ML080280574
| ML080280574 | |
| Person / Time | |
|---|---|
| Site: | Harris  |
| Issue date: | 01/07/2008 |
| From: | Ertman J Progress Energy Co |
| To: | Office of Nuclear Reactor Regulation |
| Oudinot D | |
| References | |
| Download: ML080280574 (60) | |
Text
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection A comprehensive list of systems and equipment and their interrelationships to be analyzed for a fire event shall be developed. The equipment list shall contain an inventory of those critical components required to achieve the nuclear safety performance criteria of Section 1.5. Components required to achieve and maintain the nuclear safety functions and components whose fire-induced failure could prevent the operation or result in the maloperation of those components needed to meet the nuclear safety criteria shall be included. Availability and reliability of equipment selected shall be evaluated.
NEI 00-01 Guidance NEI 00-01 Ref This section discusses a generic deterministic methodology and criteria that licensees can use to perform a post-fire safe shutdown analysis to address regulatory requirements. The plant-specific analysis approved by NRC is reflected in the plants licensing basis. The methodology described in this section is also an acceptable method of performing a post-fire safe shutdown analysis. This methodology is indicated in Figure 3-1. Other methods acceptable to NRC may also be used. Regardless of the method selected by an individual licensee, the criteria and assumptions provided in this guidance document may apply. The methodology described in Section 3 is based on a computer database oriented approach, which is utilized by several licensees to model Appendix R data relationships. This guidance document, however, does not require the use of a computer database oriented approach.
The requirements of Appendix R Sections III.G.1, III.G.2 and III.G.3 apply to equipment and cables required for achieving and maintaining safe shutdown in any fire area. Although equipment and cables for fire detection and suppression systems, communications systems and 8-hour emergency lighting systems are important features, this guidance document does not address them.
Additional information is provided in Appendix B to this document.
3 Deterministic Methodology Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Plant USA' safe shutdown methodology was reviewed against the guidelines of NUREG-0800, so references to the requirements of specific sections of Appendix R do not apply. The corresponding sections of NUREG-0800 are C.5.b and C.5.c.
Plant USA SER initial and Supplement 4,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref This section discusses the identification of systems available and necessary to perform the required safe shutdown functions. It also provides information on the process for combining these systems into safe shutdown paths. Appendix R Section III.G.1.a requires that the capability to achieve and maintain hot shutdown be free of fire damage. It is expected that the term "free of fire damage" will be further clarified in a forthcoming Regulatory Issue Summary. Appendix R Section III.G.1.b requires that repairs to systems and equipment necessary to achieve and maintain cold shutdown be completed within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />. It is the intent of the NRC that requirements related to the use of manual operator actions will be addressed in a forthcoming rulemaking.
[Refer to hard copy of NEI 00-01 for Figure 3-1]
3.1 [A, Intro] Safe Shutdown Systems and Path Development Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The corresponding guidelines for Plant USA are found in NUREG-0800, BTP CMEB 9.5-1 Sections C.5.b(1) and (2).
,, Rev.,
C.5.b(1) and (2)
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.3 and B.5.1 Page 1 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Guidance NEI 00-01 Ref The goal of post-fire safe shutdown is to assure that a one train of shutdown systems, structures, and components remains free of fire damage for a single fire in any single plant fire area. This goal is accomplished by determining those functions important to achieve and maintain hot shutdown. Safe shutdown systems are selected so that the capability to perform these required functions is a part of each safe shutdown path. The functions important to post-fire safe shutdown generally include, but are not limited to the following:
Reactivity control Pressure control systems Inventory control systems Decay heat removal systems Process monitoring Support systems
- Electrical systems
- Cooling systems These functions are of importance because they have a direct bearing on the safe shutdown goal of being able to achieve and maintain hot shutdown which ensures the integrity of the fuel, the reactor pressure vessel, and the primary containment. If these functions are preserved, then the plant will be safe because the fuel, the reactor and the primary containment will not be damaged. By assuring that this equipment is not damaged and remains functional, the protection of the health and safety of the public is assured.
3.1 [B, Goals] Safe Shutdown Systems and Path Development This is generic guidance and information that applies to all existing safe shutdown analyses.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Plant USA-E-ELEC-0001 defines the safe shutdown goals and functions for Plant USA.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1 and B.2 Plant USA SER initial and Supplement 4,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref In addition to the above listed functions, Generic Letter 81-12 specifies consideration of associated circuits with the potential for spurious equipment operation and/or loss of power source, and the common enclosure failures. Spurious operations/actuations can affect the accomplishment of the post-fire safe shutdown functions listed above. Typical examples of the effects of the spurious operations of concern are the following:
- A loss of reactor pressure vessel/reactor coolant inventory in excess of the safe shutdown makeup capability
- A flow loss or blockage in the inventory makeup or decay heat removal systems being used for the required safe shutdown path.
Spurious operations are of concern because they have the potential to directly affect the ability to achieve and maintain hot shutdown, which could affect the fuel and cause damage to the reactor pressure vessel or the primary containment. Common power source and common enclosure concerns could also affect these and must be addressed.
3.1 [C, Spurious Operations]
Safe Shutdown Systems and Path Development Comments Applicable Applicability Page 2 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA Safe Shutdown Analysis has considered the three types of associated circuits discussed in NRC Generic Letter 81-12.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.7.1, B.7.2 NEI 00-01 Guidance NEI 00-01 Ref The following criteria and assumptions may be considered when identifying systems available and necessary to perform the required safe shutdown functions and combining these systems into safe shutdown paths.
3.1.1 Criteria / Assumptions Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This is generic introductory information and contains no specific guidance.
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref
[BWR] GE Report GE-NE-T43-00002-00-01-R01 entitled Original Safe Shutdown Paths For The BWR addresses the systems and equipment originally designed into the GE boiling water reactors (BWRs) in the 1960s and 1970s, that can be used to achieve and maintain safe shutdown per Section III.G.1 of 10CFR 50, Appendix R. Any of the shutdown paths (methods) described in this report are considered to be acceptable methods for achieving redundant safe shutdown.
3.1.1.1 [GE BWR Paths]
Comments Not Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement N/A Plant USA is a PWR, and this guidance is specific to BWRs.
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref
[BWR] GE Report GE-NE-T43-00002-00-03-R01 provides a discussion on the BWR Owners' Group (BWROG) position regarding the use of Safety Relief Valves (SRVs) and low pressure systems (LPCI/CS) for safe shutdown. The BWROG position is that the use of SRVs and low pressure systems is an acceptable methodology for achieving redundant safe shutdown in accordance with the requirements of 10CFR50 Appendix R Sections III.G.1 and III.G.2. The NRC has accepted the BWROG position and issued an SER dated Dec. 12, 2000.
3.1.1.2 [SRVs / LP Systems]
Comments Not Applicable Applicability Page 3 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement N/A Plant USA is a PWR, and this guidance is specific to BWRs.
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref
[PWR] Generic Letter 86-10, Enclosure 2, Section 5.3.5 specifies that hot shutdown can be maintained without the use of pressurizer heaters (i.e., pressure control is provided by controlling the makeup/charging pumps). Hot shutdown conditions can be maintained via natural circulation of the RCS through the steam generators. The cooldown rate must be controlled to prevent the formation of a bubble in the reactor head. Therefore, feedwater (either auxiliary or emergency) flow rates as well as steam release must be controlled.
3.1.1.3 [Pressurizer Heaters]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The plant's safe shutdown procedures (AOP-004 and AOP-036 (series) ensure that cooldown rate is controlled, and that the cooldown process adheres to the required pressure and temperature limits.
,, Rev.,
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref The classification of shutdown capability as alternative shutdown is made independent of the selection of systems used for shutdown. Alternative shutdown capability is determined based on an inability to assure the availability of a redundant safe shutdown path. Compliance to the separation requirements of Sections III.G.1 and III.G.2 may be supplemented by the use of manual actions to the extent allowed by the regulations and the licensing basis of the plant, repairs (cold shutdown only), exemptions, deviations, GL 86-10 fire hazards analyses or fire protection design change evaluations, as appropriate. These may also be used in conjunction with alternative shutdown capability.
3.1.1.4 [Alternative Shutdown Capability]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Guidelines for alternative shutdown as Plant USA are found in NUREG-0800, BTP CMEB Section 9.5-1, Sections C.5.b(3) and C.5.c.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Guidance NEI 00-01 Ref At the onset of the postulated fire, all safe shutdown systems (including applicable redundant trains) are assumed operable and available for post-fire safe 3.1.1.5 [Initial Conditions]
Page 4 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection shutdown. Systems are assumed to be operational with no repairs, maintenance, testing, Limiting Conditions for Operation, etc. in progress. The units are assumed to be operating at full power under normal conditions and normal lineups.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns These are basic assumptions for all safe shutdown analyses and also apply to the Plant USA SSA.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.3.2;A.3.5 NEI 00-01 Guidance NEI 00-01 Ref No Final Safety Analysis Report accidents or other design basis events (e.g. loss of coolant accident, earthquake), single failures or non-fire induced transients need be considered in conjunction with the fire.
3.1.1.6 [Other Events in Conjunction with Fire]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns NUREG 0800 Section C.1.b states that "Worst case" fires need not be postulated to be simultaneous with nonfire-related failures in safety systems, plant accidents, or the most severe natural phenomena.worst Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.3.6 NEI 00-01 Guidance NEI 00-01 Ref For the case of redundant shutdown, offsite power may be credited if demonstrated to be free of fire damage. Offsite power should be assumed to remain available for those cases where its availability may adversely impact safety (i.e., reliance cannot be placed on fire causing a loss of offsite power if the consequences of offsite power availability are more severe than its presumed loss). No credit should be taken for a fire causing a loss of offsite power. For areas where train separation cannot be achieved and alternative shutdown capability is necessary, shutdown must be demonstrated both where offsite power is available and where offsite power is not available for 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />.
3.1.1.7 [ Offsite Power]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The SSA credits offsite power where analysis has demonstrated that it will be available. A loss of offsite power was not assumed in areas where offsite power was not credited.
,, Rev.,
Sections 9.1.5, 9.1.4 Page 5 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Aligns The SSA credits offsite power where analysis has demonstrated that it will be available. A loss of offsite power was not assumed in areas where offsite power was not credited.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.3.4 NEI 00-01 Guidance NEI 00-01 Ref Post-fire safe shutdown systems and components are not required to be safety-related.
3.1.1.8 [Safety-Related Equipment]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns NUREG-0800, C.5.c(6). The referenced SSA section clearly states that post-fire safe shutdown trains may include non-safety related equipment.
,, Rev.,
Sections A.1.1 and B.3 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section 9.1.2 NEI 00-01 Guidance NEI 00-01 Ref The post-fire safe shutdown analysis assumes a 72-hour coping period starting with a reactor scram/trip. Fire-induced impacts that provide no adverse consequences to hot shutdown within this 72-hour period need not be included in the post-fire safe shutdown analysis. At least one train can be repaired or made operable within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br /> using onsite capability to achieve cold shutdown.
3.1.1.9 [72 Hour Coping]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This is a base safe shutdown analysis assumption.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.1.1 NEI 00-01 Guidance NEI 00-01 Ref Manual initiation from the main control room or emergency control stations of systems required to achieve and maintain safe shutdown is acceptable where permitted by current regulations or approved by NRC; automatic initiation of systems selected for safe shutdown is not required but may be included as an option.
3.1.1.10 [Manual / Automatic Initiation of Systems]
Comments Applicability Page 6 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Applicable Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does not currently credit the manual initiation of engineered safeguards (ESFAS) systems.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, NEI 00-01 Guidance NEI 00-01 Ref Where a single fire can impact more than one unit of a multi-unit plant, the ability to achieve and maintain safe shutdown for each affected unit must be demonstrated.
3.1.1.11 [Multiple Affected Units]
Comments Not Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement N/A Plant USA is a single unit site.
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref The following discussion on each of these shutdown functions provides guidance for selecting the systems and equipment required for safe shutdown. For additional information on BWR system selection, refer to GE Report GE-NE-T43-00002-00-01-R01 entitled Original Safe Shutdown Paths for the BWR.
3.1.2 Shutdown Functions Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This is an introductory section with no specific requirements. The GE information does not apply to Plant USA.
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref
[BWR] Control Rod Drive System The safe shutdown performance and design requirements for the reactivity control function can be met without automatic scram/trip capability. Manual scram/reactor trip is credited. The post-fire safe shutdown analysis must only provide the capability to manually scram/trip the reactor.
3.1.2.1 Reactivity Control Page 7 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection
[PWR] Makeup/Charging There must be a method for ensuring that adequate shutdown margin is maintained by ensuring borated water is utilized for RCS makeup/charging.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The two credited sources of makeup water for post-fire safe shutdown are the boric acid tank and the RWST. The boric acids concentrations in each tank ensure that adequate shutdown margin will be maintained throughout the cooldown process.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.1, B.4 NEI 00-01 Guidance NEI 00-01 Ref The systems discussed in this section are examples of systems that can be used for pressure control. This does not restrict the use of other systems for this purpose.
[BWR] Safety Relief Valves (SRVs)
The SRVs are opened to maintain hot shutdown conditions or to depressurize the vessel to allow injection using low pressure systems. These are operated manually. Automatic initiation of the Automatic Depressurization System is not a required function.
[PWR] Makeup/Charging RCS pressure is controlled by controlling the rate of charging/makeup to the RCS. Although utilization of the pressurizer heaters and/or auxiliary spray reduces operator burden, neither component is required to provide adequate pressure control. Pressure reductions are made by allowing the RCS to cool/shrink, thus reducing pressurizer level/pressure. Pressure increases are made by initiating charging/makeup to maintain pressurizer level/pressure. Manual control of the related pumps is acceptable.
3.1.2.2 Pressure Control Systems Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Plant USA does credit operation of the pressurizer heaters and pressurizer PORVs to maintain or reduce RCS pressure as necessary during the cooldown process.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.3, B.4 NEI 00-01 Guidance NEI 00-01 Ref
[BWR] Systems selected for the inventory control function should be capable of supplying sufficient reactor coolant to achieve and maintain hot shutdown. Manual initiation of these systems is acceptable. Automatic initiation functions are not required.
[PWR]: Systems selected for the inventory control function should be capable of maintaining level to achieve and maintain hot shutdown. Typically, the same components providing inventory control are capable of providing pressure control. Manual initiation of these systems is acceptable. Automatic initiation functions 3.1.2.3 Inventory Control Page 8 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection are not required.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The same systems used for post reactor trip inventory control will also be used for inventory control. Specifically, the CVCS system using the boric acid tank(s) and the RWST as sources of makeup water are used to maintain pressurizer level.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.2, B.4 NEI 00-01 Guidance NEI 00-01 Ref
[BWR] Systems selected for the decay heat removal function(s) should be capable of:
- Removing sufficient decay heat from primary containment, to prevent containment over-pressurization and failure.
- Satisfying the net positive suction head requirements of any safe shutdown systems taking suction from the containment (suppression pool).
- Removing sufficient decay heat from the reactor to achieve cold shutdown.
[PWR] Systems selected for the decay heat removal function(s) should be capable of:
- Removing sufficient decay heat from the reactor to reach hot shutdown conditions. Typically, this entails utilizing natural circulation in lieu of forced circulation via the reactor coolant pumps and controlling steam release via the Atmospheric Dump valves.
- Removing sufficient decay heat from the reactor to reach cold shutdown conditions.
This does not restrict the use of other systems.
3.1.2.4 Decay Heat Removal Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Plant USA uses the Auxiliary Feedwater System and Steam Generator PORVs to remove decay heat while in hot standby. Once temperature is reduced to about 350F, the RHR system is placed in service to complete the cooldown ot cold shutdown conditions.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.4, B.4 NEI 00-01 Guidance NEI 00-01 Ref The process monitoring function is provided for all safe shutdown paths. IN 84-09, Attachment 1,Section IX Lessons Learned from NRC Inspections of Fire Protection Safe Shutdown Systems (10CFR50 Appendix R) provides guidance on the instrumentation acceptable to and preferred by the NRC for meeting the process monitoring function. This instrumentation is that which monitors the process variables necessary to perform and control the functions specified in Appendix R Section III.L.1. Such instrumentation must be demonstrated to remain unaffected by the fire. The IN 84-09 list of process monitoring is applied to alternative 3.1.2.5 Process Monitoring Page 9 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection shutdown (III.G.3). IN 84-09 did not identify specific instruments for process monitoring to be applied to redundant shutdown (III.G.1 and III.G.2). In general, process monitoring instruments similar to those listed below are needed to successfully use existing operating procedures (including Abnormal Operating Procedures).
- Reactor coolant level and pressure
- Suppression pool level and temperature
- Emergency or isolation condenser level
- Diagnostic instrumentation for safe shutdown systems
- Level indication for tanks needed for safe shutdown PWR
- Reactor coolant temperature (hot leg / cold leg)
- Pressurizer pressure and level
- Neutron flux monitoring (source range)
- Level indication for tanks needed for safe shutdown
- Steam generator level and pressure
- Diagnostic instrumentation for safe shutdown systems The specific instruments required may be based on operator preference, safe shutdown procedural guidance strategy (symptomatic vs. prescriptive), and systems and paths selected for safe shutdown.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The process monitoring function is capable of providing direct readings of those plant process variables necessary for plant operators to perform and/or control the identified safe shutdown functions.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.5, B.5.1.2 NEI 00-01 Guidance NEI 00-01 Ref
[Blank Heading - No specific guidance]
3.1.2.6 Support Systems Comments Not Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement N/A Support system requirements will be addressed under the corresponding NEI 00-01 sub-section.
,, Rev.,
Page 10 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Guidance NEI 00-01 Ref AC Distribution System Power for the Appendix R safe shutdown equipment is typically provided by a medium voltage system such as 4.16 KV Class 1E busses either directly from the busses or through step down transformers/load centers/distribution panels for 600, 480 or 120 VAC loads. For redundant safe shutdown performed in accordance with the requirements of Appendix R Section III.G.1 and 2, power may be supplied from either offsite power sources or the emergency diesel generator depending on which has been demonstrated to be free of fire damage. No credit should be taken for a fire causing a loss of offsite power. Refer to Section 3.1.1.7.
DC Distribution System Typically, the 125VDC distribution system supplies DC control power to various 125VDC control panels including switchgear breaker controls. The 125VDC distribution panels may also supply power to the 120VAC distribution panels via static inverters. These distribution panels typically supply power for instrumentation necessary to complete the process monitoring functions.
For fire events that result in an interruption of power to the AC electrical bus, the station batteries are necessary to supply any required control power during the interim time period required for the diesel generators to become operational. Once the diesels are operational, the 125 VDC distribution system can be powered from the diesels through the battery chargers.
[BWR] Certain plants are also designed with a 250VDC Distribution System that supplies power to Reactor Core Isolation Cooling and/or High Pressure Coolant Injection equipment.
The DC control centers may also supply power to various small horsepower Appendix R safe shutdown system valves and pumps. If the DC system is relied upon to support safe shutdown without battery chargers being available, it must be verified that sufficient battery capacity exists to support the necessary loads for sufficient time (either until power is restored, or the loads are no longer required to operate).
3.1.2.6.1 Electrical Systems For the DC Buses, the batteries are shown in the fault tree going into an "OR" gate with the corresponding battery charger. Thus, if only the battery is free of fire damage, success will not be achieved.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The power supply for each powered component was idenitified and included in the SSEL. The limited capacity of the battery to supply loads for more than a few hours was considered in the analysis, and is discussed in the CAFTA text file.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.6, B.4, B.5.1.2 NEI 00-01 Guidance NEI 00-01 Ref HVAC Systems HVAC Systems may be required to assure that safe shutdown equipment remains within its operating temperature range, as specified in manufacturers literature or demonstrated by suitable test methods, and to assure protection for plant operations staff from the effects of fire (smoke, heat, toxic gases, and gaseous fire suppression agents).
HVAC systems may be required to support safe shutdown system operation, based on plant-specific configurations. Typical uses include:
- Main control room, cable spreading room, relay room
- ECCS pump compartments
- Diesel generator rooms
- Switchgear rooms 3.1.2.6.2 Cooling Systems
[HVAC]
Page 11 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Plant-specific evaluations are necessary to determine which HVAC systems are essential to safe shutdown equipment operation.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns HVAC systems required for post-fire safe shutdown are included in the analysis.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.6, B.4 NEI 00-01 Guidance NEI 00-01 Ref Various cooling water systems may be required to support safe shutdown system operation, based on plant-specific considerations. Typical uses include:
- RHR/SDC/DH Heat Exchanger cooling water
- Safe shutdown pump cooling (seal coolers, oil coolers)
- Diesel generator cooling
- HVAC system cooling water 3.1.2.6.2 Cooling Systems
[Main Section]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Cooling water systems required for post-fire safe shutdown are included in the analysis.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.2.6, B.4 NEI 00-01 Guidance NEI 00-01 Ref Refer to Figure 3-2 for a flowchart illustrating the various steps involved in selecting safe shutdown systems and developing the shutdown paths.
The following methodology may be used to define the safe shutdown systems and paths for an Appendix R analysis:
[Refer to hard copy of NEI 00-01 for Figure 3-2]
3.1.3 Methodology for Shutdown System Selection Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Sytems are assigned ot one of two (or both) safe shutdown divisions in lieu of paths.
Possible combinations of systems are modeled in the CAFTA fault tree.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.5.1, B.6.1 Page 12 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Aligns with intent Sytems are assigned ot one of two (or both) safe shutdown divisions in lieu of paths.
Possible combinations of systems are modeled in the CAFTA fault tree.
,, Rev.,
Section 9.2 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, N/A NEI 00-01 Guidance NEI 00-01 Ref Review available documentation to obtain an understanding of the available plant systems and the functions required to achieve and maintain safe shutdown.
Documents such as the following may be reviewed:
- Operating Procedures (Normal, Emergency, Abnormal)
- System descriptions
- Fire Hazard Analysis
- Single-line electrical diagrams
-Piping and Instrumentation Diagrams (P&IDs)
[BWR] GE Report GE-NE-T43-00002-00-01-R02 entitled Original Shutdown Paths for the BWR 3.1.3.1 Identify safe shutdown functions Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The general guidance provided in this section was followed in the development of the Plant USA SSA.
,, Rev.,
Sections 4.1 and 9.1 NEI 00-01 Guidance NEI 00-01 Ref Given the criteria/assumptions defined in Section 3.1.1, identify the available combinations of systems capable of achieving the safe shutdown functions of reactivity control, pressure control, inventory control, decay heat removal, process monitoring, and support systems such as electrical and cooling systems (refer to Section 3.1.2). This selection process does not restrict the use of other systems. In addition to achieving the required safe shutdown functions, consider spurious operations and power supply issues that could impact the required safe shutdown function.
3.1.3.2 Identify Combinations of Systems that Satisfy Each Safe Shutdown Function Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The available equipment combinations are depicted in the CAFTA fault tree, and are further explained in the associated text file and in the SSA.
,, Rev.,
Section 9.2 Page 13 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Aligns The available equipment combinations are depicted in the CAFTA fault tree, and are further explained in the associated text file and in the SSA.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.3 and B.5.1 40 How should we reference the CAFTA Fault Tree and the assoiciated text file as a basis document? It is this text file that contains the safe shutdown equipment descriptions related to the modeling of the fault tree (E-5525 also contains system descriptions).
The safe shutdown system descriptons are contained in the SSA (Plant USA-E/ELEC-0001, Safe Shutdown Analysis in Case of Fire and Fire Hazards Analysis), and there is no specific reason to reference the text file separately.
Closed Open Item ID Open Item Description Open/Closed Disposition Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref Select combinations of systems with the capability of performing all of the required safe shutdown functions and designate this set of systems as a safe shutdown path. In many cases, safe shutdown paths may be defined on a divisional basis since the availability of electrical power and other support systems must be demonstrated for each path.
3.1.3.3 Define Combinations of Systems for Each Safe Shutdown Path Specific safe shutdown paths need not be identified. This is an analytical tool that is more applicable to BWRs than to PWRs.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The selected systems are not grouped together in specific safe shutdown "paths," but are depicted in an integrated fashion in the CAFTA fault tree and accompanying text file.
,, Rev.,
Section 9.2 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.5.1 and B.6.1 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Page 14 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection NEI 00-01 Guidance NEI 00-01 Ref Assign a path designation to each combination of systems. The path will serve to document the combination of systems relied upon for safe shutdown in each fire area. Refer to Attachment 1 to this document (NEI 00-01) for an example of a table illustrating how to document the various combinations of systems for selected shutdown paths.
3.1.3.4 Assign Shutdown Paths to Each Combination of Systems Safe shutdown paths are not defined at Harris. Equipment is defined as being required for Division I or Division II, and some components are required for both divisions. The component and system inter-relationships are also defined in the CAFTA fault tree.
Comments Not Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The safe shutdown paths are not identified individuallly, but are shown in an integrated fashion in the CAFTA fault tree. The use of such fault trees is discussed in NFPA-805, Appendix B, Section B.2.2.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.3 and B.5.1 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016,
,, Rev.,
Section 9.1 NEI 00-01 Guidance NEI 00-01 Ref The previous section described the methodology for selecting the systems and paths necessary to achieve and maintain safe shutdown for an exposure fire event (see Section 5.0 DEFINITIONS for Exposure Fire). This section describes the criteria/assumptions and selection methodology for identifying the specific safe shutdown equipment necessary for the systems to perform their Appendix R function. The selected equipment should be related back to the safe shutdown systems that they support and be assigned to the same safe shutdown path as that system. The list of safe shutdown equipment will then form the basis for identifying the cables necessary for the operation or that can cause the maloperation of the safe shutdown systems.
3.2 Safe Shutdown Equipment Selection Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Components are assigned to one (or both) of two safe shutdown divisions rather than specific safe shutdown paths, which is more applicable to BWRs. The possible combinations of systems to meet the safe shutdown functions are shown in the fault tree.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.5.1.2
,, Rev.,
Section 9.1.2 NEI 00-01 Guidance NEI 00-01 Ref Consider the following criteria and assumptions when identifying equipment necessary to perform the required safe shutdown functions:
3.2.1 Criteria / Assumptions Page 15 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection This is introductory guidance information, and contains no specific requirements.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This section provides a genral overview of the safe shutdown methodology suggested in NEI 00-01 and followed by Plant USA. Specific requirements or guidance discussed in NEI 00-01 is discussed in the sub-sections below.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.5 NEI 00-01 Guidance NEI 00-01 Ref 3.2.1.1 Safe shutdown equipment can be divided into two categories. Equipment may be categorized as (1) primary components or (2) secondary components.
Typically, the following types of equipment are considered to be primary components:
- Pumps, motor operated valves, solenoid valves, fans, gas bottles, dampers, unit coolers, etc.
- All necessary process indicators and recorders (i.e., flow indicator, temperature indicator, turbine speed indicator, pressure indicator, level recorder)
- Power supplies or other electrical components that support operation of primary components (i.e., diesel generators, switchgear, motor control centers, load centers, power supplies, distribution panels, etc.).
Secondary components are typically items found within the circuitry for a primary component. These provide a supporting role to the overall circuit function. Some secondary components may provide an isolation function or a signal to a primary component via either an interlock or input signal processor. Examples of secondary components include flow switches, pressure switches, temperature switches, level switches, temperature elements, speed elements, transmitters, converters, controllers, transducers, signal conditioners, hand switches, relays, fuses and various instrumentation devices.
Determine which equipment should be included on the Safe Shutdown Equipment List (SSEL). As an option, include secondary components with a primary component(s) that would be affected by fire damage to the secondary component. By doing this, the SSEL can be kept to a manageable size and the equipment included on the SSEL can be readily related to required post-fire safe shutdown systems and functions.
3.2.1.1 [Primary Secondary Components]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This section provides a general overview of the safe shutdown methodology suggested in NEI 00-01 and followed by Plant USA. Specific requirements or guidance outlined in NEI 00-01 is discussed below.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.5 NEI 00-01 Guidance NEI 00-01 Ref 3.2.1.2 Assume that exposure fire damage to manual valves and piping does not adversely impact their ability to perform their pressure boundary or safe shutdown function (heat sensitive piping materials, including tubing with brazed or soldered joints, are not included in this assumption). Fire damage should be evaluated with respect to the ability to manually open or close the valve should this be necessary as a part of the post-fire safe shutdown scenario.
3.2.1.2 [Fire Damage to Mechanical Components (not electrically supervised)]
Comments Applicability Page 16 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Applicable Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Due to the substantial nature of equipment and nature and location of combustibles, fire will not impact the pressure boundary function. A fire does not cause a valve to change postion unless the fire also affects the electrical equipment or circuits capable of inducing spurious operation of the valve. Manual stroking of a valve once the fire is extinguished will be evaluated as part of the Manual Action Feasibility Evaluation.
,, Rev.,
Section 9.1.13 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.3.12 NEI 00-01 Guidance NEI 00-01 Ref Assume that manual valves are in their normal position as shown on P&IDs or in the plant operating procedures.
3.2.1.3 [Manual Valve Positions]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns A base assumption of the SSA is that the plant is in a "normal" operating lineup.
,, Rev.,
Section 9.1.2 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.5.1.2 and A.3.2 NEI 00-01 Guidance NEI 00-01 Ref Assume that a check valve closes in the direction of potential flow diversion and seats properly with sufficient leak tightness to prevent flow diversion. Therefore, check valves do not adversely affect the flow rate capability of the safe shutdown systems being used for inventory control, decay heat removal, equipment cooling or other related safe shutdown functions.
3.2.1.4 [Check Valves]
Comments Applicable Applicability Page 17 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent There is no clear statement concerning check valves, other than that properly oriented check valves credited as system boundaries shoulld be included in the SSEL, and that those in the flow path need not be included. Check valves credited as boundaries are included in the SSEL, but the assumption that they are leak tight is inherent in the analysis and not clearly stated.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.5.1.2, Item 9
,, Rev.,
Sections 9.1.2.5, 9.1.2.9 41 Section 3.2.1.4 of NEI 00-01 suggests an assumtion that check valves credited to prevent flow diversions will seat properly and are essentially leak tight. The SSEL includes check vavles that are credited as system boundaries, so the assmption that they are leak tight is inherent in the analysis but not clearly stated. Consider adding an assumption to revision 1 of Plant USA-E?ELEC-0001 that check vavles credited as system or flow diversion boundaries are assumed to be leak tight.
Open Open Item ID Open Item Description Open/Closed Disposition Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref Instruments (e.g., resistance temperature detectors, thermocouples, pressure transmitters, and flow transmitters) are assumed to fail upscale, midscale, or downscale as a result of fire damage, whichever is worse. An instrument performing a control function is assumed to provide an undesired signal to the control circuit.
3.2.1.5 [Instrument Failures]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Page 18 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Aligns with intent Per the basis document cited, instruments exposed to fire damage are assumed to fail.
The documentation reviewed does not go to the level of detail suggested by NEI 00-01. It is a generally accepted practice (that can be verified based on a review of the fire area by fire area analyses) that instruments are assumed to fail to their worst case position unless a specific postion to the contrary is taken.
,, Rev.,
Section 9.2.7 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.3.13 NEI 00-01 Guidance NEI 00-01 Ref Identify equipment that could spuriously operate or mal-operate and impact the performance of equipment on a required safe shutdown path during the equipment selection phase. Consider Bin 1 of RIS 2004-03 during the equipment identification process.
3.2.1.6 [Spurious Components]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Section 9.1.2.7 of FPIP-0104 directs that for boundaries formed by three normally closed vavles or dampers in series, all three should be included in the SSEL. RIS 2004-03 is not specifically identified as the basis for identifying three series boundary valves/dampers.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.5.1.2
,, Rev.,
Section 9.1.2 NEI 00-01 Guidance NEI 00-01 Ref Identify instrument tubing that may cause subsequent effects on instrument readings or signals as a result of fire. Determine and consider the fire area location of the instrument tubing when evaluating the effects of fire damage to circuits and equipment in the fire area.
3.2.1.7 [Instrument Tubing]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Page 19 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Aligns Instrument tubing and its fire area routing is included in the FSSPMD. Instrument sensing lines exposed to fire are assumed by the SSA to result in eratic indications.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.3.13 and B.7.1.2 Item 8
,, Rev.,
Section 9.1.14
,, Rev.,
Section 9.2.8 NEI 00-01 Guidance NEI 00-01 Ref Refer to Figure 3-3 for a flowchart illustrating the various steps involved in selecting safe shutdown equipment.
Use the following methodology to select the safe shutdown equipment for a post-fire safe shutdown analysis:
[Refer to hard copy of NEI 00-01 for Figure 3-3]
3.2.2 Methodology for Equipment Selection Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This introductory section contains no specific requirement, The sub-paragraphs with specific requirements are addressed separately as required.
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref Mark up and annotate a P&ID to highlight the specific flow paths for each system in support of each shutdown path. Refer to Attachment 2 for an example of an annotated P&ID illustrating this concept.
3.2.2.1 Identify the System Flow Path for Each Shutdown Path Harris maintains marked-up safe shutdown flow diagrams. Prior to the revalidation effort, these diagrams also served as the safe shutdown equipment list, as a SSEL was not specifically generated.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Individual safe shutdown paths are not identified, but the available paths are displayed in the CAFTA fault tree.
CPL-2165-1000S Series, Safe Shutdown Flow Diagrams, Rev. Latest, NEI 00-01 Guidance NEI 00-01 Ref Review the applicable documentation (e.g. P&IDs, electrical drawings, instrument loop diagrams) to assure that all equipment in each systems flow path has been identified. Assure that any equipment that could spuriously operate and adversely affect the desired system function(s) is also identified. If additional systems are identified which are necessary for the operation of the safe shutdown system under review, include these as systems required for safe shutdown. Designate these 3.2.2.2 Identify the Equipment in Each Safe Shutdown System Flow Path Including Page 20 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection new systems with the same safe shutdown path as the primary safe shutdown system under review (Refer to Figure 3-1).
Equipment That May Spuriously Operate and Affect System Operation It is not necessary that systems and components be assigned to a specific safe shutdown path.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The credited portions of the safe shutdown systems are shown on the SSD flow diagrams.
The component's safe shutdown division (1 or
- 2) is also shown on these diagrams. The safe shutdown divisions are defined in Seciton B.3 of the SSA.
,, Rev.,
Section 9.1.2 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.3 and B.5.1.2 CPL-2165-1000S Series, Safe Shutdown Flow Diagrams, Rev. Latest, 42 The marked up SSD flow diagrams are in the process of being updated to reflect the changes from the re-validation effort.
Open Open Item ID Open Item Description Open/Closed Disposition Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref Prepare a table listing the equipment identified for each system and the shutdown path that it supports. Identify any valves or other equipment that could spuriously operate and impact the operation of that safe shutdown system. Assign the safe shutdown path for the affected system to this equipment. During the cable selection phase, identify additional equipment required to support the safe shutdown function of the path (e.g., electrical distribution system equipment). Include this additional equipment in the safe shutdown equipment list. Attachment 3 to this document provides an example of a (SSEL). The SSEL identifies the list of equipment within the plant considered for safe shutdown and it documents various equipment-related attributes used in the analysis.
3.2.2.3 Develop a List of Safe Shutdown Equipment and Assign the Corresponding System and Safe Shutdown Path(s) Designation to Each.
The Harris SSEL does not assign equipment to a specific safe shutdown path. The equipment and system inter-relationships required to meet the safe shutdown functions and goals are depicted in the CAFTA fault tree.
Comments Applicable Applicability Page 21 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The SSEL does not assign each component to a safe shutdown path, but it does assign components to safe shutdown divisions (SSD-1 or SSD-2) as defined in Section B.3 of the SSA (Plant USA-E/ELEC-0001).
N/A, Progress Energy Fire Safe Shutdown Program Manager Database User's Manual, Rev. 001, Section 3.3.1 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.3 and B.5.1.2
,, Rev.,
Sectin 9.1.2 NEI 00-01 Guidance NEI 00-01 Ref Collect additional equipment-related information necessary for performing the post-fire safe shutdown analysis for the equipment. In order to facilitate the analysis, tabulate this data for each piece of equipment on the SSEL. Refer to Attachment 3 to this document for an example of a SSEL. Examples of related equipment data should include the equipment type, equipment description, safe shutdown system, safe shutdown path, drawing reference, fire area, fire zone, and room location of equipment. Other information such as the following may be useful in performing the safe shutdown analysis: normal position, hot shutdown position, cold shutdown position, failed air position, failed electrical position, high/low pressure interface concern, and spurious operation concern.
3.2.2.4 Identify Equipment Information Required for the Safe Shutdown Analysis The contents and specific fields of the SSEL table should me modified according to each plant's needs and existing data.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Required equipment is shown on the marked up SSD flow diagrams and in the SSEL report from FSSPMD. The SSEL is included as to Plant USA-E-ELEC-0001.
,, Rev.,
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, SSEL Report Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.5.1.3 and Appendix 2 NEI 00-01 Guidance NEI 00-01 Ref In the process of defining equipment and cables for safe shutdown, identify additional supporting equipment such as electrical power and interlocked equipment.
As an aid in assessing identified impacts to safe shutdown, consider modeling the dependency between equipment within each safe shutdown path either in a relational database or in the form of a Safe Shutdown Logic Diagram (SSLD). Attachment 4 provides an example of a SSLD that may be developed to document these relationships.
3.2.2.5 Identify Dependencies Between Equipment, Supporting Equipment, Safe Shutdown Systems and Safe Shutdown Paths.
The equipment and system dependencies are modeled in the CAFTA fault tree and FSSPMD.
Comments Applicable Applicability Page 22 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.1 Nuclear Safety Capability System and Equipment Selection Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The CAFTA fault tree captures the system and equipment inter-dependencies. Power supply and associated circuit dependincies are also captured in the FSSPMD. The text file that corresponds to the CAFTA fault tree is contained in Appendix 4 of Plant USA-E/ELEC-0001.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.6.1 and Appendix 4
,, Rev.,
Section 9.1.2 Page 23 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis 2.4.2.2.1 Circuits Required in Nuclear Safety Functions. Circuits required for the nuclear safety functions shall be identified. This includes circuits that are required for operation, that could prevent the operation, or that result in the maloperation of the equipment identified in 2.4.2.1. This evaluation shall consider fire-induced failure modes such as hot shorts (external and internal), open circuits, and shorts to ground, to identify circuits that are required to support the proper operation of components required to achieve the nuclear safety performance criteria, including spurious operation and signals. This will ensure that a comprehensive population of circuitry is evaluated.
2.4.2.2.2 Other Required Circuits. Other circuits that share common power supply and/or common enclosure with circuits required to achieve nuclear safety performance criteria shall be evaluated for their impact on the ability to achieve nuclear safety performance criteria.
(a) Common Power Supply Circuits. Those circuits whose fireinduced failure could cause the loss of a power supply required to achieve the nuclear safety performance criteria shall be identified. This situation could occur if the upstream protection device (i.e., breaker or fuse) is not properly coordinated with the downstream protection device.
(b) Common Enclosure Circuits. Those circuits that share enclosures with circuits required to achieve the nuclear safety performance criteria and whose fire-induced failure could cause the loss of the required components shall be identified. The concern is that the effects of a fire can extend outside of the immediate fire area due to fire-induced electrical faults on inadequately protected cables or via inadequately sealed fire area boundaries.
NEI 00-01 Guidance NEI 00-01 Ref This section provides industry guidance on the recommended methodology and criteria for selecting safe shutdown cables and determining their potential impact on equipment required for achieving and maintaining safe shutdown of an operating nuclear power plant for the condition of an exposure fire. The Appendix R safe shutdown cable selection criteria are developed to ensure that all cables that could affect the proper operation or that could cause the maloperation of safe shutdown equipment are identified and that these cables are properly related to the safe shutdown equipment whose functionality they could affect. Through this cable-to-equipment relationship, cables become part of the safe shutdown path assigned to the equipment affected by the cable.
3.3 Safe Shutdown Cable Selection and Location Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This section provides a general overview of the safe shutdown methodology suggested in NEI 00-01 and followed by Plant USA. Specific requirements or guidance outlined in NEI 00-01 is discussed below.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1 NEI 00-01 Guidance NEI 00-01 Ref To identify an impact to safe shutdown equipment based on cable routing, the equipment must have cables that affect it identified. Carefully consider how cables are related to safe shutdown equipment so that impacts from these cables can be properly assessed in terms of their ultimate impact on safe shutdown system equipment.
Consider the following criteria when selecting cables that impact safe shutdown equipment:
3.3.1 Criteria / Assumptions The functional requirements of the component should be considered during the cable selection process.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Generic information in this introductory section. Specific guidance is in the subsections below.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1.1.2
,, Rev.,
Section 9.2 Page 24 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Guidance NEI 00-01 Ref The list of cables whose failure could impact the operation of a piece of safe shutdown equipment includes more than those cables connected to the equipment.
The relationship between cable and affected equipment is based on a review of the electrical or elementary wiring diagrams. To assure that all cables that could affect the operation of the safe shutdown equipment are identified, investigate the power, control, instrumentation, interlock, and equipment status indication cables related to the equipment. Consider reviewing additional schematic diagrams to identify additional cables for interlocked circuits that also need to be considered for their impact on the ability of the equipment to operate as required in support of post-fire safe shutdown. As an option, consider applying the screening criteria from Section 3.5 as a part of this section. For an example of this see Section 3.3.1.4.
3.3.1.1 [Cable Selection]
At Harris, the FSSPMD is also used to "link" associated cables to the safe shutdown equipment they could adversely affect.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns FPIP-0105 discussed the cable selection process in significant detail.
,, Rev.,
Section 9.2 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1.1.2 NEI 00-01 Guidance NEI 00-01 Ref In cases where the failure (including spurious actuations) of a single cable could impact more than one piece of safe shutdown equipment, include the cable with each piece of safe shutdown equipment.
3.3.1.2 [Cables Affecting Multiple Components]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Although the specific guidance contained in this section of NEI 00-01 is not repeated in any Plant USA document, the procedures do not preclude listing a given cable against more than one component. The FSSPMD links all cables that could affect the operation of a given component to that component when augmenting the CAFTA Fault Tree.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1.1.2 and Appendix 6
,, Rev.,
Section 9.2 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Equipmetn and Cable Infomation Details Open Item ID Open Item Description Open/Closed Disposition Page 25 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis 43 Section 9.3.3 of FPIP-0105 discusses when it is approppriate to code associated circuits as "B" cables and thus not required for the component being analyzed. It provides four examples of when "B" is appropriate, the third of which states "If the SSAC and other contacts in the circuit misoperate, the result can be mitigated by a control switch in the Main Control Room."
This would appear to be a non-conservative approach, since the required control room actions would not be identified by the SSA. In section 9.2, it is pretty clear that all cables that could affect the ability of a component to perform its safe shutdown function should be identified as required cables, so this may be a case where the FPIP contradicts itself.
Open Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref Electrical devices such as relays, switches and signal resistor units are considered to be acceptable isolation devices. In the case of instrument loops, review the isolation capabilities of the devices in the loop to determine that an acceptable isolation device has been installed at each point where the loop must be isolated so that a fault would not impact the performance of the safe shutdown instrument function.
3.3.1.3 [Isolation Devices]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Isolaton devices are defined in the SSA, Plant USA-E/ELEC-0001, Appendix 6, Section 2.1.
,, Rev.,
Section 9.2 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Appendix 6, Section 2.1 NEI 00-01 Guidance NEI 00-01 Ref Screen out cables for circuits that do not impact the safe shutdown function of a component (i.e., annunciator circuits, space heater circuits and computer input 3.3.1.4 [Identify "Not Page 26 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis circuits) unless some reliance on these circuits is necessary. However, they must be isolated from the components control scheme in such a way that a cable fault would not impact the performance of the circuit.
Required" Cables]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Cables that are not required for safe shutdown have an "A" entered in the FMEA section of the circuit infromation form in FSSPMD. The "A" indicates that the component "achieves" its safe shutdown function even if that cable is damaged by fire. Cables that were anlalyzed as part the circuit analysis but are not electircally connected to the component being analyzed had an "N/A" entered in the FMEA columns.
,, Rev.,
Appendix 6 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Circuit Information Form NEI 00-01 Guidance NEI 00-01 Ref For each circuit requiring power to perform its safe shutdown function, identify the cable supplying power to each safe shutdown and/or required interlock component. Initially, identify only the power cables from the immediate upstream power source for these interlocked circuits and components (i.e., the closest power supply, load center or motor control center). Review further the electrical distribution system to capture the remaining equipment from the electrical power distribution system necessary to support delivery of power from either the offsite power source or the emergency diesel generators (i.e., onsite power source) to the safe shutdown equipment. Add this equipment to the safe shutdown equipment list. Evaluate the power cables for this additional equipment for associated circuits concerns.
3.3.1.5 [Identification of Power Supplies]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Power supplies are linked to their components in FSSPMD in the "Power Supplies, Related, Auxiliary, and Other Important Circuits" portion of the Circuit Information Form. A standard note "A" entered for a power supply in this section indicates that the power supply is required for the component to perform its safe shutdown function. Any cable damage that results in the failure of the power supply will also fail the component being analyzed in the augmented fault tree.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.7.1.1.2 and B.7.2
,, Rev.,
Section 9.2 and Appendix 6 Page 27 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Aligns Power supplies are linked to their components in FSSPMD in the "Power Supplies, Related, Auxiliary, and Other Important Circuits" portion of the Circuit Information Form. A standard note "A" entered for a power supply in this section indicates that the power supply is required for the component to perform its safe shutdown function. Any cable damage that results in the failure of the power supply will also fail the component being analyzed in the augmented fault tree.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Circuit Information Form N/A, Progress Energy Fire Safe Shutdown Program Manager Database User's Manual, Rev. 001, Section 3.5.3.2 and Attachment A
NEI 00-01 Guidance NEI 00-01 Ref The automatic initiation logics for the credited post-fire safe shutdown systems are not required to support safe shutdown. Each system can be controlled manually by operator actuation in the main control room or emergency control station. If operator actions outside the MCR are necessary, those actions must conform to the regulatory requirements on manual actions. However, if not protected from the effects of fire, the fire-induced failure of automatic initiation logic circuits must not adversely affect any post-fire safe shutdown system function.
3.3.1.6 [ESFAS Initiation]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The actions required to mitigate spurious ESFAS signal have been identified and will be included in revison 1 of Plant USA-E/ELEC-0001 per EC 54865. Sections B.4, B.7.1.1.2, and Appendix 6 will all be revised to reflect the revised consideration of spurious ESFAS signals into the safe shutdown anlysis.
EC 54865, SSD Validation -
Issue Revised SSD Analysis Calculation(s), Rev. 0, 9/18/2006
,, Rev.,
Section 9.2.13 NEI 00-01 Guidance NEI 00-01 Ref Cabling for the electrical distribution system is a concern for those breakers that feed associated circuits and are not fully coordinated with upstream breakers. With respect to electrical distribution cabling, two types of cable associations exist. For safe shutdown considerations, the direct power feed to a primary safe shutdown component is associated with the primary component. For example, the power feed to a pump is necessary to support the pump. Similarly, the power feed from the load center to an MCC supports the MCC. However, for cases where sufficient branch-circuit coordination is not provided, the same cables discussed above would also support the power supply. For example, the power feed to the pump discussed above would support the bus from which it is fed because, for the case of a common power source analysis, the concern is the loss of the upstream power source and not the connected load. Similarly, the cable feeding the MCC from the load center would also be necessary to support the load center.
3.3.1.7 [Circuit Coordination]
Comments Applicability Page 28 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Applicable Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This is a discussion of hte common power supply concern, which is taken into consideration in the safe shutdown analysis.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.2 NEI 00-01 Guidance NEI 00-01 Ref Appendix R,Section III.G.2, requires that separation features be provided for equipment and cables, including associated nonsafety circuits that could prevent operation or cause maloperation due to hot shorts, open circuits, or shorts to ground, of redundant trains of systems necessary to achieve hot shutdown. The three types of associated circuits were identified in Reference 6.1.5 and further clarified in a NRC memorandum dated March 22, 1982 from R. Mattson to D. Eisenhut, Reference 6.1.6. They are as follows:
- Spurious actuations
- Common power source
- Common enclosure.
3.3.2 Associated Circuit Cables Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This section provides an introductioin to the requirements to analyze associated circuits.
Specific requirements of NEI 00-01 are discussed below.
E-5505, Worst Case 120VAC/125VDC Panel Appendix 'R'/Non Appendix
'R' Circuits Short Circtuit Levels, Rev. 004,
,, Rev.,
Section 3.3, 9.5.3 EC 54865, SSD Validation -
Issue Revised SSD Analysis Calculation(s), Rev. 0, 9/18/2006 Section C02 NUREG-1038, Safety Evaluation Report Related to the Operation of the Plant USA Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 SSER 3, page 9-15 E-5506, Appendix 'R' Coordination Study, Rev.
- 007, Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.7.1, B.7.2 Page 29 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Guidance NEI 00-01 Ref Safe shutdown system spurious actuation concerns can result from fire damage to a cable whose failure could cause the spurious actuation/mal-operation of equipment whose operation could affect safe shutdown. These cables are identified in Section 3.3.3 together with the remaining safe shutdown cables required to support control and operation of the equipment.
3.3.2 [A] Associated Circuit Cables - Cables Whose Failure May Cause Spurious Actuations Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Cables that can cause an undesired spurious actuation are identified by an "S" in the FMEA code of the circuit information form in FSSPMD. They are evaluated in the SSA in the same manner as "required" cables.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016,
,, Rev.,
Section 9.1.2 NEI 00-01 Guidance NEI 00-01 Ref The concern for the common power source associated circuits is the loss of a safe shutdown power source due to inadequate breaker/fuse coordination. In the case of a fire-induced cable failure on a non-safe shutdown load circuit supplied from the safe shutdown power source, a lack of coordination between the upstream supply breaker/fuse feeding the safe shutdown power source and the load breaker/fuse supplying the non-safe shutdown faulted circuit can result in loss of the safe shutdown bus. This would result in the loss of power to the safe shutdown equipment supplied from that power source preventing the safe shutdown equipment from performing its required safe shutdown function. Identify these cables together with the remaining safe shutdown cables required to support control and operation of the equipment. Refer to Section 3.5.2.4 for an acceptable methodology for analyzing the impact of these cables on post-fire safe shutdown.
3.3.2 [B] Associated Circuit Cables - Common Power Source Cables Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The analysis has taken into account associated circuits by common power supply as defined by NRC Generic Letter 81-12 and its supplement.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.2 E-5506, Appendix 'R' Coordination Study, Rev.
- 007, Page 30 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Aligns The analysis has taken into account associated circuits by common power supply as defined by NRC Generic Letter 81-12 and its supplement.
NUREG-1038, Safety Evaluation Report Related to the Operation of the Plant USA Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 SSER 3, page 9-15 EC 54865, SSD Validation -
Issue Revised SSD Analysis Calculation(s), Rev. 0, 9/18/2006 Section C02
,, Rev.,
Section 9.5.2 E-5505, Worst Case 120VAC/125VDC Panel Appendix 'R'/Non Appendix
'R' Circuits Short Circtuit Levels, Rev. 004, NEI 00-01 Guidance NEI 00-01 Ref The concern with common enclosure associated circuits is fire damage to a cable whose failure could propagate to other safe shutdown cables in the same enclosure either because the circuit is not properly protected by an isolation device (breaker/fuse) such that a fire-induced fault could result in ignition along its length, or by the fire propagating along the cable and into an adjacent fire area. This fire spread to an adjacent fire area could impact safe shutdown equipment in that fire area, thereby resulting in a condition that exceeds the criteria and assumptions of this methodology (i.e., multiple fires). Refer to Section 3.5.2.5 for an acceptable methodology for analyzing the impact of these cables on post-fire safe shutdown.
3.3.2 [C] Associated Circuit Cables - Common Enclosure Cables Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Analysis aligns based on a combination of design considerations and circuit coordination studies.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.2 E-5506, Appendix 'R' Coordination Study, Rev.
- 007, E-5505, Worst Case 120VAC/125VDC Panel Appendix 'R'/Non Appendix
'R' Circuits Short Circtuit Levels, Rev. 004, NEI 00-01 Guidance NEI 00-01 Ref Refer to Figure 3-4 for a flowchart illustrating the various steps involved in selecting the cables necessary for performing a post-fire safe shutdown analysis.
3.3.3 Methodology for Cable Page 31 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Use the following methodology to define the cables required for safe shutdown including cables that may cause associated circuits concerns for a post-fire safe shutdown analysis:
[Refer to hard copy of NEI 00-01 for Figure 3-4]
Selection and Location Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This is an istroductory paragraph with no specific criteria. Requirements are in the subsequent subsections.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1
,, Rev.,
Section 9.2 NEI 00-01 Guidance NEI 00-01 Ref For each piece of safe shutdown equipment defined in section 3.2, review the appropriate electrical diagrams including the following documentation to identify the circuits (power, control, instrumentation) required for operation or whose failure may impact the operation of each piece of equipment:
- Single-line electrical diagrams
- Elementary wiring diagrams
- Electrical connection diagrams
- Instrument loop diagrams.
For electrical power distribution equipment such as power supplies, identify any circuits whose failure may cause a coordination concern for the bus under evaluation.
If power is required for the equipment, include the closest upstream power distribution source on the safe shutdown equipment list. Through the iterative process described in Figures 3-2 and 3-3, include the additional upstream power sources up to either the offsite or the emergency power source.
3.3.3.1 Identify Circuits Required for the Operation of the Safe Shutdown Equipment Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The circuit analysis procedure (FPIP-0105) directs that all cables that could adversely affect the component's ability to perform its safe shutdown function be identified. It also includes the identificaton of all required power supplies.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1
,, Rev.,
Section 9.2 NEI 00-01 Guidance NEI 00-01 Ref In reviewing each control circuit, investigate interlocks that may lead to additional circuit schemes, cables and equipment. Assign to the equipment any cables for interlocked circuits that can affect the equipment.
While investigating the interlocked circuits, additional equipment or power sources may be discovered. Include these interlocked equipment or power sources in 3.3.3.2 Identify Interlocked Circuits and Cables Whose Spurious Operation or Page 32 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis the safe shutdown equipment list (refer to Figure 3-3) if they can impact the operation of the equipment under consideration.
Mal-operation Could Affect Shutdown As an alternative to adding the interlocked equipment to the SSEL, it is acceptable to include the cables that are required for the interlocking function (or that could cause the spurious actuation) with the main component that was originally under consideration. Adding the components may ease the development of a suitable mitigating strategy in areas where the interlocked cables may be damaged by the fire.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Interlocked circuits were either included in the analysis, or the interlocked contact or relay was assumed to be in its worst-case position.
Associated circuits identified for each component are either included in the main circuit anlaysis with a code of "A" in the existing basis column, or are included by listing the applicable circuit in the "Power Supplies, Related, Auxiliary, and Other Important Circuits" on the Circuit Information Form.
,, Rev.,
Section 9.2.4 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1.1.2 NEI 00-01 Guidance NEI 00-01 Ref Given the criteria/assumptions defined in Section 3.3.1, identify the cables required to operate or that may result in maloperation of each piece of safe shutdown equipment.
Tabulate the list of cables potentially affecting each piece of equipment in a relational database including the respective drawing numbers, their revision and any interlocks that are investigated to determine their impact on the operation of the equipment. In certain cases, the same cable may support multiple pieces of equipment. Relate the cables to each piece of equipment, but not necessarily to each supporting secondary component.
If adequate coordination does not exist for a particular circuit, relate the power cable to the power source. This will ensure that the power source is identified as affected equipment in the fire areas where the cable may be damaged.
3.3.3.3 Assign Cables to the Safe Shutdown Equipment Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Information is maintained in the FSSPMD.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections B.7.1.1.2 and B.7.2
,, Rev.,
Sections 9.2 through 9.5 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Circuit Information Form Page 33 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Guidance NEI 00-01 Ref This section on circuit analysis provides information on the potential impact of fire on circuits used to monitor, control and power safe shutdown equipment.
Applying the circuit analysis criteria will lead to an understanding of how fire damage to the cables may affect the ability to achieve and maintain post-fire safe shutdown in a particular fire area. This section should be used in conjunction with Section 3.4, to evaluate the potential fire-induced impacts that require mitigation.
Appendix R Section III.G.2 identifies the fire-induced circuit failure types that are to be evaluated for impact from exposure fires on safe shutdown equipment.
Section III.G.2 of Appendix R requires consideration of hot shorts, shorts-to-ground and open circuits.
3.5 Circuit Analysis and Evaluation Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns BTP CMEB 9.5-1 Section C.5.c.(7) requires consideration of hot shorts, shorts-to-ground and open circuits for NUREG-0800 plants.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1.1, A.2.5
,, Rev.,
Section 3.6 NEI 00-01 Guidance NEI 00-01 Ref Apply the following criteria/assumptions when performing fire-induced circuit failure evaluations.
3.5.1 Criteria / Assumptions Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Plant USA followed the general criteria that follows this introductory section, which contains no specific requirements.
,, Rev.,
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 NEI 00-01 Guidance NEI 00-01 Ref Consider the following circuit failure types on each conductor of each unprotected safe shutdown cable to determine the potential impact of a fire on the safe shutdown equipment associated with that conductor.
- A hot short may result from a fire-induced insulation breakdown between conductors of the same cable, a different cable or from some other external source resulting in a compatible but undesired impressed voltage or signal on a specific conductor. A hot short may cause a spurious operation of safe shutdown equipment.
- An open circuit may result from a fire-induced break in a conductor resulting in the loss of circuit continuity. An open circuit may prevent the ability to control or power the affected equipment. An open circuit may also result in a change of state for normally energized equipment. (e.g. [for BWRs] loss of power to the Main Steam Isolation Valve (MSIV) solenoid valves due to an open circuit will result in the closure of the MSIVs). Note that RIS 2004-03 indicates that open circuits, as 3.5.1.1 [Circuit Failure Types and Impact]
Page 34 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis an initial mode of cable failures, are considered to be of very low likelihood. The risk-informed inspection process will focus on failures with relatively high probabilities.
- A short-to-ground may result from a fire-induced breakdown of a cable insulation system, resulting in the potential on the conductor being applied to ground potential. A short-to-ground may have all of the same effects as an open circuit and, in addition, a short-to-ground may also cause an impact to the control circuit or power train of which it is a part.
Consider the three types of circuit failures identified above to occur individually on each conductor of each safe shutdown cable on the required safe shutdown path in the fire area.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent Circuit analysis was performed and documented in the FSSPMD prior to performing the fire area assessments. Thus, only those cables that have been previously determined to adversely affect the ability of the component to perform its safe shutdown function have been identified as required cables. The augmented CAFTA fault tree is used to identify a success "path" using the minimum set of equipment that may actually be damaged by the fire.
,, Rev.,
Section 9.0.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Fault Tree Logic
,, Rev.,
Section 9.0.
Page 35 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Not in Alignment, but Prior NRC Approval The referenced section of Supplement 3 to the SER states in part:
"Spurious operations due to stray voltages between cables within a common raceway (cable-to-cable faults) resulting from fire damage have been considered a noncredible event by the applicants. One reason for this is that conductor-to-conductor faults are much more likely to occur before cable-to-cable faults, and conductor-to-conductor faults would preclude cable-to-cable faults. To cause spurious operations by two-wire 125-V ac or dc control or power cable, the applicants indicated that two circuits in contiguous cables (one energized, one deenergized) would need to be damaged by the fire and reconnected in proper sequence. This could occur if, for example, the positive energized wiire in the one cable were to be exposed (thorugh cable and wire insulation) to the positive unenergized wire in the adjacent cable and were to make contact with each other. This could only occur in the unlikely event that that insulation for both cables and both wires was to be removed in the same genreal area to permit this contact.
Much more likely is the possibility for contact between the positive and negative energized wires in one cable or for the energized positive wire to contact the metallic raceway where either contact would cause the circuit breaker to open, thus removing the possibility for spurious operation. On the basis of the above, the staff finds the applicants' response relating to spurious operation of associated circuits as a result of wire-to-wire or cable-to-cable faults acceptable."
In perfoming the FMEA for the identified safe shutdown circuits, this positon is taken into account in the RDM "Revised Design Methodology" column of the Circuti Information Form.
NUREG-1038, Safety Evaluation Report Related to the Operation of the Plant USA Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 Supplement 3, page 9-15 Open Item ID Open Item Description Open/Closed Disposition Page 36 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis 44 The section in Supplement 3 to the SSER that contains the discussion of cable-to-cable faults is techncally within a section titled "Alternate of Dedicated Shutdown Capability," which starts on page 9-6. The section on associated circuits which contains the cable-to-cable fault discussion begins on page 9-15 and is within sub-section (s). It seems clear from the discussion that it applies to all plant fire areas. For example, the preceeding sub-section (i) "Procedures" (page 9-10) states that "the applicants have committed to provide plans for fires in all plant areas." Sub-section (o) on page 9-12 contains the discussion of high/low pressure interfaces which clearly applies to all plant areas. Thus, it is reasonable to conclude that sub-section (s)
"Associated Circuits" whcih contains the applicable discussion of cable-to-cable faults also applies plant wide.
Open Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref Assume that circuit contacts are positioned (i.e., open or closed) consistent with the normal mode/position of the safe shutdown equipment as shown on the schematic drawings. The analyst must consider the position of the safe shutdown equipment for each specific shutdown scenario when determining the impact that fire damage to a particular circuit may have on the operation of the safe shutdown equipment.
3.5.1.2 [Circuit Contacts and Operational Modes]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Per the analysis, components are assumed to be in their normal operating position.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.1.1.2
,, Rev.,
Section 9.2.3 NEI 00-01 Guidance NEI 00-01 Ref Assume that circuit failure types resulting in spurious operations exist until action has been taken to isolate the given circuit from the fire area, or other actions have been taken to negate the effects of circuit failure that is causing the spurious actuation. The fire is not assumed to eventually clear the circuit fault. Note that RIS 3.5.1.3 [Duration of Circuit Failures]
Page 37 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis 2004-03 indicates that fire-induced hot shorts typically self-mitigate after a limited period of time.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The analysis takes no credit for "self-mitigating" circuit failures.
EGR-NGGC-0102, Attachment 4, Section 3.4, under the heading "Issues Requiring Further Research" states in part "Duration of hot shorts...Cable test data indicates that the duration of a hot short is limited; PE general methodology is to conservatively assume the hot short is maintained until action is taken to mitigate its affects."
,, Rev.,
Section 9.2.5
,, Rev.,
Section 9.1.12 EGR-NGGC-0102, Safe Shutdown/Fire Protection Review, Rev. 006, Section 3.4 NEI 00-01 Guidance NEI 00-01 Ref When both trains are in the same fire area outside of primary containment, all cables that do not meet the separation requirements of Section III.G.2 are assumed to fail in their worst case configuration.
3.5.1.4 [Cable Failure Configurations]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns All cables in the area under consideration are assumed to fail in their worst case configuration.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.3.10 and A.3.11
,, Rev.,
Sections 9.1.11, 9.1.12.
NEI 00-01 Guidance NEI 00-01 Ref The following guidance provides the NRC inspection focus from Bin 1 of RIS 2004-03 in order to identify any potential combinations of spurious operations with higher risk significance. Bin 1 failures should also be the focus of the analysis; however, NRC has indicated that other types of failures required by the regulations for analysis should not be disregarded even if in Bin 2 or 3. If Bin 1 changes in subsequent revisions of RIS 2004-03, the guidelines in the revised RIS should be followed.
3.5.1.5 [A, Circuit Failure Risk Assessment Guidance]
Comments Applicability Page 38 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Provides guidance on assessing the risk-significance of circuit failures based on RIS 2004-03, Rev. 1. Note that SSER 3 approved Harris' original methodology which did not postulate inter-cable hot shorts (SSER 3, pages 9-15, 9-16).
Not Applicable Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Plant USA performed a multiple spurious operations review in accordance with the guidelines of NRC RIS 2004-03. The results of the review are contained in Appendix 14 of the safe shutdown analysis.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Appendix 14 NEI 00-01 Guidance NEI 00-01 Ref For multiconductor cables testing has demonstrated that conductor-to-conductor shorting within the same cable is the most common mode of failure. This is often referred to as intra-cable shorting. It is reasonable to assume that given damage, more than one conductor-to-conductor short will occur in a given cable. A second primary mode of cable failure is conductor-to-conductor shorting between separate cables, commonly referred to as inter-cable shorting. Inter-cable shorting is less likely than intra-cable shorting. Consistent with the current knowledge of fire-induced cable failures, the following configurations should be considered:
A. For any individual multiconductor cable (thermoset or thermoplastic), any and all potential spurious actuations that may result from intra-cable shorting, including any possible combination of conductors within the cable, may be postulated to occur concurrently regardless of number. However, as a practical matter, the number of combinations of potential hot shorts increases rapidly with the number of conductors within a given cable. For example, a multiconductor cable with three conductors (3C) has 3 possible combinations of two (including desired combinations), while a five conductor cable (5C) has 10 possible combinations of two (including desired combinations), and a seven conductor cable (7C) has 21 possible combinations of two (including desired combinations). To facilitate an inspection that considers most of the risk presented by postulated hot shorts within a multiconductor cable, inspectors should consider only a few (three or four) of the most critical postulated combinations.
B. For any thermoplastic cable, any and all potential spurious actuations that may result from intra-cable and inter-cable shorting with other thermoplastic cables, including any possible combination of conductors within or between the cables, may be postulated to occur concurrently regardless of number. (The consideration of thermoset cable inter-cable shorts is deferred pending additional research.)
C. For cases involving the potential damage of more than one multiconductor cable, a maximum of two cables should be assumed to be damaged concurrently.
The spurious actuations should be evaluated as previously described. The consideration of more than two cables being damaged (and subsequent spurious actuations) is deferred pending additional research.
D. For cases involving direct current (DC) circuits, the potential spurious operation due to failures of the associated control cables (even if the spurious operation requires two concurrent hot shorts of the proper polarity, e.g., plus-to-plus and minus-to-minus) should be considered when the required source and target conductors are each located within the same multiconductor cable.
E. Instrumentation Circuits. Required instrumentation circuits are beyond the scope of this associated circuit approach and must meet the same requirements as required power and control circuits. There is one case where an instrument circuit could potentially be considered an associated circuit. If fire-induced damage of an instrument circuit could prevent operation (e.g., lockout permissive signal) or cause maloperation (e.g., unwanted start/stop/reposition signal) of systems necessary to achieve and maintain hot shutdown, then the instrument circuit may be considered an associated circuit and handled accordingly.
3.5.1.5 [B, Cable Failure Modes]
Provides guidance on assessing the risk-significance of circuit failures based on RIS 2004-03, Rev. 1.
Comments Not Applicable Applicability NEI 00-01 Guidance NEI 00-01 Ref Appendix R requires that nuclear power plants must be designed to prevent exposure fires from defeating the ability to achieve and maintain post-fire safe shutdown. Fire damage to circuits that provide control and power to equipment on the required safe shutdown path and any other equipment whose spurious 3.5.2 Types of Circuit Failures Page 39 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis operation/mal-operation could affect shutdown in each fire area must be evaluated for the effects of a fire in that fire area. Only one fire at a time is assumed to occur. The extent of fire damage is assumed to be limited by the boundaries of the fire area. Given this set of conditions, it must be assured that one redundant train of equipment capable of achieving hot shutdown is free of fire damage for fires in every plant location. To provide this assurance, Appendix R requires that equipment and circuits required for safe shutdown be free of fire damage and that these circuits be designed for the fire-induced effects of a hot short, short-to-ground, and open circuit. With respect to the electrical distribution system, the issue of breaker coordination must also be addressed.
This section will discuss specific examples of each of the following types of circuit failures:
- Open circuit
- Short-to-ground
- Hot short.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns NUREG-0800 contains similar guidelines. This section provides a brief synopsis of safe shutdown requirements as an introduction to a detailed discussion of three specific types of circuit failures that are required to be postulated.
,, Rev.,
,, Rev.,
,, Rev.,
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.1.1 NEI 00-01 Guidance NEI 00-01 Ref This section provides guidance for addressing the effects of an open circuit for safe shutdown equipment. An open circuit is a fire-induced break in a conductor resulting in the loss of circuit continuity. An open circuit will typically prevent the ability to control or power the affected equipment. An open circuit can also result in a change of state for normally energized equipment. For example, a loss of power to the main steam isolation valve (MSIV) solenoid valves [for BWRs] due to an open circuit will result in the closure of the MSIV.
NOTE: The EPRI circuit failure testing indicated that open circuits are not likely to be the initial fire-induced circuit failure mode. Consideration of this may be helpful within the safe shutdown analysis. Consider the following consequences in the safe shutdown circuit analysis when determining the effects of open circuits:
Loss of electrical continuity may occur within a conductor resulting in de-energizing the circuit and causing a loss of power to, or control of, the required safe shutdown equipment.
In selected cases, a loss of electrical continuity may result in loss of power to an interlocked relay or other device. This loss of power may change the state of the equipment. Evaluate this to determine if equipment fails safe.
Open circuit on a high voltage (e.g., 4.16 kV) ammeter current transformer (CT) circuit may result in secondary damage.
Figure 3.5.2-1 shows an open circuit on a grounded control circuit.
[Refer to hard copy of NEI 00-01 for Figure 3.5.2-1]
3.5.2.1 Circuit Failures Due to an Open Circuit Page 40 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Open circuit No. 1:
An open circuit at location No. 1 will prevent operation of the subject equipment.
Open circuit No. 2:
An open circuit at location No. 2 will prevent opening/starting of the subject equipment, but will not impact the ability to close/stop the equipment.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider open circuits. This section provides information related to the effects of an open circuit on diferent types of typical circuits.
,, Rev.,
Section 3.23 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1.1, B.7.1 NEI 00-01 Guidance NEI 00-01 Ref This section provides guidance for addressing the effects of a short-to-ground on circuits for safe shutdown equipment. A short-to-ground is a fire-induced breakdown of a cable insulation system resulting in the potential on the conductor being applied to ground potential. A short-to-ground can cause a loss of power to or control of required safe shutdown equipment. In addition, a short-to-ground may affect other equipment in the electrical power distribution system in the cases where proper coordination does not exist.
Consider the following consequences in the post-fire safe shutdown analysis when determining the effects of circuit failures related to shorts-to-ground:
- A short to ground in a power or a control circuit may result in tripping one or more isolation devices (i.e. breaker/fuse) and causing a loss of power to or control of required safe shutdown equipment.
- In the case of certain energized equipment such as HVAC dampers, a loss of control power may result in loss of power to an interlocked relay or other device that may cause one or more spurious operations.
3.5.2.2 Circuit Failures Due to a Short-to-Ground [A, General]
This section provides specific examples of shorts to ground on a representative sample of typical control and power circuits Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider shorts to ground. This section provides information related to the effects of a short to ground on diferent types of typical circuits.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1.1, B.7.1
,, Rev.,
Section 3.17 NEI 00-01 Guidance NEI 00-01 Ref This section provides guidance for addressing the effects of a short-to-ground on circuits for safe shutdown equipment. A short-to-ground is a fire-induced 3.5.2.2 Circuit Failures Due to Page 41 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis breakdown of a cable insulation system resulting in the potential on the conductor being applied to ground potential. A short-to-ground can cause a loss of power to or control of required safe shutdown equipment. In addition, a short-to-ground may affect other equipment in the electrical power distribution system in the cases where proper coordination does not exist.
Short-to-Ground on Grounded Circuits Typically, in the case of a grounded circuit, a short-to-ground on any part of the circuit would present a concern for tripping the circuit isolation device thereby causing a loss of control power.
Figure 3.5.2-2 illustrates how a short-to-ground fault may impact a grounded circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-2]
Short-to-ground No. 1:
A short-to-ground at location No. 1 will result in the control power fuse blowing and a loss of power to the control circuit. This will result an inability to operate the equipment using the control switch. Depending on the coordination characteristics between the protective device on this circuit and upstream circuits, the power supply to other circuits could be affected.
Short-to-ground No. 2:
A short-to-ground at location No. 2 will have no effect on the circuit until the close/stop control switch is closed. Should this occur, the effect would be identical to that for the short-to-ground at location No. 1 described above. Should the open/start control switch be closed prior to closing the close/stop control switch, the equipment will still be able to be opened/started.
a Short-to-Ground [B, Grounded Circuits]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider shorts to ground. This section provides information related to the effects of a short to ground on typical grounded circuits.
,, Rev.,
Section 3.17 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.1.1, B.7.1 NEI 00-01 Guidance NEI 00-01 Ref Short-to-Ground on Ungrounded Circuits In the case of an ungrounded circuit, postulating only a single short-to-ground on any part of the circuit may not result in tripping the circuit isolation device. Another short-to-ground on the circuit or another circuit from the same source would need to exist to cause a loss of control power to the circuit.
Figure 3.5.2-3 illustrates how a short to ground fault may impact an ungrounded circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-3]
Short-to-ground No. 1: A short-to-ground at location No. 1 will result in the control power fuse blowing and a loss of power to the control circuit if short-to-ground No.
3 also exists either within the same circuit or on any other circuit fed from the same power source. This will result in an inability to operate the equipment using the control switch. Depending on the coordination characteristics between the protective device on this circuit and upstream circuits, the power supply to other circuits could be affected.
3.5.2.2 Circuit Failures Due to a Short-to-Ground [C, Ungrounded Circuits]
Page 42 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis Short-to-ground No. 2:
A short-to-ground at location No. 2 will have no effect on the circuit until the close/stop control switch is closed. Should this occur, the effect would be identical to that for the short-to-ground at location No. 1 described above. Should the open/start control switch be closed prior to closing the close/stop control switch, the equipment will still be able to be opened/started.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider shorts to ground. This section provides information related to the effects of a short to ground on typical ungrounded circuits.
,, Rev.,
Section 3.23 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.1.1, B.7.1 NEI 00-01 Guidance NEI 00-01 Ref This section provides guidance for analyzing the effects of a hot short on circuits for required safe shutdown equipment. A hot short is defined as a fire-induced insulation breakdown between conductors of the same cable, a different cable or some other external source resulting in an undesired impressed voltage on a specific conductor. The potential effect of the undesired impressed voltage would be to cause equipment to operate or fail to operate in an undesired manner.
Consider the following specific circuit failures related to hot shorts as part of the post-fire safe shutdown analysis:
- A hot short between an energized conductor and a de-energized conductor within the same cable may cause a spurious actuation of equipment. The spuriously actuated device (e.g., relay) may be interlocked with another circuit that causes the spurious actuation of other equipment. This type of hot short is called a conductor-to-conductor hot short or an internal hot short.
- A hot short between any external energized source such as an energized conductor from another cable (thermoplastic cables only) and a de-energized conductor may also cause a spurious actuation of equipment. This is called a cable-to-cable hot short or an external hot short. Cable-to-cable hot shorts between thermoset cables are not postulated to occur pending additional research.
3.5.2.3 Circuit Failures Due to a Hot Short [A, General]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider hot shorts.
This section provides information related to the effects of a hot short on typical circuits.
,, Rev.,
Section 3.14 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1.1, B.7.1 Page 43 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis NEI 00-01 Guidance NEI 00-01 Ref A Hot Short on Grounded Circuits A short-to-ground is another failure mode for a grounded control circuit. A short-to-ground as described above would result in de-energizing the circuit. This would further reduce the likelihood for the circuit to change the state of the equipment either from a control switch or due to a hot short. Nevertheless, a hot short still needs to be considered. Figure 3.5.2-4 shows a typical grounded control circuit that might be used for a motor-operated valve. However, the protective devices and position indication lights that would normally be included in the control circuit for a motor-operated valve have been omitted, since these devices are not required to understand the concepts being explained in this section. In the discussion provided below, it is assumed that a single fire in a given fire area could cause any one of the hot shorts depicted. The following discussion describes how to address the impact of these individual cable faults on the operation of the equipment controlled by this circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-4]
Hot short No. 1:
A hot short at this location would energize the close relay and result in the undesired closure of a motor-operated valve.
Hot short No. 2:
A hot short at this location would energize the open relay and result in the undesired opening of a motor-operated valve.
3.5.2.3 Circuit Failures Due to a Hot Short [B, Grounded Circuits]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider hot shorts.
This section provides information related to the effects of a hot short on typical grounded circuits.
,, Rev.,
Section 3.14 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1.1, B.7.1 NEI 00-01 Guidance NEI 00-01 Ref A Hot Short on Ungrounded Circuits In the case of an ungrounded circuit, a single hot short may be sufficient to cause a spurious operation. A single hot short can cause a spurious operation if the hot short comes from a circuit from the positive leg of the same ungrounded source as the affected circuit.
In reviewing each of these cases, the common denominator is that in every case, the conductor in the circuit between the control switch and the start/stop coil must be involved.
Figure 3.5.2-5 depicted below shows a typical ungrounded control circuit that might be used for a motor-operated valve. However, the protective devices and position indication lights that would normally be included in the control circuit for a motor-operated valve have been omitted, since these devices are not required to understand the concepts being explained in this section.
3.5.2.3 Circuit Failures Due to a Hot Short [C, Ungrounded Circuits]
Page 44 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.2 Nuclear Safety Capability Circuit Analysis In the discussion provided below, it is assumed that a single fire in a given fire area could cause any one of the hot shorts depicted. The discussion provided below describes how to address the impact of these cable faults on the operation of the equipment controlled by this circuit.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-5]
Hot short No. 1:
A hot short at this location from the same control power source would energize the close relay and result in the undesired closure of a motor operated valve.
Hot short No. 2:
A hot short at this location from the same control power source would energize the open relay and result in the undesired opening of a motor operated valve.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The Plant USA SSA does consider hot shorts.
This section provides information related to the effects of a hot short on typical ungrounded circuits.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Sections A.1.1, B.7.1
,, Rev.,
Section 3.14 Page 45 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
Nuclear Safety Equipment and Cable Location. Physical location of equipment and cables shall be identified.
NEI 00-01 Guidance NEI 00-01 Ref Identify the routing for each cable including all raceway and cable endpoints. Typically, this information is obtained from joining the list of safe shutdown cables with an existing cable and raceway database 3.3.3.4 Identify Routing of Cables As a minimum, the cable to fire area information must be obtained.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Cable to raceway information is contained in the Cable Information Form of the FSSPMD.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Cable Information Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.3.1 NEI 00-01 Guidance NEI 00-01 Ref Identify the fire area location of each raceway and cable endpoint identified in the previous step and join this information with the cable routing data. In addition, identify the location of field-routed cable by fire area. This produces a database containing all of the cables requiring fire area analysis, their locations by fire area, and their raceway.
3.3.3.5 Identify Location of Raceway and Cables by Fire Area The particular raceway a cable is routed in within the fire area under consideration is important in a risk-informed, performance-based approach.
Such information helps the analyst determine the extent to which the cable may be damaged in a credible fire scenario.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The fire area routing of each cable was identified and entered in the FSSPMD.
Raceway to fire area information is not contained, but will be added to support the transitions to NFPA 805.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Cable Information Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.3 45 The FSSPMD does not contain the raceway to fire area link required by Section 3.3.3.5 of NEI 00-01. This information is in a database that has been validated for upload into the FSSPMD.
Open Open Item ID Open Item Description Open/Closed Disposition Page 46 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref The evaluation of associated circuits of a common power source consists of verifying proper coordination between the supply breaker/fuse and the load breakers/fuses for power sources that are required for safe shutdown. The concern is that, for fire damage to a single power cable, lack of coordination between the supply breaker/fuse and the load breakers/fuses can result in the loss of power to a safe shutdown power source that is required to provide power to safe shutdown equipment.
For the example shown in Figure 3.5.2-6, the circuit powered from load breaker 4 supplies power to a non-safe shutdown pump. This circuit is damaged by fire in the same fire area as the circuit providing power to from the Train B bus to the Train B pump, which is redundant to the Train A pump.
To assure safe shutdown for a fire in this fire area, the damage to the non-safe shutdown pump powered from load breaker 4 of the Train A bus cannot impact the availability of the Train A pump, which is redundant to the Train B pump. To assure that there is no impact to this Train A pump due to the associated circuits common power source breaker coordination issue, load breaker 4 must be fully coordinated with the feeder breaker to the Train A bus.
[Refer to hard copy of NEI 00-01 Rev. 1 for Figure 3.5.2-6]
A coordination study should demonstrate the coordination status for each required common power source. For coordination to exist, the time-current curves for the breakers, fuses and/or protective relaying must demonstrate that a fault on the load circuits is isolated before tripping the upstream breaker that supplies the bus.
Furthermore, the available short circuit current on the load circuit must be considered to ensure that coordination is demonstrated at the maximum fault level.
The methodology for identifying potential associated circuits of a common power source and evaluating circuit coordination cases of associated circuits on a single circuit fault basis is as follows:
- Identify the power sources required to supply power to safe shutdown equipment.
- For each power source, identify the breaker/fuse ratings, types, trip settings and coordination characteristics for the incoming source breaker supplying the bus and the breakers/fuses feeding the loads supplied by the bus.
- For each power source, demonstrate proper circuit coordination using acceptable industry methods.
- For power sources not properly coordinated, tabulate by fire area the routing of cables whose breaker/fuse is not properly coordinated with the supply breaker/fuse. Evaluate the potential for disabling power to the bus in each of the fire areas in which the associated circuit cables of concern are routed and the power source is required for safe shutdown. Prepare a list of the following information for each fire area:
- Cables of concern.
- Affected common power source and its path.
- Raceway in which the cable is enclosed.
- Sequence of the raceway in the cable route.
- Fire zone/area in which the raceway is located.
For fire zones/areas in which the power source is disabled, the effects are mitigated by appropriate methods.
Develop analyzed safe shutdown circuit dispositions for the associated circuit of concern cables routed in an area of the same path as required by the power source. Evaluate adequate separation based upon the criteria in Appendix R, NRC staff guidance, and plant licensing bases.
3.5.2.4 Circuit Failures Due to Inadequate Circuit Coordination Comments Applicability Page 47 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
Applicable Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Associated circuits by common power supply were identified and dispositioned during the cable selection and circuit analysis process.
Where a lack of coordination created a compliance issue, the cables were dispositioned in a manner similar to other cables in the area under analysis that could adversely affect safe shutdown.
,, Rev.,
Sections 9.2.17, 9.5.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Component, Cable, and Fault Tree Logic Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.2.1 NEI 00-01 Guidance NEI 00-01 Ref The common enclosure associated circuit concern deals with the possibility of causing secondary failures due to fire damage to a circuit either whose isolation device fails to isolate the cable fault or protect the faulted cable from reaching its ignition temperature, or the fire somehow propagates along the cable into adjoining fire areas.
The electrical circuit design for most plants provides proper circuit protection in the form of circuit breakers, fuses and other devices that are designed to isolate cable faults before ignition temperature is reached. Adequate electrical circuit protection and cable sizing are included as part of the original plant electrical design maintained as part of the design change process. Proper protection can be verified by review of as-built drawings and change documentation. Review the fire rated barrier and penetration designs that preclude the propagation of fire from one fire area to the next to demonstrate that adequate measures are in place to alleviate fire propagation concerns.
3.5.2.5 Circuit Failures Due to Common Enclosure Concerns Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns FPIP does not reference a particular common enclosure study. The SSER 3 approval of the plant's common enclosure response is contained within the "Alternate Shutdown" review, but clearly applies to all plant fire areas.
,, Rev.,
Section 9.5.3 Page 48 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.3 Nuclear Safety Equipment and Cable Location.
Aligns FPIP does not reference a particular common enclosure study. The SSER 3 approval of the plant's common enclosure response is contained within the "Alternate Shutdown" review, but clearly applies to all plant fire areas.
NUREG-1038, Safety Evaluation Report Related to the Operation of the Plant USA Nuclear Power Plant, Units 1 and 2 -
Docket Nos. STN-50-400 and STN 50-401, Rev.
Original, 11/1/1983 SSER 3, page 9-15 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.7.2 Page 49 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Fire Area Assessment. An engineering analysis shall be performed in accordance with the requirements of Section 2.3 for each fire area to determine the effects of fire or fire suppression activities on the ability to achieve the nuclear safety performance criteria of Section 1.5. [See Chapter 4 for methods of achieving these performance criteria (performance-based or deterministic).
NEI 00-01 Guidance NEI 00-01 Ref By determining the location of each component and cable by fire area and using the cable to equipment relationships described above, the affected safe shutdown equipment in each fire area can be determined. Using the list of affected equipment in each fire area, the impacts to safe shutdown systems, paths and functions can be determined. Based on an assessment of the number and types of these impacts, the required safe shutdown path for each fire area can be determined.
The specific impacts to the selected safe shutdown path can be evaluated using the circuit analysis and evaluation criteria contained in Section 3.5 of this document.
Having identified all impacts to the required safe shutdown path in a particular fire area, this section provides guidance on the techniques available for individually mitigating the effects of each of the potential impacts.
3.4 Fire Area Assessment and Compliance Assessment Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns This introductory paragraph provides an overview fo the compliance assessment process that was generally followed by Plant USA.
,, Rev.,
Sections 9.2, 9.3, and 9.6 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10.1 NEI 00-01 Guidance NEI 00-01 Ref The following criteria and assumptions apply when performing fire area compliance assessment to mitigate the consequences of the circuit failures identified in the previous sections for the required safe shutdown path in each fire area.
3.4.1 Criteria / Assumptions Introductory information directing use of the suggested methodology.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Specific criteria are addressed in the sub-pargraph sections.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10
,, Rev.,
Section 9.0.
NEI 00-01 Guidance NEI 00-01 Ref Assume only one fire in any single fire area at a time.
3.4.1.1 [Number of Postulated Fires]
Comments Applicability Page 50 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Applicable Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns A separate fire is not postulated to occur before, during, or following the fire in accordance with NUREG-0800..
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.3.6
,, Rev.,
Section 9.1.7 NEI 00-01 Guidance NEI 00-01 Ref Assume that the fire may affect all unprotected cables and equipment within the fire area. This assumes that neither the fire size nor the fire intensity is known.
This is conservative and bounds the exposure fire that is required by the regulation.
3.4.1.2 [Damage to Unprotected Equipment and Cables]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The analysis considers all potential failures in each area analyzed.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section A.3.11 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Fault Tree Logic
,, Rev.,
Sections 9.1.11, 9.1.12.
N/A, Progress Energy Fire Safe Shutdown Program Manager Database User's Manual, Rev. 001, Section 5.0.
NEI 00-01 Guidance NEI 00-01 Ref Address all cable and equipment impacts affecting the required safe shutdown path in the fire area. All potential impacts within the fire area must be addressed.
The focus of this section is to determine and assess the potential impacts to the required safe shutdown path selected for achieving post-fire safe shutdown and to assure that the required safe shutdown path for a given fire area is properly protected.
3.4.1.3 [Assess Impacts to Required Components]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Page 51 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Aligns The use of the CAFTA Fault Tree tool does not require that all affected components be addressed. Components must be addressed until the fault tree shows success.
N/A, Progress Energy Fire Safe Shutdown Program Manager Database User's Manual, Rev. 001, Section 5.0.
,, Rev.,
Sectio 9.0 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Fault Tree Logic NEI 00-01 Guidance NEI 00-01 Ref Use manual actions where appropriate to achieve and maintain post-fire safe shutdown conditions in accordance with NRC requirements.
3.4.1.4 [Manual Actions]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent The specific criteria regarding what constitutes a feasible manual action, a previously approved manual action, and an acceptable manual action are all under review within the FAQ process and other industry and NRC intitiatives.
EGR-NGGC-0102, Safe Shutdown/Fire Protection Review, Rev. 006,
,, Rev.,
Section 9.2.9.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10.1.1 46 The use of manual actions (recovery actions under NFPA-805) is under review through the FAQ process and other industry initiatives. Resolution of the applicable FAQs will determine the suitablity of the plant's credited manual actions.
Open Open Item ID Open Item Description Open/Closed Disposition Page 52 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Corrective Action Reference Change Eval / Modification Candidate Change Eval / Modification Reference Supporting Detail No NEI 00-01 Guidance NEI 00-01 Ref Where appropriate to achieve and maintain cold shutdown within 72 hours8.333333e-4 days <br />0.02 hours <br />1.190476e-4 weeks <br />2.7396e-5 months <br />, use repairs to equipment required in support of post fire shutdown.
3.4.1.5 [Repairs]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Repairs are considered recovery actioins under NFPA 805. Currently, the analysis does not credit any cold shutdown repairs.
,, Rev.,
Section 9.2.4 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, tbl_EXCEPT_CS Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10.1.1, Item 4 NEI 00-01 Guidance NEI 00-01 Ref Appendix R compliance requires that one train of systems necessary to achieve and maintain hot shutdown conditions from either the control room or emergency control station(s) is free of fire damage (III.G.1.a). When cables or equipment, including associated circuits, are within the same fire area outside primary containment and separation does not already exist, provide one of the following means of separation for the required safe shutdown path(s):
- Separation of cables and equipment and associated nonsafety circuits of redundant trains within the same fire area by a fire barrier having a 3-hour rating (III.G.2.a)
- Separation of cables and equipment and associated nonsafety circuits of redundant trains within the same fire area by a horizontal distance of more than 20 feet with no intervening combustibles or fire hazards. In addition, fire detectors and an automatic fire suppression system shall be installed in the fire area (III.G.2.b).
- Enclosure of cable and equipment and associated non-safety circuits of one redundant train within a fire area in a fire barrier having a one-hour rating. In addition, fire detectors and an automatic fire suppression system shall be installed in the fire area (III.G.2.c).
For fire areas inside noninerted containments, the following additional options are also available:
- Separation of cables and equipment and associated nonsafety circuits of redundant trains by a horizontal distance of more than 20 feet with no intervening combustibles or fire hazards (III.G.2.d);
- Installation of fire detectors and an automatic fire suppression system in the fire area (III.G.2.e); or
- Separation of cables and equipment and associated non-safety circuits of redundant trains by a noncombustible radiant energy shield (III.G.2.f).
Use exemptions, deviations and licensing change processes to satisfy the requirements mentioned above and to demonstrate equivalency depending upon the 3.4.1.6 [Assess Compliance with Deterministic Criteria]
Page 53 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
plant's license requirements.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The sections of Appendix R referneced in NEI 00-01 are mirrored in Sections C.5.b and C.7.a.(1)(b). The similar deterministic critereria of NFPA-805 are part of the acceptable compliance strategies used in the revalidation.
,, Rev.,
Section 9.2.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10.1.1 NEI 00-01 Guidance NEI 00-01 Ref Consider selecting other equipment that can perform the same safe shutdown function as the impacted equipment. In addressing this situation, each equipment impact, including spurious operations, is to be addressed in accordance with regulatory requirements and the NPPs current licensing basis.
3.4.1.7 [Consider Additional Equipment]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns with intent This consideration is not clearly stated but is inherent in perfoming safe shutdown analyses.
Proof that this was considered is the inclusion of the Normal Service Water System as a credited system in the analyisis during the re-validation.
,, Rev.,
,, Rev.,
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 EGR-NGGC-0102, Safe Shutdown/Fire Protection Review, Rev. 006,
,, Rev.,
NEI 00-01 Guidance NEI 00-01 Ref Consider the effects of the fire on the density of the fluid in instrument tubing and any subsequent effects on instrument readings or signals associated with the 3.4.1.8 [Consider Instrument Page 54 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
protected safe shutdown path in evaluating post-fire safe shutdown capability. This can be done systematically or via procedures such as Emergency Operating Procedures.
Tubing Effects]
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Instrument tubing and its routing is included in the FSSPMD. When necessary, it is treated in a manner similar to that in which cable damage is assessed.
,, Rev.,
Section 9.2.8 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.9 and Appendix 11
,, Rev.,
Section 9.1.6 NEI 00-01 Guidance NEI 00-01 Ref Refer to Figure 3-5 for a flowchart illustrating the various steps involved in performing a fire area assessment.
Use the following methodology to assess the impact to safe shutdown and demonstrate Appendix R compliance:
[Refer to hard copy of NEI 00-01 for Figure 3-5]
3.4.2 Methodology for Fire Area Assessment Introductory Information.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Specific requikrements are detailed in the sub-paragraphs.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10
,, Rev.,
Section 9.0 NEI 00-01 Guidance NEI 00-01 Ref Identify the safe shutdown cables, equipment and systems located in each fire area that may be potentially damaged by the fire. Provide this information in a report format. The report may be sorted by fire area and by system in order to understand the impact to each safe shutdown path within each fire area (see Attachment 5 for an example of an Affected Equipment Report).
3.4.2.1 Identify the Affected Equipment by Fire Area The FSSPMD provides the affected equipment report in a Division I / Division II format.
Comments Applicable Applicability Page 55 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Affected equipment is sorted alpha-numerically by safe shutdown division.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Fault Tree Logic Reports (SSD Report)
,, Rev.,
Section 9.2.
NEI 00-01 Guidance NEI 00-01 Ref Based on a review of the systems, equipment and cables within each fire area, determine which shutdown paths are either unaffected or least impacted by a postulated fire within the fire area. Typically, the safe shutdown path with the least number of cables and equipment in the fire area would be selected as the required safe shutdown path. Consider the circuit failure criteria and the possible mitigating strategies, however, in selecting the required safe shutdown path in a particular fire area. Review support systems as a part of this assessment since their availability will be important to the ability to achieve and maintain safe shutdown. For example, impacts to the electric power distribution system for a particular safe shutdown path could present a major impediment to using a particular path for safe shutdown. By identifying this early in the assessment process, an unnecessary amount of time is not spent assessing impacts to the frontline systems that will require this power to support their operation.
Based on an assessment as described above, designate the required safe shutdown path(s) for the fire area. Identify all equipment not in the safe shutdown path whose spurious operation or mal-operation could affect the shutdown function. Include these cables in the shutdown function list. For each of the safe shutdown cables (located in the fire area) that are part of the required safe shutdown path in the fire area, perform an evaluation to determine the impact of a fire-induced cable failure on the corresponding safe shutdown equipment and, ultimately, on the required safe shutdown path.
When evaluating the safe shutdown mode for a particular piece of equipment, it is important to consider the equipments position for the specific safe shutdown scenario for the full duration of the shutdown scenario. It is possible for a piece of equipment to be in two different states depending on the shutdown scenario or the stage of shutdown within a particular shutdown scenario. Document information related to the normal and shutdown positions of equipment on the safe shutdown equipment list.
3.4.2.2 Determine the Shutdown Paths Least Impacted By a Fire in Each Fire Area At Harris, the least affected "division" may be selected as a starting point since specific safe shutdown paths are not identified.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Specific safe shutdown paths are not designated or identified. The least affected safe shutdown division is selected and the CAFTA Fault Tree and other iinformation in the FSSPMD is used to develop the best oversall safe shutdown strategy.
,, Rev.,
Section 9.0.
,, Rev.,
Sections 9.2 and 9.3.
,, Rev.,
Sectioin 9.1 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Page 56 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Aligns Specific safe shutdown paths are not designated or identified. The least affected safe shutdown division is selected and the CAFTA Fault Tree and other iinformation in the FSSPMD is used to develop the best oversall safe shutdown strategy.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10 NEI 00-01 Guidance NEI 00-01 Ref Using the circuit analysis and evaluation criteria contained in Section 3.5 of this document, determine the equipment that can impact safe shutdown and that can potentially be impacted by a fire in the fire area, and what those possible impacts are.
3.4.2.3 Determine Safe Shutdown Equipment Impacts Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns The FSSPMD Fault Tree Logic SSD Report provides a list of equipment potentially affected by the fire. The augmented CAFTA Fault Tree further displays the potential consequences of that potential damage. The Circuit Information Form from FSSPMD provides the FMEA for all cables assigned to the component, so the effects of the postulated fire damage can be readily determined.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, Fault Tree Logic Reports Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10 NEI 00-01 Guidance NEI 00-01 Ref The available deterministic methods for mitigating the effects of circuit failures are summarized as follows (see Figure 1-2):
- Provide a qualified 3-fire rated barrier.
- Provide a 1-hour fire rated barrier with automatic suppression and detection.
- Provide separation of 20 feet or greater with automatic suppression and detection and demonstrate that there are no intervening combustibles within the 20 foot separation distance.
- Reroute or relocate the circuit/equipment, or perform other modifications to resolve vulnerability.
- Provide a procedural action in accordance with regulatory requirements.
- Perform a cold shutdown repair in accordance with regulatory requirements.
- Identify other equipment not affected by the fire capable of performing the same safe shutdown function.
- Develop exemptions, deviations, Generic Letter 86-10 evaluation or fire protection design change evaluations with a licensing change process.
Additional options are available for non-inerted containments as described in 10 CFR 50 Appendix R section III.G.2.d, e and f.
3.4.2.4 Develop a Compliance Strategy or Disposition to Mitigate the Effects Due to Fire Damage to Each Required Component or Cable Comments Applicable Applicability Page 57 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Compliance strategies are entered into the database as described in FPIP-0106 and the FSSPMD User's Manual. The FSSPMD Fault Tree Logic Report "Fire Area Summary Report" details the compliance strategies used in each fire area. These reports are included in Appndix 18 of Plant USA-E/ELEC-0001.
,, Rev.,
Section 9.2 Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, SSD and Fire Area Summary Reports Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10.1.1 and Appendix 18 N/A, Progress Energy Fire Safe Shutdown Program Manager Database User's Manual, Rev. 001, Section 5.0.
NEI 00-01 Guidance NEI 00-01 Ref Assign compliance strategy statements or codes to components or cables to identify the justification or mitigating actions proposed for achieving safe shutdown.
The justification should address the cumulative effect of the actions relied upon by the licensee to mitigate a fire in the area. Provide each piece of safe shutdown equipment, equipment not in the path whose spurious operation or mal-operation could affect safe shutdown, and/or cable for the required safe shutdown path with a specific compliance strategy or disposition. Refer to Attachment 6 for an example of a Fire Area Assessment Report documenting each cable disposition.
3.4.2.5 Document the Compliance Strategy or Disposition Determined to Mitigate the Effects Due to Fire Damage to Each Required Component or Cable In the CAFTA fault tree, basic events and gates are recovered until "success" is achieved. All affected equipment is not required to be addressed.
Comments Applicable Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Resolution strategies are added to the augmented fault tree until the fault tree indicates success and that it has been demonstrated that safe shutdown can be achieved.
Plant USA FSSPMD R16 00, Fire Safe Shutdown Program Manager Database, Rev. 016, SSD and Fire Area Summary Report
,, Rev.,
Section 9.2 N/A, Progress Energy Fire Safe Shutdown Program Manager Database User's Manual, Rev. 001, Section 5.0 Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Section B.10.1.1 Page 58 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
NEI 00-01 Guidance NEI 00-01 Ref Determination of the potential consequence of the damaged associated circuits is based on the examination of specific NPP piping and instrumentation diagrams (P&IDs) and review of components that could prevent operation or cause maloperation such as flow diversions, loss of coolant, or other scenarios that could significantly impair the NPPs ability to achieve and maintain hot shutdown. When considering the potential consequence of such failures, the [analyst] should also consider the time at which the prevented operation or maloperation occurs. Failures that impede hot shutdown within the first hour of the fire tend to be most risk significant in a first-order evaluation. Consideration of cold-shutdown circuits is deferred pending additional research.
3.5.1.5 [C, Likelihood of Undesired Consequences]
Comments Applicability Doc. Details Reference Document Comments Unit Alignment Basis Alignment Statement Aligns Plant USA performed a multiple spurious operations review in accordance with the guidelines of NRC RIS 2004-03. The results of the review are contained in Appendix 14 of the safe shutdown analysis.
Plant USA-E/ELEC-0001, Safe Shutdown in Case of Fire and Fire Hazards Analysis, Rev. 0, 6/2/2006 Appendix 14 Page 59 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4
Table B-2 Nuclear Safety Capability Assessment Methodology Review NFPA 805 Section: 2.4.2.4 Fire Area Assessment.
Page 60 of 60 Plant USA Test Plant USA for Transition Report Examples Jan. 2008.mdb 1/3/2008 Transition Tool Version 1.0.4