ML081350025

From kanterella
Jump to navigation Jump to search
Final Precursor Analysis - Brunswick 2 (LER 324/06-001)
ML081350025
Person / Time
Site: Brunswick Duke Energy icon.png
Issue date: 05/28/2008
From:
Office of Nuclear Regulatory Research
To:
References
IR-07-008, LER 06-001-00
Download: ML081350025 (19)
v  d  e


Text

Final Precursor Analysis Accident Sequence Precursor Program - Office of Nuclear Regulatory Research Brunswick Unit 2 Reactor Trip and Loss of Offsite Power Caused by Line-to-Ground Fault on the Startup Auxiliary Transformer EVENT DATE: 11/01/2006 LER: 324/2006-001 IR: 50-324/2007-08 Mean CCDP = 6x10-6 EVENT

SUMMARY

Event Description. On November 1, 2006, at approximately 1823, Unit 2 experienced a loss of the unit's startup auxiliary transformer (SAT) resulting in a loss of reactor forced circulation and a manual reactor protection system actuation. All control rods properly inserted when the manual reactor scram was performed. Due to the loss of the SAT, offsite power to the unit's emergency busses was lost when the Unit 2 main generator tripped. The four emergency diesel generators (EDGs) properly started and EDGs 3 and 4 supplied the Unit 2 emergency busses.

The appropriate primary containment isolations occurred upon the loss of power to the unit's power busses. During the transient response and subsequent stabilization and cooldown, reactor water level and reactor pressure were controlled by intermittent use of high pressure coolant injection (HPCI), reactor core isolation cooling (RCIC), safety relief valves (SRVs), and the control rod drive (CRD) system.

Offsite power was restored to the Unit 2 emergency busses through a backfeed to the UAT at 1745 on November 2, 2006. Additional details of this event are provided in References 1 and 2.

In addition, Appendix A provides the sequence of key events.

Cause. Loss of the SAT was caused by an ineffective mechanical connection between the SAT's x-winding non-segregated bus and the associated bus bar. The root cause of the event is the ineffective connection combined with the fact that the condition monitoring performed for this bus was not adequate to detect the latent problem.

Additional Event Details.

At approximately 0400 on November 2, EDG 1 tripped on low lubricating oil pressure.

Prior to the EDG tripping, high lubricating oil strainer differential pressure alarms were received on both filter elements of the systems duplex strainer. Corrective maintenance on EDG 1 later found the engines Main Crankshaft Bearing 9 had failed.

A Unit 2 power-operated relief valve opened and closed 48 minutes into the event.

During this event, SRV 2F spuriously closed twice (for approximately a minute each time) with the control switch in the on position. No other SRVs demonstrated abnormal response during the event and stroking of all SRVs has been observed with no deficiencies noted. Post-maintenance testing confirmed the operability of all SRVs prior to startup of the unit.

Recovery Opportunities. Offsite power was restored to the Unit 2 emergency busses approximately 23 hours2.662037e-4 days <br />0.00639 hours <br />3.80291e-5 weeks <br />8.7515e-6 months <br /> after the initiation of the event occurred. Although offsite power was not immediately supplied to Unit 2 busses, power was available from the grid the entire time, via the 1

May 28, 2008

LER 324/06-001 path by which it was ultimately recovered. There are multiple paths from the grid to the safety busses.

Analysis Rules. The ASP program uses significance determination process (SDP) results for degraded conditions when available. However, the ASP program performs independent initiating event analysis when an initiator occurs and a condition analysis when there are no performance deficiencies identified for a particular event. In addition, the ASP program analyzes separate degraded conditions that were present during the same period and similar degraded conditions on an individual system or component that had different performance deficiencies.

A WHITE finding was identified for Unit 1 concerning the failure of EDG 1 and is described in Reference 2. Therefore, this analysis focuses solely on the risk of the reactor trip and LOOP that occurred at Unit 2.

ANALYSIS RESULTS Conditional Core Damage Probability The conditional core damage probability (CCDP), for this event is 5.2x10-6 (point estimate).

The results of an uncertainty assessment on the CCDP are summarized below.

5%

Mean 95%

Brunswick 2 1.2x10-6 5.6x10-6 1.5x10-5 The Accident Sequence Precursor Program acceptance threshold is a CCDP of 1x10-6 or the CCDP equivalent of an uncomplicated reactor trip with a non-recoverable loss of secondary plant systems (e.g., feedwater and condensate), whichever is greater. This CCDP equivalent for Brunswick 2 is 4x10-6 Dominant Sequences Three dominant core damage sequences appear for this event analysis. The sequence with the highest CCDP is LOOP Sequence 6 (CCDP = 2.6x10-6, 50% of the total CCDP).

The events and important component failures for LOOP Sequence 6 (shown in Figure 1 of Appendix B) include:

LOOP initiating event, successful reactor trip, successful emergency power, SRVs close, successful high pressure injection, failure of suppression pool cooling, successful manual reactor depressurization, successful low pressure injection (LCS or LPCI),

failure of containment spray, failure of containment venting, and failure of late injection after containment failure.

2 May 28, 2008

LER 324/06-001 The sequence with the second highest CCDP is LOOP Sequence 25 (CCDP = 1.1x10-6, 21% of the total CCDP). The events and important component failures for LOOP Sequence 25 (shown in Figure 1 of Appendix B) include:

LOOP initiating event, successful reactor trip, successful emergency power, SRVs close, failure of high pressure injection, and failure of manual reactor depressurization.

The sequence with the third highest CCDP is LOOP Sequence 4 (CCDP = 1.0x10-6, 19%

of the total CCDP). The events and important component failures for LOOP Sequence 4 (shown in Figure 1 of Appendix B) include:

LOOP initiating event, successful reactor trip, successful emergency power, SRVs close, successful high pressure injection, failure of suppression pool cooling, successful manual reactor depressurization, successful low pressure injection (LCS or LPCI),

failure of containment spray, successful containment venting, and failure of late injection.

Results Tables The conditional probabilities for the dominant sequences are shown in Table 1.

The event tree sequence logics for the dominant sequences are presented in Table 2a.

Table 2b defines the nomenclature used in Table 2a.

The most important cut sets for the dominant sequences are listed in Table 3a and 3b.

Definitions and probabilities for modified or dominant basic events are provided in Table 4.

MODELING ASSUMPTIONS Analysis Type The Revision 3-Plus (Change 3.42) of the Brunswick 2 Standardized Plant Analysis Risk (SPAR) model (Reference 3) created in April 2008 was used for this assessment. This event was modeled as a Unit 2, plant-centered loss of offsite power initiating event and the failure of Unit 1 EDG to run.

Unique Design Features A significant degree of sharing of equipment between units exists at Brunswick (e.g., the suppression pool cooling function). Electrical bus cross-ties exist between Unit 1 and Unit

2. These are important features of the SPAR model.

3 May 28, 2008

LER 324/06-001 Modeling Assumptions Summary Key Modeling Assumption. Although offsite power was not immediately supplied to Unit 2 busses, ac power was available to supply the Unit 2 emergency busses via a backfeed through the UAT. For this analysis, it was assumed that failure of all such paths would require failure of the common elements of those paths, namely either the implementing operator action, or one breaker between the UAT and the grid. For the shorter recovery time scales, the operator action dominates.

Other Modeling Assumption. No significant impact is associated with the spurious closure of one SRV.

Basic Event Probability Changes Table 4 provides all the basic events that were modified to reflect the best estimate of the conditions during the event. The basis for these changes is provided below:

DUAL-UNIT-LOOP set to FALSE. This fractional event was set to FALSE to reflect that only Unit 2 emergency busses lost offsite power. Although emergency busses at Unit 1 did not lose offsite power, both EDGs at Unit 1 started on demand and were running with no electrical load. Two division cross-tie capabilities from Unit 1, if needed, were available (Bus E1 to Bus E3, Bus E2 to Bus E4).

EPS-DGN-TM-DG1 set to TRUE. EDG 1 failed to run after about 9.5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br /> of running. Offsite power was maintained to the Unit 1 busses throughout the event; therefore, EDG 1 was never loaded to a safety bus. Reference 2 noted that EDG 1 has physical characteristics that led to the bearing failure, and the other EDGs are not susceptible. Therefore, this failure is treated as an independent failure.1 IE-LOOP set to 1.0. Set the initiating event frequency to 1.0 due loss of offsite power to Unit 2. All other initiating event frequencies were set to zero.

LCS-ICC-HI-031ABCD set to 3.5x10-7. Based on discussion with Idaho National Laboratory, the base model SPAR value of 1.2x10-4 is an older value based on the licensee PSA. This event probability was changed to the updated SPAR value for the common-cause failure probability of four level transmitters.

OEP-XHE-XL-NR01H set to 1.0x10-2. Human error probability (HEP) was adjusted using the guidance provided in SPAR-H Human Reliability Analysis Method (Reference

4) and the RASP Handbook (Reference 5). See Appendix C for details.

OEP-XHE-XL-NR02H set to 1.0x10-2. HEP was adjusted using the guidance provided in References 4 and 5. See Appendix C for details.

OEP-XHE-XL-NR10H set to 1.0x10-3. HEP was adjusted using the guidance provided in References 4 and 5. See Appendix C for details.

OEP-XHE-XL-NR30M set to 1.0x10-1. HEP was adjusted using the guidance provided in References 4 and 5. See Appendix C for details.

1 A sensitivity run was made assuming the failure was not independent. The adjusted EDG common-cause failure probability had little impact on the overall CCDP for Unit 2.

4 May 28, 2008

LER 324/06-001 REFERENCES

1. LER 324/06-001 Rev. 0, Brunswick Steam Electric Plant, Unit 2-Loss of Startup Auxiliary Transformer Results in Unit 2 Manual Reactor Protection System Actuation, December 29, 2006.
2. U.S. Nuclear Regulatory Commission, Brunswick Steam Electric Plant-NRC Inspection Report 05000324/2007008, February 28, 2007.
3. Idaho National Laboratory, Standardized Plant Analysis Risk Model for Brunswick 1 and 2, Revision 3 Plus (Change 3.42), April 2008.
4. Idaho National Laboratory, NUREG/CR-6883: The SPAR-H Human Reliability Analysis Method, August 2005.
5. U.S. Nuclear Regulatory Commission, RASP Manual: Risk Assessment of Operating Events Handbook, January 2008.

5 May 28, 2008

LER 324/06-001 Table 1. Conditional core damage probabilities of dominating sequence.

Event tree name Sequence no.

CCDP1 Contribution (%)

LOOP 06 2.6E-6 50.0 LOOP 25 1.1E-6 21.2 LOOP 04 1.0E-6 19.2 Total (all sequences)2 5.2E-6 100

1. Values are point estimates.
2. Total CCDP includes all sequences (including those not shown in this table).

Table 2a. Event tree sequence logic for dominating sequence.

Event tree name Sequence no.

Logic

(/ denotes success; see Table 2b for top event names)

LOOP 06

/RPS /EPS /SRV /HPI SPC /DEP /LPI CSS CVS LI04 LOOP 25

/RPS /EPS /SRV HPI DEP LOOP 04

/RPS /EPS /SRV /HPI SPC /DEP LPI VA Table 2b. Definitions of top events listed in Table 2a.

Top Event Definition CSS Containment Spray CVS Containment Venting DEP Manual Reactor Depressurization EPS Emergency Power HPI High Pressure Injection LI Late Injection LI04 Late Injection After Containment Failure LPI Low Pressure Coolant Injection (LCS or LPCI)

RPS Reactor Shutdown SPC Suppression Pool Cooling SRV Safety Relief Valves Close VA Alternate Low Pressure Injection 6

May 28, 2008

LER 324/06-001 Table 3. Conditional cut sets for the dominant sequences.

CCDP Percent Contribution Minimum Cut Sets (of basic events)

Event Tree: LOOP, Sequence 06 6.0E-7 23.2 CVS-AOV-CC-V7 RHR-XHE-XM-ERROR 6.0E-7 23.2 CVS-AOV-CC-V8 RHR-XHE-XM-ERROR 5.0E-7 19.4 CVS-XHE-XM-VENT RHR-XHE-XM-ERROR 2.6E-6 100 Total (all cutsets)1 CCDP Percent Contribution Minimum Cut Sets (of basic events)

Event Tree: LOOP, Sequence 25 4.4E-7 41.5 DCP-BCH-CF-ALL 1.2E-7 11.3 ACP-TFM-FC-E3E7 ACP-CRB-CC-NORM_E4 1.2E-7 11.3 ACP-TFM-FC-E4E8 ACP-CRB-CC-NORM_E3 5.9E-8 5.6 ADS-XHE-XE-MDEP LCS-ICC-FC-31A LCS-ICC-FC-31B 5.9E-8 5.6 ADS-XHE-XE-MDEPR LCS-ICC-FC-31C LCS-ICC-FC-31D 1.1E-6 100 Total (all cutsets)1 CCDP Percent Contribution Minimum Cut Sets (of basic events)

Event Tree: LOOP, Sequence 04 5.0E-7 47.9 RHR-XHE-XM-ERROR OPR-XHE-XM-ALPI1 4.8E-8 4.6 DCP-BCH-LP-2B2 DCP-XHE-XA-ALTDC RHR-SYS-TM-A 3.8E-8 3.7 CRD-MDP-FC-BRUN ACP-BAC-LP-E8 RHR-SYS-TM-A 3.8E-8 3.7 CRD-MDP-FC-ARUN ACP-BAC-LP-E8 RHR-SYS-TM-A 1.0E-6 100 Total (all cutsets)1

1. Total CCDP includes all cutsets (including those not shown in this table).

7 May 28, 2008

LER 324/06-001 Table 4. Definitions and probabilities for modified and dominant basic events.

Event Name Description Probability/

Frequency (per year)

Modified ACP-BAC-LP-E8 DIVISION E8 AC POWER FAILS 9.6E-6 No ACP-CRB-CC-NORM_E3 FAILURE OF BUS E3 NORMAL FEEDER BREAKER TO OPEN 2.5E-3 No ACP-CRB-CC-NORM_E4 FAILURE OF BUS E4 NORMAL FEEDER BREAKER TO OPEN 2.5E-3 No ACP-TFM-FC-E3E7 FAILURE OF 4160/480 VAC TRANFORMER BETWEEN BUS E3 & E7 4.8E-5 No ACP-TFM-FC-E4E8 FAILURE OF 4160/480 VAC TRANFORMER BETWEEN BUS E4 & E8 4.8E-5 No ADS-XHE-XE-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 5.0E-4 No CRD-MDP-FC-ARUN CRD PUMP A IS RUNNING, PUMP B IS IN STANDBY 5.0E-1 No CRD-MDP-FC-BRUN CRD PUMP B IS RUNNING, PUMP A IS IN STANDBY 5.0E-1 No CVS-AOV-CC-V7 WETWELL VENT LINE INBOARD ISOLATION VALVE FAILS TO OPEN 1.2E-3 No CVS-AOV-CC-V8 WETWELL VENT LINE OUTBOARD ISOLATION VALVE FAILS TO OPEN 1.2E-3 No CVS-XHE-XM-VENT OPERATOR FAILS TO VENT CONTAINMENT 1.0E-3 No DCP-BAT-CF-ALL BATTERY CHARGERS FAIL FROM COMMON-CAUSE 4.4E-7 No DCP-BAT-LP-2B2 125V DC BATTERY 2B2 FAILS 4.8E-5 No DCP-XHE-XA-ALTDC FAILURE TO ALIGN ALTERNATE DC POWER SUPPLY 5.0E-2 No DUAL-UNIT-LOOP MULTIPLE UNIT LOOP HAS OCCURRED FALSE Yes EPS-DGN-TM-DG1 DIESEL GENERATOR 1 UNAVAILABLE DUE TO T&M TRUE Yes IE-LOOP INITIATING EVENT-LOSS OF OFFSITE POWER 1.0 Yes1 LCS-ICCC-FC-31A LEVEL TRANSMITTER B21-LT-N031A FAILS HIGH 1.1E-2 No LCS-ICCC-FC-31B LEVEL TRANSMITTER B21-LT-N031B FAILS HIGH 1.1E-2 No LCS-ICCC-FC-31C LEVEL TRANSMITTER B21-LT-N031C FAILS HIGH 1.1E-2 No LCS-ICCC-FC-31D LEVEL TRANSMITTER B21-LT-N031D FAILS HIGH 1.1E-2 No LCS-ICC-HI-031ABCD LEVEL INSTRUMENTS N031-A,B,C,D FAIL HI (PSA) 3.5E-7 Yes OEP-XHE-XL-NR01H OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 1 HOUR 1.0E-2 Yes2 OEP-XHE-XL-NR02H OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 2 HOURS 1.0E-2 Yes2 OEP-XHE-XL-NR10H OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 10 HOURS 1.0E-3 Yes2 OEP-XHE-XL-NR30M OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 30 MINUTES 1.0E-1 Yes2 8

May 28, 2008

LER 324/06-001 Probability/

Frequency Event Name Description Modified (per year)

OPR-XHE-XM-ALPI1 OPERATOR FAILS TO START/CONTROL ALTERNATE LP INJECTION 1.0E-3 No RHR-SYS-TM-1 RHR LOOP A UNAVAILABLE DUE TO T&M 8.0E-3 No RHR-XHE-XM-ERROR OPERATOR FAILS TO START/CONTROL RHR 5.0E-4 No

1. Set the IE frequency to 1.0. All other initiating event frequencies were set to zero.
2. See Appendix B for additional details.

9 May 28, 2008

LER 324/06-001 APPENDIX A SEQUENCE OF KEY EVENTS Table A-1. Sequence of Key Events for Brunswick Unit 2 Loss of Offsite Power (November 1, 2006).

Time Event Remarks Initial Conditions Both units initially at power.

None.

Unit 2 SAT is lost due to a fault on the x-winding non-segregated bus.

This causes loss of power to recirculation pumps.

Manual Scram, trip of main generator.

This causes loss of the power that had been supplied via the Unit Auxiliary Transformer (UAT).

Mandated apparently for instability reasons: reactor was at power, but recirculation flow is lost when SAT is lost.

With loss of power from both SAT and UAT, all offsite power to Unit 2 is now lost. Unit 1 did not lose offsite power.

All four EDGs start (two for each unit).

EDGs 3 and 4 on Unit 2 start carrying their loads. EDGs 1 and 2 on Unit 1 run unloaded for a while (see 0400, 11/2/2006 below).

1823, 11/1/2006 During this event, SRV 2F spuriously closed twice with the control switch in the on position. The first occurred with reactor pressure at approximately 830 psi for approximately 1.5 minutes. The second occurred with reactor pressure at approximately 927 psi for approximately 1 minute.

Engineering performed a fault tree analysis of this condition and all active components which were identified as having the potential to cause the failure were replaced.

(This is not deemed to have affected the event progression significantly.)

0400, 11/2/2006 EDGs 1 and 2 continued to run unloaded, per design, until, at approximately 0400 EST on November 2, 2006 (i.e., after approximately 9 hours1.041667e-4 days <br />0.0025 hours <br />1.488095e-5 weeks <br />3.4245e-6 months <br /> and 37 minutes of run time), EDG 1 tripped.

EDGs 3 and 4 were unaffected by the tripping of EDG 1 and continued to supply the Unit 2 emergency busses until offsite power was restored to the Unit 2 emergency busses via backfeed through the UAT.

1745, 11/2/2006 Offsite power was restored to Unit 2 via backfeed through the UAT.

Although actions could have been taken to establish the backfeed faster, to ensure personnel safety, a clearance was developed which specifically accounted for existing plant conditions.

A-1 May 28, 2008

LER 324/06-001 APPENDIX B EVENT TREE WITH DOMINANT SEQUENCE HIGHLIGHTED Figure 1. Loss of condenser heat sink event tree with dominant sequence highlighted.

B-1 May 28, 2008

LER 324/06-001 APPENDIX C OFFSITE POWER RECOVERY MODELING Background. The time required to restore offsite power to plant emergency equipment is a significant factor in modeling the CCDP given a LOOP. SPAR LOOP/SBO models include various sequence-specific ac power recovery factors that are based on the time available to recover power to prevent core damage. For a sequence involving failure of all of the cooling sources, only about 30 minutes would be available to recover power to help avoid core damage.

On the other hand, sequences involving successful early inventory control and decay heat removal, but failure of long-term decay heat removal, would accommodate several hours to recover ac power prior to core damage.

In this analysis, offsite power recovery probabilities are based on (1) known information about when offsite power was available to be restored to Unit 2 emergency busses and (2) estimated probabilities of failing to realign power to emergency busses for times after offsite power was available to be restored to the Unit 2 emergency busses.

Failure to recover offsite power to the Unit 2 plant safety-related loads (if needed because EDGs 3 and 4 fail to supply the loads), could result from (1) operators failing to restore proper breaker line-ups, (2) breakers failing to close on demand, or (3) a combination of operator and breaker failures. The dominant contributor to failure to recover offsite power to plant safety-related loads in this situation is operators failing to restore proper breaker line-ups. The SPAR human error model (Reference 4) and guidance from the RASP Handbook (Reference 5) was used to estimate nonrecovery probabilities as a function of time given the immediate availability to backfeed offsite power from Unit 1. The best estimate analysis assumes that at least 30 minutes are necessary to restore offsite power to emergency busses given offsite power is available via the backfeed from Unit 1.

Human Error Modeling. The SPAR human error model generally considers the following three factors:

Probability of failure to diagnose the need for action Probability of failure to successfully perform the desired action Dependency on other operator actions involved in the specific sequence of interest This analysis assumes no probability of failure to diagnose the need to recover ac power and no dependency between operator performance of the power recovery task and any other task the operators may need to perform. Thus, each estimated ac power nonrecovery probability is based solely on the probability of failure to successfully perform the desired action.

The probability of failure to perform an action is the product of a nominal failure probability (1.0x10-3) and the following eight performance shaping factors (PSFs):

Available time Stress Complexity Experience/training Procedures Ergonomics Fitness for duty Work processes C-1 May 28, 2008

LER 324/06-001 For each ac power nonrecovery probability, the PSF for available time is assigned a value of 10 if the time available to perform the action is approximately equal to the time required to perform the action, 1.0 if the time available is between 2 and 5 times the time required, and 0.1 if the time available is greater than 5 times the time required. If the time available is inadequate (i.e.,

less than the time to restoration of power to the switchyard plus 30 minutes for the best estimate), the ac power nonrecovery probability is 1.0 (TRUE).

The PSF for stress is assigned a value of 2 (corresponding to high stress) for all ac power nonrecovery probabilities. Factors considered in assigning this PSF include the sudden onset of the LOOP initiating event, the existence of compounding equipment failures (ac power recovery is needed only if one or more emergency busses are not powered by EDGs), and the operators knowledge of power availability and crosstie capability from Unit 1.2 For all of the ac power nonrecovery probabilities, the PSF for complexity is assigned a value of 5 (corresponding to highly complex) based on the need for multiple breaker alignments and verifications in and outside the control room.

For all of the ac power nonrecovery probabilities, the PSFs for experience/training, procedures, ergonomics, fitness for duty, and work processes are assumed to be nominal (i.e., are assigned values of 1.0). Table B-1 shows results of the above guidance for the basic events introduced to address recovery in this analysis.

Table B-1. AC Power Nonrecovery Probabilities.

HRA Basic Event Name Event Description/

Shaping Factor Distribution Type/

PSF Probability/

Percentage Initial/

Multiplier OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 30 MINUTES Constrained Noninformative 1.0E-1 Action is modeled.

1.0E-3 Available Time Just Enough Time 100%

10 Stress/Stressors High 100%

2.0 Complexity Highly Complex 100%

5.0 Experience/Training Nominal 100%

1.0 Procedures Nominal 100%

1.0 Ergonomics/HMI Nominal 100%

1.0 Fitness for Duty Nominal 100%

1.0 Work Processes Nominal 100%

1.0 OEP-XHE-XL-NR30M Remarks: HEP value adjusted due to three negative PSFs. Dependency is not modeled.

2 Sensitivity studies indicate that modifying the PSF for stress has minimal impact on the overall CCDP for this analysis/

C-2 May 28, 2008

LER 324/06-001 HRA Basic Event Name Event Description/

Shaping Factor Distribution Type/

PSF Probability/

Percentage Initial/

Multiplier OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 1 HOUR Constrained Noninformative 1.0E-2 Action is modeled.

1.0E-3 Available Time Nominal Time 100%

1.0 Stress/Stressors High 100%

2.0 Complexity Highly Complex 100%

5.0 Experience/Training Nominal 100%

1.0 Procedures Nominal 100%

1.0 Ergonomics/HMI Nominal 100%

1.0 Fitness for Duty Nominal 100%

1.0 Work Processes Nominal 100%

1.0 OEP-XHE-XL-NR01H Remarks: Dependency is not modeled OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 2 HOURS Constrained Noninformative 1.0E-2 Action is modeled.

1.0E-3 Available Time Nominal Time 100%

1.0 Stress/Stressors High 100%

5.0 Complexity Highly complex 100%

5.0 Experience/Training Nominal 100%

1.0 Procedures Nominal 100%

1.0 Ergonomics/HMI Nominal 100%

1.0 Fitness for Duty Nominal 100%

1.0 Work Processes Nominal 100%

1.0 OEP-XHE-XL-NR02H Remarks: Dependency is not modeled OPERATOR FAILS TO RECOVER OFFSITE POWER WITHIN 10 HOURS Constrained Noninformative 1.0E-3 Action is modeled.

1.0E-3 Available Time Extra Time (>5x) 100%

0.1 Stress/Stressors High 100%

5.0 Complexity Highly Complex 100%

5.0 Experience/Training Nominal 100%

1.0 Procedures Nominal 100%

1.0 Ergonomics/HMI Nominal 100%

1.0 Fitness for Duty Nominal 100%

1.0 Work Processes Nominal 100%

1.0 OEP-XHE-XL-NR10H Remarks: Dependency is not modeled C-3 May 28, 2008

LER 324/06-001 APPENDIX D BEST ESTIMATE GEM RUN I N I T I A T I N G E V E N T A S S E S S M E N T Code Ver : 7:27 Fam : BRU2_3P Model Ver : 2008/04/21 User : INL Init Event: IE-LOOP Ev ID: BEST-ESTIMATE Total CCDP: 5.2E-006 Point Estimate Mean CCDP : 5.6E-006 Desc : Unit 2 LOOP with failure of Unit 1 EDG to run.

BASIC EVENT CHANGES Event Name Description Base Prob Curr Prob Type DUAL-UNIT-LOOP MULTIPLE UNIT LOOP HAS OCCUR 5.8E-001 +0.0E+000 FALSE EPS-DGN-TM-DG1 DIESEL GENERATOR 1 UNAVAILAB 1.2E-002 1.0E+000 TRUE IE-IORV INADVERTENT OPEN RELIEF VALV 2.0E-002 +0.0E+000 IE-ISL-RHR ISLOCA IE 2-MOV RHR interfac 4.0E-006 +0.0E+000 IE-LLOCA LARGE LOCA 1.0E-005 +0.0E+000 IE-LOAC-E3 LOSS OF AC BUS E3 4.5E-003 +0.0E+000 IE-LOAC-E4 LOSS OF AC BUS E4 4.5E-003 +0.0E+000 IE-LOCHS LOSS OF CONDENSER HEAT SINK 2.0E-001 +0.0E+000 IE-LOIA LOSS OF INSTRUMENT AIR SYST 1.0E-002 +0.0E+000 IE-LOMFW LOSS OF FEEDWATER 1.0E-001 +0.0E+000 IE-LOOP LOSS OF OFFSITE POWER +0.0E+000 1.0E+000 IE-MLOCA MEDIUM LOCA 1.0E-004 +0.0E+000 IE-RBCCW LOSS OF RBBCW SYSTEM 4.0E-004 +0.0E+000 IE-SLOCA SMALL LOCA 6.0E-004 +0.0E+000 IE-TBCW LOSS OF TBCCW SYSTEM 4.0E-004 +0.0E+000 IE-TCSW LOSS OF CONVENTIONAL SERVIC 2.0E-003 +0.0E+000 IE-TDC2A LOSS OF VITAL DC BUS 1A 6.0E-004 +0.0E+000 IE-TDC2A1 LOSS OF VITAL DC BUS 1A1 6.0E-004 +0.0E+000 IE-TDC2B LOSS OF VITAL DC BUS 2B 6.0E-004 +0.0E+000 IE-TDC2B2 LOSS OF VITAL DC BUS 2B2 6.0E-004 +0.0E+000 IE-TNSW LOSS OF NUCLEAR SERVICE WATE 4.0E-004 +0.0E+000 IE-TRANS GENERAL PLANT TRANSIENT 8.0E-001 +0.0E+000 IE-XLOCA EXCESSIVE LOCA (VESSEL RUPTU 1.0E-007 +0.0E+000 LCS-ICC-HI-031ABCD LEVEL INSTRUMENTS N031-A,B,C +0.0E+000 3.5E-007 OEP-XHE-XL-NR01H OPERATOR FAILS TO RECOVER OF +0.0E+000 2.5E-002 OEP-XHE-XL-NR02H OPERATOR FAILS TO RECOVER OF +0.0E+000 2.5E-002 OEP-XHE-XL-NR10H OPERATOR FAILS TO RECOVER OF +0.0E+000 2.5E-003 OEP-XHE-XL-NR30M OPERATOR FAILS TO RECOVER OF +0.0E+000 2.0E-001 ZV-LOOP-GR-LAMBDA GRID RELATED LOSS OF OFFSITE 1.9E-002 +0.0E+000 ZV-LOOP-PC-LAMBDA PLANT CENTERED LOSS OF OFFSI 2.1E-003 1.0E+000 ZV-LOOP-SC-LAMBDA SWITCHYARD CENTERED LOSS OF 1.0E-002 +0.0E+000 ZV-LOOP-WR-LAMBDA WEATHER RELATED LOSS OF OFFS 4.8E-003 +0.0E+000 D-1 May 28, 2008

LER 324/06-001 SEQUENCE PROBABILITIES Truncation : Cummulative : 95.0% Individual : 1.0%

Event Tree Name Sequence Name CCDP %Cont LOOP 06 2.6E-006 LOOP 25 1.1E-006 LOOP 04 1.0E-006 LOOP 11 2.5E-007 SEQUENCE LOGIC Event Tree Sequence Name Logic LOOP 06 /RPS /EPS

/SRV /HPI SPC /DEP

/LPI CSS CVS LI04 LOOP 25 /RPS /EPS

/SRV HPI DEP LOOP 04 /RPS /EPS

/SRV /HPI SPC /DEP

/LPI CSS

/CVS LI LOOP 11 /RPS /EPS

/SRV /HPI SPC /DEP LPI VA Fault Tree Name Description CSS CONTAINMENT SPRAY CVS CONTAINMENT VENTING DEP MANUAL REACTOR DEPRESS EPS EMERGENCY POWER HPI HIGH PRESSURE INJECTION LI LATE INJECTION LI04 LATE INJECTION AFTER CONTAINMENT FAILURE LPI LOW PRESS COOLANT INJECTION (LCS or LPCI)

RPS REACTOR SHUTDOWN SPC SUPPRESSION POOL COOLING SRV SRV'S CLOSE VA ALTERNATE LOW PRESS INJECTION D-2 May 28, 2008

LER 324/06-001 SEQUENCE CUT SETS Truncation: Cummulative: 100.0% Individual: 1.0%

Event Tree: LOOP CCDP: 2.6E-006 Sequence: 06 CCDP % Cut Set Cut Set Events 6.0E-007 23.22 CVS-AOV-CC-V7 RHR-XHE-XM-ERROR 6.0E-007 23.22 CVS-AOV-CC-V8 RHR-XHE-XM-ERROR 5.0E-007 19.35 CVS-XHE-XM-VENT RHR-XHE-XM-ERROR 2.9E-008 1.13 CVS-AOV-CC-V8 RSW-MOV-CF-68A68B 2.9E-008 1.13 CVS-AOV-CC-V7 NSW-MOV-CF-F101F105 2.9E-008 1.13 CVS-AOV-CC-V7 RHR-MOV-CF-MINF 2.9E-008 1.13 CVS-AOV-CC-V8 NSW-MOV-CF-F101F105 2.9E-008 1.13 CVS-AOV-CC-V8 RHR-MOV-CF-MINF 2.9E-008 1.13 CVS-AOV-CC-V7 RSW-MOV-CF-68A68B Event Tree: LOOP CCDP: 1.1E-006 Sequence: 25 CCDP % Cut Set Cut Set Events 4.4E-007 41.52 DCP-BCH-CF-ALL 1.2E-007 11.27 ACP-TFM-FC-E3E7 ACP-CRB-CC-NORM_E4 1.2E-007 11.27 ACP-CRB-CC-NORM_E3 ACP-TFM-FC-E4E8 5.9E-008 5.58 ADS-XHE-XE-MDEPR LCS-ICC-FC-31A LCS-ICC-FC-31B 5.9E-008 5.58 ADS-XHE-XE-MDEPR LCS-ICC-FC-31C LCS-ICC-FC-31D 2.4E-008 2.25 ACP-CRB-CC-NORM_E3 ACP-BAC-LP-E8 2.4E-008 2.25 ACP-BAC-LP-E7 ACP-CRB-CC-NORM_E4 1.5E-008 1.37 DCP-BAT-CF-ALL 1.4E-008 1.35 DCP-BCH-LP-2A1 DCP-BCH-LP-2B2 1.2E-008 1.13 DCP-BCH-LP-2A1 ACP-XHE-XA-E7E8 ACP-CRB-CC-NORM_E4 1.2E-008 1.13 DCP-BCH-LP-2B2 ACP-CRB-CC-NORM_E3 ACP-XHE-XA-E7E8 Event Tree: LOOP CCDP: 1.0E-006 Sequence: 04 CCDP % Cut Set Cut Set Events 5.0E-007 47.87 RHR-XHE-XM-ERROR OPR-XHE-XM-ALPI1 4.8E-008 4.60 DCP-BCH-LP-2B2 DCP-XHE-XA-ALTDC RHR-SYS-TM-A 3.8E-008 3.68 CRD-MDP-FC-BRUN ACP-BAC-LP-E8 RHR-SYS-TM-A 3.8E-008 3.68 CRD-MDP-FC-ARUN ACP-BAC-LP-E8 RHR-SYS-TM-A 2.4E-008 2.33 OPR-XHE-XM-ALPI1 RSW-MOV-CF-68A68B 2.4E-008 2.33 OPR-XHE-XM-ALPI1 NSW-MOV-CF-F101F105 2.4E-008 2.33 RHR-MOV-CF-MINF OPR-XHE-XM-ALPI1 1.9E-008 1.84 DCP-BAT-LP-2B2 DCP-XHE-XA-ALTDC RHR-SYS-TM-A D-3 May 28, 2008

LER 324/06-001 Event Tree: LOOP CCDP: 2.5E-007 Sequence: 11 CCDP % Cut Set Cut Set Events 1.9E-008 7.58 OPR-XHE-XM-DIVXT EPS-DGN-FR-DG2 EPS-DGN-FR-DG3 LCS-MDP-TM-2B 9.3E-009 3.77 OPR-XHE-XM-DIVXT EPS-DGN-TM-DG2 EPS-DGN-FR-DG3 LCS-MDP-TM-2B 9.3E-009 3.77 OPR-XHE-XM-DIVXT EPS-DGN-FR-DG2 EPS-DGN-TM-DG3 LCS-MDP-TM-2B 7.7E-009 3.13 DCP-BCH-LP-2B2 LCS-MDP-TM-2A RHR-SYS-TM-A 7.2E-009 2.95 EPS-DGN-FR-DG3 DCP-BCH-LP-2B2 ACP-CRB-OO-AG5 7.2E-009 2.95 EPS-DGN-FR-DG3 DCP-BCH-LP-2B2 ACP-CRB-OO-AG0 6.4E-009 2.61 LCS-MDP-TM-2A ACP-XHE-XA-E7E8 RHR-SYS-TM-A ACP-CRB-CC-NORM_E4 3.9E-009 1.57 OPR-XHE-XM-DIVXT EPS-DGN-FR-DG2 EPS-DGN-FS-DG3 LCS-MDP-TM-2B 3.9E-009 1.57 OPR-XHE-XM-DIVXT EPS-DGN-FS-DG2 EPS-DGN-FR-DG3 LCS-MDP-TM-2B 3.7E-009 1.49 OPR-XHE-XM-DIVXT EPS-DGN-FR-DG3 LCS-MDP-TM-2B EPS-FAN-FR-DG2EXHF 3.7E-009 1.49 OPR-XHE-XM-DIVXT EPS-DGN-FR-DG2 LCS-MDP-TM-2B EPS-FAN-FR-DG3EXHG 3.6E-009 1.47 EPS-DGN-TM-DG3 DCP-BCH-LP-2B2 ACP-CRB-OO-AG0 3.6E-009 1.47 EPS-DGN-TM-DG3 DCP-BCH-LP-2B2 ACP-CRB-OO-AG5 3.6E-009 1.47 RSW-MDP-TM-2C DCP-BCH-LP-2B2 ACP-CRB-CC-NORM_E3 3.5E-009 1.42 OPR-XHE-XM-DIVXT EPS-DGN-FR-DG2 EPS-DGN-FR-DG3 LCS-MDP-FS-2B 3.1E-009 1.25 DCP-BAT-LP-2B2 LCS-MDP-TM-2A RHR-SYS-TM-A 2.9E-009 1.18 EPS-DGN-FR-DG3 DCP-BAT-LP-2B2 ACP-CRB-OO-AG5 2.9E-009 1.18 EPS-DGN-FR-DG3 DCP-BAT-LP-2B2 ACP-CRB-OO-AG0 BASIC EVENTS (Cut Sets Only)

Event Name Description Curr Prob ACP-BAC-LP-E7 DIVISION E7 AC POWER BUSES FAIL 9.6E-006 ACP-BAC-LP-E8 DIVISION E8 AC POWER BUSES FAIL 9.6E-006 ACP-CRB-CC-NORM_E3 FAILURE OF BUS E3 NORMAL FEED BREAKER TO OPEN 2.5E-003 ACP-CRB-CC-NORM_E4 FAILURE OF BUS E4 NORMAL FEED BREAKER TO OPEN 2.5E-003 ACP-CRB-OO-AG0 FAILURE OF BUS E1 ALTERNATE FEED BREAKER TO C 2.5E-003 ACP-CRB-OO-AG5 FAILURE OF BUS E3 ALTERNATE FEED BREAKER TO C 2.5E-003 ACP-TFM-FC-E3E7 FAILURE OF 4160/480 VAC TRANSFORMER BETWEEN B 4.8E-005 ACP-TFM-FC-E4E8 FAILURE OF 4160/480 VAC TRANSFORMER BETWEEN B 4.8E-005 ACP-XHE-XA-E7E8 FAILURE TO CROSS-TIE BUSES E7 AND E8 4.0E-002 ADS-XHE-XE-MDEPR OPERATOR FAILS TO DEPRESSURIZE THE REACTOR 5.0E-004 D-4 May 28, 2008

LER 324/06-001 CRD-MDP-FC-ARUN CRD PUMP A IS RUNNING, PUMP B IS IN STANDBY 5.0E-001 CRD-MDP-FC-BRUN CRD PUMP B IS RUNNING, PUMP A IS IN STANDBY 5.0E-001 CVS-AOV-CC-V7 WETWELL VENT LINE INBD ISOL AOV FAILS TO OPEN 1.2E-003 CVS-AOV-CC-V8 WETWELL VENT LINE OUTBD ISOL AOV FAILS TO OPE 1.2E-003 CVS-XHE-XM-VENT OPERATOR FAILS TO VENT CONTAINMENT 1.0E-003 DCP-BAT-CF-ALL CCF OF 125 VDC BATTERIES 1.5E-008 DCP-BAT-LP-2B2 125V DC BATTERY2B2 FAILS 4.8E-005 DCP-BCH-CF-ALL BATTERY CHARGERS FAIL FROM COMMON CAUSE 4.4E-007 DCP-BCH-LP-2A1 FAILURE OF BATTERY CHARGER 2A1 1.2E-004 DCP-BCH-LP-2B2 FAILURE OF BATTERY CHARGER 2B2 1.2E-004 DCP-XHE-XA-ALTDC FAILURE TO ALIGN ALTERNATE DC SUPPLY 5.0E-002 EPS-DGN-FR-DG2 DIESEL GENERATOR 2 FAILS TO RUN 2.4E-002 EPS-DGN-FR-DG3 DIESEL GENERATOR 3 FAILS TO RUN 2.4E-002 EPS-DGN-FS-DG2 DIESEL GENERATOR 2 FAILS TO START 5.0E-003 EPS-DGN-FS-DG3 DIESEL GENERATOR 3 FAILS TO START 5.0E-003 EPS-DGN-TM-DG2 DIESEL GENERATOR 2 UNAVAILABLE DUE TO TEST AN 1.2E-002 EPS-DGN-TM-DG3 DIESEL GENERATOR 3 UNAVAILABLE DUE TO TEST AN 1.2E-002 EPS-FAN-FR-DG2EXHF FAILURE OF DIESEL GENERATOR 2 EXHAUST FAN (F) 4.8E-003 EPS-FAN-FR-DG3EXHG FAILURE OF DIESEL GENERATOR 3 EXHAUST FAN (G) 4.8E-003 LCS-ICC-FC-31A LEVEL TRANSMITTER B21-LT-N031A FAILS HIGH 1.1E-002 LCS-ICC-FC-31B LEVEL TRANSMITTER B21-LT-N031B FAILS HIGH 1.1E-002 LCS-ICC-FC-31C LEVEL TRANSMITTER B21-LT-N031C FAILS HIGH 1.1E-002 LCS-ICC-FC-31D LEVEL TRANSMITTER B21-LT-N031D FAILS HIGH 1.1E-002 LCS-MDP-FS-2B LCS MDP 2B FAILS TO START 1.5E-003 LCS-MDP-TM-2A LCS MDP 2A UNAVAILABLE DUE TO TEST AND MAINTE 8.0E-003 LCS-MDP-TM-2B LCS MDP 2B UNAVAILABLE DUE TO TEST AND MAINTE 8.0E-003 NSW-MOV-CF-F101F105 CCF OF CSW/NSW SUPPLY VALVES F101/F105 TO RSW 2.4E-005 OPR-XHE-XM-ALPI1 OPERATOR FAILS TO START/CONTROL ALTERNATE LP 1.0E-003 OPR-XHE-XM-DIVXT OPERATOR FAILS TO CROSS-TIE DIVISION BUSES 4.0E-003 RHR-MOV-CF-MINF MINFLOW LINES FAIL FROM COMMON CAUSE 2.4E-005 RHR-SYS-TM-A RHR LOOP A UNAVAILABLE DUE TO TEST AND MAINTE 8.0E-003 RHR-XHE-XM-ERROR OPERATOR FAILS TO START/CONTROL RHR 5.0E-004 RSW-MDP-TM-2C RSW MDP 2C UNAVAILABLE DUE TO TEST AND MAINTE 1.2E-002 RSW-MOV-CF-68A68B CCF - MOVS SW F068A AND SW F068B FAIL TO OPEN 2.4E-005 D-5 May 28, 2008

Retrieved from "https://kanterella.com/w/index.php?title=ML081350025&oldid=5331016"