ML081960523

From kanterella
Jump to navigation Jump to search
NFPA 805 Transition Pilot Plant FAQ 07-0040, Revision 3
ML081960523
Person / Time
Site: Oconee  Duke Energy icon.png
Issue date: 07/14/2008
From: Goforth D
Duke Energy Nuclear
To:
Office of Nuclear Reactor Regulation
References
FAQ 07-0040, Rev 3
Download: ML081960523 (22)
v  d  e


Text

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Plant: Oconee Nuclear Station Date: May 21, 2008

Contact:

David Goforth Phone: (704) 382-2659 Email: djgofort@duke-energy.com Distribution: (NEI Internal Use) 805 TF FPWG RATF RIRWG BWROG PWROG Purpose of FAQ:

The purpose of the FAQ is to clarify the following:

1. The process for selecting equipment and cabling to evaluate for Non-Power Operational (NPO) modes
2. Evaluation of Higher Risk Evolutions to be evaluated during NPO modes
3. The process for analyzing key safety functions in different plant operational states
4. The actions taken beyond the normal fire protection program defense-in-depth actions when a specific key safety function (KSF) is lost. 1 Is this Interpretation of guidance? Yes / No Proposed new guidance not in NEI 04-02? Yes / No Details:

NEI 04-02 guidance needing interpretation (include section, paragraph, and line numbers as applicable):

NEI 04-02 Section 4.3.3 and Appendix F.

Circumstances requiring guidance interpretation or new guidance:

1 According to Section 1.3.1, Nuclear Safety Goal, of NFPA 805, [t]he nuclear safety goal shall be to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition. As stated, this does not mandate a fire risk evaluation comparable to what would be expected during full power. Therefore, it is recognized that, for non-power operations, a risk-informed approach has been developed which addresses what is believed to be (and evidenced through the referenced studies) the most risk-significant POSs during non-power operations when including considerations of fire effects, namely total loss of KSFs. This approach, while compliant with 10 CFR 50.48(c), does not constitute a complete surrogate for a non-power risk evaluation since, under plant-specific conditions (believed to be relatively rare), there may be non-power POSs where less than total loss of a KSF (e.g.,

a reduction in the availability of credited paths [redundancy decrease] such that at least one path still remains), including consideration of fire effects, could result in a risk-significant contribution.

Page 1 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications NEI 04-02, Revision 1, Section 4.3.3 states:

The nuclear safety goal of NFPA 805 requires evaluation of the effects of a fire during any operational mode and plant configuration.

NEI 04-02, Section 4.3.3 further goes on to outline a strategy To demonstrate that the nuclear safety performance criteria are met for High Risk Evolutions (HREs as defined by NUMARC 91-06) during non-power operational modes The strategy as described was endorsed in Regulatory Guide 1.205. However, the use of the term Higher Risk Evolutions (HRE), as defined in NUMARC 91-06, may not be completely appropriate in this context or provide enough explanation as to what HRE need to be considered during this NPO modes transition review, NUMARC 91-06 defines a HRE as:

Outage activities, plant configurations or conditions during shutdown where the plant is more susceptible to an event causing the loss of a key safety function.

NUMARC 91-06 provides a suggested method for the management of Key Safety Functions during outages. The method is based on providing greater defense-in-depth during higher risk evolutions. The method does not focus on the event that may cause the degradation of a KSF, rather it is focused on the availability of systems (pre event). The following sections of NUMARC 91-06 illustrate that focus:

3.0 OUTAGE PLANNING AND CONTROL Outage safety can be improved by focusing on the AVAILABILITY of systems that provide and support KEY SAFETY FUNCTIONS as well as on measures that can reduce both the likelihood and consequences of adverse events.

3.2 Level of Activities Guidelines

3. Activities that may impact KEY SAFETY FUNCTIONS should be limited and strictly controlled during HIGHER RISK EVOLUTIONS or infrequently performed evolutions.
4. Outage planning and execution should consider the potential introduction of hazards (e.g., fire, flooding, etc.) posed by the level and/or scope of activities in a given area of the plant and establish compensatory measures as appropriate.

Page 2 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications 3.3 Providing Defense in Depth A fundamental element of outage planning and control is to ensure that the systems and components that perform KEY SAFETY FUNCTIONS during shutdown are AVAILABLE when needed. The objectives are to provide backup for KEY SAFETY FUNCTIONS, particularly during HIGHER RISK EVOLUTIONS, to optimize safety system AVAILABILITY, to provide administrative controls that support the FUNCTIONALITY of key equipment, and to provide procedures designed to mitigate the loss of KEY SAFETY FUNCTIONS.

Guidelines 4 Systems, structures and components identified to provide DEFENSE IN DEPTH during periods of the outage should be controlled such that they remain AVAILABLE during these periods.

3.4 Contingency Planning The AVAILABILITY of equipment and personnel to respond to degraded conditions during an outage is an important element of shutdown safety.

CONTINGENCY PLANS can be used to reestablish DEFENSE IN DEPTH if planned systems or equipment become unavailable or to protect AVAILABLE equipment. In general, as the level of planned DEFENSE IN DEPTH decreases, the use of CONTINGENCY PLANS should increase. CONTINGENCY PLANS may take the form of mandatory prerequisite activities, procedures, pre-outage schedules or changes to the schedule during the outage, or other approved direction.

Consistent with the guidance provided in NUMARC 91-06, the following process will assess the effects of a fire on the ability to maintain KSFs during the outage. The process is risk-informed to the extent that the strategies will be based on the available equipment and whether the plant is in a higher risk evolution.

Therefore, the strategy defined in NEI 04-02 will be fire risk-informed since contingency plans will be put in place when the plant is in a HRE. During low risk periods normal risk management controls and fire protection processes and procedures will be utilized.

Detail contentious points if licensee and NRC have not reached consensus on the facts and circumstances:

None Potentially relevant existing FAQ numbers:

Page 3 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications None Response Section:

Proposed resolution of FAQ and the basis for the proposal:

1. Equipment and Cable Selection Process The following discussion provides the basis for identifying which plant configurations during NPO may prove to be more risk significant 2. These configurations will be reviewed during this transition review for the purposes of selecting the systems and equipment that will be needed to support these configurations and maintain the key safety functions required while the plant is in that configuration.

Many studies have been performed to characterize the risk associated with non-power states. Using Core Damage Frequency (CDF) as a risk metric, it is accepted that most outage configurations or POSs are of relatively low risk and that only a few configurations or POSs represent a risk near or greater than at-power operations.

NUREG/CR-6143 and NUREG/CR-6144 NUREG/CR-6143 and 6144 document Low Power and Shutdown (LPSD) risk studies performed in the early 1990s. NUREG/CR-6143 evaluated BWR risk using Grand Gulf Unit 1 as the study plant, while NUREG/CR-6144 evaluated PWR risk using Surry Unit 1.

In Phase 1 of the studies, a coarse screening analysis was performed to examine accidents initiated by internal events (including fire and flooding) for all POSs. The objective of the Phase 1 study was to identify potentially vulnerable plant configurations, to characterize the potential core damage scenarios and to provide a foundation for a detailed phase 2 analysis.

Based on the results of the Phase 1 study, the Phase 2 analysis focused on POS 5 for BWRs, which covers approximately Cold Shutdown as defined by the Grand Gulf Tech Specs. For PWRs, mid-loop operation was selected as the plant configuration to be analyzed. Thus, it can be seen that these two plant configurations are clearly important with respect to risk during LPSD conditions.

NRC Public LPSD Workshop - 1999 The NRC sponsored a public LPSD workshop in 1999 to gather information regarding LPSD risk. A summary of the results of the workshop and presentations provided by the industry and NRC are contained in Sandia Report SAND99-1815.

Some excerpts are provided below:

2 Only NUREG/CR-6143 and 6144 considered fire risk (at a coarse screening level)

Page 4 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Westinghouse Experience and Insights from Shutdown Risk Projects LPSD risk was dominated by events related to low reactor coolant system (RCS) inventory conditions and a few periods of high vulnerability.

Scientech Presentation on Shutdown Risk Monitoring LPSD CDF is less than, but comparable to full-power CDF. In some cases, instantaneous risk may be higher in LPSD than at-power, but only for very short durations. Most of the risk is associated with low inventory conditions early in the outage.

Shutdown Risk Assessment at Seabrook Station The mean CDF is numerically comparable to full-power CDF, although of higher uncertainty. However, estimates for health effects (i.e., Level 3) were negligible. It was recommended that high thermal margin configurations be considered for screening.

CDF from internal events is 88% of total LPSD CDF Loss of RHR with RCS at low level 71%

Loss of RHR with RCS filled 11%

LOCA (RCS Drain down event) 18%

Risk Perspective from EPRI For both BWR and PWR analyses, the LPSD risk is dominated by peak risk periods characterized by relatively high instantaneous risk over short periods of time early during the outage. The risk contribution of these peaks to the entire outage risk was greater than 80%, for both BWRs and PWRs. The dominant contributor to risk is human error (50%).

Example BWR Results Outage Average CDF 4.9E-6/yr Peak CDF 6.1E-5/yr Minimum CDF 4.4E-7/yr Ratio of Peak to Min ~140 Outage Core Damage Probability (cumulative risk) 6.5E-7 Peak Risk Core Damage Probability (CDP) 5.5E-7 Example PWR Results Page 5 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Outage Average CDF 1.8E-4/yr Peak CDF 1.0E-3/yr Minimum CDF 7.0E-7/yr Ratio of Peak to Min ~1400 Outage Core Damage Probability (cumulative risk) 2.2E-5 Peak Risk Core Damage Probability (CDP) 1.9E-5 NRC Shutdown SDP Process Inspection Manual IM0609, Appendix G, describes the NRC Shutdown SDP process. It acknowledges step increases in risk for PWRs when (1) the RCS boundary is breached and the steam generators cannot be used for DHR, and (2) during midloop conditions. For BWRs, it is recognized that a step increase occurs during cold shutdown.

The following simplified POSs are defined in IM0609, Appendix G; they will be used to describe the recommended actions with respect to NFPA 805.

PWR [IM0609, Appendix G Attachment 2]

POS 1 - This POS starts when the RHR system is put into service. The RCS is closed such that a steam generator could be used for decay heat removal, if the secondary side of a steam generator is filled. The RCS may have a bubble in the pressurizer. This POS ends when the RCS is vented such that the steam generators cannot sustain core heat removal. This POS typically includes Mode 4 (hot shutdown) and portions of Mode 5 (cold shutdown).

POS 2 - This POS starts when the RCS is vented such that: (1) the steam generators cannot sustain core heat removal and (2) a sufficient vent path exists for feed and bleed. This POS includes portions of Mode 5 (cold shutdown) and Mode 6 (refueling). Reduced inventory operations and midloop operations with a vented RCS are subsets of this POS.

POS 3 - This POS represents the shutdown condition when the refueling cavity water level is at or above the minimum level required for movement of irradiated fuel assemblies within containment as defined by Technical Specifications. This POS occurs during Mode 6.

Page 6 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications BWR [IM0609, Appendix G Attachment 3]

POS 1 - This POS starts when the RHR system is put into service. The vessel head is on and the RCS is closed such that an extended loss of the DHR function without operator intervention could result in a RCS re-pressurization above the shutoff head for the RHR pumps.

POS 2 - This POS represents the shutdown condition when (1) the vessel head is removed and reactor pressure vessel water level is less than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as defined by Technical Specifications OR (2) a sufficient RCS vent path exists for decay heat removal.

POS 3 - This POS represents the shutdown condition when the reactor pressure vessel water level is equal or greater than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as define by Technical Specifications. This POS occurs during Mode 5.

Plant Operating States to be Considered Based on the studies cited above and the understanding that LPSD risk is concentrated in only certain POSs, the strategy will be to focus on those POSs where additional risk management contingencies may need to be applied.

Tables 1 and 2 (Tables F-2 and F-3 of the proposed NEI 04-02 markup) define the POSs that a plant will go through during NPO modes, and provides a disposition of the POSs with respect to selecting systems and equipment that will be needed to support these configurations. For other non-power conditions (e.g., PWR Mode 3, BWR Startup Mode 2), it is recommended that the at-power process be used, since it should generally be bounding.

Table 1 - PWR POS Disposition for Equipment Selection POS / Configuration Disposition Discussion POS 1 with SG Heat No additional reviews In this POS, if SGs are available in addition Removal Available required under NEI 04-02, to RHR, significant redundancy and diversity Section 4.3.3 based upon exists for heat removal. Just having previous risk reviews. inventory in the SGs can provide substantial Provide appropriate fire passive heat removal, providing additional protection/fire prevention time to recover other heat removal methods.

Inventory control is not generally challenged during this POS.

Page 7 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table 1 - PWR POS Disposition for Equipment Selection POS / Configuration Disposition Discussion POS 1 with SG Heat Perform actions per NEI Without SG Heat Removal capability, heat Removal Unavailable 04-02, Section 4.3.3 removal is limited to RHR and potentially

[Consider limiting to bleed and feed. RCS pressurization on loss configurations where of heat removal could render RHR time to boil is less unavailable due to high pressure.

than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> and/or Activities in this POS often involve changing RCS level is being RCS level. During RCS level changes, the changed] likelihood of loss of inventory control is higher, challenging the inventory control safety function.

POS 2 Perform actions per NEI This is the generally the highest risk 04-02, Section 4.3.3. configuration/POS for a PWR. Due to low inventory, times to boil and damage are low, typically on the order of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> or less.

POS 3 Evaluate potential RCS During this POS, substantial inventory exists drain paths that could be to cope with an extended loss of active heat affected by fire removal. Times to boil are often on the order of 16 or more hours. However, fire induced RCS draindown events can reduce margins substantially.

Table 2 - BWR POS Disposition for Equipment Selection POS / Configuration Disposition Discussion POS 1 Perform actions per NEI Inventory control is not generally 04-02, Section 4.3.3. challenged during this POS. However, loss of RHR could lead to a re-pressurized condition and there could be situations where the unavailability of high pressure injections systems from service could limit the mitigation capabilities.

POS 2 Perform actions per NEI This is generally a period of relatively high 04-02, Section 4.3.3. risk in a BWR especially early in the outage when the decay heat is still relatively high.

POS 3 Evaluate potential RV During this POS, substantial inventory drain paths that could be exists to cope with an extended loss of affected by fire active heat removal. Times to core boil damage are often on the order of 16 or more hours. However, induced RV draindown events can reduce margins substantially.

Page 8 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications

2. Higher Risk Evolutions As previously noted, NUMARC 91-06 provides a definition for higher risk evolutions, but this definition lacks sufficient enough explanation as to what evolutions should be considered during the performance of a NPO review. While this definition provides a basic framework for identifying higher risk evolutions, plants may have expanded on this definition and included it in their outage management procedures.

While each plant may be unique in its specific definition of what a higher risk evolution is, the following attributes should be considered in their definition of a higher risk evolution:

  • Time to core boil
  • Decay heat removal capability If appropriate, provide proposed rewording of guidance for inclusion in the next Revision:

See revisions to NEI 04-02 Section 4.3.3 and Appendix F below.

Page 9 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications 4.3.3 Non-Power Operational Modes Transition Review The nuclear safety goal of NFPA 805 requires the evaluation of the effects of a fire during any operational mode and plant configuration. The concept of protection of equipment from the effects of fire during plant shutdown conditions is discussed in NUREG-1449, Shutdown and Low-Power Operation at Commercial Nuclear Power Plants in the United States. In general, the underlying concerns are the differences between the functional requirements (i.e. different (or additional) set of systems and components) and time dependencies on decay heat removal system operation during non-power operations and full power operations. The current industry approach for evaluating risk during shutdown conditions involves the normal fire protection program defense-in-depth actions as well as qualitative and/or quantitative assessments and is based on NUMARC 93-01, Industry Guideline for Monitoring the Effectiveness of Maintenance at Nuclear Power Plants and NUMARC 91-06, Guidelines for Industry Actions to Assess Shutdown Management.

Appendix F provides additional discussion on the Non-Power Operational (NPO) Mode Transition Review, details of the Plant Operational States to be evaluated, and provides examples of this process and the documentation requirements anticipated.

========================================================

F. Considerations for Non-Power Operational Modes The strategy for controls/protection of equipment during Non-Power Operational (NPO) modes, for plants adopting NFPA 805, will be a combination of the normal fire protection program defense-in-depth actions and additional risk-informed steps based on the availability of systems and equipment needed to support Key Safety Functions (KSFs) and whether or not the plant is in a Higher Risk Evolution (HRE). The goal (as depicted in Figure F-2) is to ensure that contingency plans are established when the plant is in a HRE, and there is the possibility of losing a KSF due to fire. Additional controls/measures will be evaluated during a NPO mode where the risk is intrinsically high 3; during low risk periods normal risk management controls and fire prevention / protection processes and procedures will be utilized.4 These additional control/measures are discussed in Section F.4.

The process to demonstrate that the nuclear safety performance criteria are met during non-power modes of operations involves the following steps:

3 According to Section 1.3.1, Nuclear Safety Goal, of NFPA 805, [t]he nuclear safety goal shall be to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition. As stated, this does not mandate a fire risk evaluation comparable to what would be expected during full power. Therefore, it is recognized that, for non-power operations, a risk-informed approach has been developed which addresses what is believed to be (and evidenced through the referenced studies) the most risk-significant POSs during non-power operations when including considerations of fire effects, namely total loss of a KSF. As such, these are expected to account for most, if not all, POSs that can be considered higher risk evolutions when considering fire effects. This Deleted: intrinsically high approach, while compliant with 10 CFR 50.48(c), does not constitute a complete surrogate for a non-power risk evaluation since, under plant-specific conditions (believed to be relatively rare), there may be non-power POSs where less than total loss of a KSF Deleted:

(e.g., a reduction in the availability of credited paths [redundancy decrease] such that at least one path still remains), including consideration of fire effects, could result in a risk-significant contribution.

4 If an HRE is in progress additional controls/measures should be evaluated.

Page 10 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications

1. Review existing Outage Management Processes
2. Identify Components/Cables
a. Review plant systems to determine success paths that support each of the defense-in-depth KSFs, and then
b. Identify cables required for the selected components and then determine their routing
3. Perform Fire Area Assessments (identify pinch points)
4. Manage risk associated with fire-induced vulnerabilities during the outage These steps are described in sections F.1 through F.4 below and the process is depicted on Figures F-1 and F-2. Implementation of the process should be documented in Table F-1.

F.1 Review existing Outage Management Processes To begin the process of assessing the fire protection plan for non-power modes of operation, discussions should be held between the Probabilistic Risk Assessment (PRA) Staff, the Fire Protection, and the Outage Management staff to determine the best way to integrate NFPA 805 fire protection aspects into existing Outage Management Processes.

Included in this review should be a definition of what will be considered an HRE, if not already defined in plant outage management procedures. The HRE definition should consider the following:

Time to boil Reactor coolant system and fuel pool inventory Decay heat removal capability In accordance with NUMARC 91-06 Activities that may impact KSFs should be limited and strictly controlled during HREs or infrequently performed evolutions.5 F.2 Identify Components and Cables The identification of systems and components to be included in this NPO Review begins with the identification of the plant operational states (POSs) that need to be considered. The following discussion identifies the various operational states that a plant goes through during NPO, and which ones are the most risk significant. The definitions of the following simplified POSs are 5

According to Section 1.3.1, Nuclear Safety Goal, of NFPA 805, [t]he nuclear safety goal shall be to provide reasonable assurance that a fire during any operational mode and plant configuration will not prevent the plant from achieving and maintaining the fuel in a safe and stable condition. As stated, this does not mandate a fire risk evaluation comparable to what would be expected during full power. Therefore, it is recognized that, for non-power operations, a risk-informed approach has been developed which addresses what is believed to be (and evidenced through the referenced studies) the most risk-significant POSs during non-power operations when including considerations of fire effects, namely total loss of a KSF. As such, these are expected to account for most, if not all, POSs that can be considered higher risk evolutions when considering fire effects. This Deleted: intrinsically high approach, while compliant with 10 CFR 50.48(c), does not constitute a complete surrogate for a non-power risk evaluation since, under plant-specific conditions (believed to be relatively rare), there may be non-power POSs where less than total loss of a KSF Deleted:

(e.g., a reduction in the availability of credited paths [redundancy decrease] such that at least one path still remains), including consideration of fire effects, could result in a risk-significant contribution.

Page 11 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications contained in NRC Inspection Manual IM0609, Appendix G, Attachment 2, Phase 2 Significance Determination Process Template for PWR During Shutdown, and are included here for use in reading Tables F-2 and F-3.

Pressurized Water Reactor (PWR) [IM0609, Appendix G Attachment 2]

POS 1 - This POS starts when the RHR system is put into service. The RCS is closed such that a steam generator could be used for decay heat removal, if the secondary side of a steam generator is filled. The RCS may have a bubble in the pressurizer. This POS ends when the RCS is vented such that the steam generators cannot sustain core heat removal. This POS typically includes Mode 4 (hot shutdown) and portions of Mode 5 (cold shutdown).

POS 2 - This POS starts when the RCS is vented such that: (1) the steam generators cannot sustain core heat removal and (2) a sufficient vent path exists for feed and bleed. This POS includes portions of Mode 5 (cold shutdown) and Mode 6 (refueling). Reduced inventory operations and midloop operations with a vented RCS are subsets of this POS.

POS 3 - This POS represents the shutdown condition when the refueling cavity water level is at or above the minimum level required for movement of irradiated fuel assemblies within containment as defined by Technical Specifications. This POS occurs during Mode 6.

Boiling Water Reactor (BWR) [IM0609, Appendix G Attachment 3]

POS 1 - This POS starts when the RHR system is put into service. The vessel head is on and the RCS is closed such that an extended loss of the DHR function without operator intervention could result in a RCS re-pressurization above the shutoff head for the RHR pumps.

POS 2 - This POS represents the shutdown condition when (1) the vessel head is removed and reactor pressure vessel water level is less than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as defined by Technical Specifications OR (2) a sufficient RCS vent path exists for decay heat removal.

POS 3 - This POS represents the shutdown condition when the reactor pressure vessel water level is equal or greater than the minimum level required for movement of irradiated fuel assemblies within the reactor pressure vessel as define by Technical Specifications. This POS occurs during Mode 5.

Disposition of the POSs (to determine which POSs require the identification of systems and components to support KSF) are provided in Tables F-2 and F-3. For other non-power conditions (e.g., PWR Mode 3, BWR Startup Mode 2), it is recommended that the normal fire protection program controls, processes and procedures be used.

Page 12 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table F PWR POS Disposition For Equipment Selection POS / Configuration Disposition Discussion POS 1 with SG Heat No additional In this POS, if SGs are available in addition to Removal Available reviews required RHR, significant redundancy and diversity exists under NEI 04-02, for heat removal. Just having inventory in the Section 4.3.3 based SGs can provide substantial passive heat upon previous risk removal, providing additional time to recover other reviews. heat removal methods.

Provide appropriate Inventory control is not generally challenged Deleted: normal fire protection and fire protection during this POS. prevention practices apply)

/prevention POS 1 with SG Heat Perform actions per Without SG Heat Removal capability, heat Removal Unavailable NEI 04-02, Section removal is limited to RHR and potentially bleed

[Consider limiting to 4.3.3 and feed. RCS pressurization on loss of heat configurations where time removal could render RHR unavailable due to to boil is less than 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> high pressure.

and/or RCS level is being Activities in this POS often involve changing RCS changed] level. During RCS level changes, the likelihood of loss of inventory control is higher, challenging the inventory control safety function.

POS 2 Perform actions per This is the generally the highest risk NEI 04-02, Section configuration/POS for a PWR. Due to low 4.3.3. inventory, times to core boil are low, typically on the order of 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> or less.

POS 3 Evaluate potential During this POS, substantial inventory exists to RCS drain paths that cope with an extended loss of active heat could be affected by removal. Times to boil are often on the order of fire 16 or more hours. However, fire induced RCS draindown events can reduce margins substantially.

Table F BWR POS Disposition For Equipment Selection POS / Configuration Disposition Discussion POS 1 Perform actions per Inventory control is not generally challenged NEI 04-02, Section during this POS. However, loss of RHR could 4.3.3. lead to a re-pressurized condition and there could be situations where the unavailability of high pressure injections systems from service could limit the mitigation capabilities.

POS 2 Perform actions per This is generally a period of relatively high risk in NEI 04-02, Section a BWR especially early in the outage when the 4.3.3. decay heat is still relatively high.

Page 13 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table F BWR POS Disposition For Equipment Selection POS / Configuration Disposition Discussion POS 3 Evaluate potential RV During this POS, substantial inventory exists to drain paths that could cope with an extended loss of active heat be affected by fire removal. Times to boil are often on the order of 16 or more hours. However, induced RV draindown events can reduce margins substantially.

After identifying the POSs that require additional equipment evaluation for inclusion in the NPO review:

Review existing plant outage processes (outage management and outage risk assessments) to determine KSFs that support the POSs of concern.

Determine equipment relied upon to provide KSFs, including support functions, during the POSs to be evaluated. Each outage evolution identifies the diverse and/or redundant methods of achieving the KSF. For example, to achieve the Decay Heat Removal KSF a plant may credit Decay Heat Removal/Residual Heat Removal Train A, Decay Heat Removal/Residual Heat Removal Train B, Charging/High Pressure Injection Train A, Deleted: A Charging/High Pressure Injection Train B, and Gravity Feed and Chemical and Volume Control.

Compare the equipment credited for achieving these KSFs against the equipment credited for nuclear safety. Note the position/function for the component. For example, the existing nuclear safety capability assessment (i.e., safe shutdown analysis for demonstrating compliance with 10 CFR 50, Appendix R/NUREG-0800) may credit the valve in the closed position however; the valve may be required open for shutdown modes of operation.

For those components not already credited (or credited in a different way e.g., on versus off, open versus closed, etc.) analyze the circuits in accordance with the nuclear safety methodology. Identify cables that need to be included in the NPO review.

For cables that are not already credited in the nuclear safety capability assessment, determine the routing for these cables.

F.3 Perform Fire Area Assessments (Identify pinch points)

Identify locations where:

1. Fires may cause damage to the equipment (and cabling) credited above, or
2. KSFs are achieved solely by crediting recovery actions, e.g., alignment of gravity feed.

Fire modeling may be used to determine if postulated fires in a fire area are expected to damage equipment (and cabling) thereby eliminating a pinch point.

To implement this guidance perform the following Tasks:

Determine if a single fire in the area can cause a loss of success paths for a KSF.

Page 14 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications o Conservatively, assume the entire contents of a fire area are lost. Document the loss of success paths. Specifically identify those areas that cause the loss of all success paths for a KSF.

o If fire modeling is used to limit the damage in a fire area, document that fire modeling is credited and ensure the basis for acceptability of that model (location, type, and quantity of combustible, etc.) is documented. These critical design inputs should be maintained during outage modes. Fire modeling treatment should include a treatment of safety margin to account for uncertainties/accuracy of the fire model used.

F.4 Manage risk associated with fire-induced vulnerabilities during the outage The management of risk associated with fire-induced vulnerabilities during NPO varies based on whether or not the plant is in a Higher Risk Evolution as follows:

During those NPO evolutions where risk is relatively low.

The normal fire protection program defense-in-depth actions are credited for addressing the risk impact of those fires that potentially impact one or more trains of equipment that provide a KSF required during non-power operations, but would not be expected to cause the total loss of that KSF. The following actions are considered to be adequate to address minor losses of system capability or redundancy:

o Control of Ignition Sources Hot Work (cutting, welding and/or grinding)

Temporary Electrical Installations Electric portable space heaters o Control of Combustibles Transient fire hazards Modifications Flammable and Combustible liquids and gases o Compensatory Actions for fire protection system impairments Openings in fire barriers Inoperable fire detectors or detection systems Inoperable fire suppression systems o Housekeeping Ensure that the normal fire protection defense-in-depth features are applicable during NPO modes.

During those NPO evolutions that are defined as HREs Additional fire protection defense in depth measures will be taken during HREs by:

o Managing risk in fire areas that contain known pinch points (all success paths for a KSF subject to damage by a fire).

o Managing risk in fire areas where pinch points may arise because of equipment taken out of service Page 15 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications NUMARC 91-06 discusses the development of outage plans and schedules. A key element of that process is to ensure the KSFs perform as needed during the various outage evolutions. During outage planning, the NPO Fire Area Assessment should be reviewed to identify areas of single-point KSF vulnerability during higher risk evolutions to develop any needed contingency plans/actions. For those areas consider combinations of the following options to reduce fire risk, depending upon the significance of the potential damage:

o Prohibition or limitation of hot work in fire areas during periods of increased vulnerability o Verification of operable detection and /or suppression in the vulnerable areas.

o Prohibition or limitation of combustible materials in fire areas during periods of increased vulnerability o Plant configuration changes (e.g., removing power from equipment once it is placed in its desired position) Deleted: Consideration of removing power from equipment once it is placed o Provision of additional fire patrols at periodic intervals or other appropriate in its desired position to prevent spurious compensatory measures (such as surveillance cameras) during increased vulnerability operation.

o Use of recovery actions to mitigate potential losses of key safety functions.

o Identification and monitoring in-situ ignition sources for fire precursors (e.g.,

equipment temperatures).

o Reschedule the work to a period with lower risk or higher DID In addition, for KSF Equipment removed from service during the HREs the impact should be evaluated based on KSF equipment status and the NPO Fire Area Assessment to develop needed contingency plans/actions.

Page 16 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Review Existing Outage Management F.1 Process For the Plant Operational States Defined in Section F-2, Identify the Key Safety Functions (KSFs) for Review Is the Required Equipment for each identified KSF Included in SSD Analysis?

F.2 No Yes Identify Equipment, Cables Are the Cables and Appropriate Information Analyzed No and Enter into Analytical Appropriate and Database Complete

?

Yes Identify Locations Where a Single Fire F.3 May Damage All Credited Paths for a KSF Figure F-1 Review POSs, KSFs, Components, Cables, and Identify Pinch Points Page 17 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Equipment Out of Service (OOS)

KSF Fire Protection Equipment Defense-in-No Availability Depth Changed? Actions Yes Fire Protection Higher Risk Evolution as Defined by Plant Specific Higher Risk Defense-in-No Outage Risk Criteria for example Evolution? Depth

1) Time to Boil Actions
2) Reactor Coolant System and Fuel Pool Inventory
3) Decay Heat Removal F.4 Yes Determine Fire Area Impact based on NPO Fire Area Assessments Fire Protection KSF Defense-in-No Lost? Depth Actions Yes Implement Contingency Plan for Specific KSF Figure F-2 Manage Risks Page 18 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results The nuclear safety goal is to F.1 Review existing Outage Management Processes Define HREs provide reasonable assurance Define Higher Risk Evolutions (HREs), if not already that a fire during any defined in plant outage management procedures. The operational mode and plant HRE definition should consider the following:

configuration will not prevent o Time to boil the plant from achieving and o Reactor coolant system and fuel pool inventory maintaining the fuel in a safe o Decay heat removal capability and stable condition.

F.2 Identify Components and Cables After identifying POSs that require additional The identification of systems and components to be equipment evaluation for inclusion in the NPO included in this NPO Review begins with the identification review:

of the plant operational states (POSs) that need to be Review existing plant outage processes considered (outage management and outage risk Identify the various operational states that a plant goes assessments) to determine Key Safety through during NPO, and which ones are the most risk Functions (KSFs) that support the POSs of significant. concern.

Determine equipment relied upon to provide KSFs, including support functions, during the POSs to be evaluated.

Compare the equipment credited for achieving these KSFs against the equipment credited for nuclear safety.

Note the position/function for the component For those components not already credited (or credited in a different way e.g., on versus off, open versus closed, etc.)

analyze the circuits in accordance with the nuclear safety methodology. Identify cables that need to be included in the NPO review.

Page 19 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results For cables that are not already credited in the nuclear safety capability assessment, determine the routing for these cables.

F.3 Perform Fire Area Assessments (Identify pinch points) Determine if a single fire in the area can cause a loss of success paths for a KSF.

Identify locations where:

o Conservatively, assume the entire Fires may cause damage to the equipment (and cabling) contents of a fire area are lost.

credited above, or Document the loss of success paths.

KSFs are achieved solely by crediting recovery actions, Specifically identify those areas that Deleted: e e.g., alignment of gravity feed cause the loss of all success paths for a KSF.

Fire modeling may be used to determine if postulated fires in a o If fire modeling is used to limit the fire area are expected to damage equipment (and cabling) damage in a fire area, document that thereby eliminating a pinch point. Fire modeling should fire modeling is credited and ensure the include a treatment of safety margin (MEFS/LFS or other basis for acceptability of that model treatment) to account for uncertainties/accuracy of the fire (location, type, and quantity of model used combustible, etc.) is documented.

These critical design inputs should be maintained during outage modes.

F.4 Manage risks associated with fire-induced vulnerabilities Ensure that the normal fire protection during the outage defense in depth features are applicable during NPO modes.

During those NPO evolutions where risk is relatively low.

The normal fire protection program defense-in-depth actions are credited for addressing the risk impact of those fires that potentially impact one or more trains of equipment that provide a KSF required during non-power operations, but would not be expected to cause the total loss of that KSF. The following actions are considered to be adequate to address minor losses of system capability or redundancy:

o Control of Ignition Sources Page 20 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results Hot Work (cutting, welding and/or grinding)

Temporary Electrical Installations Electric portable space heaters o Control of Combustibles Transient fire hazards Modifications Flammable and Combustible liquids and gases o Compensatory Actions for fire protection system impairments Openings in fire barriers Inoperable fire detectors or detection systems Inoperable fire suppression systems o Housekeeping During those NPO evolutions that are defined as Integrate the results of the analysis HREs performed above into the plants outage management process.

Additional fire protection defense in depth measures To the extent practical pre-plan the options will be taken during HREs by:

for achieving the KSF.

o Managing risk in fire areas that contain known pinch points.

o Managing risk in fire areas where pinch points may arise because of equipment taken out of service NUMARC 91-06 discusses the development of outage plans and schedules. A key element of that process is to ensure the KSFs perform as needed during the various outage evolutions. During outage planning, the NPO Fire Area Assessment should be reviewed to identify areas of single-point KSF vulnerability during higher risk evolutions to develop any needed contingency plans/actions. For those areas consider combinations of the following options to reduce fire Page 21 of 22

FAQ Number 07-0040 FAQ Revision 3 FAQ Title Non-Power Operations Clarifications Table F-1 NFPA 805 - Non-Power Operational Guidance NFPA 805 Requirements Implementing Guidance Process and Results risk depending upon the significance of the potential damage:

o Prohibition or limitation of hot work in fire areas during periods of increased vulnerability o Verification of operable detection and /or suppression in the vulnerable areas.

o Prohibition or limitation of combustible materials in fire areas during periods of increased vulnerability o Plant lineup modifications (removing power from equipment once it is placed in its desired position) o Provision of additional fire patrols at periodic intervals or other appropriate compensatory measures (such as surveillance cameras) during increased vulnerability o Use of recovery actions to mitigate potential losses of key safety functions.

o Identification and monitoring in-situ ignition sources for fire precursors (e.g., equipment temperatures).

o Reschedule the work to a period with lower risk or higher DID.

In addition, for KSF Equipment removed from service during the HREs the impact should be evaluated based on KSF equipment status and the NPO Fire Area Assessment to develop needed contingency plans/actions.

Page 22 of 22

Retrieved from "https://kanterella.com/w/index.php?title=ML081960523&oldid=2248222"