engineering, and Environmental & Radiation Control as required. At least one member of the team should be a qualified SRO for HNP.

6.

Proposed emergent work or schedule changes which are determined by the Risk Assessment Team review to reduce the planned Defense in Depth below minimum requirements or are considered to be higher risk evolutions require additional evaluation and concurrence by the PNSC prior to implementation.

7.

Before work scope is coded for on-line performance, a risk review should be performed to ensure the scope can be performed on-line. Consideration should be given to EOOS PSA functions, Technical Specifications, quantitative AND qualitative evaluation, and fitting the 12 week rolling schedule. The Supervisor - Online Scheduling should then approve the decision to move the scope to on-line performance.

8.

The Supervisor - Outage Management should ensure retention of the file of forms documenting the assessment of proposed work additions or schedule activity changes and Configuration Checklist changes as an aid to completing the post outage shutdown risk assessment.

I OMP-003 I

Rev. 24 1

Page 39 of 83

5.5 Control of Key Safety Functions 5.5.1 The outage schedule is developed based on maintaining the key safety functions as required to minimize shutdown risk. For Modes 5, 6, and defueled, the requirements to satisfy each key safety function are listed on Attachment 2.

5.5.2 During pre-outage planning a Key Safety Function availability Checklist will be prepared for each scheduled configuration. The checklist will provide the following information:

1.

The minimum equipment requirements for each KEY SAFETY FUNCTION for that configuration in the outage.

2.

Equipment not available for use.

3.

Protected train equipment.

5.5.3 Before placing the plant in a new scheduled configuration, the WCOM AND S-SO should verify the actual key safety function status meets OR exceeds the listed requirements for that configuration.

5.5.4 If a change in component status occurs that affects the Key Safety Function Availability Checklists, the KSF Availability Checklists should be changed to reflect the revised component status. If the current KSF Availability Checklist is impacted then it should be revised and re-approved as described in Section 5.6.2. The KSF Availability Checklist should then be reposted to reflect the correct KSF configuration.

5.5.5 A deviation from the posted configuration for equipment that supports the KEY SAFETY FUNCTION may be performed IF both the WCOM AND S-SO agree to the change AND the alternate KSF configuration is addressed in the notes section of the KSF Availability Checklist. (For example: Lifting loads over the RWST will result in the RWST becoming inoperable. If the RWST and associated flow are being credited on the posted KSF configuration but the BAT and associated flow path is available and noted in the notes section as an available option for crane boration flow then the deviation is permissible and can be allowed without reposting the KSF Availability Checklist.). If an alternate KSF configuration is not addressed in the notes section of the KSF Availability Checklist then the checklist should be revised and reposted. Configuration changes that meet the requirements of this step should be logged in the MCR and OCC logs at least once per shift.

5.5.6 THE MINIMUM REQUIRED EQUIPMENT for the key safety function must always be met except as allowed by the following Tech Specs:

1.

3.1.2.3 (No operable CSIPs during swapping)

2.

3.4.1.4.1 AND 3.4.1.4.2 (RHR de-energization for up to 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months AND RHR loop inoperable for up to 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months )

3.

3.9.8.1 AND 3.9.8.2 (RHR loop may be removed from operation up to 1 hour1.157407e-5 days 2.777778e-4 hours 1.653439e-6 weeks 3.805e-7 months per 2 hour2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months period)

OMP-003 I

Rev. 24 Page 40 of 83:]

5.6 Key Safety Function Availability Checklists 5.6.1 The following section contains the explanations AND requirements for configurations planned for the outage for Modes 5, 6, OR defueled. The configurations should have the following information:

1.

TITLE: Mode AND brief description of configuration

2.

DURATION: Approximate planned duration

3.

BEGINS: Begin of configuration (schedule perspective)

4.

ENDS: End of configuration (schedule perspective)

5.

MAJOR ACTIVITIES: A list of some of the significant activities that have been originally planned. This does not imply that these activities can only occur WHEN the plant is in the configuration.

6.

NOTES: Specific notes that are of significance to the present configuration segregated by the particular safety function where they apply.

7.

TIME TO BOIL: IF available, values based upon calculations by Engineering.

8.

KEY SAFETY FUNCTION AVAILABILITY CHECKLIST: All configurations encountered during Modes 5, 6, OR defueled with the specific set of requirements.

5.6.2 Implementation of the KEY SAFETY FUNCTION AVAILABILITY CHECKLISTS should be as follows:

1.

Supervisor - Outage Management is responsible for developing the Key Safety Function Availability Checklist(s) for each planned Configuration of the refueling outage using Attachment 1. The equipment that supports the KEY SAFETY FUNCTION should be circled AND additional notes may be entered on Attachment 1 Notes page (may use electronic copy).

2.

Before entering Mode 5, the S-SO and WCOM should review the Configuration requirements and Notes. The S-SO and WCOM then concur that the status of plant equipment allows entry into Mode 5 and the S-SO will direct the plant to Mode 5 entry.

3.

Before manipulating the plant into the next configuration, the S-SO and WCOM should review the upcoming configuration requirements and Notes. The S-SO and WCOM then concur the status of plant equipment allows entry into the next configuration and the S-SO will direct the plant to the next configuration.

IOMP-003 I

Rev. 24 Pa ge 41 of 83 ]

5.6 Key Safety Function Availability Checklist (continued)

4.

The S-SO and WCOM should sign in the space provided (they may use separate copies of the checklist, if desired) for verification that the minimum required equipment or condition exists. This concurrence may be performed electronically as an attachment to e-mail as long as the concurrence of the WCOM and S-SO is documented. The WCOM should maintain the checklists as a part of the outage record.

5.

The WCOM is responsible for electronically posting the Key Safety Function Availability Checklists to the intranet to keep personnel aware of Key Safety Function status. If the intranet is unavailable then manual copies will be delivered to the MCR, WCC, and OCC to keep personnel aware of Key Safety Function status. Also, the WCOM is responsible to provide indication of the protected train and risk level at the entrance to the protected area in the security building (stoplight location).

6.

To increase awareness of PROTECTED TRAIN EQUIPMENT in the field, local signs should be posted stating authorization of the WCOM and S-SO are required before performing any work on the equipment. These signs should be posted within one shift (12 hours1.388889e-4 days 0.00333 hours 1.984127e-5 weeks 4.566e-6 months ) of and before entering the protected plant configuration.

These postings will be made according to the Protected Train Equipment Plan similar to that on Attachment 12. At a minimum, the following should be posted when serving as PROTECTED TRAIN EQUIPMENT (opposite train equipment is unavailable)

ESW Pump and Breaker CCW Pump and Breaker RHR Pump and Breaker SFP Cooling Pump and Breaker CSIP and Breaker Boric Acid Transfer Pump and Breaker EDG and Breaker 6.9KV Breakers to Safety Busses SUT entryway UAT entryway Safety Related Battery S 51 - S4 Distribution Panels Switchyard Access Gates and Doorway to Switchyard Relay House (During Reduced Inventory or Mid-loop)

DWST Pumps I OMP-003 I

Rev. 24 I

Page 42 of 83 1

5.7 Communication of Risk

1.

The following elements should be routinely communicated at meetings to heighten sensitivity of plant personnel to risk of loss of KEY SAFETY FUNCTIONS from on-going outage activities, and the need to control plant configuration.

Protected Train (A or B)

Risk Color Time - to - Boil (# of minutes if < 2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months , or "2 hours2.314815e-5 days 5.555556e-4 hours 3.306878e-6 weeks 7.61e-7 months " if

>2 hours)

High Risk Evolutions in progress.

2. The level of risk (color) will be determined qualitatively by the WCOM using the guidance of Attachment 11. This color will communicated visually using the stoplight, or equivalent means, positioned in the security building.

6.0 DIAGRAMS/ATTACHMENTS 0 1 2 Key Safety Function Availability Checklists Key Safety System Availability Explanations Safety Significance Screening of Emergent Work Schedule Changes Risk Assessment of Emergent Work Schedule Changes Inventory and Reactivity Flowpaths UPS Loads Important To Key Safety Functions EDB Systems That Require A Risk Assessment For Schedule Changes Maximum Equilibrium Containment Pressure Risk Review Identification on Work Order Tasks Protected Train Work Approval Form Outage "Stoplight" Criteria Protected Equipment Sign I OMP-003 I

Rev. 24 1

Page 43 of 83

Attachment I - Key Safety Function Availability Checklists Sheet I of 2 EXAMPLE NOTES TITLE:

DURATION:

BEGIN:

ENDS:

MAJOR ACTIVITIES:

Days NOTES:

DECAY HEAT REMOVAL:

ELECTRIC POWER DISTRIBUTION:

INVENTORY CONTROL:

REACTIVITY CONTROL:

PRESSURE CONTROL:

CONTAINMENT:

I OMP-003 I

Rev. 24 1

Page 44 of 83

Attachment I - Key Safety Function Availability Checklists Sheet 2 of 2 EXAMPLE CONFIGURATION 1 - MODE 5 RCS LOOPS FILLED AND PRESSURIZED 1Minimum Opion Key Safety Function Required Options Decay Heat Removal 2 of 3 SGs Reactor Coolant System 2

RHR A RHR B SFP A & B Cooling 1

SFP A SFP B FSP C Cooling 1

C-SFP A C-SFP B ESW Pumps 2

ESW A ESW B CCW Pumps 2

CCW A CCW B CCW C Electric Power Distribution Offsite Sources 1

SUT A SUT B BACKFEED Onsite Sources 1

EDG A EDG B

6.9 KV/480V Emer Buses 2

A-SA B-SB

120VAC Uninterruptible 4

SI SII Sill SIV

DC Buses 2

DP-1ASA DP-1BSB Inventory Control Reactor Coolant System 2 TRN/

TRN A TRN A TRN B TRN B 1 PATH/TRN PATH A PATH B PATH C PATH D Spent Fuel Pool 1

DWST RWST Reactivity Control

- Boration 2 TRN/

TRN A TRN A TRN B TRN B

nowPaths 1 PATH/TRN PATH E PATH F PATH G PATH H CSIPs 2

CSIP A CSIP B CSIP C Inadvertent Dilution NO YES NO Lineup Completed Pressure Control RCS Safety VIv Operable I

1RC-123 I1RC-125 1RC-127 Vent Path 1

ILTOPS Containment Closure Established NO YES INO D

I + A Q

+ý x,,ith tHeý

-~k

ýrq l(p

':nt-lzAi i hcn r~DIpApPI on

+

rcnIn+n buses associated with functional equipment should be FUNCTIONAL.

One path should have a functional (OPERABLE for boration flowpath) emergency power supply AND WHEN two trains are required, a path from each train isrequired. The AVAILABLE path should be recoverable by verifying SW supply AND restoring the CSIP.

At least one SFP Cooling Pump should remain functional including Emergency Power Supply, CCW Train, and ESW Train. The other SFP Cooling Pump should be capable of providing cooling prior to SFP temp reaching 150F.

APPROVED BY:

CONCURRED BY:

WCOM S-SO I OMP-003 I

Rev. 24 1

Page 45 of 83

- Key Safety System Availability Explanations Sheet I of 6 1.0 Decay Heat Removal

1.

Reactor Coolant System:

NOTE:

At least one operable RHR pump should have an emergency power supply during Modes 5 AND 6.

a.

RHR A RHR Train A operable including the respective ESW pump, CCW pump, and ESW header functional

b.

RHR B RHR Train B operable including the respective ESW pump, CCW pump, and ESW header functional

c.

2 of 3 SGs 2 of 3 SGs with requirements of:

Secondary side water level shall be greater than 74% OR narrow range (NR) secondary side water level shall be greater than 30%

Steaming AND feeding capability Greater than 0% PZR level SG U-tubes full of water RCS pressure greater than 130 psig with the ability to control RCS pressure greater than 130 psig indicated on PI-402A (IF only a wide range pressure indicator available, 175 psig required)

d.

_ 23' Refueling Cavity level _> 23 feet. Twenty-three feet over the vessel flange is equivalent to an indicated level of 23 feet 2 inches.

e.

CCW A CCW A Pump is functional OR available CCW B CCW B Pump is functional OR available CCW C CCW C Pump is functional OR available

f.

ESW A ESW A Pump is functional OR available ESW B ESW B Pump is functional OR available

2.

Spent Fuel Pool Cooling:

a.

SFP A and B Requirements:

At least one SFP Cooling Pump should have a functional emergency power supply. While OMP-003 is in effect, a standby SFP Cooling Pump should be available. This pump should be capable of providing cooling prior to exceeding a spent fuel pool temperature of 150F. At maximum heat load in the SFP, SFP temperature will increase at a rate of about 11 degreesF/hour. Therefore, WHEN the SFP temperature exceeds 130F, the situation should be evaluated to determine IF fuel movement should be suspended AND the standby SFP Cooling Pump prepared for operation (IF not already capable of operation).

OMP-003 I

Rev. 24 1

Page 46 of 83

- Key Safety System Availability Explanations Sheet 2 of 6 SFP A SFP Cooling Pump 1&4A-SA functional including a functional 'A' Train CCW pump, 'A' Train ESW pump AND header SFP B SFP Cooling Pump 1&4B-SB functional including a functional 'B' Train CCW pump, 'B' Train ESW pump AND header While OMP-003 is in effect the Control Room "Spent FP Hi Temp" (annunciator ALB-023 4-16) AND "New FP Hi Temp" (annunciator ALB-023 5-16) should be functional OR an alternate means should be present to monitor SFP temperatures.

While OMP-003 is in effect, the Control Room "Spent FP Hi/Lo Level" (annunciator ALB-023 4-17) AND "New FP Hi/Lo Level" (annunciator ALB-023 5-17) should be functional OR an alternate means should be present to monitor SFP level.

b.

SFP C Requirements:

At least one SFP Cooling Pump should have a functional emergency power supply. While OMP-003 is in effect, a standby SFP Cooling Pump should be available. This pump should be capable of providing cooling prior to exceeding a spent fuel pool temperature of 150F. At maximum heat load in SFP 'C', SFP temperature will increase at a rate of about 3 degreesF/hour. Therefore, WHEN SFP 'C' temperature exceeds 140F, the situation should be evaluated to determine IF the standby SFP Cooling Pump should be prepared for operation (IF not already capable of operation). (Ref. 2.3.21)

C-SFP A SFP Cooling Pump 2&3A functional including a functional

'A' Train CCW Pump, 'A' Train ESW Pump, AND header C-SFP B SFP Cooling Pump 2&3B functional including a functional

'B' Train CCW pump, 'B' Train ESW pump, AND header The Control Room "SFP C HI TEMP" (annunciator ALB-023 4-15) should be functional OR an alternate means should be present to monitor SFP C temperatures.

The Control Room "SFP C HI/LO Level" (annunciator ALB-023 4-18) should be functional OR an alternate means should be present to monitor SFP C Level.

(Ref. 2.3.21)

I OMP-003 I

Rev. 24 1

Page 47 of 831

- Key Safety System Availability Explanations Sheet 3 of 6 2.0 Electric Power Distribution

1.

Offsite Sources:

a.

SUT A

b.

SUT B

c.

Backfeed via UAT A OR UAT B OR both UATs

2.

Onsite Sources:

a.

EDG A

b.

EDG B

3.

Onsite Buses:

a.

A-SA Train A 6.9 KV AND associated 480 V buses

b.

B-SB Train B 6.9 KV AND associated 480 V buses

c.

S1 - SIV 120 VAC Uninterruptible buses

d.

DP-1ASA Train A DC power (bus, battery, AND at least one charger are required for operability)

e.

DP-1 BSB Train B DC power (bus, battery, AND at least one charger are required for operability)

I OMP-003 I

Rev. 24 Pa ge 48 of 83-1

- Key Safety System Availability Explanations Sheet 4 of 6 3.0 Inventory Control

1.

RCS Makeup: Requires RWST functional with level greater than 12% (WHEN two trains are required, a path from each Train should be present.)

a.

Train A (1)

PATH A =

RWST via 1CS-291 SA AND CSIP A-SA OR CSIP C-SA AND One of the following:

0 S

S S

NORMAL CHARGING BIT 1SI-52 SA 1SI-107 SA (2)

PATH B =

RWST via 1SI-322 SA AND RHR Train A

b.

Train B (1)

PATH C =

RWST via 1CS-292 SB AND CSIP B-SB OR CSIP C-SB AND One of the following:

0 0

0 NORMAL CHARGING BIT 1SI-86 SB (2)

PATH D =

RWST via 1SI-323 SB AND RHR Train B

2.

Spent Fuel Pool Makeup

a.

DWST level greater than 14.2 feet with the ability to transfer water from DWST to the Spent Fuel Pools available.

b.

RWST level greater than 12% with the ability to transfer water from RWST to the Spent Fuel Pools available.

LOMP-003 I

Rev. 24 1

Page 49 of 83

- Key Safety System Availability Explanations ISheet 5 of 6 4.0 Reactivity Control/Boration Flow Paths (WHEN two trains are required, a path from each Train should be present.)

1.

Train A (1)

(2)

PATH B =

RWST via 1SI-322 SA AND RHR Train A PATH E =

RWST via 1CS-291 SA AND CSIP A-SA OR CSIP C-SA AND One of the following:

6 0

S S

NORMAL CHARGING BIT 1 SI-52 SA 1SI-107 SA (3)

PATH F=

BAT via BATP A-SA AND CSIP A-SA OR CSIP C-SA AND NORMAL CHARGING

2.

Train B (1)

PATH D =

RWST via 1SI-323 SB AND RHR Train B (2)

PATH G =

RWST via 1CS-292 SB AND CSIP B-SB OR CSIP C-SB AND One of the following:

0 0

0 NORMAL CHARGING BIT 1SI-86 SB (3)

PATH H =

BAT via BATP B-SB AND CSIP B-SB OR CSIP C-SB AND NORMAL CHARGING

3.

CSIP CSIP CSIP A

B C

CSIP A Pump is operable, functional, OR available CSIP B Pump is operable, functional, OR available CSIP C Pump is operable, functional, OR available OMP-003 Rev. 24 Page 50 of 83

- Key Safety System Availability Explanations Sheet 6 of 6 5.0 Pressure Control

1.

LTOPS LTOPS Operable (Requires either IA OR PORVs (Ref. 2.3.9))

2.

PORV PORV blocked open

3.

SAFETY 1 PZR Safety Removed

4.

RX HEAD Reactor Vessel Head fully detensioned

5.

PZR MANWAY Pressurizer Manway removed 6.0 Containment

1.

Closure established

2.

Closure not established

3.

CNMT Fan coolers (Two needed during reduced inventory)

N2 aligned to LTOP I OMP-003 I

Rev. 24 1

Page 51 of 831

- Safety Significance Screening of Schedule Changes Sheet I of I CRITERIA: May the work OR logic change result in going below defense in depth requirements of OMP-003 OR WCM-001?

IF NO, obtain a verification evaluation. IF YES, additional evaluation is required per Attachment 4.

List activity(s)/task(s)/Iogic change(s) and safety significance screening determination.

PAGE OF 4

4 1

14

¶ r

ir 4

4 4

44 W

_______________ I I

I 41 4

I II-4 4

1 14 4

4 II 4

I.

I 41 4

I.

II-4 4

1 r

ir 4

I I

Ii 4

II*

I OMP-003 I

Rev. 24 1

Page 52 of 83

- Risk Assessment of Schedule Changes Sheet I of 6 Activity/Task being assessed Planned time frame for proposed activity:

(NA IF form being used for forced outage initial schedule risk assessment)

Preceding constraint Succeeding constraint 1.0 System/Component Availability*

During assessed period 1.1 Decay Heat Removal Availability SytmOperabley*~+

Functional 00S

'A' RHR

'B' RHR Pools 'A' & 'B'-

SFP Cooling 1&4A Pools 'A' & 'B'-

SFP Cooling 1&4B Pool 'C' -

SFP Cooling 2&3A Pool 'C' -

SFP Cooling 2&3B

'A' CCW

'B' CCW

'C' CCW

'A' ESW

'B' ESW OMP-003 Rev. 24 Page 53 of 83

- Risk Assessment of Emergent Work Schedule Changes Sheet 2 of.6 1.2 Reactor Coolant Inventory/Spent Fuel Pool Makeup System Availability

'A' RHR

'B' RHR 4

.4-BAT 4

4

+

'A' CSIP 4

4

+

'B' CSIP 4

+

'C' CSIP RWST DW TO SFP ESW TO SFP 1.3 Reactivity Control/Boration Flowpaths Availability

~System T

Operable>

Fucfoal 0O~ ~~1 MODE REQUIRED BORON INJECTION FLOW PATHS (OST-1006)

'A' RHR

'B' RHR

'A' CSIP

'B' CSIP

'C' CSIP RWST BAT OMP-003 Rev. 24 Page 54 of 83

- Risk Assessment of Emergent Work Schedule Changes Sheet 3 of 6 1.4 Electrical Power Availability OFFSITE POWER SOURCE via SATs OFFSITE POWER SOURCE via UATs (Backfeed) 6.9 KV BUS 1D 6.9 KV BUS 1E 480V BUS 1A-SA 480V BUS 1B-SB

'A' EDG

'B' EDG UPS 51 UPS S2 UPS S3 UPS S4 1A-SA DC BUS 1B-SB DC BUS IOMP-003 I

Rev. 24 1

Page 55 of 83

- Risk Assessment of Emergent Work Schedule Changes Sheet 4 of 6 2.0 Assessment of Defense in Depth Are the Defense in Depth Guidelines met for the following key safety functions during this time period:

YE 2.1 Electrical power?

(

2.2 Decay Heat Removal?

(

S NO

)

()

2.3 Makeup capability?

2.4 RCS pressure control?

2.5 Containment integrity?

2.6 Reactivity control?

()

2.7 Miscellaneous reviews?

(evaluation based upon assessed activity/task impact on initial assessment)

IF the answer to any of the above questions is NO, a more detailed assessment AND concurrence by the PNSC is required prior to beginning the work on the activity being evaluated. Continue to Section 3.0.

3.0 Analysis of the Planned Activity Would the maintenance OR surveillance test activities in question pose the risk of impacting:

3.1 The available decay heat removal systems?

3.2 The reactor OR spent fuel pool inventory OR available makeup capability?

3.3 The availability of the normal AND alternate AC power sources?

3.4 The availability of the DC power sources?

3.5 The shutdown margin OR the available reactivity control systems?

3.6 The ability to establish containment integrity (Mode 4) or closure (Modes 5 OR 6)?

YES NO

()

3.7 The RCS pressure control systems?

IF the answer to any of the above questions is YES, THEN the maintenance OR testing activity in question is considered to be a HIGHER RISK EVOLUTION, AND requires completion of Section 4.0 AND PNSC concurrence prior to beginning the work on the activity being evaluated.

FOMP-003 I

Rev. 24 Pa e 56 of 83

- Risk Assessment of'Emergent Work Schedule Changes Sheet 5 of 6 4.0 Higqher Risk Evolutions

()

N/A NOTE:

Compensatory measures, as referred to below, may include such actions as strict procedural controls, temporary modifications, contingency plan(s) to implement alternate method(s), special briefs, etc.

Are compensatory measures established to preclude the activity from affecting:

YES NO N/A 4.1 The availability of the designated decay heat?

removal systems 4.2 The availability of the designated inventory control systems?

4.3 The availability of the AC AND DC Power Systems?

4.4 The shutdown margin OR the availability of the reactivity control systems?

4.5 The ability to establish AND maintain containment integrity (Mode 4) OR closure (Mode 5 OR 6)?

4.6 The RCS pressure control systems?

Describe compensatory measure below (use separate sheet as required):

()

I OMP-003 Rev. 24 Paqe 57 of 83 1 OM-03Re.

4Pae 7of8 I

- Risk Assessment of Emergent Work Schedule Changes Sheet 6 of 6 5.0 Activity Approval PNSC concurrence required?

Assessment team approval?

YES

()

NO

()

WCOM:

Team Members:

DATE DATE DATE DATE DATE DATE PNSC CONCURRENCE

( ) YES

( ) NO (Required for High Risk Evolutions OR activities which decrease the planned Defense in Depth)

BY:

DATE NOTE:

If risk assessment completed satisfactorily, risk assessment should be identified on any applicable work order tasks per Attachment 8 instructions.

I OMP-003 I

Rev. 24 1

Page 58 of 83

- Inventory and Reactivity Flowpaths Sheet I of 6 MUST BE OPERABLE AND PRESENT TO MOVs 4*2 TO RCP SEAL INJECTON NOTE: IF C CSIP IS USED IN PLACE OF A THEN ADD CS-170

& CS-168 TO FLOW PATH

[ OMP-003 I

Rev. 24 1

Page 59 of 83

- Inventory and Reactivity Flowpaths Sheet 2 of 6 CLI CL2 CL3 I OMP-003 I

Rev. 24 I

Page 60 of 83

- Inventory and Reactivity Flowpaths Sheet 3 of 6 A EDG MUST BE OPERABLE AND POWER PRESENT TO MOVs TRAIN A PATH F Forthis Path to be available ICS-278 must be open orthe B EDOand appropriate busses must be functiona TO MINIFLOW.A I

CSIP NOTE: IF C CSIP IS USED IN PLACE OF A THEN ADD CS-217

& CS-219 TO FLOW PATH I OMP-003 Rev. 24 Paqe 61 of 83 1 I OM-03Re.24Pci*

of83

- Inventory and Reactivity Flowpaths Sheet 4 of 6 CL1 CL2 PRZ HL2

.01.2 HL3 cu1 CL2 CL3 B EDG MUST BE OPERABLE AND POWER PRESENT TO MOVs NOTE: IFC CSIP. ISUSED IN PLACE OF B THENADD CS-171

&CS-169TOTHEFLOW PATH I OMP-003 I

Rev. 24 1

Page 62 of 83

- Inventory and Reactivity Flowpaths Sheet 5 of 6 HL.1 TRAIN B PATH D HL2 A RHR PUMP CLI CL2 MINIFLOW.

RH-2

.RH-I B RHR PUMP B

Sl-3 TO MINIFLOW HL3 I OMP-003 I

Rev. 24 Pa ge 63 of 83 ]

- Inventory and Reactivity Flowpaths Sheet 6 of 6 B EDGMUST BE OPERABLE AND POWER PRESENT TO MOVs I OMP-003 Rev. 24 Paqe 64 of 83 1 I

I OM-0 ev 4Pcj6 f8 I

- UPS Loads :Important To Key Safety Functions Sheet I of 6 NOTE:

This Attachment is a subset list from AOP-024 to provide a list of UPS loads important to Key Safety Functions During Modes 5, 6, OR defueled.

I 1 DP-1A-SI - Loads Important to Key Safety Functions Component~~K Decito I~mportance Source Range NI-31 Reactivity monitoring SSPS AND ESFAS CH 1 A&B CVIS requires SSPS functional MDAFW Pump FCVS Hydromotors IF SG is DHR method, could impair feeding SG ASA MDAFW Pump PCV IF SG is DHR method, could impair feeding SG Hydromotor RVLIS A Train Inventory monitoring A, B, C SG PORV Position Indication IF SG is DHR method, could impair steaming control WR Flux Monitor N-60 Reactivity monitoring PIC Cabinet I Powered from 1DP-1A-SI only LT-474,SG A Level NR IF SG is DHR method, loss of one SG A level NR LT-477,SG A Level WR IF SG is DHR method, loss of SG A level WR LT-484,SG B Level NR IF SG is DHR method, loss of one SG B level NR LT-494,SG C Level NR IF SG is DHR method, loss of one SG C level NR LT-990,RWST level Reactivity AND Inventory monitoring, loss of one RWST level indicator. Lose SI auto swap-over input LI-1 06,Boric Acid Tank Level Reactivity AND Inventory monitoring, loss of one BAT level indicator LT-459, PRZ Level Inventory monitoring, normal letdown isolation TE-413, RCS Hot Leg Temp Loop A Pressure control, LTOP Train A PORV 1 RC-1 18 input TE-423, RCS Hot Leg Temp Loop B Pressure control, LTOP Train A PORV 1 RC-1 18 input TE-433, RCS Hot Avg Temp Loop C Pressure control, LTOP Train A PORV 1 RC-1 18 input PIC Cabinet 17 Powered from 1DP-1A-S1 AND App. R Inverter PP-1A312 PT-308A, SG A PORV Press Control IF SG is DHR method, could impair steaming control LT-477,SG A Level WR IF SG is DHR method, loss of SG A level WR LT-459,PRZ Level Inventory monitoring, normal letdown isolation TE-413, RCS Hot Leg Temp Loop A Pressure control, LTOP Train A PORV 1 RC-1 18 input-lose LTOPs permissive TE-423, RCS Hot Leg Temp Loop B Pressure control, LTOP Train A PORV 1RC-118 input-lose LTOPs permissive PT-444, PRZ Press Control RCS pressure control I OMP-003 I

Rev. 24 1

Page 65 of 83 1

.- UPS Loads Important To Key Safety Functions Sheet 2 of 6 1DP-1 B-SII - Loads Important to Key Safety Functions Component Description Importance Source Range NI-32 Reactivity monitoring SSPS AND ESFAS CH 2 A&B CVIS requires SSPS functional BSB MDAFW Pump PCV IF SG is DHR method, could impair feeding SG Hydromotor RVLIS B Train Inventory monitoring WR Flux Monitor N-61 Reactivity monitoring PIC Cabinet 2 Powered from 1DP-1B-SII only LT-475,SG A Level NR IF SG is DHR method, loss of one SG A level NR LT-487,SG B Level WR IF SG is DHR method, loss of SG B level WR LT-485,SG B Level NR IF SG is DHR method, loss of one SG B level NR LT-495,SG C Level NR IF SG is DHR method, loss of one SG C level NR LT-991,RWST level Reactivity AND Inventory monitoring, loss of one RWST level indicator. Lose SI auto swap-over input LT-161,Boric Acid Tank Level Reactivity AND Inventory monitoring, loss of one BAT level transmitter TE-410, RCS Cold Leg Temp Loop A Pressure control, LTOP Train B PORV 1RC-114 input TE-420, RCS Cold Leg Temp Loop B Pressure control, LTOP Train B PORV 1RC-114 input TE-430, RCS Cold Leg Temp Loop C Pressure control, LTOP Train B PORV 1RC-114 input LT-460, PRZ Level Inventory monitoring, normal letdown isolation PIC Cabinet 10 Powered from 1DP-1B-SII only PT-2150B, AFW Pump B Disch IF SG is DHR method, could impair feeding SG - lose Press auto pressure control FT-2050B, AFW to SG B Flow IF SG is DHR method, loss of AFW to SG B Flow Indication PT-2250B, AFW Pump B Suct Press IF SG is DHR method, could impair feeding SG TE-51 1OB, SFP Temp (Pool B)

Core Cooling, Loss of SFP Temp Indication (Pool B)

TE-5100B, NFP Temp (Pool A)

Core Cooling, Loss of NFP Temp Indication (Pool A)

TE-51 1OB, Spent Fuel Pool C Temp Core Cooling, Loss of SFP C Temp Indication PIC Cabinet 18 Powered from 1DP-1B-SII AND App. R Inverter PP-1B312 PT-308B, SG B PORV Press Control IF SG is DHR method, could impair steaming control LT-487,SG B Level WR IF SG is DHR method, loss of SG B level WR TE-410, RCS Cold Leg Temp Loop A Pressure control, LTOP Train B PORV 1RC-114 input TE-420, RCS Cold Leg Temp Loop B Pressure control, LTOP Train B PORV 1 RC-1 14 input LT-161 Boric Acid Tank Level Reactivity AND Inventory monitoring, loss of one BAT

, level transmitter I OMP-003 I

Rev. 24 1

Page 66 of 83 1

- UPS Loads Important To Key Safety Functions Sheet 3 of 6 1DP-1A-SIII - Loads Important to Key Safety Functions Cýonipornent De$c~ription Imotac SSPS AND ESFAS CH 3 A&B CVIS requires SSPS functional SG C PORV Servo Motor IF SG is DHR method, could impair steaming control PIC Cabinet 3 Powered from 1 DP-1A-SIII only LT-476,SG A Level NR IF SG is DHR method, loss of one SG A level NR LT-486,SG B Level NR IF SG is DHR method, loss of one SG B level NR LT-496,SG C Level NR IF SG is DHR method, loss of one SG C level NR LT-497,SG C Level WR IF SG is DHR method, loss of SG C level WR LT-992,RWST level Reactivity AND Inventory monitoring, loss of one RWST level indicator. Lose SI auto swap-over input LT-461,PRZ Level Inventory monitoring, normal letdown isolation PIC Cabinet 9 Powered from 1DP-1A-SIII only PT-2150A, AFW Pump A Disch IF SG is DHR method, could impair feeding SG - lose Press auto pressure control FT-2050A, AFW to SG A Flow IF SG is DHR method, loss of AFW to SG A Flow Indication FT-2050C, AFW to SG C Flow IF SG is DHR method, loss of AFW to SG C Flow Indication FK-2051A, AFW to SG A Man Cont IF SG is DHR method, could impair feeding SG - will not shut on AFW isolation FK-2051 B, AFW to SG B Man Cont IF SG is DHR method, could impair feeding SG - will not shut on AFW isolation FK-2051C, AFW to SG C Man Cont IF SG is DHR method, could impair feeding SG - will not shut on AFW isolation PT-2250A, AFW Pump A Suct Press IF SG is DHR method, could impair feeding SG PT-308C, SG C PORV Press Control IF SG is DHR method, could impair steaming control TE-51 1A, SFP Temp (Pool B)

Spent Fuel Cooling, Loss of SFP Temp Indication (Pool B)

TE-5100A, NFP Temp (Pool A)

Spent Fuel Cooling, Loss of NFP Temp Indication (Pool A)

TE-5110A, Spent Fuel Pool C Temp Core Cooling, Loss of SFP C Temp Indication OMP-003 Rev. 24 Page 67 of 83

- UPS Loads Important To Key Safety Functions Sheet 4 of 6 1DP-1 B-SIV - Loads Important to Key Safety Functions I Componentt Drescription ReImitportance Audio Count Rate Drawer Reactivity Monitoring Comparator AND Rate Drawer Reactivity Monitoring SSPS AND ESFAS CH 4 A&B CVIS requires SSPS functional PIC Cabinet 4 Powered from 1 DP-1 B-SIV only LT-473,SG A Level NR IF SG is DHR method, loss of one SG A level NR LT-483,SG B Level NR IF SG is DHR method, loss of one SG B level NR LT-493,SG C Level NR IF SG is DHR method, loss of one SG C level NR LT-993,RWST level Reactivity AND Inventory monitoring, loss of one RWST level indicator.

I OMP-003 I

Rev. 24 1

Page68 of 83

- UPS Loads Important To Key Safety Functions Sheet 5 of 6 7.5 KVA Inverter NNS UPS Loads - Important to Key Safety Functions Component Description Importance PIC-5 Powered from 7.5 KVA NNS Inverter AND PP-1 D212 T-413A AND P-402, RCS Cold Over Pressure control, LTOP Train A PORV 1 RC-1 18 input Pressure Input LT-990,RWST Level Reactivity AND Inventory monitoring HCV-142, RHR HX Outlet to CVCS RCS pressure control, RHR to CVCS flow control HCV-603A, RHR HX Outlet RCS temp control IF A RHR in service PT-440, RCS Cold Over Pressure control, LTOP Train A PORV 1RC-118 input Pressurization PIC-7 Powered from 7.5 KVA NNS Inverter AND PP-1D212 PT-445, PRZ Press Control RCS pressure control LT-992, RWST Level Reactivity AND Inventory monitoring PT-600A, RHR Pump A Disch Press A RHR disch press indication TE-604A, RHR Pump A Disch Temp A RHR disch temp indication TE-606A, RHR HX A Rtn Temp A RHR HX return temp indication FT-940, High Head Hot Leg SI Flow SI flow indicator FT-688, RHR HX A Outlet Flow A RHR HX outlet flow indication FT-605A, RHR HX A Bypass Flow A RHR HX bypass flow indication PIC-19 Powered from 7.5 KVA NNS Inverter AND UPP-1 FT-122, Charging Line Flow Charging flow indication HC-603B, RHR HX B Outlet Man B RHR HX flow control Flow Control FT-605B, RHR HX B Bypass Flow B RHR HX flow control FK-605B, RHR HX B Bypass Flow B RHR HX flow control Control PT-444, PRZ Press Control RCS pressure control I OMP-003 I

Rev. 24 Page 69 of 831

- UPS Loads Important To Key Safety Functions Sheet 6 of 6 60 KVA Inverter NNS UPS Loads - Important to Key Safety Functions CompoUPnt Description I

6 mportance UPP-1 Powered from 60 KVA NNS Inverter UPP-IA Power Supply Powered from 60 KVA NNS Inverter Control Signals to Group PRZ Htr Pressure control, LTOP Train B PORV 1RC-114 input AND PCV-444B (1RC-114)

Back up Power Supply to PIC-19 Back up Power Supply to PIC-19 Main Fire Detection Information Affects Data multiplexer, Alarm Printer, Computer, Center Computer Printer Bus UPP-1A Powered from 60 KVA NNS Inverter via UPP-1 Main Fire Detection Control Panel Fire Protection system impaired LFDCP 1-15 Fire Protection system impaired Isolation Cabinets - B4(2A2) AND In general, these circuits power non-safety interlocks B2(2B2)

OR control features RVLIS Inventory monitoring PIC-6 Control 2 Powered from 60 KVA NNS Inverter with backup supply from PP-1 E212 LT-991, RWST Level Reactivity AND Inventory monitoring FT-110, Emergency BA Flow Reactivity monitoring Transmitter FI-122, Charging Flow Control Charging flow indication FT-943, High Head Cold Leg SI Flow SI flow indicator Thru BIT PT-145, RCS Low Press Letdown RCS pressure control, RHR to CVCS flow control Press PIC-8 Control 4 Powered from 60 KVA NNS Inverter with backup supply from PP-1 E212 PT-600B, RHR Pump B Disch Press B RHR disch press indication TE-604B, RHR Pump B Disch Temp B RHR disch temp indication TE-606B, RHR Pump B Return Temp B RHR HX return temp indication LT-993, RWST Level Reactivity AND Inventory monitoring TT-410, RCS Temp Pressure control, LTOP Train B PORV 1RC-114 input TT-420, RCS Temp Pressure control, LTOP Train B PORV 1 RC-1 14 input TT-430, RCS Temp Pressure control, LTOP Train B PORV 1RC-114 input LT-462, PZR Level Cold Cal Channel Level indication FT-689, RHR HX B Outlet Flow B RHR HX outlet flow indication FT-605B, RHR HX B Bypass Flow B RHR HX flow control PT-441, RCS Cold Over Pressure control, LTOP Train B PORV 1RC-114 input Pressurization PIC-1 1 BOP Non-Safety A&B Powered from 60 KVA NNS Inverter with backup supply from PP-1D212 L-9302, NSW Pumps Chamber Level Loss of B NSW pump start permissive PIC-15 BOP/HVAC Non-Safety A&B Powered from 60 KVA NNS Inverter with backup supply from PP-1E212 OMP-003 Rev. 24 Page 70 of 83]

- Systems Requiring Risk Assessment for Schedule Changes Sheet I of 2 SYSTEM 1005 REACTOR VESSEL AND INTERNALS SYSTEM 1045 EXCORE NUCLEAR INSTRUMENT SYSTEM 1050 INCORE NUCLEAR INSTRUMENT SYSTEM 1080 REACTOR PROTECTION SYSTEM 1090 ENGINEERED SAFETY FEATURES ACTUATION SYSTEM 1900 NSSS PROCESS INSTRUMENTATION CONTROL SYSTEM 2005 REACTOR COOLANT SYSTEM 2025 REACTOR COOLANT PUMP AND MOTOR 2050 PRESSURIZER 2060 CHEMICAL AND VOLUME CONTROL SYSTEM 2065 BORON THERMAL REGENERATION SYSTEM 2070 CONTAINMENT SPRAY SYSTEM (FOR CIV SCOPE ONLY) 2075 POST ACCIDENT HYDROGEN SYSTEM (FOR CIV SCOPE ONLY) 2080 HIGH HEAD SAFETY INJECTION SYSTEM 2085 LOW HEAD SAFETY INJECTION AND RHR SYSTEM 2090 PASSIVE SAFETY INJECTION SYSTEM 2115 REACTOR COOLANT SAMPLING SYSTEM 2117 POST ACCIDENT SAMPLING SYSTEM (FOR CIV SCOPE ONLY) 3005 STEAM GENERATOR 3010 STEAM GENERATOR BLOWDOWN SYSTEM (FOR CIV SCOPE ONLY) 3020 MAIN STEAM SYSTEM (FOR CIV AND TDAFW SCOPE ONLY) 3050 FEEDWATER SYSTEM (FOR CIV SCOPE ONLY) 3065 AUXILIARY FEEDWATER SYSTEM 3100 STEAM CYCLE SAMPLING SYSTEM (FOR CIV SCOPE ONLY) 4045 RESERVOIR 4047 AUXILIARY RESERVOIR 4060 NORMAL SERVICE WATER SYSTEM (FOR CIV SCOPE ONLY) 4065 EMERGENCY SERVICE WATER SYSTEM 4080 COMPONENT COOLING WATER SYSTEM 4115 EMERGENCY SCREEN WASH SYSTEM 5095 DIESEL GENERATOR SYSTEM 5100 DIESEL FUEL OIL SYSTEM 5105 DIESEL LUBE OIL SYSTEM 5110 DIESEL JACKET WATER SYSTEM 5112 DIESEL STARTING AIR SYSTEM 5132 MAIN TRANSFORMER 5145 STARTUP AND AUXILIARY TRANSFORMER SYSTEM 5155 TRANSFORMER FIRE PROTECTION SYSTEM 5165 6.9KV AC DISTRIBUTION SYSTEM I OMP-003 I

Rev. 24 1

Page 71 of 831

- Systems Requiring Risk Assessment for Schedule Changes Sheet 2 of 2 SYSTEM 4RDESCRIPTION E

5175 480V AC DISTRIBUTION SYSTEM 5185 208/120V DISTRIBUTION SYSTEM 5195 UNINTERRUPTIBLE AC SYSTEM 5196 UNINTERRUPTIBLE AC SYSTEM - CLASS 1E 5230 250V DC DISTRIBUTION SYSTEM 5232 125V DC DISTRIBUTION SYSTEM - CLASS 1E 5245 125V DC DISTRIBUTION SYSTEM 6008 BOP PROCESS INSTRUMENTATION CONTROL SYSTEM 6012 MAIN TERMINATION CABINETS 6015 ANNUNCIATOR SYSTEMS 6016 ISOLATION CABINETS 6018 AUXILIARY RELAY CABINETS 6135 INSTRUMENT AIR SYSTEM 6140 SERVICE AIR SYSTEM (FOR CIV SCOPE ONLY) 6150 NITROGEN SUPPLY/BLANKETING SYSTEM 6175 SITE FIRE PROTECTION SYSTEM 6180 SITE FIRE DETECTION SYSTEM 6190 AIR COMPRESSORS 6240 RADIOACTIVE EQUIP DRAINS SYSTEM (FOR CIV SCOPE ONLY) 6270 DEMINERALIZED WATER SYSTEM 7005 RADIATION MONITORING SYSTEM 7070 GASEOUS WASTE PROCESSING SYSTEM (FOR CIV SCOPE ONLY) 7095 REFUELING SYSTEM 7105 SPENT FUEL SYSTEM 7110 SPENT FUEL POOL COOLING SYSTEM 7115 SPENT FUEL POOL CLEANUP SYSTEM 8010 CONTAINMENT BUILDING 8020 CONTAINMENT LINER AND PENETRATION SYSTEM 8060 CONTAINMENT VACUUM BREAKER SYSTEM 8070 CONTAINMENT PRESSURIZATION/LEAK DETECTION SYSTEM 8100 PENETRATION PRESSURIZATION SYSTEM 8170 CONTAINMENT PURGE SYSTEM 8220 HVAC CONTROL ROOM AREA 8231 HVAC EMERGENCY SERVICE WATER INTAKE STRUCTURE 8340 DIESEL GENERATOR BUILDING 8342 HVAC DIESEL BUILDING 8352 HVAC FUEL HANDLING BUILDING 9555 SNUBBERS 9999 TOOLS/LABOR/TRAINING OMP-003 Rev. 24 Page 72 of 83

- Maximum Equilibrium Containment Pressure Sheet I of I NOTE:

This Attachment assumes two CNMT Fan Cooler Fans running in slow speed.

11 10 9

80 V5u) 6

)

6*

40 3

2 0

40 30 20 Decay Heat Load of Core, Btu/hrxIOE6 10 I OMP-003 I

Rev. 24 Page 73 of 83 I

- Risk Review Identification on Work Order Tasks Sheet I of 2 CAUTION Risk reviewers must understand the full scope of work to determine risk significance. Therefore, the risk review may not be possible until the work is fully planned.

Any activity added to the schedule receives a risk review documented in Attachment 4.

Therefore any activity indicated in Progress Reporter has been risk reviewed. The purpose of this attachment is to provide a method, for those work order tasks designated as emergent but not yet shown in Progress Reporter, to indicate on the printed work order that a risk assessment has been performed.

If the work order has been printed prior to risk assessment, the risk assessor can write by hand on the hard copy the PassPort entries described below in order to document the risk assessment.

1.

Documenting a Risk Assessment Requirement on a Work Order Task:

a.

Access the Work Order Task in PASSPORT.

b.

In the CPM PROJECT field, enter the Project View project identifier. This typically is "Rxx" (such as R12) for refueling outages.

c.

In the NETWORK REFERENCE field, enter "EMERGENT". This can be used in conjunction with the window identifier. Example: " RHRA-EMERGENT".

d.

Select Tab 6, Requirements/Permits

e.

In the Requirements to Perform This Task section, scroll to a blank entry and enter the following:

1) 2)

3)

In Facility field, enter "HNP" In Req/Regulation field, enter "RISK" In Value field, enter "N" if the WO Task has been evaluated per 5.4.3 as NOT being risk significant and requires no verification, then in Comments field, enter your initials.

OR In Value field, enter "Y" if the WO Task has been evaluated per 5.4.3 as being potentially risk significant and requires verification, then in Comments field, enter your initials.

I OMP-003 I

Rev. 24 Pa ge 74 of 837

- Risk Review Identification on Work Order Tasks Sheet 2 of 2

2.

Documenting a Second Risk Review of a Work Order Task:

a.

Access the Work Order Task in PASSPORT.

b.

In the NETWORK REFERENCE field, verify "EMERGENT" has been entered.

c.

Select Tab 6, Requirements/Permits

d.

In the Requirements To Perform This Task field, verify an entry has been created with the following:

1) 2)

3) 4)

In Facilty field, "HNP" In Req/Regulation field, "RISK" In Value field, "Y" In the Comments field, first risk reviewer's initials

e.

After the second risk reviewer has performed a review per section 5.4.3, he/she identifies completion of this review (including completion of a team or PNSC review when required) as follows:

In the Requirements To Perform This Task field, scroll to a blank entry and enter the following:

1) 2)

3) 4)

In Facilty field, enter "HNP" In Req/Regulation field, enter "RISKASSESS" In Value field, enter "Y" In the Comments field, second risk reviewer's initials OMP-003 Rev. 24 Page 75 of83 0 - Protected Train Work Approval Form Sheet I of I The following items will be completed by the requesting organization:

Protected Train Work

Title:

/

Equipment:

WO Number:

Reason Why Work Must be Performed While Train is Protected:

Scope of Work (include all affected protected train equipment):

Planned Duration of Work Activity:

Point of Accountability at Job Site (Name):

Impact on key safety function:

Planned work area boundaries between job site and other protected train equipment:

Contingency plans regarding the work (if needed):

Requesting Project Manager/

Work Group Supervisor:

Signature Date The following items will be completed by the WCC SRO:

1. Evaluate job with the aggregate of all work in the protected train.

2. Verify/specify pre-job briefing requirements.

3. Discuss with workers methods to communicate job start/stop times, the importance of reporting off-normal conditions at the job site immediately to the Work Control Center, and means of communications with the WCC.

4. Ensure an immediate post-job inspection is performed by a knowledgeable individual to verify no impact on protected equipment to support key safety function.

APPROVED:

WCC SRO Signature Date Time

- A COPY OF THIS FORM WILL BE KEPT AT THE JOB SITE AND BY THE WCC **

APPROVED:

SSO Signature Date Time

- WHEN WORK IS COMPLETE, RETURN FORM TO THE WCC**

OMP-003 Rev. 24 Page 76 of 83 1 - Outage Risk Criteria Page 1 of 3 Outage configurations will be evaluated and graded on three qualitative criteria. Each of the criteria represents a contributor to overall risk. The grade will either be a 0 or 1. The sum of the grades will correspond to a risk color. Higher the grade - higher the risk The criteria are dominated by focus on the critical safety function of decay heat removal. The rationale being that risk of fuel damage and therefore risk of dose to the general public is dominated by events which result in a loss of DHR, boil-off of available water inventory, and subsequent core uncovery. It is core uncovery that leads to fuel damage.

The process described above does not prevent the WCOM from establishing a qualitative total evaluation at his discretion. All higher risk evolutions as defined in OMP-003 for DHR are Orange or Red.

1)

Equipment Availability.

This is a qualitative evaluation of the availability and reliability of systems that provide decay heat removal.

a.

Equipment availability would not be degraded if these systems are:

In an alignment with both DHR trains available, Separated from common mode failures, Require minimal operator action if one train is lost, AND The protected train of DHR (RHR, CCW, and ESW header) is in service to provide core cooling.

b.

Equipment availability would be degraded if:

The components of DHR (RHR/SFPC, CCW, ESW and normal power supplies) from the designated PROTECTED TRAIN are not operating to provide core

cooling, OR The DHR trains are in an unusual alignment or control configuration that would be a challenge for operators to recover DHR should the operating train be lost, OR

" The plant configuration is such that there is a risk of loss of both trains of DHR.

This risk of loss should consider any lack of isolation between PROTECTED TRAIN with activities being performed that could present a risk of loss to both trains. For example: the RCS reduced inventory condition (RCS level <-36 in) presents a risk of loss of suction to both trains of RHR.

IF availability degraded the grade is 1.

IF availability not degraded the grade is 0.

IOMP-003 I

Rev. 24 1

Page 77 of 83 1 - Outage Risk Criteria Page 2 of 3

2)

Time to Boil.

With the loss of DHR, this factor is a measure of heat load and time pressure for recovery actions. It represents a measure of risk that the recovery action will not occur in time to prevent core boiling, or that the time pressure on manual actions may exacerbate the event.

IF time-to-boil is -< 40 minutes, the grade is 1.

IF time-to-boil is > 40 minutes, the grade is 0.

3)

RCS Level (Inventory)

Similar to time to boil, this is a measure of time available for recovery actions before core uncovery occurs.

IF Level at reduced inventory (5 -36" below flange), the grade is 1.

IF level not in reduced inventory (> -36" or higher above flange), the grade is 0.

Risk level or color becomes the sum of the three factors.

Scores:

0 1

2 3

= Green

= Yellow

= Orange

= Red Examples:

OST-1813 early in outage Reduced Inventory (Mid-loop)

OST-1826 OST-1507 YELLOW (equipment availability/configuration)

RED early in outage (to low time to boil),

ORANGE late in outage (with time to boil >40 minutes)

YELLOW (Equipment Availability/Configuration)

WCM-001 procedure addresses Mode 3 and higher.

OMP-003 Rev. 24 Page 78 of 83 1 - Outage Risk Criteria Page 3 of 3 1.0 General Description of Colors:

1. Green: Minimum Risk The plant configuration is fully capable of supporting the key safety function of decay heat removal. Defense in depth is maintained.

2. Yellow: Defense in Depth is Reduced The plant configuration poses some challenges to the key safety function of decay heat removal. Defense in Depth is marginally reduced but not threatened.

NOTE:

All evolutions classified as "Higher Risk" per OMP-003 will not result in an Orange or Red risk. This color evaluation is targeted to the loss of decay heat removal and that safety function. For example: the crane boom over the RWST results in a Higher Risk evolution for inventory control, but would not be considered higher risk of loss of DHR.

NOTE:

The need for contingency plans is based on the activity classification as a HIGHER RISK EVOLUTION per this procedure.

3. Orange: Defense In Depth is Challenged The plant configuration provides a higher potential for the loss of the key safety function of Decay Heat Removal. Risk management is required. Contingency plans required by OMP-003 may be in effect. Time in this condition should be minimized.

Increased management oversight would be required

4. Red: Defense in Depth is Threatened This plant configuration provides an increased potential for loss of decay heat removal, with a reduced time for recovery. This color will generally be the result of a "Higher Risk" evolution as defined by OMP-003. Some work activities may have to be suspended. Full attention by the Main Control Room staff is required. Time in this condition should be minimized. Increased management oversight would be required.

I OMP-003 I

Rev. 24 1

Page 79 of 83 1 2-Protected Equipment Sign Page 1 of 3 EXAMPLE RXX PROTECTED EQUIPMENT SIGN POSTINGS PLAN ted By:

Date:

oved By:

Date:

rations SRO:

Date:

Crea Appr Oper I OMP-003 I

Rev. 24 1

Page 80 of 83 2 - Protected Equipment Sign Page 2 of 3 EXAMPLE CONFIGURATION 1A POSTINGS (MODE 5 RCS LOOPS FILLED AND PRESSURIZED, TRAIN A PROTECTED):

HANG (SCHEDULE TASK 'POST-lA'):

RAB:

190' ELEVATION:

1ASA RHR PUMP 1BSB RHR PUMP 236' ELEVATION:

1ASA CSIP DOOR 1BSB CSIP DOOR 1ASA CCW PUMP 1BSB CCW PUMP A SFP COOLING PUMP 261' ELEVATION:

A SFP COOLING PUMP BKR (1&4A33-SA-4D) 286' SWGR ROOM:

BKR 101 BKR 104 BKR 105 BKR 106 1ASA RHR PUMP BKR 1BSB RHR PUMP BKR 1ASA BATTERY ROOM DOOR 1ASA CSIP BKR 1BSB CSIP BKR 1ASA CCW PUMP BKR 1BSB CCW PUMP BKR 1ASA ESW PUMP BKR 1BSB ESW PUMP BKR 1 B-SA BATTERY CHARGER 305' ELEVATION:

51 DIST PNL S3 DIST PNL OUTSIDE AREAS:

A SUT ENTRYWAY 1ASA ESW PUMP 1BSB ESW PUMP EDG BUILDING:

1ASA EDG DOOR I OMP-003 I

Rev. 24 1

Page 81 of 83 2 - Protected Equipment Sign Page 3 of 3 EXAMPLE CONFIGURATION 1B POSTINGS (MODE 5 RCS LOOPS FILLED AND PRESSURIZED, TRAIN A PROTECTED):

HANG (SCHEDULE TASK 'POST-1 B')

1ASA BORIC ACID TRANSFER PUMP 1ASA BORIC ACID TRANSFER PUMP BKR (MCC 1A35-SA-7A)

REMOVE: NONE FINAL POSTINGS:

RAB:

190' ELEVATION:

1ASA RHR PUMP 1BSB RHR PUMP 236' ELEVATION:

1ASA CSIP DOOR 1BSB CSIP DOOR 1ASA CCW PUMP 1BSB CCW PUMP 1ASA BORIC ACID TRANSFER PUMP A SFP COOLING PUMP 261' ELEVATION:

A SFP COOLING PUMP BKR (1&4A33-SA-4D) 1ASA BORIC ACID TRANSFER PUMP BKR (MCC 1A35-SA-7A) 286' SWGR ROOM:

BKR 101 BKR 104 BKR 105 BKR 106 1ASA RHR PUMP BKR 1BSB RHR PUMP BKR 1ASA BATTERY ROOM DOOR 1ASA CSIP BKR 1BSB CSIP BKR 1ASA CCW PUMP BKR 1BSB CCW PUMP BKR 1ASA ESW PUMP BKR 1BSB ESW PUMP BKR 1B-SA BATTERY CHARGER 305' ELEVATION:

$1 DIST PNL S3 DIST PNL OUTSIDE AREAS:

A SUT ENTRYWAY 1ASA ESW PUMP 1BSB ESW PUMP EDG BUILDING:

1ASA EDG DOOR OMP-003 Rev. 24 Page 82 of 83

REVISION 24

SUMMARY

Page Section Step (opt.)

Changes 6

3.5.4 Changed condition report to action request.

6 3.6.2 Amplified SSO responsibilities to include "... or determining activities that may not be performed on PROTECTED equipment."

8,9 4.3, 4.8 Added OST-1 827 to list of higher risk activities 9

4.11 Added definition of "Maintenance Exclusion Period" 10 4.14 Added definition of "Protected" 11 - 12 5.1 all Revised wording in this section to reflect current station philosophy for qualitative risk assessment, importance of work sequencing to maintain DID, and impact that improper work sequencing can have on ability to maintain decay heat removal.

13 5.2.1 4

Amplified reduced inventory limitations to when fuel is in the vessel thus providing clarity to the conditions of when reduced inventory exists.

14 5.2.4 6

Added wording that the organization responsible for implementing the contingency plan should also be cognizant of when contingency plans are in effect.

16 5.2.6 8

New step to address verification of off site power source adequacy for DID during an outage. Reference PRR172806 19 5.3.1 13 New step to describe requirements for NSW as an active component of the PROTECTED TRAIN.

19 5.3.1 14 New step to describe the process for protecting the DHR KSF during the Maintenance Exclusion Period.

20 5.3.2 Added NSW to the last note.

31 5.3.7 4

Changed time - to - boil to 40 minutes to coincide with NRC criteria for T-T-B thresholds.

35 5.4.2 All Moved Section 5.3.8 to the Initial risk review section to collocate the items associated with the risk review.

37 5.4.1 6

Added mode 3 to the forced outage entry conditions for requiring a risk assessment.

38 5.4.3 3

Added "... or scope changes to existing work order tasks that require a different plant configuration..." to requirements to perform WO risk reviews.

40 5.5.2, 5.5.3 Revised the wording for temporary deviations to KSF Checklist to address NAS concern that too many deviations occurred in R12 and that there was inconsistency in the logging of those deviations.

42 5.6.2 5

Revised wording for posting the Key Safety Function Availability Checklists and controlling the risk stoplight.

45 Attach 1 Made the KSF checklist an example in OMP-003 thus allowing the format to be maintained outside of OMP-003.

52, 53 Attach 3 Split Att. 3 in two attachments, Att. 3 and Att. 4 for better human factors.

One Att. Is for screening schedule changes and the other is for evaluation of changes that reduce DID. Renumbered the remaining attachments accordingly.

59 Attach 5 All sheets Changed minimum BAT level from >21% to >23% to match minimum required by T.S. in Modes 5 & 6.

65 - 70 Attach 6 Deleted requirement that SSPS be functional to support LTOPS. Per the System Engineer, this test configuration does not negatively affect LTOPS and LTOPS is maintained operable for OMP-003 risk purposes.

66 Attach 6 typographical error-PT-460; corrected to be LT-460 77 Attach 11 Changed title to "Outage Risk Criteria" vice "Outage Stoplight Criteria" 78 Attach 11 Changed time-to-boil criteria to 40 minutes and deleted OST-1813 as an example of an Orange risk condition. OST-1813 no longer results in risk orange due to better analysis of t-t-b limits early in the outage.

I OMP-003 I

Rev. 24 1

Page 83 of 83

ML080160256

Text

2.0 REFERENCES

2.2.1 CPL-2165-S

Title:

SUMMARY

Navigation menu

Search